Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Hearing ads playing, updates fail, MSE found some "blachole" s


  • This topic is locked This topic is locked

#1
SteveMAtlBch

SteveMAtlBch

    Member

  • Member
  • PipPip
  • 29 posts
No idea of what to call it or where it came from. Ads started June 12, plays for a few minutes after reboot, 2 or more playing at once and maybe not all ads, cannot make it out, and it stops after a while. Looking at MSE history it flagged maybe 5 things all containing "blachole" or similar - I have removed those entries. One was dated June 1, rest June 12 just minutes after the ads play first time. Other weirdness including things on screen bigger than usual and fuzzy, volume control displays message when clicked "no mixer" or something. After a reboot the ads play a bit, otherwise machine seems ok except the updates all fail. MSE does update though. In a day or 2 the other issues appear, eventually, cannot connect to any sites until reboot. Few days ago I plugged my iphone in and itunes generated some message about problems with the audio in the pc and it would not play music. Right now it does though. Now on start-up of itunes today it says "itunes requires a newer version of Apple Mobile Device Support. Please uninstall both Apple Mobile Device Support and itunes, and install itunes again". I find that quite weird.

Actions:

scans of MSE and malware bytes (clean)
TFC run
restored to a June 6 point - the oldest one I had, obviously not old enough

Here is the OTL, thanks for looking (I know I have to get another hard drive for pics and music, or just replace this thing):

OTL logfile created on: 6/17/2012 2:36:01 PM - Run 6
OTL by OldTimer - Version 3.2.49.0 Folder = C:\Documents and Settings\Nyla\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.07 Gb Available Physical Memory | 68.95% Memory free
5.84 Gb Paging File | 4.97 Gb Available in Paging File | 85.11% Paging File free
Paging file location(s): C:\pagefile.sys 3069 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 4.10 Gb Free Space | 11.02% Space Free | Partition Type: NTFS
Drive E: | 141.78 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 465.54 Gb Total Space | 451.79 Gb Free Space | 97.05% Space Free | Partition Type: NTFS

Computer Name: STEVE | User Name: Nyla | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/17 14:33:09 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nyla\Desktop\OTL.exe
PRC - [2012/06/17 14:07:05 | 000,526,448 | ---- | M] (Google Inc.) -- C:\Documents and Settings\All Users\Application Data\Google\Google Toolbar\Update\GoogleToolbarInstaller_updater_signed.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2011/10/13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/07/22 00:07:38 | 000,718,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
PRC - [2011/04/25 02:24:16 | 000,726,976 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\wfcrun32.exe
PRC - [2011/04/25 02:22:40 | 000,305,088 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\concentr.exe
PRC - [2010/11/18 05:05:07 | 000,862,032 | ---- | M] (Storage Appliance Corp.) -- C:\Documents and Settings\All Users\Application Data\OfficeGuardianV2N\Reminder\SacReminder.exe
PRC - [2010/11/18 05:05:06 | 000,163,664 | R--- | M] (Storage Appliance Corporation) -- C:\Documents and Settings\All Users\Application Data\OfficeGuardianV2N\Reminder\SacNetAgent.exe
PRC - [2009/10/18 22:12:00 | 001,983,816 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2009/07/20 13:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2009/07/10 13:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2009/05/19 17:11:52 | 000,136,544 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
PRC - [2009/03/05 16:25:12 | 000,013,824 | ---- | M] (Imfinity Pte Ltd) -- C:\Program Files\Dell\PowerNap\PowerNapWatcher.exe
PRC - [2009/03/05 16:25:08 | 001,224,704 | ---- | M] (Dell) -- C:\Program Files\Dell\PowerNap\PowerNap.exe
PRC - [2009/03/05 16:25:04 | 000,011,776 | ---- | M] () -- C:\Program Files\Dell\PowerNap\PowerNap.Service.exe
PRC - [2009/02/21 22:51:44 | 000,281,144 | ---- | M] (EnTech Taiwan) -- C:\Program Files\softOSD\softOSD.exe
PRC - [2009/02/21 08:55:36 | 000,088,616 | ---- | M] (EnTech Taiwan) -- C:\WINDOWS\system32\softLCP.exe
PRC - [2009/02/10 12:01:49 | 000,116,104 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/13 03:32:32 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\9080c8e8e7b6dfb502c1328673d636f8\System.Management.ni.dll
MOD - [2012/05/13 03:29:44 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8dc4a28c456f81ee7399da21bd9d55aa\System.ServiceProcess.ni.dll
MOD - [2012/05/13 03:28:20 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
MOD - [2012/05/13 03:25:20 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012/05/13 03:25:06 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\995fcf39ead2c2a53e084505c2c67d49\System.Windows.Forms.ni.dll
MOD - [2012/05/13 03:24:44 | 001,591,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\8ca00132a08c69697adf1cda32ebd835\System.Drawing.ni.dll
MOD - [2012/05/13 03:17:44 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012/05/13 03:17:01 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/09/07 00:31:11 | 000,212,992 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\OfficeGuardianV2N\Reminder\1530Class.dll
MOD - [2009/07/20 13:27:14 | 000,017,936 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\khalwrapper.dll
MOD - [2009/07/02 15:35:04 | 000,204,800 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\OfficeGuardianV2N\Reminder\SPTIASPI.DLL
MOD - [2009/03/05 16:25:04 | 000,011,776 | ---- | M] () -- C:\Program Files\Dell\PowerNap\PowerNap.Service.exe
MOD - [2009/03/05 16:25:02 | 000,044,544 | ---- | M] () -- C:\Program Files\Dell\PowerNap\PowerNap.Core.dll
MOD - [2009/02/10 12:01:49 | 000,116,104 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe


========== Win32 Services (SafeList) ==========

SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/10/21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/10/13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011/06/12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/11/18 05:05:06 | 000,163,664 | R--- | M] (Storage Appliance Corporation) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\OfficeGuardianV2N\Reminder\SacNetAgent.exe -- (SacNetAgentService_C57C4F854F53)
SRV - [2009/07/20 13:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009/03/05 16:25:04 | 000,011,776 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\PowerNap\PowerNap.Service.exe -- (dell_power_nap_service)
SRV - [2009/02/21 22:51:44 | 000,281,144 | ---- | M] (EnTech Taiwan) [Auto | Running] -- C:\Program Files\softOSD\softOSD.exe -- (softOSD)
SRV - [2009/02/10 12:01:49 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCTINDIS5.SYS -- (PCTINDIS5)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B28D1F77-454D-464F-80FC-6F93E5836247}\MpKsl0aea1693.sys -- (MpKsl0aea1693)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2011/04/25 01:49:16 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ctxusbm.sys -- (ctxusbm)
DRV - [2009/09/16 10:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/09/16 10:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 10:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/06/17 12:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 12:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/06/17 12:55:58 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidEqd.sys -- (LHidEqd)
DRV - [2009/06/17 12:55:50 | 000,040,720 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV - [2007/05/03 12:19:32 | 000,012,112 | ---- | M] (EnTech Taiwan) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\se32.sys -- (se32)
DRV - [2006/08/24 13:44:14 | 000,477,696 | ---- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZD1211BU.sys -- (ZD1211BU(ZyDAS)) ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS)
DRV - [2006/07/14 13:45:20 | 000,156,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2006/06/07 20:08:58 | 001,580,544 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/09/17 12:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2001/08/30 11:15:36 | 000,019,968 | ---- | M] (Handspring, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VisorUsb.sys -- (VisorUsb)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
IE - HKCU\..\SearchScopes,DefaultScope = {76EBF94C-159B-437B-B4F0-F256643724BA}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{76EBF94C-159B-437B-B4F0-F256643724BA}: "URL" = http://www.dogpile.c...=7?_IceUrl=true
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.cnn.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2009/10/27 16:44:46 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/23 22:42:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/23 22:43:49 | 000,000,000 | ---D | M]

[2009/02/08 14:00:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Nyla\Application Data\Mozilla\Extensions
[2010/02/21 13:43:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Nyla\Application Data\Mozilla\Firefox\Profiles\guiqbm6v.default\extensions
[2009/07/09 06:30:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Nyla\Application Data\Mozilla\Firefox\Profiles\guiqbm6v.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/02 14:24:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/12 07:44:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/07/28 07:01:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/10 08:03:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/02 14:24:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2009/03/17 20:18:12 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
File not found (No name found) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2011/04/25 01:58:10 | 000,124,864 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CCMSDK.dll
[2011/04/25 02:00:08 | 000,071,104 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll
[2011/04/25 01:59:06 | 000,092,096 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\confmgr.dll
[2011/04/25 01:58:38 | 000,022,976 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/04/25 02:49:00 | 000,485,288 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll
[2007/03/09 19:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\mozilla firefox\plugins\npyaxmpb.dll
[2011/04/25 02:00:04 | 000,024,512 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll

O1 HOSTS File: ([2004/08/04 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
O4 - HKCU..\Run: [SacReminderHDDV2N] C:\Documents and Settings\All Users\Application Data\OfficeGuardianV2N\Reminder\SacReminder.exe (Storage Appliance Corp.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PowerNap.lnk = C:\WINDOWS\Installer\{68259209-C71D-44C7-900E-20BC0F7E0BF1}\_A45711B63B8E1DD683E50A.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PowerNapWatcher.lnk = C:\WINDOWS\Installer\{68259209-C71D-44C7-900E-20BC0F7E0BF1}\_8C3690E649AC58E83BCA00.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: csx.com ([apps] http in Local intranet)
O15 - HKCU\..Trusted Domains: csx.com ([apps] https in Local intranet)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell....iler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1204741521953 (WUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} https://www.icloud.c...stem/iCloud.cab (iCloud Web App Plugin)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F50DA735-A4FF-454F-A865-257C2AC574D2}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logitech\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/03/05 13:56:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/12/06 10:15:22 | 000,000,097 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2012/06/17 08:51:23 | 000,000,044 | ---- | M] () - F:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/17 14:33:03 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Nyla\Desktop\OTL.exe
[2012/06/14 17:48:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WunderPhoto Screensaver dir
[2012/06/14 10:55:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2012/06/14 10:51:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nyla\Application Data\Google
[2012/06/14 10:50:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2012/06/14 10:49:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2012/06/12 17:08:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2012/06/12 17:03:45 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/06/12 17:03:29 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/06/12 16:43:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Apple
[2012/06/12 03:44:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2012/06/12 03:44:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2012/06/12 02:55:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp
[2012/06/12 02:55:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2012/05/30 09:11:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/05/30 09:11:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2012/05/23 22:43:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2012/05/23 22:42:57 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime

========== Files - Modified Within 30 Days ==========

[2012/06/17 14:33:20 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/06/17 14:33:09 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nyla\Desktop\OTL.exe
[2012/06/17 14:07:52 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/06/17 14:06:30 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/06/17 14:01:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/17 13:59:29 | 000,002,351 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PowerNapWatcher.lnk
[2012/06/17 13:59:28 | 000,002,327 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PowerNap.lnk
[2012/06/17 13:59:27 | 000,249,324 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2012/06/17 13:59:21 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/17 13:57:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/06/17 13:57:36 | 3219,271,680 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/14 17:48:22 | 000,512,000 | ---- | M] (ScreenTime Media) -- C:\WINDOWS\System32\WunderPhoto Screensaver.scr
[2012/06/13 03:15:29 | 000,465,500 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/06/13 03:15:29 | 000,079,386 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/06/12 17:08:14 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/06/12 16:43:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/05/23 22:46:01 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2012/05/23 22:46:01 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\Nyla\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2012/05/23 22:43:39 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk

========== Files Created - No Company Name ==========

[2012/06/14 10:50:42 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/14 10:50:42 | 000,000,878 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/12 17:08:14 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/05/23 22:43:39 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2012/02/15 11:24:01 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/07/03 18:15:00 | 000,014,616 | -HS- | C] () -- C:\Documents and Settings\Nyla\Local Settings\Application Data\u55uuu8cj8xv583c4rj18k
[2011/07/03 18:15:00 | 000,014,616 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\u55uuu8cj8xv583c4rj18k
[2010/10/31 15:46:45 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\Nyla\Application Data\setup_ldm.iss
[2010/07/03 19:38:27 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

========== LOP Check ==========

[2009/06/30 15:01:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2Wire
[2010/09/06 12:21:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2011/10/02 20:38:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJ
[2010/09/06 14:17:51 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2010/09/06 14:06:37 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEPPEX
[2010/09/06 12:45:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJMyPrinter
[2012/06/10 17:12:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJPLM
[2010/09/06 12:46:58 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2010/09/06 12:47:59 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJSolutionMenu
[2011/09/19 08:31:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2011/05/23 09:40:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\magicJack
[2012/04/23 07:26:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OfficeGuardianV2N
[2009/03/14 09:28:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/04/02 09:47:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/19 10:35:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/10 10:34:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/06/05 09:38:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nyla\Application Data\2Wire
[2010/09/06 12:46:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nyla\Application Data\Canon
[2010/09/19 10:46:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nyla\Application Data\Canon Easy-WebPrint EX
[2009/02/10 09:47:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nyla\Application Data\ICAClient
[2010/10/31 15:41:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nyla\Application Data\Leadertech
[2012/03/09 09:06:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nyla\Application Data\mjusbsp
[2009/03/14 13:07:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nyla\Application Data\OpenOffice.org
[2009/02/07 19:56:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nyla\Application Data\Windows Desktop Search
[2009/03/14 11:43:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nyla\Application Data\Windows Search

========== Purity Check ==========
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi if it is a blackhole exploit then we will need to check the MBR first

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application
    Posted Image
  • Then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
  • Click the Start Scan button.

  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
  • Get the report by selecting Reports

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

Please copy and paste its contents on your next reply.

THEN

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#3
SteveMAtlBch

SteveMAtlBch

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Hi. Thanks for the response, Been buried at work, some car trouble to boot, and will be on this in the next 24 hours. Please do not close for no response. Thanks!!!
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
No problem, thanks for keeping me informed :cool:
  • 0

#5
SteveMAtlBch

SteveMAtlBch

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Carried out both of these tasks. Immediate improvement after the first step, and the ads (or was it some radio station - was playing a few songs last night as I got started) stopped. It all seems normal now. As info the combofix stopped and wanted a downlownload of a "microsoft recovery console". I pondered the "do it or don't" decision and decided to go with it. Thanks, and let me know if I should do anything else for cleanup.

Logs follow:

20:02:02.0765 2676 TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32
20:02:03.0109 2676 ============================================================
20:02:03.0109 2676 Current date / time: 2012/06/21 20:02:03.0109
20:02:03.0109 2676 SystemInfo:
20:02:03.0109 2676
20:02:03.0109 2676 OS Version: 5.1.2600 ServicePack: 3.0
20:02:03.0109 2676 Product type: Workstation
20:02:03.0109 2676 ComputerName: STEVE
20:02:03.0109 2676 UserName: Nyla
20:02:03.0109 2676 Windows directory: C:\WINDOWS
20:02:03.0109 2676 System windows directory: C:\WINDOWS
20:02:03.0109 2676 Processor architecture: Intel x86
20:02:03.0109 2676 Number of processors: 1
20:02:03.0109 2676 Page size: 0x1000
20:02:03.0109 2676 Boot type: Normal boot
20:02:03.0109 2676 ============================================================
20:02:05.0953 2676 Drive \Device\Harddisk0\DR0 - Size: 0x9502F9000 (37.25 Gb), SectorSize: 0x200, Cylinders: 0x12FF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
20:02:06.0296 2676 Drive \Device\Harddisk1\DR2 - Size: 0x7462FF6000 (465.55 Gb), SectorSize: 0x200, Cylinders: 0xED65, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:02:06.0296 2676 ============================================================
20:02:06.0296 2676 \Device\Harddisk0\DR0:
20:02:06.0328 2676 MBR partitions:
20:02:06.0328 2676 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x4A80000
20:02:06.0328 2676 \Device\Harddisk1\DR2:
20:02:06.0328 2676 MBR partitions:
20:02:06.0328 2676 \Device\Harddisk1\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A316EE6
20:02:06.0328 2676 ============================================================
20:02:06.0390 2676 C: <-> \Device\Harddisk0\DR0\Partition0
20:02:06.0390 2676 ============================================================
20:02:06.0390 2676 Initialize success
20:02:06.0390 2676 ============================================================
20:02:36.0781 3692 ============================================================
20:02:36.0781 3692 Scan started
20:02:36.0781 3692 Mode: Manual; SigCheck; TDLFS;
20:02:36.0781 3692 ============================================================
20:02:37.0187 3692 Abiosdsk - ok
20:02:37.0203 3692 abp480n5 - ok
20:02:37.0343 3692 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:02:38.0687 3692 ACPI - ok
20:02:38.0718 3692 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
20:02:38.0843 3692 ACPIEC - ok
20:02:38.0859 3692 adpu160m - ok
20:02:38.0906 3692 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
20:02:39.0062 3692 aec - ok
20:02:39.0125 3692 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
20:02:39.0234 3692 AFD - ok
20:02:39.0234 3692 Aha154x - ok
20:02:39.0250 3692 aic78u2 - ok
20:02:39.0250 3692 aic78xx - ok
20:02:39.0312 3692 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
20:02:39.0468 3692 Alerter - ok
20:02:39.0500 3692 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
20:02:39.0625 3692 ALG - ok
20:02:39.0640 3692 AliIde - ok
20:02:39.0640 3692 amsint - ok
20:02:39.0765 3692 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:02:39.0781 3692 Apple Mobile Device - ok
20:02:39.0828 3692 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
20:02:39.0968 3692 AppMgmt - ok
20:02:39.0984 3692 asc - ok
20:02:39.0984 3692 asc3350p - ok
20:02:40.0000 3692 asc3550 - ok
20:02:40.0109 3692 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
20:02:40.0156 3692 aspnet_state - ok
20:02:40.0187 3692 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:02:40.0328 3692 AsyncMac - ok
20:02:40.0359 3692 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
20:02:40.0484 3692 atapi - ok
20:02:40.0500 3692 Atdisk - ok
20:02:40.0546 3692 Ati HotKey Poller (c23082b890f21267037ca6111c385ff3) C:\WINDOWS\system32\Ati2evxx.exe
20:02:40.0625 3692 Ati HotKey Poller - ok
20:02:40.0718 3692 ati2mtag (f5fc6ac1e7bc776871361d463fc86be2) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
20:02:40.0875 3692 ati2mtag - ok
20:02:40.0906 3692 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:02:41.0031 3692 Atmarpc - ok
20:02:41.0109 3692 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
20:02:41.0265 3692 AudioSrv - ok
20:02:41.0296 3692 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
20:02:41.0437 3692 audstub - ok
20:02:41.0468 3692 b57w2k (3a3a82ffd268bcfb7ae6a48cecf00ad9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
20:02:41.0546 3692 b57w2k - ok
20:02:41.0671 3692 BBSvc (01a24b415926bb5f772dbe12459d97de) C:\Program Files\Microsoft\BingBar\BBSvc.EXE
20:02:41.0703 3692 BBSvc - ok
20:02:41.0890 3692 BBUpdate (785de7abda13309d6065305542829e76) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
20:02:41.0921 3692 BBUpdate - ok
20:02:41.0984 3692 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
20:02:42.0140 3692 Beep - ok
20:02:42.0187 3692 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
20:02:42.0421 3692 BITS - ok
20:02:42.0531 3692 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
20:02:42.0578 3692 Bonjour Service - ok
20:02:42.0640 3692 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
20:02:42.0781 3692 Browser - ok
20:02:42.0812 3692 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
20:02:42.0937 3692 cbidf2k - ok
20:02:42.0953 3692 cd20xrnt - ok
20:02:42.0968 3692 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
20:02:43.0109 3692 Cdaudio - ok
20:02:43.0140 3692 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
20:02:43.0281 3692 Cdfs - ok
20:02:43.0312 3692 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:02:43.0453 3692 Cdrom - ok
20:02:43.0468 3692 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
20:02:43.0546 3692 cercsr6 ( UnsignedFile.Multi.Generic ) - warning
20:02:43.0546 3692 cercsr6 - detected UnsignedFile.Multi.Generic (1)
20:02:43.0546 3692 Changer - ok
20:02:43.0562 3692 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
20:02:43.0703 3692 CiSvc - ok
20:02:43.0734 3692 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
20:02:43.0859 3692 ClipSrv - ok
20:02:43.0968 3692 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:02:44.0046 3692 clr_optimization_v2.0.50727_32 - ok
20:02:44.0078 3692 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
20:02:44.0203 3692 CmBatt - ok
20:02:44.0218 3692 CmdIde - ok
20:02:44.0234 3692 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
20:02:44.0375 3692 Compbatt - ok
20:02:44.0390 3692 COMSysApp - ok
20:02:44.0406 3692 Cpqarray - ok
20:02:44.0437 3692 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
20:02:44.0578 3692 CryptSvc - ok
20:02:44.0625 3692 ctxusbm (cb6ff7012bb5d59d7c12350db795ce1f) C:\WINDOWS\system32\DRIVERS\ctxusbm.sys
20:02:44.0671 3692 ctxusbm - ok
20:02:44.0671 3692 dac2w2k - ok
20:02:44.0687 3692 dac960nt - ok
20:02:44.0734 3692 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
20:02:44.0812 3692 DcomLaunch - ok
20:02:44.0921 3692 dell_power_nap_service (555a4cb9d714729064e2b0e98806bf77) C:\Program Files\Dell\PowerNap\PowerNap.Service.exe
20:02:44.0937 3692 dell_power_nap_service ( UnsignedFile.Multi.Generic ) - warning
20:02:44.0937 3692 dell_power_nap_service - detected UnsignedFile.Multi.Generic (1)
20:02:44.0984 3692 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
20:02:45.0125 3692 Dhcp - ok
20:02:45.0171 3692 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
20:02:45.0296 3692 Disk - ok
20:02:45.0312 3692 dmadmin - ok
20:02:45.0343 3692 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
20:02:45.0515 3692 dmboot - ok
20:02:45.0546 3692 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
20:02:45.0687 3692 dmio - ok
20:02:45.0734 3692 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
20:02:45.0859 3692 dmload - ok
20:02:45.0890 3692 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
20:02:46.0015 3692 dmserver - ok
20:02:46.0062 3692 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
20:02:46.0218 3692 DMusic - ok
20:02:46.0250 3692 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
20:02:46.0343 3692 Dnscache - ok
20:02:46.0375 3692 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
20:02:46.0500 3692 Dot3svc - ok
20:02:46.0515 3692 dpti2o - ok
20:02:46.0546 3692 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
20:02:46.0671 3692 drmkaud - ok
20:02:46.0703 3692 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
20:02:46.0859 3692 EapHost - ok
20:02:46.0906 3692 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
20:02:47.0031 3692 ERSvc - ok
20:02:47.0062 3692 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
20:02:47.0109 3692 Eventlog - ok
20:02:47.0156 3692 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
20:02:47.0234 3692 EventSystem - ok
20:02:47.0281 3692 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
20:02:47.0437 3692 Fastfat - ok
20:02:47.0468 3692 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
20:02:47.0531 3692 FastUserSwitchingCompatibility - ok
20:02:47.0562 3692 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
20:02:47.0703 3692 Fdc - ok
20:02:47.0718 3692 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
20:02:47.0859 3692 Fips - ok
20:02:47.0875 3692 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
20:02:48.0015 3692 Flpydisk - ok
20:02:48.0062 3692 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
20:02:48.0250 3692 FltMgr - ok
20:02:48.0343 3692 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
20:02:48.0359 3692 FontCache3.0.0.0 - ok
20:02:48.0390 3692 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:02:48.0531 3692 Fs_Rec - ok
20:02:48.0562 3692 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:02:48.0703 3692 Ftdisk - ok
20:02:48.0734 3692 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
20:02:48.0750 3692 GEARAspiWDM - ok
20:02:48.0796 3692 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:02:48.0937 3692 Gpc - ok
20:02:49.0078 3692 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
20:02:49.0093 3692 gupdate - ok
20:02:49.0093 3692 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
20:02:49.0109 3692 gupdatem - ok
20:02:49.0187 3692 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
20:02:49.0218 3692 gusvc - ok
20:02:49.0312 3692 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
20:02:49.0437 3692 helpsvc - ok
20:02:49.0468 3692 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
20:02:49.0609 3692 HidServ - ok
20:02:49.0640 3692 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:02:49.0781 3692 HidUsb - ok
20:02:49.0812 3692 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
20:02:49.0953 3692 hkmsvc - ok
20:02:49.0953 3692 hpn - ok
20:02:50.0000 3692 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
20:02:50.0078 3692 HTTP - ok
20:02:50.0093 3692 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
20:02:50.0234 3692 HTTPFilter - ok
20:02:50.0234 3692 i2omgmt - ok
20:02:50.0250 3692 i2omp - ok
20:02:50.0281 3692 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:02:50.0406 3692 i8042prt - ok
20:02:50.0500 3692 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:02:50.0578 3692 idsvc - ok
20:02:50.0671 3692 IJPLMSVC (a06efd4965f8a3f97a8c9a291d032678) C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
20:02:50.0687 3692 IJPLMSVC - ok
20:02:50.0734 3692 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
20:02:50.0875 3692 Imapi - ok
20:02:50.0906 3692 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
20:02:51.0046 3692 ImapiService - ok
20:02:51.0062 3692 ini910u - ok
20:02:51.0062 3692 IntelIde - ok
20:02:51.0171 3692 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:02:51.0296 3692 intelppm - ok
20:02:51.0312 3692 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
20:02:51.0437 3692 Ip6Fw - ok
20:02:51.0468 3692 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:02:51.0593 3692 IpFilterDriver - ok
20:02:51.0609 3692 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:02:51.0750 3692 IpInIp - ok
20:02:51.0937 3692 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:02:52.0078 3692 IpNat - ok
20:02:52.0156 3692 iPod Service (e6be7a41a28d8f2db174957454d32448) C:\Program Files\iPod\bin\iPodService.exe
20:02:52.0218 3692 iPod Service - ok
20:02:52.0250 3692 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:02:52.0390 3692 IPSec - ok
20:02:52.0437 3692 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
20:02:52.0562 3692 IRENUM - ok
20:02:52.0593 3692 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:02:52.0734 3692 isapnp - ok
20:02:52.0859 3692 JavaQuickStarterService (e731921db2e17dcd3db472fad5549c57) C:\Program Files\Java\jre6\bin\jqs.exe
20:02:52.0875 3692 JavaQuickStarterService - ok
20:02:52.0890 3692 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:02:53.0031 3692 Kbdclass - ok
20:02:53.0046 3692 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
20:02:53.0187 3692 kbdhid - ok
20:02:53.0234 3692 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
20:02:53.0359 3692 kmixer - ok
20:02:53.0390 3692 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
20:02:53.0500 3692 KSecDD - ok
20:02:53.0531 3692 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
20:02:53.0640 3692 lanmanserver - ok
20:02:53.0687 3692 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
20:02:53.0765 3692 lanmanworkstation - ok
20:02:53.0781 3692 lbrtfdc - ok
20:02:53.0875 3692 LBTServ (3af6b73a3ad1fc37c5933441f66ceb91) C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
20:02:53.0890 3692 LBTServ - ok
20:02:53.0937 3692 LEqdUsb (70035567754bed4e6ad353ca3f175127) C:\WINDOWS\system32\Drivers\LEqdUsb.Sys
20:02:53.0953 3692 LEqdUsb - ok
20:02:53.0968 3692 LHidEqd (32491b6bae0afad1d7a62c0ef0af4321) C:\WINDOWS\system32\Drivers\LHidEqd.Sys
20:02:53.0984 3692 LHidEqd - ok
20:02:54.0031 3692 LHidFilt (7f9c7b28cf1c859e1c42619eea946dc8) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
20:02:54.0046 3692 LHidFilt - ok
20:02:54.0140 3692 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
20:02:54.0281 3692 LmHosts - ok
20:02:54.0312 3692 LMouFilt (ab33792a87285344f43b5ce23421bab0) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
20:02:54.0328 3692 LMouFilt - ok
20:02:54.0359 3692 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
20:02:54.0500 3692 Messenger - ok
20:02:54.0531 3692 mfeavfk (bafdd5e28baea99d7f4772af2f5ec7ee) C:\WINDOWS\system32\drivers\mfeavfk.sys
20:02:54.0531 3692 mfeavfk - ok
20:02:54.0562 3692 mfebopk (1d003e3056a43d881597d6763e83b943) C:\WINDOWS\system32\drivers\mfebopk.sys
20:02:54.0578 3692 mfebopk - ok
20:02:54.0609 3692 mfehidk (3f138a1c8a0659f329f242d1e389b2cf) C:\WINDOWS\system32\drivers\mfehidk.sys
20:02:54.0625 3692 mfehidk - ok
20:02:54.0656 3692 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\WINDOWS\system32\drivers\mferkdk.sys
20:02:54.0671 3692 mferkdk - ok
20:02:54.0703 3692 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\WINDOWS\system32\drivers\mfesmfk.sys
20:02:54.0718 3692 mfesmfk - ok
20:02:54.0843 3692 Microsoft SharePoint Workspace Audit Service - ok
20:02:54.0875 3692 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
20:02:55.0015 3692 mnmdd - ok
20:02:55.0046 3692 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
20:02:55.0171 3692 mnmsrvc - ok
20:02:55.0218 3692 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
20:02:55.0343 3692 Modem - ok
20:02:55.0390 3692 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:02:55.0531 3692 Mouclass - ok
20:02:55.0562 3692 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:02:55.0703 3692 mouhid - ok
20:02:55.0734 3692 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
20:02:55.0859 3692 MountMgr - ok
20:02:55.0906 3692 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
20:02:55.0937 3692 MpFilter - ok
20:02:56.0203 3692 MpKsle9263fb8 (a69630d039c38018689190234f866d77) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0DE8C438-ACFF-4F4D-BBD6-2FDD05B58FC3}\MpKsle9263fb8.sys
20:02:56.0218 3692 MpKsle9263fb8 - ok
20:02:56.0234 3692 mraid35x - ok
20:02:56.0265 3692 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:02:56.0406 3692 MRxDAV - ok
20:02:56.0468 3692 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:02:56.0546 3692 MRxSmb - ok
20:02:56.0578 3692 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
20:02:56.0718 3692 MSDTC - ok
20:02:56.0796 3692 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
20:02:56.0953 3692 Msfs - ok
20:02:56.0953 3692 MSIServer - ok
20:02:56.0968 3692 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:02:57.0093 3692 MSKSSRV - ok
20:02:57.0171 3692 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) c:\Program Files\Microsoft Security Client\MsMpEng.exe
20:02:57.0187 3692 MsMpSvc - ok
20:02:57.0234 3692 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:02:57.0359 3692 MSPCLOCK - ok
20:02:57.0390 3692 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
20:02:57.0531 3692 MSPQM - ok
20:02:57.0562 3692 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:02:57.0671 3692 mssmbios - ok
20:02:57.0718 3692 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
20:02:57.0781 3692 Mup - ok
20:02:57.0828 3692 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
20:02:57.0984 3692 napagent - ok
20:02:58.0000 3692 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
20:02:58.0156 3692 NDIS - ok
20:02:58.0187 3692 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:02:58.0250 3692 NdisTapi - ok
20:02:58.0281 3692 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:02:58.0421 3692 Ndisuio - ok
20:02:58.0437 3692 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:02:58.0578 3692 NdisWan - ok
20:02:58.0625 3692 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
20:02:58.0718 3692 NDProxy - ok
20:02:58.0765 3692 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
20:02:58.0906 3692 NetBIOS - ok
20:02:58.0921 3692 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
20:02:59.0062 3692 NetBT - ok
20:02:59.0109 3692 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
20:02:59.0234 3692 NetDDE - ok
20:02:59.0250 3692 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
20:02:59.0375 3692 NetDDEdsdm - ok
20:02:59.0437 3692 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:02:59.0578 3692 Netlogon - ok
20:02:59.0609 3692 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
20:02:59.0765 3692 Netman - ok
20:02:59.0859 3692 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:02:59.0890 3692 NetTcpPortSharing - ok
20:02:59.0921 3692 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
20:02:59.0984 3692 Nla - ok
20:03:00.0062 3692 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
20:03:00.0218 3692 Npfs - ok
20:03:00.0343 3692 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
20:03:00.0515 3692 Ntfs - ok
20:03:00.0531 3692 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:03:00.0656 3692 NtLmSsp - ok
20:03:00.0687 3692 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
20:03:00.0859 3692 NtmsSvc - ok
20:03:00.0906 3692 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
20:03:01.0046 3692 Null - ok
20:03:01.0421 3692 nv (4f15e1e56703f59c0ac00022162e5308) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
20:03:02.0296 3692 nv - ok
20:03:02.0515 3692 NVSvc (383aa018830eb16965181c39cb0f3b73) C:\WINDOWS\system32\nvsvc32.exe
20:03:02.0609 3692 NVSvc ( UnsignedFile.Multi.Generic ) - warning
20:03:02.0609 3692 NVSvc - detected UnsignedFile.Multi.Generic (1)
20:03:02.0671 3692 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:03:02.0812 3692 NwlnkFlt - ok
20:03:02.0828 3692 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:03:02.0953 3692 NwlnkFwd - ok
20:03:03.0062 3692 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:03:03.0078 3692 ose - ok
20:03:03.0406 3692 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
20:03:03.0921 3692 osppsvc - ok
20:03:04.0109 3692 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
20:03:04.0234 3692 Parport - ok
20:03:04.0265 3692 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
20:03:04.0406 3692 PartMgr - ok
20:03:04.0484 3692 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
20:03:04.0656 3692 ParVdm - ok
20:03:04.0671 3692 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
20:03:04.0812 3692 PCI - ok
20:03:04.0828 3692 PCIDump - ok
20:03:04.0859 3692 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
20:03:05.0000 3692 PCIIde - ok
20:03:05.0046 3692 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
20:03:05.0171 3692 Pcmcia - ok
20:03:05.0187 3692 PCTINDIS5 - ok
20:03:05.0187 3692 PDCOMP - ok
20:03:05.0203 3692 PDFRAME - ok
20:03:05.0203 3692 PDRELI - ok
20:03:05.0218 3692 PDRFRAME - ok
20:03:05.0218 3692 perc2 - ok
20:03:05.0234 3692 perc2hib - ok
20:03:05.0281 3692 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
20:03:05.0296 3692 PlugPlay - ok
20:03:05.0328 3692 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:03:05.0453 3692 PolicyAgent - ok
20:03:05.0484 3692 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:03:05.0625 3692 PptpMiniport - ok
20:03:05.0625 3692 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:03:05.0750 3692 ProtectedStorage - ok
20:03:05.0765 3692 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
20:03:05.0906 3692 PSched - ok
20:03:05.0968 3692 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:03:06.0109 3692 Ptilink - ok
20:03:06.0125 3692 ql1080 - ok
20:03:06.0140 3692 Ql10wnt - ok
20:03:06.0140 3692 ql12160 - ok
20:03:06.0156 3692 ql1240 - ok
20:03:06.0156 3692 ql1280 - ok
20:03:06.0187 3692 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:03:06.0328 3692 RasAcd - ok
20:03:06.0359 3692 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
20:03:06.0500 3692 RasAuto - ok
20:03:06.0546 3692 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:03:06.0656 3692 Rasl2tp - ok
20:03:06.0703 3692 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
20:03:06.0843 3692 RasMan - ok
20:03:06.0921 3692 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:03:07.0109 3692 RasPppoe - ok
20:03:07.0125 3692 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
20:03:07.0265 3692 Raspti - ok
20:03:07.0312 3692 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:03:07.0453 3692 Rdbss - ok
20:03:07.0484 3692 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:03:07.0609 3692 RDPCDD - ok
20:03:07.0656 3692 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:03:07.0812 3692 rdpdr - ok
20:03:07.0859 3692 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
20:03:07.0937 3692 RDPWD - ok
20:03:07.0984 3692 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
20:03:08.0109 3692 RDSessMgr - ok
20:03:08.0156 3692 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
20:03:08.0281 3692 redbook - ok
20:03:08.0328 3692 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
20:03:08.0453 3692 RemoteAccess - ok
20:03:08.0500 3692 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
20:03:08.0625 3692 RemoteRegistry - ok
20:03:08.0656 3692 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
20:03:08.0781 3692 RpcLocator - ok
20:03:08.0828 3692 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
20:03:08.0875 3692 RpcSs - ok
20:03:08.0921 3692 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
20:03:09.0062 3692 RSVP - ok
20:03:09.0296 3692 SacNetAgentService_C57C4F854F53 (4e548fc2c427455836b37a7c7d9923db) C:\Documents and Settings\All Users\Application Data\OfficeGuardianV2N\Reminder\SacNetAgent.exe
20:03:09.0343 3692 SacNetAgentService_C57C4F854F53 - ok
20:03:09.0390 3692 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:03:09.0515 3692 SamSs - ok
20:03:09.0546 3692 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
20:03:09.0671 3692 SCardSvr - ok
20:03:09.0718 3692 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
20:03:09.0859 3692 Schedule - ok
20:03:09.0906 3692 se32 (695745cce49c346dab9620519b3e1970) C:\WINDOWS\system32\Drivers\se32.sys
20:03:09.0937 3692 se32 - ok
20:03:09.0968 3692 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:03:10.0093 3692 Secdrv - ok
20:03:10.0140 3692 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
20:03:10.0281 3692 seclogon - ok
20:03:10.0343 3692 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
20:03:10.0421 3692 senfilt - ok
20:03:10.0453 3692 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
20:03:10.0593 3692 SENS - ok
20:03:10.0625 3692 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
20:03:10.0750 3692 Serenum - ok
20:03:10.0765 3692 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
20:03:10.0890 3692 Serial - ok
20:03:10.0937 3692 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
20:03:11.0078 3692 Sfloppy - ok
20:03:11.0187 3692 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
20:03:11.0359 3692 SharedAccess - ok
20:03:11.0421 3692 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
20:03:11.0453 3692 ShellHWDetection - ok
20:03:11.0453 3692 Simbad - ok
20:03:11.0531 3692 smwdm (0066ff77aeb4ae70066f7e94d5a6d866) C:\WINDOWS\system32\drivers\smwdm.sys
20:03:11.0578 3692 smwdm - ok
20:03:11.0718 3692 softOSD (84a12c88095ecf2d7d1d839a98c0834e) C:\Program Files\softOSD\softOSD.exe
20:03:11.0734 3692 softOSD - ok
20:03:11.0750 3692 Sparrow - ok
20:03:11.0781 3692 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
20:03:11.0953 3692 splitter - ok
20:03:12.0000 3692 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
20:03:12.0109 3692 Spooler - ok
20:03:12.0156 3692 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
20:03:12.0296 3692 sr - ok
20:03:12.0328 3692 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
20:03:12.0484 3692 srservice - ok
20:03:12.0546 3692 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
20:03:12.0625 3692 Srv - ok
20:03:12.0671 3692 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
20:03:12.0812 3692 SSDPSRV - ok
20:03:12.0859 3692 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
20:03:13.0015 3692 stisvc - ok
20:03:13.0046 3692 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
20:03:13.0171 3692 swenum - ok
20:03:13.0218 3692 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
20:03:13.0343 3692 swmidi - ok
20:03:13.0359 3692 SwPrv - ok
20:03:13.0359 3692 symc810 - ok
20:03:13.0375 3692 symc8xx - ok
20:03:13.0390 3692 sym_hi - ok
20:03:13.0390 3692 sym_u3 - ok
20:03:13.0437 3692 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
20:03:13.0578 3692 sysaudio - ok
20:03:13.0609 3692 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
20:03:13.0765 3692 SysmonLog - ok
20:03:13.0828 3692 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
20:03:13.0968 3692 TapiSrv - ok
20:03:14.0046 3692 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:03:14.0109 3692 Tcpip - ok
20:03:14.0140 3692 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
20:03:14.0265 3692 TDPIPE - ok
20:03:14.0281 3692 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
20:03:14.0406 3692 TDTCP - ok
20:03:14.0437 3692 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
20:03:14.0562 3692 TermDD - ok
20:03:14.0625 3692 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
20:03:14.0781 3692 TermService - ok
20:03:14.0828 3692 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
20:03:14.0843 3692 Themes - ok
20:03:14.0875 3692 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
20:03:15.0015 3692 TlntSvr - ok
20:03:15.0015 3692 TosIde - ok
20:03:15.0062 3692 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
20:03:15.0203 3692 TrkWks - ok
20:03:15.0234 3692 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
20:03:15.0359 3692 Udfs - ok
20:03:15.0375 3692 ultra - ok
20:03:15.0437 3692 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
20:03:15.0593 3692 Update - ok
20:03:15.0640 3692 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
20:03:15.0781 3692 upnphost - ok
20:03:15.0828 3692 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
20:03:15.0953 3692 UPS - ok
20:03:15.0984 3692 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\WINDOWS\system32\Drivers\usbaapl.sys
20:03:16.0046 3692 USBAAPL - ok
20:03:16.0093 3692 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
20:03:16.0250 3692 usbaudio - ok
20:03:16.0296 3692 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:03:16.0453 3692 usbccgp - ok
20:03:16.0484 3692 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:03:16.0640 3692 usbehci - ok
20:03:16.0671 3692 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:03:16.0812 3692 usbhub - ok
20:03:16.0843 3692 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:03:17.0000 3692 usbprint - ok
20:03:17.0031 3692 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:03:17.0171 3692 usbscan - ok
20:03:17.0203 3692 usbser32 (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\DRIVERS\usbser.sys
20:03:17.0343 3692 usbser32 - ok
20:03:17.0375 3692 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:03:17.0500 3692 USBSTOR - ok
20:03:17.0531 3692 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:03:17.0656 3692 usbuhci - ok
20:03:17.0671 3692 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
20:03:17.0796 3692 VgaSave - ok
20:03:17.0812 3692 ViaIde - ok
20:03:17.0843 3692 VisorUsb (7608c8327d19ecec1c21f5630a8dedb6) C:\WINDOWS\system32\DRIVERS\VisorUsb.sys
20:03:17.0875 3692 VisorUsb ( UnsignedFile.Multi.Generic ) - warning
20:03:17.0875 3692 VisorUsb - detected UnsignedFile.Multi.Generic (1)
20:03:17.0906 3692 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
20:03:18.0031 3692 VolSnap - ok
20:03:18.0078 3692 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
20:03:18.0218 3692 VSS - ok
20:03:18.0250 3692 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
20:03:18.0406 3692 W32Time - ok
20:03:18.0468 3692 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:03:18.0593 3692 Wanarp - ok
20:03:18.0640 3692 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
20:03:18.0671 3692 Wdf01000 - ok
20:03:18.0687 3692 WDICA - ok
20:03:18.0718 3692 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
20:03:18.0859 3692 wdmaud - ok
20:03:18.0906 3692 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
20:03:19.0046 3692 WebClient - ok
20:03:19.0156 3692 WinDefend (f45dd1e1365d857dd08bc23563370d0e) C:\Program Files\Windows Defender\MsMpEng.exe
20:03:19.0171 3692 WinDefend - ok
20:03:19.0250 3692 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
20:03:19.0375 3692 winmgmt - ok
20:03:19.0546 3692 wlidsvc (5144ae67d60ec653f97ddf3feed29e77) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:03:19.0671 3692 wlidsvc - ok
20:03:19.0828 3692 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
20:03:19.0859 3692 WmdmPmSN - ok
20:03:19.0921 3692 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
20:03:20.0000 3692 Wmi - ok
20:03:20.0062 3692 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
20:03:20.0171 3692 WmiAcpi - ok
20:03:20.0250 3692 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
20:03:20.0375 3692 WmiApSrv - ok
20:03:20.0531 3692 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
20:03:20.0656 3692 WMPNetworkSvc - ok
20:03:20.0703 3692 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
20:03:20.0843 3692 wscsvc - ok
20:03:20.0859 3692 WSearch - ok
20:03:20.0890 3692 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
20:03:21.0046 3692 wuauserv - ok
20:03:21.0078 3692 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:03:21.0171 3692 WudfPf - ok
20:03:21.0218 3692 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:03:21.0234 3692 WudfRd - ok
20:03:21.0265 3692 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
20:03:21.0296 3692 WudfSvc - ok
20:03:21.0343 3692 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
20:03:21.0515 3692 WZCSVC - ok
20:03:21.0546 3692 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
20:03:21.0656 3692 xmlprov - ok
20:03:21.0718 3692 ZD1211BU(ZyDAS) (154fe6a5a608cd725266877901e883c2) C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys
20:03:21.0796 3692 ZD1211BU(ZyDAS) - ok
20:03:21.0812 3692 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
20:03:22.0375 3692 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
20:03:22.0375 3692 \Device\Harddisk0\DR0 - detected TDSS File System (1)
20:03:22.0375 3692 MBR (0x1B8) (d928f398aa9f1f39b90ca623d85cbd9d) \Device\Harddisk1\DR2
20:03:22.0796 3692 \Device\Harddisk1\DR2 - ok
20:03:22.0812 3692 Boot (0x1200) (0b3fb73b2cceea252a2198818c3c4111) \Device\Harddisk0\DR0\Partition0
20:03:22.0812 3692 \Device\Harddisk0\DR0\Partition0 - ok
20:03:22.0812 3692 Boot (0x1200) (92fb743d5495b840aa1bd4aa7c7a73c5) \Device\Harddisk1\DR2\Partition0
20:03:22.0812 3692 \Device\Harddisk1\DR2\Partition0 - ok
20:03:22.0828 3692 ============================================================
20:03:22.0828 3692 Scan finished
20:03:22.0828 3692 ============================================================
20:03:22.0953 3696 Detected object count: 5
20:03:22.0953 3696 Actual detected object count: 5
20:03:35.0546 3696 cercsr6 ( UnsignedFile.Multi.Generic ) - skipped by user
20:03:35.0546 3696 cercsr6 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:03:35.0562 3696 dell_power_nap_service ( UnsignedFile.Multi.Generic ) - skipped by user
20:03:35.0562 3696 dell_power_nap_service ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:03:35.0562 3696 NVSvc ( UnsignedFile.Multi.Generic ) - skipped by user
20:03:35.0562 3696 NVSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:03:35.0562 3696 VisorUsb ( UnsignedFile.Multi.Generic ) - skipped by user
20:03:35.0562 3696 VisorUsb ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:03:35.0562 3696 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
20:03:35.0562 3696 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip





ComboFix 12-06-21.02 - Nyla 06/21/2012 20:23:08.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2448 [GMT -4:00]
Running from: c:\documents and settings\Nyla\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\Nyla\Local Settings\Application Data\assembly\tmp
c:\windows\EventSystem.log
c:\windows\system32\dllcache\dlimport.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-05-22 to 2012-06-22 )))))))))))))))))))))))))))))))
.
.
2012-06-22 00:08 . 2012-05-31 03:41 6762896 -c--a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2D74D56D-E015-4E9B-869C-425CAAD0429A}\mpengine.dll
2012-06-21 23:54 . 2012-06-21 23:54 -------- dc----w- C:\TDSSKiller_Quarantine
2012-06-17 18:08 . 2012-05-08 16:40 6737808 -c--a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-14 21:48 . 2012-06-14 21:48 -------- dc----w- c:\windows\system32\WunderPhoto Screensaver dir
2012-06-14 14:55 . 2012-06-14 14:56 -------- dc----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2012-06-14 14:50 . 2012-06-14 14:50 -------- dc----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2012-06-14 12:29 . 2012-06-14 12:29 -------- dc----w- c:\windows\system32\wbem\Repository
2012-06-12 21:03 . 2012-06-12 21:03 -------- dc----w- c:\program files\iPod
2012-06-12 21:03 . 2012-06-12 21:08 -------- dc----w- c:\program files\iTunes
2012-06-12 20:43 . 2012-06-12 20:43 -------- dc----w- c:\documents and settings\LocalService\Local Settings\Application Data\Apple
2012-06-12 06:55 . 2012-06-12 06:55 -------- dc----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Temp
2012-06-12 06:55 . 2012-06-12 06:55 -------- dc----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2012-05-30 13:11 . 2012-05-30 13:11 -------- dcsh--w- c:\documents and settings\NetworkService\IETldCache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-14 21:48 . 2010-09-27 11:06 512000 -c--a-w- c:\windows\system32\WunderPhoto Screensaver.scr
2012-06-14 14:49 . 2012-04-02 13:00 426184 -c--a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-14 14:49 . 2011-05-23 13:27 70344 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-07 11:49 . 2012-05-07 11:49 4126880 -c--a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-04-19 00:56 . 2012-04-19 00:56 94208 -c--a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-19 00:56 . 2012-04-19 00:56 69632 -c--a-w- c:\windows\system32\QuickTime.qts
2012-04-11 13:12 . 2004-08-04 10:00 1862272 -c--a-w- c:\windows\system32\win32k.sys
2012-04-11 13:10 . 2005-03-30 01:21 2192640 -c--a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 12:35 . 2005-03-30 01:01 2069120 -c--a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-04 19:56 . 2011-05-07 23:04 22344 -c--a-w- c:\windows\system32\drivers\mbam.sys
2009-02-08 17:59 . 2009-02-08 17:59 7521112 -c--a-w- c:\program files\Firefox Setup 3.0.6.exe
2011-04-25 05:58 . 2011-04-25 05:58 124864 -c--a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll
2011-04-25 06:48 . 2011-04-25 06:48 13760 -c--a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2011-04-25 06:00 . 2011-04-25 06:00 71104 -c--a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2011-04-25 05:59 . 2011-04-25 05:59 92096 -c--a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2011-04-25 05:58 . 2011-04-25 05:58 22976 -c--a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2011-04-25 05:57 . 2011-04-25 05:57 255936 -c--a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2011-04-25 05:58 . 2011-04-25 05:58 32192 -c--a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2011-04-25 05:58 . 2011-04-25 05:58 40896 -c--a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2011-04-25 05:51 . 2011-04-25 05:51 898480 -c--a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2011-04-25 06:00 . 2011-04-25 06:00 24512 -c--a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2011-07-22 718720]
"SacReminderHDDV2N"="c:\documents and settings\All Users\Application Data\OfficeGuardianV2N\reminder\SacReminder.exe" [2010-11-18 862032]
"cdloader"="c:\documents and settings\Nyla\Application Data\mjusbsp\cdloader2.exe" [2011-08-23 50592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-08-17 86016]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-10-19 1983816]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2009-05-19 136544]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2011-04-25 305088]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-17 13877248]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-12-21 519584]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
HotSync Manager.lnk - c:\program files\Handspring\HOTSYNC.EXE [N/A]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-10-31 813584]
PowerNap.lnk - c:\windows\Installer\{68259209-C71D-44C7-900E-20BC0F7E0BF1}\_A45711B63B8E1DD683E50A.exe [2009-9-19 372526]
PowerNapWatcher.lnk - c:\windows\Installer\{68259209-C71D-44C7-900E-20BC0F7E0BF1}\_8C3690E649AC58E83BCA00.exe [2009-9-19 10134]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 17:28 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\se32.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\Pat\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Documents and Settings\\Nyla\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\OfficeGuardianV2N\\Reminder\\SacNetAgent.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"139:TCP"= 139:TCP:@xpsp2res.dll,-22004
"445:TCP"= 445:TCP:@xpsp2res.dll,-22005
"137:UDP"= 137:UDP:@xpsp2res.dll,-22001
"138:UDP"= 138:UDP:@xpsp2res.dll,-22002
"53271:UDP"= 53271:UDP:SacNetAgentCommunicationPort1
"53272:TCP"= 53272:TCP:SacNetAgentCommunicationPort2
.
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [4/25/2011 1:49 AM 65584]
R1 se32;EnTech softEngine;c:\windows\system32\drivers\se32.sys [5/3/2007 12:19 PM 12112]
R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [10/13/2011 6:21 PM 249648]
R2 dell_power_nap_service;Dell Power Nap Service;c:\program files\Dell\PowerNap\PowerNap.Service.exe [3/5/2009 4:25 PM 11776]
R2 softOSD;softOSD;c:\program files\softOSD\softOSD.exe [2/21/2009 10:51 PM 281144]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [6/17/2009 12:55 PM 40720]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [6/17/2009 12:55 PM 10384]
S2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [10/21/2011 4:23 PM 196176]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6/14/2012 10:50 AM 136176]
S2 SacNetAgentService_C57C4F854F53;SacNetAgentService_C57C4F854F53;c:\documents and settings\All Users\Application Data\OfficeGuardianV2N\Reminder\SacNetAgent.exe [4/19/2011 10:17 PM 163664]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [6/14/2012 10:50 AM 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [6/12/2011 11:15 AM 31125880]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 9:37 PM 4640000]
S3 usbser32;Neato Robotics USB Driver;c:\windows\system32\drivers\usbser.sys [3/18/2012 2:16 PM 26112]
S3 VisorUsb;Handspring USB;c:\windows\system32\drivers\VisorUsb.sys [1/10/2009 12:48 PM 19968]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 29335090
*Deregistered* - 29335090
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2012-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-06-14 14:50]
.
2012-06-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-06-14 14:50]
.
2012-06-22 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 21:03]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.cnn.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254
DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} - hxxps://www.icloud.com/system/iCloud.cab
FF - ProfilePath - c:\documents and settings\Nyla\Application Data\Mozilla\Firefox\Profiles\guiqbm6v.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.cnn.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-mcmscsvc
SafeBoot-MCODS
MSConfigStartUp-CTFMON - (no file)
AddRemove-Octoshape add-in for Adobe Flash Player - c:\documents and settings\Nyla\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-21 20:32
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(656)
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
.
Completion time: 2012-06-21 20:34:59
ComboFix-quarantined-files.txt 2012-06-22 00:34
.
Pre-Run: 4,132,868,096 bytes free
Post-Run: 4,878,307,328 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /pae
.
- - End Of File - - 7BB31E01A80D525A983F13624826C116
  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Recovery console installation is good

One more run with TDSSKiller

Run with the same parameters as before and when you get the following select delete :

\Device\Harddisk0\DR0 ( TDSS File System )

THEN



Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
  • 0

#7
SteveMAtlBch

SteveMAtlBch

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Done. Malware bytes found nothing. So what was this thing and how did it get here? Would I expect MSE to prevent it from actually getting on the computer? It saw something, it just didn't do enough to stop it apparently.

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.22.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Nyla :: STEVE [administrator]

6/22/2012 10:34:57 AM
mbam-log-2012-06-22 (10-34-57).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 240341
Time elapsed: 7 minute(s), 12 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Unfortunately all Antiviruses are playing catch up, before a problem can be detected they need to know how it works. This appears to be a mix between an MBR infection and a trojan downloader


Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [emptytemp]
    [CLEARALLRESTOREPOINTS]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Remove ComboFix
  • Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
  • In the Run box, type in ComboFix /Uninstall
    (Notice the space between the "x" and "/")
    then click OK

    Posted Image
  • Follow the prompts on the screen
  • A message should appear confirming that ComboFix was uninstalled

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image Your Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe :wave:
  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP