Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

search engine virus


  • Please log in to reply

#1
theprefixx

theprefixx

    Member

  • Member
  • PipPip
  • 22 posts
I seem to have acquired the lovely search engine virus. Any search engine I use directs me to some random unrelated website or ad.. help!
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP
Download OTL from
http://www.geekstogo...timers-list-it/
and Save it to your desktop.

Run OTL (Vista or Win 7 => right click and Run As Administrator)

select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

Ron
  • 0

#3
theprefixx

theprefixx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
OTL Extras logfile created on: 4/30/2012 6:46:03 PM - Run 1
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.86 Mb Total Physical Memory | 158.41 Mb Available Physical Memory | 15.62% Memory free
2.38 Gb Paging File | 1.41 Gb Available in Paging File | 59.25% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.12 Gb Total Space | 121.38 Gb Free Space | 84.22% Space Free | Partition Type: NTFS

Computer Name: YOUR-YECX24RTR5 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\WINDOWS\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- "%1" %*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"443:TCP" = 443:TCP:*:Disabled:ooVoo TCP port 443
"443:UDP" = 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP" = 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP" = 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP" = 37675:UDP:*:Disabled:ooVoo UDP port 37675
"37678:TCP" = 37678:TCP:*:Disabled:ooVoo TCP port 37678
"37678:UDP" = 37678:UDP:*:Disabled:ooVoo UDP port 37678
"37679:UDP" = 37679:UDP:*:Disabled:ooVoo UDP port 37679
"37683:TCP" = 37683:TCP:*:Disabled:ooVoo TCP port 37683
"37683:UDP" = 37683:UDP:*:Disabled:ooVoo UDP port 37683
"37682:UDP" = 37682:UDP:*:Disabled:ooVoo UDP port 37682
"37684:TCP" = 37684:TCP:*:Disabled:ooVoo TCP port 37684
"37684:UDP" = 37684:UDP:*:Disabled:ooVoo UDP port 37684
"37685:UDP" = 37685:UDP:*:Disabled:ooVoo UDP port 37685
"37686:TCP" = 37686:TCP:*:Disabled:ooVoo TCP port 37686
"37686:UDP" = 37686:UDP:*:Disabled:ooVoo UDP port 37686
"37687:UDP" = 37687:UDP:*:Disabled:ooVoo UDP port 37687
"37688:TCP" = 37688:TCP:*:Disabled:ooVoo TCP port 37688
"37688:UDP" = 37688:UDP:*:Disabled:ooVoo UDP port 37688
"37689:UDP" = 37689:UDP:*:Disabled:ooVoo UDP port 37689
"37690:TCP" = 37690:TCP:*:Disabled:ooVoo TCP port 37690
"37690:UDP" = 37690:UDP:*:Disabled:ooVoo UDP port 37690
"37691:UDP" = 37691:UDP:*:Disabled:ooVoo UDP port 37691
"37679:TCP" = 37679:TCP:*:Disabled:ooVoo TCP port 37679
"37681:UDP" = 37681:UDP:*:Disabled:ooVoo UDP port 37681
"37680:TCP" = 37680:TCP:*:Disabled:ooVoo TCP port 37680
"37680:UDP" = 37680:UDP:*:Disabled:ooVoo UDP port 37680
"37689:TCP" = 37689:TCP:*:Disabled:ooVoo TCP port 37689
"37693:UDP" = 37693:UDP:*:Disabled:ooVoo UDP port 37693

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- (AOL Inc.)
"C:\Program Files\ooVoo\ooVoo.exe" = C:\Program Files\ooVoo\ooVoo.exe:*:Enabled:ooVoo
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"C:\Program Files\Blubster\Blubster.exe" = C:\Program Files\Blubster\Blubster.exe:*:Enabled:Blubster
"C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{16B2498C-C6C1-4AE7-95EF-D2A09F50071C}" = KODAK Share Button App
"{19F5658D-92E8-4A08-8657-D38ABB1574B2}" = Asus ACPI Driver
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FCC574F-AFA2-4432-9EF1-79CA7BA73431}_is1" = Webroot AntiVirus with Spy Sweeper
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java™ 6 Update 23
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{38E5A3B1-ADF1-47E0-8024-76310A30EB36}" = LiveUpdate
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{3F5B6210-0903-4DC6-8034-8F488AA3A782}" = Spy Sweeper Core
"{3FB39BED-37C8-4E60-8E02-315B8C2B07E3}" = USB2.0 UVC Camera Device
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{47BACF74-5A07-48BD-BADB-A769550F0F5A}" = FontResizer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76CD2979-09C0-493A-84B3-8FD97EF4BCEA}" = Windows Live Family Safety
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Azurewave Wireless LAN Card
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A81100000003}" = Adobe Reader 8.1.1
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C72CA49A-9237-4810-8449-45DA3BD26D64}" = EzMessenger
"{C975D391-7BF6-44A0-A4FF-EDF3CFD88F68}" = ArcSoft MediaImpression for Kodak
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D806E63B-0C11-4061-8DA9-1E980FB9A9EB}" = Data Sync
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0DE168D-39C0-4378-BD45-C7D150DC5D0E}" = Easy Mode
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AIM_7" = AIM 7
"ASUS VIBE" = ASUS VIBE
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ie8" = Windows Internet Explorer 8
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"LPCO" = Intel® Graphics Media Accelerator 500
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/28/2012 1:14:50 PM | Computer Name = YOUR-YECX24RTR5 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 4/28/2012 1:14:50 PM | Computer Name = YOUR-YECX24RTR5 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 4/28/2012 1:14:50 PM | Computer Name = YOUR-YECX24RTR5 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 4/28/2012 1:14:50 PM | Computer Name = YOUR-YECX24RTR5 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 4/28/2012 1:46:40 PM | Computer Name = YOUR-YECX24RTR5 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 4/28/2012 1:46:40 PM | Computer Name = YOUR-YECX24RTR5 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 4/29/2012 12:21:42 AM | Computer Name = YOUR-YECX24RTR5 | Source = Application Error | ID = 1000
Description = Faulting application SpySweeper.exe, version 4.4.0.85, faulting module
osdp.dll, version 1.44.0.1940, fault address 0x000019cf.

Error - 4/29/2012 1:48:18 PM | Computer Name = YOUR-YECX24RTR5 | Source = Application Error | ID = 1000
Description = Faulting application SpySweeper.exe, version 4.4.0.85, faulting module
osdp.dll, version 1.44.0.1940, fault address 0x000019cf.

Error - 4/29/2012 10:55:37 PM | Computer Name = YOUR-YECX24RTR5 | Source = Application Error | ID = 1000
Description = Faulting application McCHSvc.exe, version 3.0.207.0, faulting module
unknown, version 0.0.0.0, fault address 0x006e62f0.

Error - 4/29/2012 11:30:16 PM | Computer Name = YOUR-YECX24RTR5 | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 8007041D from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

[ System Events ]
Error - 4/30/2012 6:59:20 PM | Computer Name = YOUR-YECX24RTR5 | Source = Service Control Manager | ID = 7023
Description = The USB Device Service service terminated with the following error:
%%126

Error - 4/30/2012 6:59:30 PM | Computer Name = YOUR-YECX24RTR5 | Source = Service Control Manager | ID = 7023
Description = The USB Device Service service terminated with the following error:
%%126

Error - 4/30/2012 6:59:41 PM | Computer Name = YOUR-YECX24RTR5 | Source = Service Control Manager | ID = 7023
Description = The USB Device Service service terminated with the following error:
%%126

Error - 4/30/2012 6:59:52 PM | Computer Name = YOUR-YECX24RTR5 | Source = Service Control Manager | ID = 7023
Description = The USB Device Service service terminated with the following error:
%%126

Error - 4/30/2012 7:00:00 PM | Computer Name = YOUR-YECX24RTR5 | Source = Service Control Manager | ID = 7023
Description = The USB Device Service service terminated with the following error:
%%126

Error - 4/30/2012 7:00:13 PM | Computer Name = YOUR-YECX24RTR5 | Source = Service Control Manager | ID = 7023
Description = The USB Device Service service terminated with the following error:
%%126

Error - 4/30/2012 7:00:20 PM | Computer Name = YOUR-YECX24RTR5 | Source = Service Control Manager | ID = 7023
Description = The USB Device Service service terminated with the following error:
%%126

Error - 4/30/2012 7:00:30 PM | Computer Name = YOUR-YECX24RTR5 | Source = Service Control Manager | ID = 7023
Description = The USB Device Service service terminated with the following error:
%%126

Error - 4/30/2012 7:00:40 PM | Computer Name = YOUR-YECX24RTR5 | Source = Service Control Manager | ID = 7023
Description = The USB Device Service service terminated with the following error:
%%126

Error - 4/30/2012 7:00:50 PM | Computer Name = YOUR-YECX24RTR5 | Source = Service Control Manager | ID = 7023
Description = The USB Device Service service terminated with the following error:
%%126


< End of report >

OTL logfile created on: 4/30/2012 6:46:03 PM - Run 1
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.86 Mb Total Physical Memory | 158.41 Mb Available Physical Memory | 15.62% Memory free
2.38 Gb Paging File | 1.41 Gb Available in Paging File | 59.25% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.12 Gb Total Space | 121.38 Gb Free Space | 84.22% Space Free | Partition Type: NTFS

Computer Name: YOUR-YECX24RTR5 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/30 18:41:54 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2012/04/30 11:30:12 | 006,673,360 | ---- | M] (Adobe Systems Inc.) -- C:\WINDOWS\Temp\{348E727C-2B2F-4A40-8DFD-16E0A9AAB37A}\setup.exe
PRC - [2012/04/25 20:26:32 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/02/03 15:14:44 | 000,108,032 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\KODAK Share Button App\Listener.exe
PRC - [2011/06/17 13:33:04 | 000,272,528 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe
PRC - [2011/05/17 14:29:46 | 000,395,144 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2011/02/02 09:55:32 | 000,068,536 | ---- | M] (Adobe Systems, Inc.) -- C:\WINDOWS\system32\Adobe\Director\SWDNLD.EXE
PRC - [2010/12/15 19:03:02 | 000,080,448 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\Kodak\MediaImpression\ArcMonitor.exe
PRC - [2010/10/27 20:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/09/13 16:07:36 | 000,162,912 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\YouCam\YouCamTray.exe
PRC - [2010/09/13 16:07:36 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\YouCam\YCMMirage.exe
PRC - [2010/08/25 12:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/12/19 11:32:43 | 001,201,640 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
PRC - [2009/11/06 16:20:10 | 006,515,784 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
PRC - [2009/07/10 16:35:14 | 000,700,416 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
PRC - [2009/07/05 22:34:52 | 000,096,792 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\PersistenceThread.exe
PRC - [2009/06/25 11:25:40 | 000,712,704 | ---- | M] () -- C:\Program Files\ASUS\LiveUpdate\LiveUpdate.exe
PRC - [2009/05/08 16:54:20 | 000,098,304 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\ACPI\AsEPCMon.exe
PRC - [2009/03/25 10:43:40 | 000,376,832 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
PRC - [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/04/30 11:31:16 | 000,011,264 | ---- | M] () -- C:\WINDOWS\Temp\nsjE0.tmp\System.dll
MOD - [2012/04/29 15:14:25 | 008,797,344 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll
MOD - [2012/04/29 10:35:41 | 000,079,872 | ---- | M] () -- c:\Documents and Settings\NetworkService\Application Data\Adobe\sp.DLL
MOD - [2012/04/25 20:26:31 | 001,952,696 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/02/21 09:46:46 | 001,225,216 | ---- | M] () -- C:\WINDOWS\system32\Adobe\Shockwave 11\gi.dll
MOD - [2012/02/21 09:46:46 | 000,073,408 | ---- | M] () -- C:\WINDOWS\system32\Adobe\Shockwave 11\gtapi.dll
MOD - [2011/11/19 07:51:02 | 000,037,888 | ---- | M] () -- C:\WINDOWS\system32\mwusbw32.dll
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/08/13 03:15:28 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\7bffd7ff2009f421fe5d229927588496\mscorlib.ni.dll
MOD - [2009/06/25 11:25:40 | 000,712,704 | ---- | M] () -- C:\Program Files\ASUS\LiveUpdate\LiveUpdate.exe
MOD - [2009/06/25 10:15:22 | 000,135,168 | ---- | M] () -- C:\Program Files\ASUS\LiveUpdate\Enumeration.dll
MOD - [2009/03/23 17:55:50 | 000,176,128 | ---- | M] () -- C:\Program Files\ASUS\LiveUpdate\Parser.dll
MOD - [2009/03/23 17:53:46 | 000,106,496 | ---- | M] () -- C:\Program Files\ASUS\LiveUpdate\ClientSocket.dll
MOD - [2008/06/20 13:46:57 | 000,245,248 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/06/20 13:46:57 | 000,245,248 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/04/14 08:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/04/14 08:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\w810obex.dll -- (Xyz777s)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Angel2.dll -- (wg6n)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\usbccgp.dll -- (was)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\LUsbKbd.dll -- (wanusb)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\vmusbw32.dll -- (vmusb)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\CTEDSPFX.DLL.dll -- (tme3srv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\array_utility_service4,0,1,3.dll -- (SQLBrowser)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ntgrip.dll -- (Si3132r5)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tvtfilter.dll -- (rt2500usb)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\UVCFTR.dll -- (mnsframework)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\winpower.dll -- (merakpop3)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\wlluc48b.dll -- (dlabmfsm)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dlaudf_m.dll -- (ahcix86s)
SRV - File not found [Auto | Stopped] -- \.\globalroot\C:\WINDOWS\system32\svchost.exe -- ({eda5f5d3-9e0f-4f4d-8a13-1d1cf469c9cc})
SRV - [2012/04/29 15:14:26 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/29 10:35:41 | 000,079,872 | ---- | M] () [Auto | Running] -- C:\Documents and Settings\NetworkService\Application Data\Adobe\sp.DLL -- (SPService)
SRV - [2012/04/25 20:26:33 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011/06/17 13:33:04 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService)
SRV - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/12/19 11:32:43 | 001,201,640 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe -- (WRConsumerService)
SRV - [2009/11/06 13:00:22 | 004,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Stopped] -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe -- (WebrootSpySweeperService)
SRV - [2008/04/14 08:00:00 | 000,005,632 | ---- | M] (Oak Technology Inc.) [Auto | Stopped] -- C:\WINDOWS\system32\SE2Bmgmt.dll -- (rtl8029)
SRV - [2008/04/14 08:00:00 | 000,005,632 | ---- | M] (Oak Technology Inc.) [Auto | Running] -- C:\WINDOWS\system32\USA49W.dll -- (qmofiltr)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\btwusb.sys -- (BTWUSB)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btwhid.sys -- (btwhid)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btwdndis.sys -- (BTWDNDIS)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btport.sys -- (BTDriver)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\btaudio.sys -- (btaudio)
DRV - [2010/09/13 16:07:38 | 000,027,632 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\clwvd.sys -- (clwvd)
DRV - [2009/11/06 13:00:36 | 000,176,752 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ssidrv.sys -- (ssidrv)
DRV - [2009/11/06 13:00:36 | 000,023,152 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sshrmd.sys -- (sshrmd)
DRV - [2009/11/06 13:00:34 | 000,029,808 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ssfs0bbc.sys -- (ssfs0bbc)
DRV - [2009/05/12 05:18:54 | 005,080,064 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/03/27 16:43:42 | 001,529,600 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2009/03/02 01:03:47 | 000,038,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)
DRV - [2009/02/06 18:08:42 | 000,055,152 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2008/11/18 21:21:28 | 000,039,040 | ---- | M] (GenesysLogic Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\uvclf.sys -- (uvclf)
DRV - [2008/08/05 08:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/04/08 15:59:28 | 000,010,752 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASUSACPI.SYS -- (AsusACPI)
DRV - [2007/11/06 14:22:00 | 000,036,224 | ---- | M] (ArcSoft Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\ArcCD.sys -- (ArcCD)
DRV - [2007/04/25 09:55:02 | 000,134,912 | ---- | M] (ArcSoft Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\ArcUdfs.sys -- (ArcUdfs)
DRV - [2007/04/24 12:33:50 | 000,007,680 | ---- | M] (ArcSoft Inc.) [Recognizer | System | Unknown] -- C:\WINDOWS\System32\drivers\ArcRec.sys -- (ArcRec)
DRV - [2006/11/10 16:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2006/01/04 03:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0B4A10D1-FBD6-451d-BFDA-F03252B05984}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect...mrud=06-07-2010

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/?...susaimc00000001
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.aol.com/?...susaimc00000001
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect...mrud=06-07-2010
IE - HKCU\..\SearchScopes\{3D41F773-C2A2-4541-8F58-DF94FA1311D3}: "URL" = http://search.yahoo....q={searchTerms}
IE - HKCU\..\SearchScopes\{409DD3B4-D1F8-EC6E-EDBD-2367FDA78762}: "URL" = http://www.bing.com/...015&form=ZGAIDF
IE - HKCU\..\SearchScopes\{c8a2333d-6a50-42f0-922a-95c1c57f7aa6}: "URL" = http://slirsredirect...u10aiminstabie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8075

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.facebook.com/home.php\r"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.51204.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Owner\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/04/25 20:26:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/13 00:32:41 | 000,000,000 | ---D | M]

[2002/02/02 03:16:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2012/04/25 20:36:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b5oi9ciu.default\extensions
[2012/01/08 18:03:15 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b5oi9ciu.default\extensions\[email protected]
[2011/12/02 18:18:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/04/25 20:26:33 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/02/01 13:51:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/12/30 18:27:07 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/30 18:27:07 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U23 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Unity Player (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.51204.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

Hosts file not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [ArcSoft MediaImpression Monitor] C:\Program Files\Kodak\MediaImpression\ArcMonitor.exe (ArcSoft, Inc.)
O4 - HKLM..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [EasyMode] C:\Program Files\ASUS\Easy Mode\Easy Mode.exe ()
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] "%systemroot%\system32\dumprep" 0 -k File not found
O4 - HKLM..\Run: [KodakShareButtonApp] C:\Program Files\Kodak\KODAK Share Button App\Listener.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [LiveUpdate] C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe ()
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PersistenceThread] C:\WINDOWS\System32\PersistenceThread.exe (Intel Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SpySweeper] C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe (Webroot Software, Inc.)
O4 - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files\CyberLink\YouCam\YCMMirage.exe (CyberLink)
O4 - HKLM..\Run: [YouCam Tray] C:\Program Files\CyberLink\YouCam\YouCamTray.exe (CyberLink Corp.)
O4 - HKCU..\Run: [KGShareApp] C:\Program Files\Kodak\KODAK Share Button App\KGShare_App.exe (Eastman Kodak Company)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ SuperHybridEngine.lnk = C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe (ASUSTeK Computer Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Advanced Registry Optimizer.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DA9C2F20-38F8-4BA5-88D7-3821A001A793}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igdlogin: DllName - (igdlogin.dll) - C:\WINDOWS\System32\igdlogin.dll ()
O20 - Winlogon\Notify\itlntfy: DllName - (itlnfw32.dll) - File not found
O20 - Winlogon\Notify\mwusbw32: DllName - (mwusbw32.dll) - C:\WINDOWS\System32\mwusbw32.dll ()
O20 - Winlogon\Notify\vmwusb: DllName - (mwusbw32.dll) - C:\WINDOWS\System32\mwusbw32.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (ows\s) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/08/17 14:09:44 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0e0da07f-3315-11e0-898b-0025d3c9668b}\Shell\AutoRun\command - "" = D:\Install.exe
O33 - MountPoints2\{0e0da07f-3315-11e0-898b-0025d3c9668b}\Shell\menu1\command - "" = D:\Install.exe
O33 - MountPoints2\{7f22f1af-599b-11e1-89ea-0025d3c9668b}\Shell - "" = AutoRun
O33 - MountPoints2\{7f22f1af-599b-11e1-89ea-0025d3c9668b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7f22f1af-599b-11e1-89ea-0025d3c9668b}\Shell\AutoRun\command - "" = D:\KODAK_Camera_Setup_App.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/04/30 18:41:56 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2012/04/30 00:20:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\McAfee
[2012/04/30 00:15:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Security Scan Plus
[2012/04/29 15:14:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee Security Scan
[2012/04/29 15:14:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2012/04/29 15:14:31 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2012/04/29 11:21:31 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/04/29 11:21:30 | 000,070,304 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/04/29 10:52:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS
[2012/04/29 10:52:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS\1000000.07D
[2012/04/29 10:52:00 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2012/04/29 10:51:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Norton Internet Security
[2012/04/29 10:51:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2012/04/29 10:46:54 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2012/04/29 10:46:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2012/04/25 20:26:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2012/04/25 20:26:40 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2011/04/24 11:45:29 | 000,565,248 | ---- | C] (WinTrust) -- C:\Documents and Settings\All Users\Application Data\iCEyocHtffAu.exe
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/30 18:55:04 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/04/30 18:50:02 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{0F0922F3-7EF3-41E1-B2E6-AA59525CF498}.job
[2012/04/30 18:41:54 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2012/04/30 18:35:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/04/30 18:01:01 | 000,000,234 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2012/04/30 17:54:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/30 00:22:46 | 000,021,126 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Attachments_2012_04_30.zip
[2012/04/30 00:18:27 | 000,000,250 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2012/04/30 00:15:09 | 000,001,807 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
[2012/04/30 00:15:09 | 000,001,801 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012/04/30 00:05:01 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[2012/04/29 15:14:26 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/04/29 15:14:25 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/04/29 10:54:39 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\isolate.ini
[2012/04/29 10:54:38 | 000,003,375 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\SymEFA.inf
[2012/04/29 10:54:38 | 000,001,611 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\SymNet.inf
[2012/04/29 10:54:38 | 000,001,389 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\srtspx.inf
[2012/04/29 10:54:37 | 000,001,383 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\srtsp.inf
[2012/04/29 10:54:36 | 000,001,754 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\ccHPx86.inf
[2012/04/29 10:54:35 | 000,000,641 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\BHDrvx86.inf
[2012/04/29 10:52:15 | 000,013,089 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\SymNet.cat
[2012/04/29 10:52:15 | 000,010,659 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\SymEFA.cat
[2012/04/29 10:52:15 | 000,010,621 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\srtspx.cat
[2012/04/29 10:52:15 | 000,010,617 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\srtsp.cat
[2012/04/29 10:52:14 | 000,010,613 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\BHDrvx86.CAT
[2012/04/29 10:52:14 | 000,010,609 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\ccHPx86.cat
[2012/04/27 16:22:06 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/04/26 11:02:47 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/04/20 17:00:13 | 000,001,632 | ---- | M] () -- C:\WINDOWS\tasks\wrSpySweeper_L5680B4036F7E4EDCA1E52C2F8BBAB411.job
[2012/04/18 12:14:49 | 000,000,198 | ---- | M] () -- C:\WINDOWS\System32\itlsvc.dat
[2012/04/18 12:14:48 | 000,105,324 | ---- | M] () -- C:\WINDOWS\System32\itusbcore.dat
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/30 00:22:51 | 000,021,126 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Attachments_2012_04_30.zip
[2012/04/30 00:15:09 | 000,001,807 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
[2012/04/30 00:15:09 | 000,001,801 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012/04/29 11:21:42 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/04/29 10:54:38 | 000,003,375 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\SymEFA.inf
[2012/04/29 10:54:38 | 000,001,611 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\SymNet.inf
[2012/04/29 10:54:38 | 000,001,389 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\srtspx.inf
[2012/04/29 10:54:38 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\isolate.ini
[2012/04/29 10:54:36 | 000,001,754 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\ccHPx86.inf
[2012/04/29 10:54:36 | 000,001,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\srtsp.inf
[2012/04/29 10:54:34 | 000,000,641 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\BHDrvx86.inf
[2012/04/29 10:52:15 | 000,013,089 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\SymNet.cat
[2012/04/29 10:52:15 | 000,010,659 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\SymEFA.cat
[2012/04/29 10:52:15 | 000,010,621 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\srtspx.cat
[2012/04/29 10:52:15 | 000,010,617 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\srtsp.cat
[2012/04/29 10:52:14 | 000,010,613 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\BHDrvx86.CAT
[2012/04/29 10:52:14 | 000,010,609 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\ccHPx86.cat
[2012/04/28 13:10:46 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[2011/12/19 14:13:48 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/19 07:54:35 | 000,105,324 | ---- | C] () -- C:\WINDOWS\System32\itusbcore.dat
[2011/11/19 07:54:35 | 000,000,198 | ---- | C] () -- C:\WINDOWS\System32\itlsvc.dat
[2011/11/19 07:51:02 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\mwusbw32.dll
[2011/05/01 13:59:53 | 000,013,880 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\5oh7603awd86
[2011/05/01 13:59:53 | 000,013,750 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\5oh7603awd86
[2011/04/25 22:45:04 | 000,000,250 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2011/04/15 07:50:59 | 000,015,056 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\1382220195
[2011/04/15 07:50:59 | 000,014,992 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\1382220195
[2011/03/18 16:41:57 | 000,012,266 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\2828361360
[2011/03/18 16:41:57 | 000,012,254 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\2239241975
[2011/03/18 16:41:27 | 000,012,282 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\3ietm58n0fabu3ebh60u366o1yd
[2011/03/18 16:41:27 | 000,012,254 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\2239241975
[2011/03/18 16:37:43 | 000,011,598 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\3ietm58n0fabu3ebh60u366o1yd
[2011/03/18 16:37:43 | 000,010,070 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\3ietm58n0fabu3ebh60u366o1yd
[2010/07/03 16:19:38 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\$NtUninstallKB27601$] -> Error: Cannot create file handle -> Unknown point type

< End of report >
  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP
Clear the Java Cache by following the instructions on
http://www.java.com/...lugin_cache.xml

You do not have the latest Java.
First go into Control Panel, Add/Remove Software and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)
I see:
Java™ 6 Update 23

Get the latest Java at:
http://www.java.com/en/

Save it to your PC then close all browsers and install it. Do not let it install the yahoo toolbar or other foistware.



Uninstall:
Adobe Reader 8.1.1 (get latest adobe reader from adobe.com. Do not let it install any tool bars or security scans.)
Ask Toolbar
Bonjour
Choice Guard
McAfee Security Scan Plus


Copy the text in the code box by highlighting and Ctrl + c

:processes
killallprocesses

:OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8075
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O20 - Winlogon\Notify\igdlogin: DllName - (igdlogin.dll) - C:\WINDOWS\System32\igdlogin.dll ()
O20 - Winlogon\Notify\itlntfy: DllName - (itlnfw32.dll) - File not found
O20 - Winlogon\Notify\mwusbw32: DllName - (mwusbw32.dll) - C:\WINDOWS\System32\mwusbw32.dll ()
O20 - Winlogon\Notify\vmwusb: DllName - (mwusbw32.dll) - C:\WINDOWS\System32\mwusbw32.dll ()
[2012/04/28 13:10:46 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[2011/12/19 14:13:48 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/19 07:54:35 | 000,105,324 | ---- | C] () -- C:\WINDOWS\System32\itusbcore.dat
[2011/11/19 07:54:35 | 000,000,198 | ---- | C] () -- C:\WINDOWS\System32\itlsvc.dat
[2011/11/19 07:51:02 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\mwusbw32.dll
[2011/05/01 13:59:53 | 000,013,880 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\5oh7603awd86
[2011/05/01 13:59:53 | 000,013,750 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\5oh7603awd86
[2011/04/15 07:50:59 | 000,015,056 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\1382220195
[2011/04/15 07:50:59 | 000,014,992 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\1382220195
[2011/03/18 16:41:57 | 000,012,266 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\2828361360
[2011/03/18 16:41:57 | 000,012,254 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\2239241975
[2011/03/18 16:41:27 | 000,012,282 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\3ietm58n0fabu3ebh60u366o1yd
[2011/03/18 16:41:27 | 000,012,254 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\2239241975
[2011/03/18 16:37:43 | 000,011,598 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\3ietm58n0fabu3ebh60u366o1yd
[2011/03/18 16:37:43 | 000,010,070 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\3ietm58n0fabu3ebh60u366o1yd
[2011/04/24 11:45:29 | 000,565,248 | ---- | C] (WinTrust) -- C:\Documents and Settings\All Users\Application Data\iCEyocHtffAu.exe

:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
sc config Xyz777s start= disabled /c
sc config wg6n start= disabled /c
sc config was start= disabled /c
sc config wanusb start= disabled /c
sc config vmusb start= disabled /c
sc config tme3srv start= disabled /c
sc config SQLBrowser start= disabled /c
sc config Si3132r5 start= disabled /c
sc config rt2500usb start= disabled /c
sc config mnsframework start= disabled /c
sc config merakpop3 start= disabled /c
sc config dlabmfsm start= disabled /c
sc config ahcix86s start= disabled /c
sc config {eda5f5d3-9e0f-4f4d-8a13-1d1cf469c9cc} start= disabled /c
sc config rtl8029 start= disabled /c
sc config qmofiltr start= disabled /c

:Commands
[EMPTYJAVA]
[EMPTYFLASH]
[RESETHOSTS]
[purity]
[Reboot]

then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.



ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on ComboFix to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Double click on TDSSKiller.exe (Vista or Win 7 must right click and Run As Admin)
If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Download aswMBR.exe ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
uncheck trace disk IO calls
Click the "Scan" button to start scan (allow the Avast Engine)
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply


Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

You should get one log. Please copy and paste it to a reply.
  • 0

#5
theprefixx

theprefixx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
========== PROCESSES ==========
All processes killed
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 removed from extensions.enabledItems
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater not found.
File C:\Program Files\Ask.com\Updater\Updater.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igdlogin\ not found.
File C:\WINDOWS\System32\igdlogin.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\itlntfy\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mwusbw32\ not found.
File C:\WINDOWS\System32\mwusbw32.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\vmwusb\ deleted successfully.
File C:\WINDOWS\System32\mwusbw32.dll not found.
C:\WINDOWS\system32\dds_trash_log.cmd moved successfully.
File C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini not found.
File C:\WINDOWS\System32\itusbcore.dat not found.
File C:\WINDOWS\System32\itlsvc.dat not found.
File C:\WINDOWS\System32\mwusbw32.dll not found.
File C:\Documents and Settings\NetworkService\Local Settings\Application Data\5oh7603awd86 not found.
File C:\Documents and Settings\All Users\Application Data\5oh7603awd86 not found.
File C:\Documents and Settings\NetworkService\Local Settings\Application Data\1382220195 not found.
File C:\Documents and Settings\All Users\Application Data\1382220195 not found.
File C:\Documents and Settings\All Users\Application Data\2828361360 not found.
File C:\Documents and Settings\Owner\Local Settings\Application Data\2239241975 not found.
File C:\Documents and Settings\Owner\Local Settings\Application Data\3ietm58n0fabu3ebh60u366o1yd not found.
File C:\Documents and Settings\All Users\Application Data\2239241975 not found.
File C:\Documents and Settings\All Users\Application Data\3ietm58n0fabu3ebh60u366o1yd not found.
File C:\Documents and Settings\NetworkService\Local Settings\Application Data\3ietm58n0fabu3ebh60u366o1yd not found.
File C:\Documents and Settings\All Users\Application Data\iCEyocHtffAu.exe not found.
========== FILES ==========
< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Owner\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Owner\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Owner\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Owner\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Owner\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Owner\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Owner\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Owner\Desktop\cmd.txt deleted successfully.
< sc config Xyz777s start= disabled /c >
[SC] ChangeServiceConfig SUCCESS
C:\Documents and Settings\Owner\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Owner\Desktop\cmd.txt deleted successfully.
< sc config wg6n start= disabled /c >
[SC] ChangeServiceConfig SUCCESS
C:\Documents and Settings\Owner\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Owner\Desktop\cmd.txt deleted successfully.
< sc config was start= disabled /c >
[SC] ChangeServiceConfig SUCCESS
C:\Documents and Settings\Owner\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Owner\Desktop\cmd.txt deleted successfully.
< sc config wanusb start= disabled /c >
[SC] ChangeServiceConfig SUCCESS
C:\Documents and Settings\Owner\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Owner\Desktop\cmd.txt deleted successfully.
< sc config vmusb start= disabled /c >
[SC] ChangeServiceConfig SUCCESS
C:\Documents and Settings\Owner\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Owner\Desktop\cmd.txt deleted successfully.
< sc config tme3srv start= disabled /c >
[SC] ChangeServiceConfig SUCCESS
C:\Documents and Settings\Owner\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Owner\Desktop\cmd.txt deleted successfully.
< sc config SQLBrowser start= disabled /c >
[SC] ChangeServiceConfig SUCCESS
C:\Documents and Settings\Owner\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Owner\Desktop\cmd.txt deleted successfully.
< sc config Si3132r5 start= disabled /c >
[SC] ChangeServiceConfig SUCCESS
C:\Documents and Settings\Owner\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Owner\Desktop\cmd.txt deleted successfully.
< sc config rt2500usb start= disabled /c >
[SC] ChangeServiceConfig SUCCESS
C:\Documents and Settings\Owner\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Owner\Desktop\cmd.txt deleted successfully.
< sc config mnsframework start= disabled /c >
[SC] ChangeServiceConfig SUCCESS
C:\Documents and Settings\Owner\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Owner\Desktop\cmd.txt deleted successfully.
< sc config merakpop3 start= disabled /c >
[SC] ChangeServiceConfig SUCCESS
C:\Documents and Settings\Owner\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Owner\Desktop\cmd.txt deleted successfully.
< sc config dlabmfsm start= disabled /c >
[SC] ChangeServiceConfig SUCCESS
C:\Documents and Settings\Owner\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Owner\Desktop\cmd.txt deleted successfully.
< sc config ahcix86s start= disabled /c >
[SC] ChangeServiceConfig SUCCESS
C:\Documents and Settings\Owner\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Owner\Desktop\cmd.txt deleted successfully.
< sc config {eda5f5d3-9e0f-4f4d-8a13-1d1cf469c9cc} start= disabled /c >
[SC] ChangeServiceConfig SUCCESS
C:\Documents and Settings\Owner\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Owner\Desktop\cmd.txt deleted successfully.
< sc config rtl8029 start= disabled /c >
[SC] ChangeServiceConfig SUCCESS
C:\Documents and Settings\Owner\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Owner\Desktop\cmd.txt deleted successfully.
< sc config qmofiltr start= disabled /c >
[SC] ChangeServiceConfig SUCCESS
C:\Documents and Settings\Owner\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Owner\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Default User

User: LocalService
->Java cache emptied: 0 bytes

User: megan2
->Java cache emptied: 0 bytes

User: NetworkService
->Java cache emptied: 0 bytes

User: Owner
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default User

User: LocalService
->Flash cache emptied: 0 bytes

User: megan2

User: NetworkService
->Flash cache emptied: 82535 bytes

User: Owner
->Flash cache emptied: 49755 bytes

Total Flash Files Cleaned = 0.00 mb

HOSTS file reset successfully

OTL by OldTimer - Version 3.2.42.2 log created on 04302012_205045

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
  • 0

#6
theprefixx

theprefixx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
21:10:29.0093 0164 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
21:10:29.0921 0164 ============================================================
21:10:29.0921 0164 Current date / time: 2012/04/30 21:10:29.0921
21:10:29.0921 0164 SystemInfo:
21:10:29.0921 0164
21:10:29.0921 0164 OS Version: 5.1.2600 ServicePack: 3.0
21:10:29.0921 0164 Product type: Workstation
21:10:29.0921 0164 ComputerName: YOUR-YECX24RTR5
21:10:29.0921 0164 UserName: Owner
21:10:29.0921 0164 Windows directory: C:\WINDOWS
21:10:29.0921 0164 System windows directory: C:\WINDOWS
21:10:29.0921 0164 Processor architecture: Intel x86
21:10:29.0921 0164 Number of processors: 2
21:10:29.0921 0164 Page size: 0x1000
21:10:29.0921 0164 Boot type: Normal boot
21:10:29.0921 0164 ============================================================
21:10:44.0296 0164 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:10:44.0312 0164 ============================================================
21:10:44.0312 0164 \Device\Harddisk0\DR0:
21:10:44.0312 0164 MBR partitions:
21:10:44.0312 0164 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1203EBBF
21:10:44.0312 0164 ============================================================
21:10:44.0390 0164 C: <-> \Device\Harddisk0\DR0\Partition0
21:10:44.0390 0164 ============================================================
21:10:44.0390 0164 Initialize success
21:10:44.0390 0164 ============================================================
21:10:48.0062 3772 ============================================================
21:10:48.0062 3772 Scan started
21:10:48.0062 3772 Mode: Manual;
21:10:48.0062 3772 ============================================================
21:10:50.0593 3772 Abiosdsk - ok
21:10:50.0609 3772 abp480n5 - ok
21:10:50.0890 3772 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
21:10:50.0906 3772 ACDaemon - ok
21:10:50.0984 3772 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:10:51.0015 3772 ACPI - ok
21:10:51.0062 3772 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
21:10:51.0062 3772 ACPIEC - ok
21:10:51.0515 3772 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:10:51.0531 3772 AdobeFlashPlayerUpdateSvc - ok
21:10:51.0546 3772 adpu160m - ok
21:10:51.0656 3772 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
21:10:51.0671 3772 aec - ok
21:10:51.0734 3772 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\WINDOWS\system32\drivers\Afc.sys
21:10:51.0734 3772 Afc - ok
21:10:51.0828 3772 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
21:10:51.0828 3772 AFD - ok
21:10:51.0843 3772 Aha154x - ok
21:10:51.0859 3772 ahcix86s - ok
21:10:51.0890 3772 aic78u2 - ok
21:10:51.0906 3772 aic78xx - ok
21:10:51.0984 3772 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
21:10:51.0984 3772 Alerter - ok
21:10:52.0046 3772 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
21:10:52.0046 3772 ALG - ok
21:10:52.0062 3772 AliIde - ok
21:10:52.0359 3772 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys
21:10:52.0578 3772 Ambfilt - ok
21:10:52.0734 3772 amsint - ok
21:10:52.0968 3772 Apple Mobile Device (4b5ae15e5c73eb4dc8dbec2788230d41) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
21:10:52.0968 3772 Apple Mobile Device - ok
21:10:52.0984 3772 AppMgmt - ok
21:10:53.0250 3772 AR5416 (d3e782ad9dca4d6215222a43345f43b0) C:\WINDOWS\system32\DRIVERS\athw.sys
21:10:53.0375 3772 AR5416 - ok
21:10:53.0578 3772 ArcCD (a82f1a1b09593c73efd02a59dc94920c) C:\WINDOWS\system32\drivers\ArcCD.sys
21:10:53.0578 3772 ArcCD - ok
21:10:53.0625 3772 ArcRec (1af9061b61741a912368ab4dc309d25e) C:\WINDOWS\system32\drivers\ArcRec.sys
21:10:53.0625 3772 ArcRec - ok
21:10:53.0734 3772 ArcUdfs (3ee9e41102a2c6b8f7dbad5d44abda05) C:\WINDOWS\system32\drivers\ArcUdfs.sys
21:10:53.0750 3772 ArcUdfs - ok
21:10:53.0765 3772 asc - ok
21:10:53.0781 3772 asc3350p - ok
21:10:53.0812 3772 asc3550 - ok
21:10:53.0906 3772 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
21:10:53.0953 3772 aspnet_state - ok
21:10:54.0000 3772 AsusACPI (12415a4b61ded200fe9932b47a35fa42) C:\WINDOWS\system32\DRIVERS\ASUSACPI.sys
21:10:54.0000 3772 AsusACPI - ok
21:10:54.0062 3772 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:10:54.0078 3772 AsyncMac - ok
21:10:54.0156 3772 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
21:10:54.0171 3772 atapi - ok
21:10:54.0187 3772 Atdisk - ok
21:10:54.0218 3772 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:10:54.0234 3772 Atmarpc - ok
21:10:54.0312 3772 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
21:10:54.0312 3772 AudioSrv - ok
21:10:54.0359 3772 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:10:54.0359 3772 audstub - ok
21:10:54.0515 3772 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:10:54.0578 3772 Beep - ok
21:10:54.0703 3772 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
21:10:54.0781 3772 BITS - ok
21:10:54.0953 3772 Bonjour Service (3f56903e124e820aeece6d471583c6c1) C:\Program Files\Bonjour\mDNSResponder.exe
21:10:54.0968 3772 Bonjour Service - ok
21:10:55.0046 3772 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
21:10:55.0046 3772 Browser - ok
21:10:55.0062 3772 btaudio - ok
21:10:55.0093 3772 BTDriver - ok
21:10:55.0109 3772 BTWDNDIS - ok
21:10:55.0125 3772 btwhid - ok
21:10:55.0140 3772 BTWUSB - ok
21:10:55.0234 3772 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:10:55.0234 3772 cbidf2k - ok
21:10:55.0328 3772 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
21:10:55.0328 3772 CCDECODE - ok
21:10:55.0343 3772 cd20xrnt - ok
21:10:55.0453 3772 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:10:55.0453 3772 Cdaudio - ok
21:10:55.0468 3772 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
21:10:55.0484 3772 Cdfs - ok
21:10:55.0593 3772 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:10:55.0593 3772 Cdrom - ok
21:10:55.0609 3772 Changer - ok
21:10:55.0687 3772 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
21:10:55.0687 3772 CiSvc - ok
21:10:55.0718 3772 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
21:10:55.0734 3772 ClipSrv - ok
21:10:55.0781 3772 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:10:55.0859 3772 clr_optimization_v2.0.50727_32 - ok
21:10:55.0906 3772 clwvd (d40a408169301b5cf70a82e4d343934f) C:\WINDOWS\system32\DRIVERS\clwvd.sys
21:10:55.0906 3772 clwvd - ok
21:10:55.0953 3772 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
21:10:55.0953 3772 CmBatt - ok
21:10:55.0968 3772 CmdIde - ok
21:10:56.0468 3772 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
21:10:56.0468 3772 Compbatt - ok
21:10:56.0484 3772 COMSysApp - ok
21:10:56.0515 3772 Cpqarray - ok
21:10:56.0625 3772 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
21:10:56.0625 3772 CryptSvc - ok
21:10:56.0640 3772 dac2w2k - ok
21:10:56.0656 3772 dac960nt - ok
21:10:57.0406 3772 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
21:10:57.0453 3772 DcomLaunch - ok
21:10:57.0546 3772 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
21:10:57.0593 3772 Dhcp - ok
21:10:57.0687 3772 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
21:10:57.0687 3772 Disk - ok
21:10:57.0703 3772 dlabmfsm - ok
21:10:57.0734 3772 dmadmin - ok
21:10:57.0875 3772 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
21:10:57.0984 3772 dmboot - ok
21:10:58.0015 3772 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
21:10:58.0031 3772 dmio - ok
21:10:58.0156 3772 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:10:58.0171 3772 dmload - ok
21:10:58.0250 3772 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
21:10:58.0265 3772 dmserver - ok
21:10:58.0312 3772 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
21:10:58.0312 3772 DMusic - ok
21:10:58.0421 3772 Dnscache (474b4dc3983173e4b4c9740b0dac98a6) C:\WINDOWS\System32\dnsrslvr.dll
21:10:58.0421 3772 Dnscache - ok
21:10:58.0500 3772 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
21:10:58.0515 3772 Dot3svc - ok
21:10:58.0531 3772 dpti2o - ok
21:10:58.0546 3772 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
21:10:58.0546 3772 drmkaud - ok
21:10:58.0578 3772 dwmrcs - ok
21:10:58.0625 3772 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
21:10:58.0640 3772 EapHost - ok
21:10:58.0703 3772 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
21:10:58.0703 3772 ERSvc - ok
21:10:58.0781 3772 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
21:10:58.0796 3772 Eventlog - ok
21:10:58.0890 3772 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
21:10:58.0921 3772 EventSystem - ok
21:10:59.0000 3772 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
21:10:59.0015 3772 Fastfat - ok
21:10:59.0109 3772 FastUserSwitchingCompatibility (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll
21:10:59.0140 3772 FastUserSwitchingCompatibility - ok
21:10:59.0218 3772 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
21:10:59.0218 3772 Fdc - ok
21:10:59.0250 3772 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
21:10:59.0250 3772 Fips - ok
21:10:59.0265 3772 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
21:10:59.0265 3772 Flpydisk - ok
21:10:59.0343 3772 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
21:10:59.0359 3772 FltMgr - ok
21:10:59.0515 3772 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
21:10:59.0515 3772 FontCache3.0.0.0 - ok
21:10:59.0593 3772 fssfltr (960f5e5e4e1f720465311ac68a99c2df) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
21:10:59.0593 3772 fssfltr - ok
21:10:59.0875 3772 fsssvc (9b1622ebeb31b3411b13382ffcb8737d) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
21:10:59.0953 3772 fsssvc - ok
21:11:00.0015 3772 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:11:00.0015 3772 Fs_Rec - ok
21:11:00.0125 3772 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:11:00.0156 3772 Ftdisk - ok
21:11:00.0218 3772 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
21:11:00.0218 3772 GEARAspiWDM - ok
21:11:00.0296 3772 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:11:00.0296 3772 Gpc - ok
21:11:00.0328 3772 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
21:11:00.0343 3772 HDAudBus - ok
21:11:00.0515 3772 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:11:00.0515 3772 helpsvc - ok
21:11:00.0531 3772 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
21:11:00.0531 3772 HidServ - ok
21:11:00.0609 3772 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:11:00.0609 3772 hidusb - ok
21:11:00.0671 3772 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
21:11:00.0671 3772 hkmsvc - ok
21:11:00.0687 3772 hpn - ok
21:11:04.0765 3772 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
21:11:04.0875 3772 HTTP - ok
21:11:05.0015 3772 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
21:11:05.0031 3772 HTTPFilter - ok
21:11:05.0046 3772 i2omgmt - ok
21:11:05.0078 3772 i2omp - ok
21:11:05.0515 3772 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:11:05.0515 3772 i8042prt - ok
21:11:06.0125 3772 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:11:07.0203 3772 idsvc - ok
21:11:08.0062 3772 igd (4a1e0f6367ff47f87cbe8a7ecf38b01d) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
21:11:08.0375 3772 igd - ok
21:11:08.0796 3772 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:11:08.0796 3772 Imapi - ok
21:11:08.0875 3772 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
21:11:08.0890 3772 ImapiService - ok
21:11:08.0921 3772 ini910u - ok
21:11:09.0671 3772 IntcAzAudAddService (afa6853aa949b5e151e4a10f6805b5b2) C:\WINDOWS\system32\drivers\RtkHDAud.sys
21:11:09.0906 3772 IntcAzAudAddService - ok
21:11:10.0125 3772 IntelIde - ok
21:11:10.0250 3772 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:11:10.0265 3772 intelppm - ok
21:11:10.0312 3772 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
21:11:10.0328 3772 Ip6Fw - ok
21:11:10.0343 3772 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:11:10.0343 3772 IpFilterDriver - ok
21:11:10.0359 3772 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:11:10.0375 3772 IpInIp - ok
21:11:10.0406 3772 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:11:10.0421 3772 IpNat - ok
21:11:10.0625 3772 iPod Service (7a3611564fce7c8be50b03f58cb3eb7d) C:\Program Files\iPod\bin\iPodService.exe
21:11:10.0703 3772 iPod Service - ok
21:11:10.0781 3772 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:11:10.0796 3772 IPSec - ok
21:11:10.0875 3772 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:11:10.0875 3772 IRENUM - ok
21:11:10.0953 3772 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:11:10.0953 3772 isapnp - ok
21:11:11.0187 3772 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe
21:11:11.0187 3772 JavaQuickStarterService - ok
21:11:11.0296 3772 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:11:11.0296 3772 Kbdclass - ok
21:11:12.0109 3772 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
21:11:12.0109 3772 kmixer - ok
21:11:12.0250 3772 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
21:11:12.0250 3772 KSecDD - ok
21:11:15.0203 3772 L1c (6c8658587e91ea25b0fd2e71781ad228) C:\WINDOWS\system32\DRIVERS\l1c51x86.sys
21:11:15.0218 3772 L1c - ok
21:11:15.0828 3772 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
21:11:15.0843 3772 LanmanServer - ok
21:11:15.0984 3772 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
21:11:16.0000 3772 lanmanworkstation - ok
21:11:16.0046 3772 lbrtfdc - ok
21:11:16.0593 3772 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
21:11:16.0593 3772 LmHosts - ok
21:11:22.0859 3772 McComponentHostService (22a7776c5d8eb5930edf9c8dd0884259) C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe
21:11:23.0109 3772 McComponentHostService - ok
21:11:23.0140 3772 merakpop3 - ok
21:11:23.0640 3772 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
21:11:23.0640 3772 Messenger - ok
21:11:23.0796 3772 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:11:23.0890 3772 mnmdd - ok
21:11:24.0031 3772 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
21:11:24.0031 3772 mnmsrvc - ok
21:11:24.0046 3772 mnsframework - ok
21:11:24.0109 3772 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
21:11:24.0125 3772 Modem - ok
21:11:24.0468 3772 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys
21:11:24.0687 3772 Monfilt - ok
21:11:24.0812 3772 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:11:24.0812 3772 Mouclass - ok
21:11:24.0890 3772 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:11:24.0890 3772 mouhid - ok
21:11:24.0953 3772 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
21:11:24.0953 3772 MountMgr - ok
21:11:25.0156 3772 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
21:11:25.0218 3772 MozillaMaintenance - ok
21:11:25.0234 3772 mraid35x - ok
21:11:25.0703 3772 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:11:25.0750 3772 MRxDAV - ok
21:11:26.0093 3772 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:11:26.0375 3772 MRxSmb - ok
21:11:26.0703 3772 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
21:11:26.0703 3772 MSDTC - ok
21:11:26.0765 3772 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
21:11:26.0781 3772 Msfs - ok
21:11:26.0796 3772 MSIServer - ok
21:11:26.0859 3772 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:11:26.0875 3772 MSKSSRV - ok
21:11:26.0890 3772 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:11:26.0890 3772 MSPCLOCK - ok
21:11:26.0984 3772 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
21:11:27.0046 3772 MSPQM - ok
21:11:27.0171 3772 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:11:27.0171 3772 mssmbios - ok
21:11:27.0203 3772 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
21:11:27.0218 3772 MSTEE - ok
21:11:27.0328 3772 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
21:11:27.0359 3772 Mup - ok
21:11:27.0421 3772 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
21:11:27.0421 3772 NABTSFEC - ok
21:11:27.0515 3772 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
21:11:27.0546 3772 napagent - ok
21:11:27.0656 3772 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
21:11:27.0734 3772 NDIS - ok
21:11:27.0781 3772 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
21:11:27.0781 3772 NdisIP - ok
21:11:27.0812 3772 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:11:27.0812 3772 NdisTapi - ok
21:11:27.0859 3772 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:11:27.0859 3772 Ndisuio - ok
21:11:27.0921 3772 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:11:27.0937 3772 NdisWan - ok
21:11:28.0031 3772 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
21:11:28.0031 3772 NDProxy - ok
21:11:28.0062 3772 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:11:28.0093 3772 NetBIOS - ok
21:11:28.0187 3772 NetBT (cb7f7402f8234d64b584836e693e5140) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:11:28.0203 3772 NetBT ( Virus.Win32.ZAccess.k ) - infected
21:11:28.0203 3772 NetBT - detected Virus.Win32.ZAccess.k (0)
21:11:28.0265 3772 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
21:11:28.0312 3772 NetDDE - ok
21:11:28.0328 3772 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
21:11:28.0343 3772 NetDDEdsdm - ok
21:11:28.0390 3772 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:11:28.0406 3772 Netlogon - ok
21:11:28.0562 3772 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
21:11:28.0593 3772 Netman - ok
21:11:28.0765 3772 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:11:28.0781 3772 NetTcpPortSharing - ok
21:11:29.0265 3772 Nla (832e4dd8964ab7acc880b2837cb1ed20) C:\WINDOWS\System32\mswsock.dll
21:11:29.0437 3772 Nla - ok
21:11:29.0515 3772 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
21:11:29.0515 3772 Npfs - ok
21:11:30.0046 3772 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
21:11:30.0109 3772 Ntfs - ok
21:11:30.0125 3772 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:11:30.0125 3772 NtLmSsp - ok
21:11:30.0625 3772 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
21:11:30.0906 3772 NtmsSvc - ok
21:11:30.0984 3772 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:11:30.0984 3772 Null - ok
21:11:31.0078 3772 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:11:31.0109 3772 NwlnkFlt - ok
21:11:31.0125 3772 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:11:31.0125 3772 NwlnkFwd - ok
21:11:31.0921 3772 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:11:31.0953 3772 odserv - ok
21:11:32.0031 3772 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:11:32.0046 3772 ose - ok
21:11:32.0109 3772 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
21:11:32.0109 3772 Parport - ok
21:11:32.0187 3772 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
21:11:32.0203 3772 PartMgr - ok
21:11:32.0218 3772 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
21:11:32.0218 3772 ParVdm - ok
21:11:32.0375 3772 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
21:11:32.0390 3772 PCI - ok
21:11:32.0390 3772 PCIDump - ok
21:11:32.0546 3772 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
21:11:32.0546 3772 PCIIde - ok
21:11:32.0656 3772 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
21:11:32.0656 3772 Pcmcia - ok
21:11:32.0671 3772 PDCOMP - ok
21:11:32.0687 3772 PDFRAME - ok
21:11:32.0718 3772 PDRELI - ok
21:11:32.0734 3772 PDRFRAME - ok
21:11:32.0750 3772 perc2 - ok
21:11:32.0781 3772 perc2hib - ok
21:11:32.0921 3772 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
21:11:32.0937 3772 PlugPlay - ok
21:11:32.0968 3772 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:11:32.0984 3772 PolicyAgent - ok
21:11:33.0031 3772 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:11:33.0031 3772 PptpMiniport - ok
21:11:33.0046 3772 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:11:33.0046 3772 ProtectedStorage - ok
21:11:33.0078 3772 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
21:11:33.0078 3772 PSched - ok
21:11:33.0125 3772 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:11:33.0140 3772 Ptilink - ok
21:11:33.0156 3772 ql1080 - ok
21:11:33.0187 3772 Ql10wnt - ok
21:11:33.0203 3772 ql12160 - ok
21:11:33.0218 3772 ql1240 - ok
21:11:33.0250 3772 ql1280 - ok
21:11:33.0296 3772 qmofiltr (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\USA49W.dll
21:11:33.0296 3772 qmofiltr ( Backdoor.Multi.ZAccess.gen ) - infected
21:11:33.0296 3772 qmofiltr - detected Backdoor.Multi.ZAccess.gen (0)
21:11:33.0343 3772 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:11:33.0343 3772 RasAcd - ok
21:11:33.0406 3772 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
21:11:33.0421 3772 RasAuto - ok
21:11:33.0468 3772 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:11:33.0484 3772 Rasl2tp - ok
21:11:33.0515 3772 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
21:11:33.0546 3772 RasMan - ok
21:11:33.0578 3772 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:11:33.0593 3772 RasPppoe - ok
21:11:33.0656 3772 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:11:33.0656 3772 Raspti - ok
21:11:33.0750 3772 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:11:33.0765 3772 Rdbss - ok
21:11:33.0843 3772 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:11:34.0031 3772 RDPCDD - ok
21:11:35.0984 3772 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
21:11:36.0906 3772 RDPWD - ok
21:11:37.0968 3772 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
21:11:37.0984 3772 RDSessMgr - ok
21:11:38.0078 3772 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:11:38.0093 3772 redbook - ok
21:11:38.0703 3772 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
21:11:38.0703 3772 RemoteAccess - ok
21:11:38.0875 3772 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
21:11:38.0875 3772 RpcLocator - ok
21:11:39.0000 3772 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
21:11:39.0031 3772 RpcSs - ok
21:11:39.0125 3772 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
21:11:39.0140 3772 RSVP - ok
21:11:39.0156 3772 rt2500usb - ok
21:11:39.0218 3772 rtl8029 (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\SE2Bmgmt.dll
21:11:39.0218 3772 rtl8029 ( Backdoor.Multi.ZAccess.gen ) - infected
21:11:39.0218 3772 rtl8029 - detected Backdoor.Multi.ZAccess.gen (0)
21:11:39.0296 3772 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:11:39.0296 3772 SamSs - ok
21:11:39.0359 3772 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
21:11:39.0375 3772 SCardSvr - ok
21:11:39.0453 3772 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
21:11:39.0484 3772 Schedule - ok
21:11:39.0625 3772 SeaPort (d358e077a0a05d9b12da22d137ee8464) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
21:11:39.0656 3772 SeaPort - ok
21:11:39.0781 3772 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:11:39.0781 3772 Secdrv - ok
21:11:39.0906 3772 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
21:11:39.0921 3772 seclogon - ok
21:11:40.0000 3772 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
21:11:40.0015 3772 SENS - ok
21:11:40.0093 3772 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
21:11:40.0093 3772 Serial - ok
21:11:40.0140 3772 sfhlp02 - ok
21:11:40.0250 3772 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
21:11:40.0281 3772 Sfloppy - ok
21:11:40.0531 3772 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
21:11:40.0546 3772 SharedAccess - ok
21:11:40.0687 3772 ShellHWDetection (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll
21:11:40.0703 3772 ShellHWDetection - ok
21:11:40.0718 3772 Si3132r5 - ok
21:11:40.0750 3772 Simbad - ok
21:11:40.0812 3772 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
21:11:40.0812 3772 SLIP - ok
21:11:40.0843 3772 Sparrow - ok
21:11:41.0046 3772 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
21:11:41.0046 3772 splitter - ok
21:11:41.0234 3772 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
21:11:41.0265 3772 Spooler - ok
21:11:41.0625 3772 SPService (398358ae05fcb65538c541279f8304b1) C:\Documents and Settings\NetworkService\Application Data\Adobe\sp.DLL
21:11:41.0671 3772 SPService - ok
21:11:41.0687 3772 SQLBrowser - ok
21:11:42.0203 3772 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
21:11:42.0218 3772 sr - ok
21:11:42.0328 3772 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
21:11:42.0359 3772 srservice - ok
21:11:42.0484 3772 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
21:11:42.0578 3772 Srv - ok
21:11:42.0703 3772 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
21:11:42.0703 3772 SSDPSRV - ok
21:11:42.0734 3772 ssfs0bbc (a3cc244f1e043c2b7ae32899ff99a0a0) C:\WINDOWS\system32\DRIVERS\ssfs0bbc.sys
21:11:42.0734 3772 ssfs0bbc - ok
21:11:42.0765 3772 sshrmd (e041026dafa17af2610afc4da8f4ea14) C:\WINDOWS\system32\DRIVERS\sshrmd.sys
21:11:42.0765 3772 sshrmd - ok
21:11:42.0812 3772 ssidrv (5a40b485825cc31b3a49bb4701b30d35) C:\WINDOWS\system32\DRIVERS\ssidrv.sys
21:11:42.0812 3772 ssidrv - ok
21:11:42.0921 3772 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
21:11:42.0953 3772 stisvc - ok
21:11:43.0031 3772 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
21:11:43.0046 3772 streamip - ok
21:11:43.0125 3772 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:11:43.0125 3772 swenum - ok
21:11:43.0156 3772 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
21:11:43.0156 3772 swmidi - ok
21:11:43.0171 3772 SwPrv - ok
21:11:43.0187 3772 symc810 - ok
21:11:43.0218 3772 symc8xx - ok
21:11:43.0234 3772 sym_hi - ok
21:11:43.0250 3772 sym_u3 - ok
21:11:43.0343 3772 SynTP (8e25a1dbb8527b2074af9b682f818768) C:\WINDOWS\system32\DRIVERS\SynTP.sys
21:11:43.0359 3772 SynTP - ok
21:11:43.0437 3772 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
21:11:43.0453 3772 sysaudio - ok
21:11:43.0656 3772 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
21:11:43.0765 3772 SysmonLog - ok
21:11:44.0015 3772 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
21:11:44.0046 3772 TapiSrv - ok
21:11:44.0375 3772 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:11:44.0421 3772 Tcpip - ok
21:11:44.0531 3772 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:11:44.0531 3772 TDPIPE - ok
21:11:44.0546 3772 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
21:11:44.0562 3772 TDTCP - ok
21:11:44.0671 3772 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:11:44.0687 3772 TermDD - ok
21:11:44.0937 3772 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
21:11:44.0984 3772 TermService - ok
21:11:45.0093 3772 Themes (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll
21:11:45.0109 3772 Themes - ok
21:11:45.0125 3772 tme3srv - ok
21:11:45.0140 3772 TosIde - ok
21:11:45.0281 3772 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
21:11:45.0296 3772 TrkWks - ok
21:11:45.0484 3772 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
21:11:45.0500 3772 Udfs - ok
21:11:45.0515 3772 ultra - ok
21:11:46.0000 3772 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
21:11:46.0125 3772 Update - ok
21:11:46.0265 3772 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
21:11:46.0281 3772 upnphost - ok
21:11:46.0359 3772 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
21:11:46.0390 3772 UPS - ok
21:11:46.0515 3772 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\WINDOWS\system32\Drivers\usbaapl.sys
21:11:46.0515 3772 USBAAPL - ok
21:11:46.0593 3772 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:11:46.0609 3772 usbccgp - ok
21:11:46.0703 3772 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:11:46.0703 3772 usbehci - ok
21:11:46.0796 3772 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:11:46.0812 3772 usbhub - ok
21:11:47.0000 3772 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:11:47.0000 3772 usbscan - ok
21:11:47.0046 3772 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:11:47.0062 3772 usbstor - ok
21:11:47.0234 3772 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:11:47.0234 3772 usbuhci - ok
21:11:47.0343 3772 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
21:11:47.0359 3772 usbvideo - ok
21:11:47.0453 3772 uvclf (c019889035cdc1a06f2febc93cbb6897) C:\WINDOWS\system32\DRIVERS\uvclf.sys
21:11:47.0453 3772 uvclf - ok
21:11:47.0625 3772 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
21:11:47.0625 3772 VgaSave - ok
21:11:47.0640 3772 ViaIde - ok
21:11:47.0671 3772 vmusb - ok
21:11:47.0781 3772 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
21:11:47.0796 3772 VolSnap - ok
21:11:48.0031 3772 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
21:11:48.0078 3772 VSS - ok
21:11:48.0156 3772 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
21:11:48.0187 3772 W32Time - ok
21:11:48.0234 3772 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:11:48.0234 3772 Wanarp - ok
21:11:48.0250 3772 wanusb - ok
21:11:48.0281 3772 was - ok
21:11:48.0390 3772 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
21:11:48.0484 3772 Wdf01000 - ok
21:11:48.0500 3772 WDICA - ok
21:11:48.0609 3772 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
21:11:48.0609 3772 wdmaud - ok
21:11:48.0640 3772 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
21:11:48.0656 3772 WebClient - ok
21:11:50.0343 3772 WebrootSpySweeperService (3c3f05960536407a47d598138489b335) C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
21:11:51.0546 3772 WebrootSpySweeperService - ok
21:11:52.0000 3772 wg6n - ok
21:11:52.0171 3772 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
21:11:52.0187 3772 winmgmt - ok
21:11:52.0296 3772 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
21:11:52.0328 3772 WmdmPmSN - ok
21:11:52.0468 3772 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
21:11:52.0484 3772 WmiAcpi - ok
21:11:52.0578 3772 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
21:11:52.0593 3772 WmiApSrv - ok
21:11:58.0140 3772 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
21:11:58.0203 3772 WMPNetworkSvc - ok
21:11:58.0453 3772 WRConsumerService (eaa24ce4ae91839c67914b497d7cf5fe) C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
21:11:58.0515 3772 WRConsumerService - ok
21:11:58.0812 3772 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
21:11:58.0828 3772 WSTCODEC - ok
21:11:58.0921 3772 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:11:58.0937 3772 WudfPf - ok
21:11:59.0000 3772 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:11:59.0015 3772 WudfRd - ok
21:11:59.0062 3772 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
21:11:59.0078 3772 WudfSvc - ok
21:11:59.0203 3772 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
21:11:59.0250 3772 WZCSVC - ok
21:11:59.0359 3772 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
21:11:59.0406 3772 xmlprov - ok
21:11:59.0421 3772 Xyz777s - ok
21:11:59.0515 3772 MBR (0x1B8) (2839639fa37b8353e792a2a30a12ced3) \Device\Harddisk0\DR0
21:11:59.0640 3772 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - infected
21:11:59.0640 3772 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
21:11:59.0734 3772 Boot (0x1200) (4784498201153e534f13a8986d6dea8f) \Device\Harddisk0\DR0\Partition0
21:11:59.0734 3772 \Device\Harddisk0\DR0\Partition0 - ok
21:11:59.0734 3772 ============================================================
21:11:59.0734 3772 Scan finished
21:11:59.0734 3772 ============================================================
21:11:59.0781 2576 Detected object count: 4
21:11:59.0781 2576 Actual detected object count: 4
21:12:27.0031 2576 C:\WINDOWS\system32\DRIVERS\netbt.sys - copied to quarantine
21:12:34.0468 2576 C:\WINDOWS\$NtUninstallKB27601$\2522283399\@ - copied to quarantine
21:12:34.0500 2576 C:\WINDOWS\$NtUninstallKB27601$\2522283399\cfg.ini - copied to quarantine
21:12:34.0656 2576 C:\WINDOWS\$NtUninstallKB27601$\2522283399\Desktop.ini - copied to quarantine
21:13:31.0046 2576 C:\WINDOWS\$NtUninstallKB27601$\2522283399\L\cfapnixl - copied to quarantine
21:13:33.0406 2576 C:\WINDOWS\$NtUninstallKB27601$\2522283399\oemid - copied to quarantine
21:13:33.0515 2576 C:\WINDOWS\$NtUninstallKB27601$\2522283399\U\[email protected] - copied to quarantine
21:13:34.0515 2576 C:\WINDOWS\$NtUninstallKB27601$\2522283399\U\[email protected] - copied to quarantine
21:13:35.0796 2576 C:\WINDOWS\$NtUninstallKB27601$\2522283399\U\[email protected] - copied to quarantine
21:13:36.0781 2576 C:\WINDOWS\$NtUninstallKB27601$\2522283399\U\[email protected] - copied to quarantine
21:13:41.0406 2576 C:\WINDOWS\$NtUninstallKB27601$\2522283399\U\[email protected] - copied to quarantine
21:13:42.0375 2576 C:\WINDOWS\$NtUninstallKB27601$\2522283399\U\[email protected] - copied to quarantine
21:14:33.0843 2576 C:\WINDOWS\$NtUninstallKB27601$\2522283399\version - copied to quarantine
21:14:36.0718 2576 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\netbt.sys) error 1813
21:15:09.0953 2576 Backup copy found, using it..
21:15:16.0109 2576 C:\WINDOWS\system32\DRIVERS\netbt.sys - will be cured on reboot
21:15:27.0781 2576 C:\WINDOWS\$NtUninstallKB27601$\1787631225 - will be deleted on reboot
21:15:27.0781 2576 C:\WINDOWS\$NtUninstallKB27601$\2522283399\@ - will be deleted on reboot
21:15:27.0781 2576 C:\WINDOWS\$NtUninstallKB27601$\2522283399\cfg.ini - will be deleted on reboot
21:15:27.0781 2576 C:\WINDOWS\$NtUninstallKB27601$\2522283399\Desktop.ini - will be deleted on reboot
21:15:27.0828 2576 C:\WINDOWS\$NtUninstallKB27601$\2522283399\oemid - will be deleted on reboot
21:15:28.0578 2576 C:\WINDOWS\$NtUninstallKB27601$\2522283399\U\[email protected] - will be deleted on reboot
21:15:28.0578 2576 C:\WINDOWS\$NtUninstallKB27601$\2522283399\U\[email protected] - will be deleted on reboot
21:15:28.0578 2576 C:\WINDOWS\$NtUninstallKB27601$\2522283399\U\[email protected] - will be deleted on reboot
21:15:28.0578 2576 C:\WINDOWS\$NtUninstallKB27601$\2522283399\U\[email protected] - will be deleted on reboot
21:15:28.0578 2576 C:\WINDOWS\$NtUninstallKB27601$\2522283399\U\[email protected] - will be deleted on reboot
21:15:28.0593 2576 C:\WINDOWS\$NtUninstallKB27601$\2522283399\U\[email protected] - will be deleted on reboot
21:15:28.0593 2576 C:\WINDOWS\$NtUninstallKB27601$\2522283399\version - will be deleted on reboot
21:15:28.0812 2576 NetBT ( Virus.Win32.ZAccess.k ) - User select action: Cure
21:15:29.0000 2576 C:\WINDOWS\system32\USA49W.dll - copied to quarantine
21:15:29.0890 2576 HKLM\SYSTEM\ControlSet001\services\qmofiltr - will be deleted on reboot
21:15:29.0890 2576 HKLM\SYSTEM\ControlSet003\services\qmofiltr - will be deleted on reboot
21:15:29.0906 2576 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\svchost:netsvcs - cured
21:15:29.0906 2576 C:\WINDOWS\system32\USA49W.dll - will be deleted on reboot
21:15:29.0906 2576 qmofiltr ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
21:15:30.0375 2576 C:\WINDOWS\system32\SE2Bmgmt.dll - copied to quarantine
21:15:30.0718 2576 HKLM\SYSTEM\ControlSet001\services\rtl8029 - will be deleted on reboot
21:15:30.0718 2576 HKLM\SYSTEM\ControlSet003\services\rtl8029 - will be deleted on reboot
21:15:30.0734 2576 C:\WINDOWS\system32\SE2Bmgmt.dll - will be deleted on reboot
21:15:30.0734 2576 rtl8029 ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
21:15:33.0000 2576 \Device\Harddisk0\DR0\# - copied to quarantine
21:15:33.0140 2576 \Device\Harddisk0\DR0 - copied to quarantine
21:15:33.0515 2576 \Device\Harddisk0\DR0\TDLFS\cfg.ini - copied to quarantine
21:15:33.0593 2576 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
21:15:33.0703 2576 \Device\Harddisk0\DR0\TDLFS\bckfg.tmp - copied to quarantine
21:15:33.0781 2576 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
21:15:34.0812 2576 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
21:15:34.0921 2576 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
21:15:58.0187 2576 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
21:16:02.0437 2576 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
21:16:12.0281 2576 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
21:16:13.0437 2576 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
21:16:23.0406 2576 \Device\Harddisk0\DR0\TDLFS\keywords - copied to quarantine
21:16:23.0546 2576 \Device\Harddisk0\DR0\TDLFS\dkmks.tmp - copied to quarantine
21:16:24.0125 2576 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - will be cured on reboot
21:16:24.0203 2576 \Device\Harddisk0\DR0 - ok
21:16:24.0218 2576 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - User select action: Cure
  • 0

#7
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP
Make sure you reboot and run TDSSKiller again to make sure it was successful in removing what it found.
  • 0

#8
theprefixx

theprefixx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
now for some reason its shut off my internet connection
  • 0

#9
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP
Start, Run, cmd, OK to bring up a Command Window. Type with an Enter after each line:

net  start  dhcp

Do you get an error about a dependency not starting? Which one?
  • 0

#10
theprefixx

theprefixx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
it says dhcp is not recognized as an internal or external command
  • 0

Advertisements


#11
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP
that should be three words "net start dhcp"
then the Enter.
  • 0

#12
theprefixx

theprefixx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
ok now it says the dependency service or group failed to start
  • 0

#13
theprefixx

theprefixx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
also it says system error 1068 has occured
  • 0

#14
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP
try:

net start afd

that's usually the one that gets eaten.
  • 0

#15
theprefixx

theprefixx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
it says more help is available by typing net helpmsg 2182..which i did and it says the requested service has already been started
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP