Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

XP Trojan with Rootkit- Sirefef-AC

Started by trippank , Apr 05 2012 06:36 PM

  • Please log in to reply

#1
trippank
Posted 05 April 2012 - 06:36 PM

trippank

    New Member

  • Member
  • Pip
  • 9 posts
Microsoft Security essential keeps popping up with new Trojans every 5 min. Ran Malewarebytes, Ran GMER showed hidden Modules and processes.

Anyway, I am starting over by following the guide. Below is the OTL Log:

Thanks,
Tripp


OTL logfile created on: 4/5/2012 7:23:44 PM - Run 2
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Manager\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.42 Mb Total Physical Memory | 366.59 Mb Available Physical Memory | 36.14% Memory free
2.38 Gb Paging File | 1.55 Gb Available in Paging File | 65.05% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.58 Gb Total Space | 2.00 Gb Free Space | 5.78% Space Free | Partition Type: NTFS
Drive D: | 35.06 Gb Total Space | 35.05 Gb Free Space | 99.97% Space Free | Partition Type: FAT32

Computer Name: ACER-6E395D0925 | User Name: Manager | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/05 19:23:03 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Manager\My Documents\Downloads\OTL.exe
PRC - [2012/03/26 21:28:45 | 001,224,176 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Manager\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2012/02/06 17:29:03 | 000,136,584 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2012/02/06 17:28:40 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2011/11/30 23:19:30 | 002,155,520 | ---- | M] () -- C:\Program Files\CMS-DH\ScheduleService.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 15:39:26 | 000,228,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/03/15 15:56:18 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/11/08 13:04:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2009/12/14 19:02:04 | 005,150,720 | ---- | M] () -- C:\Allcon\GCP.exe
PRC - [2009/12/14 19:01:08 | 001,449,984 | ---- | M] (QuikStor) -- C:\Allcon\AllCon_Console.exe
PRC - [2008/08/11 13:41:00 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2008/07/26 09:25:36 | 000,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/07/26 09:23:42 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVCOMSER\LVComSer.exe
PRC - [2008/04/23 08:46:12 | 000,081,920 | ---- | M] (FirebirdSQL Project) -- C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe
PRC - [2008/04/23 08:46:08 | 002,015,232 | ---- | M] (FirebirdSQL Project) -- C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe
PRC - [2008/04/14 08:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/26 21:28:43 | 000,444,400 | ---- | M] () -- C:\Documents and Settings\Manager\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.142\ppgooglenaclpluginchrome.dll
MOD - [2012/03/26 21:28:42 | 003,915,248 | ---- | M] () -- C:\Documents and Settings\Manager\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.142\pdf.dll
MOD - [2012/03/26 21:27:17 | 000,122,880 | ---- | M] () -- C:\Documents and Settings\Manager\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.142\avutil-51.dll
MOD - [2012/03/26 21:27:16 | 000,220,672 | ---- | M] () -- C:\Documents and Settings\Manager\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.142\avformat-53.dll
MOD - [2012/03/26 21:27:14 | 001,747,456 | ---- | M] () -- C:\Documents and Settings\Manager\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.142\avcodec-53.dll
MOD - [2012/03/26 20:37:41 | 008,747,168 | ---- | M] () -- C:\Documents and Settings\Manager\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.142\gcswf32.dll
MOD - [2011/11/30 23:19:30 | 002,155,520 | ---- | M] () -- C:\Program Files\CMS-DH\ScheduleService.exe
MOD - [2011/10/14 02:08:14 | 002,970,112 | ---- | M] () -- C:\Program Files\CMS-DH\PdvrXM2k.dll
MOD - [2011/10/09 23:33:10 | 001,560,576 | ---- | M] () -- C:\Program Files\CMS-DH\PdvrServer.dll
MOD - [2009/12/14 19:02:04 | 005,150,720 | ---- | M] () -- C:\Allcon\GCP.exe
MOD - [2008/07/26 09:24:04 | 000,068,120 | ---- | M] () -- C:\Program Files\Common Files\logishrd\LVCOMSER\LVCSPS.dll
MOD - [2008/06/20 11:02:47 | 000,245,248 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/06/20 11:02:47 | 000,245,248 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/04/14 08:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 08:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2001/07/26 16:18:00 | 000,151,552 | ---- | M] () -- C:\WINDOWS\system32\ssleay32.dll
MOD - [2001/07/26 16:17:00 | 000,692,224 | ---- | M] () -- C:\WINDOWS\system32\libeay32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\EntDrv51.dll -- (ZSMC301b)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mgisvr.dll -- (zpcache)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\usbscan.dll -- (zenos1)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\UpdateCenterService.dll -- (XUIF)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Hotkey.dll -- (XTrapD12)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cmdmon.dll -- (Xponaut_WBD)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\lxbx_device.dll -- (wwsecsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\NSSvcMgr.dll -- (Wuser32)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ftpqueue.dll -- (Wpsnuio)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\surveyor.dll -- (wpdusb)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mi-raysat_3dsmax9_32.dll -- (WNCPKT)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dashsvc.dll -- (WmVirHid)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\qkbfiltr.dll -- (winvnc4)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\MQAC.dll -- (winpower)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\osaio.dll -- (WinDriver6)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\PSDFilter.dll -- (WimFltr)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ipsecmon.dll -- (wampmysqld)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\clisvc.dll -- (w810mdfl)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\usb_rndisx.dll -- (w810bus)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\rt61.dll -- (w300bus)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\oracleorahomedatagatherer.dll -- (vwlogger)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\deventagent.dll -- (vulfnths)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\afs2k.dll -- (viagfx)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\slip.dll -- (vetmonnt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\wwnetdde.dll -- (ventrilo)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\OVT511Plus.dll -- (vc5secs)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\livesrv.dll -- (vaiomediaplatform-videoserver-appserver)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tversitymediaserver.dll -- (USIUDF)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pavreport.dll -- (upperdev)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\websenselogserver.dll -- (umxfwhlp)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\rpclocator.dll -- (uisp)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\USBCamera.dll -- (tversitymediaserver)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\CnxTrLan.dll -- (tossmbnt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\RMCAST.dll -- (tosporte)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mfcom.dll -- (toscosrv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\bthpan.dll -- (tme3srv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\MtxDma0.dll -- (tmactmon)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\W2acehid.dll -- (tfsnudfa)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\aolservice.dll -- (tdsmapi)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SbieDrv.dll -- (symsecureport)
SRV - File not found [Auto | Stopped] -- \.\globalroot\C:\WINDOWS\system32\svchost.exe -- (Stltrk2k)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\btwmodem.dll -- (ssfs0509)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\w70n51.dll -- (SrvcEPECioctl)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\s616mdm.dll -- (sprtsvc_smartagent)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\matlabserver.dll -- (sp_rssrv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\GT680x.dll -- (snpstd2)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\bits.dll -- (SNMPTRAP)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\psdistributionagent.dll -- (smservaz)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\webcompserver.dll -- (SMCB000)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pfmodnt.dll -- (slave)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tpkmpsvc.dll -- (sisnic)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\csctl50.dll -- (serialkeys)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\MSCamSvc.dll -- (se58obex)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\taphss.dll -- (se44mgmt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\adiloader.dll -- (SE2Bmgmt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cdr4_2k.dll -- (schscnt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ftpds.dll -- (s117nd5)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\iap.dll -- (rtl8185)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vmkbd.dll -- (rt2870)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SQTECH905C.dll -- (RR2IOMod)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\aexnsclienttransport.dll -- (rp32service)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dlcf_device.dll -- (risdptsk)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sgeclient.dll -- (RDID1027)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\F700imd.dll -- (RadProbe)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cfgwzsvc.dll -- (QPCapSvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tcpip6.dll -- (pgfilter)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ikfilesec.dll -- (pdlnebas)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\win32sl.dll -- (pcscnsrv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\statusagent.dll -- (pcandis5)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mqdmmdfl.dll -- (pavreport)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\curtainssyssvc.dll -- (pavdrv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\e1000.dll -- (ossrv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\interactivelogon.dll -- (osaio)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dklogger.dll -- (oraclesnmppeerencapsulator)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\asp.net.dll -- (oracleformsserver-forms60server-oraform)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nvcap.dll -- (openvpnservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\kpf4.dll -- (nvnetbus)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ppa3.dll -- (nvidesm)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\parport.dll -- (ntgrip)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dvd43llh.dll -- (nsvcip)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Afc.dll -- (NMSSvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\symproxysvc.dll -- (nmsaccess)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\WimFltr.dll -- (NICSer_WPC54G)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\USB_NDIS_51.dll -- (NETw3v32)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SDdriver.dll -- (ndassvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\FileDisk.dll -- (mwagent)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ikfileflt.dll -- (mstdc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Via4in1.dll -- (mssql$microsoftsmlbiz)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\usbvm321.dll -- (MSICPL)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\RR2Vbi.dll -- (msgsrvservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cdvp.dll -- (MREMPR5)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SSHDRV61.dll -- (mqdmserd)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SE27mdfl.dll -- (monfilt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\zntport.dll -- (mksupdateint)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Machnm32.dll -- (midisyn)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nvrd64.dll -- (mf)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\emitray.dll -- (mcmscsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\LoopBeMidi1.dll -- (lvhidsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\CoolerXPDriver.dll -- (LUsbFilt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\PcdrNt.dll -- (LRMINIPORT)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Accelerometer.dll -- (LMS)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\iam.dll -- (lhidusb)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ndasscsi.dll -- (lcs)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\zpjava.dll -- (knobserv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SenFiltService.dll -- (jconfigd)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\WmBEnum.dll -- (ISODrive)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\symc8xx.dll -- (irbus)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\areschatserver.dll -- (iomdisk)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\U81xmgmt.dll -- (IntelC51)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tones.dll -- (ifp800)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\hap16v2k.dll -- (idisw2km)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\rxmssync.dll -- (icepack)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\w550mgmt.dll -- (iastor)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\hwpsgt.dll -- (IASJet)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mrxdav.dll -- (iaimtv0)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mwsarcpkt.dll -- (hsvcmod)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\adaptecstoragemanageragent.dll -- (hpci)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\smserial.dll -- (GTWModem)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mwssched.dll -- (GENERICDRV)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\NMSAccessU.dll -- (FETNDISB)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\meiudf.dll -- (F700isw)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\atkkeyboardservice.dll -- (F700iob)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\wanminiportservice.dll -- (EMSCR)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\oracle%oracle_home_service%clientcache80.dll -- (eloggersvc6)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pdlnebas.dll -- (ELmon)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\remoteregistry.dll -- (eamon)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\LXARScan.dll -- (dvpapi)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\EhttpSrv.dll -- (DVDVRRdr_xp)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vetfddnt.dll -- (dvd_2K)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sym_hi.dll -- (DritekPortIO)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Slntamr.dll -- (DNE)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\LVCap138.dll -- (dm1service)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\se45unic.dll -- (dlcc_device)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\lxrjd31d.dll -- (DKbFltr)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ssm_mdm.dll -- (diskperf)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dsNcAdpt.dll -- (DirectUpdate)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\w200bus.dll -- (DCamUSBSQTECH)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\akshhl.dll -- (DCamUSBMke2)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\winmtsrv.dll -- (cyberpowerups)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\DcPTP.dll -- (ctdvda2k)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\rdpcdd.dll -- (cs429x)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tdsmapi.dll -- (crauto)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sharedaccess.dll -- (cpqalert)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\hdaudbus.dll -- (cobbmservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\msgame.dll -- (cmdmon)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\naveng.dll -- (clnt_clientman)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\USBModem.dll -- (cdudf_xp)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\eloggersvc6.dll -- (ccsetmgr)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\avcgbdr.dll -- (ccflic0)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\s7otranx.dll -- (bwcsrv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\w200obex.dll -- (bthpan)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dpfusmgr.dll -- (BRCMDECO)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tversitymediaserver.dll -- (botcbs)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\servidor.dll -- (bgmainsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\A88xXBar.dll -- (bdss)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cmbatt.dll -- (bc_prt_f)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\db2governor.dll -- (avipbb)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ipcsvc.dll -- (avgntflt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SE2Dobex.dll -- (autocomplete)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ROB_A.dll -- (ATIBTCAP)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\RTL8023xp.dll -- (aswtdi)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pdlnatcm.dll -- (aswmon2)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\usbbus.dll -- (anio)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\om518p.dll -- (amdk7)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ipsraidn.dll -- (aliadwdm)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\backupexecagentbrowser.dll -- (ageremodemaudio)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\NVTCP.dll -- (a8djusb)
SRV - [2012/02/29 09:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/02/06 17:29:03 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint)
SRV - [2012/02/06 17:28:40 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2011/11/30 23:19:30 | 002,155,520 | ---- | M] () [Auto | Running] -- C:\Program Files\CMS-DH\ScheduleService.exe -- (EMSService)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/03/15 22:27:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [Disabled | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/03/15 15:56:18 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/11/08 13:04:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2008/07/26 09:25:36 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/07/26 09:23:42 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
SRV - [2008/04/14 08:42:38 | 000,005,632 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\vserial.dll -- (fa_scheduler)
SRV - [2006/01/05 00:06:02 | 000,163,840 | ---- | M] (Alex Feinman) [On_Demand | Stopped] -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe -- (Imapi Helper)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\ZDPSp50.sys -- (ZDPSp50)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\zd1211u.sys -- (ZD1211U(ZyDAS)) ZyDAS ZD1211 IEEE 802.11b+g Wireless LAN Driver (USB)(ZyDAS)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\zd1211Bu.sys -- (ZD1211BU(ZyDAS)) ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\Drivers\psdvdisk.sys -- (psdvdisk)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\Drivers\psdfilter.sys -- (psdfilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\Manager\LOCALS~1\Temp\fwgdqfod.sys -- (fwgdqfod)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\erboxpke.sys -- (erboxpke)
DRV - File not found [File_System | Auto | Stopped] -- C:\WINDOWS\system32\eLock2FSCTLDriver.sys -- (eLock2FSCTLDriver)
DRV - File not found [File_System | Auto | Stopped] -- C:\WINDOWS\system32\eLock2BurnerLockDriver.sys -- (eLock2BurnerLockDriver)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/04/05 18:08:53 | 000,098,992 | ---- | M] (Kaspersky Lab, GERT) [File_System | Boot | Unknown] -- C:\WINDOWS\system32\drivers\26406704.sys -- (30515418)
DRV - [2012/04/05 18:08:50 | 000,075,264 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tsk11.tmp -- (IPSec)
DRV - [2012/04/05 18:04:36 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A04B77A9-5A44-464B-AE9A-13AD287FC4C2}\MpKsl76df7a71.sys -- (MpKsl76df7a71)
DRV - [2012/02/06 17:28:43 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2009/04/30 22:56:32 | 000,495,768 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LV561AV.SYS -- (PID_0928) Logitech QuickCam Express(PID_0928)
DRV - [2008/08/11 13:41:00 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/08/11 13:41:00 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2008/07/26 09:25:02 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/04/17 16:28:16 | 000,061,568 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\silabser.sys -- (silabser)
DRV - [2008/04/17 16:28:16 | 000,017,920 | ---- | M] (Silicon Laboratories, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\silabenm.sys -- (silabenm)
DRV - [2008/04/14 03:26:08 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2007/10/12 02:00:44 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2006/05/15 20:32:58 | 004,275,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/01/24 20:38:40 | 000,078,720 | ---- | M] (Netgear Inc. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\FA311XP.SYS -- (RTL8023xp)
DRV - [2005/01/13 17:46:16 | 000,069,632 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15.sys)
DRV - [2004/08/04 01:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/08/04 00:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/04 00:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c.../search/ie.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = about:Tabs [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://login.timemd.com/login/
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {6468427B-67BC-43ED-B2D6-3019DE5889BF}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{386F33FD-0E14-413A-A3D0-A3B99D4D3754}: "URL" = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKCU\..\SearchScopes\{6468427B-67BC-43ED-B2D6-3019DE5889BF}: "URL" = http://www.google.co...age={startPage}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:1052

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/...F&PC=IP2TDF&q="
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://login.timemd.com/login/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..keyword.URL: "http://www.bing.com/...F&PC=IP2TDF&q="
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Manager\Application Data\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Manager\Application Data\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Manager\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Manager\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/20 17:31:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/09 21:34:40 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\Manager\Application Data\Move Networks [2010/02/08 17:24:48 | 000,000,000 | ---D | M]

[2009/02/24 15:02:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Manager\Application Data\Mozilla\Extensions
[2012/02/04 09:23:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Manager\Application Data\Mozilla\Firefox\Profiles\niriksyv.default\extensions
[2009/02/24 15:04:04 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Documents and Settings\Manager\Application Data\Mozilla\Firefox\Profiles\niriksyv.default\extensions\[email protected]
[2011/01/07 10:32:58 | 000,001,834 | ---- | M] () -- C:\Documents and Settings\Manager\Application Data\Mozilla\Firefox\Profiles\niriksyv.default\searchplugins\bing.xml
[2012/01/09 21:37:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/03/20 17:31:02 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/12/20 23:30:41 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/20 23:30:41 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Manager\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.142\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Manager\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.142\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Manager\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.142\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.170.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java™ Platform SE 6 U17 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Adobe Acrobat (Enabled) = c:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Documents and Settings\Manager\Application Data\Move Networks\plugins\npqmp071505000011.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Manager\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Documents and Settings\Manager\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\Manager\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Documents and Settings\Manager\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

Hosts file not found
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Firebird] C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe (FirebirdSQL Project)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Shortcut to GCP.lnk = C:\Allcon\GCP.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\System32\nwprovau.dll File not found
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1235505337375 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1236114175328 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D64CF6D4-45DF-4D8F-9F14-E65FADF2777C} http://www.dvrstatio...l.php?vendor=14 (PdvrOcx Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 216.231.160.10 216.231.160.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AE65D16B-91D4-447D-8C9A-004841EC9515}: DhcpNameServer = 216.231.160.10 216.231.160.2
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Manager\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Manager\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/07/19 21:08:24 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/05 18:08:53 | 000,098,992 | ---- | C] (Kaspersky Lab, GERT) -- C:\WINDOWS\System32\drivers\26406704.sys
[2012/04/05 18:00:10 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/03/27 12:33:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2012/03/27 08:35:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Manager\Application Data\Ygotqil
[2012/03/27 08:35:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Manager\Application Data\Avoxpa
[2012/03/20 14:20:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Manager\My Documents\CMS-DH
[2012/03/20 14:20:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CMS-DH
[2012/03/20 14:12:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CMS-DH
[2012/03/20 14:12:03 | 000,000,000 | ---D | C] -- C:\Program Files\CMS-DH
[2012/03/08 09:45:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2012/03/08 09:45:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/05 19:23:58 | 000,000,016 | ---- | M] () -- C:\qslink.fil.tmp.don
[2012/04/05 18:47:04 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/05 18:47:02 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-656531819-3090802450-1381009696-1005UA.job
[2012/04/05 18:08:53 | 000,098,992 | ---- | M] (Kaspersky Lab, GERT) -- C:\WINDOWS\System32\drivers\26406704.sys
[2012/04/05 18:04:00 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/05 18:03:22 | 000,000,089 | ---- | M] () -- C:\WINDOWS\PdvrServer.INI
[2012/04/05 18:03:10 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/05 18:03:04 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[2012/04/05 18:03:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/05 18:02:58 | 1063,768,064 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/05 18:00:21 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/04/05 17:57:32 | 007,724,556 | ---- | M] () -- C:\WINDOWS\System32\ITODQFLWWY
[2012/04/05 17:50:11 | 000,106,496 | ---- | M] () -- C:\Documents and Settings\Manager\My Documents\Virusrrootkit
[2012/04/05 16:52:03 | 124,084,802 | ---- | M] () -- C:\Documents and Settings\Manager\My Documents\FullBackupGmer.reg
[2012/04/05 15:44:04 | 000,002,481 | ---- | M] () -- C:\Documents and Settings\Manager\Desktop\Microsoft Excel.lnk
[2012/04/05 14:52:54 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2012/04/05 14:00:00 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2012/04/05 10:10:00 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2012/04/05 08:06:00 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2012/04/04 23:47:00 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-656531819-3090802450-1381009696-1005Core.job
[2012/04/04 20:40:00 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2012/04/03 14:55:33 | 000,002,282 | ---- | M] () -- C:\Documents and Settings\Manager\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/04/03 14:55:32 | 000,002,304 | ---- | M] () -- C:\Documents and Settings\Manager\Desktop\Google Chrome.lnk
[2012/04/03 11:13:20 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012/04/03 09:14:07 | 000,002,483 | ---- | M] () -- C:\Documents and Settings\Manager\Desktop\Microsoft Word.lnk
[2012/03/20 14:18:03 | 000,463,938 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/03/20 14:18:03 | 000,079,214 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/03/20 14:12:35 | 000,001,493 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CMS-DH.lnk
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/05 17:55:41 | 007,724,556 | ---- | C] () -- C:\WINDOWS\System32\ITODQFLWWY
[2012/04/05 17:50:09 | 000,106,496 | ---- | C] () -- C:\Documents and Settings\Manager\My Documents\Virusrrootkit
[2012/04/05 16:51:29 | 124,084,802 | ---- | C] () -- C:\Documents and Settings\Manager\My Documents\FullBackupGmer.reg
[2012/03/27 08:35:55 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[2012/03/20 14:20:33 | 000,000,089 | ---- | C] () -- C:\WINDOWS\PdvrServer.INI
[2012/03/20 14:12:35 | 000,001,493 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CMS-DH.lnk
[2012/03/08 09:45:24 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012/01/09 17:24:28 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/01/09 12:56:14 | 000,010,790 | -HS- | C] () -- C:\Documents and Settings\Manager\Local Settings\Application Data\job0c0r2vnmw
[2012/01/09 12:56:14 | 000,010,790 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\job0c0r2vnmw
[2010/12/15 11:33:01 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\Manager\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== LOP Check ==========

[2009/02/24 15:01:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avocent AdminWorks
[2012/04/05 15:44:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CMS-DH
[2012/04/05 02:19:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2010/06/01 15:56:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/02/24 15:01:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Manager\Application Data\Avocent AdminWorks
[2012/03/27 12:32:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Manager\Application Data\Avoxpa
[2010/12/18 12:51:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Manager\Application Data\Canon
[2010/06/01 16:37:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Manager\Application Data\EurekaLog
[2009/03/04 14:30:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Manager\Application Data\HK-Software
[2009/03/04 14:51:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Manager\Application Data\Leadertech
[2011/04/22 14:30:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Manager\Application Data\OpenOffice.org
[2009/02/24 15:36:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Manager\Application Data\Windows Desktop Search
[2009/07/17 10:49:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Manager\Application Data\Windows Search
[2012/03/27 08:36:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Manager\Application Data\Ygotqil
[2012/04/05 10:10:00 | 000,000,460 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2012/04/04 20:40:00 | 000,000,460 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2012/04/05 08:06:00 | 000,000,460 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2012/04/05 14:00:00 | 000,000,460 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >
  • 0

Advertisements

#2
Cookiegal
Posted 07 April 2012 - 02:10 PM

Cookiegal

    Visiting Consultant

  • Visiting Consultant
  • 889 posts
Please post the GMER log.
  • 0

#3
trippank
Posted 09 April 2012 - 09:28 AM

trippank

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Here is the GMER log I just ran. It didn't see any hidden precess or Modules this time.

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-04-09 10:20:22
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Manager\LOCALS~1\Temp\fwgdqfod.sys


---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\SearchIndexer.exe[3248] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\LogMeIn\x86\LogMeIn.exe[532] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01012F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\LogMeIn\x86\LogMeIn.exe[532] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01012CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\LogMeIn\x86\LogMeIn.exe[532] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [01012D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\LogMeIn\x86\LogMeIn.exe[532] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01012CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1740] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00DA2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1740] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00DA2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1740] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00DA2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1740] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00DA2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Skype\Phone\Skype.exe[2132] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [06F62F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Skype\Phone\Skype.exe[2132] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [06F62CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Skype\Phone\Skype.exe[2132] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [06F62D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Skype\Phone\Skype.exe[2132] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [06F62CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Manager\My Documents\Downloads\gmer\gmer.exe[4540] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00802F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Manager\My Documents\Downloads\gmer\gmer.exe[4540] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00802CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Manager\My Documents\Downloads\gmer\gmer.exe[4540] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00802D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Manager\My Documents\Downloads\gmer\gmer.exe[4540] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00802CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Allcon\AllCon_Console.exe[5280] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00B52F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Allcon\AllCon_Console.exe[5280] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00B52CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Allcon\AllCon_Console.exe[5280] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00B52D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Allcon\AllCon_Console.exe[5280] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00B52CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\QSX\QSExpress.exe[5976] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [02162F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\QSX\QSExpress.exe[5976] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [02162CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\QSX\QSExpress.exe[5976] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [02162D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\QSX\QSExpress.exe[5976] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [02162CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
  • 0

#4
Cookiegal
Posted 09 April 2012 - 10:43 AM

Cookiegal

    Visiting Consultant

  • Visiting Consultant
  • 889 posts
Please visit Combofix Guide & Instructions for instructions for installing the recovery console and downloading and running ComboFix.

The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to puppy.exe please.

Post the log from ComboFix when you've accomplished that along with a new HijackThis log.

Important notes regarding ComboFix:

ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

ComboFix also prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished. Read HERE for an article written by dvk01 on why we disable autoruns.
  • 0

#5
trippank
Posted 09 April 2012 - 08:05 PM

trippank

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
ComboFix 12-04-05.09 - Manager 04/09/2012 13:03:02.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.586 [GMT -5:00]
Running from: c:\documents and settings\Manager\Desktop\Puppy.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Manager\g2mdlhlpx.exe
c:\documents and settings\Manager\My Documents\DPE.DUS
c:\documents and settings\Manager\WINDOWS
c:\windows\$NtUninstallKB54694$
c:\windows\$NtUninstallKB54694$\2992203775\@
c:\windows\$NtUninstallKB54694$\2992203775\cfg.ini
c:\windows\$NtUninstallKB54694$\2992203775\Desktop.ini
c:\windows\$NtUninstallKB54694$\2992203775\L\qiaamsha
c:\windows\$NtUninstallKB54694$\3471575892
c:\windows\iun6002.exe
c:\windows\system\midas.dll
c:\windows\system32\dds_trash_log.cmd
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\drivers\snetcfg.exe
c:\windows\system32\ijl11.dll
D:\install.exe
.
c:\windows\system32\drivers\cdrom.sys was missing
Restored copy from - c:\windows\ServicePackFiles\i386\cdrom.sys
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_6TO4
-------\Legacy_NETWORKLOG
-------\Legacy_USNJSVC
-------\Service_6to4
-------\Service_usnjsvc
.
.
((((((((((((((((((((((((( Files Created from 2012-03-09 to 2012-04-09 )))))))))))))))))))))))))))))))
.
.
2012-04-09 18:17 . 2012-04-09 18:17 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C36C97D0-EF37-4C60-8930-2D001DFCD96D}\offreg.dll
2012-04-09 18:12 . 2008-04-14 08:10 62976 -c--a-w- c:\windows\system32\dllcache\cdrom.sys
2012-04-09 18:12 . 2008-04-14 08:10 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
2012-04-08 23:16 . 2012-03-14 02:15 6582328 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C36C97D0-EF37-4C60-8930-2D001DFCD96D}\mpengine.dll
2012-04-05 23:00 . 2012-04-05 23:08 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-27 13:40 . 2012-03-27 13:40 191 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{503F67D0-8D53-2CDE-2C67-C345704339A8}-tmpb7476cbc.bat
2012-03-27 13:35 . 2012-03-27 17:32 -------- d-----w- c:\documents and settings\Manager\Application Data\Avoxpa
2012-03-27 13:35 . 2012-03-27 13:36 -------- d-----w- c:\documents and settings\Manager\Application Data\Ygotqil
2012-03-20 22:31 . 2012-03-20 22:31 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-20 22:31 . 2012-03-20 22:31 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
2012-03-20 19:20 . 2012-04-09 17:09 -------- d-----w- c:\documents and settings\All Users\Application Data\CMS-DH
2012-03-20 19:12 . 2012-03-20 19:12 -------- d-----w- c:\program files\CMS-DH
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-08 23:04 . 2004-08-04 05:00 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys
2012-03-14 02:15 . 2010-06-02 06:38 6582328 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-02-23 15:18 . 2010-06-01 23:52 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-06 22:28 . 2009-03-03 22:46 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-02-06 22:28 . 2009-03-03 22:46 52096 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2012-02-06 22:28 . 2009-03-03 22:46 30592 ----a-w- c:\windows\system32\LMIport.dll
2012-02-06 22:28 . 2009-03-03 22:46 87424 ----a-w- c:\windows\system32\LMIinit.dll
2012-03-20 22:31 . 2012-01-10 02:37 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-02-29 17148552]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-17 16207872]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-06-22 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-06-22 86016]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-06-22 81920]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-08-11 63048]
"Firebird"="c:\program files\Firebird\Firebird_2_0\bin\fbguard.exe" [2008-04-23 81920]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Shortcut to GCP.lnk - c:\allcon\GCP.exe [2009-12-14 5150720]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2012-02-06 22:28 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan.lnk
backup=c:\windows\pss\McAfee Security Scan.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Manager^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
path=c:\documents and settings\Manager\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Manager^Start Menu^Programs^Startup^Picture Motion Browser Media Check Tool.lnk]
path=c:\documents and settings\Manager\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk
backup=c:\windows\pss\Picture Motion Browser Media Check Tool.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchApp]
Alaunch [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BtcMaestro]
2007-10-23 06:48 344064 ------w- c:\program files\HP USB Multimedia Keyboard\Kmaestro.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eRecoveryService]
2006-06-01 22:40 413696 ----a-w- c:\acer\Empowering Technology\eRecovery\eRAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-01-10 02:26 136176 ----atw- c:\documents and settings\Manager\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2010-03-12 19:08 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMEKRMIG6.1]
2004-08-04 05:00 44032 ----a-w- c:\windows\ime\imkr6_1\imekrmig.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2004-08-04 05:00 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
2008-08-14 23:11 565008 -c--a-w- c:\program files\Common Files\logishrd\LComMgr\Communications_Helper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2008-08-14 23:15 2407184 -c--a-w- c:\program files\Logitech\QuickCam\Quickcam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
c:\program files\Messenger\msmsgs.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
2004-08-04 05:00 59392 ----a-w- c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ntiMUI]
2005-05-12 00:15 45056 ----a-w- c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2004-08-04 05:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2004-08-04 05:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-03 03:24 32768 -c--a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2006-05-16 02:04 2879488 -c--a-w- c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-12-07 18:53 149280 -c--a-w- c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"JavaQuickStarterService"=2 (0x2)
"BBSvc"=3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\QSX\\QSExpress.exe"=
"c:\\Program Files\\Firebird\\Firebird_2_0\\bin\\fbserver.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\CMS-DH\\EMS.exe"=
"%windir%\explorer.exe"= %windir%\explorer.exe
.
R2 EMSService;Schedule Service;c:\program files\CMS-DH\ScheduleService.exe [11/30/2011 11:19 PM 2155520]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [9/30/2010 7:35 PM 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [8/11/2008 1:41 PM 12856]
R3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;c:\windows\system32\drivers\silabenm.sys [3/4/2009 2:24 PM 17920]
R3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;c:\windows\system32\drivers\silabser.sys [3/4/2009 2:24 PM 61568]
S1 erboxpke;erboxpke;\??\c:\windows\system32\drivers\erboxpke.sys --> c:\windows\system32\drivers\erboxpke.sys [?]
S2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;\??\c:\windows\system32\eLock2BurnerLockDriver.sys --> c:\windows\system32\eLock2BurnerLockDriver.sys [?]
S2 eLock2FSCTLDriver;eLock2FSCTLDriver;\??\c:\windows\system32\eLock2FSCTLDriver.sys --> c:\windows\system32\eLock2FSCTLDriver.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/6/2010 4:00 PM 136176]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2/29/2012 9:50 AM 158856]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [8/6/2010 4:00 PM 136176]
S4 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [3/15/2011 10:27 PM 183560]
.
NETSVCS REQUIRES REPAIRS - current entries shown
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
ERSvc
EventSystem
FastUserSwitchingCompatibility
HidServ
Ias
Iprip
Irmon
LanmanServer
LanmanWorkstation
Messenger
Netman
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
NETw3v32
RR2IOMod
tossmbnt
cdudf_xp
aswmon2
iastor
ifp800
ATIBTCAP
DNE
cmdmon
tosporte
cobbmservice
nsvcip
nvnetbus
DCamUSBMke2
DKbFltr
dlcc_device
tfsnudfa
serialkeys
umxfwhlp
monfilt
avipbb
schscnt
hsvcmod
IntelC51
nmsaccess
aliadwdm
autocomplete
LUsbFilt
tdsmapi
vulfnths
idisw2km
BRCMDECO
WinDriver6
GTWModem
sisnic
lvhidsvc
SNMPTRAP
ssfs0509
dvd_2K
bgmainsvc
zenos1
nvidesm
crauto
knobserv
mf
oraclesnmppeerencapsulator
mssql$microsoftsmlbiz
ccsetmgr
DritekPortIO
pcscnsrv
w810mdfl
mqdmserd
EMSCR
ventrilo
rt2870
icepack
amdk7
ZSMC301b
irbus
msgsrvservice
s117nd5
sprtsvc_smartagent
bdss
jconfigd
ISODrive
DVDVRRdr_xp
cpqalert
viagfx
ageremodemaudio
lhidusb
vwlogger
midisyn
smservaz
WmVirHid
osaio
RDID1027
toscosrv
anio
MSICPL
OVT511Plus
nsm1mdm
zunenetworksvc
NMSAccessU
SIODRV
gv3
DFUBTUSB
usbatapi2000
pchost
adsexpb
sbiesvc
CE3
tosrfusb
WMIService
cavasm
pktfilter
se2Bunic
ctsfm2k
NWSIPX32
hpgate
ageresoftmodem
UsbDiag
acrotray
szserver
stacsv
pdlnslea
wdm_au8820
alcxsens
ARPolicy
ANC
snmptrapdservice
qconsvc
rslinx
pageserver
agpcpq
CamAv
regmon701
nvax
asuskbnt
sifilter
gdrv
ASInsHelp
genmcmn
OEM02Vfx
RR2Mjpeg
websensecamreportserver
rsvchost
rca
lp6nds35
pacsptisvr
epstnt01
IBM_LLC2
tbhsd
pxfhmdfl
SNMP
DCFS2K
z525mgmt
iviVD
FreshIO
msfwsvc
tpkd
MRESP50a64
pcradminserver
dcfssvc
tmesbs32
JiaoCap
TPPWRIF
smwdm
EL90X
utscsi
BTSLBCSP
retrolauncher
tb2launch
oracle_load_balancer_60_server-forms6ip14
dxdebug
bridge
NWSNS
ma763004
Sunkfiltp
enodpl
zntport
stcagent
usnsvc
procexp100
OneCareMP
s125mdm
ESMCR
CAMCHALA
elbydelay
Jukebox
cpuidlep
s24trans
ser2plms
2wirepcp
npfmntor
OsaFsLoc
HSFHWALI
WmaCDriverV32
netmdsb
mwsejcap
wlluc48
s616nd5
msgame
bvrp_pci
mfehidk
TUWinStylerThemeSvc
PAC7302
emitray
6to4
pinnaclesys.mediaserver
uclauncherservice
EpmPsd
lvmvdrv
riomsc
qhwscsvc
ipahelper.exe
tappsrv
defragfs
rp_fws
ATIVXSTW
prtg4service
CDRPDACC
CTEDSPIO.DLL
WmXlCore
sisperf
ithsgt
cvsnt
KMW_KBD
ASNDIS5
tunnelguardservice
backupexecagentaccelerator
bhmonitorservice
blueletaudio
aw_host
bc_pat_f
C-Dilla
PCTINDIS5
EQDRV5
DCamUSBMke
TMBUS
btaudio
license
MA-620
Machnm32
cfgwzsvc
WavxDMgr
MA8032C
tfsndrct
se58mdfl
etoksrv
iAimTV6
erecoveryservice
GTPTSER
pcampr5
vmodem
fa_scheduler
mwagent
rtl8185
CTSYN
iaimtv0
USIUDF
se44mgmt
WNCPKT
iomdisk
F700isw
mstdc
bc_prt_f
LMS
GENERICDRV
clnt_clientman
snpstd2
NICSer_WPC54G
hpci
vc5secs
mcmscsvc
ndassvc
wpdusb
winpower
LRMINIPORT
slave
ntgrip
WimFltr
avgntflt
eloggersvc6
SrvcEPECioctl
bthpan
winvnc4
Wpsnuio
RadProbe
cs429x
SMCB000
ccflic0
botcbs
ossrv
pcandis5
sp_rssrv
wwsecsvc
NMSSvc
SE2Bmgmt
dvpapi
QPCapSvc
ELmon
Wuser32
pavdrv
XUIF
tmactmon
MREMPR5
tversitymediaserver
mksupdateint
w300bus
FETNDISB
pdlnebas
w810bus
se58obex
wampmysqld
upperdev
DirectUpdate
eamon
vetmonnt
uisp
a8djusb
zpcache
bwcsrv
DCamUSBSQTECH
lcs
IASJet
dm1service
symsecureport
Xponaut_WBD
risdptsk
oracleformsserver-forms60server-oraform
XTrapD12
Rasman
Remoteaccess
Schedule
Seclogon
SENS
Sharedaccess
SRService
Tapisrv
Themes
TrkWks
W32Time
WZCSVC
Wmi
WmdmPmSp
winmgmt
wscsvc
xmlprov
BITS
wuauserv
ShellHWDetection
helpsvc
WmdmPmSN
napagent
hkmsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-09 c:\windows\Tasks\At1.job
- c:\program files\HP\HP Officejet 6500 E710n-z\Bin\HPCustPartic.exe [2010-06-14 22:07]
.
2012-04-09 c:\windows\Tasks\At2.job
- c:\program files\HP\HP Officejet 6500 E710n-z\Bin\HPCustPartic.exe [2010-06-14 22:07]
.
2012-04-09 c:\windows\Tasks\At3.job
- c:\program files\HP\HP Officejet 6500 E710n-z\Bin\HPCustPartic.exe [2010-06-14 22:07]
.
2012-04-08 c:\windows\Tasks\At4.job
- c:\program files\HP\HP Officejet 6500 E710n-z\Bin\HPCustPartic.exe [2010-06-14 22:07]
.
2012-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-06 21:00]
.
2012-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-06 21:00]
.
2012-04-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-656531819-3090802450-1381009696-1005Core.job
- c:\documents and settings\Manager\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-10 02:26]
.
2012-04-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-656531819-3090802450-1381009696-1005UA.job
- c:\documents and settings\Manager\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-10 02:26]
.
.
------- Supplementary Scan -------
.
uStart Page = https://login.timemd.com/login/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Settings,ProxyServer = http=127.0.0.1:1052
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 216.231.160.10 216.231.160.2
DPF: {D64CF6D4-45DF-4D8F-9F14-E65FADF2777C} - hxxp://www.dvrstation.com/pdvratl.php?vendor=14
FF - ProfilePath - c:\documents and settings\Manager\Application Data\Mozilla\Firefox\Profiles\niriksyv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IP2TDF&PC=IP2TDF&q=
FF - prefs.js: browser.startup.homepage - hxxps://login.timemd.com/login/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IP2TDF&PC=IP2TDF&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-30515418.sys
SafeBoot-51566454.sys
SafeBoot-klmdb.sys
AddRemove-MSR213U Setting AP(213CS611) - c:\windows\iun6002.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-09 13:17
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(568)
c:\windows\system32\LMIinit.dll
.
- - - - - - - > 'explorer.exe'(3088)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\LMIRfsClientNP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Microsoft\BingBar\SeaPort.EXE
c:\windows\RTHDCPL.EXE
c:\program files\Firebird\Firebird_2_0\bin\fbserver.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\SearchIndexer.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
.
**************************************************************************
.
Completion time: 2012-04-09 13:24:32 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-09 18:24
ComboFix2.txt 2010-06-01 21:36
.
Pre-Run: 1,854,255,104 bytes free
Post-Run: 2,182,311,936 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 33FBBA4342C814E87897A438290460AB
  • 0

#6
trippank
Posted 09 April 2012 - 08:22 PM

trippank

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
OTL logfile created on: 4/9/2012 9:12:46 PM - Run 4
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Manager\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.42 Mb Total Physical Memory | 276.94 Mb Available Physical Memory | 27.30% Memory free
2.38 Gb Paging File | 1.73 Gb Available in Paging File | 72.50% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.58 Gb Total Space | 1.86 Gb Free Space | 5.38% Space Free | Partition Type: NTFS
Drive D: | 35.06 Gb Total Space | 35.05 Gb Free Space | 99.97% Space Free | Partition Type: FAT32

Computer Name: ACER-6E395D0925 | User Name: Manager | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/05 19:23:03 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Manager\My Documents\Downloads\OTL.exe
PRC - [2012/02/06 17:29:03 | 000,136,584 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2012/02/06 17:28:40 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2011/11/30 23:19:30 | 002,155,520 | ---- | M] () -- C:\Program Files\CMS-DH\ScheduleService.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/03/15 15:56:18 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/11/08 13:04:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2009/12/14 19:02:04 | 005,150,720 | ---- | M] () -- C:\Allcon\GCP.exe
PRC - [2009/12/14 19:01:08 | 001,449,984 | ---- | M] (QuikStor) -- C:\Allcon\AllCon_Console.exe
PRC - [2009/07/17 22:21:02 | 000,257,440 | ---- | M] (Adobe Systems, Inc.) -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
PRC - [2008/08/11 13:41:00 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2008/07/26 09:25:36 | 000,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/07/26 09:23:42 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVCOMSER\LVComSer.exe
PRC - [2008/04/23 08:46:12 | 000,081,920 | ---- | M] (FirebirdSQL Project) -- C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe
PRC - [2008/04/23 08:46:08 | 002,015,232 | ---- | M] (FirebirdSQL Project) -- C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe
PRC - [2008/04/14 08:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/30 23:19:30 | 002,155,520 | ---- | M] () -- C:\Program Files\CMS-DH\ScheduleService.exe
MOD - [2011/10/14 02:08:14 | 002,970,112 | ---- | M] () -- C:\Program Files\CMS-DH\PdvrXM2k.dll
MOD - [2011/10/09 23:33:10 | 001,560,576 | ---- | M] () -- C:\Program Files\CMS-DH\PdvrServer.dll
MOD - [2009/12/14 19:02:04 | 005,150,720 | ---- | M] () -- C:\Allcon\GCP.exe
MOD - [2008/07/26 09:24:04 | 000,068,120 | ---- | M] () -- C:\Program Files\Common Files\logishrd\LVCOMSER\LVCSPS.dll
MOD - [2001/07/26 16:18:00 | 000,151,552 | ---- | M] () -- C:\WINDOWS\system32\ssleay32.dll
MOD - [2001/07/26 16:17:00 | 000,692,224 | ---- | M] () -- C:\WINDOWS\system32\libeay32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\usbehci.dll -- (zunenetworksvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\EntDrv51.dll -- (ZSMC301b)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mgisvr.dll -- (zpcache)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ageremodemaudio.dll -- (zntport)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\usbscan.dll -- (zenos1)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\oraclexeclragent.dll -- (z525mgmt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\UpdateCenterService.dll -- (XUIF)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Hotkey.dll -- (XTrapD12)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cmdmon.dll -- (Xponaut_WBD)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\lxbx_device.dll -- (wwsecsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\NSSvcMgr.dll -- (Wuser32)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ftpqueue.dll -- (Wpsnuio)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\surveyor.dll -- (wpdusb)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mi-raysat_3dsmax9_32.dll -- (WNCPKT)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ARSVC.dll -- (WmXlCore)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dashsvc.dll -- (WmVirHid)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\megamonitorsrv.dll -- (WMIService)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\RESMGR.dll -- (WmaCDriverV32)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tfsnpool.dll -- (wlluc48)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\qkbfiltr.dll -- (winvnc4)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\MQAC.dll -- (winpower)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\osaio.dll -- (WinDriver6)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\PSDFilter.dll -- (WimFltr)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\wlmel51b.dll -- (websensecamreportserver)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cdralw2k.dll -- (wdm_au8820)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\fastfat.dll -- (WavxDMgr)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ipsecmon.dll -- (wampmysqld)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\clisvc.dll -- (w810mdfl)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\usb_rndisx.dll -- (w810bus)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\rt61.dll -- (w300bus)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\oracleorahomedatagatherer.dll -- (vwlogger)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\deventagent.dll -- (vulfnths)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\avc.dll -- (vmodem)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\afs2k.dll -- (viagfx)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\slip.dll -- (vetmonnt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\wwnetdde.dll -- (ventrilo)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\OVT511Plus.dll -- (vc5secs)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\livesrv.dll -- (vaiomediaplatform-videoserver-appserver)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\zBackupAssistService.dll -- (utscsi)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cfosspeeds.dll -- (usnsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tversitymediaserver.dll -- (USIUDF)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\EIO_XP.dll -- (UsbDiag)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pageserver.dll -- (usbatapi2000)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pavreport.dll -- (upperdev)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\websenselogserver.dll -- (umxfwhlp)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\rpclocator.dll -- (uisp)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tosrfcom.dll -- (uclauncherservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\USBCamera.dll -- (tversitymediaserver)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ca-messagequeuing.dll -- (TUWinStylerThemeSvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\fastuserswitchingcompatibility.dll -- (tunnelguardservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\zmxpzip.dll -- (TPPWRIF)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\centennialclientagent.dll -- (tpkd)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\CnxTrLan.dll -- (tossmbnt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\avipbb.dll -- (tosrfusb)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\RMCAST.dll -- (tosporte)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mfcom.dll -- (toscosrv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\klblmain.dll -- (tmesbs32)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\bthpan.dll -- (tme3srv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ufad-ws60.dll -- (TMBUS)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\MtxDma0.dll -- (tmactmon)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\W2acehid.dll -- (tfsnudfa)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\asyncmac.dll -- (tfsndrct)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\aolservice.dll -- (tdsmapi)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\minilog.dll -- (tbhsd)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\epfwtdi.dll -- (tb2launch)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\VC6SecS.dll -- (tappsrv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sscdbus.dll -- (szserver)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SbieDrv.dll -- (symsecureport)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Alpham2.dll -- (Sunkfiltp)
SRV - File not found [Auto | Stopped] -- \.\globalroot\C:\WINDOWS\system32\svchost.exe -- (Stltrk2k)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\hpconfig.dll -- (stcagent)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cpntsrv.dll -- (stacsv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\btwmodem.dll -- (ssfs0509)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\w70n51.dll -- (SrvcEPECioctl)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\s616mdm.dll -- (sprtsvc_smartagent)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\matlabserver.dll -- (sp_rssrv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\GT680x.dll -- (snpstd2)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\PID_08A0.dll -- (snmptrapdservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\bits.dll -- (SNMPTRAP)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\transarcafsdaemon.dll -- (SNMP)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\hdaudaddservice.dll -- (smwdm)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\psdistributionagent.dll -- (smservaz)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\webcompserver.dll -- (SMCB000)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pfmodnt.dll -- (slave)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\outpostfirewall.dll -- (sisperf)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tpkmpsvc.dll -- (sisnic)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\rtl8023.dll -- (SIODRV)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dmload.dll -- (sifilter)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\csctl50.dll -- (serialkeys)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\MSTAPE.dll -- (ser2plms)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\MSCamSvc.dll -- (se58obex)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pcidump.dll -- (se58mdfl)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\taphss.dll -- (se44mgmt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\StillCam.dll -- (se2Bunic)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\adiloader.dll -- (SE2Bmgmt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cdr4_2k.dll -- (schscnt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ndasscsi.dll -- (sbiesvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\iAimFP5.dll -- (s616nd5)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ftdisk.dll -- (s24trans)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ROCKEYNT.dll -- (s125mdm)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ftpds.dll -- (s117nd5)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\iap.dll -- (rtl8185)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vmkbd.dll -- (rt2870)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\AtlsAud.dll -- (rsvchost)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mnsframework.dll -- (rslinx)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\procexp90.dll -- (RR2Mjpeg)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SQTECH905C.dll -- (RR2IOMod)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dot4ufd.dll -- (rp_fws)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dlcf_device.dll -- (risdptsk)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dtsrvc.dll -- (riomsc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\gearsecurity.dll -- (retrolauncher)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Angel2.dll -- (regmon701)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sgeclient.dll -- (RDID1027)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\fastuserswitchingcompatibility.dll -- (rca)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\F700imd.dll -- (RadProbe)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cfgwzsvc.dll -- (QPCapSvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\smservauth.dll -- (qhwscsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\service1.dll -- (qconsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\proxyhostservice.dll -- (pxfhmdfl)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\iaimtv2.dll -- (prtg4service)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nwrdr.dll -- (procexp100)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\compbatt.dll -- (pktfilter)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\BCMWLNPF.dll -- (pinnaclesys.mediaserver)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tcpip6.dll -- (pgfilter)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\EL90X.dll -- (pdlnslea)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ikfilesec.dll -- (pdlnebas)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\z800bus.dll -- (PCTINDIS5)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\win32sl.dll -- (pcscnsrv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\uleadburninghelper.dll -- (pcradminserver)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\irbus.dll -- (pchost)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\statusagent.dll -- (pcandis5)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\USA49W.dll -- (pcampr5)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\curtainssyssvc.dll -- (pavdrv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\s116unic.dll -- (pageserver)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SNDO763.dll -- (pacsptisvr)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nvedavt.dll -- (PAC7302)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ndistapi.dll -- (OVT511Plus)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\e1000.dll -- (ossrv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\interactivelogon.dll -- (osaio)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\konfig.dll -- (OsaFsLoc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dklogger.dll -- (oraclesnmppeerencapsulator)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\asp.net.dll -- (oracleformsserver-forms60server-oraform)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SE26mdfl.dll -- (oracle_load_balancer_60_server-forms6ip14)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nvcap.dll -- (openvpnservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mrvw245.dll -- (OneCareMP)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nmwcd.dll -- (OEM02Vfx)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\fgdxbus.dll -- (NWSNS)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Nsynas32.dll -- (NWSIPX32)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\kpf4.dll -- (nvnetbus)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ppa3.dll -- (nvidesm)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\suservice.dll -- (nvax)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\parport.dll -- (ntgrip)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dvd43llh.dll -- (nsvcip)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\lirsgt.dll -- (nsm1mdm)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\fsRamDsk.dll -- (npfmntor)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Afc.dll -- (NMSSvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nlsvc.dll -- (NMSAccessU)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\symproxysvc.dll -- (nmsaccess)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\WimFltr.dll -- (NICSer_WPC54G)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\USB_NDIS_51.dll -- (NETw3v32)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\digisptiservice.dll -- (netmdsb)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SDdriver.dll -- (ndassvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sfrem01.dll -- (mwsejcap)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\FileDisk.dll -- (mwagent)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ikfileflt.dll -- (mstdc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Via4in1.dll -- (mssql$microsoftsmlbiz)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\usbvm321.dll -- (MSICPL)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\RR2Vbi.dll -- (msgsrvservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\wmp54gssvc.dll -- (msgame)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mpfp.dll -- (msfwsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mapserver6.3.dll -- (MRESP50a64)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cdvp.dll -- (MREMPR5)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SSHDRV61.dll -- (mqdmserd)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SE27mdfl.dll -- (monfilt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\zntport.dll -- (mksupdateint)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Machnm32.dll -- (midisyn)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\XAudio.dll -- (mfehidk)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nvrd64.dll -- (mf)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\emitray.dll -- (mcmscsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mcpromgr.dll -- (Machnm32)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\IPSECSHM.dll -- (MA8032C)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\clcapsvc.dll -- (ma763004)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\npapimon.dll -- (MA-620)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ddxgb.dll -- (lvmvdrv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\LoopBeMidi1.dll -- (lvhidsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\CoolerXPDriver.dll -- (LUsbFilt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\PcdrNt.dll -- (LRMINIPORT)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Ptserlp.dll -- (lp6nds35)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Accelerometer.dll -- (LMS)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\easdrv.dll -- (license)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\iam.dll -- (lhidusb)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ndasscsi.dll -- (lcs)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\zpjava.dll -- (knobserv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\bc_prt_f.dll -- (KMW_KBD)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\TMHIDSRV.dll -- (Jukebox)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\avupdsvc.dll -- (JiaoCap)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SenFiltService.dll -- (jconfigd)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cwcwdm.dll -- (iviVD)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ithsgt.dll -- (ithsgt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\WmBEnum.dll -- (ISODrive)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\symc8xx.dll -- (irbus)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pav_security.dll -- (ipahelper.exe)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\areschatserver.dll -- (iomdisk)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\U81xmgmt.dll -- (IntelC51)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tones.dll -- (ifp800)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\hap16v2k.dll -- (idisw2km)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\rxmssync.dll -- (icepack)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\amdk77.dll -- (IBM_LLC2)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\w550mgmt.dll -- (iastor)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\hwpsgt.dll -- (IASJet)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dns4meclient.dll -- (iAimTV6)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mrxdav.dll -- (iaimtv0)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mwsarcpkt.dll -- (hsvcmod)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\navapsvc.dll -- (HSFHWALI)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\fshttps.dll -- (hpgate)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\adaptecstoragemanageragent.dll -- (hpci)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\spsslm.dll -- (gv3)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\smserial.dll -- (GTWModem)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\appmgmt.dll -- (GTPTSER)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pci.dll -- (genmcmn)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mwssched.dll -- (GENERICDRV)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\w3svc.dll -- (gdrv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\fingrd32.dll -- (FreshIO)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\NMSAccessU.dll -- (FETNDISB)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vserial.dll -- (fa_scheduler)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\meiudf.dll -- (F700isw)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\atkkeyboardservice.dll -- (F700iob)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\se44unic.dll -- (etoksrv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\coste.dll -- (ESMCR)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\LwUsbHid.dll -- (erecoveryservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\proxyhostdriver.dll -- (EQDRV5)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nvatabus.dll -- (epstnt01)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\atapi.dll -- (EpmPsd)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\atkdisplf.dll -- (enodpl)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\wanminiportservice.dll -- (EMSCR)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\backuplauncher.dll -- (emitray)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\oracle%oracle_home_service%clientcache80.dll -- (eloggersvc6)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pdlnebas.dll -- (ELmon)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\zebrsce.dll -- (elbydelay)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Sk99202k.dll -- (EL90X)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\remoteregistry.dll -- (eamon)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\CamAv.dll -- (dxdebug)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\LXARScan.dll -- (dvpapi)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\EhttpSrv.dll -- (DVDVRRdr_xp)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vetfddnt.dll -- (dvd_2K)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sym_hi.dll -- (DritekPortIO)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Slntamr.dll -- (DNE)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\LVCap138.dll -- (dm1service)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\se45unic.dll -- (dlcc_device)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\lxrjd31d.dll -- (DKbFltr)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ssm_mdm.dll -- (diskperf)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dsNcAdpt.dll -- (DirectUpdate)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\starwindserviceae.dll -- (DFUBTUSB)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\spsslm.dll -- (defragfs)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\modem.dll -- (dcfssvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\acmservice.dll -- (DCFS2K)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\w200bus.dll -- (DCamUSBSQTECH)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\akshhl.dll -- (DCamUSBMke2)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\phc600.dll -- (DCamUSBMke)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pptchpad.dll -- (cvsnt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vpcbus.dll -- (ctsfm2k)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ARCSOFTVIRTUALCAPTURE.dll -- (CTEDSPIO.DLL)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\DcPTP.dll -- (ctdvda2k)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\rdpcdd.dll -- (cs429x)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tdsmapi.dll -- (crauto)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ATIBTXBAR.dll -- (cpuidlep)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sharedaccess.dll -- (cpqalert)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\hdaudbus.dll -- (cobbmservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\msgame.dll -- (cmdmon)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\naveng.dll -- (clnt_clientman)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\jobserver_report.dll -- (cfgwzsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\{eda5f5d3-9e0f-4f4d-8a13-1d1cf469c9cc}.dll -- (CE3)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\USBModem.dll -- (cdudf_xp)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Maplom.dll -- (CDRPDACC)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vrmonsvc.dll -- (C-Dilla)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\eloggersvc6.dll -- (ccsetmgr)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\avcgbdr.dll -- (ccflic0)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dnsexit.dll -- (cavasm)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\oracleorahomehttpserver.dll -- (CAMCHALA)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\A88xXBar.dll -- (CamAv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\s7otranx.dll -- (bwcsrv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ghaio.dll -- (bvrp_pci)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\BTSLBCSP.dll -- (BTSLBCSP)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\w200obex.dll -- (bthpan)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sfvfs02.dll -- (btaudio)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\inspect.dll -- (bridge)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dpfusmgr.dll -- (BRCMDECO)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tversitymediaserver.dll -- (botcbs)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\raysat3_4_6_18server.dll -- (blueletaudio)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\OEM02Afx.dll -- (bhmonitorservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\servidor.dll -- (bgmainsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\A88xXBar.dll -- (bdss)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cmbatt.dll -- (bc_prt_f)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\gbpoll.dll -- (bc_pat_f)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vmm.dll -- (backupexecagentaccelerator)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\olregcap.dll -- (aw_host)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\db2governor.dll -- (avipbb)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ipcsvc.dll -- (avgntflt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SE2Dobex.dll -- (autocomplete)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\PciBus.dll -- (ATIVXSTW)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ROB_A.dll -- (ATIBTCAP)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pdlnatcm.dll -- (aswmon2)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\n3900.dll -- (asuskbnt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pdlnemsg.dll -- (ASNDIS5)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\toscosrv.dll -- (ASInsHelp)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\hpqwmi.dll -- (ARPolicy)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\usbbus.dll -- (anio)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\s217unic.dll -- (ANC)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\om518p.dll -- (amdk7)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ipsraidn.dll -- (aliadwdm)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mcafeeantispyware.dll -- (alcxsens)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tcpip.dll -- (agpcpq)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SQLAgent$MICROSOFTSMLBIZ.dll -- (ageresoftmodem)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\backupexecagentbrowser.dll -- (ageremodemaudio)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ARPolicy.dll -- (adsexpb)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cygserver.dll -- (acrotray)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\NVTCP.dll -- (a8djusb)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cdvp.dll -- (2wirepcp)
SRV - [2012/02/29 09:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/02/06 17:29:03 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint)
SRV - [2012/02/06 17:28:40 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2011/11/30 23:19:30 | 002,155,520 | ---- | M] () [Auto | Running] -- C:\Program Files\CMS-DH\ScheduleService.exe -- (EMSService)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/03/15 22:27:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [Disabled | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/03/15 15:56:18 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/11/08 13:04:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2008/07/26 09:25:36 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/07/26 09:23:42 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
SRV - [2006/01/05 00:06:02 | 000,163,840 | ---- | M] (Alex Feinman) [On_Demand | Stopped] -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe -- (Imapi Helper)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\ZDPSp50.sys -- (ZDPSp50)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\zd1211u.sys -- (ZD1211U(ZyDAS)) ZyDAS ZD1211 IEEE 802.11b+g Wireless LAN Driver (USB)(ZyDAS)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\zd1211Bu.sys -- (ZD1211BU(ZyDAS)) ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\Drivers\psdvdisk.sys -- (psdvdisk)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\Drivers\psdfilter.sys -- (psdfilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\erboxpke.sys -- (erboxpke)
DRV - File not found [File_System | Auto | Stopped] -- C:\WINDOWS\system32\eLock2FSCTLDriver.sys -- (eLock2FSCTLDriver)
DRV - File not found [File_System | Auto | Stopped] -- C:\WINDOWS\system32\eLock2BurnerLockDriver.sys -- (eLock2BurnerLockDriver)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Puppy\catchme.sys -- (catchme)
DRV - [2012/02/06 17:28:43 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2009/04/30 22:56:32 | 000,495,768 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LV561AV.SYS -- (PID_0928) Logitech QuickCam Express(PID_0928)
DRV - [2008/08/11 13:41:00 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/08/11 13:41:00 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2008/07/26 09:25:02 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/04/17 16:28:16 | 000,061,568 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\silabser.sys -- (silabser)
DRV - [2008/04/17 16:28:16 | 000,017,920 | ---- | M] (Silicon Laboratories, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\silabenm.sys -- (silabenm)
DRV - [2008/04/14 03:26:08 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2007/10/12 02:00:44 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2006/05/15 20:32:58 | 004,275,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/01/24 20:38:40 | 000,078,720 | ---- | M] (Netgear Inc. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\FA311XP.SYS -- (RTL8023xp)
DRV - [2005/01/13 17:46:16 | 000,069,632 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15.sys)
DRV - [2004/08/04 01:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/08/04 00:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/04 00:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://login.timemd.com/login/
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {6468427B-67BC-43ED-B2D6-3019DE5889BF}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{386F33FD-0E14-413A-A3D0-A3B99D4D3754}: "URL" = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKCU\..\SearchScopes\{6468427B-67BC-43ED-B2D6-3019DE5889BF}: "URL" = http://www.google.co...age={startPage}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:1052

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/...F&PC=IP2TDF&q="
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://login.timemd.com/login/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..keyword.URL: "http://www.bing.com/...F&PC=IP2TDF&q="
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Manager\Application Data\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Manager\Application Data\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Manager\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Manager\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/20 17:31:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/09 21:34:40 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\Manager\Application Data\Move Networks [2010/02/08 17:24:48 | 000,000,000 | ---D | M]

[2009/02/24 15:02:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Manager\Application Data\Mozilla\Extensions
[2012/02/04 09:23:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Manager\Application Data\Mozilla\Firefox\Profiles\niriksyv.default\extensions
[2009/02/24 15:04:04 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Documents and Settings\Manager\Application Data\Mozilla\Firefox\Profiles\niriksyv.default\extensions\[email protected]
[2011/01/07 10:32:58 | 000,001,834 | ---- | M] () -- C:\Documents and Settings\Manager\Application Data\Mozilla\Firefox\Profiles\niriksyv.default\searchplugins\bing.xml
[2012/01/09 21:37:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/03/20 17:31:02 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/12/20 23:30:41 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/20 23:30:41 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Manager\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.151\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Manager\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.151\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Manager\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.151\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.170.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java™ Platform SE 6 U17 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Adobe Acrobat (Enabled) = c:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Documents and Settings\Manager\Application Data\Move Networks\plugins\npqmp071505000011.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Manager\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Documents and Settings\Manager\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\Manager\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Documents and Settings\Manager\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/04/09 13:15:59 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Firebird] C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe (FirebirdSQL Project)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Shortcut to GCP.lnk = C:\Allcon\GCP.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1235505337375 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1236114175328 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D64CF6D4-45DF-4D8F-9F14-E65FADF2777C} http://www.dvrstatio...l.php?vendor=14 (PdvrOcx Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 216.231.160.10 216.231.160.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AE65D16B-91D4-447D-8C9A-004841EC9515}: DhcpNameServer = 216.231.160.10 216.231.160.2
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Manager\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Manager\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/07/19 21:08:24 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/09 13:12:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/04/09 12:16:16 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/04/09 12:14:40 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/04/09 12:14:40 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/04/09 12:14:40 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/04/09 12:14:40 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/04/09 12:09:59 | 004,450,553 | R--- | C] (Swearware) -- C:\Documents and Settings\Manager\Desktop\Puppy.exe
[2012/04/05 18:00:10 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/03/27 12:33:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2012/03/27 08:35:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Manager\Application Data\Ygotqil
[2012/03/27 08:35:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Manager\Application Data\Avoxpa
[2012/03/20 14:20:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Manager\My Documents\CMS-DH
[2012/03/20 14:20:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CMS-DH
[2012/03/20 14:12:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CMS-DH
[2012/03/20 14:12:03 | 000,000,000 | ---D | C] -- C:\Program Files\CMS-DH
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/09 21:19:31 | 000,000,016 | ---- | M] () -- C:\qslink.fil
[2012/04/09 21:09:30 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/09 21:08:43 | 000,000,089 | ---- | M] () -- C:\WINDOWS\PdvrServer.INI
[2012/04/09 21:08:30 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/09 21:08:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/09 21:08:18 | 1063,768,064 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/09 20:47:00 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-656531819-3090802450-1381009696-1005UA.job
[2012/04/09 20:47:00 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/09 20:40:00 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2012/04/09 14:25:09 | 000,002,481 | ---- | M] () -- C:\Documents and Settings\Manager\Desktop\Microsoft Excel.lnk
[2012/04/09 14:00:00 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2012/04/09 13:15:59 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/04/09 12:16:21 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/04/09 12:12:40 | 000,000,004 | ---- | M] () -- C:\qslink.fil.tmp.don
[2012/04/09 10:40:29 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012/04/09 10:10:00 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2012/04/09 08:28:34 | 000,002,483 | ---- | M] () -- C:\Documents and Settings\Manager\Desktop\Microsoft Word.lnk
[2012/04/09 08:06:00 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2012/04/08 23:47:00 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-656531819-3090802450-1381009696-1005Core.job
[2012/04/06 12:02:40 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/04/05 19:53:40 | 000,002,304 | ---- | M] () -- C:\Documents and Settings\Manager\Desktop\Google Chrome.lnk
[2012/04/05 19:53:40 | 000,002,282 | ---- | M] () -- C:\Documents and Settings\Manager\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/04/05 18:30:10 | 004,450,553 | R--- | M] (Swearware) -- C:\Documents and Settings\Manager\Desktop\Puppy.exe
[2012/04/05 17:57:32 | 007,724,556 | ---- | M] () -- C:\WINDOWS\System32\ITODQFLWWY
[2012/04/05 17:50:11 | 000,106,496 | ---- | M] () -- C:\Documents and Settings\Manager\My Documents\Virusrrootkit
[2012/04/05 16:52:03 | 124,084,802 | ---- | M] () -- C:\Documents and Settings\Manager\My Documents\FullBackupGmer.reg
[2012/04/05 14:52:54 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2012/03/20 14:18:03 | 000,463,938 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/03/20 14:18:03 | 000,079,214 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/03/20 14:12:35 | 000,001,493 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CMS-DH.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/09 12:14:40 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/04/09 12:14:40 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/04/09 12:14:40 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/04/09 12:14:40 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/04/09 12:14:40 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/04/05 17:55:41 | 007,724,556 | ---- | C] () -- C:\WINDOWS\System32\ITODQFLWWY
[2012/04/05 17:50:09 | 000,106,496 | ---- | C] () -- C:\Documents and Settings\Manager\My Documents\Virusrrootkit
[2012/04/05 16:51:29 | 124,084,802 | ---- | C] () -- C:\Documents and Settings\Manager\My Documents\FullBackupGmer.reg
[2012/03/20 14:20:33 | 000,000,089 | ---- | C] () -- C:\WINDOWS\PdvrServer.INI
[2012/03/20 14:12:35 | 000,001,493 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CMS-DH.lnk
[2012/01/09 17:24:28 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/01/09 12:56:14 | 000,010,790 | -HS- | C] () -- C:\Documents and Settings\Manager\Local Settings\Application Data\job0c0r2vnmw
[2012/01/09 12:56:14 | 000,010,790 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\job0c0r2vnmw
[2010/12/15 11:33:01 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\Manager\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== LOP Check ==========

[2009/02/24 15:01:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avocent AdminWorks
[2012/04/09 21:06:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CMS-DH
[2012/04/09 02:19:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2009/02/24 15:01:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Manager\Application Data\Avocent AdminWorks
[2012/03/27 12:32:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Manager\Application Data\Avoxpa
[2010/12/18 12:51:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Manager\Application Data\Canon
[2010/06/01 16:37:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Manager\Application Data\EurekaLog
[2009/03/04 14:30:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Manager\Application Data\HK-Software
[2009/03/04 14:51:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Manager\Application Data\Leadertech
[2011/04/22 14:30:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Manager\Application Data\OpenOffice.org
[2009/02/24 15:36:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Manager\Application Data\Windows Desktop Search
[2009/07/17 10:49:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Manager\Application Data\Windows Search
[2012/03/27 08:36:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Manager\Application Data\Ygotqil
[2012/04/09 10:10:00 | 000,000,460 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2012/04/09 20:40:00 | 000,000,460 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2012/04/09 08:06:00 | 000,000,460 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2012/04/09 14:00:00 | 000,000,460 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job

========== Purity Check ==========



< End of report >
  • 0

#7
Cookiegal
Posted 10 April 2012 - 02:17 PM

Cookiegal

    Visiting Consultant

  • Visiting Consultant
  • 889 posts
Can you tell me if this is a valid proxy server that you set up?

ProxyServer = http=127.0.0.1:1052
  • 0

#8
Cookiegal
Posted 12 April 2012 - 07:34 AM

Cookiegal

    Visiting Consultant

  • Visiting Consultant
  • 889 posts
Are you still with me?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP