Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Malware Server 2003 IE7

Started by bhzendner , Dec 17 2012 07:10 PM

  • Please log in to reply

#1
bhzendner
Posted 17 December 2012 - 07:10 PM

bhzendner

    Member

  • Member
  • PipPipPip
  • 226 posts
I have run Malwarebytes many times no more found. However you can not uninstall and install Malwarebytes without getting install errors. SuperAntiSpyware use to install and work but will no longer install it gets an error. I uninstalled IE8 and IE7 but windows updates will not work and when I manually install IE7 if just freezes when run. HELP

OTL logfile created on: 12/17/2012 4:21:03 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows Server 2003 Server 2003 R2 Edition Service Pack 2 (Version = 5.2.3790) - Type = NTDomainController
Internet Explorer (Version = 6.0.3790.3959)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.94 Gb Available Physical Memory | 73.46% Memory free
11.80 Gb Paging File | 10.86 Gb Available in Paging File | 91.99% Paging File free
Paging file location(s): c:\pagefile.sys 4096 4096d:\pagef [Binary data over 200 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 30.28 Gb Total Space | 11.76 Gb Free Space | 38.84% Space Free | Partition Type: NTFS
Drive D: | 105.76 Gb Total Space | 89.54 Gb Free Space | 84.66% Space Free | Partition Type: NTFS

Computer Name: SRVR-DW | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/12/17 16:11:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2012/12/13 20:15:51 | 000,105,832 | ---- | M] (SurfRight B.V.) -- C:\Program Files\HitmanPro\hmpsched.exe
PRC - [2012/11/07 08:08:27 | 000,137,136 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2012/11/07 08:07:51 | 000,374,704 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2012/09/29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/06/08 11:06:24 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2012/06/08 11:06:24 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2012/01/30 04:39:57 | 000,450,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dns.exe
PRC - [2010/01/31 07:01:28 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2009/10/01 00:22:42 | 000,131,072 | ---- | M] (Intuit, Inc.) -- C:\Program Files\Intuit\QuickBooks 2006\QBDBMgrN.exe
PRC - [2008/09/29 08:07:00 | 000,143,088 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
PRC - [2008/09/29 08:07:00 | 000,124,240 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2008/09/29 08:07:00 | 000,067,904 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
PRC - [2008/09/29 08:07:00 | 000,062,800 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
PRC - [2008/09/29 08:07:00 | 000,026,672 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
PRC - [2008/09/29 08:07:00 | 000,019,456 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
PRC - [2008/03/14 04:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2007/02/17 06:03:53 | 000,792,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntfrs.exe
PRC - [2007/02/17 06:03:43 | 000,349,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lserver.exe
PRC - [2007/02/17 06:03:42 | 000,040,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ismserv.exe
PRC - [2007/02/17 06:03:39 | 001,053,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/02/17 06:03:35 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dfssvc.exe
PRC - [2004/07/09 19:01:00 | 001,658,880 | ---- | M] (Extended Systems, Inc.) -- D:\Extended Systems\Advantage\Server\ads.exe


========== Modules (No Company Name) ==========

MOD - [2012/11/14 13:33:35 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\d8ca3b9fefcda19eeecd55c239f504ba\System.Management.ni.dll
MOD - [2012/11/14 13:20:39 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\31b7eef43a23e7c6e93594be583f3d08\System.ServiceProcess.ni.dll
MOD - [2012/11/14 13:20:38 | 007,977,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\90ad0c96693527ae685ff40019bb33b0\System.ni.dll
MOD - [2012/11/14 13:20:29 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\3add69b075f3da012fb97ce00cd795c0\mscorlib.ni.dll
MOD - [2008/03/14 04:00:00 | 000,057,344 | ---- | M] () -- C:\Program Files\McAfee\Common Framework\boost_thread-vc71-mt-1_32.dll
MOD - [2006/12/11 13:12:04 | 000,176,235 | ---- | M] () -- C:\WINDOWS\system32\Primomonnt.dll
MOD - [2005/08/22 15:38:16 | 003,264,512 | ---- | M] () -- C:\Program Files\McAfee\Common Framework\cryptocme2.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - File not found [Disabled | Stopped] -- -- (UPS)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012/12/15 12:58:36 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/12/13 20:15:51 | 000,105,832 | ---- | M] (SurfRight B.V.) [Auto | Running] -- C:\Program Files\HitmanPro\hmpsched.exe -- (HitmanProScheduler)
SRV - [2012/12/01 10:12:48 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/11/07 08:08:27 | 000,137,136 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint)
SRV - [2012/11/07 08:07:51 | 000,374,704 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/06/08 11:06:24 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2012/01/30 04:39:57 | 000,450,560 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dns.exe -- (DNS)
SRV - [2010/01/31 07:01:28 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2009/10/01 00:22:42 | 000,131,072 | ---- | M] (Intuit, Inc.) [On_Demand | Running] -- C:\Program Files\Intuit\QuickBooks 2006\QBDBMgrN.exe -- (QuickBooksDB19)
SRV - [2009/10/01 00:22:42 | 000,131,072 | ---- | M] (Intuit, Inc.) [Disabled | Stopped] -- C:\Program Files\Intuit\QuickBooks 2006\QBDBMgrN.exe -- (QuickBooksDB)
SRV - [2009/08/19 23:57:48 | 000,660,464 | ---- | M] (Acronis) [Disabled | Stopped] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2009/08/19 23:55:56 | 001,865,472 | ---- | M] (Acronis) [Disabled | Stopped] -- C:\Program Files\Common Files\Acronis\Agent\agent.exe -- (AcronisAgent)
SRV - [2009/08/19 23:46:28 | 003,819,880 | ---- | M] (Acronis) [Disabled | Stopped] -- C:\Program Files\Acronis\BackupAndRecovery\mms.exe -- (MMS)
SRV - [2008/09/29 08:07:00 | 000,143,088 | ---- | M] (McAfee, Inc.) [Auto | Paused] -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield)
SRV - [2008/09/29 08:07:00 | 000,067,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2008/09/29 08:07:00 | 000,062,800 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
SRV - [2008/09/29 08:07:00 | 000,019,456 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe -- (McAfeeEngineService)
SRV - [2008/08/08 21:10:46 | 000,061,440 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2008/03/14 04:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2007/02/17 06:04:02 | 000,071,168 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\tssdis.exe -- (Tssdis)
SRV - [2007/02/17 06:03:58 | 000,067,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rsopprov.exe -- (RSoPProv)
SRV - [2007/02/17 06:03:53 | 000,792,064 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ntfrs.exe -- (NtFrs)
SRV - [2007/02/17 06:03:43 | 000,349,696 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lserver.exe -- (TermServLicensing)
SRV - [2007/02/17 06:03:43 | 000,094,720 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\llssrv.exe -- (LicenseService)
SRV - [2007/02/17 06:03:42 | 000,040,448 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ismserv.exe -- (IsmServ)
SRV - [2007/02/17 06:03:35 | 000,164,864 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dfssvc.exe -- (Dfs)
SRV - [2007/01/12 07:51:30 | 000,508,848 | ---- | M] ( ) [Disabled | Stopped] -- C:\WINDOWS\system32\LMabcoms.exe -- (lmab_device)
SRV - [2006/09/13 11:57:22 | 000,045,056 | ---- | M] () [Disabled | Stopped] -- D:\Program Files\RD1000\Service\RDXmon.exe -- (RDXmon)
SRV - [2005/04/14 08:40:58 | 000,045,134 | ---- | M] (APC) [Disabled | Stopped] -- C:\Program Files\APC\PowerChute Business Edition\server\pbeserver.exe -- (APCPBEServer)
SRV - [2005/04/14 08:40:52 | 000,028,672 | ---- | M] (APC) [Disabled | Stopped] -- C:\Program Files\APC\PowerChute Business Edition\agent\pbeagent.exe -- (APCPBEAgent)
SRV - [2005/03/25 05:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\trksvr.dll -- (TrkSvr)
SRV - [2005/03/25 05:00:00 | 000,012,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\sacsvr.dll -- (sacsvr)
SRV - [2004/07/09 19:01:00 | 001,658,880 | ---- | M] (Extended Systems, Inc.) [Auto | Running] -- D:\Extended Systems\Advantage\Server\ads.exe -- (Advantage)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys -- (mferkdk)
DRV - File not found [Adapter | On_Demand | Unknown] -- -- (LicenseInfo)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/12/16 10:07:15 | 000,035,144 | ---- | M] () [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV - [2012/11/07 08:07:53 | 000,083,912 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2012/09/29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/06/08 11:06:24 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2012/06/08 11:06:24 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2011/07/22 08:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Documents and Settings\Administrator\Local Settings\Temp\SAS_SelfExtract\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 13:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Documents and Settings\Administrator\Local Settings\Temp\SAS_SelfExtract\saskutil.sys -- (SASKUTIL)
DRV - [2009/08/27 12:55:16 | 000,569,632 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\timntr.sys -- (timounter)
DRV - [2009/08/27 12:45:35 | 000,156,928 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\snapman.sys -- (snapman)
DRV - [2009/04/09 10:37:29 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2008/09/29 08:07:00 | 000,340,592 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2008/09/29 08:07:00 | 000,090,360 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2008/09/29 08:07:00 | 000,074,648 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2008/09/29 08:07:00 | 000,064,432 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2008/09/29 08:07:00 | 000,062,704 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2008/09/29 08:07:00 | 000,042,424 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2007/06/07 10:24:04 | 000,031,480 | ---- | M] (Dell Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dcdbas32.sys -- (dcdbas)
DRV - [2007/06/07 10:19:26 | 000,010,104 | ---- | M] (Dell Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\PowerEdge Diagnostics\oldiags\packages\portaccessor32.sys -- (PORTACCESSOR_1)
DRV - [2007/02/16 22:29:40 | 000,169,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wlbs.sys -- (WLBS)
DRV - [2007/02/16 22:06:42 | 000,072,704 | ---- | M] (Microsoft Corporation) [Kernel | Unavailable | Unknown] -- C:\WINDOWS\System32\drivers\sacdrv.sys -- (sacdrv)
DRV - [2007/02/16 21:51:18 | 000,034,816 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\dfs.sys -- (DfsDriver)
DRV - [2006/12/15 03:53:00 | 000,021,504 | ---- | M] (LSI Logic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\percsas.sys -- (percsas)
DRV - [2006/04/20 16:31:38 | 001,379,328 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/04/03 13:52:18 | 000,048,128 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bxnd52x.sys -- (l2nd)
DRV - [2006/01/19 10:12:22 | 000,067,072 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\baspxp32.sys -- (Blfp)
DRV - [2005/03/24 18:25:38 | 000,049,664 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\symmpi.sys -- (symmpi)
DRV - [2005/03/24 18:06:56 | 000,113,664 | ---- | M] (Emulex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\lp6nds35.sys -- (lp6nds35)
DRV - [2005/03/24 18:05:10 | 000,027,648 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\ipsraidn.sys -- (ipsraidn)
DRV - [2005/03/24 18:00:52 | 000,024,064 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dpti2o.sys -- (dpti2o)
DRV - [2005/03/24 17:58:22 | 000,018,432 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\cpqcissm.sys -- (cpqcissm)
DRV - [2005/03/24 17:55:32 | 000,343,424 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mpad.sys -- (ati2mpad)
DRV - [2003/03/24 23:13:08 | 000,022,016 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dellcerc.sys -- (dellcerc)
DRV - [2003/03/24 23:13:06 | 000,069,632 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\cpqfcalm.sys -- (cpqfcalm)
DRV - [2003/03/24 23:13:04 | 000,015,360 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\cpqarry2.sys -- (cpqarry2)
DRV - [2003/03/24 23:05:22 | 000,221,696 | ---- | M] (Agilent Technologies) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\afcnt.sys -- (afcnt)
DRV - [2003/03/24 23:05:16 | 000,039,424 | ---- | M] (HighPoint Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\hpt3xx.sys -- (hpt3xx)
DRV - [2003/03/24 23:05:12 | 000,154,624 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\ql2200.sys -- (ql2200)
DRV - [2003/03/24 23:05:12 | 000,130,560 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\ql2100.sys -- (ql2100)
DRV - [2003/03/24 23:05:00 | 000,016,384 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\cpqarray.sys -- (Cpqarray)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\dell\homepage\dellhome.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = C:\dell\homepage\dellhome.htm
IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/softAdmin.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B635abd67-4fe9-1b23-4f01-e679fa7484c1%7D:2.5.1.20121012015120
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/12/15 12:58:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/11/09 15:01:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2012/12/15 12:23:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ri4n5enq.default\extensions
[2012/12/14 11:40:55 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ri4n5enq.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/12/15 12:58:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/12/15 12:58:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/12/15 12:58:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2012/12/15 12:58:33 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/12/15 12:58:36 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/11/19 22:17:14 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/11/19 22:17:14 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.95\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.95\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 6 U35 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.350.10 (Enabled) = C:\WINDOWS\system32\npdeployJava1.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Gmail = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2005/03/25 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - No CLSID value found.
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKCU..\Run: [] File not found
O4 - HKLM..\RunOnce: [1] C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\mbam-chameleon.exe ()
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil32_11_5_502_110_ActiveX.exe (Adobe Systems Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ShowSuperHidden = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell....iler/SysPro.CAB (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1354657713234 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1355438488843 (MUWebControl Class)
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} https://mail.cosinc....emote/msrdp.cab (Microsoft Terminal Services Client Control (redist))
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} https://www.officeally.com/XUpload.ocx (Persits Software XUpload)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = dw2k3.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8433B5B6-9297-4B6B-8C36-5257D656F188}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2006\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\mhtml - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - File not found
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop BackupWallPaper: \windows\system32\DELLWALL.BMP
O29 - HKLM SecurityProviders - (pwdssp.dll) - C:\WINDOWS\System32\pwdssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/05/02 17:00:46 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/12/17 16:11:14 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012/12/16 10:50:47 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2012/12/16 10:03:01 | 000,697,869 | ---- | C] (Farbar) -- C:\Documents and Settings\Administrator\Desktop\FSS.exe
[2012/12/15 17:24:39 | 000,495,376 | ---- | C] (Oleg N. Scherbakov) -- C:\Documents and Settings\Administrator\Desktop\JRT.exe
[2012/12/15 17:17:40 | 022,681,528 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Administrator\Desktop\SUPERAntiSpyware.exe
[2012/12/15 13:01:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ErrorEND
[2012/12/15 12:58:33 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/12/15 12:21:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2012/12/15 12:20:57 | 000,000,000 | ---D | C] -- C:\JRT
[2012/12/15 11:59:16 | 000,752,213 | ---- | C] (Farbar) -- C:\Documents and Settings\Administrator\Desktop\MiniToolBox.exe
[2012/12/14 11:40:52 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/12/14 01:55:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CompuClever
[2012/12/14 01:55:24 | 000,000,000 | ---D | C] -- C:\Program Files\CompuClever
[2012/12/14 01:40:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC1Data
[2012/12/13 20:08:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie7updates
[2012/12/12 21:45:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2012/12/12 21:45:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/12/12 21:45:34 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/12/12 21:45:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/12/12 13:50:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Avant Downloader
[2012/12/12 13:50:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Avant Profiles
[2012/12/12 13:46:20 | 000,141,337 | ---- | C] (Eicon Networks) -- C:\WINDOWS\System32\dllcache\xlog.exe
[2012/12/12 13:46:16 | 000,016,970 | ---- | C] (US Robotics MCD (Megahertz)) -- C:\WINDOWS\System32\dllcache\xem336n5.sys
[2012/12/12 13:45:32 | 000,154,624 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\wlluc48.sys
[2012/12/12 13:45:05 | 000,035,871 | ---- | C] (Winbond Electronics Corp.) -- C:\WINDOWS\System32\dllcache\wbfirdma.sys
[2012/12/12 13:44:24 | 000,019,528 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w840nd.sys
[2012/12/12 13:43:45 | 000,166,784 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxpm.sys
[2012/12/12 13:43:42 | 000,525,568 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxp.dll
[2012/12/12 13:43:39 | 000,159,232 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkbm.sys
[2012/12/12 13:43:35 | 000,440,576 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkb.dll
[2012/12/12 13:43:32 | 000,222,336 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3dm.sys
[2012/12/12 13:43:29 | 000,315,520 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3d.dll
[2012/12/12 13:43:13 | 000,123,995 | ---- | C] (Tiger Jet Network) -- C:\WINDOWS\System32\dllcache\tjisdn.sys
[2012/12/12 13:43:07 | 000,138,528 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiulnt5.sys
[2012/12/12 13:43:04 | 000,081,408 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiul50.dll
[2012/12/12 13:43:03 | 000,127,488 | ---- | C] (M-Systems) -- C:\WINDOWS\System32\dllcache\tffsport.sys
[2012/12/12 13:42:51 | 000,036,640 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\t2r4mini.sys
[2012/12/12 13:42:48 | 000,172,768 | ---- | C] (Number Nine Visual Technology) -- C:\WINDOWS\System32\dllcache\t2r4disp.dll
[2012/12/12 13:42:16 | 000,233,472 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnprop.dll
[2012/12/12 13:42:14 | 000,064,512 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlncoin.dll
[2012/12/12 13:42:11 | 000,283,616 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnata.sys
[2012/12/12 13:42:07 | 000,019,456 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\stcusb.sys
[2012/12/12 13:41:37 | 000,058,368 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smiminib.sys
[2012/12/12 13:41:33 | 000,147,200 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smidispb.dll
[2012/12/12 13:41:30 | 000,036,892 | ---- | C] (SMC) -- C:\WINDOWS\System32\dllcache\smcirda.sys
[2012/12/12 13:41:14 | 000,091,646 | ---- | C] (SysKonnect GmbH.) -- C:\WINDOWS\System32\dllcache\skfpwin.sys
[2012/12/12 13:41:11 | 000,094,879 | ---- | C] (SysKonnect GmbH.) -- C:\WINDOWS\System32\dllcache\sk98xwin.sys
[2012/12/12 13:41:04 | 000,032,768 | ---- | C] (SiS Corporation) -- C:\WINDOWS\System32\dllcache\sisnic.sys
[2012/12/12 13:40:33 | 000,098,080 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiulnt5.sys
[2012/12/12 13:40:30 | 000,386,560 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiul50.dll
[2012/12/12 13:40:05 | 000,020,480 | ---- | C] (SCM Microsystems) -- C:\WINDOWS\System32\dllcache\scr111.sys
[2012/12/12 13:40:01 | 000,026,240 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmusbm.sys
[2012/12/12 13:40:00 | 000,028,160 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmn50m.sys
[2012/12/12 13:39:49 | 000,061,504 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3dm.sys
[2012/12/12 13:39:46 | 000,179,264 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3d.dll
[2012/12/12 13:39:43 | 000,210,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mvirge.dll
[2012/12/12 13:39:41 | 000,062,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mtrio.dll
[2012/12/12 13:39:38 | 000,041,216 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.sys
[2012/12/12 13:39:35 | 000,182,272 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.dll
[2012/12/12 13:39:32 | 000,166,720 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3m.sys
[2012/12/12 13:39:00 | 000,009,216 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\rsmgrstr.dll
[2012/12/12 13:38:54 | 000,079,872 | ---- | C] (Comtrol Corporation) -- C:\WINDOWS\System32\dllcache\rocket.sys
[2012/12/12 13:38:41 | 000,714,762 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdmkxx.sys
[2012/12/12 13:38:38 | 000,899,146 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdkxga.sys
[2012/12/12 13:38:27 | 000,018,432 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\pscr.sys
[2012/12/12 13:37:37 | 000,026,153 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pcmlm56.sys
[2012/12/12 13:37:34 | 000,029,502 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\pca200e.sys
[2012/12/12 13:37:31 | 000,030,495 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pc100nds.sys
[2012/12/12 13:37:14 | 000,054,186 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otcsercb.sys
[2012/12/12 13:37:11 | 000,043,689 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otceth5.sys
[2012/12/12 13:37:08 | 000,027,209 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otc06x5.sys
[2012/12/12 13:36:41 | 000,132,695 | ---- | C] (802.11b) -- C:\WINDOWS\System32\dllcache\netwlan5.sys
[2012/12/12 13:36:36 | 000,039,264 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.sys
[2012/12/12 13:36:33 | 000,060,480 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.dll
[2012/12/12 13:36:25 | 000,091,488 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3disp.dll
[2012/12/12 13:36:23 | 000,027,936 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3d.sys
[2012/12/12 13:36:20 | 000,033,088 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.sys
[2012/12/12 13:36:18 | 000,059,104 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.dll
[2012/12/12 13:36:15 | 000,013,664 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.sys
[2012/12/12 13:36:13 | 000,035,392 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.dll
[2012/12/12 13:36:05 | 000,074,752 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxport.sys
[2012/12/12 13:36:04 | 000,013,824 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxport.dll
[2012/12/12 13:36:02 | 000,023,040 | ---- | C] (Macronix International Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxnic.sys
[2012/12/12 13:36:02 | 000,022,016 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxicfg.dll
[2012/12/12 13:35:59 | 000,024,064 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxcard.sys
[2012/12/12 13:35:04 | 000,171,935 | ---- | C] (Madge Networks Ltd) -- C:\WINDOWS\System32\dllcache\mdgndis5.sys
[2012/12/12 13:34:50 | 000,606,684 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmnt.sys
[2012/12/12 13:34:50 | 000,420,992 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntt.sys
[2012/12/12 13:34:47 | 000,727,786 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ltck000c.sys
[2012/12/12 13:34:39 | 000,025,065 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\lmndis3.sys
[2012/12/12 13:34:38 | 000,018,944 | ---- | C] (Litronic Industries) -- C:\WINDOWS\System32\dllcache\lit220p.sys
[2012/12/12 13:33:49 | 000,617,600 | ---- | C] (Intersil Americas Inc.) -- C:\WINDOWS\System32\dllcache\islp2nds.sys
[2012/12/12 13:33:45 | 000,023,552 | ---- | C] (MKNet Corporation) -- C:\WINDOWS\System32\dllcache\irmk7.sys
[2012/12/12 13:32:14 | 000,028,672 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grserial.sys
[2012/12/12 13:32:11 | 000,020,480 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\gpr400.sys
[2012/12/12 13:31:33 | 000,033,597 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\forehe.sys
[2012/12/12 13:31:23 | 000,053,760 | ---- | C] (Brooktrout Technology) -- C:\WINDOWS\System32\dllcache\faxinit.exe
[2012/12/12 13:31:21 | 000,024,618 | ---- | C] (NETGEAR) -- C:\WINDOWS\System32\dllcache\fa410nd5.sys
[2012/12/12 13:30:26 | 000,032,606 | ---- | C] (National Semiconductor Coproration) -- C:\WINDOWS\System32\dllcache\dp83820.sys
[2012/12/12 13:30:18 | 000,029,696 | ---- | C] (CNet Technology, Inc. ) -- C:\WINDOWS\System32\dllcache\dm9pci5.sys
[2012/12/12 13:30:16 | 000,369,085 | ---- | C] (Eicon Networks) -- C:\WINDOWS\System32\dllcache\diwansrv.sys
[2012/12/12 13:30:15 | 000,282,140 | ---- | C] (Eicon Networks) -- C:\WINDOWS\System32\dllcache\ditrace.exe
[2012/12/12 13:30:14 | 000,040,990 | ---- | C] (Eicon Networks) -- C:\WINDOWS\System32\dllcache\disrvsu.dll
[2012/12/12 13:30:13 | 000,034,334 | ---- | C] (Eicon Networks) -- C:\WINDOWS\System32\dllcache\disrvpp.dll
[2012/12/12 13:30:12 | 000,006,686 | ---- | C] (Eicon Networks) -- C:\WINDOWS\System32\dllcache\disrvci.dll
[2012/12/12 13:30:10 | 000,094,140 | ---- | C] (Eicon Networks) -- C:\WINDOWS\System32\dllcache\dimaint.sys
[2012/12/12 13:29:51 | 000,024,649 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650d.sys
[2012/12/12 13:29:51 | 000,024,648 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650.sys
[2012/12/12 13:29:49 | 000,021,632 | ---- | C] (Digital Networks, LLC) -- C:\WINDOWS\System32\dllcache\defpa.sys
[2012/12/12 13:29:34 | 000,047,616 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwrwdm.sys
[2012/12/12 13:29:33 | 000,096,256 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcwdm.sys
[2012/12/12 13:29:32 | 000,111,872 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcspud.sys
[2012/12/12 13:29:31 | 000,250,880 | ---- | C] (Comtrol® Corporation) -- C:\WINDOWS\System32\dllcache\ctmasetp.dll
[2012/12/12 13:29:31 | 000,003,584 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcosnt5.sys
[2012/12/12 13:29:19 | 000,021,376 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\cmbp0wdm.sys
[2012/12/12 13:29:02 | 000,049,182 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem56n5.sys
[2012/12/12 13:29:01 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem33n5.sys
[2012/12/12 13:29:01 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem28n5.sys
[2012/12/12 13:29:00 | 000,027,164 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce3n5.sys
[2012/12/12 13:28:58 | 000,714,698 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cbmdmkxx.sys
[2012/12/12 13:28:57 | 000,046,108 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cben5.sys
[2012/12/12 13:28:56 | 000,035,132 | ---- | C] (CARDBUSs) -- C:\WINDOWS\System32\dllcache\cb102.sys
[2012/12/12 13:28:55 | 000,034,304 | ---- | C] (Eicon Networks Corporation) -- C:\WINDOWS\System32\dllcache\diapi2NT.dll
[2012/12/12 13:28:54 | 000,186,736 | ---- | C] (Eicon Networks) -- C:\WINDOWS\System32\dllcache\diapi2.sys
[2012/12/12 13:28:40 | 000,254,464 | ---- | C] (Brooktrout Technology) -- C:\WINDOWS\System32\dllcache\btdlld.dll
[2012/12/12 13:28:39 | 000,010,880 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbscn.sys
[2012/12/12 13:28:38 | 000,060,032 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brserwdm.sys
[2012/12/12 13:28:38 | 000,011,264 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbmdm.sys
[2012/12/12 13:28:37 | 000,012,288 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brserif.dll
[2012/12/12 13:28:36 | 000,006,656 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\dllcache\brscnrsm.dll
[2012/12/12 13:28:35 | 000,039,424 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparwdm.sys
[2012/12/12 13:28:35 | 000,003,712 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparimg.sys
[2012/12/12 13:28:33 | 000,046,080 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfusb.dll
[2012/12/12 13:28:32 | 000,049,664 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmflpt.dll
[2012/12/12 13:28:32 | 000,040,960 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfrsmg.exe
[2012/12/12 13:28:30 | 000,022,528 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfbidi.dll
[2012/12/12 13:28:30 | 000,004,608 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltup.sys
[2012/12/12 13:28:29 | 000,012,416 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltlo.sys
[2012/12/12 13:28:28 | 000,022,016 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brevif.dll
[2012/12/12 13:28:28 | 000,003,456 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brfilt.sys
[2012/12/12 13:28:27 | 000,013,824 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brcoinst.dll
[2012/12/12 13:28:26 | 000,023,040 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brbidiif.dll
[2012/12/12 13:28:23 | 000,073,728 | ---- | C] (Brooktrout Technology) -- C:\WINDOWS\System32\dllcache\bfaxtsp.tsp
[2012/12/12 13:28:22 | 000,188,416 | ---- | C] (Brooktrout Technology Inc.) -- C:\WINDOWS\System32\dllcache\bfaxsnp.dll
[2012/12/12 13:28:22 | 000,061,440 | ---- | C] (Brooktrout Technology) -- C:\WINDOWS\System32\dllcache\bfaxfsp.dll
[2012/12/12 13:28:21 | 000,077,824 | ---- | C] (Brooktrout Technology Inc.) -- C:\WINDOWS\System32\dllcache\bfaxdev.dll
[2012/12/12 13:28:21 | 000,054,400 | ---- | C] (Brooktrout Technology) -- C:\WINDOWS\System32\dllcache\bfax.sys
[2012/12/12 13:28:18 | 000,036,128 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.sys
[2012/12/12 13:28:17 | 000,342,336 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.dll
[2012/12/12 13:28:16 | 000,092,800 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\b1cbase.sys
[2012/12/12 13:28:15 | 000,144,384 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmenum.dll
[2012/12/12 13:28:15 | 000,037,888 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmwan.sys
[2012/12/12 13:28:14 | 000,087,552 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmcoxp.dll
[2012/12/12 13:27:33 | 000,048,896 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys
[2012/12/12 13:27:22 | 000,673,728 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll
[2012/12/12 13:27:22 | 000,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys
[2012/12/12 13:27:21 | 000,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
[2012/12/12 03:25:30 | 004,702,459 | ---- | C] (FileZilla Project) -- C:\Documents and Settings\Administrator\My Documents\FileZilla_3.6.0.2_win32-setup.exe
[2012/12/12 03:24:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\FileZilla
[2012/12/11 17:12:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Music
[2012/12/11 16:18:14 | 000,000,000 | ---D | C] -- C:\Program Files\PDFCreator
[2012/12/05 07:40:11 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2012/12/05 07:39:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2012/12/05 07:33:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\TuneUp
[2012/12/04 15:17:09 | 000,257,928 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2012/12/03 10:54:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads
[2012/12/02 09:08:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2012/12/02 09:08:41 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2012/12/02 09:08:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Yahoo!
[2012/12/02 08:59:26 | 000,000,000 | ---D | C] -- C:\Program Files\FCDownloadManager
[2012/12/01 09:10:37 | 000,000,000 | ---D | C] -- C:\BrotherFix
[4 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/12/17 16:35:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/12/17 16:11:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012/12/17 16:00:00 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/12/17 13:47:00 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\Spyware X-terminator 2005 Update.job
[2012/12/17 03:00:00 | 000,000,498 | ---- | M] () -- C:\WINDOWS\tasks\Spyware X-terminator 2005 Scan.job
[2012/12/17 01:40:00 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\pc-dis-upd.job
[2012/12/17 01:33:32 | 000,000,410 | ---- | M] () -- C:\WINDOWS\tasks\ProgramUpdateCheck.job
[2012/12/16 17:23:18 | 000,065,536 | ---- | M] () -- C:\WINDOWS\NETLOGON.CHG
[2012/12/16 16:28:28 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/12/16 13:00:00 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/16 10:42:33 | 000,002,838 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2012/12/16 10:34:49 | 003,153,920 | ---- | M] () -- C:\secsetup.sdb
[2012/12/16 10:07:15 | 000,035,144 | ---- | M] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2012/12/16 10:03:16 | 000,697,869 | ---- | M] (Farbar) -- C:\Documents and Settings\Administrator\Desktop\FSS.exe
[2012/12/15 21:33:37 | 000,856,731 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\SecurityCheck.exe
[2012/12/15 21:24:58 | 000,510,632 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/12/15 21:24:58 | 000,088,734 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/12/15 21:19:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/12/15 21:17:21 | 000,989,467 | ---- | M] () -- C:\ads_err.dbf
[2012/12/15 20:59:47 | 000,545,819 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\adwcleaner.exe
[2012/12/15 17:24:43 | 000,495,376 | ---- | M] (Oleg N. Scherbakov) -- C:\Documents and Settings\Administrator\Desktop\JRT.exe
[2012/12/15 17:17:59 | 022,681,528 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Administrator\Desktop\SUPERAntiSpyware.exe
[2012/12/15 11:59:24 | 000,752,213 | ---- | M] (Farbar) -- C:\Documents and Settings\Administrator\Desktop\MiniToolBox.exe
[2012/12/14 01:40:37 | 004,727,176 | ---- | M] (PC Cleaners) -- C:\WINDOWS\uninst.exe
[2012/12/13 20:55:02 | 000,000,230 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf
[2012/12/13 15:55:06 | 000,000,308 | ---- | M] () -- C:\WINDOWS\System32\fixupdate.bat
[2012/12/12 22:07:54 | 000,208,104 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/12/12 22:02:51 | 000,000,694 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to HitmanPro.exe.lnk
[2012/12/12 03:25:46 | 004,702,459 | ---- | M] (FileZilla Project) -- C:\Documents and Settings\Administrator\My Documents\FileZilla_3.6.0.2_win32-setup.exe
[2012/12/11 17:09:13 | 000,000,468 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
[2012/12/11 15:48:54 | 000,000,182 | ---- | M] () -- C:\WINDOWS\hpbafd.ini
[2012/12/05 07:51:18 | 000,001,994 | ---- | M] () -- C:\WINDOWS\System32\.crusader
[2012/12/04 21:11:11 | 010,765,163 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\census.cache
[2012/12/04 21:06:50 | 000,150,661 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ars.cache
[2012/12/03 15:26:40 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\housecall.guid.cache
[2012/12/01 09:18:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\IP_192.168.1.51
[2012/12/01 09:12:27 | 000,000,666 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Brother Net Fix.lnk
[2012/11/27 14:10:36 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[4 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/12/16 10:34:47 | 003,153,920 | ---- | C] () -- C:\secsetup.sdb
[2012/12/16 10:07:15 | 000,035,144 | ---- | C] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2012/12/15 21:33:31 | 000,856,731 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\SecurityCheck.exe
[2012/12/15 20:59:38 | 000,545,819 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\adwcleaner.exe
[2012/12/15 12:55:13 | 000,000,900 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/12/15 12:55:13 | 000,000,896 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/14 01:40:40 | 000,000,422 | ---- | C] () -- C:\WINDOWS\tasks\pc-dis-upd.job
[2012/12/13 20:55:02 | 000,000,230 | ---- | C] () -- C:\WINDOWS\System32\spupdsvc.inf
[2012/12/13 16:31:45 | 000,024,523 | ---- | C] () -- C:\WINDOWS\System32\ieuinit.inf
[2012/12/13 15:53:21 | 000,000,308 | ---- | C] () -- C:\WINDOWS\System32\fixupdate.bat
[2012/12/12 22:02:51 | 000,000,694 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to HitmanPro.exe.lnk
[2012/12/12 13:43:12 | 001,413,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tintlgs.imd
[2012/12/12 13:43:11 | 000,455,272 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tintlgl.imd
[2012/12/12 13:43:11 | 000,171,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tintlgc.imd
[2012/12/12 13:38:59 | 000,006,331 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rsess.vbs
[2012/12/12 13:38:52 | 000,026,417 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rfeed.vbs
[2012/12/12 13:38:52 | 000,010,571 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rexpire.vbs
[2012/12/12 13:38:50 | 000,011,781 | ---- | C] () -- C:\WINDOWS\System32\dllcache\regfilt.vbs
[2012/12/12 13:38:47 | 000,003,912 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rcancel.vbs
[2012/12/12 13:38:29 | 000,135,680 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisrndr.ax
[2012/12/12 13:38:28 | 000,198,656 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisdecd.dll
[2012/12/12 13:38:10 | 010,011,497 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlgs.imd
[2012/12/12 13:38:09 | 000,733,292 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlgr.imd
[2012/12/12 13:38:09 | 000,208,744 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlgl.imd
[2012/12/12 13:38:08 | 001,004,904 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlgix.imd
[2012/12/12 13:38:08 | 000,948,656 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlgi.imd
[2012/12/12 13:38:08 | 000,867,242 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlgdx.imd
[2012/12/12 13:38:07 | 000,825,038 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlgd.imd
[2012/12/12 13:38:07 | 000,487,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsk.dic
[2012/12/12 13:38:07 | 000,188,140 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlgc.imd
[2012/12/12 13:38:06 | 000,174,803 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsd.dic
[2012/12/12 13:38:06 | 000,117,248 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2012/12/12 13:35:36 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdvbnp.ax
[2012/12/12 13:33:30 | 000,061,952 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2012/12/12 13:33:19 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2012/12/12 13:33:17 | 000,034,604 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iisvdir.vbs
[2012/12/12 13:33:15 | 000,060,121 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iisftp.vbs
[2012/12/12 13:33:15 | 000,034,518 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iisext.vbs
[2012/12/12 13:33:15 | 000,032,887 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iisftpdr.vbs
[2012/12/12 13:33:14 | 000,035,074 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iisback.vbs
[2012/12/12 13:33:13 | 000,009,709 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IIS_iis_switch.vbs
[2012/12/12 13:32:16 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2012/12/12 13:29:18 | 000,001,849 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IIS_clusftp.vbs
[2012/12/12 13:29:18 | 000,001,844 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IIS_clusweb.vbs
[2012/12/12 13:29:11 | 000,409,168 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cintlgu.imd
[2012/12/12 13:29:11 | 000,102,304 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cintlguc.imd
[2012/12/12 13:29:11 | 000,102,304 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cintlgsi.imd
[2012/12/12 13:29:11 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cintlgs.imd
[2012/12/12 13:29:10 | 000,427,138 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cintlgie.imd
[2012/12/12 13:29:10 | 000,024,080 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cintlgl.imd
[2012/12/12 13:29:09 | 000,543,708 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cintlgb.imd
[2012/12/12 13:29:09 | 000,279,894 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cintlgd.imd
[2012/12/12 13:29:08 | 000,462,929 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskdic.dic
[2012/12/12 13:29:08 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2012/12/12 13:28:06 | 000,026,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativxbar.sys
[2012/12/12 13:28:06 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atixbar.sys
[2012/12/12 13:28:06 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativttxx.sys
[2012/12/12 13:28:05 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativmdcd.sys
[2012/12/12 13:28:04 | 000,017,536 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitvsnd.sys
[2012/12/12 13:28:03 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtsnd.sys
[2012/12/12 13:28:03 | 000,017,536 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitunep.sys
[2012/12/12 13:28:02 | 000,050,304 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtcap.sys
[2012/12/12 13:28:01 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atipcxxx.sys
[2012/12/12 13:27:52 | 000,046,848 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atibt829.sys
[2012/12/11 16:18:16 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2012/12/05 07:51:18 | 000,001,994 | ---- | C] () -- C:\WINDOWS\System32\.crusader
[2012/12/04 21:11:11 | 010,765,163 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\census.cache
[2012/12/04 21:06:50 | 000,150,661 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ars.cache
[2012/12/03 15:26:40 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\housecall.guid.cache
[2012/12/01 09:18:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\IP_192.168.1.51
[2012/12/01 09:12:27 | 000,000,666 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Brother Net Fix.lnk
[2011/10/26 07:33:22 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2007/03/14 13:12:41 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2007/03/14 10:47:10 | 000,002,838 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol

========== ZeroAccess Check ==========

[2005/05/02 16:57:32 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2012/10/26 20:10:30 | 001,520,128 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 03:02:57 | 000,483,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2007/02/17 06:03:19 | 000,278,016 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/09/28 21:02:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Acronis
[2012/12/12 13:50:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Avant Downloader
[2012/12/12 03:29:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FileZilla
[2012/10/03 13:00:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FinalMediaPlayer
[2009/08/27 13:01:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2008/12/01 13:02:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2012/12/14 01:55:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CompuClever
[2012/12/15 13:01:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ErrorEND
[2012/12/05 07:51:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2012/12/17 11:32:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2012/12/14 01:40:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC1Data
[2008/12/01 13:10:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 10

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\shdoclc.dll:SummaryInformation

< End of report >
  • 0

Advertisements

#2
Jintan
Posted 21 December 2012 - 05:41 PM

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
Hello bhzendner,

I would like to see a few more scan results please.

Download HijackThis from Here. Then click on the downloaded file, and install HijackThis.

In HijackThis, click Config - Misc Tools - Open Uninstall Manager.

Click on Save List, then save that to a location you can locate again (such as the desktop). Copy/paste the contents of that back here please.

----------

Download RogueKiller (http://www.sur-la-to...om/RogueKiller/) to your desktop. Click the RogueKiller icon next to:

(Download link) : Lien de téléchargement:).

Close all open programs
Remember to right click -> run as administrator, and click the downloaded file.
When prompted, type 1, and press Enter.
A RKreport.txt will be created in the same location as the RogueKiller file.
If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe, and try again.

Please post the contents of the RKreport.txt.

---------

Download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • If you can have an open Internet connection, and allow it to download the latest Avast engine detections.
  • If avast! antivirus is already installed, just do the next step.
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

  • 0

#3
bhzendner
Posted 21 December 2012 - 08:34 PM

bhzendner

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 226 posts
32 Bit HP CIO Components Installer
Acronis Backup & Recovery 10 Tray Monitor
Acronis Backup & Recovery 10 Upgrade Tool
Acronis Backup & Recovery 10 Agent
Acronis Backup & Recovery 10 Bootable Components and Media Builder
Acronis Backup & Recovery 10 Standalone Management Console
Acronis Backup & Recovery 10 Universal Restore
Acronis WinPE ISO Builder
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 8.1.3
Advantage Data Architect
Advantage Database Server for Windows NT/2000/2003
Advantage Database Server for Windows NT/2000/2003 v7.1 (USA)
AltaPoint Medical
APC PowerChute Business Edition Agent
APC PowerChute Business Edition Console
APC PowerChute Business Edition Server
ATI Display Driver
Broadcom Drivers and Management Applications
CCleaner
CleanUp!
Defraggler
Dell PowerEdge Diagnostics 2.9
File Type Assistant
FileZilla Client 3.6.0.2
Google Update Helper
HitmanPro 3.7
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Server 2003 (KB2158563)
Hotfix for Windows Server 2003 (KB2443685)
Hotfix for Windows Server 2003 (KB2570791)
Hotfix for Windows Server 2003 (KB2633952-v2)
Hotfix for Windows Server 2003 (KB2756822)
Hotfix for Windows Server 2003 (KB2779562)
Hotfix for Windows Server 2003 (KB926141)
Hotfix for Windows Server 2003 (KB961118)
Hotfix for Windows Server 2003 (KB970653-v3)
Hotfix for Windows Server 2003 (KB976098-v2)
Hotfix for Windows Server 2003 (KB979306)
Hotfix for Windows Server 2003 (KB981793)
Java™ 6 Update 35
Lexmark Software Uninstall
LogMeIn
LogMeIn
Macromedia Flash Player
Malwarebytes Anti-Malware version 1.65.1.1000
McAfee Agent
McAfee VirusScan Enterprise
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage
Microsoft Report Viewer Redistributable 2005
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Mozilla Firefox 17.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6 Service Pack 2 (KB2721693)
PC Cleaners
PrimoPDF
PrintKey2000
QuickBooks
QuickBooks Pro 2009
RD1000 tools
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Server 2003 (KB2079403)
Security Update for Windows Server 2003 (KB2115168)
Security Update for Windows Server 2003 (KB2121546)
Security Update for Windows Server 2003 (KB2160329)
Security Update for Windows Server 2003 (KB2207559)
Security Update for Windows Server 2003 (KB2229593)
Security Update for Windows Server 2003 (KB2259922)
Security Update for Windows Server 2003 (KB2279986)
Security Update for Windows Server 2003 (KB2286198)
Security Update for Windows Server 2003 (KB2296011)
Security Update for Windows Server 2003 (KB2296199)
Security Update for Windows Server 2003 (KB2347290)
Security Update for Windows Server 2003 (KB2360937)
Security Update for Windows Server 2003 (KB2378111)
Security Update for Windows Server 2003 (KB2387149)
Security Update for Windows Server 2003 (KB2393802)
Security Update for Windows Server 2003 (KB2412687)
Security Update for Windows Server 2003 (KB2416451)
Security Update for Windows Server 2003 (KB2419635)
Security Update for Windows Server 2003 (KB2423089)
Security Update for Windows Server 2003 (KB2436673)
Security Update for Windows Server 2003 (KB2440591)
Security Update for Windows Server 2003 (KB2443105)
Security Update for Windows Server 2003 (KB2476490)
Security Update for Windows Server 2003 (KB2476687)
Security Update for Windows Server 2003 (KB2478953)
Security Update for Windows Server 2003 (KB2478960)
Security Update for Windows Server 2003 (KB2478971)
Security Update for Windows Server 2003 (KB2479628)
Security Update for Windows Server 2003 (KB2481109)
Security Update for Windows Server 2003 (KB2483185)
Security Update for Windows Server 2003 (KB2485376)
Security Update for Windows Server 2003 (KB2485663)
Security Update for Windows Server 2003 (KB2503658)
Security Update for Windows Server 2003 (KB2503665)
Security Update for Windows Server 2003 (KB2506212)
Security Update for Windows Server 2003 (KB2506223)
Security Update for Windows Server 2003 (KB2507618)
Security Update for Windows Server 2003 (KB2507938)
Security Update for Windows Server 2003 (KB2508272)
Security Update for Windows Server 2003 (KB2508429)
Security Update for Windows Server 2003 (KB2509553)
Security Update for Windows Server 2003 (KB2510581)
Security Update for Windows Server 2003 (KB2510587)
Security Update for Windows Server 2003 (KB2511455)
Security Update for Windows Server 2003 (KB2524375)
Security Update for Windows Server 2003 (KB2535512)
Security Update for Windows Server 2003 (KB2536276)
Security Update for Windows Server 2003 (KB2536276-v2)
Security Update for Windows Server 2003 (KB2544521)
Security Update for Windows Server 2003 (KB2544893)
Security Update for Windows Server 2003 (KB2544893-v2)
Security Update for Windows Server 2003 (KB2555917)
Security Update for Windows Server 2003 (KB2562485)
Security Update for Windows Server 2003 (KB2562937)
Security Update for Windows Server 2003 (KB2566454)
Security Update for Windows Server 2003 (KB2567053)
Security Update for Windows Server 2003 (KB2567680)
Security Update for Windows Server 2003 (KB2570222)
Security Update for Windows Server 2003 (KB2570947)
Security Update for Windows Server 2003 (KB2572069)
Security Update for Windows Server 2003 (KB2584146)
Security Update for Windows Server 2003 (KB2585542)
Security Update for Windows Server 2003 (KB2592799)
Security Update for Windows Server 2003 (KB2598479)
Security Update for Windows Server 2003 (KB2601626)
Security Update for Windows Server 2003 (KB2603381)
Security Update for Windows Server 2003 (KB2604078)
Security Update for Windows Server 2003 (KB2618451)
Security Update for Windows Server 2003 (KB2620712)
Security Update for Windows Server 2003 (KB2621146)
Security Update for Windows Server 2003 (KB2621440)
Security Update for Windows Server 2003 (KB2624667)
Security Update for Windows Server 2003 (KB2631813)
Security Update for Windows Server 2003 (KB2633171)
Security Update for Windows Server 2003 (KB2638806)
Security Update for Windows Server 2003 (KB2639417)
Security Update for Windows Server 2003 (KB2641653)
Security Update for Windows Server 2003 (KB2644615)
Security Update for Windows Server 2003 (KB2645640)
Security Update for Windows Server 2003 (KB2646524)
Security Update for Windows Server 2003 (KB2647170)
Security Update for Windows Server 2003 (KB2647518)
Security Update for Windows Server 2003 (KB2653956)
Security Update for Windows Server 2003 (KB2655992)
Security Update for Windows Server 2003 (KB2656358)
Security Update for Windows Server 2003 (KB2656376)
Security Update for Windows Server 2003 (KB2656376-v2)
Security Update for Windows Server 2003 (KB2659262)
Security Update for Windows Server 2003 (KB2660465)
Security Update for Windows Server 2003 (KB2676562)
Security Update for Windows Server 2003 (KB2685939)
Security Update for Windows Server 2003 (KB2686509)
Security Update for Windows Server 2003 (KB2691442)
Security Update for Windows Server 2003 (KB2695962)
Security Update for Windows Server 2003 (KB2698032)
Security Update for Windows Server 2003 (KB2698365)
Security Update for Windows Server 2003 (KB2705219)
Security Update for Windows Server 2003 (KB2707511)
Security Update for Windows Server 2003 (KB2709162)
Security Update for Windows Server 2003 (KB2712808)
Security Update for Windows Server 2003 (KB2718523)
Security Update for Windows Server 2003 (KB2719985)
Security Update for Windows Server 2003 (KB2724197)
Security Update for Windows Server 2003 (KB2727528)
Security Update for Windows Server 2003 (KB2731847)
Security Update for Windows Server 2003 (KB2744842)
Security Update for Windows Server 2003 (KB2753842)
Security Update for Windows Server 2003 (KB2758857)
Security Update for Windows Server 2003 (KB2761226)
Security Update for Windows Server 2003 (KB2761465)
Security Update for Windows Server 2003 (KB2770660)
Security Update for Windows Server 2003 (KB2779030)
Security Update for Windows Server 2003 (KB921503)
Security Update for Windows Server 2003 (KB923561)
Security Update for Windows Server 2003 (KB924667-v2)
Security Update for Windows Server 2003 (KB925902)
Security Update for Windows Server 2003 (KB926122)
Security Update for Windows Server 2003 (KB929123)
Security Update for Windows Server 2003 (KB930178)
Security Update for Windows Server 2003 (KB931768)
Security Update for Windows Server 2003 (KB931784)
Security Update for Windows Server 2003 (KB932168)
Security Update for Windows Server 2003 (KB933566)
Security Update for Windows Server 2003 (KB933729)
Security Update for Windows Server 2003 (KB933854)
Security Update for Windows Server 2003 (KB935839)
Security Update for Windows Server 2003 (KB935840)
Security Update for Windows Server 2003 (KB935966)
Security Update for Windows Server 2003 (KB936021)
Security Update for Windows Server 2003 (KB936782)
Security Update for Windows Server 2003 (KB937143)
Security Update for Windows Server 2003 (KB938127)
Security Update for Windows Server 2003 (KB938464)
Security Update for Windows Server 2003 (KB939653)
Security Update for Windows Server 2003 (KB941202)
Security Update for Windows Server 2003 (KB941568)
Security Update for Windows Server 2003 (KB941569)
Security Update for Windows Server 2003 (KB941644)
Security Update for Windows Server 2003 (KB941672)
Security Update for Windows Server 2003 (KB941693)
Security Update for Windows Server 2003 (KB942615)
Security Update for Windows Server 2003 (KB943055)
Security Update for Windows Server 2003 (KB943460)
Security Update for Windows Server 2003 (KB943484)
Security Update for Windows Server 2003 (KB943485)
Security Update for Windows Server 2003 (KB944653)
Security Update for Windows Server 2003 (KB945553)
Security Update for Windows Server 2003 (KB946026)
Security Update for Windows Server 2003 (KB948590)
Security Update for Windows Server 2003 (KB948881)
Security Update for Windows Server 2003 (KB949014)
Security Update for Windows Server 2003 (KB950760)
Security Update for Windows Server 2003 (KB950762)
Security Update for Windows Server 2003 (KB950974)
Security Update for Windows Server 2003 (KB951066)
Security Update for Windows Server 2003 (KB951698)
Security Update for Windows Server 2003 (KB951746)
Security Update for Windows Server 2003 (KB951748)
Security Update for Windows Server 2003 (KB952004)
Security Update for Windows Server 2003 (KB952069)
Security Update for Windows Server 2003 (KB952954)
Security Update for Windows Server 2003 (KB953298)
Security Update for Windows Server 2003 (KB953839)
Security Update for Windows Server 2003 (KB954155)
Security Update for Windows Server 2003 (KB954211)
Security Update for Windows Server 2003 (KB954600)
Security Update for Windows Server 2003 (KB955069)
Security Update for Windows Server 2003 (KB956391)
Security Update for Windows Server 2003 (KB956572)
Security Update for Windows Server 2003 (KB956744)
Security Update for Windows Server 2003 (KB956802)
Security Update for Windows Server 2003 (KB956803)
Security Update for Windows Server 2003 (KB956841)
Security Update for Windows Server 2003 (KB956844)
Security Update for Windows Server 2003 (KB957095)
Security Update for Windows Server 2003 (KB957097)
Security Update for Windows Server 2003 (KB958644)
Security Update for Windows Server 2003 (KB958687)
Security Update for Windows Server 2003 (KB958690)
Security Update for Windows Server 2003 (KB958869)
Security Update for Windows Server 2003 (KB959426)
Security Update for Windows Server 2003 (KB960225)
Security Update for Windows Server 2003 (KB960715)
Security Update for Windows Server 2003 (KB960803)
Security Update for Windows Server 2003 (KB960859)
Security Update for Windows Server 2003 (KB961063)
Security Update for Windows Server 2003 (KB961371)
Security Update for Windows Server 2003 (KB961371-v2)
Security Update for Windows Server 2003 (KB961373)
Security Update for Windows Server 2003 (KB961501)
Security Update for Windows Server 2003 (KB967723)
Security Update for Windows Server 2003 (KB968537)
Security Update for Windows Server 2003 (KB968816)
Security Update for Windows Server 2003 (KB969059)
Security Update for Windows Server 2003 (KB969805)
Security Update for Windows Server 2003 (KB969898)
Security Update for Windows Server 2003 (KB969947)
Security Update for Windows Server 2003 (KB970238)
Security Update for Windows Server 2003 (KB970430)
Security Update for Windows Server 2003 (KB971032)
Security Update for Windows Server 2003 (KB971468)
Security Update for Windows Server 2003 (KB971486)
Security Update for Windows Server 2003 (KB971557)
Security Update for Windows Server 2003 (KB971633)
Security Update for Windows Server 2003 (KB971657)
Security Update for Windows Server 2003 (KB971961)
Security Update for Windows Server 2003 (KB972270)
Security Update for Windows Server 2003 (KB973037)
Security Update for Windows Server 2003 (KB973346)
Security Update for Windows Server 2003 (KB973354)
Security Update for Windows Server 2003 (KB973507)
Security Update for Windows Server 2003 (KB973525)
Security Update for Windows Server 2003 (KB973540)
Security Update for Windows Server 2003 (KB973869)
Security Update for Windows Server 2003 (KB973904)
Security Update for Windows Server 2003 (KB974112)
Security Update for Windows Server 2003 (KB974318)
Security Update for Windows Server 2003 (KB974392)
Security Update for Windows Server 2003 (KB974571)
Security Update for Windows Server 2003 (KB975025)
Security Update for Windows Server 2003 (KB975467)
Security Update for Windows Server 2003 (KB975560)
Security Update for Windows Server 2003 (KB975562)
Security Update for Windows Server 2003 (KB975713)
Security Update for Windows Server 2003 (KB977290)
Security Update for Windows Server 2003 (KB977816)
Security Update for Windows Server 2003 (KB977914)
Security Update for Windows Server 2003 (KB978037)
Security Update for Windows Server 2003 (KB978251)
Security Update for Windows Server 2003 (KB978262)
Security Update for Windows Server 2003 (KB978338)
Security Update for Windows Server 2003 (KB978542)
Security Update for Windows Server 2003 (KB978601)
Security Update for Windows Server 2003 (KB978695)
Security Update for Windows Server 2003 (KB978706)
Security Update for Windows Server 2003 (KB979309)
Security Update for Windows Server 2003 (KB979482)
Security Update for Windows Server 2003 (KB979559)
Security Update for Windows Server 2003 (KB979683)
Security Update for Windows Server 2003 (KB979687)
Security Update for Windows Server 2003 (KB979907)
Security Update for Windows Server 2003 (KB980195)
Security Update for Windows Server 2003 (KB980218)
Security Update for Windows Server 2003 (KB980232)
Security Update for Windows Server 2003 (KB980436)
Security Update for Windows Server 2003 (KB981322)
Security Update for Windows Server 2003 (KB981349)
Security Update for Windows Server 2003 (KB981550)
Security Update for Windows Server 2003 (KB981957)
Security Update for Windows Server 2003 (KB982132)
Security Update for Windows Server 2003 (KB982214)
Security Update for Windows Server 2003 (KB982802)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Windows (KB971513)
Update for Windows Server 2003 (KB2141007)
Update for Windows Server 2003 (KB2345886)
Update for Windows Server 2003 (KB2467659)
Update for Windows Server 2003 (KB2492386)
Update for Windows Server 2003 (KB2607712)
Update for Windows Server 2003 (KB2616676-v2)
Update for Windows Server 2003 (KB2641690-v2)
Update for Windows Server 2003 (KB2661254)
Update for Windows Server 2003 (KB2718704)
Update for Windows Server 2003 (KB2736233)
Update for Windows Server 2003 (KB2748349)
Update for Windows Server 2003 (KB2749655)
Update for Windows Server 2003 (KB925876)
Update for Windows Server 2003 (KB927891)
Update for Windows Server 2003 (KB931836)
Update for Windows Server 2003 (KB933360)
Update for Windows Server 2003 (KB936357)
Update for Windows Server 2003 (KB942763)
Update for Windows Server 2003 (KB942840)
Update for Windows Server 2003 (KB943729)
Update for Windows Server 2003 (KB948496)
Update for Windows Server 2003 (KB951072-v2)
Update for Windows Server 2003 (KB955759)
Update for Windows Server 2003 (KB955839)
Update for Windows Server 2003 (KB967715)
Update for Windows Server 2003 (KB968389)
Update for Windows Server 2003 (KB971029)
Update for Windows Server 2003 (KB971737)
Update for Windows Server 2003 (KB973687)
Update for Windows Server 2003 (KB973815)
Update for Windows Server 2003 (KB973825)
Update for Windows Server 2003 (KB977165)
Windows Imaging Component
Windows Management Framework Core
Windows Presentation Foundation
Windows Server 2003 Service Pack 2


RogueKiller V8.4.0 [Dec 20 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP 64 / Windows Home Server / Windows Server 2003 (5.2.3790 Service Pack 2) 32 bits version
Started in : Normal mode
User : Administrator [Admin rights]
Mode : Scan -- Date : 12/21/2012 18:14:59

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 8 ¤¤¤
[RUN][ROGUE ST] HKLM\[...]\RunOnce : 1 (C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\mbam-chameleon.exe /r /p) -> FOUND
[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyDocs (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[128] : LdrShutdownThread @ 0x80944A68 -> HOOKED (\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys @ 0xF4F5DC4C)
SSDT[134] : NtOpenThread @ 0x80944CF6 -> HOOKED (\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys @ 0xF4F5DD3C)

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: DELL PERC 5/i SCSI Disk Device +++++
--- User ---
[MBR] 683da1f31a84c90926cd2dffa2edf3cb
[BSP] cb5cc60613382c35dfec4fadfae41fcc : Windows XP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 78 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 160650 | Size: 31008 Mo
2 - [XXXXXX] EXTEN (0x05) [VISIBLE] Offset (sectors): 63665595 | Size: 108297 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1]_S_12212012_02d1814.txt >>
RKreport[1]_S_12212012_02d1814.txt

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-12-21 18:16:38
-----------------------------
18:16:38.406 OS Version: Windows 5.2.3790 Service Pack 2
18:16:38.406 Number of processors: 8 586 0x604
18:16:38.406 ComputerName: SRVR-DW UserName:
18:16:38.750 Initialize success
18:20:53.750 AVAST engine defs: 12122101
18:21:14.968 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000006f
18:21:14.984 Disk 0 Vendor: DELL____ 1.00 Size: 139392MB BusType: 8
18:21:14.984 Disk 0 MBR read successfully
18:21:14.984 Disk 0 MBR scan
18:21:15.000 Disk 0 Windows XP default MBR code
18:21:15.000 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 78 MB offset 63
18:21:15.000 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 31008 MB offset 160650
18:21:15.046 Disk 0 Partition - 00 05 Extended 108297 MB offset 63665595
18:21:15.046 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 108297 MB offset 63665664
18:21:15.062 Disk 0 scanning sectors +285458985

Here you go...
  • 0

#4
Jintan
Posted 22 December 2012 - 05:10 PM

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
Not too much showing so far. You have McAfee VirusScan Enterprise installed, which is a business application. Is this a business system?

Curious why the MBR gets listed as XP, but a chance the scan isn't set up to recognize a server software.

Be sure to continue to temporarily disable any protective software when running the scan tools we use here.



Go to Start – Settings – Control Panel. Click on Add/Remove Programs. If any of the following programs are listed there, click on the program to highlight it, and click on Remove. Then close the Control Panel.

CleanUp! - Troubles using it in the past, and you already have CCleaner.
Defraggler - Little need to run regular defrags on the newer NTFS file systems, and frequent defrags can screw up the file system.
File Type Assistant - Adware.
HitmanPro 3.7 - Done what it can, so better to remove it.
PC Cleaners - Fake, scam software.

----------

Run RogueKiller again.

•Please quit all programs
•Run RogueKiller
•Wait until the Prescan finishes
•Press: Scan


•On the RogueKiller console, click the Registry tab.
•Uncheck these legit entries:
[RUN][ROGUE ST] HKLM\[...]\RunOnce : 1 (C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\mbam-chameleon.exe /r /p) -> FOUND
SSDT[128] : LdrShutdownThread @ 0x80944A68 -> HOOKED (\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys @ 0xF4F5DC4C)
SSDT[134] : NtOpenThread @ 0x80944CF6 -> HOOKED (\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys @ 0xF4F5DD3C)
•Make sure the entries there are checked.
•Then, press the [Delete] button.

Please post the RKreport (Mode: Delete) created on the Desktop.

---------

Download ComboFix.exe from here to your desktop, then click that to run that scan. Agree to any warnings you might receive.

Be sure to install the Recovery Console if you are asked to do so. When the scan completes, a text window with your log will open. Please copy and paste that log back here.

A caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.

Allow the scan to run. When completed a text window will appear - please copy/paste the contents back here. This log can also be found at C:\ComboFix.txt.
  • 0

#5
bhzendner
Posted 22 December 2012 - 05:53 PM

bhzendner

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 226 posts
RogueKiller V8.4.0 [Dec 20 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP 64 / Windows Home Server / Windows Server 2003 (5.2.3790 Service Pack 2) 32 bits version
Started in : Normal mode
User : Administrator [Admin rights]
Mode : Shortcuts HJfix -- Date : 12/22/2012 15:42:01

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 0 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 10 / Fail 0
Start menu: Success 0 / Fail 0
User folder: Success 26 / Fail 0
My documents: Success 3 / Fail 3
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 423 / Fail 0
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume3 -- 0x3 --> Restored
[E:] \Device\CdRom0 -- 0x5 --> Skipped
[Y:] \Device\LanmanRedirector\;Y:00000000000ae56a\dwserver\C on dwserver -- 0x4 --> Skipped

Finished : << RKreport[3]_SC_12222012_02d1542.txt >>
RKreport[1]_S_12212012_02d1814.txt ; RKreport[2]_S_12222012_02d1538.txt ; RKreport[3]_SC_12222012_02d1542.txt


Combofix will not run on servers
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP