Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Gmer scan not completing

Started by brodigan , Oct 19 2010 10:37 AM

Please log in to reply

#1
brodigan

Posted 19 October 2010 - 10:37 AM

Member

Member
73 posts

Hi,

I'm having difficulty running the Gmer scan on my Pc. I have completed the first steps in the guide but when I try to run Gmer it stalls my computer. I let it run for 2 days and then cannot save the results. The results seemed to have shown 3 detections.
I have installed the Microsoft Security Essentials.

Please advise on my next steps.

Here is the MBAM scan results.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4882

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

19/10/2010 17:34:14
mbam-log-2010-10-19 (17-34-14).txt

Scan type: Quick scan
Objects scanned: 163045
Time elapsed: 13 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#2
RKinner

Posted 23 October 2010 - 05:08 PM

Malware Expert

Expert
24,625 posts

Just skip GMER for now. See if you can do OTL that's the one I really need.

Ron

#3
brodigan

Posted 24 October 2010 - 06:29 AM

Member

Topic Starter
Member
73 posts

OTL scan results;

OTL logfile created on: 24/10/2010 13:19:38 - Run 1
OTL by OldTimer - Version 3.2.17.0 Folder = C:\Documents and Settings\Maureen\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

375.00 Mb Total Physical Memory | 85.00 Mb Available Physical Memory | 23.00% Memory free
787.00 Mb Paging File | 340.00 Mb Available in Paging File | 43.00% Paging File free
Paging file location(s): C:\pagefile.sys 372 744 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 52.76 Gb Free Space | 70.79% Space Free | Partition Type: NTFS

Computer Name: YOUR-E641889C92 | User Name: Maureen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/10/24 13:18:07 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Maureen\Desktop\OTL.exe
PRC - [2010/09/15 04:34:02 | 001,094,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2010/04/11 10:40:05 | 000,307,672 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/25 04:28:02 | 000,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
PRC - [2007/03/12 18:36:36 | 000,288,304 | ---- | M] (ACD Systems, Ltd.) -- C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
PRC - [2005/10/28 15:12:04 | 000,155,648 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
PRC - [2005/06/02 16:54:34 | 000,086,606 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2004/07/06 09:05:48 | 002,550,272 | ---- | M] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXE
PRC - [2004/07/02 02:58:14 | 000,073,728 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2004/05/18 01:30:04 | 000,543,232 | ---- | M] () -- C:\WINDOWS\zHotkey.exe
PRC - [2004/03/11 22:18:54 | 000,135,168 | ---- | M] (Alcor Micro, Corp.) -- C:\Program Files\Digital Media Reader\shwiconEM.exe
PRC - [2004/03/01 05:20:20 | 000,045,056 | ---- | M] ( ) -- C:\WINDOWS\system32\slserv.exe
PRC - [2003/08/19 16:00:40 | 000,053,248 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
PRC - [2003/08/19 15:43:48 | 000,057,344 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe

========== Modules (SafeList) ==========

MOD - [2010/10/24 13:18:07 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Maureen\Desktop\OTL.exe
MOD - [2010/08/23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2005/06/02 16:54:34 | 000,086,606 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2004/03/01 05:20:20 | 000,045,056 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\slserv.exe -- (SLService)
SRV - [2002/07/23 06:45:12 | 000,065,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\sunkfiltp.sys -- (Sunkfiltp)
DRV - [2004/09/30 01:27:00 | 000,016,880 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctpdusb.sys -- (Jukebox3)
DRV - [2004/09/02 03:57:21 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2004/07/07 07:59:44 | 002,185,408 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2004/04/12 01:35:22 | 001,301,080 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mtlstrm.sys -- (Mtlstrm)
DRV - [2004/04/11 13:42:56 | 000,095,800 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slnthal.sys -- (SlNtHal)
DRV - [2004/04/11 13:40:38 | 000,635,280 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\slntamr.sys -- (Slntamr)
DRV - [2004/04/02 15:21:52 | 000,013,840 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\RecAgent.sys -- (RecAgent)
DRV - [2004/03/22 18:27:20 | 000,042,936 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Sunkfilt39.sys -- (SunkFilt39)
DRV - [2004/03/22 18:01:38 | 000,040,564 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sunkfilt.sys -- (SunkFilt)
DRV - [2004/03/17 22:12:12 | 000,135,168 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/03/17 22:10:40 | 000,113,664 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004/03/01 04:00:10 | 000,230,584 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mtlmnt5.sys -- (Mtlmnt5)
DRV - [2004/03/01 03:38:52 | 000,180,592 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ntmtlfax.sys -- (NtMtlFax)
DRV - [2004/03/01 03:27:58 | 000,013,248 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\slwdmsup.sys -- (SlWdmSup)
DRV - [2002/08/08 16:51:32 | 000,038,951 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETMDUSB.sys -- (NETMDUSB)
DRV - [2001/08/17 14:46:40 | 000,006,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\enum1394.sys -- (ENUM1394)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6092

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/11 10:40:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/27 19:12:37 | 000,000,000 | ---D | M]

[2009/02/13 23:42:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maureen\Application Data\Mozilla\Extensions
[2010/10/20 17:15:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maureen\Application Data\Mozilla\Firefox\Profiles\c08hsf6b.default\extensions
[2009/08/28 09:36:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Maureen\Application Data\Mozilla\Firefox\Profiles\c08hsf6b.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/01/11 18:48:30 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/02/28 13:48:25 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/02/28 13:48:25 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/02/28 13:48:25 | 000,000,759 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/02/28 13:48:25 | 000,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2004/08/04 13:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [CHotkey] C:\WINDOWS\zHotkey.exe ()
O4 - HKLM..\Run: [Device Detector] File not found
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\Hdaudpropshortcut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [Lexmark X1100 Series] C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [Lutoqv] C:\Program Files\Ammpfn\Mmkjuku.exe File not found
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [nv010eig] C:\WINDOWS\System32\nv010eig.exe File not found
O4 - HKLM..\Run: [ODBCJET] C:\WINDOWS\System32\ODBCJET.exe File not found
O4 - HKLM..\Run: [ShowWnd] C:\WINDOWS\ShowWnd.exe ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconEM.exe (Alcor Micro, Corp.)
O4 - HKCU..\Run: [MoneyAgent] C:\Program Files\Microsoft Money\System\mnyexpr.exe (Microsoft Corp.)
O4 - Startup: C:\Documents and Settings\Maureen\Start Menu\Programs\Startup\Cyber-shot Viewer Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\npjpi160_06.dll (Sun Microsystems, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://dl8-cdn-01.su...ows-i586-jc.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O20 - AppInit_DLLs: (cru629.dat??Ð?5.1) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\emachines.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\emachines.bmp
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2190ef84-b93d-11dc-9517-00111186cd49}\Shell - "" = AutoRun
O33 - MountPoints2\{2190ef84-b93d-11dc-9517-00111186cd49}\Shell\Auto\command - "" = I:\Cn911.exe -- File not found
O33 - MountPoints2\{2190ef84-b93d-11dc-9517-00111186cd49}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{79b837a7-0161-11dc-93ff-00111186cd49}\Shell - "" = AutoRun
O33 - MountPoints2\{79b837a7-0161-11dc-93ff-00111186cd49}\Shell\Auto\command - "" = I:\Cn911.exe -- File not found
O33 - MountPoints2\{79b837a7-0161-11dc-93ff-00111186cd49}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.atrac3 - C:\WINDOWS\System32\atrac3.acm (Sony Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: VIDC.ACDV - C:\WINDOWS\System32\ACDV.dll (ACD Systems)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2010/10/24 13:17:54 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Maureen\Desktop\OTL.exe
[2010/10/19 17:19:00 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/10/19 17:18:55 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/10/19 17:18:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/19 17:16:19 | 006,153,384 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Maureen\Desktop\mbam-setup(2).exe
[2010/10/14 13:33:52 | 006,153,384 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Maureen\Desktop\mbam-setup.exe
[2010/10/14 13:31:07 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Maureen\Desktop\erunt-setup.exe
[2010/09/28 23:16:55 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Maureen\PrivacIE
[2010/09/28 15:05:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/09/27 23:33:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/09/27 23:02:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2010/09/27 23:02:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2010/09/27 23:02:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2010/09/27 23:02:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2010/09/27 22:51:29 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2010/09/27 22:51:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\EHome
[2010/09/27 19:07:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/09/27 18:52:59 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Maureen\IETldCache
[2010/09/27 18:25:55 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/09/27 18:07:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Maureen\Application Data\Malwarebytes
[2010/09/27 18:06:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/09/27 18:04:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/09/27 17:54:24 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Maureen\Desktop\TFC.exe
[2004/09/02 11:29:25 | 000,095,800 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slnthal.sys
[2004/09/02 11:29:25 | 000,013,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slwdmsup.sys
[2004/09/02 11:29:24 | 001,301,080 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\mtlstrm.sys
[2004/09/02 11:29:24 | 000,635,280 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slntamr.sys
[2004/09/02 11:29:24 | 000,230,584 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys
[2004/09/02 11:29:24 | 000,180,592 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\ntmtlfax.sys
[2004/09/02 11:29:24 | 000,013,840 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\RecAgent.sys
[2004/09/02 04:38:12 | 000,014,968 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\winddx.sys

========== Files - Modified Within 30 Days ==========

[2010/10/24 13:18:07 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Maureen\Desktop\OTL.exe
[2010/10/24 12:58:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3973658002-517912522-2237625449-1010UA.job
[2010/10/24 04:58:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3973658002-517912522-2237625449-1010Core.job
[2010/10/24 01:45:58 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/10/20 11:01:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/19 17:19:04 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/19 17:17:07 | 006,153,384 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Maureen\Desktop\mbam-setup(2).exe
[2010/10/19 16:49:03 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/14 16:14:31 | 000,285,168 | ---- | M] () -- C:\Documents and Settings\Maureen\Desktop\gmer.zip
[2010/10/14 13:34:58 | 006,153,384 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Maureen\Desktop\mbam-setup.exe
[2010/10/14 13:31:36 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Maureen\Desktop\erunt-setup.exe
[2010/10/14 13:20:55 | 000,272,576 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/14 13:16:02 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/10/14 13:14:36 | 000,000,820 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/10/14 13:02:16 | 000,435,396 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/14 13:02:16 | 000,068,292 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/14 12:29:30 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010/10/14 12:29:29 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/10/14 12:29:03 | 000,002,155 | ---- | M] () -- C:\Documents and Settings\Maureen\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2010/10/13 13:50:00 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Maureen\Desktop\gmer.exe
[2010/09/27 22:55:53 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/09/27 18:53:01 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Maureen\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/09/27 17:58:56 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\Maureen\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/09/27 17:54:25 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Maureen\Desktop\TFC.exe

========== Files Created - No Company Name ==========

[2010/10/19 17:19:04 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/15 12:25:52 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Maureen\Desktop\gmer.exe
[2010/10/14 16:14:18 | 000,285,168 | ---- | C] () -- C:\Documents and Settings\Maureen\Desktop\gmer.zip
[2010/10/14 13:14:35 | 000,000,820 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/10/14 12:29:30 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2010/10/14 12:29:29 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2010/09/27 19:12:25 | 000,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/09/27 17:58:56 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\Maureen\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2008/06/04 15:45:55 | 000,011,464 | ---- | C] () -- C:\Program Files\Common Files\caromutice.vbs
[2008/06/03 21:54:32 | 000,019,357 | ---- | C] () -- C:\Documents and Settings\Maureen\Local Settings\Application Data\ehilecorix.inf
[2008/06/03 21:54:32 | 000,015,515 | ---- | C] () -- C:\Documents and Settings\Maureen\Application Data\emavy._dl
[2008/06/03 21:54:32 | 000,014,754 | ---- | C] () -- C:\WINDOWS\System32\ukinifahyw.sys
[2008/06/03 21:54:32 | 000,014,577 | ---- | C] () -- C:\Program Files\Common Files\sanitebufe._sy
[2008/06/03 21:54:32 | 000,012,591 | ---- | C] () -- C:\Documents and Settings\Maureen\Local Settings\Application Data\agol.reg
[2008/06/03 21:54:32 | 000,012,392 | ---- | C] () -- C:\Program Files\Common Files\uliboli.bat
[2008/06/03 21:54:32 | 000,011,872 | ---- | C] () -- C:\Documents and Settings\Maureen\Application Data\ohexoqac.dat
[2008/06/03 21:54:32 | 000,011,440 | ---- | C] () -- C:\Documents and Settings\Maureen\Local Settings\Application Data\exopepuhez.ban
[2008/05/29 20:45:09 | 000,019,125 | ---- | C] () -- C:\Documents and Settings\Maureen\Local Settings\Application Data\syhexuze.sys
[2008/05/29 20:45:09 | 000,018,526 | ---- | C] () -- C:\Program Files\Common Files\rohyduky.vbs
[2008/05/29 20:45:09 | 000,018,059 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\fypa.vbs
[2008/05/29 20:45:09 | 000,016,355 | ---- | C] () -- C:\Program Files\Common Files\utecymet._dl
[2008/05/29 20:45:09 | 000,014,648 | ---- | C] () -- C:\Documents and Settings\Maureen\Application Data\dufafu.com
[2008/05/29 20:45:09 | 000,014,227 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sisug.lib
[2008/05/29 20:45:09 | 000,014,020 | ---- | C] () -- C:\Documents and Settings\Maureen\Application Data\etihite.pif
[2008/05/29 20:45:09 | 000,012,124 | ---- | C] () -- C:\Documents and Settings\Maureen\Application Data\gitymozoji.lib
[2008/05/29 20:45:09 | 000,011,718 | ---- | C] () -- C:\Documents and Settings\Maureen\Application Data\zokomamyni.scr
[2007/05/13 16:03:52 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\Maureen\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/05/13 15:49:34 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2006/12/28 13:14:05 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2006/11/30 22:05:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2006/10/18 21:18:53 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\PdeSrvps.dll
[2006/04/16 16:45:10 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2006/01/26 13:26:37 | 000,262,416 | ---- | C] () -- C:\WINDOWS\System32\ASFV2.DLL
[2006/01/26 13:24:47 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\TDI-SonyOMG.dll
[2005/04/22 20:54:14 | 000,004,469 | ---- | C] () -- C:\WINDOWS\System32\nv010eig.ini
[2005/04/22 20:54:14 | 000,000,035 | ---- | C] () -- C:\WINDOWS\System32\lp11a51j.ini
[2005/04/22 20:54:14 | 000,000,035 | ---- | C] () -- C:\WINDOWS\System32\i9uuk3km.ini
[2005/03/05 16:22:17 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/02/01 18:06:28 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/01/31 01:03:25 | 000,000,202 | ---- | C] () -- C:\WINDOWS\WORDSTOK.INI
[2005/01/31 00:34:06 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A4W.INI
[2005/01/30 21:41:05 | 000,000,372 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2005/01/29 20:58:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
[2004/09/02 11:29:24 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\slextspk.dll
[2004/09/02 11:29:24 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\SLGen.dll
[2004/09/02 11:29:24 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\coinst.dll
[2004/09/02 11:29:22 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2004/09/02 11:29:02 | 000,001,432 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/09/02 11:29:02 | 000,000,456 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2004/09/02 04:38:12 | 000,528,384 | ---- | C] () -- C:\WINDOWS\System32\SLLights.dll
[2004/09/02 04:38:12 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\amr_cpl.dll
[2004/09/02 04:38:12 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\SLMOHServ.dll
[2004/09/02 04:36:11 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/09/02 04:25:27 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/09/02 03:54:14 | 000,532,544 | ---- | C] () -- C:\WINDOWS\PIC.dll
[2004/09/02 03:54:14 | 000,024,576 | ---- | C] () -- C:\WINDOWS\HKNTDLL.dll
[2004/09/02 03:50:20 | 000,156,160 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2003/08/18 15:46:38 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\LXBKLCNP.DLL
[2002/11/13 20:40:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbkvs.dll
[2002/09/13 16:40:06 | 000,000,266 | ---- | C] () -- C:\WINDOWS\System32\lxbkcoin.ini
[2002/03/21 15:39:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL

========== LOP Check ==========

[2008/10/03 17:29:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2006/01/26 13:38:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2004/09/10 06:28:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/04/18 12:16:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maureen\Application Data\ACD Systems
[2010/06/02 21:35:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maureen\Application Data\alot
[2005/01/29 20:55:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maureen\Application Data\Template
[2010/10/24 01:45:58 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2004/09/20 17:49:30 | 000,000,184 | RHS- | M] () -- C:\boot.ini
[2006/12/28 13:14:12 | 000,001,120 | ---- | M] () -- C:\INSTALL.LOG
[2004/09/02 03:43:09 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2004/09/02 03:43:09 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 20:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/09/27 22:55:53 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/10/24 01:57:15 | 467,664,896 | -HS- | M] () -- C:\pagefile.sys
[2001/05/24 13:59:30 | 000,162,304 | ---- | M] () -- C:\UNWISE.EXE

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2004/09/02 04:35:05 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/09/02 04:35:05 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/09/02 04:35:05 | 000,892,928 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-10-14 13:14:16

< End of report >

#4
brodigan

Posted 24 October 2010 - 06:30 AM

Member

Topic Starter
Member
73 posts

OTL Extras sacn results;

OTL Extras logfile created on: 24/10/2010 13:19:38 - Run 1
OTL by OldTimer - Version 3.2.17.0 Folder = C:\Documents and Settings\Maureen\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

375.00 Mb Total Physical Memory | 85.00 Mb Available Physical Memory | 23.00% Memory free
787.00 Mb Paging File | 340.00 Mb Available in Paging File | 43.00% Paging File free
Paging file location(s): C:\pagefile.sys 372 744 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 52.76 Gb Free Space | 70.79% Space Free | Partition Type: NTFS

Computer Name: YOUR-E641889C92 | User Name: Maureen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee 9.0.Browse] -- "C:\Program Files\ACD Systems\ACDSee\9.0\ACDSeeQV.exe" "%1" (ACD Systems Ltd.)
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Computer, Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0A146245-DB79-4197-BF5D-FE1A699A2CC7}" = Camera Window DS
"{0FEC1945-9A27-44F3-BD2B-E80D19CA518C}" = L-M LC Irish
"{117C01B5-9D68-4A15-85E2-A7CDFA82CEB9}" = OpenMG Secure Module 3.1
"{1AEC8F41-4701-415D-9782-F69CFB535463}" = Creative Zen MicroPhoto
"{1D643CD2-4DD6-11D7-A4E0-000874180BB3}" = Microsoft Money
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java™ 6 Update 6
"{33711828-7194-4446-8C05-0DC0E59A0C1B}" = CANON iMAGE GATEWAY Task
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B24B725-D81F-442D-8CE5-2AF05A4A4CC9}" = Music Visualizer Library 1.4.00
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{50E25180-3BDC-4B6D-80A2-3F1F0C9CF39D}" = Camera Window DVC
"{55BF0E5F-EA8E-4C13-A8B4-9E4857F5A2DE}" = QuickTime
"{5878FF02-3B8F-4309-B4E5-0D3DB6F2E8E6}" = iTunes
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6C3A75A6-9A90-44A3-A703-82AC1EA6A85D}" = Camera Window MC
"{71D6CE84-B7DC-4166-8E0D-56C1C37BFB5A}" = SonicStage 1.5.06
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = LiveUpdate BVRP Software
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}" = Digital Media Reader
"{874E44F3-B9A7-4AA1-B4BA-83E5684ED9C6}" = PhotoStitch
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8C64E149-54BA-11D6-91B1-00500462BE80}" = Microsoft Money System Pack
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{901F8ED7-13E8-43EF-B738-2FE89B0588EB}" = Camera Access Library
"{92022F8E-2E55-4A16-88EB-B4778B35E942}" = ACDSee for PENTAX 3.0
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A1D0D14A-B776-4907-BC00-5149F2298086}" = Camera Support Core Library
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2EB8F2E-6D9B-4F8B-96EB-F976D33F416F}" = Camera Window DVC
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B147DC1B-49B3-4368-8A01-5AD9992CD58D}" = MovieEdit Task
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{BAA43DA2-B6C5-46EC-B163-0E8EEAF975A4}" = RAW Image Task 2.2
"{BBBC2B89-E193-4348-A83C-C8DD8210A4AC}" = Canon PhotoRecord
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon ZoomBrowser EX (E)
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0E8C34D-19D2-49FD-A900-88DEB788FF86}" = Internet Library
"{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D944236D-7992-41D6-8257-930B5832F1CC}" = Creative Zen Micro
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F18E8A0F-BE99-4305-96A5-6C0FD9D7D999}" = mobile PhoneTools
"{F45298E5-0083-426F-A668-1A2C5F04B8A0}" = FaxTools
"{FF262740-C85A-11D5-BBEC-00D0B740900A}" = Multimedia Keyboard Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AviSynth" = AviSynth 2.5
"Creative Jukebox Driver" = Creative Jukebox Driver
"Creative Removable Disk Manager" = Creative Removable Disk Manager
"DVD Decrypter" = DVD Decrypter (Remove Only)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{0A146245-DB79-4197-BF5D-FE1A699A2CC7}" = Canon Camera Window DSLR 5 for ZoomBrowser EX
"InstallShield_{33711828-7194-4446-8C05-0DC0E59A0C1B}" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"InstallShield_{50E25180-3BDC-4B6D-80A2-3F1F0C9CF39D}" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"InstallShield_{6C3A75A6-9A90-44A3-A703-82AC1EA6A85D}" = Canon Camera Window MC 6 for ZoomBrowser EX
"InstallShield_{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}" = Digital Media Reader
"InstallShield_{874E44F3-B9A7-4AA1-B4BA-83E5684ED9C6}" = Canon Utilities PhotoStitch 3.1
"InstallShield_{901F8ED7-13E8-43EF-B738-2FE89B0588EB}" = Canon Camera Access Library
"InstallShield_{A1D0D14A-B776-4907-BC00-5149F2298086}" = Canon Camera Support Core Library
"InstallShield_{A2EB8F2E-6D9B-4F8B-96EB-F976D33F416F}" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"InstallShield_{B147DC1B-49B3-4368-8A01-5AD9992CD58D}" = Canon MovieEdit Task for ZoomBrowser EX
"InstallShield_{BAA43DA2-B6C5-46EC-B163-0E8EEAF975A4}" = Canon RAW Image Task for ZoomBrowser EX
"InstallShield_{D0E8C34D-19D2-49FD-A900-88DEB788FF86}" = Canon Internet Library for ZoomBrowser EX
"Lexmark X1100 Series" = Lexmark X1100 Series
"LimeWire" = LimeWire 4.8.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Essentials" = Microsoft Security Essentials
"Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"Nero - Burning Rom!UninstallKey" = Nero OEM
"Nero BurnRights!UninstallKey" = Nero BurnRights
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OpenMG HotFix3.1-02-08-09-01" = OpenMG Limited Patch 3.1-02-12-04-01
"OpenMG HotFix3.1-02-08-15-01" = OpenMG Limited Patch 3.1-02-10-22-01
"OpenMG HotFix3.1-02-10-08-01" = OpenMG Limited Patch 3.1-02-10-22-02
"Photo Gadget_is1" = Photo Gadget
"PROSet" = Intel® PRO Network Adapters and Drivers
"RealPlayer 6.0" = RealPlayer Basic
"SLAMRNTV" = Smart Link 56K Voice Modem
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"StreetPlugin" = Learn2 Player (Uninstall Only)
"SysInfo" = Creative System Information
"Videora iPod Converter" = Videora iPod Converter 3.07
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 0.9.8a
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 18/10/2010 02:42:38 | Computer Name = YOUR-E641889C92 | Source = ESENT | ID = 485
Description = wuauclt (5944) An attempt to delete the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edbtmp.log"
failed with system error 32 (0x00000020): "The process cannot access the file because
it is being used by another process. ". The delete file operation will fail with
error -1032 (0xfffffbf8).

Error - 18/10/2010 02:49:06 | Computer Name = YOUR-E641889C92 | Source = ESENT | ID = 489
Description = wuauclt (5856) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 18/10/2010 02:49:06 | Computer Name = YOUR-E641889C92 | Source = ESENT | ID = 455
Description = wuaueng.dll (5856) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 18/10/2010 02:49:17 | Computer Name = YOUR-E641889C92 | Source = ESENT | ID = 489
Description = wuauclt (5856) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 18/10/2010 02:49:17 | Computer Name = YOUR-E641889C92 | Source = ESENT | ID = 455
Description = wuaueng.dll (5856) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 18/10/2010 02:49:17 | Computer Name = YOUR-E641889C92 | Source = ESENT | ID = 485
Description = wuauclt (5856) An attempt to delete the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edbtmp.log"
failed with system error 32 (0x00000020): "The process cannot access the file because
it is being used by another process. ". The delete file operation will fail with
error -1032 (0xfffffbf8).

Error - 19/10/2010 12:09:15 | Computer Name = YOUR-E641889C92 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 0x8050a005, P2 mpupdateengine, P3 am bde,
P4 2.1.1112.0, P5 mpsigstub.exe, P6 2.1.6805.0, P7 microsoft security essentials,
P8 NIL, P9 NIL, P10 NIL.

Error - 19/10/2010 12:10:11 | Computer Name = YOUR-E641889C92 | Source = MSSecurityEssentials | ID = 5000
Description =

Error - 24/10/2010 06:12:45 | Computer Name = YOUR-E641889C92 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 0x8050800c, P2 mpupdateengine, P3 am bdd,
P4 10.3.1781.0, P5 mpsigstub.exe, P6 2.1.6805.0, P7 microsoft security essentials,
P8 NIL, P9 NIL, P10 NIL.

Error - 24/10/2010 06:13:03 | Computer Name = YOUR-E641889C92 | Source = MSSecurityEssentials | ID = 5000
Description =

[ System Events ]
Error - 18/10/2010 05:00:25 | Computer Name = YOUR-E641889C92 | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 19/10/2010 12:08:58 | Computer Name = YOUR-E641889C92 | Source = Microsoft Antimalware | ID = 2003
Description = %%861 has encountered an error trying to update the engine. New Engine
Version: 1.1.6301.0 Previous Engine Version: 1.1.6201.0 User: NT AUTHORITY\SYSTEM

Error
Code: 0x8050a005 Error description: The program can't find definition files that
help detect unwanted software. Check for updates to the definition files, and then
try again. For information on installing updates, see Help and Support.

Error - 19/10/2010 12:08:58 | Computer Name = YOUR-E641889C92 | Source = Microsoft Antimalware | ID = 2001
Description = %%861 has encountered an error trying to update signatures. New Signature
Version: 1.93.54.0 Previous Signature Version: 1.91.1759.0 Update Source: %%815 Update
Stage: %%854 Source Path: Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: 1.1.6301.0 Previous Engine Version: 1.1.6201.0 Error code: 0x8050a005

Error
description: The program can't find definition files that help detect unwanted
software. Check for updates to the definition files, and then try again. For information
on installing updates, see Help and Support.

Error - 19/10/2010 12:08:58 | Computer Name = YOUR-E641889C92 | Source = Microsoft Antimalware | ID = 2001
Description = %%861 has encountered an error trying to update signatures. New Signature
Version: 1.93.54.0 Previous Signature Version: 1.91.1759.0 Update Source: %%815 Update
Stage: %%854 Source Path: Signature Type: %%801 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: 1.1.6301.0 Previous Engine Version: 1.1.6201.0 Error code: 0x8050a005

Error
description: The program can't find definition files that help detect unwanted
software. Check for updates to the definition files, and then try again. For information
on installing updates, see Help and Support.

Error - 19/10/2010 12:09:50 | Computer Name = YOUR-E641889C92 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Definition Update for Microsoft Security Essentials - KB972696
(Definition 1.93.54.0).

Error - 19/10/2010 12:09:54 | Computer Name = YOUR-E641889C92 | Source = Microsoft Antimalware | ID = 2001
Description = %%861 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.91.1759.0 Update Source: %%859 Update Stage:
%%854 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6201.0 Error
code: 0x80070643 Error description: Fatal error during installation.

Error - 24/10/2010 06:12:39 | Computer Name = YOUR-E641889C92 | Source = Microsoft Antimalware | ID = 2001
Description = %%861 has encountered an error trying to update signatures. New Signature
Version: 1.93.366.0 Previous Signature Version: 1.93.355.0 Update Source: %%815 Update
Stage: %%854 Source Path: Signature Type: %%800 Update Type: %%804 User: NT AUTHORITY\SYSTEM

Current
Engine Version: 1.1.6301.0 Previous Engine Version: 1.1.6301.0 Error code: 0x8050800c

Error
description: An unexpected problem occurred. Install any available updates, and
then try to start the program again. For information on installing updates, see
Help and Support.

Error - 24/10/2010 06:12:39 | Computer Name = YOUR-E641889C92 | Source = Microsoft Antimalware | ID = 2001
Description = %%861 has encountered an error trying to update signatures. New Signature
Version: 1.93.366.0 Previous Signature Version: 1.93.355.0 Update Source: %%815 Update
Stage: %%854 Source Path: Signature Type: %%801 Update Type: %%804 User: NT AUTHORITY\SYSTEM

Current
Engine Version: 1.1.6301.0 Previous Engine Version: 1.1.6301.0 Error code: 0x8050800c

Error
description: An unexpected problem occurred. Install any available updates, and
then try to start the program again. For information on installing updates, see
Help and Support.

Error - 24/10/2010 06:12:52 | Computer Name = YOUR-E641889C92 | Source = Microsoft Antimalware | ID = 2001
Description = %%861 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.93.355.0 Update Source: %%859 Update Stage:
%%854 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6301.0 Error
code: 0x80070643 Error description: Fatal error during installation.

Error - 24/10/2010 06:13:52 | Computer Name = YOUR-E641889C92 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Definition Update for Microsoft Security Essentials - KB972696
(Definition 1.93.366.0).

< End of report >

#5
RKinner

Posted 24 October 2010 - 09:26 AM

Malware Expert

Expert
24,625 posts

1. Copy the text in the code box by highlighting and Ctrl + c


:Services
AppMgmt
ATW
Sunkfiltp

:OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6092
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Device Detector] File not found
O4 - HKLM..\Run: [Lutoqv] C:\Program Files\Ammpfn\Mmkjuku.exe File not found
O4 - HKLM..\Run: [nv010eig] C:\WINDOWS\System32\nv010eig.exe File not found
O4 - HKLM..\Run: [ODBCJET] C:\WINDOWS\System32\ODBCJET.exe File not found
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O20 - AppInit_DLLs: (cru629.dat??Ð?5.1) - File not found
O33 - MountPoints2\{2190ef84-b93d-11dc-9517-00111186cd49}\Shell - "" = AutoRun
O33 - MountPoints2\{2190ef84-b93d-11dc-9517-00111186cd49}\Shell\Auto\command - "" = I:\Cn911.exe -- File not found
O33 - MountPoints2\{2190ef84-b93d-11dc-9517-00111186cd49}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{79b837a7-0161-11dc-93ff-00111186cd49}\Shell - "" = AutoRun
O33 - MountPoints2\{79b837a7-0161-11dc-93ff-00111186cd49}\Shell\Auto\command - "" = I:\Cn911.exe -- File not found
O33 - MountPoints2\{79b837a7-0161-11dc-93ff-00111186cd49}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
[2008/06/04 15:45:55 | 000,011,464 | ---- | C] () -- C:\Program Files\Common Files\caromutice.vbs
[2008/06/03 21:54:32 | 000,019,357 | ---- | C] () -- C:\Documents and Settings\Maureen\Local Settings\Application Data\ehilecorix.inf
[2008/06/03 21:54:32 | 000,015,515 | ---- | C] () -- C:\Documents and Settings\Maureen\Application Data\emavy._dl
[2008/06/03 21:54:32 | 000,014,754 | ---- | C] () -- C:\WINDOWS\System32\ukinifahyw.sys
[2008/06/03 21:54:32 | 000,014,577 | ---- | C] () -- C:\Program Files\Common Files\sanitebufe._sy
[2008/06/03 21:54:32 | 000,012,591 | ---- | C] () -- C:\Documents and Settings\Maureen\Local Settings\Application Data\agol.reg
[2008/06/03 21:54:32 | 000,012,392 | ---- | C] () -- C:\Program Files\Common Files\uliboli.bat
[2008/06/03 21:54:32 | 000,011,872 | ---- | C] () -- C:\Documents and Settings\Maureen\Application Data\ohexoqac.dat
[2008/06/03 21:54:32 | 000,011,440 | ---- | C] () -- C:\Documents and Settings\Maureen\Local Settings\Application Data\exopepuhez.ban
[2008/05/29 20:45:09 | 000,019,125 | ---- | C] () -- C:\Documents and Settings\Maureen\Local Settings\Application Data\syhexuze.sys
[2008/05/29 20:45:09 | 000,018,526 | ---- | C] () -- C:\Program Files\Common Files\rohyduky.vbs
[2008/05/29 20:45:09 | 000,018,059 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\fypa.vbs
[2008/05/29 20:45:09 | 000,016,355 | ---- | C] () -- C:\Program Files\Common Files\utecymet._dl
[2008/05/29 20:45:09 | 000,014,648 | ---- | C] () -- C:\Documents and Settings\Maureen\Application Data\dufafu.com
[2008/05/29 20:45:09 | 000,014,227 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sisug.lib
[2008/05/29 20:45:09 | 000,014,020 | ---- | C] () -- C:\Documents and Settings\Maureen\Application Data\etihite.pif
[2008/05/29 20:45:09 | 000,012,124 | ---- | C] () -- C:\Documents and Settings\Maureen\Application Data\gitymozoji.lib
[2008/05/29 20:45:09 | 000,011,718 | ---- | C] () -- C:\Documents and Settings\Maureen\Application Data\zokomamyni.scr
[2005/04/22 20:54:14 | 000,004,469 | ---- | C] () -- C:\WINDOWS\System32\nv010eig.ini
[2005/04/22 20:54:14 | 000,000,035 | ---- | C] () -- C:\WINDOWS\System32\lp11a51j.ini
[2005/04/22 20:54:14 | 000,000,035 | ---- | C] () -- C:\WINDOWS\System32\i9uuk3km.ini

:Files
C:\Program Files\Ammpfn\Mmkjuku.exe
C:\WINDOWS\System32\nv010eig.exe
C:\WINDOWS\System32\ODBCJET.exe
     
:Commands
[RESETHOSTS]
[purity]
[emptytemp]
[Reboot]

then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.

2. Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

3. ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html

Download and Rename this file -- (call it george.exe ) to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on george to start the program.

* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Re-activate your protection programs at this time :!:

4. Download

http://ad13.geekstogo.com/MBRCheck.exe

Save it and run it. It will produce a log MBRCheck(date).txt on your desktop. Copy and paste it into a reply.

5. We Need to check for Rootkits with RootRepeal

Download RootRepeal from the following location and save it to your desktop.
Zip Mirrors (Recommended)
Secondary Mirror
Secondary Mirror

[*]Extract RootRepeal.exe from the archive.
[*]Open Posted Image

on your desktop.
[*]Before you run the scan go into Settings, Options, General and move the slider to Middle Level then close the Settings box!
[*]Click the Posted Image

button.
[*]Allow RootRepeal to run a scan of your system. This may take some time.
[*]Once the scan completes, push the Posted Image

button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.
[/list]
6.

Go to this page and Download TDSSKiller.zip to your Desktop.
Extract its contents to your desktop and drag TDSSKiller.exe on the desktop, not in the folder.
Double click on TDSSKiller.exe
If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

7. Download Flash_Disinfector.exe by sUBs
http://download.blee...Disinfector.exe
and save it to your desktop.

* Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
* The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
* Wait until it has finished scanning and then exit the program.
* Reboot your computer when done.

Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.

Ron

#6
brodigan

Posted 24 October 2010 - 10:47 AM

Member

Topic Starter
Member
73 posts

First Scan;

All processes killed
========== SERVICES/DRIVERS ==========
Service AppMgmt stopped successfully!
Service AppMgmt deleted successfully!
Error: No service named ATW was found to stop!
Service\Driver key ATW not found.
Service Sunkfiltp stopped successfully!
Service Sunkfiltp deleted successfully!
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Device Detector deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Lutoqv deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\nv010eig deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ODBCJET deleted successfully.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:cru629.dat??Ð?5.1 deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2190ef84-b93d-11dc-9517-00111186cd49}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2190ef84-b93d-11dc-9517-00111186cd49}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2190ef84-b93d-11dc-9517-00111186cd49}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2190ef84-b93d-11dc-9517-00111186cd49}\ not found.
File I:\Cn911.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2190ef84-b93d-11dc-9517-00111186cd49}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2190ef84-b93d-11dc-9517-00111186cd49}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{79b837a7-0161-11dc-93ff-00111186cd49}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{79b837a7-0161-11dc-93ff-00111186cd49}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{79b837a7-0161-11dc-93ff-00111186cd49}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{79b837a7-0161-11dc-93ff-00111186cd49}\ not found.
File I:\Cn911.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{79b837a7-0161-11dc-93ff-00111186cd49}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{79b837a7-0161-11dc-93ff-00111186cd49}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck autochk * deleted successfully.
AppMgmt removed from NetSvcs value successfully!
C:\Program Files\Common Files\caromutice.vbs moved successfully.
C:\Documents and Settings\Maureen\Local Settings\Application Data\ehilecorix.inf moved successfully.
C:\Documents and Settings\Maureen\Application Data\emavy._dl moved successfully.
C:\WINDOWS\system32\ukinifahyw.sys moved successfully.
C:\Program Files\Common Files\sanitebufe._sy moved successfully.
C:\Documents and Settings\Maureen\Local Settings\Application Data\agol.reg moved successfully.
C:\Program Files\Common Files\uliboli.bat moved successfully.
C:\Documents and Settings\Maureen\Application Data\ohexoqac.dat moved successfully.
C:\Documents and Settings\Maureen\Local Settings\Application Data\exopepuhez.ban moved successfully.
C:\Documents and Settings\Maureen\Local Settings\Application Data\syhexuze.sys moved successfully.
C:\Program Files\Common Files\rohyduky.vbs moved successfully.
C:\Documents and Settings\All Users\Application Data\fypa.vbs moved successfully.
C:\Program Files\Common Files\utecymet._dl moved successfully.
C:\Documents and Settings\Maureen\Application Data\dufafu.com moved successfully.
C:\Documents and Settings\All Users\Application Data\sisug.lib moved successfully.
C:\Documents and Settings\Maureen\Application Data\etihite.pif moved successfully.
C:\Documents and Settings\Maureen\Application Data\gitymozoji.lib moved successfully.
C:\Documents and Settings\Maureen\Application Data\zokomamyni.scr moved successfully.
C:\WINDOWS\system32\nv010eig.ini moved successfully.
C:\WINDOWS\system32\lp11a51j.ini moved successfully.
C:\WINDOWS\system32\i9uuk3km.ini moved successfully.
========== FILES ==========
File\Folder C:\Program Files\Ammpfn\Mmkjuku.exe not found.
File\Folder C:\WINDOWS\System32\nv010eig.exe not found.
File\Folder C:\WINDOWS\System32\ODBCJET.exe not found.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: David
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Declan
->Temp folder emptied: 40960 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 16786 bytes

User: Maureen
->Temp folder emptied: 14461390 bytes
->Temporary Internet Files folder emptied: 120468 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 47219634 bytes
->Flash cache emptied: 869 bytes

User: NetworkService
->Temp folder emptied: 45598 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Owner

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2776960 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 62.00 mb

OTL by OldTimer - Version 3.2.17.0 log created on 10242010_173916

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

#7
brodigan

Posted 24 October 2010 - 10:55 AM

Member

Topic Starter
Member
73 posts

Quick scan log;

OTL logfile created on: 24/10/2010 17:48:37 - Run 2
OTL by OldTimer - Version 3.2.17.0 Folder = C:\Documents and Settings\Maureen\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

375.00 Mb Total Physical Memory | 102.00 Mb Available Physical Memory | 27.00% Memory free
713.00 Mb Paging File | 319.00 Mb Available in Paging File | 45.00% Paging File free
Paging file location(s): C:\pagefile.sys 372 744 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 53.04 Gb Free Space | 71.17% Space Free | Partition Type: NTFS

Computer Name: YOUR-E641889C92 | User Name: Maureen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/10/24 13:18:07 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Maureen\Desktop\OTL.exe
PRC - [2010/09/15 04:34:02 | 001,094,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2010/04/11 10:40:05 | 000,307,672 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2010/03/25 21:40:42 | 000,203,312 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MpCmdRun.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/25 04:28:02 | 000,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
PRC - [2005/10/28 15:12:04 | 000,155,648 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
PRC - [2005/06/02 16:54:34 | 000,086,606 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2004/07/06 09:05:48 | 002,550,272 | ---- | M] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXE
PRC - [2004/07/02 02:58:14 | 000,073,728 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2004/05/18 01:30:04 | 000,543,232 | ---- | M] () -- C:\WINDOWS\zHotkey.exe
PRC - [2004/03/11 22:18:54 | 000,135,168 | ---- | M] (Alcor Micro, Corp.) -- C:\Program Files\Digital Media Reader\shwiconEM.exe
PRC - [2004/03/01 05:20:20 | 000,045,056 | ---- | M] ( ) -- C:\WINDOWS\system32\slserv.exe
PRC - [2003/08/19 16:00:40 | 000,053,248 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
PRC - [2003/08/19 15:43:48 | 000,057,344 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe

========== Modules (SafeList) ==========

MOD - [2010/10/24 13:18:07 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Maureen\Desktop\OTL.exe
MOD - [2010/08/23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2005/06/02 16:54:34 | 000,086,606 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2004/03/01 05:20:20 | 000,045,056 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\slserv.exe -- (SLService)
SRV - [2002/07/23 06:45:12 | 000,065,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2004/09/30 01:27:00 | 000,016,880 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctpdusb.sys -- (Jukebox3)
DRV - [2004/09/02 03:57:21 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2004/07/07 07:59:44 | 002,185,408 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2004/04/12 01:35:22 | 001,301,080 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mtlstrm.sys -- (Mtlstrm)
DRV - [2004/04/11 13:42:56 | 000,095,800 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slnthal.sys -- (SlNtHal)
DRV - [2004/04/11 13:40:38 | 000,635,280 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\slntamr.sys -- (Slntamr)
DRV - [2004/04/02 15:21:52 | 000,013,840 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\RecAgent.sys -- (RecAgent)
DRV - [2004/03/22 18:27:20 | 000,042,936 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Sunkfilt39.sys -- (SunkFilt39)
DRV - [2004/03/22 18:01:38 | 000,040,564 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sunkfilt.sys -- (SunkFilt)
DRV - [2004/03/17 22:12:12 | 000,135,168 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/03/17 22:10:40 | 000,113,664 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004/03/01 04:00:10 | 000,230,584 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mtlmnt5.sys -- (Mtlmnt5)
DRV - [2004/03/01 03:38:52 | 000,180,592 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ntmtlfax.sys -- (NtMtlFax)
DRV - [2004/03/01 03:27:58 | 000,013,248 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\slwdmsup.sys -- (SlWdmSup)
DRV - [2002/08/08 16:51:32 | 000,038,951 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETMDUSB.sys -- (NETMDUSB)
DRV - [2001/08/17 14:46:40 | 000,006,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\enum1394.sys -- (ENUM1394)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/11 10:40:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/27 19:12:37 | 000,000,000 | ---D | M]

[2009/02/13 23:42:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maureen\Application Data\Mozilla\Extensions
[2010/10/20 17:15:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maureen\Application Data\Mozilla\Firefox\Profiles\c08hsf6b.default\extensions
[2009/08/28 09:36:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Maureen\Application Data\Mozilla\Firefox\Profiles\c08hsf6b.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/01/11 18:48:30 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/02/28 13:48:25 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/02/28 13:48:25 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/02/28 13:48:25 | 000,000,759 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/02/28 13:48:25 | 000,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/10/24 17:39:25 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [CHotkey] C:\WINDOWS\zHotkey.exe ()
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\Hdaudpropshortcut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [Lexmark X1100 Series] C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [ShowWnd] C:\WINDOWS\ShowWnd.exe ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconEM.exe (Alcor Micro, Corp.)
O4 - HKCU..\Run: [MoneyAgent] C:\Program Files\Microsoft Money\System\mnyexpr.exe (Microsoft Corp.)
O4 - Startup: C:\Documents and Settings\Maureen\Start Menu\Programs\Startup\Cyber-shot Viewer Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\npjpi160_06.dll (Sun Microsystems, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://dl8-cdn-01.su...ows-i586-jc.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_06)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\emachines.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\emachines.bmp
O32 - HKLM CDRom: AutoRun - 1
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/24 17:39:16 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/10/24 13:17:54 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Maureen\Desktop\OTL.exe
[2010/10/19 17:19:00 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/10/19 17:18:55 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/10/19 17:18:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/19 17:16:19 | 006,153,384 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Maureen\Desktop\mbam-setup(2).exe
[2010/10/14 13:33:52 | 006,153,384 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Maureen\Desktop\mbam-setup.exe
[2010/10/14 13:31:07 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Maureen\Desktop\erunt-setup.exe
[2010/09/28 23:16:55 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Maureen\PrivacIE
[2010/09/28 15:05:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/09/27 23:33:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/09/27 23:02:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2010/09/27 23:02:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2010/09/27 23:02:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2010/09/27 23:02:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2010/09/27 22:51:29 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2010/09/27 22:51:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\EHome
[2010/09/27 19:07:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/09/27 18:52:59 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Maureen\IETldCache
[2010/09/27 18:25:55 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/09/27 18:07:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Maureen\Application Data\Malwarebytes
[2010/09/27 18:06:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/09/27 18:04:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/09/27 17:54:24 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Maureen\Desktop\TFC.exe
[2004/09/02 11:29:25 | 000,095,800 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slnthal.sys
[2004/09/02 11:29:25 | 000,013,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slwdmsup.sys
[2004/09/02 11:29:24 | 001,301,080 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\mtlstrm.sys
[2004/09/02 11:29:24 | 000,635,280 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slntamr.sys
[2004/09/02 11:29:24 | 000,230,584 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys
[2004/09/02 11:29:24 | 000,180,592 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\ntmtlfax.sys
[2004/09/02 11:29:24 | 000,013,840 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\RecAgent.sys
[2004/09/02 04:38:12 | 000,014,968 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\winddx.sys

========== Files - Modified Within 30 Days ==========

[2010/10/24 17:46:03 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/10/24 17:40:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/24 17:39:25 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/10/24 16:58:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3973658002-517912522-2237625449-1010UA.job
[2010/10/24 13:18:07 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Maureen\Desktop\OTL.exe
[2010/10/24 04:58:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3973658002-517912522-2237625449-1010Core.job
[2010/10/19 17:19:04 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/19 17:17:07 | 006,153,384 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Maureen\Desktop\mbam-setup(2).exe
[2010/10/19 16:49:03 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/14 16:14:31 | 000,285,168 | ---- | M] () -- C:\Documents and Settings\Maureen\Desktop\gmer.zip
[2010/10/14 13:34:58 | 006,153,384 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Maureen\Desktop\mbam-setup.exe
[2010/10/14 13:31:36 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Maureen\Desktop\erunt-setup.exe
[2010/10/14 13:20:55 | 000,272,576 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/14 13:16:02 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/10/14 13:14:36 | 000,000,820 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/10/14 13:02:16 | 000,435,396 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/14 13:02:16 | 000,068,292 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/14 12:29:30 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010/10/14 12:29:29 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/10/14 12:29:03 | 000,002,155 | ---- | M] () -- C:\Documents and Settings\Maureen\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2010/10/13 13:50:00 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Maureen\Desktop\gmer.exe
[2010/09/27 22:55:53 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/09/27 18:53:01 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Maureen\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/09/27 17:58:56 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\Maureen\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/09/27 17:54:25 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Maureen\Desktop\TFC.exe

========== Files Created - No Company Name ==========

[2010/10/19 17:19:04 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/15 12:25:52 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Maureen\Desktop\gmer.exe
[2010/10/14 16:14:18 | 000,285,168 | ---- | C] () -- C:\Documents and Settings\Maureen\Desktop\gmer.zip
[2010/10/14 13:14:35 | 000,000,820 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/10/14 12:29:30 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2010/10/14 12:29:29 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2010/09/27 19:12:25 | 000,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/09/27 17:58:56 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\Maureen\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2007/05/13 16:03:52 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\Maureen\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/05/13 15:49:34 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2006/12/28 13:14:05 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2006/11/30 22:05:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2006/10/18 21:18:53 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\PdeSrvps.dll
[2006/04/16 16:45:10 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2006/01/26 13:26:37 | 000,262,416 | ---- | C] () -- C:\WINDOWS\System32\ASFV2.DLL
[2006/01/26 13:24:47 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\TDI-SonyOMG.dll
[2005/03/05 16:22:17 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/02/01 18:06:28 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/01/31 01:03:25 | 000,000,202 | ---- | C] () -- C:\WINDOWS\WORDSTOK.INI
[2005/01/31 00:34:06 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A4W.INI
[2005/01/30 21:41:05 | 000,000,372 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2005/01/29 20:58:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
[2004/09/02 11:29:24 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\slextspk.dll
[2004/09/02 11:29:24 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\SLGen.dll
[2004/09/02 11:29:24 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\coinst.dll
[2004/09/02 11:29:22 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2004/09/02 11:29:02 | 000,001,432 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/09/02 11:29:02 | 000,000,456 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2004/09/02 04:38:12 | 000,528,384 | ---- | C] () -- C:\WINDOWS\System32\SLLights.dll
[2004/09/02 04:38:12 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\amr_cpl.dll
[2004/09/02 04:38:12 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\SLMOHServ.dll
[2004/09/02 04:36:11 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/09/02 04:25:27 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/09/02 03:54:14 | 000,532,544 | ---- | C] () -- C:\WINDOWS\PIC.dll
[2004/09/02 03:54:14 | 000,024,576 | ---- | C] () -- C:\WINDOWS\HKNTDLL.dll
[2004/09/02 03:50:20 | 000,156,160 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2003/08/18 15:46:38 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\LXBKLCNP.DLL
[2002/11/13 20:40:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbkvs.dll
[2002/09/13 16:40:06 | 000,000,266 | ---- | C] () -- C:\WINDOWS\System32\lxbkcoin.ini
[2002/03/21 15:39:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL

========== LOP Check ==========

[2008/10/03 17:29:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2006/01/26 13:38:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2004/09/10 06:28:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/04/18 12:16:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maureen\Application Data\ACD Systems
[2010/06/02 21:35:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maureen\Application Data\alot
[2005/01/29 20:55:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maureen\Application Data\Template
[2010/10/24 17:46:03 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========

< End of report >

#8
brodigan

Posted 24 October 2010 - 11:25 AM

Member

Topic Starter
Member
73 posts

Combofix log;

ComboFix 10-10-23.02 - Maureen 24/10/2010 18:10:34.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.375.138 [GMT 1:00]
Running from: c:\documents and settings\Maureen\Desktop\george.exe
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\David\Application Data\alot
c:\documents and settings\Declan\Application Data\alot
c:\documents and settings\Declan\Application Data\alot\BrowserSearch\BrowserSearch.xml
c:\documents and settings\Declan\Application Data\alot\BrowserSearch\BrowserSearch.xml.backup
c:\documents and settings\Declan\Application Data\alot\Button_0\Button_0.xml
c:\documents and settings\Declan\Application Data\alot\Button_0\Button_0.xml.backup
c:\documents and settings\Declan\Application Data\alot\Button_1\Button_1.xml
c:\documents and settings\Declan\Application Data\alot\Button_1\Button_1.xml.backup
c:\documents and settings\Declan\Application Data\alot\Button_10\Button_10.xml
c:\documents and settings\Declan\Application Data\alot\Button_10\Button_10.xml.backup
c:\documents and settings\Declan\Application Data\alot\Button_11\Button_11.xml
c:\documents and settings\Declan\Application Data\alot\Button_11\Button_11.xml.backup
c:\documents and settings\Declan\Application Data\alot\Button_2\Button_2.xml
c:\documents and settings\Declan\Application Data\alot\Button_2\Button_2.xml.backup
c:\documents and settings\Declan\Application Data\alot\Button_3\Button_3.xml
c:\documents and settings\Declan\Application Data\alot\Button_3\Button_3.xml.backup
c:\documents and settings\Declan\Application Data\alot\Button_4\Button_4.xml
c:\documents and settings\Declan\Application Data\alot\Button_4\Button_4.xml.backup
c:\documents and settings\Declan\Application Data\alot\Button_5\Button_5.xml
c:\documents and settings\Declan\Application Data\alot\Button_5\Button_5.xml.backup
c:\documents and settings\Declan\Application Data\alot\Button_6\Button_6.xml
c:\documents and settings\Declan\Application Data\alot\Button_6\Button_6.xml.backup
c:\documents and settings\Declan\Application Data\alot\Button_7\Button_7.xml
c:\documents and settings\Declan\Application Data\alot\Button_7\Button_7.xml.backup
c:\documents and settings\Declan\Application Data\alot\Button_8\Button_8.xml
c:\documents and settings\Declan\Application Data\alot\Button_8\Button_8.xml.backup
c:\documents and settings\Declan\Application Data\alot\Button_9\Button_9.xml
c:\documents and settings\Declan\Application Data\alot\Button_9\Button_9.xml.backup
c:\documents and settings\Declan\Application Data\alot\configurator\configurator.xml
c:\documents and settings\Declan\Application Data\alot\configurator\configurator.xml.backup
c:\documents and settings\Declan\Application Data\alot\contextMenu\contextMenu.xml
c:\documents and settings\Declan\Application Data\alot\contextMenu\contextMenu.xml.backup
c:\documents and settings\Declan\Application Data\alot\ErrorSearch\ErrorSearch.xml
c:\documents and settings\Declan\Application Data\alot\ErrorSearch\ErrorSearch.xml.backup
c:\documents and settings\Declan\Application Data\alot\products\products.xml
c:\documents and settings\Declan\Application Data\alot\products\products.xml.backup
c:\documents and settings\Declan\Application Data\alot\Resources\BrowserSearch\alot_search_defend.html
c:\documents and settings\Declan\Application Data\alot\Resources\BrowserSearch\images\favicon.ico
c:\documents and settings\Declan\Application Data\alot\Resources\Button_0\images\alot_logo_button.bmp
c:\documents and settings\Declan\Application Data\alot\Resources\Button_0\images\alot_logo_button.png
c:\documents and settings\Declan\Application Data\alot\Resources\Button_1\images\alot_image_search.bmp
c:\documents and settings\Declan\Application Data\alot\Resources\Button_1\images\alot_image_search.png
c:\documents and settings\Declan\Application Data\alot\Resources\Button_1\images\alot_news_search.bmp
c:\documents and settings\Declan\Application Data\alot\Resources\Button_1\images\alot_news_search.png
c:\documents and settings\Declan\Application Data\alot\Resources\Button_1\images\alot_search_button.bmp
c:\documents and settings\Declan\Application Data\alot\Resources\Button_1\images\alot_search_button.png
c:\documents and settings\Declan\Application Data\alot\Resources\Button_1\images\alot_shop_search.bmp
c:\documents and settings\Declan\Application Data\alot\Resources\Button_1\images\alot_shop_search.png
c:\documents and settings\Declan\Application Data\alot\Resources\Button_1\images\alot_videos_search.bmp
c:\documents and settings\Declan\Application Data\alot\Resources\Button_1\images\alot_videos_search.png
c:\documents and settings\Declan\Application Data\alot\Resources\Button_1\images\alot_web_search.bmp
c:\documents and settings\Declan\Application Data\alot\Resources\Button_1\images\alot_web_search.png
c:\documents and settings\Declan\Application Data\alot\Resources\Button_10\images\4175_icon.png
c:\documents and settings\Declan\Application Data\alot\Resources\Button_11\images\3950_icon.png
c:\documents and settings\Declan\Application Data\alot\Resources\Button_2\images\alot_configure.bmp
c:\documents and settings\Declan\Application Data\alot\Resources\Button_2\images\alot_configure.png
c:\documents and settings\Declan\Application Data\alot\Resources\Button_3\images\default_1238_alot_rec_recipesearch.bmp
c:\documents and settings\Declan\Application Data\alot\Resources\Button_3\images\default_1238_alot_rec_recipesearch.png
c:\documents and settings\Declan\Application Data\alot\Resources\Button_4\images\default_1244_alot_rec_recipenews.bmp
c:\documents and settings\Declan\Application Data\alot\Resources\Button_4\images\default_1244_alot_rec_recipenews.png
c:\documents and settings\Declan\Application Data\alot\Resources\Button_5\images\default_1105_alot_recipe_videos.bmp
c:\documents and settings\Declan\Application Data\alot\Resources\Button_5\images\default_1105_alot_recipe_videos.png
c:\documents and settings\Declan\Application Data\alot\Resources\Button_6\images\cloudy.png
c:\documents and settings\Declan\Application Data\alot\Resources\Button_6\images\default_1007_alot_weather_widget.bmp
c:\documents and settings\Declan\Application Data\alot\Resources\Button_6\images\default_1007_alot_weather_widget.png
c:\documents and settings\Declan\Application Data\alot\Resources\Button_6\images\mcloud.png
c:\documents and settings\Declan\Application Data\alot\Resources\Button_6\images\nclear.png
c:\documents and settings\Declan\Application Data\alot\Resources\Button_6\images\nmcloud.png
c:\documents and settings\Declan\Application Data\alot\Resources\Button_6\images\pcloud.png
c:\documents and settings\Declan\Application Data\alot\Resources\Button_6\images\rain.png
c:\documents and settings\Declan\Application Data\alot\Resources\Button_6\images\shower.png
c:\documents and settings\Declan\Application Data\alot\Resources\Button_7\images\3562_icon.bmp
c:\documents and settings\Declan\Application Data\alot\Resources\Button_7\images\3562_icon.png
c:\documents and settings\Declan\Application Data\alot\Resources\Button_8\images\3268_icon.png
c:\documents and settings\Declan\Application Data\alot\Resources\Button_9\images\3969_icon.png
c:\documents and settings\Declan\Application Data\alot\Resources\contextMenu\images\alot_icon.bmp
c:\documents and settings\Declan\Application Data\alot\Resources\contextMenu\images\alot_icon.png
c:\documents and settings\Declan\Application Data\alot\Resources\contextMenu\images\alot_logo_button.bmp
c:\documents and settings\Declan\Application Data\alot\Resources\contextMenu\images\alot_logo_button.png
c:\documents and settings\Declan\Application Data\alot\Resources\Shared\domains.dat
c:\documents and settings\Declan\Application Data\alot\Resources\Shared\images\alot_brand.png
c:\documents and settings\Declan\Application Data\alot\Resources\Shared\images\alot_splitter.png
c:\documents and settings\Declan\Application Data\alot\Resources\Shared\images\discover.png
c:\documents and settings\Declan\Application Data\alot\Resources\Shared\images\intro_popup.png
c:\documents and settings\Declan\Application Data\alot\Resources\Shared\images\spinner.bmp
c:\documents and settings\Declan\Application Data\alot\Resources\Shared\images\widget_bottom.bmp
c:\documents and settings\Declan\Application Data\alot\Resources\Shared\images\widget_btnclose0.bmp
c:\documents and settings\Declan\Application Data\alot\Resources\Shared\images\widget_btnclose1.bmp
c:\documents and settings\Declan\Application Data\alot\Resources\Shared\images\widget_btnconfig0.bmp
c:\documents and settings\Declan\Application Data\alot\Resources\Shared\images\widget_btnconfig1.bmp
c:\documents and settings\Declan\Application Data\alot\Resources\Shared\images\widget_btnrefresh0.bmp
c:\documents and settings\Declan\Application Data\alot\Resources\Shared\images\widget_btnrefresh1.bmp
c:\documents and settings\Declan\Application Data\alot\Resources\Shared\images\widget_caption.bmp
c:\documents and settings\Declan\Application Data\alot\Resources\Shared\images\widget_error_bg.bmp
c:\documents and settings\Declan\Application Data\alot\Resources\Shared\images\widget_error_close.bmp
c:\documents and settings\Declan\Application Data\alot\Resources\Shared\images\widget_error_icon.bmp
c:\documents and settings\Declan\Application Data\alot\TimerManager\TimerManager.xml
c:\documents and settings\Declan\Application Data\alot\TimerManager\TimerManager.xml.backup
c:\documents and settings\Declan\Application Data\alot\toolbar.xml
c:\documents and settings\Declan\Application Data\alot\toolbar.xml.backup
c:\documents and settings\Declan\Application Data\alot\toolbarContextMenu\toolbarContextMenu.xml
c:\documents and settings\Declan\Application Data\alot\toolbarContextMenu\toolbarContextMenu.xml.backup
c:\documents and settings\Declan\Application Data\alot\ToolbarSearch\ToolbarSearch.xml
c:\documents and settings\Declan\Application Data\alot\Updater\Updater.xml
c:\documents and settings\Declan\Application Data\alot\Updater\Updater.xml.backup
c:\documents and settings\Maureen\Application Data\alot
c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
c:\program files\Mozilla Firefox\Plugins\npqtplugin2.dll
c:\program files\Mozilla Firefox\Plugins\npqtplugin3.dll
c:\program files\Mozilla Firefox\Plugins\npqtplugin4.dll
c:\program files\Mozilla Firefox\Plugins\npqtplugin5.dll
c:\program files\Mozilla Firefox\Plugins\npqtplugin6.dll
c:\program files\Mozilla Firefox\plugins\npqtplugin7.dll
c:\program files\QuickTime\Plugins\npqtplugin2.dll
c:\program files\QuickTime\Plugins\npqtplugin3.dll
c:\program files\QuickTime\Plugins\npqtplugin4.dll
c:\program files\QuickTime\Plugins\npqtplugin5.dll
c:\program files\QuickTime\Plugins\npqtplugin6.dll
c:\program files\QuickTime\Plugins\npqtplugin7.dll
c:\windows\gapepaq.scr
c:\windows\nurykej.exe

.
((((((((((((((((((((((((( Files Created from 2010-09-24 to 2010-10-24 )))))))))))))))))))))))))))))))
.

2010-10-24 16:39 . 2010-10-24 16:39 -------- d-----w- C:\_OTL
2010-10-24 00:46 . 2010-10-07 15:21 6146896 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{88A516F7-0431-4B0A-BCB2-E9C7E182ACE7}\mpengine.dll
2010-10-19 16:19 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-19 16:18 . 2010-10-19 16:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-19 16:18 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-14 11:48 . 2010-09-18 06:53 954368 -c----w- c:\windows\system32\dllcache\mfc40.dll
2010-10-14 11:48 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-10-14 11:48 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-14 11:45 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2010-10-14 11:29 . 2010-10-14 11:29 1409 ----a-w- c:\windows\QTFont.for
2010-10-01 18:09 . 2010-10-01 18:09 -------- d-sh--w- c:\documents and settings\Declan\IETldCache
2010-09-29 14:45 . 2010-10-07 15:21 6146896 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2010-09-28 22:16 . 2010-09-28 22:16 -------- d-sh--w- c:\documents and settings\Maureen\PrivacIE
2010-09-28 13:58 . 2010-09-10 05:58 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-09-28 13:58 . 2010-09-10 05:58 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-09-28 13:58 . 2010-09-10 05:58 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-09-27 22:32 . 2010-09-27 22:32 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-09-27 22:02 . 2010-09-27 22:02 -------- d-----w- c:\windows\system32\scripting
2010-09-27 22:02 . 2010-09-27 22:02 -------- d-----w- c:\windows\l2schemas
2010-09-27 22:02 . 2010-09-27 22:02 -------- d-----w- c:\windows\system32\en
2010-09-27 22:02 . 2010-09-27 22:02 -------- d-----w- c:\windows\system32\bits
2010-09-27 21:51 . 2010-09-27 21:51 -------- d-----w- c:\windows\EHome
2010-09-27 18:13 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-27 18:12 . 2010-09-27 18:12 131072 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin.dll
2010-09-27 18:07 . 2010-10-14 12:14 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-09-27 17:52 . 2010-09-27 17:52 -------- d-sh--w- c:\documents and settings\Maureen\IETldCache
2010-09-27 17:25 . 2010-09-27 17:28 -------- dc-h--w- c:\windows\ie8
2010-09-27 17:07 . 2010-09-27 17:07 -------- d-----w- c:\documents and settings\Maureen\Application Data\Malwarebytes
2010-09-27 17:06 . 2010-09-27 17:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 11:23 . 2004-09-20 16:44 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-09-20 16:44 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-09-20 16:44 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2004-09-20 16:44 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58 . 2004-09-20 16:46 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2004-09-20 16:44 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2004-09-20 16:43 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:51 . 2004-09-20 16:42 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2004-09-20 16:46 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2004-09-20 16:45 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2004-09-20 16:45 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2004-09-20 16:45 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-26 12:52 . 2009-04-15 19:26 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12 . 2004-09-20 16:42 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2004-09-20 16:45 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2004-09-20 16:45 590848 ----a-w- c:\windows\system32\rpcrt4.dll
.

------- Sigcheck -------

[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\atapi.sys
[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\drivers\atapi.sys
[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0015\DriverFiles\i386\atapi.sys

[-] 2006-10-18 20:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
[-] 2006-10-18 20:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\dllcache\mspmsnsv.dll
[-] 2005-01-28 12:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
[-] 2005-01-28 12:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
[-] 2004-08-04 12:00 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MoneyAgent"="c:\program files\Microsoft Money\System\mnyexpr.exe" [2003-06-18 200704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-06-07 155648]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-17 61952]
"CHotkey"="zHotkey.exe" [2004-05-18 543232]
"ShowWnd"="ShowWnd.exe" [2003-09-19 36864]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-11-01 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SoundMan"="SOUNDMAN.EXE" [2004-07-02 73728]
"SunKistEM"="c:\program files\Digital Media Reader\shwiconem.exe" [2004-03-11 135168]
"AlcWzrd"="ALCWZRD.EXE" [2004-07-06 2550272]
"Lexmark X1100 Series"="c:\program files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 57344]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-24 282624]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-09-25 229952]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 144784]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\David\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2005-3-1 81920]

c:\documents and settings\Maureen\Start Menu\Programs\Startup\
Cyber-shot Viewer Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-5-13 155648]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

.
Contents of the 'Scheduled Tasks' folder

2010-08-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]

2010-10-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3973658002-517912522-2237625449-1010Core.job
- c:\documents and settings\David\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-25 09:22]

2010-10-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3973658002-517912522-2237625449-1010UA.job
- c:\documents and settings\David\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-25 09:22]

2010-10-24 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-25 20:40]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.msn.co.uk/
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Maureen\Application Data\Mozilla\Firefox\Profiles\c08hsf6b.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-24 18:17
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-10-24 18:21:37
ComboFix-quarantined-files.txt 2010-10-24 17:21

Pre-Run: 56,852,680,704 bytes free
Post-Run: 56,812,564,480 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect

- - End Of File - - 5E85FD866F537B324F8F393B4DCF2942

#9
brodigan

Posted 24 October 2010 - 11:32 AM

Member

Topic Starter
Member
73 posts

MBRCheck scan;

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x000000fc

Kernel Drivers (total 124):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806FF000 \WINDOWS\system32\hal.dll
0xF7BC7000 \WINDOWS\system32\KDCOM.DLL
0xF7AD7000 \WINDOWS\system32\BOOTVID.dll
0xF7678000 ACPI.sys
0xF7BC9000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7667000 pci.sys
0xF76C7000 isapnp.sys
0xF76D7000 ohci1394.sys
0xF76E7000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF7C8F000 pciide.sys
0xF7947000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7BCB000 intelide.sys
0xF76F7000 MountMgr.sys
0xF7648000 ftdisk.sys
0xF794F000 PartMgr.sys
0xF7707000 VolSnap.sys
0xF7630000 atapi.sys
0xF7717000 disk.sys
0xF7727000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7610000 fltmgr.sys
0xF75FE000 sr.sys
0xF75E7000 KSecDD.sys
0xF75D4000 WudfPf.sys
0xF7547000 Ntfs.sys
0xF751A000 NDIS.sys
0xF7ADB000 RecAgent.sys
0xF7500000 Mup.sys
0xF7927000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF7405000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
0xF73F1000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF73CD000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF7A07000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF73AA000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7A0F000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF7347000 \SystemRoot\system32\DRIVERS\slntamr.sys
0xF7BA3000 \SystemRoot\system32\DRIVERS\SlWdmSup.sys
0xF7328000 \SystemRoot\system32\DRIVERS\Mtlmnt5.sys
0xF7A17000 \SystemRoot\System32\Drivers\Modem.SYS
0xF7937000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xF7302000 \SystemRoot\system32\DRIVERS\e100b325.sys
0xF7757000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF7A1F000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF7A27000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7A2F000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF7767000 \SystemRoot\system32\DRIVERS\serial.sys
0xF7BAF000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF72EE000 \SystemRoot\system32\DRIVERS\parport.sys
0xF7777000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF7787000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF7797000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF72CB000 \SystemRoot\system32\DRIVERS\ks.sys
0xF7A3F000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0xF7D12000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF77A7000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7BB7000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF72B4000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF77B7000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF77C7000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7A47000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF72A3000 \SystemRoot\system32\DRIVERS\psched.sys
0xF77D7000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF7A4F000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7A57000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF77E7000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7BE5000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF71A5000 \SystemRoot\system32\DRIVERS\update.sys
0xF7BBF000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF7807000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xAA53F000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xAA51E000 \SystemRoot\system32\drivers\portcls.sys
0xF7817000 \SystemRoot\system32\drivers\drmk.sys
0xF7827000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7BEB000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7B57000 \SystemRoot\system32\drivers\MODEMCSA.sys
0xAA4D3000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0xF7A5F000 \??\C:\WINDOWS\System32\Drivers\sunkfilt.sys
0xF7C2B000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7CD2000 \SystemRoot\System32\Drivers\Null.SYS
0xF7C2D000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7A6F000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF7A77000 \SystemRoot\System32\drivers\vga.sys
0xF7C2F000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7C31000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF7A7F000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7A87000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7B97000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xAA4A0000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xAA447000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xAA41F000 \SystemRoot\system32\DRIVERS\netbt.sys
0xAA3FD000 \SystemRoot\System32\drivers\afd.sys
0xF7877000 \SystemRoot\system32\DRIVERS\netbios.sys
0xAA3D2000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xAA362000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF7887000 \SystemRoot\System32\Drivers\Fips.SYS
0xF7A8F000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xAA33C000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF7897000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF78A7000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xF78D7000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xAA25C000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7C3B000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xAA50E000 \SystemRoot\System32\drivers\Dxapi.sys
0xF7AB7000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7D7F000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF020000 \SystemRoot\System32\ialmdnt5.dll
0xBF012000 \SystemRoot\System32\ialmrnt5.dll
0xBF040000 \SystemRoot\System32\ialmdev5.DLL
0xBF065000 \SystemRoot\System32\ialmdd5.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xAA0F0000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA9DCF000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xA9D42000 \SystemRoot\system32\drivers\wdmaud.sys
0xA9EC4000 \SystemRoot\system32\drivers\sysaudio.sys
0xF7C49000 \SystemRoot\System32\Drivers\ASCTRM.SYS
0xA9AD1000 \SystemRoot\System32\Drivers\HTTP.sys
0xA9A01000 \SystemRoot\system32\DRIVERS\srv.sys
0xA936E000 \SystemRoot\system32\drivers\kmixer.sys
0xF798F000 \??\C:\DOCUME~1\Maureen\LOCALS~1\Temp\catchme.sys
0xF7BCF000 \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
0xF79B7000 \??\C:\DOCUME~1\Maureen\LOCALS~1\Temp\mbr.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 39):
0 System Idle Process
4 System
588 C:\WINDOWS\system32\smss.exe
648 csrss.exe
672 C:\WINDOWS\system32\winlogon.exe
716 C:\WINDOWS\system32\services.exe
728 C:\WINDOWS\system32\lsass.exe
884 C:\WINDOWS\system32\svchost.exe
960 svchost.exe
1052 C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
1092 C:\WINDOWS\system32\svchost.exe
1128 C:\WINDOWS\system32\svchost.exe
1344 svchost.exe
1404 svchost.exe
1536 C:\WINDOWS\system32\LEXBCES.EXE
1568 C:\WINDOWS\system32\spoolsv.exe
1616 C:\WINDOWS\system32\LEXPPS.EXE
1732 svchost.exe
168 C:\WINDOWS\system32\CTSVCCDA.EXE
636 C:\WINDOWS\system32\svchost.exe
1288 C:\Program Files\Canon\CAL\CALMAIN.exe
2104 alg.exe
2776 C:\WINDOWS\zHotkey.exe
2852 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
2872 C:\WINDOWS\SOUNDMAN.EXE
2896 C:\Program Files\Digital Media Reader\shwiconEM.exe
2924 C:\WINDOWS\ALCWZRD.EXE
2984 C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
3004 C:\Program Files\iTunes\iTunesHelper.exe
3008 C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
3020 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
3112 C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
3120 C:\Program Files\Microsoft Security Essentials\msseces.exe
3168 C:\WINDOWS\system32\ctfmon.exe
3196 C:\Program Files\iPod\bin\iPodService.exe
3256 C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
3000 C:\WINDOWS\explorer.exe
1200 C:\Program Files\Mozilla Firefox\firefox.exe
3880 C:\Documents and Settings\Maureen\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: WDCWD800BD-22JMA0, Rev: 05.01C05

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 732A4EBF970B34B37B9C2536D91BCD9FAE8C33DB

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

#10
brodigan

Posted 24 October 2010 - 11:47 AM

Member

Topic Starter
Member
73 posts

Rootrepeal Scan;

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2010/10/24 18:46
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: 1394BUS.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\1394BUS.SYS
Address: 0xF76E7000 Size: 57344 File Visible: - Signed: -
Status: -

Name: ACPI.sys
Image Path: ACPI.sys
Address: 0xF7678000 Size: 187776 File Visible: - Signed: -
Status: -

Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x804D7000 Size: 2260992 File Visible: - Signed: -
Status: -

Name: afd.sys
Image Path: C:\WINDOWS\System32\drivers\afd.sys
Address: 0xAA3FD000 Size: 138496 File Visible: - Signed: -
Status: -

Name: arp1394.sys
Image Path: C:\WINDOWS\system32\DRIVERS\arp1394.sys
Address: 0xF78A7000 Size: 60800 File Visible: - Signed: -
Status: -

Name: ASCTRM.SYS
Image Path: C:\WINDOWS\System32\Drivers\ASCTRM.SYS
Address: 0xF7C49000 Size: 7488 File Visible: - Signed: -
Status: -

Name: atapi.sys
Image Path: atapi.sys
Address: 0xF7630000 Size: 95360 File Visible: - Signed: -
Status: -

Name: ATMFD.DLL
Image Path: C:\WINDOWS\System32\ATMFD.DLL
Address: 0xBFFA0000 Size: 286720 File Visible: - Signed: -
Status: -

Name: audstub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\audstub.sys
Address: 0xF7D12000 Size: 3072 File Visible: - Signed: -
Status: -

Name: Beep.SYS
Image Path: C:\WINDOWS\System32\Drivers\Beep.SYS
Address: 0xF7C2D000 Size: 4224 File Visible: - Signed: -
Status: -

Name: BOOTVID.dll
Image Path: C:\WINDOWS\system32\BOOTVID.dll
Address: 0xF7AD7000 Size: 12288 File Visible: - Signed: -
Status: -

Name: catchme.sys
Image Path: C:\DOCUME~1\Maureen\LOCALS~1\Temp\catchme.sys
Address: 0xF798F000 Size: 31744 File Visible: No Signed: -
Status: -

Name: Cdfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Address: 0xF78D7000 Size: 63744 File Visible: - Signed: -
Status: -

Name: cdrom.sys
Image Path: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Address: 0xF7787000 Size: 62976 File Visible: - Signed: -
Status: -

Name: CLASSPNP.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Address: 0xF7727000 Size: 53248 File Visible: - Signed: -
Status: -

Name: disk.sys
Image Path: disk.sys
Address: 0xF7717000 Size: 36352 File Visible: - Signed: -
Status: -

Name: drmk.sys
Image Path: C:\WINDOWS\system32\drivers\drmk.sys
Address: 0xF7817000 Size: 61440 File Visible: - Signed: -
Status: -

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xAA25C000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7C3B000 Size: 8192 File Visible: No Signed: -
Status: -

Name: Dxapi.sys
Image Path: C:\WINDOWS\System32\drivers\Dxapi.sys
Address: 0xAA50E000 Size: 12288 File Visible: - Signed: -
Status: -

Name: dxg.sys
Image Path: C:\WINDOWS\System32\drivers\dxg.sys
Address: 0xBF000000 Size: 73728 File Visible: - Signed: -
Status: -

Name: dxgthk.sys
Image Path: C:\WINDOWS\System32\drivers\dxgthk.sys
Address: 0xF7D7F000 Size: 4096 File Visible: - Signed: -
Status: -

Name: e100b325.sys
Image Path: C:\WINDOWS\system32\DRIVERS\e100b325.sys
Address: 0xF7302000 Size: 154112 File Visible: - Signed: -
Status: -

Name: fdc.sys
Image Path: C:\WINDOWS\system32\DRIVERS\fdc.sys
Address: 0xF7A2F000 Size: 27392 File Visible: - Signed: -
Status: -

Name: Fips.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fips.SYS
Address: 0xF7887000 Size: 44544 File Visible: - Signed: -
Status: -

Name: fltmgr.sys
Image Path: fltmgr.sys
Address: 0xF7610000 Size: 129792 File Visible: - Signed: -
Status: -

Name: Fs_Rec.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Address: 0xF7C2B000 Size: 7936 File Visible: - Signed: -
Status: -

Name: ftdisk.sys
Image Path: ftdisk.sys
Address: 0xF7648000 Size: 125056 File Visible: - Signed: -
Status: -

Name: GEARAspiWDM.sys
Image Path: C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys
Address: 0xF7A3F000 Size: 28672 File Visible: - Signed: -
Status: -

Name: hal.dll
Image Path: C:\WINDOWS\system32\hal.dll
Address: 0x806FF000 Size: 134400 File Visible: - Signed: -
Status: -

Name: HDAudBus.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
Address: 0xF73CD000 Size: 147456 File Visible: - Signed: -
Status: -

Name: HIDPARSE.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
Address: 0xF7A6F000 Size: 28672 File Visible: - Signed: -
Status: -

Name: HTTP.sys
Image Path: C:\WINDOWS\System32\Drivers\HTTP.sys
Address: 0xA9AD1000 Size: 265728 File Visible: - Signed: -
Status: -

Name: i8042prt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\i8042prt.sys
Address: 0xF7757000 Size: 52480 File Visible: - Signed: -
Status: -

Name: ialmdd5.DLL
Image Path: C:\WINDOWS\System32\ialmdd5.DLL
Address: 0xBF065000 Size: 770048 File Visible: - Signed: -
Status: -

Name: ialmdev5.DLL
Image Path: C:\WINDOWS\System32\ialmdev5.DLL
Address: 0xBF040000 Size: 151552 File Visible: - Signed: -
Status: -

Name: ialmdnt5.dll
Image Path: C:\WINDOWS\System32\ialmdnt5.dll
Address: 0xBF020000 Size: 131072 File Visible: - Signed: -
Status: -

Name: ialmnt5.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
Address: 0xF7405000 Size: 730592 File Visible: - Signed: -
Status: -

Name: ialmrnt5.dll
Image Path: C:\WINDOWS\System32\ialmrnt5.dll
Address: 0xBF012000 Size: 57344 File Visible: - Signed: -
Status: -

Name: imapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\imapi.sys
Address: 0xF7777000 Size: 42112 File Visible: - Signed: -
Status: -

Name: intelide.sys
Image Path: intelide.sys
Address: 0xF7BCB000 Size: 5504 File Visible: - Signed: -
Status: -

Name: intelppm.sys
Image Path: C:\WINDOWS\system32\DRIVERS\intelppm.sys
Address: 0xF7927000 Size: 36352 File Visible: - Signed: -
Status: -

Name: ipnat.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipnat.sys
Address: 0xAA33C000 Size: 152832 File Visible: - Signed: -
Status: -

Name: ipsec.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Address: 0xAA4A0000 Size: 75264 File Visible: - Signed: -
Status: -

Name: isapnp.sys
Image Path: isapnp.sys
Address: 0xF76C7000 Size: 35840 File Visible: - Signed: -
Status: -

Name: kbdclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Address: 0xF7A1F000 Size: 24576 File Visible: - Signed: -
Status: -

Name: KDCOM.DLL
Image Path: C:\WINDOWS\system32\KDCOM.DLL
Address: 0xF7BC7000 Size: 8192 File Visible: - Signed: -
Status: -

Name: kmixer.sys
Image Path: C:\WINDOWS\system32\drivers\kmixer.sys
Address: 0xA936E000 Size: 172416 File Visible: - Signed: -
Status: -

Name: ks.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ks.sys
Address: 0xF72CB000 Size: 143360 File Visible: - Signed: -
Status: -

Name: KSecDD.sys
Image Path: KSecDD.sys
Address: 0xF75E7000 Size: 92928 File Visible: - Signed: -
Status: -

Name: mbr.sys
Image Path: C:\DOCUME~1\Maureen\LOCALS~1\Temp\mbr.sys
Address: 0xF79B7000 Size: 20864 File Visible: No Signed: -
Status: -

Name: mnmdd.SYS
Image Path: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Address: 0xF7C2F000 Size: 4224 File Visible: - Signed: -
Status: -

Name: Modem.SYS
Image Path: C:\WINDOWS\System32\Drivers\Modem.SYS
Address: 0xF7A17000 Size: 30080 File Visible: - Signed: -
Status: -

Name: MODEMCSA.sys
Image Path: C:\WINDOWS\system32\drivers\MODEMCSA.sys
Address: 0xF7B57000 Size: 16128 File Visible: - Signed: -
Status: -

Name: mouclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Address: 0xF7A27000 Size: 23040 File Visible: - Signed: -
Status: -

Name: MountMgr.sys
Image Path: MountMgr.sys
Address: 0xF76F7000 Size: 42368 File Visible: - Signed: -
Status: -

Name: MpFilter.sys
Image Path: C:\WINDOWS\system32\DRIVERS\MpFilter.sys
Address: 0xAA4D3000 Size: 143360 File Visible: - Signed: -
Status: -

Name: mrxdav.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Address: 0xA9DCF000 Size: 180608 File Visible: - Signed: -
Status: -

Name: mrxsmb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Address: 0xAA362000 Size: 455680 File Visible: - Signed: -
Status: -

Name: Msfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Msfs.SYS
Address: 0xF7A7F000 Size: 19072 File Visible: - Signed: -
Status: -

Name: msgpc.sys
Image Path: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Address: 0xF77D7000 Size: 35072 File Visible: - Signed: -
Status: -

Name: mssmbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Address: 0xF7BBF000 Size: 15488 File Visible: - Signed: -
Status: -

Name: Mtlmnt5.sys
Image Path: C:\WINDOWS\system32\DRIVERS\Mtlmnt5.sys
Address: 0xF7328000 Size: 126688 File Visible: - Signed: -
Status: -

Name: Mup.sys
Image Path: Mup.sys
Address: 0xF7500000 Size: 105344 File Visible: - Signed: -
Status: -

Name: NDIS.sys
Image Path: NDIS.sys
Address: 0xF751A000 Size: 182656 File Visible: - Signed: -
Status: -

Name: ndistapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Address: 0xF7BB7000 Size: 10112 File Visible: - Signed: -
Status: -

Name: ndisuio.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Address: 0xAA0F0000 Size: 14592 File Visible: - Signed: -
Status: -

Name: ndiswan.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Address: 0xF72B4000 Size: 91520 File Visible: - Signed: -
Status: -

Name: NDProxy.SYS
Image Path: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Address: 0xF7807000 Size: 40576 File Visible: - Signed: -
Status: -

Name: netbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbios.sys
Address: 0xF7877000 Size: 34688 File Visible: - Signed: -
Status: -

Name: netbt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbt.sys
Address: 0xAA41F000 Size: 162816 File Visible: - Signed: -
Status: -

Name: nic1394.sys
Image Path: C:\WINDOWS\system32\DRIVERS\nic1394.sys
Address: 0xF7937000 Size: 61824 File Visible: - Signed: -
Status: -

Name: Npfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Npfs.SYS
Address: 0xF7A87000 Size: 30848 File Visible: - Signed: -
Status: -

Name: Ntfs.sys
Image Path: Ntfs.sys
Address: 0xF7547000 Size: 574976 File Visible: - Signed: -
Status: -

Name: ntoskrnl.exe
Image Path: C:\WINDOWS\system32\ntoskrnl.exe
Address: 0x804D7000 Size: 2260992 File Visible: - Signed: -
Status: -

Name: Null.SYS
Image Path: C:\WINDOWS\System32\Drivers\Null.SYS
Address: 0xF7CD2000 Size: 2944 File Visible: - Signed: -
Status: -

Name: ohci1394.sys
Image Path: ohci1394.sys
Address: 0xF76D7000 Size: 61696 File Visible: - Signed: -
Status: -

Name: parport.sys
Image Path: C:\WINDOWS\system32\DRIVERS\parport.sys
Address: 0xF72EE000 Size: 80128 File Visible: - Signed: -
Status: -

Name: PartMgr.sys
Image Path: PartMgr.sys
Address: 0xF794F000 Size: 19712 File Visible: - Signed: -
Status: -

Name: pci.sys
Image Path: pci.sys
Address: 0xF7667000 Size: 68224 File Visible: - Signed: -
Status: -

Name: pciide.sys
Image Path: pciide.sys
Address: 0xF7C8F000 Size: 3328 File Visible: - Signed: -
Status: -

Name: PCIIDEX.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Address: 0xF7947000 Size: 28672 File Visible: - Signed: -
Status: -

Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x804D7000 Size: 2260992 File Visible: - Signed: -
Status: -

Name: portcls.sys
Image Path: C:\WINDOWS\system32\drivers\portcls.sys
Address: 0xAA51E000 Size: 135168 File Visible: - Signed: -
Status: -

Name: PROCEXP113.SYS
Image Path: C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
Address: 0xF7BCF000 Size: 7872 File Visible: No Signed: -
Status: -

Name: psched.sys
Image Path: C:\WINDOWS\system32\DRIVERS\psched.sys
Address: 0xF72A3000 Size: 69120 File Visible: - Signed: -
Status: -

Name: ptilink.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Address: 0xF7A4F000 Size: 17792 File Visible: - Signed: -
Status: -

Name: rasacd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Address: 0xF7B97000 Size: 8832 File Visible: - Signed: -
Status: -

Name: rasl2tp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Address: 0xF77A7000 Size: 51328 File Visible: - Signed: -
Status: -

Name: raspppoe.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Address: 0xF77B7000 Size: 41472 File Visible: - Signed: -
Status: -

Name: raspptp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Address: 0xF77C7000 Size: 48384 File Visible: - Signed: -
Status: -

Name: raspti.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspti.sys
Address: 0xF7A57000 Size: 16512 File Visible: - Signed: -
Status: -

Name: RAW
Image Path: \FileSystem\RAW
Address: 0x804D7000 Size: 2260992 File Visible: - Signed: -
Status: -

Name: rdbss.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Address: 0xAA3D2000 Size: 175744 File Visible: - Signed: -
Status: -

Name: RDPCDD.sys
Image Path: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Address: 0xF7C31000 Size: 4224 File Visible: - Signed: -
Status: -

Name: RecAgent.sys
Image Path: RecAgent.sys
Address: 0xF7ADB000 Size: 13760 File Visible: - Signed: -
Status: -

Name: redbook.sys
Image Path: C:\WINDOWS\system32\DRIVERS\redbook.sys
Address: 0xF7797000 Size: 57600 File Visible: - Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA9889000 Size: 49152 File Visible: No Signed: -
Status: -

Name: RtkHDAud.sys
Image Path: C:\WINDOWS\system32\drivers\RtkHDAud.sys
Address: 0xAA53F000 Size: 2185408 File Visible: - Signed: -
Status: -

Name: serenum.sys
Image Path: C:\WINDOWS\system32\DRIVERS\serenum.sys
Address: 0xF7BAF000 Size: 15744 File Visible: - Signed: -
Status: -

Name: serial.sys
Image Path: C:\WINDOWS\system32\DRIVERS\serial.sys
Address: 0xF7767000 Size: 64512 File Visible: - Signed: -
Status: -

Name: slntamr.sys
Image Path: C:\WINDOWS\system32\DRIVERS\slntamr.sys
Address: 0xF7347000 Size: 404864 File Visible: - Signed: -
Status: -

Name: SlWdmSup.sys
Image Path: C:\WINDOWS\system32\DRIVERS\SlWdmSup.sys
Address: 0xF7BA3000 Size: 13152 File Visible: - Signed: -
Status: -

Name: sr.sys
Image Path: sr.sys
Address: 0xF75FE000 Size: 73472 File Visible: - Signed: -
Status: -

Name: srv.sys
Image Path: C:\WINDOWS\system32\DRIVERS\srv.sys
Address: 0xA9A01000 Size: 357248 File Visible: - Signed: -
Status: -

Name: sunkfilt.sys
Image Path: C:\WINDOWS\System32\Drivers\sunkfilt.sys
Address: 0xF7A5F000 Size: 26976 File Visible: - Signed: -
Status: -

Name: swenum.sys
Image Path: C:\WINDOWS\system32\DRIVERS\swenum.sys
Address: 0xF7BE5000 Size: 4352 File Visible: - Signed: -
Status: -

Name: sysaudio.sys
Image Path: C:\WINDOWS\system32\drivers\sysaudio.sys
Address: 0xA9EC4000 Size: 60800 File Visible: - Signed: -
Status: -

Name: tcpip.sys
Image Path: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Address: 0xAA447000 Size: 361600 File Visible: - Signed: -
Status: -

Name: TDI.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\TDI.SYS
Address: 0xF7A47000 Size: 20480 File Visible: - Signed: -
Status: -

Name: termdd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\termdd.sys
Address: 0xF77E7000 Size: 40704 File Visible: - Signed: -
Status: -

Name: update.sys
Image Path: C:\WINDOWS\system32\DRIVERS\update.sys
Address: 0xF71A5000 Size: 384768 File Visible: - Signed: -
Status: -

Name: USBD.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Address: 0xF7BEB000 Size: 8192 File Visible: - Signed: -
Status: -

Name: usbehci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Address: 0xF7A0F000 Size: 30208 File Visible: - Signed: -
Status: -

Name: usbhub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Address: 0xF7827000 Size: 57600 File Visible: - Signed: -
Status: -

Name: USBPORT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Address: 0xF73AA000 Size: 143360 File Visible: - Signed: -
Status: -

Name: USBSTOR.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
Address: 0xF7A8F000 Size: 26368 File Visible: - Signed: -
Status: -

Name: usbuhci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Address: 0xF7A07000 Size: 20480 File Visible: - Signed: -
Status: -

Name: vga.sys
Image Path: C:\WINDOWS\System32\drivers\vga.sys
Address: 0xF7A77000 Size: 20992 File Visible: - Signed: -
Status: -

Name: VIDEOPRT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Address: 0xF73F1000 Size: 81920 File Visible: - Signed: -
Status: -

Name: VolSnap.sys
Image Path: VolSnap.sys
Address: 0xF7707000 Size: 52352 File Visible: - Signed: -
Status: -

Name: wanarp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Address: 0xF7897000 Size: 34560 File Visible: - Signed: -
Status: -

Name: watchdog.sys
Image Path: C:\WINDOWS\System32\watchdog.sys
Address: 0xF7AB7000 Size: 20480 File Visible: - Signed: -
Status: -

Name: wdmaud.sys
Image Path: C:\WINDOWS\system32\drivers\wdmaud.sys
Address: 0xA9D42000 Size: 83072 File Visible: - Signed: -
Status: -

Name: Win32k
Image Path: \Driver\Win32k
Address: 0xBF800000 Size: 1855488 File Visible: - Signed: -
Status: -

Name: win32k.sys
Image Path: C:\WINDOWS\System32\win32k.sys
Address: 0xBF800000 Size: 1855488 File Visible: - Signed: -
Status: -

Name: WMILIB.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\WMILIB.SYS
Address: 0xF7BC9000 Size: 8192 File Visible: - Signed: -
Status: -

Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x804D7000 Size: 2260992 File Visible: - Signed: -
Status: -

Name: WudfPf.sys
Image Path: WudfPf.sys
Address: 0xF75D4000 Size: 77568 File Visible: - Signed: -
Status: -

#11
brodigan

Posted 24 October 2010 - 11:53 AM

Member

Topic Starter
Member
73 posts

TDSSKiller Scan;

2010/10/24 18:50:49.0031 TDSS rootkit removing tool 2.4.4.0 Oct 4 2010 09:06:59
2010/10/24 18:50:49.0031 ================================================================================
2010/10/24 18:50:49.0031 SystemInfo:
2010/10/24 18:50:49.0031
2010/10/24 18:50:49.0031 OS Version: 5.1.2600 ServicePack: 3.0
2010/10/24 18:50:49.0031 Product type: Workstation
2010/10/24 18:50:49.0031 ComputerName: YOUR-E641889C92
2010/10/24 18:50:49.0031 UserName: Maureen
2010/10/24 18:50:49.0031 Windows directory: C:\WINDOWS
2010/10/24 18:50:49.0031 System windows directory: C:\WINDOWS
2010/10/24 18:50:49.0031 Processor architecture: Intel x86
2010/10/24 18:50:49.0031 Number of processors: 1
2010/10/24 18:50:49.0031 Page size: 0x1000
2010/10/24 18:50:49.0031 Boot type: Normal boot
2010/10/24 18:50:49.0031 ================================================================================
2010/10/24 18:50:49.0781 Initialize success
2010/10/24 18:51:04.0953 ================================================================================
2010/10/24 18:51:04.0953 Scan started
2010/10/24 18:51:04.0953 Mode: Manual;
2010/10/24 18:51:04.0953 ================================================================================
2010/10/24 18:51:05.0625 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/10/24 18:51:05.0843 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/10/24 18:51:06.0218 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/10/24 18:51:06.0437 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/10/24 18:51:07.0484 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/10/24 18:51:08.0171 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
2010/10/24 18:51:08.0437 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/10/24 18:51:08.0640 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/10/24 18:51:09.0000 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/10/24 18:51:09.0218 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/10/24 18:51:09.0437 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/10/24 18:51:09.0812 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/10/24 18:51:10.0171 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/10/24 18:51:10.0359 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/10/24 18:51:10.0562 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/10/24 18:51:11.0531 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/10/24 18:51:11.0750 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/10/24 18:51:11.0968 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/10/24 18:51:12.0171 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/10/24 18:51:12.0390 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2010/10/24 18:51:12.0796 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/10/24 18:51:12.0984 E100B (7d91dc6342248369f94d6eba0cf42e99) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2010/10/24 18:51:13.0234 ENUM1394 (80d1b490b60e74e002dc116ec5d41748) C:\WINDOWS\system32\DRIVERS\enum1394.sys
2010/10/24 18:51:13.0453 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/10/24 18:51:13.0671 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/10/24 18:51:13.0875 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/10/24 18:51:14.0109 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/10/24 18:51:14.0328 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/10/24 18:51:14.0546 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/10/24 18:51:14.0765 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/10/24 18:51:14.0968 GEARAspiWDM (8c18f85edd5d47f34068f3efd5689fa9) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2010/10/24 18:51:15.0187 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/10/24 18:51:15.0359 HdAudAddService (160b24fd894e79e71c983ea403a6e6e7) C:\WINDOWS\system32\drivers\HdAudio.sys
2010/10/24 18:51:15.0546 HDAudBus (4f11912e3b579013be7b1628791ebbcd) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/10/24 18:51:15.0796 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/10/24 18:51:16.0203 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/10/24 18:51:16.0765 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/10/24 18:51:16.0968 ialm (2858e04751178a47223e0c5ce495478a) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2010/10/24 18:51:17.0296 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/10/24 18:51:17.0718 IntcAzAudAddService (6a00e322875e3b3a074ad6d45e7b7e36) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2010/10/24 18:51:18.0062 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/10/24 18:51:18.0250 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/10/24 18:51:18.0453 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/10/24 18:51:18.0640 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/10/24 18:51:18.0859 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/10/24 18:51:19.0062 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/10/24 18:51:19.0296 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/10/24 18:51:19.0500 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/10/24 18:51:19.0703 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/10/24 18:51:19.0906 Jukebox3 (c08c6dcbcffea9a92b25622b5ea153ac) C:\WINDOWS\system32\DRIVERS\ctpdusb.sys
2010/10/24 18:51:20.0140 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/10/24 18:51:20.0343 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/10/24 18:51:20.0562 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/10/24 18:51:20.0828 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/10/24 18:51:21.0281 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/10/24 18:51:21.0484 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/10/24 18:51:21.0687 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2010/10/24 18:51:21.0890 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/10/24 18:51:22.0093 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/10/24 18:51:22.0343 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/10/24 18:51:22.0546 MpFilter (c98301ad8173a2235a9ab828955c32bb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
2010/10/24 18:51:22.0953 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/10/24 18:51:23.0171 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/10/24 18:51:23.0437 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/10/24 18:51:23.0640 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/10/24 18:51:23.0812 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/10/24 18:51:24.0000 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/10/24 18:51:24.0203 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/10/24 18:51:24.0406 Mtlmnt5 (1216d4313e1860da4bc449ae3ca2dec5) C:\WINDOWS\system32\DRIVERS\Mtlmnt5.sys
2010/10/24 18:51:24.0656 Mtlstrm (130992c33bc9161b17211793dafc95be) C:\WINDOWS\system32\DRIVERS\Mtlstrm.sys
2010/10/24 18:51:25.0078 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/10/24 18:51:25.0296 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/10/24 18:51:25.0500 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/10/24 18:51:25.0703 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/10/24 18:51:25.0921 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/10/24 18:51:26.0125 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/10/24 18:51:26.0343 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/10/24 18:51:26.0546 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/10/24 18:51:26.0781 NETMDUSB (986acdece933131288f1957dc359865f) C:\WINDOWS\system32\Drivers\NETMDUSB.sys
2010/10/24 18:51:27.0015 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/10/24 18:51:27.0234 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/10/24 18:51:27.0468 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/10/24 18:51:27.0687 NtMtlFax (1b073810ee2270cac9e532d1bcd826cf) C:\WINDOWS\system32\DRIVERS\NtMtlFax.sys
2010/10/24 18:51:27.0937 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/10/24 18:51:28.0140 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/10/24 18:51:28.0343 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/10/24 18:51:28.0562 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/10/24 18:51:28.0796 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/10/24 18:51:29.0000 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/10/24 18:51:29.0203 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/10/24 18:51:29.0406 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/10/24 18:51:29.0765 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/10/24 18:51:29.0968 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/10/24 18:51:31.0203 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/10/24 18:51:31.0421 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/10/24 18:51:31.0625 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/10/24 18:51:32.0656 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/10/24 18:51:32.0875 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/10/24 18:51:33.0093 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/10/24 18:51:33.0296 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/10/24 18:51:33.0515 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/10/24 18:51:33.0718 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/10/24 18:51:33.0937 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/10/24 18:51:34.0140 RecAgent (822bf566b72cae7ca1d93b69bd706075) C:\WINDOWS\system32\DRIVERS\RecAgent.sys
2010/10/24 18:51:34.0406 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/10/24 18:51:34.0656 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/10/24 18:51:34.0890 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/10/24 18:51:35.0109 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/10/24 18:51:35.0359 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/10/24 18:51:35.0765 Slntamr (6f09397beb4cc95a2466e8780f2d4587) C:\WINDOWS\system32\DRIVERS\slntamr.sys
2010/10/24 18:51:36.0031 SlNtHal (daa2b185b94d955fd8ebbf163418b7a7) C:\WINDOWS\system32\DRIVERS\Slnthal.sys
2010/10/24 18:51:36.0296 SlWdmSup (97d37e0af55256bf7307805654dfd472) C:\WINDOWS\system32\DRIVERS\SlWdmSup.sys
2010/10/24 18:51:36.0718 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/10/24 18:51:36.0937 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/10/24 18:51:37.0171 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/10/24 18:51:37.0437 SunkFilt (d8cbd8b4bf4dc9cd64b5cc8e2bec1b96) C:\WINDOWS\System32\Drivers\sunkfilt.sys
2010/10/24 18:51:37.0656 SunkFilt39 (fabcc3bec89a2853958cefb28943c470) C:\WINDOWS\System32\Drivers\sunkfilt39.sys
2010/10/24 18:51:37.0921 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/10/24 18:51:38.0125 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2010/10/24 18:51:39.0000 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/10/24 18:51:39.0234 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/10/24 18:51:39.0437 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/10/24 18:51:39.0640 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/10/24 18:51:39.0843 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/10/24 18:51:40.0250 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/10/24 18:51:40.0625 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/10/24 18:51:40.0859 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/10/24 18:51:41.0062 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/10/24 18:51:41.0281 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/10/24 18:51:41.0484 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/10/24 18:51:41.0687 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/10/24 18:51:41.0906 usbser (49106ee29074e6a3d3ac9e24c6d791d8) C:\WINDOWS\system32\DRIVERS\usbser.sys
2010/10/24 18:51:42.0078 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/10/24 18:51:42.0265 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/10/24 18:51:42.0453 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/10/24 18:51:42.0828 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/10/24 18:51:43.0078 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/10/24 18:51:43.0609 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/10/24 18:51:43.0921 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
2010/10/24 18:51:44.0187 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/10/24 18:51:44.0390 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/10/24 18:51:44.0656 ================================================================================
2010/10/24 18:51:44.0656 Scan finished
2010/10/24 18:51:44.0656 ================================================================================
2010/10/24 18:51:57.0500 Deinitialize success

#12
brodigan

Posted 24 October 2010 - 11:57 AM

Member

Topic Starter
Member
73 posts

Hi Ron,

All scans so far completed.
Flash Disinfector also downloaded.

I await your further instruction.

Thanks.

#13
RKinner

Posted 24 October 2010 - 12:07 PM

Malware Expert

Expert
24,625 posts

The only thing I see in the logs now is that MBRCheck is not happy with the mbr. What make and model PC is this?

1. Is your system running better now? You should be able to get Microsoft Updates now. In Internet Explorer, select Safety, then Windows Updates.
Are you able to get there? If so do the Express check for updates and let it install anything it thinks you need.

2. Start, All Programs, Accessories, Command Prompt. Type:


cd  \windows

mbr

notepad  mbr.txt

NOTE: I use 2 spaces in the code box so you can see where one space goes.

Copy and paste the text from notepad.

3. Bitdefender quickscan.

http://quickscan.bitdefender.com/

When it finishes there is a report option. Click on it and copy and paste the report (even if it says nothing found).

4. 1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.

Start, Run, eventvwr.msc, OK to bring up the Event Viewer. (In Vista, next select Windows Logs) Right click on System and Clear Log, No (we don't want to save the old log), OK. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.

Start, Run, sfc /scannow, OK

SPACE after sfc. This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.

Start, Run, sigverif, OK

Press Start. This will check your drivers. If you just get a few when it finishes tell me what they are. If you get a lot just look for those with newish dates (since about the time the problem started.)

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning

Then use the 'Number of events' as follows:

1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.

Please post the Output log in your next reply then repeat but select Application.

Ron

#14
brodigan

Posted 24 October 2010 - 01:13 PM

Member

Topic Starter
Member
73 posts

Hi Ron,

1.The Pc is an emachines 3240.
The system seems to be running better now. It's seems more responsive.
I was able to access the express updates but none were needed for the computer.

2. The Start, All programs, accessories, command prompt. Type....... produces an empty log.

3. Bitdefender quickscan;

QuickScan Beta 32-bit v0.9.9.41
-------------------------------
Scan date: Sun Oct 24 20:02:36 2010
Machine ID: 7C95E0BE

No infection found.
-------------------

Processes
---------
ALCWZRD 172 C:\WINDOWS\ALCWZRD.EXE
Button Manager Executable 160 C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
Button Monitor Executable 256 C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
Canon Camera Access Library 8 1840 C:\Program Files\Canon\CAL\CALMAIN.exe
Creative Service for CDROM Access 508 C:\WINDOWS\system32\CTSVCCDA.EXE
Cyber-shot Viewer 328 C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
Firefox 300 C:\Program Files\Mozilla Firefox\firefox.exe
GrooveMonitor Utility 204 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
iTunes 2524 C:\Program Files\iPod\bin\iPodService.exe
iTunes 192 C:\Program Files\iTunes\iTunesHelper.exe
Java™ Platform SE 6 U6 236 C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
MarkVision for Windows (32 bit) 1548 C:\WINDOWS\system32\LEXBCES.EXE
MarkVision for Windows (32 bit) 1612 C:\WINDOWS\system32\LEXPPS.EXE
Microsoft Malware Protection 3808 C:\Program Files\Microsoft Security Essentials\MpCmdRun.exe
Microsoft Malware Protection 1056 C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
Microsoft Security Essentials 244 C:\Program Files\Microsoft Security Essentials\msseces.exe
Microsoft® Windows® Operating System 1872 C:\WINDOWS\explorer.exe
Microsoft® Windows® Operating System 2704 C:\WINDOWS\system32\alg.exe
Microsoft® Windows® Operating System 644 C:\WINDOWS\system32\csrss.exe
Microsoft® Windows® Operating System 3764 C:\WINDOWS\system32\ctfmon.exe
Microsoft® Windows® Operating System 728 C:\WINDOWS\system32\lsass.exe
Microsoft® Windows® Operating System 716 C:\WINDOWS\system32\services.exe
Microsoft® Windows® Operating System 588 C:\WINDOWS\system32\smss.exe
Microsoft® Windows® Operating System 1576 C:\WINDOWS\system32\spoolsv.exe
Microsoft® Windows® Operating System 1128 C:\WINDOWS\system32\svchost.exe
Microsoft® Windows® Operating System 1344 C:\WINDOWS\system32\svchost.exe
Microsoft® Windows® Operating System 1408 C:\WINDOWS\system32\svchost.exe
Microsoft® Windows® Operating System 408 C:\WINDOWS\system32\svchost.exe
Microsoft® Windows® Operating System 884 C:\WINDOWS\system32\svchost.exe
Microsoft® Windows® Operating System 960 C:\WINDOWS\system32\svchost.exe
Microsoft® Windows® Operating System 996 C:\WINDOWS\system32\svchost.exe
Microsoft® Windows® Operating System 1092 C:\WINDOWS\system32\svchost.exe
Microsoft® Windows® Operating System 668 C:\WINDOWS\system32\winlogon.exe
Modem 624 C:\WINDOWS\system32\slserv.exe
Multimedia Card Reader 164 C:\Program Files\Digital Media Reader\shwiconEM.exe
Multimedia Keyboard Driver 2032 C:\WINDOWS\zHotkey.exe
PowerDVD 124 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
Realtek HD Sound Manager 152 C:\WINDOWS\SOUNDMAN.EXE
Windows® Internet Explorer 3500 C:\Program Files\Internet Explorer\iexplore.exe
Windows® Internet Explorer 3800 C:\Program Files\Internet Explorer\iexplore.exe

Network activity
----------------
Process firefox.exe (300) connected on port 80 (HTTP) --> 209.85.227.139
Process firefox.exe (300) connected on port 80 (HTTP) --> 74.125.79.101
Process firefox.exe (300) connected on port 80 (HTTP) --> 66.220.153.15
Process firefox.exe (300) connected on port 80 (HTTP) --> 173.194.6.74
Process firefox.exe (300) connected on port 80 (HTTP) --> 95.101.197.115
Process MpCmdRun.exe (3808) connected on port 443 (HTTP over SSL) --> 65.55.94.222

Process svchost.exe (960) listens on ports: 135 (RPC)
Process LEXPPS.EXE (1612) listens on ports: 1025 (RPC)

Autoruns and critical files
---------------------------
Adobe Acrobat C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
Ahead Software Gmbh NeroCheck C:\WINDOWS\system32\NeroCheck.exe
ALCWZRD C:\WINDOWS\ALCWZRD.EXE
Apple Software Update C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Button Manager Executable C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
Cyber-shot Viewer C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
Google Update C:\Documents and Settings\David\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
GrooveMonitor Utility C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
GrooveShellExtensions Module C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
Intel® Common User Interface C:\WINDOWS\system32\igfxsrvc.dll
Intel® Common User Interface C:\WINDOWS\system32\igfxtray.exe
iTunes C:\Program Files\iTunes\iTunesHelper.exe
Java™ Platform SE 6 U6 C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
Microsoft Malware Protection C:\Program Files\Microsoft Security Essentials\MpCmdRun.exe
Microsoft Security Essentials C:\Program Files\Microsoft Security Essentials\msseces.exe
Microsoft® MSN Money Deluxe C:\Program Files\Microsoft Money\System\mnyexpr.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\browseui.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\crypt32.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\cscdll.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\ctfmon.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\dimsntfy.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\HDAudPropShortcut.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\logonui.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\sclgntfy.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\shell32.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\stobject.dll
Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\wlnotify.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\WPDShServiceObj.dll
Multimedia Card Reader C:\Program Files\Digital Media Reader\shwiconEM.exe
Multimedia Keyboard Driver C:\WINDOWS\zHotkey.exe
PowerDVD C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
QuickTime C:\Program Files\QuickTime\qttask.exe
Realtek HD Sound Manager C:\WINDOWS\SOUNDMAN.EXE
ShowWnd.exe C:\WINDOWS\ShowWnd.exe
Windows® Internet Explorer C:\WINDOWS\system32\webcheck.dll

Browser plugins
---------------
Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll
BitDefender QuickScan C:\Documents and Settings\Maureen\Application Data\Mozilla\Firefox\Profiles\c08hsf6b.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
BitDefender QuickScan C:\Documents and Settings\Maureen\Application Data\Mozilla\Firefox\Profiles\c08hsf6b.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
GrooveShellExtensions Module C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
Java™ Platform SE 6 U6 C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
Messenger C:\Program Files\Messenger\msmsgs.exe
MetaStream 3 Plugin C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
Microsoft® Windows Live Login Helper C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
Microsoft® Windows® Operating System C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\mswsock.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\winrnr.dll
Mozilla Default Plug-in C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
NPSWF32.dll C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
QuickTime Plug-in 7.1.3 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
QuickTime Plug-in 7.1.3 C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
SDHelper.dll C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
Windows Presentation Foundation c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
Windows® Internet Explorer C:\WINDOWS\system32\ieframe.dll

Missing files
-------------
File not found: C:\DOCUME~1\Maureen\LOCALS~1\Temp\catchme.sys
--> HKLM\System\ControlSet001\services\catchme\"ImagePath"

File not found: C:\DOCUME~1\Maureen\LOCALS~1\Temp\mbr.sys
--> HKLM\System\ControlSet001\services\mbr\"ImagePath"

File not found: C:\WINDOWS\System32\appmgmts.dll
--> HKLM\System\ControlSet001\services\AppMgmt\Parameters\"ServiceDll"

File not found: system32\DRIVERS\wanatw4.sys
--> HKLM\System\ControlSet001\services\wanatw\"ImagePath"

Scan
----

No file uploaded.

Scan finished - communication took 1 sec
Total traffic - 0.02 MB sent, 0.64 KB recvd
Scanned 713 files and modules - 94 seconds

==============================================================================

#15
RKinner

Posted 24 October 2010 - 01:44 PM

Malware Expert

Expert
24,625 posts

emachines and mbrcheck don't seem to get along too well. I have one myself and it says the mbr is faked.

But let's try mbr again.

Download mbr.exe from

http://www2.gmer.net/mbr/mbr.exe

Save it to your desktop then run it. It should create a log mbr.txt. Please open it and copy and paste the text into a reply.

Try GMER again. Please UNCHECK the following: (see image below)

* Sections
* IAT/EAT
* Devices
* Drives/Partition other than Systemdrive (typically C:\)
* Show All

Ron