Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

trojan:js/medfos.b discovered every 5 or 6 minutes [Solved]

Started by SFAdad , Apr 14 2013 10:26 AM

This topic is locked

#1
SFAdad

Posted 14 April 2013 - 10:26 AM

Member

Member
47 posts

Microsoft Security Essentials discovers and cleans this trojan every 5 minutes or so.

System : Windows XP Pro SP3

Normally I use a limited account only using the admin account for updates.
Thursday 4/11 I was trying to find an email client other that Outlook Express to sync with my Blackberry.
At the same time I decided to uninstall Open Office and install a copy of Microsoft Office Home and Student 2007 not realizing that Excel could not open .ods. At that time I decided to put Open Office back on my machine so I could convert all .ods files to .xls. I think this is when I picked up the trojan. When doing a google search to find Open Office software I clicked on the first link that google listed. When installing what I thought was Open Office the installer kept asking me to accept stuff other than Open Office so I quit and found another Open Office source to download from.
The next day I noticed that IE was running in the background and Security Essentials kept poping up in the system tray saying no action needed so I ran Malwarebytes.

First instance of Malwarebytes quarantined and deleted (PUP.TidyNetwork).
Subsequent runs have not detected anything but Security Essentials keeps detecting and cleaning the trojan.

What I've done since.
Run Malwarebytes and MSE in safe mode. Neither found anything
Downloaded and run Microsoft Windows Malicious Software Removal Tool (KB890830) - Setup Self-Extracting Cabinet. Nothing detected
Run OTL (log below)

OTL logfile created on: 4/14/2013 10:31:23 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Admin\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.45 Gb Available Physical Memory | 72.56% Memory free
3.81 Gb Paging File | 3.28 Gb Available in Paging File | 86.05% Paging File free
Paging file location(s): C:\pagefile.sys 2000 3100 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.87 Gb Total Space | 15.86 Gb Free Space | 28.39% Space Free | Partition Type: NTFS

Computer Name: MICHAEL-02YGOYZ | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/04/13 21:58:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\My Documents\Downloads\OTL.exe
PRC - [2013/04/09 03:57:09 | 001,312,720 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2013/02/15 18:23:34 | 014,731,776 | ---- | M] (GARMIN Corp.) -- C:\Program Files\Garmin\ANT Agent\ANT Agent.exe
PRC - [2013/01/27 11:11:46 | 000,284,304 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MpCmdRun.exe
PRC - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/01/27 11:11:06 | 000,947,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2013/01/18 17:10:18 | 000,577,536 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
PRC - [2013/01/17 16:08:26 | 000,267,792 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2012/10/30 22:04:30 | 000,134,584 | ---- | M] (Bayer Healthcare LLC) -- C:\Program Files\Bayer HealthCare SmartLaunch\bin\BayerHCService.exe
PRC - [2012/08/23 13:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/11 20:27:24 | 000,291,760 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\lxddmon.exe
PRC - [2007/05/25 10:41:38 | 000,537,520 | ---- | M] ( ) -- C:\WINDOWS\system32\lxddcoms.exe
PRC - [2007/04/30 09:19:54 | 000,020,480 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\lxddamon.exe

========== Modules (No Company Name) ==========

MOD - [2013/04/09 03:57:07 | 000,390,096 | ---- | M] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\26.0.1410.64\ppgooglenaclpluginchrome.dll
MOD - [2013/04/09 03:57:06 | 013,130,704 | ---- | M] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
MOD - [2013/04/09 03:57:05 | 004,050,896 | ---- | M] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\26.0.1410.64\pdf.dll
MOD - [2013/04/09 03:56:13 | 001,606,096 | ---- | M] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll
MOD - [2013/03/10 20:23:09 | 000,221,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\e534d8e15df8611bc3174e5f2377a093\System.ServiceProcess.ni.dll
MOD - [2013/03/10 20:17:02 | 000,762,368 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\569d22d5591f3d2d35bc64437011e919\System.Runtime.Remoting.ni.dll
MOD - [2013/03/10 20:16:56 | 000,786,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\578e2c661908dea0af10151bc199f347\System.EnterpriseServices.ni.dll
MOD - [2013/03/10 20:16:54 | 000,646,656 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\6e903ce8719e50acd783f8726b11249f\System.Transactions.ni.dll
MOD - [2013/03/10 20:06:19 | 013,198,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\de3e6b59e3949f8086973d53518a9ecb\System.Windows.Forms.ni.dll
MOD - [2013/03/10 20:05:17 | 006,798,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\9a75548aa508a2645318308885b3eee0\System.Data.ni.dll
MOD - [2013/03/10 20:05:05 | 001,667,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\8ba0620535aa28d509b9397500b7d530\System.Drawing.ni.dll
MOD - [2013/03/10 20:04:03 | 000,980,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\197761bb3230bf9d4f540305dcf6717c\System.Configuration.ni.dll
MOD - [2013/03/10 20:03:49 | 007,053,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\a0db56351a1589e44868456609b01737\System.Core.ni.dll
MOD - [2013/03/10 20:03:30 | 005,618,176 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\3d6d9da56c9f607615b55d6742d8427d\System.Xml.ni.dll
MOD - [2013/03/10 20:03:18 | 009,093,120 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\c182d7a0bd88caf2cddccb7491a5fa6e\System.ni.dll
MOD - [2013/03/10 20:03:03 | 014,412,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll
MOD - [2012/07/31 11:33:30 | 000,088,688 | ---- | M] () -- C:\WINDOWS\system32\cpwmon2k.dll
MOD - [2011/10/13 21:31:06 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\36bf3d5f05a40c9e3cadca5789c8a469\System.Runtime.Remoting.ni.dll
MOD - [2011/10/13 21:30:55 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll
MOD - [2011/10/13 21:28:28 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
MOD - [2011/10/13 21:28:20 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll
MOD - [2011/10/13 21:28:00 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll
MOD - [2011/10/13 21:25:56 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2011/10/13 21:25:38 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2008/04/13 19:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 19:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/06/11 20:27:24 | 000,291,760 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\lxddmon.exe
MOD - [2007/05/30 06:12:16 | 000,040,960 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\App4R.Monitor.Core.dll
MOD - [2007/05/30 06:12:16 | 000,028,672 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\App4R.Monitor.Common.dll
MOD - [2007/05/30 06:11:22 | 000,057,344 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\App4R.DevMons.MCMDevMon.dll
MOD - [2007/04/30 09:20:26 | 000,011,776 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\App4R.DevMons.MCMDevMon.AutoPlayUtil.dll
MOD - [2007/04/30 09:19:54 | 000,020,480 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\lxddamon.exe
MOD - [2007/04/30 09:19:52 | 000,020,480 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\App4R.DevMons.ScanDevMon.dll
MOD - [2007/04/30 09:19:48 | 000,020,480 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\App4R.DevMons.NetworkCardDevMon.dll
MOD - [2007/03/06 09:16:48 | 000,589,824 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\lxdddatr.dll
MOD - [2007/02/26 23:16:25 | 000,103,936 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxdddrpp.dll
MOD - [2007/02/21 18:14:15 | 000,012,288 | ---- | M] () -- C:\WINDOWS\system32\LXF3PMRC.DLL
MOD - [2007/02/21 18:11:50 | 000,045,056 | ---- | M] () -- C:\WINDOWS\system32\LXF3PMON.DLL
MOD - [2007/02/21 18:08:56 | 000,032,768 | ---- | M] () -- C:\Program Files\Lexmark Fax Solutions\ipcmt.dll
MOD - [2007/01/23 20:40:04 | 000,065,536 | ---- | M] () -- C:\WINDOWS\system32\lxddcaps.dll
MOD - [2007/01/09 18:13:08 | 000,692,224 | ---- | M] () -- C:\WINDOWS\system32\lxdddrs.dll
MOD - [2007/01/09 18:10:06 | 000,278,528 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\lxddscw.dll
MOD - [2006/11/07 05:02:18 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\lxf3oem.dll
MOD - [2006/10/06 12:08:04 | 000,069,632 | ---- | M] () -- C:\WINDOWS\system32\lxddcnv4.dll

========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/01/18 17:10:18 | 000,577,536 | ---- | M] (Research In Motion Limited) [On_Demand | Running] -- C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe -- (Blackberry Device Manager)
SRV - [2012/10/30 22:04:30 | 000,134,584 | ---- | M] (Bayer Healthcare LLC) [Auto | Running] -- C:\Program Files\Bayer HealthCare SmartLaunch\bin\BayerHCService.exe -- (BayerHealthcareService)
SRV - [2012/08/23 13:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2011/10/14 01:01:50 | 000,994,360 | ---- | M] (Secunia) [On_Demand | Stopped] -- C:\Program Files\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2010/08/23 20:21:40 | 000,007,692 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/09/23 14:38:18 | 000,935,208 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2007/05/25 10:41:38 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\system32\lxddcoms.exe -- (lxdd_device)
SRV - [2007/05/25 04:41:53 | 000,099,248 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe -- (lxddCATSCustConnectService)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Drivers\REGHOOK.SYS -- (REGHOOK)
DRV - [2010/09/01 03:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2009/07/07 10:53:04 | 000,028,160 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\libusb0.sys -- (libusb0)
DRV - [2008/07/16 12:10:54 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2004/06/28 11:08:56 | 000,042,752 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2001/08/22 10:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (OMCI)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 09 F4 78 DB 9E 37 CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage:
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\26.0.1410.64\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

O1 HOSTS File: ([2011/12/14 20:56:38 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7736C7FA-512D-11E2-B871-DEC36088709B} - No CLSID value found.
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O4 - HKLM..\Run: [lxddamon] C:\Program Files\Lexmark 2500 Series\lxddamon.exe ()
O4 - HKLM..\Run: [lxddmon.exe] C:\Program Files\Lexmark 2500 Series\lxddmon.exe ()
O4 - HKLM..\Run: [MSC] "c:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey File not found
O4 - HKLM..\Run: [rfxdpc] C:\Documents and Settings\Admin\Application Data\rfxdpc.dll (Technology Inc.)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [tdvnr] C:\Documents and Settings\Admin\Application Data\tdvnr.dll (Graphics Co., Ltd.)
O4 - HKCU..\Run: [ANT Agent] C:\Program Files\Garmin\ANT Agent\ANT Agent.exe (GARMIN Corp.)
O4 - Startup: C:\Documents and Settings\Admin\Start Menu\Programs\Startup\AutorunsDisabled [2013/04/13 09:21:18 | 000,000,000 | -H-D | M]
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108839
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell....iler/SysPro.CAB (Reg Error: Key error.)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase6796.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1254629116874 (WUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://svwmi.worldm...perSetupSP1.cab (JuniperSetupSP1 Control)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://svwmi.worldm...SetupClient.cab (JuniperSetupClientControl Class)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.113.206.10 24.217.0.5 71.92.29.130
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{10BB0582-5BA9-457E-91B0-E2284D6D28AB}: DhcpNameServer = 68.113.206.10 24.217.0.5 71.92.29.130
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/09/27 21:05:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/04/13 09:21:18 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Admin\Start Menu\Programs\Startup\AutorunsDisabled
[2013/04/12 12:14:39 | 000,475,136 | ---- | C] (Technology Inc.) -- C:\Documents and Settings\Admin\Application Data\rfxdpc.dll
[2013/04/12 12:14:27 | 000,753,664 | ---- | C] (Graphics Co., Ltd.) -- C:\Documents and Settings\Admin\Application Data\tdvnr.dll
[2013/04/12 11:49:48 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\OpenOffice.org 3.4.1
[2013/04/12 11:46:55 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
[2013/04/12 11:43:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Desktop\OpenOffice.org 3.4.1 (en-US) Installation Files
[2013/04/12 11:32:58 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Admin\My Documents\My Videos
[2013/04/12 11:32:58 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Admin\Start Menu\Programs\Administrative Tools
[2013/04/12 02:55:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\My Documents\OneNote Notebooks
[2013/04/12 02:50:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office
[2013/04/12 02:48:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2013/04/12 02:47:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2013/04/12 02:46:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2013/04/12 02:43:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2013/04/12 02:42:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft Help
[2013/04/12 02:40:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2013/04/12 02:40:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2013/04/12 02:38:24 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2013/04/12 01:29:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Tracing
[2013/04/12 01:29:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft
[2013/04/12 01:26:49 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2013/04/12 01:26:33 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2013/04/12 01:26:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Live
[2013/04/12 01:26:02 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2013/04/12 01:21:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2013/04/10 22:31:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\BlackBerry
[2013/04/10 22:31:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2013/04/10 22:30:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\XCPCSync.OEM
[2013/04/10 22:30:11 | 000,000,000 | ---D | C] -- C:\Program Files\Research In Motion
[2013/04/10 22:30:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Research In Motion
[2013/03/29 19:31:55 | 000,000,000 | ---D | C] -- C:\WorkFiles
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/04/14 10:29:47 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2013/04/14 10:17:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/04/14 10:17:36 | 2146,508,800 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/13 23:49:35 | 008,861,975 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\Document.rtf
[2013/04/13 13:04:27 | 000,290,088 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/04/13 10:05:45 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/04/13 09:22:51 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-484061587-839522115-1005UA.job
[2013/04/13 09:22:51 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-484061587-839522115-1005Core.job
[2013/04/13 09:22:50 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-484061587-839522115-1003UA.job
[2013/04/13 09:22:50 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-484061587-839522115-1003Core.job
[2013/04/13 00:20:54 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/04/13 00:13:35 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/12 12:14:39 | 000,475,136 | ---- | M] (Technology Inc.) -- C:\Documents and Settings\Admin\Application Data\rfxdpc.dll
[2013/04/12 12:14:27 | 000,753,664 | ---- | M] (Graphics Co., Ltd.) -- C:\Documents and Settings\Admin\Application Data\tdvnr.dll
[2013/04/12 11:49:48 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.4.1.lnk
[2013/04/12 11:32:33 | 000,000,718 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\Shortcut to Downloads.lnk
[2013/04/12 02:55:11 | 000,000,947 | ---- | M] () -- C:\Documents and Settings\Admin\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2013/04/10 22:36:12 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_RimUsb_01007.Wdf
[2013/04/10 22:32:53 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_RimSerial_01007.Wdf
[2013/04/10 22:32:50 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2013/04/10 22:31:33 | 000,001,956 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\BlackBerry Desktop Software.lnk
[2013/04/10 21:03:23 | 000,002,302 | ---- | M] () -- C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/04/10 21:03:23 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\Google Chrome.lnk
[2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/04/13 23:49:34 | 008,861,975 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\Document.rtf
[2013/04/13 19:31:34 | 2146,508,800 | -HS- | C] () -- C:\hiberfil.sys
[2013/04/12 11:49:48 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.4.1.lnk
[2013/04/12 11:32:33 | 000,000,718 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\Shortcut to Downloads.lnk
[2013/04/12 02:55:11 | 000,000,947 | ---- | C] () -- C:\Documents and Settings\Admin\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2013/04/10 22:36:12 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_RimUsb_01007.Wdf
[2013/04/10 22:32:53 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_RimSerial_01007.Wdf
[2013/04/10 22:32:50 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2013/04/10 22:31:33 | 000,001,956 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\BlackBerry Desktop Software.lnk
[2013/03/17 20:02:22 | 001,024,166 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1482476501-484061587-839522115-1003-0.dat
[2013/03/09 18:02:11 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddcomc.dll
[2013/03/09 15:46:27 | 000,490,097 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1482476501-484061587-839522115-1005-0.dat
[2013/03/09 15:46:21 | 000,234,890 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2013/03/09 13:42:46 | 000,000,590 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
[2013/03/09 12:00:47 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxddvs.dll
[2013/03/09 12:00:44 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\lxddcoin.dll
[2013/03/09 11:59:55 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxdddrs.dll
[2013/03/09 11:59:55 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxddcaps.dll
[2013/03/09 11:59:53 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxddcnv4.dll
[2013/03/09 11:58:51 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\LXF3PMON.DLL
[2013/03/09 11:58:51 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXF3FXPU.DLL
[2013/03/09 11:58:31 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\lxf3oem.dll
[2013/03/09 11:56:41 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\lxddrwrd.ini
[2013/03/09 11:55:46 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\LXDDinst.dll
[2013/03/09 11:55:45 | 000,999,424 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddusb1.dll
[2013/03/09 11:55:45 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddinpa.dll
[2013/03/09 11:55:45 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddiesc.dll
[2013/03/09 11:55:45 | 000,323,584 | ---- | C] ( ) -- C:\WINDOWS\System32\LXDDhcp.dll
[2013/03/09 11:55:44 | 001,232,896 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddserv.dll
[2013/03/09 11:55:44 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddpmui.dll
[2013/03/09 11:55:44 | 000,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddlmpm.dll
[2013/03/09 11:55:44 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddprox.dll
[2013/03/09 11:55:44 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddpplc.dll
[2013/03/09 11:55:43 | 000,700,416 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddhbn3.dll
[2013/03/09 11:55:43 | 000,385,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddih.exe
[2013/03/09 11:55:42 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxddgrd.dll
[2013/03/09 11:55:40 | 000,537,520 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddcoms.exe
[2013/03/09 11:55:39 | 000,425,984 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddcomm.dll
[2013/03/09 11:55:38 | 000,394,160 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddcfg.exe
[2012/08/11 23:04:03 | 000,088,688 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2012/02/23 22:07:35 | 000,577,536 | ---- | C] () -- C:\WINDOWS\System32\ChilkatCsv.dll
[2012/02/16 00:17:52 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/12/18 00:21:01 | 000,000,193 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2011/10/15 20:57:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/10/06 23:16:36 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\jspWin.dll
[2011/08/23 20:15:11 | 000,001,571 | ---- | C] () -- C:\WINDOWS\Faxcpp1.ini
[2011/08/23 20:15:11 | 000,000,422 | ---- | C] () -- C:\WINDOWS\Faxcpp.ini
[2011/08/23 20:14:44 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\Png32.dll
[2011/08/23 20:14:44 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\Tga32.dll
[2011/08/23 20:14:44 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\Twscan32.dll
[2011/08/23 20:14:43 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\Image32.dll
[2011/08/23 20:14:43 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
[2011/08/23 20:14:43 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Pcx32.dll
[2011/04/23 10:36:08 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\LXF3PMRC.DLL
[2010/01/24 20:26:50 | 000,001,427 | ---- | C] () -- C:\Documents and Settings\All Users\lxdd

========== ZeroAccess Check ==========

[2009/12/22 22:22:48 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\System32\shdocvw.dll -- [2008/04/13 19:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/03/10 23:34:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Garmin
[2012/05/13 09:06:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\gsak
[2013/03/09 18:08:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Lexmark Productivity Studio
[2012/07/08 11:23:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\OpenOffice.org
[2013/04/06 13:38:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BayerLogs
[2010/04/24 11:28:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software
[2013/01/01 13:01:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2011/08/03 07:56:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2013/03/09 12:31:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LxThumbs
[2010/04/24 11:23:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Network Associates
[2013/04/10 22:31:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2010/04/24 13:28:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Riverdeep Interactive Learning Limited
[2011/12/18 00:32:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Soluto
[2010/05/30 18:51:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

========== Purity Check ==========

< End of report >

#2
Buddierdl

Posted 14 April 2013 - 10:55 AM

Trusted Helper

Malware Removal
2,524 posts

Hello and welcome to Geeks to Go. I am sorry that you are having troubles with your computer and will try my best to help you. I know that being infected is very frustrating, but I will be here to help you through the whole process of cleaning. Removing malware can be difficult and complicated and will most likely take many steps, so please stick with me until I have declared your computer clean. I always recommend printing my instructions before following them in case you cannot keep this webpage open. Please be sure to alway follow all steps exactly as they are written and let me know what happens each time. Stop and ask if something unexpected happens or if you are unsure of how to proceed.

Please respect my volunteered time and stay with me until I declare your computer clean. If you are going to be delayed for a while, please let me know.

I am currently reviewing your log and will post some instructions soon.

#3
Buddierdl

Posted 14 April 2013 - 11:15 AM

Trusted Helper

Malware Removal
2,524 posts

Hi SFAdad,

Let's see if this get's rid of it.

Step 1: Run OTL fix.

Please be aware that this fix will delete your temporary files. If the virus has "hidden" any of your files, please do not run the fix, but stop and let me know.

Start OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:Commands
[createrestorepoint]

:OTL
O2 - BHO: (no name) - {7736C7FA-512D-11E2-B871-DEC36088709B} - No CLSID value found.

O4 - HKLM..\Run: [rfxdpc] C:\Documents and Settings\Admin\Application Data\rfxdpc.dll (Technology Inc.)
O4 - HKLM..\Run: [tdvnr] C:\Documents and Settings\Admin\Application Data\tdvnr.dll (Graphics Co., Ltd.)

:Commands
[emptytemp]

Then click the Run Fix button at the top
Let the program run unhindered.
Post the log it produces in your next reply.

Step 2: Run adwCleaner.

Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete

Posted Image

Once done it will ask to reboot, allow this
On reboot a log will be produced at C:\ADWCleaner[XX].txt please attach that

Step 3: Run aswMBR.

Download aswMBR.exe to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

Things I need in your next reply:

OTL fix log
adwCleaner log
aswMBR log
How is your computer running now? Any more alerts?

#4
SFAdad

Posted 14 April 2013 - 11:24 AM

Member

Topic Starter
Member
47 posts

Thanks. I'll get started right away.

#5
SFAdad

Posted 14 April 2013 - 12:29 PM

Member

Topic Starter
Member
47 posts

System seems fine now except for a RunDLL error that comes up when I reboot. Error Loading: C:\Documents and Settings\Admin\Application Data\tdunr.dll
Other than that I'm not getting anymore alerts and when I check Windows Task Manager I don't see any instances of IE running in the background.

OTL fix log - Posted below
adwCleaner log - attached
aswMBR log - posted below

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7736C7FA-512D-11E2-B871-DEC36088709B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7736C7FA-512D-11E2-B871-DEC36088709B}\ not found.
Registry key HKEY_USERS\S-1-5-21-1482476501-484061587-839522115-1003\SOFTWARE\Classes\CLSID\{7736C7FA-512D-11E2-B871-DEC36088709B}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\rfxdpc deleted successfully.
C:\Documents and Settings\Admin\Application Data\rfxdpc.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tdvnr deleted successfully.
C:\Documents and Settings\Admin\Application Data\tdvnr.dll moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Admin
->Temp folder emptied: 39621749 bytes
->Temporary Internet Files folder emptied: 692809 bytes
->Java cache emptied: 47009 bytes
->Google Chrome cache emptied: 28845486 bytes
->Flash cache emptied: 59350 bytes

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 469 bytes
->Flash cache emptied: 56478 bytes

User: LocalService
->Temp folder emptied: 480 bytes
->Temporary Internet Files folder emptied: 33237 bytes

User: Michael
->Temp folder emptied: 800356 bytes
->Temporary Internet Files folder emptied: 721458 bytes
->Java cache emptied: 683591 bytes
->Google Chrome cache emptied: 18716899 bytes
->Flash cache emptied: 523 bytes

User: NetworkService
->Temp folder emptied: 160266 bytes
->Temporary Internet Files folder emptied: 33237 bytes

User: TEMP
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 21954560 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 221654 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 133973376 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 592 bytes
RecycleBin emptied: 780 bytes

Total Files Cleaned = 235.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 04142013_124140

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Admin\Local Settings\Temp\~DF5603.tmp not found!
File\Folder C:\Documents and Settings\Admin\Local Settings\Temp\~DF5617.tmp not found!
File\Folder C:\Documents and Settings\Admin\Local Settings\Temp\~DF5AC5.tmp not found!
File\Folder C:\Documents and Settings\Admin\Local Settings\Temp\~DF5C8D.tmp not found!
File\Folder C:\Documents and Settings\Admin\Local Settings\Temp\~DF61A6.tmp not found!
File\Folder C:\Documents and Settings\Admin\Local Settings\Temp\~DF61B2.tmp not found!
C:\Documents and Settings\Michael\Local Settings\Temp\ANTAgent\2.3.4\Debug.log moved successfully.
File\Folder C:\Documents and Settings\Michael\Local Settings\Temp\~DF8AD8.tmp not found!
File\Folder C:\Documents and Settings\Michael\Local Settings\Temp\~DF8AE4.tmp not found!
File\Folder C:\Documents and Settings\Michael\Local Settings\Temp\~DF8B68.tmp not found!
File\Folder C:\Documents and Settings\Michael\Local Settings\Temp\~DF8B78.tmp not found!
File\Folder C:\Documents and Settings\Michael\Local Settings\Temp\~DF8C79.tmp not found!
File\Folder C:\Documents and Settings\Michael\Local Settings\Temp\~DF8CAF.tmp not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-04-14 13:00:04
-----------------------------
13:00:04.328 OS Version: Windows 5.1.2600 Service Pack 3
13:00:04.328 Number of processors: 1 586 0x207
13:00:04.328 ComputerName: MICHAEL-02YGOYZ UserName: Admin
13:00:05.500 Initialize success
13:00:24.953 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
13:00:24.953 Disk 0 Vendor: IC35L060AVV207-0 V22OA66A Size: 57220MB BusType: 3
13:00:25.062 Disk 0 MBR read successfully
13:00:25.062 Disk 0 MBR scan
13:00:25.062 Disk 0 Windows XP default MBR code
13:00:25.062 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 57207 MB offset 63
13:00:25.062 Disk 0 scanning sectors +117162045
13:00:25.156 Disk 0 scanning C:\WINDOWS\system32\drivers
13:00:44.703 Service scanning
13:00:56.375 Service MpKsla797fb41 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3B42B84F-B9B7-4B35-B0B9-53CF12561653}\MpKsla797fb41.sys **LOCKED** 32
13:01:08.765 Modules scanning
13:01:18.250 Disk 0 trace - called modules:
13:01:18.281 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
13:01:18.281 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89bd0ab8]
13:01:18.281 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x89c19d98]
13:01:18.281 Scan finished successfully
13:01:55.140 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Admin\Desktop\MBR.dat"
13:01:55.171 The log file has been saved successfully to "C:\Documents and Settings\Admin\Desktop\aswMBR.txt"

Attached Files

AdwCleanerS1.txt 1.06KB 87 downloads

#6
SFAdad

Posted 14 April 2013 - 12:36 PM

Member

Topic Starter
Member
47 posts

[quote name='SFAdad' timestamp='1365964142' post='2284894']
System seems fine now except for a RunDLL error that comes up when I reboot. Error Loading: C:\Documents and Settings\Admin\Application Data\tdunr.dll
Other than that I'm not getting anymore alerts and when I check Windows Task Manager I don't see any instances of IE running in the background.

Correction to the error it should be "tdvnr.dll"

#7
Buddierdl

Posted 14 April 2013 - 12:43 PM

Trusted Helper

Malware Removal
2,524 posts

Hi SFAdad,

Open OTL again, click "Quick Scan" and post a new log for me.

#8
SFAdad

Posted 14 April 2013 - 12:59 PM

Member

Topic Starter
Member
47 posts

OTL quick scan log below

OTL logfile created on: 4/14/2013 1:48:27 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Admin\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.67 Gb Available Physical Memory | 83.42% Memory free
3.81 Gb Paging File | 3.54 Gb Available in Paging File | 92.98% Paging File free
Paging file location(s): C:\pagefile.sys 2000 3100 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.87 Gb Total Space | 15.98 Gb Free Space | 28.60% Space Free | Partition Type: NTFS

Computer Name: MICHAEL-02YGOYZ | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/04/13 21:58:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe
PRC - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/01/27 11:11:06 | 000,947,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2013/01/18 17:10:18 | 000,577,536 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
PRC - [2013/01/17 16:08:26 | 000,267,792 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2012/10/30 22:04:30 | 000,134,584 | ---- | M] (Bayer Healthcare LLC) -- C:\Program Files\Bayer HealthCare SmartLaunch\bin\BayerHCService.exe
PRC - [2012/08/23 13:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/11 20:27:24 | 000,291,760 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\lxddmon.exe
PRC - [2007/05/25 10:41:38 | 000,537,520 | ---- | M] ( ) -- C:\WINDOWS\system32\lxddcoms.exe
PRC - [2007/04/30 09:19:54 | 000,020,480 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\lxddamon.exe

========== Modules (No Company Name) ==========

MOD - [2013/03/10 20:23:09 | 000,221,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\e534d8e15df8611bc3174e5f2377a093\System.ServiceProcess.ni.dll
MOD - [2013/03/10 20:17:02 | 000,762,368 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\569d22d5591f3d2d35bc64437011e919\System.Runtime.Remoting.ni.dll
MOD - [2013/03/10 20:16:56 | 000,786,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\578e2c661908dea0af10151bc199f347\System.EnterpriseServices.ni.dll
MOD - [2013/03/10 20:16:54 | 000,646,656 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\6e903ce8719e50acd783f8726b11249f\System.Transactions.ni.dll
MOD - [2013/03/10 20:06:19 | 013,198,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\de3e6b59e3949f8086973d53518a9ecb\System.Windows.Forms.ni.dll
MOD - [2013/03/10 20:05:17 | 006,798,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\9a75548aa508a2645318308885b3eee0\System.Data.ni.dll
MOD - [2013/03/10 20:05:05 | 001,667,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\8ba0620535aa28d509b9397500b7d530\System.Drawing.ni.dll
MOD - [2013/03/10 20:04:03 | 000,980,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\197761bb3230bf9d4f540305dcf6717c\System.Configuration.ni.dll
MOD - [2013/03/10 20:03:49 | 007,053,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\a0db56351a1589e44868456609b01737\System.Core.ni.dll
MOD - [2013/03/10 20:03:30 | 005,618,176 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\3d6d9da56c9f607615b55d6742d8427d\System.Xml.ni.dll
MOD - [2013/03/10 20:03:18 | 009,093,120 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\c182d7a0bd88caf2cddccb7491a5fa6e\System.ni.dll
MOD - [2013/03/10 20:03:03 | 014,412,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll
MOD - [2012/07/31 11:33:30 | 000,088,688 | ---- | M] () -- C:\WINDOWS\system32\cpwmon2k.dll
MOD - [2011/10/13 21:31:06 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\36bf3d5f05a40c9e3cadca5789c8a469\System.Runtime.Remoting.ni.dll
MOD - [2011/10/13 21:30:55 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll
MOD - [2011/10/13 21:28:28 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
MOD - [2011/10/13 21:28:20 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll
MOD - [2011/10/13 21:28:00 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll
MOD - [2011/10/13 21:25:56 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2011/10/13 21:25:38 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2007/06/11 20:27:24 | 000,291,760 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\lxddmon.exe
MOD - [2007/05/30 06:12:16 | 000,040,960 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\App4R.Monitor.Core.dll
MOD - [2007/05/30 06:12:16 | 000,028,672 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\App4R.Monitor.Common.dll
MOD - [2007/05/30 06:11:22 | 000,057,344 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\App4R.DevMons.MCMDevMon.dll
MOD - [2007/04/30 09:20:26 | 000,011,776 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\App4R.DevMons.MCMDevMon.AutoPlayUtil.dll
MOD - [2007/04/30 09:19:54 | 000,020,480 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\lxddamon.exe
MOD - [2007/04/30 09:19:52 | 000,020,480 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\App4R.DevMons.ScanDevMon.dll
MOD - [2007/04/30 09:19:48 | 000,020,480 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\App4R.DevMons.NetworkCardDevMon.dll
MOD - [2007/03/06 09:16:48 | 000,589,824 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\lxdddatr.dll
MOD - [2007/02/26 23:16:25 | 000,103,936 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxdddrpp.dll
MOD - [2007/02/21 18:14:15 | 000,012,288 | ---- | M] () -- C:\WINDOWS\system32\LXF3PMRC.DLL
MOD - [2007/02/21 18:11:50 | 000,045,056 | ---- | M] () -- C:\WINDOWS\system32\LXF3PMON.DLL
MOD - [2007/02/21 18:08:56 | 000,032,768 | ---- | M] () -- C:\Program Files\Lexmark Fax Solutions\ipcmt.dll
MOD - [2007/01/23 20:40:04 | 000,065,536 | ---- | M] () -- C:\WINDOWS\system32\lxddcaps.dll
MOD - [2007/01/09 18:13:08 | 000,692,224 | ---- | M] () -- C:\WINDOWS\system32\lxdddrs.dll
MOD - [2007/01/09 18:10:06 | 000,278,528 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\lxddscw.dll
MOD - [2006/11/07 05:02:18 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\lxf3oem.dll
MOD - [2006/10/06 12:08:04 | 000,069,632 | ---- | M] () -- C:\WINDOWS\system32\lxddcnv4.dll

========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/01/18 17:10:18 | 000,577,536 | ---- | M] (Research In Motion Limited) [On_Demand | Running] -- C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe -- (Blackberry Device Manager)
SRV - [2012/10/30 22:04:30 | 000,134,584 | ---- | M] (Bayer Healthcare LLC) [Auto | Running] -- C:\Program Files\Bayer HealthCare SmartLaunch\bin\BayerHCService.exe -- (BayerHealthcareService)
SRV - [2012/08/23 13:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2011/10/14 01:01:50 | 000,994,360 | ---- | M] (Secunia) [On_Demand | Stopped] -- C:\Program Files\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2010/08/23 20:21:40 | 000,007,692 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/09/23 14:38:18 | 000,935,208 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2007/05/25 10:41:38 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\system32\lxddcoms.exe -- (lxdd_device)
SRV - [2007/05/25 04:41:53 | 000,099,248 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe -- (lxddCATSCustConnectService)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Drivers\REGHOOK.SYS -- (REGHOOK)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\Admin\LOCALS~1\Temp\aswMBR.sys -- (aswMBR)
DRV - [2013/04/14 13:00:05 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3B42B84F-B9B7-4B35-B0B9-53CF12561653}\MpKsla797fb41.sys -- (MpKsla797fb41)
DRV - [2010/09/01 03:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2009/07/07 10:53:04 | 000,028,160 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\libusb0.sys -- (libusb0)
DRV - [2008/07/16 12:10:54 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2004/06/28 11:08:56 | 000,042,752 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2001/08/22 10:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (OMCI)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 09 F4 78 DB 9E 37 CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage:
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\26.0.1410.64\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

O1 HOSTS File: ([2011/12/14 20:56:38 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O4 - HKLM..\Run: [lxddamon] C:\Program Files\Lexmark 2500 Series\lxddamon.exe ()
O4 - HKLM..\Run: [lxddmon.exe] C:\Program Files\Lexmark 2500 Series\lxddmon.exe ()
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [tdvnr] "C:\WINDOWS\system32\rundll32.exe" "C:\Documents and Settings\Admin\Application Data\tdvnr.dll",set_read_fn File not found
O4 - HKCU..\Run: [ANT Agent] C:\Program Files\Garmin\ANT Agent\ANT Agent.exe (GARMIN Corp.)
O4 - Startup: C:\Documents and Settings\Admin\Start Menu\Programs\Startup\AutorunsDisabled [2013/04/13 09:21:18 | 000,000,000 | -H-D | M]
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108839
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell....iler/SysPro.CAB (Reg Error: Key error.)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase6796.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1254629116874 (WUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://svwmi.worldm...perSetupSP1.cab (JuniperSetupSP1 Control)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://svwmi.worldm...SetupClient.cab (JuniperSetupClientControl Class)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.113.206.10 24.217.0.5 71.92.29.130
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{10BB0582-5BA9-457E-91B0-E2284D6D28AB}: DhcpNameServer = 68.113.206.10 24.217.0.5 71.92.29.130
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/09/27 21:05:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/04/14 12:41:40 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/04/14 12:33:25 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Admin\Desktop\aswMBR.exe
[2013/04/13 21:58:02 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe
[2013/04/13 09:21:18 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Admin\Start Menu\Programs\Startup\AutorunsDisabled
[2013/04/12 11:49:48 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\OpenOffice.org 3.4.1
[2013/04/12 11:46:55 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
[2013/04/12 11:43:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Desktop\OpenOffice.org 3.4.1 (en-US) Installation Files
[2013/04/12 11:32:58 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Admin\My Documents\My Videos
[2013/04/12 11:32:58 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Admin\Start Menu\Programs\Administrative Tools
[2013/04/12 02:55:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\My Documents\OneNote Notebooks
[2013/04/12 02:50:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office
[2013/04/12 02:48:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2013/04/12 02:47:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2013/04/12 02:46:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2013/04/12 02:43:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2013/04/12 02:42:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft Help
[2013/04/12 02:40:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2013/04/12 02:40:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2013/04/12 02:38:24 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2013/04/12 01:29:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Tracing
[2013/04/12 01:29:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft
[2013/04/12 01:26:49 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2013/04/12 01:26:33 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2013/04/12 01:26:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Live
[2013/04/12 01:26:02 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2013/04/12 01:21:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2013/04/10 22:31:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\BlackBerry
[2013/04/10 22:31:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2013/04/10 22:30:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\XCPCSync.OEM
[2013/04/10 22:30:11 | 000,000,000 | ---D | C] -- C:\Program Files\Research In Motion
[2013/04/10 22:30:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Research In Motion
[2013/03/29 19:31:55 | 000,000,000 | ---D | C] -- C:\WorkFiles

========== Files - Modified Within 30 Days ==========

[2013/04/14 13:04:54 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2013/04/14 13:03:49 | 000,000,153 | ---- | M] () -- C:\Documents and Settings\Admin\Application Data\default.rss
[2013/04/14 13:03:48 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2013/04/14 13:01:55 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\MBR.dat
[2013/04/14 12:54:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/04/14 12:54:33 | 2146,508,800 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/14 12:34:55 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Admin\Desktop\aswMBR.exe
[2013/04/14 12:33:24 | 000,613,083 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\adwcleaner.exe
[2013/04/13 23:49:35 | 008,861,975 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\Document.rtf
[2013/04/13 21:58:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe
[2013/04/13 13:04:27 | 000,290,088 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/04/13 10:05:45 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/04/13 09:22:51 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-484061587-839522115-1005UA.job
[2013/04/13 09:22:51 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-484061587-839522115-1005Core.job
[2013/04/13 09:22:50 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-484061587-839522115-1003UA.job
[2013/04/13 09:22:50 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-484061587-839522115-1003Core.job
[2013/04/13 00:20:54 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/04/13 00:13:35 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/12 11:49:48 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.4.1.lnk
[2013/04/12 11:32:33 | 000,000,718 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\Shortcut to Downloads.lnk
[2013/04/12 02:55:11 | 000,000,947 | ---- | M] () -- C:\Documents and Settings\Admin\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2013/04/10 22:36:12 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_RimUsb_01007.Wdf
[2013/04/10 22:32:53 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_RimSerial_01007.Wdf
[2013/04/10 22:32:50 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2013/04/10 22:31:33 | 000,001,956 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\BlackBerry Desktop Software.lnk
[2013/04/10 21:03:23 | 000,002,302 | ---- | M] () -- C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/04/10 21:03:23 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\Google Chrome.lnk
[2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2013/04/14 13:03:49 | 000,000,153 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\default.rss
[2013/04/14 13:01:55 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\MBR.dat
[2013/04/14 12:32:59 | 000,613,083 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\adwcleaner.exe
[2013/04/13 23:49:34 | 008,861,975 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\Document.rtf
[2013/04/13 19:31:34 | 2146,508,800 | -HS- | C] () -- C:\hiberfil.sys
[2013/04/12 11:49:48 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.4.1.lnk
[2013/04/12 11:32:33 | 000,000,718 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\Shortcut to Downloads.lnk
[2013/04/12 02:55:11 | 000,000,947 | ---- | C] () -- C:\Documents and Settings\Admin\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2013/04/10 22:36:12 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_RimUsb_01007.Wdf
[2013/04/10 22:32:53 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_RimSerial_01007.Wdf
[2013/04/10 22:32:50 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2013/04/10 22:31:33 | 000,001,956 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\BlackBerry Desktop Software.lnk
[2013/03/17 20:02:22 | 001,024,166 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1482476501-484061587-839522115-1003-0.dat
[2013/03/09 18:02:11 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddcomc.dll
[2013/03/09 15:46:27 | 000,490,097 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1482476501-484061587-839522115-1005-0.dat
[2013/03/09 15:46:21 | 000,234,890 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2013/03/09 13:42:46 | 000,000,590 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
[2013/03/09 12:00:47 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxddvs.dll
[2013/03/09 12:00:44 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\lxddcoin.dll
[2013/03/09 11:59:55 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxdddrs.dll
[2013/03/09 11:59:55 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxddcaps.dll
[2013/03/09 11:59:53 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxddcnv4.dll
[2013/03/09 11:58:51 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\LXF3PMON.DLL
[2013/03/09 11:58:51 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXF3FXPU.DLL
[2013/03/09 11:58:31 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\lxf3oem.dll
[2013/03/09 11:56:41 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\lxddrwrd.ini
[2013/03/09 11:55:46 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\LXDDinst.dll
[2013/03/09 11:55:45 | 000,999,424 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddusb1.dll
[2013/03/09 11:55:45 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddinpa.dll
[2013/03/09 11:55:45 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddiesc.dll
[2013/03/09 11:55:45 | 000,323,584 | ---- | C] ( ) -- C:\WINDOWS\System32\LXDDhcp.dll
[2013/03/09 11:55:44 | 001,232,896 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddserv.dll
[2013/03/09 11:55:44 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddpmui.dll
[2013/03/09 11:55:44 | 000,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddlmpm.dll
[2013/03/09 11:55:44 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddprox.dll
[2013/03/09 11:55:44 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddpplc.dll
[2013/03/09 11:55:43 | 000,700,416 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddhbn3.dll
[2013/03/09 11:55:43 | 000,385,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddih.exe
[2013/03/09 11:55:42 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxddgrd.dll
[2013/03/09 11:55:40 | 000,537,520 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddcoms.exe
[2013/03/09 11:55:39 | 000,425,984 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddcomm.dll
[2013/03/09 11:55:38 | 000,394,160 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddcfg.exe
[2012/08/11 23:04:03 | 000,088,688 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2012/02/23 22:07:35 | 000,577,536 | ---- | C] () -- C:\WINDOWS\System32\ChilkatCsv.dll
[2012/02/16 00:17:52 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/12/18 00:21:01 | 000,000,193 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2011/10/15 20:57:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/10/06 23:16:36 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\jspWin.dll
[2011/08/23 20:15:11 | 000,001,571 | ---- | C] () -- C:\WINDOWS\Faxcpp1.ini
[2011/08/23 20:15:11 | 000,000,422 | ---- | C] () -- C:\WINDOWS\Faxcpp.ini
[2011/08/23 20:14:44 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\Png32.dll
[2011/08/23 20:14:44 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\Tga32.dll
[2011/08/23 20:14:44 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\Twscan32.dll
[2011/08/23 20:14:43 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\Image32.dll
[2011/08/23 20:14:43 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
[2011/08/23 20:14:43 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Pcx32.dll
[2011/04/23 10:36:08 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\LXF3PMRC.DLL
[2010/01/24 20:26:50 | 000,001,427 | ---- | C] () -- C:\Documents and Settings\All Users\lxdd

========== ZeroAccess Check ==========

[2009/12/22 22:22:48 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\System32\shdocvw.dll -- [2008/04/13 19:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/03/10 23:34:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Garmin
[2012/05/13 09:06:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\gsak
[2013/03/09 18:08:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Lexmark Productivity Studio
[2012/07/08 11:23:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\OpenOffice.org
[2013/04/06 13:38:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BayerLogs
[2010/04/24 11:28:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software
[2013/01/01 13:01:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2011/08/03 07:56:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2013/03/09 12:31:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LxThumbs
[2010/04/24 11:23:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Network Associates
[2013/04/10 22:31:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2010/04/24 13:28:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Riverdeep Interactive Learning Limited
[2011/12/18 00:32:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Soluto
[2010/05/30 18:51:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

========== Purity Check ==========

< End of report >

#9
Buddierdl

Posted 15 April 2013 - 06:47 AM

Trusted Helper

Malware Removal
2,524 posts

Hi SFAdad,

This should get rid of the error.

Start OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
O4 - HKLM..\Run: [tdvnr] "C:\WINDOWS\system32\rundll32.exe" "C:\Documents and Settings\Admin\Application Data\tdvnr.dll",set_read_fn File not found

Then click the Run Fix button at the top
Let the program run unhindered.
Post the log it produces in your next reply. The log should be saved in C:\_OTL\MovedFiles and should be named with numbers describing the date and time it was run.

Let me know if it works, and also run a MBAM quick scan and post the log.

#10
SFAdad

Posted 15 April 2013 - 07:03 AM

Member

Topic Starter
Member
47 posts

Good morning,
I've run the fix and will start Malwarebytes now and let it run.

I'll post the log tonight when I get home from work.

Thanks for your help so far.

========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tdvnr deleted successfully.

OTL by OldTimer - Version 3.2.69.0 log created on 04152013_080056

#11
SFAdad

Posted 15 April 2013 - 05:58 PM

Member

Topic Starter
Member
47 posts

Hi Buddierdl:

MBAM log below.

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.04.13.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Admin :: MICHAEL-02YGOYZ [administrator]

4/15/2013 8:06:24 AM
mbam-log-2013-04-15 (08-06-24).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 273252
Time elapsed: 9 minute(s), 54 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#12
Buddierdl

Posted 15 April 2013 - 06:33 PM

Trusted Helper

Malware Removal
2,524 posts

Any more problems?

#13
SFAdad

Posted 15 April 2013 - 10:48 PM

Member

Topic Starter
Member
47 posts

No problems. Everything seems to be working great. Thanks for the help!!

#14
Buddierdl

Posted 16 April 2013 - 06:34 AM

Trusted Helper

Malware Removal
2,524 posts

Let's run this program to make sure your computer is updated against further infection, then we can clean up our tools.

Download Security Check by screen317 from here or here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

#15
SFAdad

Posted 16 April 2013 - 05:30 PM

Member

Topic Starter
Member
47 posts

Here you go.

Results of screen317's Security Check version 0.99.62
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Secunia PSI (2.0.0.4003)
Malwarebytes Anti-Malware version 1.75.0.1300
Java™ 6 Update 33
Java version out of Date!
Adobe Flash Player 11.1.102.55
Adobe Reader 10.1.3 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 10%
````````````````````End of Log``````````````````````