Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Redirection and multiple ads playing in background

Started by andyk68 , Jan 16 2012 03:41 AM

  • Please log in to reply

#1
andyk68
Posted 16 January 2012 - 03:41 AM

andyk68

    Member

  • Member
  • PipPip
  • 53 posts
Hi,
When I switched the pc on after a short time i heard adverts running but nothing looked open. I went into task manager and noticed there were 5 instances of iexplore.exe open under the system name. When I opened internet explorer google loaded ok but some, not all of my searches redirected. The adverts are playing constantly and when i close the process they open straight back up.
I tried the redirect instructions first, otm, tdsskill etc and its still there.

OTL Log:

OTL logfile created on: 16/01/2012 09:18:55 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\fletcb\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1014.07 Mb Total Physical Memory | 349.18 Mb Available Physical Memory | 34.43% Memory free
2.85 Gb Paging File | 2.14 Gb Available in Paging File | 75.19% Paging File free
Paging file location(s): C:\pagefile.sys 2000 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.46 Gb Total Space | 61.45 Gb Free Space | 82.53% Space Free | Partition Type: NTFS
Drive M: | 273.22 Gb Total Space | 46.14 Gb Free Space | 16.89% Space Free | Partition Type: NTFS
Drive N: | 273.22 Gb Total Space | 46.14 Gb Free Space | 16.89% Space Free | Partition Type: NTFS
Drive O: | 273.22 Gb Total Space | 46.14 Gb Free Space | 16.89% Space Free | Partition Type: NTFS
Drive R: | 273.22 Gb Total Space | 46.14 Gb Free Space | 16.89% Space Free | Partition Type: NTFS

Computer Name: ESFWX000081 | User Name: fletcb | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/16 09:18:47 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\fletcb\Desktop\OTL.exe
PRC - [2012/01/03 16:31:34 | 001,391,272 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2011/06/02 12:48:55 | 001,227,952 | ---- | M] () -- C:\WINDOWS\system32\nlnme\NLSAgentSvc.exe
PRC - [2010/07/23 17:52:54 | 000,147,456 | ---- | M] (ExtraSpy) -- C:\Program Files\EM Client\esemc.exe
PRC - [2009/10/07 08:16:50 | 000,472,280 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2009/10/07 08:15:42 | 001,461,080 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2008/04/14 00:12:08 | 001,058,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/15 09:21:55 | 000,397,312 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\avgagent.exe
PRC - [2000/02/24 17:23:44 | 008,810,548 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office\WINWORD.EXE


========== Modules (No Company Name) ==========

MOD - [2011/06/02 12:48:55 | 001,227,952 | ---- | M] () -- C:\WINDOWS\system32\nlnme\NLSAgentSvc.exe
MOD - [1997/09/26 06:30:00 | 000,025,088 | ---- | M] () -- C:\Program Files\WinZip\WZSHLEXT.DLL


========== Win32 Services (SafeList) ==========

SRV - [2011/06/02 12:48:55 | 001,227,952 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\nlnme\NLSAgentSvc.exe -- (NMEmployeesAgent)
SRV - [2009/10/07 08:21:14 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/10/07 08:16:50 | 000,472,280 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2007/08/15 09:21:55 | 000,397,312 | ---- | M] (GRISOFT, s.r.o.) [Auto | Running] -- C:\WINDOWS\avgagent.exe -- (avgagent) AVG7 Remote Support Service (AvgAgent)


========== Driver Services (SafeList) ==========

DRV - [2009/10/07 08:18:36 | 000,035,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2009/10/07 08:12:22 | 000,054,184 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\easdrv.sys -- (easdrv)
DRV - [2009/10/07 08:11:10 | 000,040,824 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2008/05/02 10:58:12 | 000,017,536 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2007/01/17 11:40:13 | 000,017,134 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCANDIS5.sys -- (PCANDIS5)
DRV - [2005/04/01 08:52:46 | 000,132,608 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004/09/17 06:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)



O1 HOSTS File: ([2006/06/22 14:41:27 | 000,000,019 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [ESEMC] C:\Program Files\EM Client\esemc.exe (ExtraSpy)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\fletcb\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www.truprint....rintActivia.cab (Snapfish Activia)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.mail.liv...es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.12.32.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = sfpresto.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8461D909-68AC-4B62-B20D-B65F68F41BAC}: DhcpNameServer = 10.12.32.21
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 16:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{40773d17-5d9b-11df-aae7-00137285c24c}\Shell\AutoRun\command - "" = E:\StartPortableApps.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/16 09:18:32 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\fletcb\Desktop\OTL.exe
[2012/01/16 09:11:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fletcb\Desktop\tdsskiller
[2012/01/16 09:10:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fletcb\Desktop\GooredFix Backups
[2012/01/16 09:00:40 | 000,000,000 | ---D | C] -- C:\_OTM
[2012/01/16 08:59:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/01/16 08:58:34 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/01/16 08:58:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2012/01/16 08:57:32 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\fletcb\Desktop\GooredFix.exe
[2012/01/16 08:57:13 | 000,523,264 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\fletcb\Desktop\OTM.exe
[2012/01/16 08:56:58 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\fletcb\Desktop\erunt-setup.exe
[2012/01/16 08:50:43 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\fletcb\Recent
[2012/01/16 08:34:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2012/01/16 08:31:27 | 003,562,624 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\fletcb\My Documents\ccsetup314.exe
[2012/01/16 08:13:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fletcb\Application Data\Malwarebytes
[2012/01/16 08:13:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/16 08:13:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/01/16 08:13:14 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/01/16 08:13:14 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/01/13 16:20:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fletcb\Local Settings\Application Data\ESET
[2012/01/10 11:31:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fletcb\Local Settings\Application Data\AskToolbar
[2012/01/10 09:33:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fletcb\Start Menu\Programs\Password Spectator
[2012/01/10 09:33:34 | 000,000,000 | ---D | C] -- C:\Program Files\Password Spectator
[2012/01/09 13:26:17 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[1998/12/09 02:53:54 | 000,186,368 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRAREG.DLL
[1998/12/09 02:53:54 | 000,099,840 | ---- | C] (Symantec Corp.) -- C:\Program Files\Common Files\IRAABOUT.DLL
[1998/12/09 02:53:54 | 000,070,144 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRAMDMTR.DLL
[1998/12/09 02:53:54 | 000,048,640 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRALPTTR.DLL
[1998/12/09 02:53:54 | 000,031,744 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRAWEBTR.DLL
[1998/12/09 02:53:54 | 000,017,920 | ---- | C] (Symantec Corp.) -- C:\Program Files\Common Files\IRASRIAL.DLL
[25 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/16 09:21:01 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2012/01/16 09:18:47 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\fletcb\Desktop\OTL.exe
[2012/01/16 09:18:24 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/01/16 09:11:09 | 000,001,909 | ---- | M] () -- C:\WINDOWS\winzip32.ini
[2012/01/16 09:09:16 | 000,000,216 | ---- | M] () -- C:\WINDOWS\hpbafd.ini
[2012/01/16 09:08:31 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/16 09:08:18 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/16 09:06:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/16 09:06:04 | 1063,399,424 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/16 08:58:44 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\fletcb\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/01/16 08:58:34 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\fletcb\Desktop\NTREGOPT.lnk
[2012/01/16 08:58:34 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\fletcb\Desktop\ERUNT.lnk
[2012/01/16 08:58:32 | 001,953,112 | ---- | M] () -- C:\Documents and Settings\fletcb\Desktop\tdsskiller.zip
[2012/01/16 08:57:41 | 000,002,491 | ---- | M] () -- C:\Documents and Settings\fletcb\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word.lnk
[2012/01/16 08:57:32 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\fletcb\Desktop\GooredFix.exe
[2012/01/16 08:57:18 | 000,523,264 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\fletcb\Desktop\OTM.exe
[2012/01/16 08:57:04 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\fletcb\Desktop\erunt-setup.exe
[2012/01/16 08:39:19 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/16 08:34:12 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/01/16 08:32:58 | 003,562,624 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\fletcb\My Documents\ccsetup314.exe
[2012/01/16 08:13:26 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/16 08:07:15 | 000,001,507 | ---- | M] () -- C:\Documents and Settings\fletcb\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Explorer.lnk
[2012/01/14 06:41:12 | 000,000,045 | ---- | M] () -- C:\WINDOWS\ptw.cfg
[2012/01/14 06:41:11 | 000,001,309 | ---- | M] () -- C:\WINDOWS\PTW_PRT1.CFG
[2012/01/14 06:41:11 | 000,000,259 | ---- | M] () -- C:\WINDOWS\PTW_PRT2.CFG
[2012/01/09 13:25:46 | 000,000,844 | ---- | M] () -- C:\Documents and Settings\fletcb\Application Data\Microsoft\Internet Explorer\Quick Launch\GOM Player.lnk
[2012/01/09 13:25:46 | 000,000,826 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\GOM Player.lnk
[2012/01/09 13:24:06 | 000,003,584 | ---- | M] () -- C:\Documents and Settings\fletcb\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/04 09:17:22 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\fletcb\Desktop\01 January Planning Files.lnk
[25 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/16 09:06:04 | 1063,399,424 | -HS- | C] () -- C:\hiberfil.sys
[2012/01/16 08:58:44 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\fletcb\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/01/16 08:58:34 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\fletcb\Desktop\NTREGOPT.lnk
[2012/01/16 08:58:34 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\fletcb\Desktop\ERUNT.lnk
[2012/01/16 08:58:31 | 001,953,112 | ---- | C] () -- C:\Documents and Settings\fletcb\Desktop\tdsskiller.zip
[2012/01/16 08:34:12 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/01/16 08:13:26 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/14 06:36:45 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/01/09 13:26:20 | 000,000,236 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2012/01/04 09:17:22 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\fletcb\Desktop\01 January Planning Files.lnk
[2011/06/02 13:09:18 | 000,140,288 | ---- | C] () -- C:\WINDOWS\System32\NLRemCmdSvc.exe
[2009/03/19 15:05:59 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\fletcb\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/07/01 08:04:40 | 000,035,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\epfwtdir.sys
[2007/11/05 12:41:11 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini
[2007/08/15 13:34:08 | 000,000,147 | ---- | C] () -- C:\WINDOWS\avgagent.ini
[2006/11/24 07:53:46 | 000,000,216 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2006/11/23 15:47:37 | 000,001,909 | ---- | C] () -- C:\WINDOWS\winzip32.ini
[2006/11/23 15:36:42 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/11/23 15:36:42 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2006/11/23 15:36:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI
[2006/11/23 15:16:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2006/05/26 13:28:08 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/05/26 13:11:50 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2006/05/26 13:10:36 | 000,000,474 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/11 16:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 16:19:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/11 16:12:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/11 16:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 16:07:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/11 16:06:43 | 000,173,080 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/11 16:00:45 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2004/08/11 16:00:45 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2004/08/11 16:00:45 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2004/08/11 16:00:45 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2004/08/11 16:00:45 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2004/08/11 16:00:36 | 001,033,728 | ---- | C] () -- C:\WINDOWS\expl.dat
[2004/08/11 16:00:36 | 000,507,904 | ---- | C] () -- C:\WINDOWS\System32\winl.dat
[2004/08/11 16:00:36 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\svch.dat
[2004/08/11 16:00:30 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/11 16:00:28 | 000,381,692 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/11 16:00:28 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/11 16:00:28 | 000,053,436 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/11 16:00:28 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/11 16:00:27 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/11 16:00:26 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/11 16:00:24 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/11 16:00:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/11 16:00:19 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/11 16:00:12 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/11 16:00:04 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2000/10/20 13:25:36 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\acdbres.dll
[1999/01/22 18:46:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2008/08/18 10:47:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg7
[2008/08/18 10:51:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2007/10/17 07:08:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fletcb\Application Data\AVG7
[2012/01/16 09:21:01 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
RKinner
Posted 19 January 2012 - 03:55 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on ComboFix to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Double click on TDSSKiller.exe (Vista or Win 7 must right click and Run As Admin)
If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Download aswMBR.exe ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
uncheck trace disk IO calls
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply



Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.



Run OTL

select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.


Ron
  • 0

#3
andyk68
Posted 22 January 2012 - 01:17 AM

andyk68

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
Here are my logs.

ComboFix 12-01-21.02 - fletcb 22/01/2012 14:43:18.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.347 [GMT 0:00]
Running from: c:\documents and settings\fletcb\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\auwmaaa.tmp
c:\documents and settings\All Users\Application Data\buwmaaa.tmp
c:\documents and settings\All Users\Application Data\cuwmaaa.tmp
c:\documents and settings\All Users\Application Data\duwmaaa.tmp
c:\documents and settings\All Users\Application Data\eibnaaa.tmp
c:\documents and settings\All Users\Application Data\euwmaaa.tmp
c:\documents and settings\All Users\Application Data\fibnaaa.tmp
c:\documents and settings\All Users\Application Data\hibnaaa.tmp
c:\documents and settings\All Users\Application Data\iibnaaa.tmp
c:\documents and settings\All Users\Application Data\khymaaa.tmp
c:\documents and settings\All Users\Application Data\lhymaaa.tmp
c:\documents and settings\All Users\Application Data\mhymaaa.tmp
c:\documents and settings\All Users\Application Data\nhymaaa.tmp
c:\documents and settings\All Users\Application Data\ohymaaa.tmp
c:\documents and settings\All Users\Application Data\qgvmaaa.tmp
c:\documents and settings\All Users\Application Data\rgvmaaa.tmp
c:\documents and settings\All Users\Application Data\sgvmaaa.tmp
c:\documents and settings\All Users\Application Data\tgvmaaa.tmp
c:\documents and settings\All Users\Application Data\ugvmaaa.tmp
c:\documents and settings\All Users\Application Data\uuzmaaa.tmp
c:\documents and settings\All Users\Application Data\vuzmaaa.tmp
c:\documents and settings\All Users\Application Data\wuzmaaa.tmp
c:\documents and settings\All Users\Application Data\xuzmaaa.tmp
c:\documents and settings\All Users\Application Data\yuzmaaa.tmp
c:\windows\expl.dat
c:\windows\system32\svch.dat
c:\windows\system32\winl.dat
.
Infected copy of c:\windows\system32\winlogon.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\winlogon.exe
.
Infected copy of c:\windows\system32\svchost.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\svchost.exe
.
c:\windows\explorer.exe . . . is infected!!
.
.
((((((((((((((((((((((((( Files Created from 2011-12-23 to 2012-01-23 )))))))))))))))))))))))))))))))
.
.
2012-01-16 09:00 . 2012-01-16 09:00 -------- d-----w- C:\_OTM
2012-01-16 08:58 . 2012-01-16 08:58 -------- d-----w- c:\program files\ERUNT
2012-01-16 08:13 . 2012-01-16 08:13 -------- d-----w- c:\documents and settings\fletcb\Application Data\Malwarebytes
2012-01-16 08:13 . 2012-01-16 08:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-01-16 08:13 . 2012-01-16 08:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-16 08:13 . 2011-12-10 15:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-14 06:10 . 2012-01-17 09:27 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\AskToolbar
2012-01-13 16:20 . 2012-01-13 16:20 -------- d-----w- c:\documents and settings\fletcb\Local Settings\Application Data\ESET
2012-01-10 09:33 . 2012-01-10 09:33 -------- d-----w- c:\program files\Password Spectator
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-17 09:38 . 2011-07-28 08:30 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-25 21:57 . 2004-08-11 16:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2004-08-11 16:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2004-08-11 16:00 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21 . 2004-08-11 16:00 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2004-08-11 16:00 152064 ----a-w- c:\windows\system32\schannel.dll
2011-11-10 05:54 . 2011-06-22 08:58 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-10 03:27 . 2007-07-04 10:34 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-11-03 15:28 . 2004-08-11 16:00 386048 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:28 . 2004-08-11 16:00 1292288 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 16:07 . 2004-08-11 16:00 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-31 23:43 . 2004-08-11 16:00 832512 ----a-w- c:\windows\system32\wininet.dll
2011-10-31 23:43 . 2004-08-11 16:00 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2011-10-31 23:43 . 2004-08-11 16:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-10-31 23:43 . 2004-08-11 16:00 17408 ----a-w- c:\windows\system32\corpol.dll
2011-10-28 05:31 . 2004-08-11 16:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37 . 2004-08-11 16:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2004-08-03 21:59 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
1998-12-09 02:53 . 1998-12-09 02:53 99840 ----a-w- c:\program files\Common Files\IRAABOUT.DLL
1998-12-09 02:53 . 1998-12-09 02:53 70144 ----a-w- c:\program files\Common Files\IRAMDMTR.DLL
1998-12-09 02:53 . 1998-12-09 02:53 48640 ----a-w- c:\program files\Common Files\IRALPTTR.DLL
1998-12-09 02:53 . 1998-12-09 02:53 31744 ----a-w- c:\program files\Common Files\IRAWEBTR.DLL
1998-12-09 02:53 . 1998-12-09 02:53 186368 ----a-w- c:\program files\Common Files\IRAREG.DLL
1998-12-09 02:53 . 1998-12-09 02:53 17920 ----a-w- c:\program files\Common Files\IRASRIAL.DLL
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 . DBD3103371FB897BB009348BA1AD9333 . 545280 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[7] 2004-08-04 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe
.
[7] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2008-04-14 . 1852A19B834058F489F85EB520A88D15 . 39936 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe
[7] 2004-08-04 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\svchost.exe
.
[7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2008-04-14 . EC4C168CF2E4AAF60848C5C7CFC02BD0 . 1058816 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-15 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-10-07 1461080]
"ESEMC"="c:\program files\EM Client\esemc.exe" [2010-07-23 147456]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\fletcb\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
Symantec Fax Starter Edition Port.lnk - c:\program files\Microsoft Office\Office\1033\OLFSNT40.EXE [1998-12-23 45568]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [01/07/2008 08:04 35168]
R2 avgagent;AVG7 Remote Support Service (AvgAgent);avgagent.exe /srvfsys --> avgagent.exe [?]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [07/10/2009 08:16 472280]
R2 NMEmployeesAgent;Net Monitor for Employees Agent;c:\windows\system32\nlnme\NLSAgentSvc.exe [02/06/2011 13:09 1227952]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [01/02/2010 10:54 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [01/02/2010 10:54 135664]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 10:54]
.
2012-01-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 10:54]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
TCP: DhcpNameServer = 10.12.32.21
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-23 06:55
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3116)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\avgagent.exe
c:\program files\Java\jre6\bin\jqs.exe
.
**************************************************************************
.
Completion time: 2012-01-23 06:59:22 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-23 06:59
.
Pre-Run: 65,642,577,920 bytes free
Post-Run: 66,274,074,624 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - AAD964EBC5B69D18C1AA133E47486C1E


07:06:05.0900 3648 TDSS rootkit removing tool 2.7.6.0 Jan 19 2012 13:09:04
07:06:06.0150 3648 ============================================================
07:06:06.0150 3648 Current date / time: 2012/01/23 07:06:06.0150
07:06:06.0150 3648 SystemInfo:
07:06:06.0150 3648
07:06:06.0150 3648 OS Version: 5.1.2600 ServicePack: 3.0
07:06:06.0166 3648 Product type: Workstation
07:06:06.0166 3648 ComputerName: ESFWX000081
07:06:06.0166 3648 UserName: fletcb
07:06:06.0166 3648 Windows directory: C:\WINDOWS
07:06:06.0166 3648 System windows directory: C:\WINDOWS
07:06:06.0166 3648 Processor architecture: Intel x86
07:06:06.0166 3648 Number of processors: 2
07:06:06.0166 3648 Page size: 0x1000
07:06:06.0166 3648 Boot type: Normal boot
07:06:06.0166 3648 ============================================================
07:06:07.0963 3648 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
07:06:07.0994 3648 Initialize success
07:06:34.0822 3712 ============================================================
07:06:34.0822 3712 Scan started
07:06:34.0822 3712 Mode: Manual;
07:06:34.0822 3712 ============================================================
07:06:35.0072 3712 Abiosdsk - ok
07:06:35.0150 3712 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
07:06:35.0166 3712 abp480n5 - ok
07:06:35.0244 3712 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
07:06:35.0306 3712 ACPI - ok
07:06:35.0338 3712 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
07:06:35.0338 3712 ACPIEC - ok
07:06:35.0400 3712 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
07:06:35.0416 3712 adpu160m - ok
07:06:35.0463 3712 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
07:06:35.0478 3712 aec - ok
07:06:35.0525 3712 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
07:06:35.0525 3712 AFD - ok
07:06:35.0588 3712 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
07:06:35.0588 3712 agp440 - ok
07:06:35.0603 3712 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
07:06:35.0635 3712 agpCPQ - ok
07:06:35.0650 3712 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
07:06:35.0666 3712 Aha154x - ok
07:06:35.0681 3712 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
07:06:35.0713 3712 aic78u2 - ok
07:06:35.0728 3712 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
07:06:35.0744 3712 aic78xx - ok
07:06:35.0791 3712 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
07:06:35.0806 3712 AliIde - ok
07:06:35.0853 3712 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
07:06:35.0869 3712 alim1541 - ok
07:06:35.0947 3712 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
07:06:35.0963 3712 amdagp - ok
07:06:36.0010 3712 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
07:06:36.0025 3712 amsint - ok
07:06:36.0072 3712 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
07:06:36.0119 3712 asc - ok
07:06:36.0135 3712 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
07:06:36.0150 3712 asc3350p - ok
07:06:36.0166 3712 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
07:06:36.0181 3712 asc3550 - ok
07:06:36.0244 3712 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
07:06:36.0260 3712 AsyncMac - ok
07:06:36.0306 3712 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
07:06:36.0306 3712 atapi - ok
07:06:36.0322 3712 Atdisk - ok
07:06:36.0385 3712 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
07:06:36.0400 3712 Atmarpc - ok
07:06:36.0494 3712 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
07:06:36.0510 3712 audstub - ok
07:06:36.0572 3712 b57w2k (241474d01380e9ed41d4c07f4f5fd401) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
07:06:36.0603 3712 b57w2k - ok
07:06:36.0666 3712 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
07:06:36.0666 3712 Beep - ok
07:06:36.0666 3712 catchme - ok
07:06:36.0728 3712 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
07:06:36.0744 3712 cbidf - ok
07:06:36.0760 3712 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
07:06:36.0760 3712 cbidf2k - ok
07:06:36.0775 3712 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
07:06:36.0806 3712 cd20xrnt - ok
07:06:36.0822 3712 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
07:06:36.0838 3712 Cdaudio - ok
07:06:36.0885 3712 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
07:06:36.0916 3712 Cdfs - ok
07:06:36.0978 3712 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
07:06:36.0994 3712 Cdrom - ok
07:06:37.0010 3712 Changer - ok
07:06:37.0041 3712 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
07:06:37.0072 3712 CmdIde - ok
07:06:37.0119 3712 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
07:06:37.0135 3712 Cpqarray - ok
07:06:37.0166 3712 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
07:06:37.0181 3712 dac2w2k - ok
07:06:37.0244 3712 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
07:06:37.0275 3712 dac960nt - ok
07:06:37.0291 3712 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
07:06:37.0306 3712 Disk - ok
07:06:37.0400 3712 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
07:06:37.0494 3712 dmboot - ok
07:06:37.0525 3712 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
07:06:37.0572 3712 dmio - ok
07:06:37.0572 3712 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
07:06:37.0603 3712 dmload - ok
07:06:37.0619 3712 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
07:06:37.0619 3712 DMusic - ok
07:06:37.0650 3712 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
07:06:37.0681 3712 dpti2o - ok
07:06:37.0728 3712 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
07:06:37.0728 3712 drmkaud - ok
07:06:37.0760 3712 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
07:06:37.0806 3712 E100B - ok
07:06:37.0916 3712 eamon (a777d095402b31b0aafe7f19c89fb3a1) C:\WINDOWS\system32\DRIVERS\eamon.sys
07:06:37.0931 3712 eamon - ok
07:06:37.0978 3712 easdrv (e6dffb60bdbd91749eab4d45bc8926a9) C:\WINDOWS\system32\DRIVERS\easdrv.sys
07:06:37.0994 3712 easdrv - ok
07:06:38.0041 3712 epfwtdir (bb2e195088af3f6091ef9f8e42f0581f) C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
07:06:38.0041 3712 epfwtdir - ok
07:06:38.0072 3712 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
07:06:38.0088 3712 Fastfat - ok
07:06:38.0150 3712 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
07:06:38.0181 3712 Fdc - ok
07:06:38.0228 3712 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
07:06:38.0244 3712 Fips - ok
07:06:38.0260 3712 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
07:06:38.0291 3712 Flpydisk - ok
07:06:38.0322 3712 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
07:06:38.0338 3712 FltMgr - ok
07:06:38.0353 3712 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
07:06:38.0369 3712 Fs_Rec - ok
07:06:38.0416 3712 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
07:06:38.0431 3712 Ftdisk - ok
07:06:38.0510 3712 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
07:06:38.0525 3712 Gpc - ok
07:06:38.0541 3712 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
07:06:38.0572 3712 HidUsb - ok
07:06:38.0619 3712 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
07:06:38.0635 3712 hpn - ok
07:06:38.0697 3712 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
07:06:38.0697 3712 HTTP - ok
07:06:38.0713 3712 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
07:06:38.0744 3712 i2omgmt - ok
07:06:38.0744 3712 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
07:06:38.0775 3712 i2omp - ok
07:06:38.0791 3712 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
07:06:38.0822 3712 i8042prt - ok
07:06:38.0931 3712 ialm (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
07:06:38.0963 3712 ialm - ok
07:06:38.0978 3712 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
07:06:39.0010 3712 Imapi - ok
07:06:39.0072 3712 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
07:06:39.0088 3712 ini910u - ok
07:06:39.0135 3712 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
07:06:39.0150 3712 IntelIde - ok
07:06:39.0181 3712 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
07:06:39.0213 3712 intelppm - ok
07:06:39.0228 3712 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
07:06:39.0228 3712 Ip6Fw - ok
07:06:39.0291 3712 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
07:06:39.0322 3712 IpFilterDriver - ok
07:06:39.0338 3712 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
07:06:39.0353 3712 IpInIp - ok
07:06:39.0431 3712 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
07:06:39.0463 3712 IpNat - ok
07:06:39.0525 3712 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
07:06:39.0525 3712 IPSec - ok
07:06:39.0541 3712 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
07:06:39.0572 3712 IRENUM - ok
07:06:39.0588 3712 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
07:06:39.0603 3712 isapnp - ok
07:06:39.0635 3712 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
07:06:39.0635 3712 Kbdclass - ok
07:06:39.0650 3712 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
07:06:39.0666 3712 kbdhid - ok
07:06:39.0697 3712 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
07:06:39.0697 3712 kmixer - ok
07:06:39.0744 3712 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
07:06:39.0775 3712 KSecDD - ok
07:06:39.0791 3712 lbrtfdc - ok
07:06:39.0806 3712 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
07:06:39.0838 3712 mnmdd - ok
07:06:39.0869 3712 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
07:06:39.0900 3712 Modem - ok
07:06:39.0900 3712 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
07:06:39.0931 3712 Mouclass - ok
07:06:39.0963 3712 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
07:06:39.0978 3712 mouhid - ok
07:06:40.0010 3712 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
07:06:40.0041 3712 MountMgr - ok
07:06:40.0072 3712 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
07:06:40.0103 3712 mraid35x - ok
07:06:40.0119 3712 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
07:06:40.0166 3712 MRxDAV - ok
07:06:40.0228 3712 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
07:06:40.0228 3712 MRxSmb - ok
07:06:40.0244 3712 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
07:06:40.0260 3712 Msfs - ok
07:06:40.0306 3712 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
07:06:40.0322 3712 MSKSSRV - ok
07:06:40.0338 3712 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
07:06:40.0369 3712 MSPCLOCK - ok
07:06:40.0369 3712 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
07:06:40.0400 3712 MSPQM - ok
07:06:40.0431 3712 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
07:06:40.0447 3712 mssmbios - ok
07:06:40.0494 3712 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
07:06:40.0494 3712 Mup - ok
07:06:40.0525 3712 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
07:06:40.0525 3712 NDIS - ok
07:06:40.0556 3712 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
07:06:40.0572 3712 NdisTapi - ok
07:06:40.0572 3712 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
07:06:40.0603 3712 Ndisuio - ok
07:06:40.0650 3712 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
07:06:40.0681 3712 NdisWan - ok
07:06:40.0728 3712 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
07:06:40.0760 3712 NDProxy - ok
07:06:40.0806 3712 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
07:06:40.0838 3712 NetBIOS - ok
07:06:40.0900 3712 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
07:06:40.0916 3712 NetBT - ok
07:06:41.0025 3712 nmwcd (c82f4cc10ad315b6d6bcb14d0a7cad66) C:\WINDOWS\system32\drivers\ccdcmb.sys
07:06:41.0056 3712 nmwcd - ok
07:06:41.0072 3712 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
07:06:41.0088 3712 Npfs - ok
07:06:41.0135 3712 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
07:06:41.0150 3712 Ntfs - ok
07:06:41.0166 3712 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
07:06:41.0166 3712 Null - ok
07:06:41.0260 3712 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
07:06:41.0322 3712 nv - ok
07:06:41.0338 3712 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
07:06:41.0353 3712 NwlnkFlt - ok
07:06:41.0369 3712 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
07:06:41.0400 3712 NwlnkFwd - ok
07:06:41.0463 3712 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
07:06:41.0494 3712 Parport - ok
07:06:41.0510 3712 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
07:06:41.0525 3712 PartMgr - ok
07:06:41.0556 3712 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
07:06:41.0588 3712 ParVdm - ok
07:06:41.0603 3712 PCANDIS5 (2f9806b52cb3748b1e49222744b28e3c) C:\WINDOWS\system32\PCANDIS5.SYS
07:06:41.0635 3712 PCANDIS5 - ok
07:06:41.0650 3712 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
07:06:41.0681 3712 PCI - ok
07:06:41.0681 3712 PCIDump - ok
07:06:41.0713 3712 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
07:06:41.0728 3712 PCIIde - ok
07:06:41.0744 3712 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
07:06:41.0806 3712 Pcmcia - ok
07:06:41.0806 3712 PDCOMP - ok
07:06:41.0822 3712 PDFRAME - ok
07:06:41.0822 3712 PDRELI - ok
07:06:41.0838 3712 PDRFRAME - ok
07:06:41.0869 3712 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
07:06:41.0900 3712 perc2 - ok
07:06:41.0916 3712 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
07:06:41.0947 3712 perc2hib - ok
07:06:41.0978 3712 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
07:06:42.0010 3712 PptpMiniport - ok
07:06:42.0010 3712 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
07:06:42.0056 3712 PSched - ok
07:06:42.0088 3712 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
07:06:42.0103 3712 Ptilink - ok
07:06:42.0135 3712 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
07:06:42.0181 3712 ql1080 - ok
07:06:42.0197 3712 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
07:06:42.0213 3712 Ql10wnt - ok
07:06:42.0275 3712 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
07:06:42.0306 3712 ql12160 - ok
07:06:42.0369 3712 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
07:06:42.0416 3712 ql1240 - ok
07:06:42.0447 3712 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
07:06:42.0463 3712 ql1280 - ok
07:06:42.0510 3712 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
07:06:42.0541 3712 RasAcd - ok
07:06:42.0556 3712 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
07:06:42.0572 3712 Rasl2tp - ok
07:06:42.0588 3712 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
07:06:42.0619 3712 RasPppoe - ok
07:06:42.0619 3712 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
07:06:42.0650 3712 Raspti - ok
07:06:42.0666 3712 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
07:06:42.0744 3712 Rdbss - ok
07:06:42.0760 3712 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
07:06:42.0791 3712 RDPCDD - ok
07:06:42.0838 3712 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
07:06:42.0869 3712 rdpdr - ok
07:06:42.0931 3712 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
07:06:42.0931 3712 RDPWD - ok
07:06:42.0994 3712 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
07:06:43.0025 3712 redbook - ok
07:06:43.0088 3712 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
07:06:43.0119 3712 Secdrv - ok
07:06:43.0197 3712 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
07:06:43.0213 3712 senfilt - ok
07:06:43.0228 3712 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
07:06:43.0244 3712 serenum - ok
07:06:43.0275 3712 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
07:06:43.0306 3712 Serial - ok
07:06:43.0322 3712 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
07:06:43.0338 3712 Sfloppy - ok
07:06:43.0353 3712 Simbad - ok
07:06:43.0416 3712 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
07:06:43.0431 3712 sisagp - ok
07:06:43.0463 3712 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys
07:06:43.0478 3712 smwdm - ok
07:06:43.0510 3712 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
07:06:43.0525 3712 Sparrow - ok
07:06:43.0556 3712 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
07:06:43.0588 3712 splitter - ok
07:06:43.0650 3712 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
07:06:43.0666 3712 sr - ok
07:06:43.0744 3712 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
07:06:43.0744 3712 Srv - ok
07:06:43.0791 3712 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
07:06:43.0806 3712 swenum - ok
07:06:43.0916 3712 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
07:06:43.0916 3712 swmidi - ok
07:06:43.0963 3712 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
07:06:43.0978 3712 symc810 - ok
07:06:43.0994 3712 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
07:06:44.0010 3712 symc8xx - ok
07:06:44.0025 3712 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
07:06:44.0041 3712 sym_hi - ok
07:06:44.0056 3712 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
07:06:44.0088 3712 sym_u3 - ok
07:06:44.0119 3712 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
07:06:44.0119 3712 sysaudio - ok
07:06:44.0181 3712 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
07:06:44.0181 3712 Tcpip - ok
07:06:44.0228 3712 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
07:06:44.0260 3712 TDPIPE - ok
07:06:44.0275 3712 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
07:06:44.0306 3712 TDTCP - ok
07:06:44.0338 3712 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
07:06:44.0400 3712 TermDD - ok
07:06:44.0431 3712 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
07:06:44.0447 3712 TosIde - ok
07:06:44.0478 3712 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
07:06:44.0510 3712 Udfs - ok
07:06:44.0510 3712 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
07:06:44.0588 3712 ultra - ok
07:06:44.0650 3712 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
07:06:44.0697 3712 Update - ok
07:06:44.0775 3712 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
07:06:44.0791 3712 usbccgp - ok
07:06:44.0885 3712 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
07:06:44.0900 3712 usbehci - ok
07:06:44.0916 3712 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
07:06:44.0931 3712 usbhub - ok
07:06:44.0978 3712 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
07:06:44.0994 3712 usbscan - ok
07:06:45.0025 3712 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
07:06:45.0041 3712 USBSTOR - ok
07:06:45.0088 3712 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
07:06:45.0119 3712 usbuhci - ok
07:06:45.0166 3712 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
07:06:45.0181 3712 VgaSave - ok
07:06:45.0213 3712 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
07:06:45.0260 3712 viaagp - ok
07:06:45.0291 3712 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
07:06:45.0306 3712 ViaIde - ok
07:06:45.0322 3712 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
07:06:45.0322 3712 VolSnap - ok
07:06:45.0369 3712 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
07:06:45.0385 3712 Wanarp - ok
07:06:45.0463 3712 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
07:06:45.0525 3712 Wdf01000 - ok
07:06:45.0525 3712 WDICA - ok
07:06:45.0588 3712 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
07:06:45.0588 3712 wdmaud - ok
07:06:45.0650 3712 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
07:06:45.0666 3712 WS2IFSL - ok
07:06:45.0713 3712 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
07:06:45.0931 3712 \Device\Harddisk0\DR0 - ok
07:06:45.0931 3712 Boot (0x1200) (883481f7ed2f1f7b90451ba9ab809892) \Device\Harddisk0\DR0\Partition0
07:06:45.0931 3712 \Device\Harddisk0\DR0\Partition0 - ok
07:06:45.0931 3712 ============================================================
07:06:45.0931 3712 Scan finished
07:06:45.0931 3712 ============================================================
07:06:45.0947 1720 Detected object count: 0
07:06:45.0947 1720 Actual detected object count: 0


07:08:20.0728 2300 TDSS rootkit removing tool 2.7.6.0 Jan 19 2012 13:09:04
07:08:20.0978 2300 ============================================================
07:08:20.0978 2300 Current date / time: 2012/01/23 07:08:20.0978
07:08:20.0978 2300 SystemInfo:
07:08:20.0978 2300
07:08:20.0978 2300 OS Version: 5.1.2600 ServicePack: 3.0
07:08:20.0978 2300 Product type: Workstation
07:08:20.0978 2300 ComputerName: ESFWX000081
07:08:20.0978 2300 UserName: fletcb
07:08:20.0978 2300 Windows directory: C:\WINDOWS
07:08:20.0978 2300 System windows directory: C:\WINDOWS
07:08:20.0978 2300 Processor architecture: Intel x86
07:08:20.0978 2300 Number of processors: 2
07:08:20.0978 2300 Page size: 0x1000
07:08:20.0978 2300 Boot type: Normal boot
07:08:20.0978 2300 ============================================================
07:08:22.0728 2300 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
07:08:22.0775 2300 Initialize success
07:08:31.0041 2392 ============================================================
07:08:31.0041 2392 Scan started
07:08:31.0041 2392 Mode: Manual; SigCheck; TDLFS;
07:08:31.0041 2392 ============================================================
07:08:31.0338 2392 Abiosdsk - ok
07:08:31.0431 2392 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
07:08:31.0728 2392 abp480n5 - ok
07:08:31.0806 2392 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
07:08:31.0978 2392 ACPI - ok
07:08:32.0010 2392 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
07:08:32.0181 2392 ACPIEC - ok
07:08:32.0244 2392 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
07:08:32.0416 2392 adpu160m - ok
07:08:32.0447 2392 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
07:08:32.0619 2392 aec - ok
07:08:32.0666 2392 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
07:08:32.0728 2392 AFD - ok
07:08:32.0791 2392 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
07:08:32.0963 2392 agp440 - ok
07:08:32.0994 2392 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
07:08:33.0166 2392 agpCPQ - ok
07:08:33.0213 2392 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
07:08:33.0322 2392 Aha154x - ok
07:08:33.0385 2392 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
07:08:33.0572 2392 aic78u2 - ok
07:08:33.0603 2392 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
07:08:33.0760 2392 aic78xx - ok
07:08:33.0806 2392 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
07:08:33.0947 2392 AliIde - ok
07:08:33.0994 2392 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
07:08:34.0166 2392 alim1541 - ok
07:08:34.0213 2392 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
07:08:34.0400 2392 amdagp - ok
07:08:34.0447 2392 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
07:08:34.0510 2392 amsint - ok
07:08:34.0603 2392 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
07:08:34.0775 2392 asc - ok
07:08:34.0806 2392 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
07:08:34.0885 2392 asc3350p - ok
07:08:35.0103 2392 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
07:08:35.0275 2392 asc3550 - ok
07:08:35.0338 2392 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
07:08:35.0541 2392 AsyncMac - ok
07:08:35.0572 2392 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
07:08:35.0728 2392 atapi - ok
07:08:35.0744 2392 Atdisk - ok
07:08:35.0791 2392 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
07:08:35.0978 2392 Atmarpc - ok
07:08:36.0025 2392 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
07:08:36.0197 2392 audstub - ok
07:08:36.0228 2392 b57w2k (241474d01380e9ed41d4c07f4f5fd401) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
07:08:36.0275 2392 b57w2k - ok
07:08:36.0306 2392 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
07:08:36.0478 2392 Beep - ok
07:08:36.0494 2392 catchme - ok
07:08:36.0525 2392 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
07:08:36.0697 2392 cbidf - ok
07:08:36.0713 2392 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
07:08:36.0869 2392 cbidf2k - ok
07:08:36.0900 2392 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
07:08:36.0994 2392 cd20xrnt - ok
07:08:37.0025 2392 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
07:08:37.0181 2392 Cdaudio - ok
07:08:37.0181 2392 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
07:08:37.0338 2392 Cdfs - ok
07:08:37.0400 2392 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
07:08:37.0556 2392 Cdrom - ok
07:08:37.0603 2392 Changer - ok
07:08:37.0635 2392 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
07:08:37.0791 2392 CmdIde - ok
07:08:37.0838 2392 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
07:08:38.0010 2392 Cpqarray - ok
07:08:38.0072 2392 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
07:08:38.0244 2392 dac2w2k - ok
07:08:38.0275 2392 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
07:08:38.0447 2392 dac960nt - ok
07:08:38.0494 2392 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
07:08:38.0635 2392 Disk - ok
07:08:38.0713 2392 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
07:08:38.0916 2392 dmboot - ok
07:08:38.0963 2392 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
07:08:39.0119 2392 dmio - ok
07:08:39.0119 2392 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
07:08:39.0275 2392 dmload - ok
07:08:39.0306 2392 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
07:08:39.0463 2392 DMusic - ok
07:08:39.0510 2392 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
07:08:39.0666 2392 dpti2o - ok
07:08:39.0728 2392 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
07:08:39.0885 2392 drmkaud - ok
07:08:39.0931 2392 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
07:08:40.0103 2392 E100B - ok
07:08:40.0150 2392 eamon (a777d095402b31b0aafe7f19c89fb3a1) C:\WINDOWS\system32\DRIVERS\eamon.sys
07:08:40.0197 2392 eamon - ok
07:08:40.0260 2392 easdrv (e6dffb60bdbd91749eab4d45bc8926a9) C:\WINDOWS\system32\DRIVERS\easdrv.sys
07:08:40.0275 2392 easdrv - ok
07:08:40.0291 2392 epfwtdir (bb2e195088af3f6091ef9f8e42f0581f) C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
07:08:40.0306 2392 epfwtdir - ok
07:08:40.0322 2392 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
07:08:40.0478 2392 Fastfat - ok
07:08:40.0541 2392 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
07:08:40.0697 2392 Fdc - ok
07:08:40.0744 2392 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
07:08:40.0916 2392 Fips - ok
07:08:40.0947 2392 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
07:08:41.0103 2392 Flpydisk - ok
07:08:41.0166 2392 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
07:08:41.0338 2392 FltMgr - ok
07:08:41.0369 2392 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
07:08:41.0541 2392 Fs_Rec - ok
07:08:41.0572 2392 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
07:08:41.0728 2392 Ftdisk - ok
07:08:41.0775 2392 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
07:08:41.0947 2392 Gpc - ok
07:08:41.0963 2392 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
07:08:42.0103 2392 HidUsb - ok
07:08:42.0150 2392 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
07:08:42.0306 2392 hpn - ok
07:08:42.0369 2392 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
07:08:42.0447 2392 HTTP - ok
07:08:42.0447 2392 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
07:08:42.0635 2392 i2omgmt - ok
07:08:42.0650 2392 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
07:08:42.0822 2392 i2omp - ok
07:08:42.0853 2392 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
07:08:43.0010 2392 i8042prt - ok
07:08:43.0088 2392 ialm (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
07:08:43.0181 2392 ialm - ok
07:08:43.0228 2392 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
07:08:43.0385 2392 Imapi - ok
07:08:43.0400 2392 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
07:08:43.0572 2392 ini910u - ok
07:08:43.0588 2392 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
07:08:43.0744 2392 IntelIde - ok
07:08:43.0791 2392 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
07:08:43.0947 2392 intelppm - ok
07:08:44.0010 2392 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
07:08:44.0166 2392 Ip6Fw - ok
07:08:44.0197 2392 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
07:08:44.0353 2392 IpFilterDriver - ok
07:08:44.0385 2392 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
07:08:44.0541 2392 IpInIp - ok
07:08:44.0572 2392 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
07:08:44.0744 2392 IpNat - ok
07:08:44.0775 2392 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
07:08:44.0916 2392 IPSec - ok
07:08:44.0947 2392 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
07:08:45.0088 2392 IRENUM - ok
07:08:45.0135 2392 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
07:08:45.0291 2392 isapnp - ok
07:08:45.0322 2392 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
07:08:45.0494 2392 Kbdclass - ok
07:08:45.0494 2392 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
07:08:45.0666 2392 kbdhid - ok
07:08:45.0697 2392 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
07:08:45.0838 2392 kmixer - ok
07:08:45.0869 2392 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
07:08:45.0963 2392 KSecDD - ok
07:08:45.0978 2392 lbrtfdc - ok
07:08:46.0010 2392 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
07:08:46.0166 2392 mnmdd - ok
07:08:46.0166 2392 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
07:08:46.0338 2392 Modem - ok
07:08:46.0338 2392 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
07:08:46.0494 2392 Mouclass - ok
07:08:46.0541 2392 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
07:08:46.0713 2392 mouhid - ok
07:08:46.0728 2392 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
07:08:46.0900 2392 MountMgr - ok
07:08:46.0963 2392 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
07:08:47.0119 2392 mraid35x - ok
07:08:47.0166 2392 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
07:08:47.0306 2392 MRxDAV - ok
07:08:47.0369 2392 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
07:08:47.0431 2392 MRxSmb - ok
07:08:47.0447 2392 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
07:08:47.0588 2392 Msfs - ok
07:08:47.0650 2392 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
07:08:47.0791 2392 MSKSSRV - ok
07:08:47.0806 2392 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
07:08:47.0963 2392 MSPCLOCK - ok
07:08:47.0994 2392 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
07:08:48.0150 2392 MSPQM - ok
07:08:48.0181 2392 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
07:08:48.0322 2392 mssmbios - ok
07:08:48.0353 2392 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
07:08:48.0416 2392 Mup - ok
07:08:48.0447 2392 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
07:08:48.0588 2392 NDIS - ok
07:08:48.0635 2392 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
07:08:48.0666 2392 NdisTapi - ok
07:08:48.0697 2392 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
07:08:48.0853 2392 Ndisuio - ok
07:08:48.0916 2392 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
07:08:49.0072 2392 NdisWan - ok
07:08:49.0119 2392 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
07:08:49.0197 2392 NDProxy - ok
07:08:49.0228 2392 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
07:08:49.0385 2392 NetBIOS - ok
07:08:49.0431 2392 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
07:08:49.0588 2392 NetBT - ok
07:08:49.0666 2392 nmwcd (c82f4cc10ad315b6d6bcb14d0a7cad66) C:\WINDOWS\system32\drivers\ccdcmb.sys
07:08:49.0775 2392 nmwcd - ok
07:08:49.0838 2392 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
07:08:49.0994 2392 Npfs - ok
07:08:50.0025 2392 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
07:08:50.0197 2392 Ntfs - ok
07:08:50.0228 2392 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
07:08:50.0385 2392 Null - ok
07:08:50.0478 2392 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
07:08:50.0635 2392 nv - ok
07:08:50.0666 2392 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
07:08:50.0822 2392 NwlnkFlt - ok
07:08:50.0853 2392 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
07:08:50.0994 2392 NwlnkFwd - ok
07:08:51.0056 2392 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
07:08:51.0213 2392 Parport - ok
07:08:51.0213 2392 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
07:08:51.0385 2392 PartMgr - ok
07:08:51.0416 2392 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
07:08:51.0603 2392 ParVdm - ok
07:08:51.0635 2392 PCANDIS5 (2f9806b52cb3748b1e49222744b28e3c) C:\WINDOWS\system32\PCANDIS5.SYS
07:08:51.0635 2392 PCANDIS5 ( UnsignedFile.Multi.Generic ) - warning
07:08:51.0635 2392 PCANDIS5 - detected UnsignedFile.Multi.Generic (1)
07:08:51.0650 2392 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
07:08:51.0853 2392 PCI - ok
07:08:51.0853 2392 PCIDump - ok
07:08:51.0885 2392 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
07:08:52.0056 2392 PCIIde - ok
07:08:52.0088 2392 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
07:08:52.0244 2392 Pcmcia - ok
07:08:52.0260 2392 PDCOMP - ok
07:08:52.0260 2392 PDFRAME - ok
07:08:52.0275 2392 PDRELI - ok
07:08:52.0291 2392 PDRFRAME - ok
07:08:52.0306 2392 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
07:08:52.0478 2392 perc2 - ok
07:08:52.0510 2392 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
07:08:52.0666 2392 perc2hib - ok
07:08:52.0728 2392 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
07:08:52.0869 2392 PptpMiniport - ok
07:08:52.0885 2392 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
07:08:53.0056 2392 PSched - ok
07:08:53.0088 2392 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
07:08:53.0260 2392 Ptilink - ok
07:08:53.0291 2392 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
07:08:53.0447 2392 ql1080 - ok
07:08:53.0525 2392 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
07:08:53.0681 2392 Ql10wnt - ok
07:08:53.0728 2392 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
07:08:53.0885 2392 ql12160 - ok
07:08:53.0885 2392 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
07:08:54.0025 2392 ql1240 - ok
07:08:54.0041 2392 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
07:08:54.0181 2392 ql1280 - ok
07:08:54.0213 2392 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
07:08:54.0369 2392 RasAcd - ok
07:08:54.0400 2392 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
07:08:54.0541 2392 Rasl2tp - ok
07:08:54.0588 2392 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
07:08:54.0744 2392 RasPppoe - ok
07:08:54.0760 2392 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
07:08:54.0900 2392 Raspti - ok
07:08:54.0947 2392 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
07:08:55.0103 2392 Rdbss - ok
07:08:55.0135 2392 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
07:08:55.0291 2392 RDPCDD - ok
07:08:55.0322 2392 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
07:08:55.0494 2392 rdpdr - ok
07:08:55.0541 2392 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
07:08:55.0572 2392 RDPWD - ok
07:08:55.0635 2392 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
07:08:55.0791 2392 redbook - ok
07:08:55.0869 2392 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
07:08:56.0041 2392 Secdrv - ok
07:08:56.0103 2392 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
07:08:56.0150 2392 senfilt - ok
07:08:56.0228 2392 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
07:08:56.0400 2392 serenum - ok
07:08:56.0431 2392 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
07:08:56.0588 2392 Serial - ok
07:08:56.0619 2392 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
07:08:56.0791 2392 Sfloppy - ok
07:08:56.0806 2392 Simbad - ok
07:08:56.0853 2392 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
07:08:56.0994 2392 sisagp - ok
07:08:57.0041 2392 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys
07:08:57.0072 2392 smwdm - ok
07:08:57.0135 2392 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
07:08:57.0213 2392 Sparrow - ok
07:08:57.0244 2392 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
07:08:57.0416 2392 splitter - ok
07:08:57.0447 2392 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
07:08:57.0603 2392 sr - ok
07:08:57.0650 2392 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
07:08:57.0713 2392 Srv - ok
07:08:57.0728 2392 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
07:08:57.0916 2392 swenum - ok
07:08:57.0963 2392 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
07:08:58.0119 2392 swmidi - ok
07:08:58.0135 2392 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
07:08:58.0275 2392 symc810 - ok
07:08:58.0275 2392 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
07:08:58.0447 2392 symc8xx - ok
07:08:58.0463 2392 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
07:08:58.0666 2392 sym_hi - ok
07:08:58.0666 2392 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
07:08:58.0806 2392 sym_u3 - ok
07:08:58.0838 2392 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
07:08:58.0978 2392 sysaudio - ok
07:08:59.0010 2392 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
07:08:59.0056 2392 Tcpip - ok
07:08:59.0088 2392 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
07:08:59.0244 2392 TDPIPE - ok
07:08:59.0291 2392 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
07:08:59.0447 2392 TDTCP - ok
07:08:59.0510 2392 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
07:08:59.0666 2392 TermDD - ok
07:08:59.0681 2392 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
07:08:59.0838 2392 TosIde - ok
07:08:59.0853 2392 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
07:09:00.0010 2392 Udfs - ok
07:09:00.0025 2392 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
07:09:00.0103 2392 ultra - ok
07:09:00.0166 2392 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
07:09:00.0322 2392 Update - ok
07:09:00.0369 2392 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
07:09:00.0509 2392 usbccgp - ok
07:09:00.0588 2392 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
07:09:00.0744 2392 usbehci - ok
07:09:00.0775 2392 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
07:09:00.0916 2392 usbhub - ok
07:09:00.0947 2392 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
07:09:01.0103 2392 usbscan - ok
07:09:01.0150 2392 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
07:09:01.0291 2392 USBSTOR - ok
07:09:01.0353 2392 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
07:09:01.0525 2392 usbuhci - ok
07:09:01.0556 2392 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
07:09:01.0697 2392 VgaSave - ok
07:09:01.0713 2392 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
07:09:01.0869 2392 viaagp - ok
07:09:01.0900 2392 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
07:09:02.0041 2392 ViaIde - ok
07:09:02.0072 2392 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
07:09:02.0244 2392 VolSnap - ok
07:09:02.0259 2392 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
07:09:02.0400 2392 Wanarp - ok
07:09:02.0478 2392 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
07:09:02.0494 2392 Wdf01000 - ok
07:09:02.0541 2392 WDICA - ok
07:09:02.0572 2392 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
07:09:02.0713 2392 wdmaud - ok
07:09:02.0775 2392 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
07:09:02.0916 2392 WS2IFSL - ok
07:09:02.0963 2392 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
07:09:03.0244 2392 \Device\Harddisk0\DR0 - ok
07:09:03.0244 2392 Boot (0x1200) (883481f7ed2f1f7b90451ba9ab809892) \Device\Harddisk0\DR0\Partition0
07:09:03.0259 2392 \Device\Harddisk0\DR0\Partition0 - ok
07:09:03.0259 2392 ============================================================
07:09:03.0259 2392 Scan finished
07:09:03.0259 2392 ============================================================
07:09:03.0369 2372 Detected object count: 1
07:09:03.0369 2372 Actual detected object count: 1
07:09:34.0321 2372 PCANDIS5 ( UnsignedFile.Multi.Generic ) - skipped by user
07:09:34.0321 2372 PCANDIS5 ( UnsignedFile.Multi.Generic ) - User select action: Skip


Fix Button Disabled on aswMBR

aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software
Run date: 2012-01-23 07:10:29
-----------------------------
07:10:29.383 OS Version: Windows 5.1.2600 Service Pack 3
07:10:29.383 Number of processors: 2 586 0x409
07:10:29.383 ComputerName: ESFWX000081 UserName: fletcb
07:10:29.711 Initialize success
07:11:00.820 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
07:11:00.820 Disk 0 Vendor: WDC_WD800JD-75MSA2 10.01E03 Size: 76293MB BusType: 3
07:11:00.820 Disk 0 MBR read successfully
07:11:00.820 Disk 0 MBR scan
07:11:00.820 Disk 0 Windows XP default MBR code
07:11:00.820 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
07:11:00.835 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 76245 MB offset 80325
07:11:00.835 Disk 0 scanning sectors +156232125
07:11:00.929 Disk 0 scanning C:\WINDOWS\system32\drivers
07:11:12.835 Service scanning
07:11:13.866 Modules scanning
07:11:17.694 Scan finished successfully
07:12:47.599 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\fletcb\Desktop\logs\MBR.dat"
07:12:47.599 The log file has been saved successfully to "C:\Documents and Settings\fletcb\Desktop\logs\aswMBR.txt"


Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.23.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.11
fletcb :: ESFWX000081 [administrator]

23/01/2012 07:20:47
mbam-log-2012-01-23 (07-20-47).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 213782
Time elapsed: 4 minute(s), 45 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

OTL logfile created on: 23/01/2012 07:28:59 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\fletcb\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1014.07 Mb Total Physical Memory | 542.51 Mb Available Physical Memory | 53.50% Memory free
2.85 Gb Paging File | 2.47 Gb Available in Paging File | 86.67% Paging File free
Paging file location(s): C:\pagefile.sys 2000 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.46 Gb Total Space | 61.72 Gb Free Space | 82.90% Space Free | Partition Type: NTFS
Drive M: | 273.22 Gb Total Space | 46.08 Gb Free Space | 16.87% Space Free | Partition Type: NTFS
Drive N: | 273.22 Gb Total Space | 46.08 Gb Free Space | 16.87% Space Free | Partition Type: NTFS
Drive O: | 273.22 Gb Total Space | 46.08 Gb Free Space | 16.87% Space Free | Partition Type: NTFS
Drive R: | 273.22 Gb Total Space | 46.08 Gb Free Space | 16.87% Space Free | Partition Type: NTFS

Computer Name: ESFWX000081 | User Name: fletcb | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/16 09:18:47 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\fletcb\Desktop\OTL.exe
PRC - [2011/06/02 12:48:55 | 001,227,952 | ---- | M] () -- C:\WINDOWS\system32\nlnme\NLSAgentSvc.exe
PRC - [2010/07/23 17:52:54 | 000,147,456 | ---- | M] (ExtraSpy) -- C:\Program Files\EM Client\esemc.exe
PRC - [2009/10/07 08:16:50 | 000,472,280 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2009/10/07 08:15:42 | 001,461,080 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2008/04/14 00:12:08 | 001,058,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/15 09:21:55 | 000,397,312 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\avgagent.exe
PRC - [1998/12/23 21:51:52 | 000,045,568 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE


========== Modules (No Company Name) ==========

MOD - [2011/06/02 12:48:55 | 001,227,952 | ---- | M] () -- C:\WINDOWS\system32\nlnme\NLSAgentSvc.exe


========== Win32 Services (SafeList) ==========

SRV - [2011/06/02 12:48:55 | 001,227,952 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\nlnme\NLSAgentSvc.exe -- (NMEmployeesAgent)
SRV - [2009/10/07 08:21:14 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/10/07 08:16:50 | 000,472,280 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2007/08/15 09:21:55 | 000,397,312 | ---- | M] (GRISOFT, s.r.o.) [Auto | Running] -- C:\WINDOWS\avgagent.exe -- (avgagent) AVG7 Remote Support Service (AvgAgent)


========== Driver Services (SafeList) ==========

DRV - [2009/10/07 08:18:36 | 000,035,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2009/10/07 08:12:22 | 000,054,184 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\easdrv.sys -- (easdrv)
DRV - [2009/10/07 08:11:10 | 000,040,824 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2008/05/02 10:58:12 | 000,017,536 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2007/01/17 11:40:13 | 000,017,134 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCANDIS5.sys -- (PCANDIS5)
DRV - [2005/04/01 08:52:46 | 000,132,608 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004/09/17 06:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)



O1 HOSTS File: ([2006/06/22 14:41:27 | 000,000,019 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [ESEMC] C:\Program Files\EM Client\esemc.exe (ExtraSpy)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\fletcb\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www.truprint....rintActivia.cab (Snapfish Activia)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.mail.liv...es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.12.32.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = sfpresto.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8461D909-68AC-4B62-B20D-B65F68F41BAC}: DhcpNameServer = 10.12.32.21
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 16:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/23 07:19:42 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/01/23 07:19:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/23 07:19:13 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/01/23 07:19:12 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/01/23 07:05:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fletcb\Desktop\logs
[2012/01/22 14:40:52 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/01/22 14:38:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/01/22 14:38:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/01/22 14:38:30 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/01/22 14:38:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/01/22 14:38:11 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/22 14:37:50 | 000,000,000 | R--D | C] -- C:\Documents and Settings\fletcb\My Documents\My Videos
[2012/01/22 14:37:50 | 000,000,000 | R--D | C] -- C:\Documents and Settings\fletcb\Start Menu\Programs\Administrative Tools
[2012/01/22 14:37:08 | 010,847,608 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\fletcb\Desktop\mbam-setup-1.60.0.1800.exe
[2012/01/22 14:37:07 | 004,388,509 | R--- | C] (Swearware) -- C:\Documents and Settings\fletcb\Desktop\ComboFix.exe
[2012/01/22 14:37:06 | 004,713,472 | ---- | C] (AVAST Software) -- C:\Documents and Settings\fletcb\Desktop\aswMBR.exe
[2012/01/17 09:40:44 | 002,054,448 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\fletcb\Desktop\tdsskiller.exe
[2012/01/16 09:18:32 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\fletcb\Desktop\OTL.exe
[2012/01/16 09:00:40 | 000,000,000 | ---D | C] -- C:\_OTM
[2012/01/16 08:59:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/01/16 08:58:34 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/01/16 08:58:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2012/01/16 08:57:32 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\fletcb\Desktop\GooredFix.exe
[2012/01/16 08:57:13 | 000,523,264 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\fletcb\Desktop\OTM.exe
[2012/01/16 08:56:58 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\fletcb\Desktop\erunt-setup.exe
[2012/01/16 08:50:43 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\fletcb\Recent
[2012/01/16 08:34:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2012/01/16 08:31:27 | 003,562,624 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\fletcb\My Documents\ccsetup314.exe
[2012/01/16 08:13:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fletcb\Application Data\Malwarebytes
[2012/01/16 08:13:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/01/16 08:10:06 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012/01/16 08:10:06 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012/01/16 08:10:06 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012/01/13 16:20:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fletcb\Local Settings\Application Data\ESET
[2012/01/10 09:33:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fletcb\Start Menu\Programs\Password Spectator
[2012/01/10 09:33:34 | 000,000,000 | ---D | C] -- C:\Program Files\Password Spectator
[1998/12/09 02:53:54 | 000,186,368 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRAREG.DLL
[1998/12/09 02:53:54 | 000,099,840 | ---- | C] (Symantec Corp.) -- C:\Program Files\Common Files\IRAABOUT.DLL
[1998/12/09 02:53:54 | 000,070,144 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRAMDMTR.DLL
[1998/12/09 02:53:54 | 000,048,640 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRALPTTR.DLL
[1998/12/09 02:53:54 | 000,031,744 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRAWEBTR.DLL
[1998/12/09 02:53:54 | 000,017,920 | ---- | C] (Symantec Corp.) -- C:\Program Files\Common Files\IRASRIAL.DLL
[3 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/23 07:19:19 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/23 07:17:49 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/23 07:17:43 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/23 07:15:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/23 07:15:39 | 1063,399,424 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/23 00:39:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/22 14:40:57 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/01/22 14:35:17 | 000,001,321 | ---- | M] () -- C:\WINDOWS\PTW_PRT1.CFG
[2012/01/22 14:35:17 | 000,000,271 | ---- | M] () -- C:\WINDOWS\PTW_PRT2.CFG
[2012/01/22 14:35:17 | 000,000,047 | ---- | M] () -- C:\WINDOWS\ptw.cfg
[2012/01/22 07:06:00 | 010,847,608 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\fletcb\Desktop\mbam-setup-1.60.0.1800.exe
[2012/01/22 07:04:40 | 004,388,509 | R--- | M] (Swearware) -- C:\Documents and Settings\fletcb\Desktop\ComboFix.exe
[2012/01/22 07:04:32 | 002,054,448 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\fletcb\Desktop\tdsskiller.exe
[2012/01/22 07:04:23 | 004,713,472 | ---- | M] (AVAST Software) -- C:\Documents and Settings\fletcb\Desktop\aswMBR.exe
[2012/01/21 09:49:59 | 000,000,207 | ---- | M] () -- C:\WINDOWS\hpbafd.ini
[2012/01/20 08:42:06 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/01/17 09:40:27 | 000,001,909 | ---- | M] () -- C:\WINDOWS\winzip32.ini
[2012/01/17 09:38:28 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/01/16 09:18:47 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\fletcb\Desktop\OTL.exe
[2012/01/16 08:58:44 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\fletcb\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/01/16 08:58:34 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\fletcb\Desktop\NTREGOPT.lnk
[2012/01/16 08:58:34 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\fletcb\Desktop\ERUNT.lnk
[2012/01/16 08:57:41 | 000,002,491 | ---- | M] () -- C:\Documents and Settings\fletcb\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word.lnk
[2012/01/16 08:57:32 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\fletcb\Desktop\GooredFix.exe
[2012/01/16 08:57:18 | 000,523,264 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\fletcb\Desktop\OTM.exe
[2012/01/16 08:57:04 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\fletcb\Desktop\erunt-setup.exe
[2012/01/16 08:34:12 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/01/16 08:32:58 | 003,562,624 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\fletcb\My Documents\ccsetup314.exe
[2012/01/16 08:07:15 | 000,001,507 | ---- | M] () -- C:\Documents and Settings\fletcb\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Explorer.lnk
[2012/01/09 13:25:46 | 000,000,844 | ---- | M] () -- C:\Documents and Settings\fletcb\Application Data\Microsoft\Internet Explorer\Quick Launch\GOM Player.lnk
[2012/01/09 13:25:46 | 000,000,826 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\GOM Player.lnk
[2012/01/09 13:24:06 | 000,003,584 | ---- | M] () -- C:\Documents and Settings\fletcb\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/04 09:17:22 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\fletcb\Desktop\01 January Planning Files.lnk
[3 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/23 07:19:19 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/22 14:40:57 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/01/22 14:40:53 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/01/22 14:38:30 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/01/22 14:38:30 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/01/22 14:38:30 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/01/22 14:38:30 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/01/22 14:38:30 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/01/16 09:06:04 | 1063,399,424 | -HS- | C] () -- C:\hiberfil.sys
[2012/01/16 08:58:44 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\fletcb\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/01/16 08:58:34 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\fletcb\Desktop\NTREGOPT.lnk
[2012/01/16 08:58:34 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\fletcb\Desktop\ERUNT.lnk
[2012/01/16 08:34:12 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/01/14 06:36:45 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/01/04 09:17:22 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\fletcb\Desktop\01 January Planning Files.lnk
[2011/06/02 13:09:18 | 000,140,288 | ---- | C] () -- C:\WINDOWS\System32\NLRemCmdSvc.exe
[2009/03/19 15:05:59 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\fletcb\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/07/01 08:04:40 | 000,035,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\epfwtdir.sys
[2007/11/05 12:41:11 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini
[2007/08/15 13:34:08 | 000,000,147 | ---- | C] () -- C:\WINDOWS\avgagent.ini
[2006/11/24 07:53:46 | 000,000,207 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2006/11/23 15:47:37 | 000,001,909 | ---- | C] () -- C:\WINDOWS\winzip32.ini
[2006/11/23 15:36:42 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/11/23 15:36:42 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2006/11/23 15:36:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI
[2006/11/23 15:16:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2006/05/26 13:28:08 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/05/26 13:11:50 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2006/05/26 13:10:36 | 000,000,474 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/11 16:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 16:19:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/11 16:12:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/11 16:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 16:07:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/11 16:06:43 | 000,173,080 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/11 16:00:30 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/11 16:00:28 | 000,381,692 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/11 16:00:28 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/11 16:00:28 | 000,053,436 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/11 16:00:28 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/11 16:00:27 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/11 16:00:26 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/11 16:00:24 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/11 16:00:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/11 16:00:19 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/11 16:00:12 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/11 16:00:04 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2000/10/20 13:25:36 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\acdbres.dll
[1999/01/22 18:46:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

< End of report >

OTL Extras logfile created on: 23/01/2012 07:28:59 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\fletcb\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1014.07 Mb Total Physical Memory | 542.51 Mb Available Physical Memory | 53.50% Memory free
2.85 Gb Paging File | 2.47 Gb Available in Paging File | 86.67% Paging File free
Paging file location(s): C:\pagefile.sys 2000 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.46 Gb Total Space | 61.72 Gb Free Space | 82.90% Space Free | Partition Type: NTFS
Drive M: | 273.22 Gb Total Space | 46.08 Gb Free Space | 16.87% Space Free | Partition Type: NTFS
Drive N: | 273.22 Gb Total Space | 46.08 Gb Free Space | 16.87% Space Free | Partition Type: NTFS
Drive O: | 273.22 Gb Total Space | 46.08 Gb Free Space | 16.87% Space Free | Partition Type: NTFS
Drive R: | 273.22 Gb Total Space | 46.08 Gb Free Space | 16.87% Space Free | Partition Type: NTFS

Computer Name: ESFWX000081 | User Name: fletcb | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- rundll32.exe C:\WINDOWS\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"6150:TCP" = 6150:TCP:*:Enabled:avgagent.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\WINDOWS\avgagent.exe" = C:\WINDOWS\avgagent.exe:*:Enabled:avgagent.exe -- (GRISOFT, s.r.o.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Professional
"{058B32E2-6310-4359-B2D4-1988390C3B83}" = Broadcom Advanced Control Suite
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{142BB1D2-2FE8-42CB-AB38-538D1600C508}_is1" = EM CLIENT
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1ECD6EC8-7BB2-4CD5-A384-BAA371BC4D21}" = Volo View Express
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 30
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90520409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Viewer 2003 (English)
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DE3F260-B88E-42CE-90E7-73C78C37D95E}" = 32 Bit HP BiDi Channel Components Installer
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{C10D6AB8-05BB-422D-AAE3-36D6E0381487}" = ESET NOD32 Antivirus
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AFPL Ghostscript 8.53" = AFPL Ghostscript 8.53
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"BullZip PDF Printer_is1" = BullZip PDF Printer 1.0.0.18
"CCleaner" = CCleaner
"CDex" = CDex - Open Source Digital Audio CD Extractor
"ERUNT_is1" = ERUNT 1.1j
"GOM Player" = GOM Player
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Password Spectator" = Password Spectator
"ST6UNST #1" = Outlook Express Quick Backup
"ST6UNST #2" = Outlook Express Quick Backup (C:\Program Files\Outlook Express Quick Backup\)
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinZip" = WinZip

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 22/01/2012 19:04:51 | Computer Name = ESFWX000081 | Source = Userenv | ID = 1058
Description = Windows cannot access the file gpt.ini for GPO CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=sfpresto,DC=com.
The file must be present at the location <\\sfpresto.com\sysvol\sfpresto.com\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini>.
(The specified network name is no longer available. ). Group Policy processing
aborted.

Error - 22/01/2012 19:04:51 | Computer Name = ESFWX000081 | Source = Userenv | ID = 1030
Description = Windows cannot query for the list of Group Policy objects. A message
that describes the reason for this was previously logged by the policy engine.

Error - 22/01/2012 20:50:37 | Computer Name = ESFWX000081 | Source = Userenv | ID = 1058
Description = Windows cannot access the file gpt.ini for GPO CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=sfpresto,DC=com.
The file must be present at the location <\\sfpresto.com\sysvol\sfpresto.com\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini>.
(The specified network name is no longer available. ). Group Policy processing
aborted.

Error - 22/01/2012 20:50:37 | Computer Name = ESFWX000081 | Source = Userenv | ID = 1030
Description = Windows cannot query for the list of Group Policy objects. A message
that describes the reason for this was previously logged by the policy engine.

Error - 23/01/2012 02:53:14 | Computer Name = ESFWX000081 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (A socket operation was attempted to an unreachable host. ). Group Policy
processing aborted.

Error - 23/01/2012 02:53:14 | Computer Name = ESFWX000081 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x80072751). A socket operation was attempted to an unreachable
host. Enrollment will not be performed.

Error - 23/01/2012 02:54:53 | Computer Name = ESFWX000081 | Source = Userenv | ID = 1058
Description = Windows cannot access the file gpt.ini for GPO CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=sfpresto,DC=com.
The file must be present at the location <\\sfpresto.com\sysvol\sfpresto.com\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini>.
(The specified network name is no longer available. ). Group Policy processing
aborted.

Error - 23/01/2012 02:54:53 | Computer Name = ESFWX000081 | Source = Userenv | ID = 1030
Description = Windows cannot query for the list of Group Policy objects. A message
that describes the reason for this was previously logged by the policy engine.

Error - 23/01/2012 03:17:15 | Computer Name = ESFWX000081 | Source = Userenv | ID = 1058
Description = Windows cannot access the file gpt.ini for GPO CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=sfpresto,DC=com.
The file must be present at the location <\\sfpresto.com\sysvol\sfpresto.com\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini>.
(The specified network name is no longer available. ). Group Policy processing
aborted.

Error - 23/01/2012 03:17:15 | Computer Name = ESFWX000081 | Source = Userenv | ID = 1030
Description = Windows cannot query for the list of Group Policy objects. A message
that describes the reason for this was previously logged by the policy engine.

[ System Events ]
Error - 16/01/2012 05:03:38 | Computer Name = ESFWX000081 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
easdrv Fips intelppm

Error - 16/01/2012 05:05:32 | Computer Name = ESFWX000081 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 19/01/2012 04:40:11 | Computer Name = ESFWX000081 | Source = DCOM | ID = 10010
Description = The server {4EB61BAC-A3B6-4760-9581-655041EF4D69} did not register
with DCOM within the required timeout.

Error - 21/01/2012 02:05:35 | Computer Name = ESFWX000081 | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain SFPRESTO due to the following:
%%1722. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.

Error - 21/01/2012 02:05:37 | Computer Name = ESFWX000081 | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC000011E'
while processing the file 'PTW_PRT2.CFG' on the volume 'HarddiskVolume2'. It has
stopped monitoring the volume.

Error - 21/01/2012 02:05:39 | Computer Name = ESFWX000081 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.

Error - 21/01/2012 02:05:48 | Computer Name = ESFWX000081 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.

Error - 23/01/2012 02:53:50 | Computer Name = ESFWX000081 | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain SFPRESTO due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.

Error - 23/01/2012 02:53:56 | Computer Name = ESFWX000081 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.

Error - 23/01/2012 02:53:59 | Computer Name = ESFWX000081 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.


< End of report >

Edited by andyk68, 23 January 2012 - 01:48 AM.

  • 0

#4
andyk68
Posted 23 January 2012 - 03:31 AM

andyk68

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
Sorry I forgot to mention, the ads are still playing in the background and there are still iexplore.exe instances running in task manager.
  • 0

#5
RKinner
Posted 23 January 2012 - 01:11 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Clear the Java Cache by following the instructions on
http://www.java.com/...lugin_cache.xml

Uninstall:
J2SE Runtime Environment 5.0 Update 11
Java™ SE Runtime Environment 6 Update 1
Java™ 6 Update 7
Java 2 Runtime Environment, SE v1.4.2_03


Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************
Killall::

DirLook::
C:\Program Files\Common
%user%\library

File::
C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

FCopy::
c:\windows\ServicePackFiles\i386\explorer.exe | c:\windows\system32\dllcache\explorer.exe
c:\windows\ServicePackFiles\i386\explorer.exe | C:\windows\explorer.exe
c:\windows\ServicePackFiles\i386\winlogon.exe | c:\windows\system32\dllcache\winlogon.exe
c:\windows\ServicePackFiles\i386\winlogon.exe | c:\windows\system32\winlogon.exe
c:\windows\ServicePackFiles\i386\svchost.exe | c:\windows\system32\dllcache\svchost.exe
c:\windows\ServicePackFiles\i386\svchost.exe | c:\windows\system32\svchost.exe

Driver::
avgagent

Folder::
C:\Documents and Settings\All Users\Application Data\avg7
C:\Documents and Settings\fletcb\Application Data\AVG7
C:\Program Files\Ask.com

******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag CFScript.txt over to Combofix and let go Combofix should start on its own. It should reboot when done. If you get an error about something being marked for deletion just reboot again and it should fix it.

Post the new log.

Ron
  • 0

#6
andyk68
Posted 24 January 2012 - 03:00 AM

andyk68

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
ComboFix 12-01-23.02 - fletcb 24/01/2012 7:32.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.560 [GMT 0:00]
Running from: c:\documents and settings\fletcb\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\fletcb\Desktop\CFscript.txt
AV: ESET NOD32 Antivirus 3.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
FILE ::
"c:\windows\Tasks\Scheduled Update for Ask Toolbar.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\pvcnaaa.tmp
c:\documents and settings\All Users\Application Data\rvcnaaa.tmp
c:\documents and settings\All Users\Application Data\svcnaaa.tmp
c:\windows\expl.dat
c:\windows\OLD353.tmp
c:\windows\OLD361.tmp
c:\windows\OLD369.tmp
c:\windows\OLD375.tmp
c:\windows\OLD382.tmp
c:\windows\OLD391.tmp
c:\windows\OLD39D.tmp
c:\windows\OLD3A9.tmp
c:\windows\OLD3B5.tmp
c:\windows\OLD3C1.tmp
c:\windows\OLD3CD.tmp
c:\windows\OLD3D9.tmp
c:\windows\OLD3E5.tmp
c:\windows\OLD3F1.tmp
c:\windows\OLD3FD.tmp
c:\windows\OLD409.tmp
c:\windows\OLD415.tmp
c:\windows\OLD41D.tmp
c:\windows\OLD425.tmp
c:\windows\OLD42D.tmp
c:\windows\OLD435.tmp
c:\windows\OLD43D.tmp
c:\windows\OLD445.tmp
c:\windows\OLD44D.tmp
c:\windows\OLD455.tmp
c:\windows\OLD45D.tmp
c:\windows\OLD465.tmp
c:\windows\OLD46D.tmp
c:\windows\OLD475.tmp
c:\windows\OLD47D.tmp
c:\windows\OLD485.tmp
c:\windows\OLD48D.tmp
c:\windows\OLD495.tmp
c:\windows\OLD49D.tmp
c:\windows\OLD4A5.tmp
c:\windows\OLD4AD.tmp
c:\windows\OLD4B5.tmp
c:\windows\OLD4B9.tmp
c:\windows\OLD4BD.tmp
c:\windows\OLD4C1.tmp
c:\windows\OLD4C5.tmp
c:\windows\OLD4C9.tmp
c:\windows\OLD4CD.tmp
c:\windows\OLD4D1.tmp
c:\windows\OLD4D5.tmp
c:\windows\OLD4D9.tmp
c:\windows\OLD4DD.tmp
c:\windows\OLD4E1.tmp
c:\windows\OLD4E5.tmp
c:\windows\OLD4E9.tmp
c:\windows\OLD4ED.tmp
c:\windows\OLD4F1.tmp
c:\windows\OLD4F5.tmp
c:\windows\OLD4F9.tmp
c:\windows\OLD4FD.tmp
c:\windows\OLD501.tmp
c:\windows\OLD505.tmp
c:\windows\OLD509.tmp
c:\windows\OLD50D.tmp
c:\windows\OLD511.tmp
c:\windows\OLD515.tmp
c:\windows\OLD519.tmp
c:\windows\OLD51D.tmp
c:\windows\OLD521.tmp
c:\windows\OLD525.tmp
c:\windows\OLD529.tmp
c:\windows\OLD52D.tmp
c:\windows\OLD531.tmp
c:\windows\OLD535.tmp
c:\windows\OLD539.tmp
c:\windows\OLD53D.tmp
c:\windows\OLD541.tmp
c:\windows\OLD545.tmp
c:\windows\OLD549.tmp
c:\windows\OLD54D.tmp
c:\windows\OLD551.tmp
c:\windows\OLD555.tmp
c:\windows\OLD559.tmp
c:\windows\OLD55D.tmp
c:\windows\OLD561.tmp
c:\windows\OLD565.tmp
c:\windows\OLD569.tmp
c:\windows\OLD56D.tmp
c:\windows\OLD571.tmp
c:\windows\OLD575.tmp
c:\windows\OLD579.tmp
c:\windows\OLD57D.tmp
c:\windows\OLD581.tmp
c:\windows\OLD585.tmp
c:\windows\OLD589.tmp
c:\windows\OLD58D.tmp
c:\windows\OLD591.tmp
c:\windows\OLD595.tmp
c:\windows\OLD599.tmp
c:\windows\OLD59D.tmp
c:\windows\OLD5A1.tmp
c:\windows\OLD5A5.tmp
c:\windows\OLD5A9.tmp
c:\windows\OLD5AD.tmp
c:\windows\OLD5B1.tmp
c:\windows\OLD5B5.tmp
c:\windows\OLD5B9.tmp
c:\windows\OLD5BD.tmp
c:\windows\OLD5C1.tmp
c:\windows\OLD5C5.tmp
c:\windows\OLD5C9.tmp
c:\windows\OLD5CD.tmp
c:\windows\OLD5D1.tmp
c:\windows\OLD5D5.tmp
c:\windows\OLD5D9.tmp
c:\windows\OLD5DD.tmp
c:\windows\OLD5E1.tmp
c:\windows\OLD5E5.tmp
c:\windows\OLD5E9.tmp
c:\windows\OLD5ED.tmp
c:\windows\OLD5F1.tmp
c:\windows\OLD5F5.tmp
c:\windows\OLD5F9.tmp
c:\windows\OLD5FD.tmp
c:\windows\OLD601.tmp
c:\windows\OLD605.tmp
c:\windows\OLD609.tmp
c:\windows\OLD60D.tmp
c:\windows\OLD611.tmp
c:\windows\OLD615.tmp
c:\windows\OLD619.tmp
c:\windows\OLD61D.tmp
c:\windows\OLD621.tmp
c:\windows\OLD625.tmp
c:\windows\OLD629.tmp
c:\windows\OLD62D.tmp
c:\windows\OLD631.tmp
c:\windows\OLD635.tmp
c:\windows\OLD639.tmp
c:\windows\OLD63D.tmp
c:\windows\OLD641.tmp
c:\windows\OLD645.tmp
c:\windows\OLD649.tmp
c:\windows\OLD64D.tmp
c:\windows\OLD651.tmp
c:\windows\OLD655.tmp
c:\windows\OLD659.tmp
c:\windows\OLD65D.tmp
c:\windows\OLD661.tmp
c:\windows\OLD665.tmp
c:\windows\OLD669.tmp
c:\windows\OLD66D.tmp
c:\windows\OLD671.tmp
c:\windows\OLD675.tmp
c:\windows\OLD679.tmp
c:\windows\OLD67D.tmp
c:\windows\OLD681.tmp
c:\windows\OLD685.tmp
c:\windows\OLD689.tmp
c:\windows\OLD68D.tmp
c:\windows\OLD691.tmp
c:\windows\OLD695.tmp
c:\windows\OLD699.tmp
c:\windows\OLD69D.tmp
c:\windows\OLD6A1.tmp
c:\windows\OLD6A5.tmp
c:\windows\OLD6A9.tmp
c:\windows\OLD6AD.tmp
c:\windows\OLD6B1.tmp
c:\windows\OLD6B5.tmp
c:\windows\OLD6B9.tmp
c:\windows\OLD6BD.tmp
c:\windows\OLD6C1.tmp
c:\windows\OLD6C5.tmp
c:\windows\OLD6C9.tmp
c:\windows\OLD6CD.tmp
c:\windows\OLD6D1.tmp
c:\windows\OLD6D5.tmp
c:\windows\OLD6D9.tmp
c:\windows\OLD6DD.tmp
c:\windows\OLD6E1.tmp
c:\windows\OLD6E5.tmp
c:\windows\OLD6E9.tmp
c:\windows\OLD6ED.tmp
c:\windows\OLD6F1.tmp
c:\windows\OLD6F5.tmp
c:\windows\OLD6F9.tmp
c:\windows\OLD6FD.tmp
c:\windows\system32\dllc.dat
c:\windows\system32\OLD357.tmp
c:\windows\system32\OLD35B.tmp
c:\windows\system32\OLD365.tmp
c:\windows\system32\OLD367.tmp
c:\windows\system32\OLD371.tmp
c:\windows\system32\OLD373.tmp
c:\windows\system32\OLD37D.tmp
c:\windows\system32\OLD37F.tmp
c:\windows\system32\OLD389.tmp
c:\windows\system32\OLD38B.tmp
c:\windows\system32\OLD393.tmp
c:\windows\system32\OLD395.tmp
c:\windows\system32\OLD39F.tmp
c:\windows\system32\OLD3A1.tmp
c:\windows\system32\OLD3AB.tmp
c:\windows\system32\OLD3AD.tmp
c:\windows\system32\OLD3B7.tmp
c:\windows\system32\OLD3BB.tmp
c:\windows\system32\OLD3C3.tmp
c:\windows\system32\OLD3C5.tmp
c:\windows\system32\OLD3CF.tmp
c:\windows\system32\OLD3D2.tmp
c:\windows\system32\OLD3DC.tmp
c:\windows\system32\OLD3DE.tmp
c:\windows\system32\OLD3E7.tmp
c:\windows\system32\OLD3EB.tmp
c:\windows\system32\OLD3F3.tmp
c:\windows\system32\OLD3F5.tmp
c:\windows\system32\OLD3FF.tmp
c:\windows\system32\OLD401.tmp
c:\windows\system32\OLD40B.tmp
c:\windows\system32\OLD411.tmp
c:\windows\system32\OLD417.tmp
c:\windows\system32\OLD41F.tmp
c:\windows\system32\OLD427.tmp
c:\windows\system32\OLD42F.tmp
c:\windows\system32\OLD437.tmp
c:\windows\system32\OLD43F.tmp
c:\windows\system32\OLD447.tmp
c:\windows\system32\OLD44F.tmp
c:\windows\system32\OLD457.tmp
c:\windows\system32\OLD45F.tmp
c:\windows\system32\OLD467.tmp
c:\windows\system32\OLD46F.tmp
c:\windows\system32\OLD477.tmp
c:\windows\system32\OLD47F.tmp
c:\windows\system32\OLD487.tmp
c:\windows\system32\OLD491.tmp
c:\windows\system32\OLD497.tmp
c:\windows\system32\OLD49F.tmp
c:\windows\system32\OLD4A7.tmp
c:\windows\system32\OLD4AF.tmp
c:\windows\system32\svch.dat
c:\windows\system32\winl.dat
c:\windows\win6FF.tmp
.
Infected copy of c:\windows\system32\winlogon.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\winlogon.exe
.
Infected copy of c:\windows\system32\svchost.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\svchost.exe
.
c:\windows\explorer.exe . . . is infected!!
.
.
--------------- FCopy ---------------
.
c:\windows\ServicePackFiles\i386\explorer.exe --> c:\windows\system32\dllcache\explorer.exe
c:\windows\ServicePackFiles\i386\explorer.exe --> c:\windows\explorer.exe
c:\windows\ServicePackFiles\i386\winlogon.exe --> c:\windows\system32\dllcache\winlogon.exe
c:\windows\ServicePackFiles\i386\winlogon.exe --> c:\windows\system32\winlogon.exe
c:\windows\ServicePackFiles\i386\svchost.exe --> c:\windows\system32\dllcache\svchost.exe
c:\windows\ServicePackFiles\i386\svchost.exe --> c:\windows\system32\svchost.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_AVGAGENT
-------\Service_avgagent
.
.
((((((((((((((((((((((((( Files Created from 2011-12-24 to 2012-01-24 )))))))))))))))))))))))))))))))
.
.
2012-01-24 07:32 . 2008-04-14 00:12 545280 ----a-w- c:\windows\system32\dllcache\winlogon.exe
2012-01-24 07:32 . 2008-04-14 00:12 1058816 ----a-w- c:\windows\system32\dllcache\explorer.exe
2012-01-23 07:19 . 2011-12-10 15:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-23 07:19 . 2012-01-23 07:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-16 09:00 . 2012-01-16 09:00 -------- d-----w- C:\_OTM
2012-01-16 08:58 . 2012-01-16 08:58 -------- d-----w- c:\program files\ERUNT
2012-01-16 08:13 . 2012-01-16 08:13 -------- d-----w- c:\documents and settings\fletcb\Application Data\Malwarebytes
2012-01-16 08:13 . 2012-01-16 08:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-01-14 06:10 . 2012-01-17 09:27 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\AskToolbar
2012-01-13 16:20 . 2012-01-13 16:20 -------- d-----w- c:\documents and settings\fletcb\Local Settings\Application Data\ESET
2012-01-10 09:33 . 2012-01-10 09:33 -------- d-----w- c:\program files\Password Spectator
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-24 08:03 . 2004-08-11 16:00 1058816 ----a-w- c:\windows\explorer.exe
2012-01-17 09:38 . 2011-07-28 08:30 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-25 21:57 . 2004-08-11 16:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2004-08-11 16:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2004-08-11 16:00 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21 . 2004-08-11 16:00 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2004-08-11 16:00 152064 ----a-w- c:\windows\system32\schannel.dll
2011-11-10 05:54 . 2011-06-22 08:58 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-10 03:27 . 2007-07-04 10:34 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-11-03 15:28 . 2004-08-11 16:00 386048 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:28 . 2004-08-11 16:00 1292288 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 16:07 . 2004-08-11 16:00 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-31 23:43 . 2004-08-11 16:00 832512 ----a-w- c:\windows\system32\wininet.dll
2011-10-31 23:43 . 2004-08-11 16:00 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2011-10-31 23:43 . 2004-08-11 16:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-10-31 23:43 . 2004-08-11 16:00 17408 ----a-w- c:\windows\system32\corpol.dll
2011-10-28 05:31 . 2004-08-11 16:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
1998-12-09 02:53 . 1998-12-09 02:53 99840 ----a-w- c:\program files\Common Files\IRAABOUT.DLL
1998-12-09 02:53 . 1998-12-09 02:53 70144 ----a-w- c:\program files\Common Files\IRAMDMTR.DLL
1998-12-09 02:53 . 1998-12-09 02:53 48640 ----a-w- c:\program files\Common Files\IRALPTTR.DLL
1998-12-09 02:53 . 1998-12-09 02:53 31744 ----a-w- c:\program files\Common Files\IRAWEBTR.DLL
1998-12-09 02:53 . 1998-12-09 02:53 186368 ----a-w- c:\program files\Common Files\IRAREG.DLL
1998-12-09 02:53 . 1998-12-09 02:53 17920 ----a-w- c:\program files\Common Files\IRASRIAL.DLL
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of %user%\library ----
.
.
---- Directory of c:\program files\Common ----
.
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 . DBD3103371FB897BB009348BA1AD9333 . 545280 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2008-04-14 . 59DD089503D8A8AB9CFA9AAD54996B0B . 545280 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\winlogon.exe
[7] 2004-08-04 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe
.
[7] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2008-04-14 . 1852A19B834058F489F85EB520A88D15 . 39936 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe
[7] 2004-08-04 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\svchost.exe
.
[-] 2012-01-24 . EC4C168CF2E4AAF60848C5C7CFC02BD0 . 1058816 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2008-04-14 . E60DD665167CFE2FA7511D1C8EB84A9A . 1058816 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\explorer.exe
[-] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe
.
((((((((((((((((((((((((((((( SnapShot@2012-01-23_06.55.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-01-24 08:40 . 2012-01-24 08:40 16384 c:\windows\temp\Perflib_Perfdata_69c.dat
+ 2012-01-24 07:18 . 2012-01-24 07:30 49152 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012012012420120125\index.dat
+ 2012-01-23 07:20 . 2012-01-23 09:13 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012012012320120124\index.dat
+ 2012-01-23 07:20 . 2012-01-24 07:30 49152 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2012-01-14 06:11 . 2012-01-23 07:25 32768 c:\windows\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\UserData\index.dat
- 2012-01-14 06:11 . 2012-01-20 03:36 32768 c:\windows\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\UserData\index.dat
+ 2012-01-23 07:20 . 2012-01-23 07:20 212992 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012012011620120123\index.dat
+ 2006-11-23 08:15 . 2012-01-24 07:30 458752 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2012-01-24 07:16 . 2012-01-24 07:16 196608 c:\windows\ERDNT\AutoBackup\24-01-2012\Users\00000002\UsrClass.dat
+ 2012-01-24 07:16 . 2005-10-20 12:02 163328 c:\windows\ERDNT\AutoBackup\24-01-2012\ERDNT.EXE
+ 2012-01-24 07:16 . 2012-01-24 07:16 3616768 c:\windows\ERDNT\AutoBackup\24-01-2012\Users\00000001\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-15 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-10-07 1461080]
"ESEMC"="c:\program files\EM Client\esemc.exe" [2010-07-23 147456]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\fletcb\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
Symantec Fax Starter Edition Port.lnk - c:\program files\Microsoft Office\Office\1033\OLFSNT40.EXE [1998-12-23 45568]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [01/07/2008 08:04 35168]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [07/10/2009 08:16 472280]
R2 NMEmployeesAgent;Net Monitor for Employees Agent;c:\windows\system32\nlnme\NLSAgentSvc.exe [02/06/2011 13:09 1227952]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [01/02/2010 10:54 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [01/02/2010 10:54 135664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 10:54]
.
2012-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 10:54]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
TCP: DhcpNameServer = 10.12.32.21
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-24 08:41
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2796)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
.
**************************************************************************
.
Completion time: 2012-01-24 08:45:02 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-24 08:44
ComboFix2.txt 2012-01-23 06:59
.
Pre-Run: 66,336,206,848 bytes free
Post-Run: 66,070,913,024 bytes free
.
- - End Of File - - F970276E1CBCEAEAB593A9EEE145AECC
  • 0

#7
RKinner
Posted 24 January 2012 - 09:57 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Delete your old copy of aswMBR and download a new one.
http://public.avast....erek/aswMBR.exe

Right click on it and Run As Admin.
Click the "Scan" button to start scan
This time allow it to download and run the Avast engine.
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply


This one is being pretty stubborn. We may need to burn a CD and boot from it in order to fix it. Does your PC have a CD burner? Do you have a blank CD? Let's first try uninstalling ESET and installing the free Avast.


Download and Save the free Avast installer.
http://www.avast.com...ivirus-download

Uninstall ESET
Reboot
Install Avast.
Once you have it installed and it has updated:

Click on the Avast ball. Then click on Scan Computer, then on
Boot-Time Scan then on Settings. Change the Ask at the bottom to Move to Chest. OK then Schedule Now. Reboot and let it run a scan. It may take hours.
Once it finishes it should load windows. Click on the Avast ball and then on Scan Logs, select the Boot-time scan report then View Results. How many did it find?
See if you can find the boot scan report in text form. I think it should be
C:\ProgramData\Alwil Software\Avast5\report\aswboot.txt or
C:\ProgramData\Avast Software\Avast5\report\aswboot.txt
If you find it please Copy and paste it.


Click on the Avast ball. Then click on Additional Protections then on AutoSandbox then on Settings then uncheck Enable AutoSandbox. OK
Right click on the Avast Ball and select Avast! Shields Control and Disable Until Computer is Restarted
Drag CFScript.txt over to Combofix and let go Combofix should start on its own. It should reboot when done. If you get an error about something being marked for deletion just reboot again and it should fix it.

Post the new log.
  • 0

#8
andyk68
Posted 24 January 2012 - 01:42 PM

andyk68

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
Is there anyway we can do this leaving eset on? It's a fully paid up subscription.
  • 0

#9
RKinner
Posted 24 January 2012 - 01:56 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
You can reinstall it when we are done with Avast. You should have an Email with the license info. If not you can ask them for it: http://go.eset.com/u...rt/lost-license

Alternatively you can burn a CD:

Download Hiren's Boot Cd
http://www.hirensbootcd.org/download/
This a BIG! Zip File so save it. Then right click on it and Extract all. Put a blank CD in the drive and then double click on BurnToCD.cmd. When it finishes you boot off it and run the MiniXP program. This will give you a fake XP desktop. You should be able to use it to do the same kind of Copy we have been trying to do with Combofix:

c:\windows\ServicePackFiles\i386\explorer.exe --> c:\windows\system32\dllcache\explorer.exe
c:\windows\ServicePackFiles\i386\explorer.exe --> c:\windows\explorer.exe
c:\windows\ServicePackFiles\i386\winlogon.exe --> c:\windows\system32\dllcache\winlogon.exe
c:\windows\ServicePackFiles\i386\winlogon.exe --> c:\windows\system32\winlogon.exe
c:\windows\ServicePackFiles\i386\svchost.exe --> c:\windows\system32\dllcache\svchost.exe
c:\windows\ServicePackFiles\i386\svchost.exe --> c:\windows\system32\svchost.exe

There are also several anti-virus scans available on Hiren's so you can run one or more of them and see if they find something for us.
  • 0

#10
andyk68
Posted 25 January 2012 - 09:58 AM

andyk68

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
Hi, I did everything from post #7 and after the combofix restart the screen stayed blue but with the mouse pointer for about 4 hours. The avast scan found 2 instances of win32:spyware -gen (spy) but i couldnt find the log. As the pc would not restart correctly, the problem has been taken out of my hands and the owner has had it formatted, prob for the best.

thank you very much for your assistance with this, sorry we couldnt see it through.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP