Jump to content

fdn3180

Members
 View Profile  See their activity

  • Posts

    20

  • Joined

  • Last visited

 Content Type 

Everything posted by fdn3180

  1. fdn3180
    I just reformatted the system. After an AVG Scan no threats were found and I am able to connect to the internet. Thanks for your help.
  2. fdn3180
    No change in the status of the network connections. The DHCP service is not running and won't start.
  3. fdn3180
    Ok, ignore the last error. Here is the log file. All processes killed ========== OTL ========== Error: No service named 0083921321658316mcinstcleanup) McAfee Application Installer Cleanup (0083921321658316 was found to stop! Service\Driver key 0083921321658316mcinstcleanup) McAfee Application Installer Cleanup (0083921321658316 not found. File File not found not found. C:\Documents and Settings\Administrator\Application Data\334df692 moved successfully. C:\Documents and Settings\Administrator\Application Data\4c4d8e68 moved successfully. C:\Documents and Settings\Administrator\Application Data\5be8066d moved successfully. C:\Documents and Settings\Administrator\Application Data\bb35f992 moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 671343 bytes ->Temporary Internet Files folder emptied: 330687 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 42686186 bytes ->Google Chrome cache emptied: 337060443 bytes ->Flash cache emptied: 3089316 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes ->Flash cache emptied: 56468 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes ->Java cache emptied: 14 bytes ->Flash cache emptied: 9199 bytes User: LogMeInRemoteUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 8945798 bytes ->Java cache emptied: 13 bytes ->Flash cache emptied: 19976 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 3770897 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 483 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 32959 bytes Total Files Cleaned = 378.00 mb Restore points cleared and new OTL Restore Point set! Error starting restore point: System Restore is disabled. Error closing restore point: System Restore is disabled. OTL by OldTimer - Version 3.2.31.0 log created on 11292011_105735 Files\Folders moved on Reboot... Registry entries deleted on Reboot...
  4. fdn3180
    I just ran this and it messed with the files that launch windows. OTL told me it needed to reboot, now I get "Bad command or file name" 3x followed by the C:\> dos prompt when trying to boot into windows.
  5. fdn3180
    OTL logfile created on: 11/29/2011 8:23:18 AM - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Administrator\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.87 Gb Total Physical Memory | 1.46 Gb Available Physical Memory | 78.14% Memory free 3.59 Gb Paging File | 3.22 Gb Available in Paging File | 89.48% Paging File free Paging file location(s): C:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 139.49 Gb Total Space | 118.62 Gb Free Space | 85.04% Space Free | Partition Type: NTFS Drive D: | 9.55 Gb Total Space | 0.83 Gb Free Space | 8.71% Space Free | Partition Type: NTFS Computer Name: S0810-1 | User Name: Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\AVG\AVG2012\avgnsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG2012\avgcsrvx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) PRC - C:\Program Files\AVG\AVG2012\avgrsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\LogMeIn\x86\ramaint.exe (LogMeIn, Inc.) PRC - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.) PRC - C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.) PRC - C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.) PRC - C:\BizCover\BizCover.exe () PRC - C:\windows\explorer.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\BizCover\BizCover.exe () ========== Win32 Services (SafeList) ========== SRV - (HidServ) -- File not found SRV - (gupdatem) Google Update Service (gupdatem) -- File not found SRV - (gupdate) Google Update Service (gupdate) -- File not found SRV - (0083921321658316mcinstcleanup) McAfee Application Installer Cleanup (0083921321658316) -- File not found SRV - (avgwd) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (PSI_SVC_2) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.) SRV - (LMIMaint) -- C:\Program Files\LogMeIn\x86\RaMaint.exe (LogMeIn, Inc.) SRV - (LMIGuardianSvc) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.) SRV - (LogMeIn) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.) ========== Driver Services (SafeList) ========== DRV - (Avgldx86) -- C:\windows\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.) DRV - (LMIRfsClientNP) -- C:\WINDOWS\System32\LMIRfsClientNP.dll (LogMeIn, Inc.) DRV - (AVGIDSShim) -- C:\windows\system32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. ) DRV - (Avgrkx86) -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.) DRV - (Avgmfx86) -- C:\windows\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.) DRV - (AVGIDSFilter) -- C:\windows\system32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. ) DRV - (AVGIDSDriver) -- C:\windows\system32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. ) DRV - (Avgtdix) -- C:\windows\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.) DRV - (AVGIDSEH) -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. ) DRV - (LMIRfsDriver) -- C:\windows\system32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.) DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\windows\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (RTLE8023xp) -- C:\windows\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation ) DRV - (mfetdik) -- C:\windows\system32\drivers\mfetdik.sys (McAfee, Inc.) DRV - (mfehidk) -- C:\windows\system32\drivers\mfehidk.sys (McAfee, Inc.) DRV - (MfeAVFK) -- C:\windows\system32\drivers\mfeavfk.sys (McAfee, Inc.) DRV - (MfeBOPK) -- C:\windows\system32\drivers\mfebopk.sys (McAfee, Inc.) DRV - (MfeRKDK) -- C:\windows\system32\drivers\mferkdk.sys (McAfee, Inc.) DRV - (PCAlertDriver) -- C:\BizCover\NTGLM7X.sys (MICRO-STAR INT'L CO., LTD.) DRV - (iAimFP4) -- C:\windows\system32\drivers\wVchNTxx.sys (Intel® Corporation) DRV - (iAimFP3) -- C:\windows\system32\drivers\wSiINTxx.sys (Intel® Corporation) DRV - (iAimTV3) -- C:\windows\system32\drivers\wATV04nt.sys (Intel® Corporation) DRV - (iAimTV0) -- C:\windows\system32\drivers\wATV01nt.sys (Intel® Corporation) DRV - (iAimTV5) -- C:\windows\system32\drivers\wATV10nt.sys (Intel® Corporation) DRV - (iAimTV4) -- C:\windows\system32\drivers\wCh7xxNT.sys (Intel® Corporation) DRV - (iAimTV6) -- C:\windows\system32\drivers\wATV06nt.sys (Intel® Corporation) DRV - (iAimTV1) -- C:\windows\system32\drivers\wATV02NT.sys (Intel® Corporation) DRV - (i81x) -- C:\windows\system32\drivers\i81xnt5.sys (Intel® Corporation) DRV - (iAimFP0) -- C:\windows\system32\drivers\wADV01nt.sys (Intel® Corporation) DRV - (iAimFP1) -- C:\windows\system32\drivers\wADV02NT.sys (Intel® Corporation) DRV - (iAimFP7) -- C:\windows\system32\drivers\wADV09NT.sys (Intel® Corporation) DRV - (iAimFP5) -- C:\windows\system32\drivers\wADV07nt.sys (Intel® Corporation) DRV - (iAimFP2) -- C:\windows\system32\drivers\wADV05NT.sys (Intel® Corporation) DRV - (iAimFP6) -- C:\windows\system32\drivers\wADV08NT.sys (Intel® Corporation) DRV - (regi) -- C:\windows\system32\drivers\regi.sys (InterVideo) DRV - (Symmpi) -- C:\WINDOWS\system32\DRIVERS\symmpi.sys (LSI Logic) ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCOM/1 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://208.6.28.109/QQEST/LOGIN/LOGIN.ASP?country=us&rg=d93fe3d6-4a8d-43a1-90b0-bdc170414dcc IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = BC 8B A0 0F 6F 81 73 4C 93 72 23 BE 6E 5D 8F E6 [binary data] IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\windows\system32\ieframe.dll (Microsoft Corporation) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.order.1: "Yahoo" FF - prefs.js..browser.search.order.2: "" FF - prefs.js..browser.search.param.yahoo-fr: "w3i&type=W3i_DS,157,0_0,Search,20111044,6902,0,22,0" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "google.com" FF - prefs.js..keyword.URL: "http://www.bing.com/search?pc=Z125&form=ZGAADF&install_date=20111023&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Administrator\Application Data\Move Networks\plugins\npqmp071706000001.dll (Move Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Administrator\Application Data\Move Networks\plugins\npqmp071706000001.dll (Move Networks) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2011/08/08 11:06:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010/05/20 02:41:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011/11/17 09:16:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Virtual Firefox\components [2011/11/09 07:40:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Virtual Firefox\plugins [2011/10/06 08:00:45 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Documents and Settings\Administrator\Application Data\Move Networks [2011/08/30 08:23:40 | 000,000,000 | ---D | M] [2011/08/08 13:12:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions [2011/11/18 10:16:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uejjz7sd.default\extensions [2011/09/16 12:56:42 | 000,003,849 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uejjz7sd.default\searchplugins\avg-secure-search.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\15.0.874.120\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Java Platform SE 6 U13 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll CHR - plugin: Java Platform SE 6 U13 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll CHR - plugin: Chrome NaCl (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\15.0.874.120\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\15.0.874.120\pdf.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: Angry Birds v2.0 = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ijiinfdbjfjmdjokbjfleoandapbnabh\2.3_0\ CHR - Extension: AVG Safe Search = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1857_0\ O1 HOSTS File: ([2011/11/25 11:07:05 | 000,000,027 | ---- | M]) - C:\windows\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.) O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found. O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\windows\system32\browseui.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [bizCover] C:\BizCover\StartBizCover.exe (TODO: <Company name>) O4 - HKLM..\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe (Intel Corporation) O4 - HKLM..\Run: [HPUsageTracking] C:\Program Files\HP\HP UT\bin\hppusg.exe () O4 - HKLM..\Run: [igfxTray] C:\windows\system32\igfxtray.exe (Intel Corporation) O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.) O4 - HKLM..\Run: [Persistence] C:\windows\system32\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [setRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe (Hewlett-Packard Company) O4 - HKCU..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\windows\system32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\windows\system32\winrnr.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\windows\system32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\windows\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\windows\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\windows\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\windows\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\windows\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\windows\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\windows\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\windows\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\windows\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\windows\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\windows\system32\mswsock.dll (Microsoft Corporation) O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //FWEvent.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites) O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\windows\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\windows\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\windows\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\windows\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\windows\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\windows\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\windows\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\windows\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\windows\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\windows\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\windows\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\windows\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\windows\system32\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\windows\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\windows\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\windows\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\windows\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\windows\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\windows\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\windows\system32\wiascr.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\windows\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\windows\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\windows\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\windows\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\windows\system32\shell32.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\windows\system32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: UIHost - (logonui.exe) -C:\WINDOWS\System32\logonui.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) -C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") -C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation) O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation) O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation) O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation) O20 - Winlogon\Notify\dimsntfy: DllName - (%SystemRoot%\System32\dimsntfy.dll) - C:\windows\system32\dimsntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.) O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\WgaLogon: DllName - (WgaLogon.dll) - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation) O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\windows\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\windows\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\windows\system32\stobject.dll (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\windows\system32\webcheck.dll (Microsoft Corporation) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\windows\system32\WPDShServiceObj.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\windows\system32\browseui.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\windows\system32\browseui.dll (Microsoft Corporation) O24 - Desktop Components:0 (My Current Home Page) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msapsspc.dll) -C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (schannel.dll) -C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (digest.dll) -C:\WINDOWS\System32\digest.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msnsspc.dll) -C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) -C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (kerberos) -C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) -C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) -C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) -C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011/11/29 08:21:40 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe [2011/11/28 18:03:02 | 001,566,512 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Administrator\Desktop\tdsskiller.exe [2011/11/26 12:37:11 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2011/11/25 11:10:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp [2011/11/18 09:55:48 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2011/11/18 09:55:47 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2011/11/18 09:55:46 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2011/11/18 09:55:46 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2011/11/18 09:52:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2011/11/18 09:51:59 | 000,000,000 | ---D | C] -- C:\Qoobox [2011/11/17 10:14:40 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Administrative Tools [2011/11/16 13:57:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com [2011/11/16 13:57:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com [2011/11/16 13:57:16 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2011/11/15 15:12:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun [2011/11/15 12:21:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG [2011/11/15 12:15:51 | 003,903,608 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Administrator\Desktop\avg_free_stb_all_2012_1869_cnet.exe [2011/11/15 12:03:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss [2011/11/15 09:17:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia [2011/11/15 09:17:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe [2011/11/14 13:44:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun [2011/11/14 03:20:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia [2011/11/14 03:20:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011/11/29 08:19:54 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe [2011/11/29 07:35:00 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-499000131-4267111148-3219469454-500UA.job [2011/11/28 20:35:00 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-499000131-4267111148-3219469454-500Core.job [2011/11/28 18:09:27 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011/11/28 18:06:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011/11/28 18:01:42 | 001,566,512 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Administrator\Desktop\tdsskiller.exe [2011/11/28 07:44:08 | 000,381,631 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\MiniToolBox.exe [2011/11/26 12:22:27 | 000,000,281 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to ComboFix.exe.lnk [2011/11/25 11:07:05 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2011/11/19 10:41:15 | 000,000,015 | ---- | M] () -- C:\Documents and Settings\Administrator\all [2011/11/17 09:16:20 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk [2011/11/17 09:14:52 | 109,982,589 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm [2011/11/15 17:22:46 | 000,426,984 | ---- | M] (Marvell Semiconductor India Private Limited.) -- C:\WINDOWS\System32\HP2030SM.EXE [2011/11/15 15:05:16 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2011/11/15 12:16:12 | 003,903,608 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Administrator\Desktop\avg_free_stb_all_2012_1869_cnet.exe [2011/11/11 08:46:31 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2011/11/11 03:18:06 | 000,432,686 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2011/11/11 03:18:06 | 000,067,516 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2011/11/08 15:14:01 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2011/11/28 07:46:09 | 000,381,631 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\MiniToolBox.exe [2011/11/26 12:22:27 | 000,000,281 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to ComboFix.exe.lnk [2011/11/19 10:41:15 | 000,000,015 | ---- | C] () -- C:\Documents and Settings\Administrator\all [2011/11/18 09:55:48 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2011/11/18 09:55:47 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2011/11/18 09:55:47 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2011/11/18 09:55:47 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2011/11/18 09:55:47 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2011/11/17 09:14:52 | 109,982,589 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm [2011/11/14 03:27:39 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2011/10/12 02:01:46 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI [2011/09/26 15:19:11 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\334df692 [2011/09/25 14:12:49 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\4c4d8e68 [2011/09/25 12:22:46 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\5be8066d [2011/09/25 12:21:43 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\bb35f992 [2011/09/20 11:48:41 | 000,098,344 | ---- | C] () -- C:\WINDOWS\unTMV.exe [2011/08/08 11:57:18 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\hpsfs.dll [2011/08/08 10:46:30 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2010/05/20 03:01:35 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2010/05/20 02:31:16 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll [2010/05/20 02:31:08 | 000,982,196 | ---- | C] () -- C:\WINDOWS\System32\igkrng500.bin [2010/05/20 02:31:08 | 000,417,344 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin [2009/09/29 08:29:00 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI [2009/04/06 09:00:45 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2009/04/06 08:51:50 | 000,432,686 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2009/04/06 08:51:50 | 000,067,516 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2009/04/06 08:48:38 | 000,269,392 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2009/04/06 08:40:43 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2009/04/06 08:35:21 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2008/04/14 03:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2008/04/14 03:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2008/04/14 03:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2008/04/14 03:00:00 | 000,162,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\netbt.sys [2008/04/14 03:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2008/04/14 03:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2008/04/14 03:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2008/04/14 03:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin [2008/04/14 03:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2008/04/09 16:00:30 | 000,053,478 | ---- | C] () -- C:\WINDOWS\mvtcpui.ini [2008/02/07 09:05:18 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\hppatusg01.dll [2002/05/28 10:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2002/05/28 10:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2002/05/08 12:12:22 | 000,000,788 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini ========== LOP Check ========== [2011/11/15 09:18:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\.purple [2011/09/16 12:56:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\AVG2012 [2011/09/16 13:19:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GetRightToGo [2011/09/06 10:51:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\gtk-2.0 [2011/09/20 11:48:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SoftMaker [2011/11/19 09:57:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012 [2011/09/16 12:56:04 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files [2011/11/29 00:00:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn [2011/11/17 09:52:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData [2011/09/14 09:56:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} ========== Purity Check ========== < End of report > OTL Extras logfile created on: 11/29/2011 8:23:18 AM - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Administrator\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.87 Gb Total Physical Memory | 1.46 Gb Available Physical Memory | 78.14% Memory free 3.59 Gb Paging File | 3.22 Gb Available in Paging File | 89.48% Paging File free Paging file location(s): C:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 139.49 Gb Total Space | 118.62 Gb Free Space | 85.04% Space Free | Partition Type: NTFS Drive D: | 9.55 Gb Total Space | 0.83 Gb Free Space | 8.71% Space Free | Partition Type: NTFS Computer Name: S0810-1 | User Name: Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Virtual Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe" = C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe:*:Enabled:Managed Services Agent [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google) "C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.) "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe:*:Disabled:Google Installer -- (Google Inc.) "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe:*:Disabled:Google Chrome -- (Google Inc.) "C:\Program Files\AVG\AVG2012\avgnsx.exe" = C:\Program Files\AVG\AVG2012\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.) "C:\Program Files\AVG\AVG2012\avgdiagex.exe" = C:\Program Files\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostics 2012 -- (AVG Technologies CZ, s.r.o.) "C:\Program Files\Virtual Firefox\firefox.exe" = C:\Program Files\Virtual Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{16DABD39-A174-4C6B-A2C4-A492E64933C8}" = AVG 2012 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java 6 Update 13 "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{4447D5B5-95ED-4C4D-A9C3-1D8E892D5377}" = AVG 2012 "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant "{57573545-74EB-46D2-B362-AA05364E4ED8}" = LogMeIn "{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}" = InterVideo WinDVD 8 "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7902E313-FF0F-4493-ACB1-A8147B78DCD0}" = HPSSupply "{7D8DBB7C-1C55-4950-A107-043C164F379A}" = Software Virtualization Agent "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003 "{98BD9EA5-2DF2-445C-8C8D-057F55B3C633}" = AVG 2012 "{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar "{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A82D052A-0806-42DF-80CD-1730A1AC0ED3}" = MrvlUsgTracking "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1) "{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support "{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour "{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F872A4F8-4EC5-4668-A908-7C7275B0BE49}" = hppusgP2030 "{FC8B4D35-FC70-4A52-9655-E8784FDEEB87}" = .print Client Windows (RDP) "{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "BizCover_is1" = BizCover "HDMI" = Intel® Graphics Media Accelerator Driver "HP LaserJet P2030 Series" = HP LaserJet P2030 Series "ie8" = Windows Internet Explorer 8 "InstallShield_{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}" = InterVideo WinDVD 8 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox 8.0 (x86 en-US)" = Mozilla Firefox 8.0 (x86 en-US) "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "Pidgin" = Pidgin "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "WinLiveSuite_Wave3" = Windows Live Essentials "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome "Move Media Player" = Move Media Player ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 11/18/2011 7:16:08 PM | Computer Name = S0810-1 | Source = Bonjour Service | ID = 100 Description = ERROR: udsserver_init: 203 (The system could not find the environment option that was entered.) Error - 11/18/2011 7:16:18 PM | Computer Name = S0810-1 | Source = crypt32 | ID = 131083 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid. Error - 11/18/2011 7:16:18 PM | Computer Name = S0810-1 | Source = crypt32 | ID = 131080 Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved Error - 11/18/2011 7:16:18 PM | Computer Name = S0810-1 | Source = crypt32 | ID = 131083 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid. Error - 11/18/2011 7:16:18 PM | Computer Name = S0810-1 | Source = crypt32 | ID = 131080 Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist. Error - 11/18/2011 7:16:18 PM | Computer Name = S0810-1 | Source = crypt32 | ID = 131083 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid. Error - 11/18/2011 7:16:18 PM | Computer Name = S0810-1 | Source = crypt32 | ID = 131080 Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist. Error - 11/18/2011 7:16:18 PM | Computer Name = S0810-1 | Source = crypt32 | ID = 131083 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid. Error - 11/18/2011 7:16:18 PM | Computer Name = S0810-1 | Source = crypt32 | ID = 131080 Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist. Error - 11/25/2011 1:04:37 PM | Computer Name = S0810-1 | Source = crypt32 | ID = 131080 Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved [ System Events ] Error - 11/26/2011 2:41:44 PM | Computer Name = S0810-1 | Source = Service Control Manager | ID = 7003 Description = The DHCP Client service depends on the following nonexistent service: NetBT Error - 11/26/2011 2:41:44 PM | Computer Name = S0810-1 | Source = Service Control Manager | ID = 7003 Description = The TCP/IP NetBIOS Helper service depends on the following nonexistent service: NetBT Error - 11/26/2011 2:41:44 PM | Computer Name = S0810-1 | Source = Service Control Manager | ID = 7000 Description = The Google Update Service (gupdate) service failed to start due to the following error: %%2 Error - 11/28/2011 11:24:54 AM | Computer Name = S0810-1 | Source = Windows Update Agent | ID = 16 Description = Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection. Error - 11/28/2011 3:57:06 PM | Computer Name = S0810-1 | Source = Service Control Manager | ID = 7003 Description = The DHCP Client service depends on the following nonexistent service: NetBT Error - 11/28/2011 3:57:06 PM | Computer Name = S0810-1 | Source = Service Control Manager | ID = 7003 Description = The TCP/IP NetBIOS Helper service depends on the following nonexistent service: NetBT Error - 11/28/2011 3:57:06 PM | Computer Name = S0810-1 | Source = Service Control Manager | ID = 7000 Description = The Google Update Service (gupdate) service failed to start due to the following error: %%2 Error - 11/28/2011 8:09:25 PM | Computer Name = S0810-1 | Source = Service Control Manager | ID = 7003 Description = The DHCP Client service depends on the following nonexistent service: NetBT Error - 11/28/2011 8:09:25 PM | Computer Name = S0810-1 | Source = Service Control Manager | ID = 7003 Description = The TCP/IP NetBIOS Helper service depends on the following nonexistent service: NetBT Error - 11/28/2011 8:09:25 PM | Computer Name = S0810-1 | Source = Service Control Manager | ID = 7000 Description = The Google Update Service (gupdate) service failed to start due to the following error: %%2 < End of report >
  6. fdn3180
    Still can't connect to the internet. 18:03:30.0125 0940 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44 18:03:30.0140 0940 ============================================================ 18:03:30.0140 0940 Current date / time: 2011/11/28 18:03:30.0140 18:03:30.0140 0940 SystemInfo: 18:03:30.0140 0940 18:03:30.0140 0940 OS Version: 5.1.2600 ServicePack: 3.0 18:03:30.0140 0940 Product type: Workstation 18:03:30.0140 0940 ComputerName: S0810-1 18:03:30.0140 0940 UserName: Administrator 18:03:30.0140 0940 Windows directory: C:\WINDOWS 18:03:30.0140 0940 System windows directory: C:\WINDOWS 18:03:30.0140 0940 Processor architecture: Intel x86 18:03:30.0140 0940 Number of processors: 2 18:03:30.0140 0940 Page size: 0x1000 18:03:30.0140 0940 Boot type: Normal boot 18:03:30.0140 0940 ============================================================ 18:03:30.0328 0940 Initialize success 18:03:58.0734 3616 ============================================================ 18:03:58.0734 3616 Scan started 18:03:58.0734 3616 Mode: Manual; SigCheck; TDLFS; 18:03:58.0734 3616 ============================================================ 18:03:58.0859 3616 Abiosdsk - ok 18:03:58.0875 3616 abp480n5 - ok 18:03:58.0921 3616 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys 18:03:59.0703 3616 ac97intc - ok 18:03:59.0796 3616 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 18:03:59.0937 3616 ACPI - ok 18:04:00.0046 3616 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 18:04:00.0187 3616 ACPIEC - ok 18:04:00.0265 3616 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys 18:04:00.0390 3616 adpu160m - ok 18:04:00.0406 3616 adpu320 (0ea9b1f0c6c90a509c8603775366adb7) C:\WINDOWS\system32\DRIVERS\adpu320.sys 18:04:00.0437 3616 adpu320 ( UnsignedFile.Multi.Generic ) - warning 18:04:00.0437 3616 adpu320 - detected UnsignedFile.Multi.Generic (1) 18:04:00.0453 3616 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 18:04:00.0562 3616 aec - ok 18:04:00.0609 3616 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys 18:04:00.0656 3616 AFD - ok 18:04:00.0718 3616 Aha154x - ok 18:04:00.0750 3616 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys 18:04:00.0875 3616 aic78u2 - ok 18:04:00.0890 3616 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys 18:04:01.0000 3616 aic78xx - ok 18:04:01.0062 3616 AliIde - ok 18:04:01.0078 3616 amsint - ok 18:04:01.0109 3616 asc - ok 18:04:01.0125 3616 asc3350p - ok 18:04:01.0140 3616 asc3550 - ok 18:04:01.0187 3616 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 18:04:01.0281 3616 AsyncMac - ok 18:04:01.0312 3616 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 18:04:01.0421 3616 atapi - ok 18:04:01.0421 3616 Atdisk - ok 18:04:01.0437 3616 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 18:04:01.0515 3616 Atmarpc - ok 18:04:01.0531 3616 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 18:04:01.0609 3616 audstub - ok 18:04:01.0671 3616 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys 18:04:01.0687 3616 AVGIDSDriver - ok 18:04:01.0718 3616 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys 18:04:01.0718 3616 AVGIDSEH - ok 18:04:01.0734 3616 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys 18:04:01.0734 3616 AVGIDSFilter - ok 18:04:01.0750 3616 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys 18:04:01.0750 3616 AVGIDSShim - ok 18:04:01.0781 3616 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys 18:04:01.0781 3616 Avgldx86 - ok 18:04:01.0796 3616 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys 18:04:01.0812 3616 Avgmfx86 - ok 18:04:01.0828 3616 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys 18:04:01.0828 3616 Avgrkx86 - ok 18:04:01.0875 3616 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys 18:04:01.0890 3616 Avgtdix - ok 18:04:01.0921 3616 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 18:04:02.0000 3616 Beep - ok 18:04:02.0015 3616 catchme - ok 18:04:02.0062 3616 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 18:04:02.0171 3616 cbidf2k - ok 18:04:02.0171 3616 cd20xrnt - ok 18:04:02.0187 3616 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 18:04:02.0281 3616 Cdaudio - ok 18:04:02.0312 3616 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 18:04:02.0406 3616 Cdfs - ok 18:04:02.0421 3616 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 18:04:02.0531 3616 Cdrom - ok 18:04:02.0546 3616 Changer - ok 18:04:02.0562 3616 CmdIde - ok 18:04:02.0562 3616 Cpqarray - ok 18:04:02.0578 3616 dac2w2k - ok 18:04:02.0578 3616 dac960nt - ok 18:04:02.0609 3616 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 18:04:02.0703 3616 Disk - ok 18:04:02.0750 3616 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 18:04:02.0890 3616 dmboot - ok 18:04:02.0984 3616 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 18:04:03.0093 3616 dmio - ok 18:04:03.0171 3616 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 18:04:03.0281 3616 dmload - ok 18:04:03.0296 3616 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 18:04:03.0406 3616 DMusic - ok 18:04:03.0421 3616 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys 18:04:03.0500 3616 dpti2o - ok 18:04:03.0531 3616 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 18:04:03.0593 3616 drmkaud - ok 18:04:03.0625 3616 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys 18:04:03.0703 3616 E100B - ok 18:04:03.0718 3616 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 18:04:03.0781 3616 Fastfat - ok 18:04:03.0812 3616 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 18:04:03.0875 3616 Fdc - ok 18:04:03.0890 3616 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 18:04:03.0968 3616 Fips - ok 18:04:04.0000 3616 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys 18:04:04.0093 3616 Flpydisk - ok 18:04:04.0109 3616 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys 18:04:04.0203 3616 FltMgr - ok 18:04:04.0203 3616 FSLX - ok 18:04:04.0218 3616 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 18:04:04.0312 3616 Fs_Rec - ok 18:04:04.0328 3616 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 18:04:04.0406 3616 Ftdisk - ok 18:04:04.0453 3616 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 18:04:04.0531 3616 Gpc - ok 18:04:04.0562 3616 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 18:04:04.0640 3616 HDAudBus - ok 18:04:04.0671 3616 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 18:04:04.0750 3616 HidUsb - ok 18:04:04.0765 3616 hpn - ok 18:04:04.0796 3616 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 18:04:04.0859 3616 HTTP - ok 18:04:04.0921 3616 i2omgmt - ok 18:04:04.0953 3616 i2omp - ok 18:04:04.0984 3616 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 18:04:05.0093 3616 i8042prt - ok 18:04:05.0156 3616 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys 18:04:05.0265 3616 i81x - ok 18:04:05.0328 3616 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys 18:04:05.0421 3616 iAimFP0 - ok 18:04:05.0437 3616 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys 18:04:05.0515 3616 iAimFP1 - ok 18:04:05.0531 3616 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys 18:04:05.0593 3616 iAimFP2 - ok 18:04:05.0625 3616 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys 18:04:05.0703 3616 iAimFP3 - ok 18:04:05.0703 3616 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys 18:04:05.0781 3616 iAimFP4 - ok 18:04:05.0796 3616 iAimFP5 (0308aef61941e4af478fa1a0f83812f5) C:\WINDOWS\system32\DRIVERS\wADV07nt.sys 18:04:05.0859 3616 iAimFP5 - ok 18:04:05.0875 3616 iAimFP6 (714038a8aa5de08e12062202cd7eaeb5) C:\WINDOWS\system32\DRIVERS\wADV08nt.sys 18:04:05.0937 3616 iAimFP6 - ok 18:04:05.0984 3616 iAimFP7 (7bb3aa595e4507a788de1cdc63f4c8c4) C:\WINDOWS\system32\DRIVERS\wADV09nt.sys 18:04:06.0062 3616 iAimFP7 - ok 18:04:06.0093 3616 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys 18:04:06.0156 3616 iAimTV0 - ok 18:04:06.0171 3616 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys 18:04:06.0234 3616 iAimTV1 - ok 18:04:06.0234 3616 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys 18:04:06.0296 3616 iAimTV3 - ok 18:04:06.0312 3616 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys 18:04:06.0375 3616 iAimTV4 - ok 18:04:06.0390 3616 iAimTV5 (791cc45de6e50445be72e8ad6401ff45) C:\WINDOWS\system32\DRIVERS\wATV10nt.sys 18:04:06.0453 3616 iAimTV5 - ok 18:04:06.0468 3616 iAimTV6 (352fa0e98bc461ce1ce5d41f64db558d) C:\WINDOWS\system32\DRIVERS\wATV06nt.sys 18:04:06.0562 3616 iAimTV6 - ok 18:04:06.0671 3616 ialm (d0190bbb1b577589548aba94e66d6838) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 18:04:06.0890 3616 ialm - ok 18:04:07.0031 3616 iaStor (d483687eace0c065ee772481a96e05f5) C:\WINDOWS\system32\DRIVERS\iaStor.sys 18:04:07.0031 3616 iaStor - ok 18:04:07.0093 3616 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 18:04:07.0203 3616 Imapi - ok 18:04:07.0218 3616 ini910u - ok 18:04:07.0343 3616 IntcAzAudAddService (553fee1d64acb826a30563dbacc73fa5) C:\WINDOWS\system32\drivers\RtkHDAud.sys 18:04:07.0546 3616 IntcAzAudAddService - ok 18:04:07.0625 3616 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys 18:04:07.0734 3616 IntelIde - ok 18:04:07.0734 3616 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 18:04:07.0828 3616 intelppm - ok 18:04:07.0828 3616 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys 18:04:07.0906 3616 Ip6Fw - ok 18:04:07.0906 3616 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 18:04:07.0984 3616 IpFilterDriver - ok 18:04:08.0046 3616 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 18:04:08.0125 3616 IpInIp - ok 18:04:08.0187 3616 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 18:04:08.0250 3616 IpNat - ok 18:04:08.0265 3616 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 18:04:08.0328 3616 IPSec - ok 18:04:08.0359 3616 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 18:04:08.0390 3616 IRENUM - ok 18:04:08.0406 3616 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 18:04:08.0468 3616 isapnp - ok 18:04:08.0484 3616 Iviaspi (4ac11b2250106774f694df2db4ffed61) C:\WINDOWS\system32\drivers\iviaspi.sys 18:04:08.0500 3616 Iviaspi ( UnsignedFile.Multi.Generic ) - warning 18:04:08.0500 3616 Iviaspi - detected UnsignedFile.Multi.Generic (1) 18:04:08.0515 3616 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 18:04:08.0609 3616 Kbdclass - ok 18:04:08.0671 3616 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 18:04:08.0750 3616 kmixer - ok 18:04:08.0781 3616 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 18:04:08.0843 3616 KSecDD - ok 18:04:08.0906 3616 lbrtfdc - ok 18:04:08.0953 3616 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys 18:04:08.0953 3616 LMIInfo - ok 18:04:09.0000 3616 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys 18:04:09.0015 3616 lmimirr - ok 18:04:09.0015 3616 LMIRfsClientNP - ok 18:04:09.0046 3616 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys 18:04:09.0046 3616 LMIRfsDriver - ok 18:04:09.0062 3616 MBAMSwissArmy - ok 18:04:09.0093 3616 MfeAVFK (64b96de8c492bd435372d9130a535f1d) C:\WINDOWS\system32\drivers\MfeAVFK.sys 18:04:09.0109 3616 MfeAVFK - ok 18:04:09.0140 3616 MfeBOPK (078e87a89d36cc3516f19d5fb518bddc) C:\WINDOWS\system32\drivers\MfeBOPK.sys 18:04:09.0156 3616 MfeBOPK - ok 18:04:09.0203 3616 mfehidk (168c565101fd5b9db694efdec91fafa9) C:\WINDOWS\system32\drivers\mfehidk.sys 18:04:09.0218 3616 mfehidk - ok 18:04:09.0234 3616 MfeRKDK (e0842f67dc9bc4d21d1e319610ebe9e5) C:\WINDOWS\system32\drivers\MfeRKDK.sys 18:04:09.0250 3616 MfeRKDK - ok 18:04:09.0281 3616 mfetdik (43a7acbbd70ecd62f0b63486c72089a3) C:\WINDOWS\system32\drivers\mfetdik.sys 18:04:09.0281 3616 mfetdik - ok 18:04:09.0312 3616 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 18:04:09.0421 3616 mnmdd - ok 18:04:09.0453 3616 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 18:04:09.0562 3616 Modem - ok 18:04:09.0562 3616 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 18:04:09.0656 3616 Mouclass - ok 18:04:09.0703 3616 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 18:04:09.0781 3616 mouhid - ok 18:04:09.0812 3616 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 18:04:09.0875 3616 MountMgr - ok 18:04:09.0906 3616 mraid35x - ok 18:04:09.0953 3616 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 18:04:10.0015 3616 MRxDAV - ok 18:04:10.0156 3616 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 18:04:10.0203 3616 MRxSmb - ok 18:04:10.0250 3616 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 18:04:10.0375 3616 Msfs - ok 18:04:10.0390 3616 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 18:04:10.0468 3616 MSKSSRV - ok 18:04:10.0484 3616 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 18:04:10.0546 3616 MSPCLOCK - ok 18:04:10.0546 3616 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 18:04:10.0625 3616 MSPQM - ok 18:04:10.0640 3616 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 18:04:10.0718 3616 mssmbios - ok 18:04:10.0750 3616 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 18:04:10.0796 3616 Mup - ok 18:04:10.0828 3616 NDIS (8716356e49a665bdc7b114725b60a456) C:\WINDOWS\system32\drivers\NDIS.sys 18:04:10.0875 3616 NDIS - ok 18:04:10.0968 3616 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 18:04:10.0984 3616 NdisTapi - ok 18:04:11.0031 3616 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 18:04:11.0109 3616 Ndisuio - ok 18:04:11.0140 3616 NdisWan (5526cfebb619f7f763bd6a2e1b618078) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 18:04:11.0156 3616 NdisWan - ok 18:04:11.0187 3616 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 18:04:11.0234 3616 NDProxy - ok 18:04:11.0359 3616 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 18:04:11.0468 3616 NetBIOS - ok 18:04:11.0515 3616 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 18:04:11.0625 3616 Npfs - ok 18:04:11.0671 3616 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 18:04:11.0796 3616 Ntfs - ok 18:04:11.0890 3616 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 18:04:12.0000 3616 Null - ok 18:04:12.0031 3616 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 18:04:12.0140 3616 NwlnkFlt - ok 18:04:12.0156 3616 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 18:04:12.0234 3616 NwlnkFwd - ok 18:04:12.0250 3616 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys 18:04:12.0328 3616 P3 - ok 18:04:12.0343 3616 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 18:04:12.0406 3616 Parport - ok 18:04:12.0437 3616 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 18:04:12.0500 3616 PartMgr - ok 18:04:12.0515 3616 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 18:04:12.0578 3616 ParVdm - ok 18:04:12.0625 3616 PCAlertDriver (ce0bf0fa2c3f8cf2549ebf508242a2c9) C:\BizCover\NTGLM7X.sys 18:04:12.0640 3616 PCAlertDriver ( UnsignedFile.Multi.Generic ) - warning 18:04:12.0640 3616 PCAlertDriver - detected UnsignedFile.Multi.Generic (1) 18:04:12.0703 3616 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 18:04:12.0781 3616 PCI - ok 18:04:12.0796 3616 PCIDump - ok 18:04:12.0796 3616 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 18:04:12.0859 3616 PCIIde - ok 18:04:12.0875 3616 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 18:04:12.0953 3616 Pcmcia - ok 18:04:12.0984 3616 PDCOMP - ok 18:04:13.0000 3616 PDFRAME - ok 18:04:13.0015 3616 PDRELI - ok 18:04:13.0031 3616 PDRFRAME - ok 18:04:13.0046 3616 perc2 - ok 18:04:13.0062 3616 perc2hib - ok 18:04:13.0109 3616 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 18:04:13.0187 3616 PptpMiniport - ok 18:04:13.0203 3616 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 18:04:13.0265 3616 PSched - ok 18:04:13.0296 3616 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 18:04:13.0359 3616 Ptilink - ok 18:04:13.0375 3616 ql1080 - ok 18:04:13.0375 3616 Ql10wnt - ok 18:04:13.0375 3616 ql12160 - ok 18:04:13.0390 3616 ql1240 - ok 18:04:13.0390 3616 ql1280 - ok 18:04:13.0406 3616 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 18:04:13.0484 3616 RasAcd - ok 18:04:13.0500 3616 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 18:04:13.0578 3616 Rasl2tp - ok 18:04:13.0593 3616 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 18:04:13.0671 3616 RasPppoe - ok 18:04:13.0687 3616 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 18:04:13.0765 3616 Raspti - ok 18:04:13.0781 3616 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 18:04:13.0843 3616 Rdbss - ok 18:04:13.0890 3616 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 18:04:13.0953 3616 RDPCDD - ok 18:04:13.0984 3616 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 18:04:14.0062 3616 rdpdr - ok 18:04:14.0093 3616 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys 18:04:14.0140 3616 RDPWD - ok 18:04:14.0203 3616 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 18:04:14.0296 3616 redbook - ok 18:04:14.0312 3616 regi (001b4278407f4303efc902a2b16f2453) C:\WINDOWS\system32\drivers\regi.sys 18:04:14.0328 3616 regi - ok 18:04:14.0375 3616 RTLE8023xp (e47c52f0380f0950e2bc9f1bcdc0de9b) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys 18:04:14.0390 3616 RTLE8023xp - ok 18:04:14.0500 3616 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 18:04:14.0531 3616 Secdrv - ok 18:04:14.0562 3616 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 18:04:14.0640 3616 serenum - ok 18:04:14.0656 3616 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 18:04:14.0718 3616 Serial - ok 18:04:14.0750 3616 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 18:04:14.0812 3616 Sfloppy - ok 18:04:14.0828 3616 Simbad - ok 18:04:14.0843 3616 Sparrow - ok 18:04:14.0843 3616 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 18:04:14.0921 3616 splitter - ok 18:04:14.0953 3616 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 18:04:15.0000 3616 sr - ok 18:04:15.0031 3616 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 18:04:15.0078 3616 Srv - ok 18:04:15.0203 3616 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 18:04:15.0265 3616 swenum - ok 18:04:15.0296 3616 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 18:04:15.0359 3616 swmidi - ok 18:04:15.0375 3616 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys 18:04:15.0437 3616 symc810 - ok 18:04:15.0453 3616 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys 18:04:15.0531 3616 symc8xx - ok 18:04:15.0562 3616 Symmpi (f2b7e8416f508368ac6730e2ae1c614f) C:\WINDOWS\system32\DRIVERS\symmpi.sys 18:04:15.0562 3616 Symmpi ( UnsignedFile.Multi.Generic ) - warning 18:04:15.0562 3616 Symmpi - detected UnsignedFile.Multi.Generic (1) 18:04:15.0562 3616 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys 18:04:15.0625 3616 sym_hi - ok 18:04:15.0640 3616 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys 18:04:15.0703 3616 sym_u3 - ok 18:04:15.0718 3616 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 18:04:15.0796 3616 sysaudio - ok 18:04:15.0828 3616 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 18:04:15.0859 3616 Tcpip - ok 18:04:15.0906 3616 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 18:04:15.0968 3616 TDPIPE - ok 18:04:15.0984 3616 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 18:04:16.0046 3616 TDTCP - ok 18:04:16.0062 3616 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 18:04:16.0125 3616 TermDD - ok 18:04:16.0125 3616 TosIde - ok 18:04:16.0156 3616 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 18:04:16.0234 3616 Udfs - ok 18:04:16.0250 3616 ultra - ok 18:04:16.0281 3616 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 18:04:16.0359 3616 usbehci - ok 18:04:16.0390 3616 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 18:04:16.0468 3616 usbhub - ok 18:04:16.0500 3616 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 18:04:16.0593 3616 usbprint - ok 18:04:16.0625 3616 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 18:04:16.0718 3616 usbscan - ok 18:04:16.0765 3616 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 18:04:16.0859 3616 USBSTOR - ok 18:04:16.0890 3616 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 18:04:16.0984 3616 usbuhci - ok 18:04:17.0000 3616 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 18:04:17.0093 3616 VgaSave - ok 18:04:17.0125 3616 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys 18:04:17.0234 3616 ViaIde - ok 18:04:17.0250 3616 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 18:04:17.0359 3616 VolSnap - ok 18:04:17.0406 3616 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 18:04:17.0515 3616 Wanarp - ok 18:04:17.0531 3616 WDICA - ok 18:04:17.0562 3616 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 18:04:17.0656 3616 wdmaud - ok 18:04:17.0734 3616 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 18:04:17.0781 3616 WudfPf - ok 18:04:17.0828 3616 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 18:04:17.0859 3616 WudfRd - ok 18:04:17.0875 3616 MBR (0x1B8) (950dcd2e3db597e6b62b2b7124557fec) \Device\Harddisk0\DR0 18:04:17.0875 3616 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected 18:04:17.0890 3616 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0) 18:04:17.0937 3616 \Device\Harddisk0\DR0 ( TDSS File System ) - warning 18:04:17.0937 3616 \Device\Harddisk0\DR0 - detected TDSS File System (1) 18:04:17.0968 3616 Boot (0x1200) (99274b87ef53614e48f6beb853536a57) \Device\Harddisk0\DR0\Partition0 18:04:17.0968 3616 \Device\Harddisk0\DR0\Partition0 - ok 18:04:17.0984 3616 Boot (0x1200) (f5ca5d84f9de60e0090d0b1b2ca23691) \Device\Harddisk0\DR0\Partition1 18:04:17.0984 3616 \Device\Harddisk0\DR0\Partition1 - ok 18:04:17.0984 3616 ============================================================ 18:04:17.0984 3616 Scan finished 18:04:17.0984 3616 ============================================================ 18:04:18.0093 2728 Detected object count: 6 18:04:18.0093 2728 Actual detected object count: 6 18:05:12.0765 2728 adpu320 ( UnsignedFile.Multi.Generic ) - skipped by user 18:05:12.0765 2728 adpu320 ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:05:12.0765 2728 Iviaspi ( UnsignedFile.Multi.Generic ) - skipped by user 18:05:12.0765 2728 Iviaspi ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:05:12.0765 2728 PCAlertDriver ( UnsignedFile.Multi.Generic ) - skipped by user 18:05:12.0765 2728 PCAlertDriver ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:05:12.0765 2728 Symmpi ( UnsignedFile.Multi.Generic ) - skipped by user 18:05:12.0765 2728 Symmpi ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:05:12.0765 2728 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot 18:05:12.0765 2728 \Device\Harddisk0\DR0 - ok 18:05:12.0765 2728 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure 18:05:12.0765 2728 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user 18:05:12.0765 2728 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip 18:06:10.0656 2584 Deinitialize success
  7. fdn3180
    After restarting the system I am still unable to connect to the internet. Does it appear to be free of any viruses/infections?
  8. fdn3180
    MiniToolBox by Farbar Ran by Administrator (administrator) on 28-11-2011 at 07:47:09 Microsoft Windows XP Service Pack 3 (X86) *************************************************************************** ========================= Flush DNS: =================================== Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========================= Event log errors: =============================== Application errors: ================== Error: (11/25/2011 11:04:37 AM) (Source: crypt32) (User: ) Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved Error: (11/18/2011 05:16:18 PM) (Source: crypt32) (User: ) Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist. Error: (11/18/2011 05:16:18 PM) (Source: crypt32) (User: ) Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid. Error: (11/18/2011 05:16:18 PM) (Source: crypt32) (User: ) Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist. Error: (11/18/2011 05:16:18 PM) (Source: crypt32) (User: ) Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid. Error: (11/18/2011 05:16:18 PM) (Source: crypt32) (User: ) Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist. Error: (11/18/2011 05:16:18 PM) (Source: crypt32) (User: ) Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid. Error: (11/18/2011 05:16:18 PM) (Source: crypt32) (User: ) Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved Error: (11/18/2011 05:16:18 PM) (Source: crypt32) (User: ) Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid. Error: (11/18/2011 05:16:08 PM) (Source: Bonjour Service) (User: ) Description: ERROR: udsserver_init: 203 (The system could not find the environment option that was entered.) System errors: ============= Error: (11/26/2011 00:41:44 PM) (Source: Service Control Manager) (User: ) Description: The Google Update Service (gupdate) service failed to start due to the following error: %%2 Error: (11/26/2011 00:41:44 PM) (Source: Service Control Manager) (User: ) Description: The TCP/IP NetBIOS Helper service depends on the following nonexistent service: NetBT Error: (11/26/2011 00:41:44 PM) (Source: Service Control Manager) (User: ) Description: The DHCP Client service depends on the following nonexistent service: NetBT Error: (11/26/2011 09:24:53 AM) (Source: Windows Update Agent) (User: ) Description: Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection. Error: (11/25/2011 11:19:16 AM) (Source: Service Control Manager) (User: ) Description: The Google Update Service (gupdate) service failed to start due to the following error: %%2 Error: (11/25/2011 11:19:16 AM) (Source: Service Control Manager) (User: ) Description: The TCP/IP NetBIOS Helper service depends on the following nonexistent service: NetBT Error: (11/25/2011 11:19:16 AM) (Source: Service Control Manager) (User: ) Description: The DHCP Client service depends on the following nonexistent service: NetBT Error: (11/25/2011 11:11:55 AM) (Source: DCOM) (User: SYSTEM) Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error: (11/25/2011 11:11:25 AM) (Source: DCOM) (User: Administrator) Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811} Error: (11/25/2011 11:11:13 AM) (Source: DCOM) (User: Administrator) Description: DCOM got error "%%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E} Microsoft Office Sessions: ========================= =========================== Installed Programs ============================ .print Client Windows (RDP) (Version: 7.0.53) Adobe AIR (Version: 2.7.0.19530) Adobe Flash Player 10 ActiveX (Version: 10.3.181.34) Adobe Flash Player 11 Plugin (Version: 11.1.102.55) Adobe Reader X (10.1.1) (Version: 10.1.1) Apple Application Support (Version: 1.5.2) Apple Mobile Device Support (Version: 3.4.1.2) Apple Software Update (Version: 2.1.3.127) AVG 2012 (Version: 12.0.1869) AVG 2012 (Version: 12.0.1872) AVG 2012 (Version: 12.0.2092) BizCover (Version: 1.0.0.4) Bonjour (Version: 3.0.0.2) Compatibility Pack for the 2007 Office system (Version: 12.0.6514.5001) Google Earth (Version: 6.0.3.2197) Google Update Helper (Version: 1.3.21.79) HP Help and Support (Version: 4.2.0010) HP LaserJet P2030 Series hppusgP2030 (Version: 000.000.00005) HPSSupply (Version: 2.1.1.0000) Intel® Graphics Media Accelerator Driver (Version: 6.14.10.5102) InterVideo WinDVD 8 (Version: 8.5.10.36) Java 6 Update 13 (Version: 6.0.130) LogMeIn (Version: 4.1.1868) Malwarebytes' Anti-Malware version 1.51.2.1300 (Version: 1.51.2.1300) MarketResearch (Version: 100.0.170.000) Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729) Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729) Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729) Microsoft Choice Guard (Version: 2.0.48.0) Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1) Microsoft Office Standard Edition 2003 (Version: 11.0.8173.0) Microsoft Search Enhancement Pack (Version: 1.2.123.0) Microsoft Silverlight (Version: 4.0.60531.0) Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0) Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0) Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148) Mozilla Firefox 8.0 (x86 en-US) (Version: 8.0) MrvlUsgTracking (Version: 1.0.7) MSVCRT (Version: 14.0.1468.721) MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0) MSXML 6.0 Parser (KB933579) (Version: 6.10.1200.0) Pidgin (Version: 2.9.0) Realtek High Definition Audio Driver (Version: 5.10.0.5963) Segoe UI (Version: 14.0.4327.805) Software Virtualization Agent (Version: 2.1.3071) Spybot - Search & Destroy (Version: 1.6.2) WebFldrs XP (Version: 9.50.7523) Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0) Windows Genuine Advantage Validation Tool (KB892130) Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2) Windows Internet Explorer 8 (Version: 20090308.140743) Windows Live Essentials (Version: 14.0.8089.0726) Windows Live Essentials (Version: 14.0.8089.726) Windows Live Sign-in Assistant (Version: 5.000.818.5) Windows Live Toolbar (Version: 14.0.8064.206) Windows Live Upload Tool (Version: 14.0.8014.1029) Windows Media Format 11 runtime Windows Media Player 11 Windows Media Player Firefox Plugin (Version: 1.0.0.8) ========================= Memory info: =================================== Percentage of memory in use: 23% Total physical RAM: 1917.1 MB Available physical RAM: 1467.46 MB Total Pagefile: 3681.27 MB Available Pagefile: 3247.21 MB Total Virtual: 2047.88 MB Available Virtual: 1995.18 MB ========================= Partitions: ===================================== 1 Drive c: (OS) (Fixed) (Total:139.49 GB) (Free:118.65 GB) NTFS 2 Drive d: (HP_RECOVERY) (Fixed) (Total:9.55 GB) (Free:0.83 GB) NTFS 4 Drive f: (HDDREG) (Removable) (Total:0.24 GB) (Free:0.24 GB) FAT ========================= Users: ======================================== User accounts for \\S0810-1 Administrator Guest HelpAssistant LogMeInRemoteUser SUPPORT_388945a0 ========================= Minidump Files ================================== No minidump file found **** End of log ****
  9. fdn3180
    Here's the log. After restarting the system I am still unable to connect to the internet. ComboFix 11-11-26.04 - Administrator 11/26/2011 12:26:44.4.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1917.1434 [GMT -6:00] Running from: F:\ComboFix.exe Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt AV: AVG Anti-Virus Free Edition 2012 *Enabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} . WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . . ((((((((((((((((((((((((( Files Created from 2011-10-26 to 2011-11-26 ))))))))))))))))))))))))))))))) . . 2011-11-16 19:57 . 2011-11-16 19:57 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com 2011-11-16 19:57 . 2011-11-18 23:11 -------- d-----w- c:\program files\SUPERAntiSpyware 2011-11-16 19:57 . 2011-11-16 19:57 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2011-11-15 18:21 . 2011-11-17 15:14 -------- d-----w- c:\windows\system32\drivers\AVG 2011-11-14 09:20 . 2011-11-14 09:20 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-15 23:22 . 2011-08-08 17:57 426984 ----a-w- c:\windows\system32\HP2030SM.EXE 2011-11-11 14:46 . 2011-08-08 16:43 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-10-10 14:22 . 2008-04-14 09:00 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-10-07 12:23 . 2011-10-07 12:23 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2011-10-06 16:55 . 2011-08-08 16:13 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak 2011-10-06 16:55 . 2011-08-08 16:13 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll 2011-10-06 16:55 . 2011-08-08 16:13 52096 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll 2011-10-06 16:55 . 2011-08-08 16:13 30592 ----a-w- c:\windows\system32\LMIport.dll 2011-10-06 16:55 . 2011-08-08 16:13 87424 ----a-w- c:\windows\system32\LMIinit.dll.000.bak 2011-10-06 16:55 . 2011-08-08 16:13 87424 ----a-w- c:\windows\system32\LMIinit.dll 2011-10-04 12:21 . 2011-10-04 12:21 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys 2011-09-28 07:06 . 2008-04-14 09:00 599040 ----a-w- c:\windows\system32\crypt32.dll 2011-09-26 16:41 . 2008-07-30 03:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll 2011-09-26 16:41 . 2008-04-14 09:00 220160 ----a-w- c:\windows\system32\oleacc.dll 2011-09-26 16:41 . 2008-04-14 09:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll 2011-09-13 12:30 . 2011-09-13 12:30 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys 2011-09-06 13:20 . 2008-04-14 09:00 1858944 ----a-w- c:\windows\system32\win32k.sys 2011-08-31 22:00 . 2011-09-16 20:43 22216 ----a-w- c:\windows\system32\drivers\mbam.sys . . ((((((((((((((((((((((((((((( SnapShot@2011-11-18_16.27.40 ))))))))))))))))))))))))))))))))))))))))) . + 2011-11-25 17:19 . 2011-11-25 17:19 16384 c:\windows\temp\Perflib_Perfdata_cd8.dat - 2010-05-20 08:49 . 2009-05-16 00:15 34248 c:\windows\system32\drivers\mferkdk.sys + 2010-05-20 08:49 . 2009-05-15 23:15 34248 c:\windows\system32\drivers\mferkdk.sys + 2010-05-20 08:49 . 2009-05-15 23:15 35272 c:\windows\system32\drivers\mfebopk.sys - 2010-05-20 08:49 . 2009-05-16 00:15 35272 c:\windows\system32\drivers\mfebopk.sys + 2010-05-20 08:49 . 2009-05-15 23:15 79816 c:\windows\system32\drivers\mfeavfk.sys - 2010-05-20 08:49 . 2009-05-16 00:15 79816 c:\windows\system32\drivers\mfeavfk.sys - 2010-05-20 08:49 . 2009-05-16 00:15 214024 c:\windows\system32\drivers\mfehidk.sys + 2010-05-20 08:49 . 2009-05-15 23:15 214024 c:\windows\system32\drivers\mfehidk.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-26 141336] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-26 173592] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-26 142872] "RTHDCPL"="RTHDCPL.EXE" [2009-10-16 18782720] "BizCover"="c:\bizcover\StartBizCover.exe" [2009-10-28 204088] "SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-21 525824] "LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2011-01-12 63048] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] "HPUsageTracking"="c:\program files\HP\HP UT\bin\hppusg.exe" [2008-05-07 36864] "AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-10-25 2415456] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 2011-10-06 16:55 87424 ----a-w- c:\windows\system32\LMIinit.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Update\\GoogleUpdate.exe"= "c:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"= "c:\\Program Files\\Virtual Firefox\\firefox.exe"= . R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [7/11/2011 12:14 AM 23120] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/13/2011 6:30 AM 32592] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [10/7/2011 6:23 AM 230608] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [7/11/2011 12:14 AM 295248] R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [10/12/2011 6:25 AM 4433248] R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 5:09 AM 184828] R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [7/6/2011 3:32 PM 374152] R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [1/11/2011 6:04 PM 12856] R2 regi;regi;c:\windows\system32\drivers\regi.sys [4/17/2007 9:09 PM 11032] R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [7/11/2011 1:14 AM 134608] R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [7/11/2011 1:14 AM 24272] R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [10/4/2011 6:21 AM 16720] R3 PCAlertDriver;PCAlertDriver;c:\bizcover\NTGLM7X.sys [5/20/2010 2:46 AM 30208] S1 FSLX;FSLX;\??\c:\windows\system32\drivers\fslx.sys --> c:\windows\system32\drivers\fslx.sys [?] S2 0083921321658316mcinstcleanup;McAfee Application Installer Cleanup (0083921321658316);c:\docume~1\ADMINI~1\LOCALS~1\Temp\008392~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\008392~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe /medsvc --> c:\program files\Google\Update\GoogleUpdate.exe [?] S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?] . Contents of the 'Scheduled Tasks' folder . 2011-11-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-499000131-4267111148-3219469454-500Core.job - c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-09 14:20] . 2011-11-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-499000131-4267111148-3219469454-500UA.job - c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-09 14:20] . . ------- Supplementary Scan ------- . uStart Page = hxxp://208.6.28.109/QQEST/LOGIN/LOGIN.ASP?country=us&rg=d93fe3d6-4a8d-43a1-90b0-bdc170414dcc uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 Trusted Zone: //about.htm/ Trusted Zone: //Exclude.htm/ Trusted Zone: //FWEvent.htm/ Trusted Zone: //LanguageSelection.htm/ Trusted Zone: //Message.htm/ Trusted Zone: //MyAgttryCmd.htm/ Trusted Zone: //MyAgttryNag.htm/ Trusted Zone: //MyNotification.htm/ Trusted Zone: //NOCLessUpdate.htm/ Trusted Zone: //quarantine.htm/ Trusted Zone: //ScanNow.htm/ Trusted Zone: //strings.vbs/ Trusted Zone: //Template.htm/ Trusted Zone: //Update.htm/ Trusted Zone: //VirFound.htm/ Trusted Zone: mcafee.com\* Trusted Zone: mcafeeasap.com\betavscan Trusted Zone: mcafeeasap.com\vs Trusted Zone: mcafeeasap.com\www TCP: DhcpNameServer = 192.168.1.254 FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uejjz7sd.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - google.com FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z125&form=ZGAADF&install_date=20111023&q= . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-11-26 12:33 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-499000131-4267111148-3219469454-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,08,2e,01,c9,6b,e5,6f,4f,be,5d,04,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,08,2e,01,c9,6b,e5,6f,4f,be,5d,04,\ . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(992) c:\windows\system32\WININET.dll c:\windows\system32\LMIinit.dll c:\windows\system32\LMIRfsClientNP.dll c:\windows\system32\cscui.dll . - - - - - - - > 'lsass.exe'(1060) c:\windows\system32\WININET.dll . - - - - - - - > 'explorer.exe'(1144) c:\windows\system32\WININET.dll c:\windows\system32\LMIRfsClientNP.dll c:\windows\system32\msi.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2011-11-26 12:36:32 ComboFix-quarantined-files.txt 2011-11-26 18:36 ComboFix2.txt 2011-11-25 17:09 ComboFix3.txt 2011-11-18 22:16 ComboFix4.txt 2011-11-18 16:32 . Pre-Run: 127,324,545,024 bytes free Post-Run: 127,310,995,456 bytes free . - - End Of File - - 4AB38603A037E2DDEF88135D195C1B89
  10. fdn3180
    ComboFix 11-11-25.01 - Administrator 11/25/2011 11:00:40.3.2 - x86 MINIMAL Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1917.1534 [GMT -6:00] Running from: F:\ComboFix.exe AV: AVG Anti-Virus Free Edition 2012 *Enabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66} . WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uejjz7sd.default\searchplugins\bing-zugo.xml . . ((((((((((((((((((((((((( Files Created from 2011-10-25 to 2011-11-25 ))))))))))))))))))))))))))))))) . . 2011-11-16 19:57 . 2011-11-16 19:57 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com 2011-11-16 19:57 . 2011-11-18 23:11 -------- d-----w- c:\program files\SUPERAntiSpyware 2011-11-16 19:57 . 2011-11-16 19:57 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2011-11-15 18:21 . 2011-11-17 15:14 -------- d-----w- c:\windows\system32\drivers\AVG 2011-11-14 09:20 . 2011-11-14 09:20 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-15 23:22 . 2011-08-08 17:57 426984 ----a-w- c:\windows\system32\HP2030SM.EXE 2011-11-11 14:46 . 2011-08-08 16:43 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-10-10 14:22 . 2008-04-14 09:00 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-10-07 12:23 . 2011-10-07 12:23 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2011-10-06 16:55 . 2011-08-08 16:13 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak 2011-10-06 16:55 . 2011-08-08 16:13 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll 2011-10-06 16:55 . 2011-08-08 16:13 52096 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll 2011-10-06 16:55 . 2011-08-08 16:13 30592 ----a-w- c:\windows\system32\LMIport.dll 2011-10-06 16:55 . 2011-08-08 16:13 87424 ----a-w- c:\windows\system32\LMIinit.dll.000.bak 2011-10-06 16:55 . 2011-08-08 16:13 87424 ----a-w- c:\windows\system32\LMIinit.dll 2011-10-04 12:21 . 2011-10-04 12:21 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys 2011-09-28 07:06 . 2008-04-14 09:00 599040 ----a-w- c:\windows\system32\crypt32.dll 2011-09-26 16:41 . 2008-07-30 03:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll 2011-09-26 16:41 . 2008-04-14 09:00 220160 ----a-w- c:\windows\system32\oleacc.dll 2011-09-26 16:41 . 2008-04-14 09:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll 2011-09-13 12:30 . 2011-09-13 12:30 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys 2011-09-06 13:20 . 2008-04-14 09:00 1858944 ----a-w- c:\windows\system32\win32k.sys 2011-08-31 22:00 . 2011-09-16 20:43 22216 ----a-w- c:\windows\system32\drivers\mbam.sys . . ((((((((((((((((((((((((((((( SnapShot@2011-11-18_16.27.40 ))))))))))))))))))))))))))))))))))))))))) . + 2010-05-20 08:49 . 2009-05-15 23:15 34248 c:\windows\system32\drivers\mferkdk.sys - 2010-05-20 08:49 . 2009-05-16 00:15 34248 c:\windows\system32\drivers\mferkdk.sys - 2010-05-20 08:49 . 2009-05-16 00:15 35272 c:\windows\system32\drivers\mfebopk.sys + 2010-05-20 08:49 . 2009-05-15 23:15 35272 c:\windows\system32\drivers\mfebopk.sys + 2010-05-20 08:49 . 2009-05-15 23:15 79816 c:\windows\system32\drivers\mfeavfk.sys - 2010-05-20 08:49 . 2009-05-16 00:15 79816 c:\windows\system32\drivers\mfeavfk.sys + 2010-05-20 08:49 . 2009-05-15 23:15 214024 c:\windows\system32\drivers\mfehidk.sys - 2010-05-20 08:49 . 2009-05-16 00:15 214024 c:\windows\system32\drivers\mfehidk.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-26 141336] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-26 173592] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-26 142872] "RTHDCPL"="RTHDCPL.EXE" [2009-10-16 18782720] "BizCover"="c:\bizcover\StartBizCover.exe" [2009-10-28 204088] "SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-21 525824] "LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2011-01-12 63048] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] "HPUsageTracking"="c:\program files\HP\HP UT\bin\hppusg.exe" [2008-05-07 36864] "AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-10-25 2415456] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 2011-10-06 16:55 87424 ----a-w- c:\windows\system32\LMIinit.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Update\\GoogleUpdate.exe"= "c:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"= "c:\\Program Files\\Virtual Firefox\\firefox.exe"= . R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [7/11/2011 12:14 AM 23120] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/13/2011 6:30 AM 32592] S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [10/7/2011 6:23 AM 230608] S1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [7/11/2011 12:14 AM 295248] S1 FSLX;FSLX;\??\c:\windows\system32\drivers\fslx.sys --> c:\windows\system32\drivers\fslx.sys [?] S2 0083921321658316mcinstcleanup;McAfee Application Installer Cleanup (0083921321658316);c:\docume~1\ADMINI~1\LOCALS~1\Temp\008392~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\008392~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?] S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [10/12/2011 6:25 AM 4433248] S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 5:09 AM 184828] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?] S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [7/6/2011 3:32 PM 374152] S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [1/11/2011 6:04 PM 12856] S2 regi;regi;c:\windows\system32\drivers\regi.sys [4/17/2007 9:09 PM 11032] S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [7/11/2011 1:14 AM 134608] S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [7/11/2011 1:14 AM 24272] S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [10/4/2011 6:21 AM 16720] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe /medsvc --> c:\program files\Google\Update\GoogleUpdate.exe [?] S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?] S3 PCAlertDriver;PCAlertDriver;c:\bizcover\NTGLM7X.sys [5/20/2010 2:46 AM 30208] . Contents of the 'Scheduled Tasks' folder . 2011-11-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-499000131-4267111148-3219469454-500Core.job - c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-09 14:20] . 2011-11-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-499000131-4267111148-3219469454-500UA.job - c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-09 14:20] . . ------- Supplementary Scan ------- . uStart Page = hxxp://208.6.28.109/QQEST/LOGIN/LOGIN.ASP?country=us&rg=d93fe3d6-4a8d-43a1-90b0-bdc170414dcc uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 Trusted Zone: //about.htm/ Trusted Zone: //Exclude.htm/ Trusted Zone: //FWEvent.htm/ Trusted Zone: //LanguageSelection.htm/ Trusted Zone: //Message.htm/ Trusted Zone: //MyAgttryCmd.htm/ Trusted Zone: //MyAgttryNag.htm/ Trusted Zone: //MyNotification.htm/ Trusted Zone: //NOCLessUpdate.htm/ Trusted Zone: //quarantine.htm/ Trusted Zone: //ScanNow.htm/ Trusted Zone: //strings.vbs/ Trusted Zone: //Template.htm/ Trusted Zone: //Update.htm/ Trusted Zone: //VirFound.htm/ Trusted Zone: mcafee.com\* Trusted Zone: mcafeeasap.com\betavscan Trusted Zone: mcafeeasap.com\vs Trusted Zone: mcafeeasap.com\www TCP: DhcpNameServer = 192.168.1.254 FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uejjz7sd.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - google.com FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z125&form=ZGAADF&install_date=20111023&q= . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-11-25 11:07 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-499000131-4267111148-3219469454-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,08,2e,01,c9,6b,e5,6f,4f,be,5d,04,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,08,2e,01,c9,6b,e5,6f,4f,be,5d,04,\ . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(292) c:\windows\system32\WININET.dll c:\windows\system32\LMIinit.dll c:\windows\system32\LMIRfsClientNP.dll . - - - - - - - > 'lsass.exe'(352) c:\windows\system32\WININET.dll . Completion time: 2011-11-25 11:09:56 ComboFix-quarantined-files.txt 2011-11-25 17:09 ComboFix2.txt 2011-11-18 22:16 ComboFix3.txt 2011-11-18 16:32 . Pre-Run: 127,282,307,072 bytes free Post-Run: 127,319,990,272 bytes free . - - End Of File - - 786960E06619153DE148B5557FD0EC7A
  11. fdn3180
    Still can't connect to the internet on the infected computer. The other one that shares the same router works fine.
  12. fdn3180
    Yes.
  13. fdn3180
    Here are the statements I get for the given commands: ipconfig/release - IP Address for adapter Local Area Connection has already been released ipconfig/renew - An error occurred while renewing interface Local Area Connection : The RPC server is unavailable ipconfig/flushdns - Successfully flushed the DNS Resolver Cache netsh winsock reset all - Successfully reset the Winsock Catalog netsh int ip reset all - nothing comes up After a reboot I am still unable to connect.
  14. fdn3180
    That didn't work wither. After it restarts the Windows screen does not open and I get this message: Bad command or file name Bad command or file name Bad command or file name C:\>
  15. fdn3180
    I found McAfee and uninstalled it. After a reboot I am still unable to access the internet.
  16. fdn3180
    McAfee does not show up in my Add or Remove Programs. Are we unable to proceed until it's uninstalled?
  17. fdn3180
    Not after the script. After checking my local area connection I am told it can not be repaired because I need to renew my IP address? I am also unable to open McAfee to uninstall it. Thanks for your help.
  18. fdn3180
    Here's my log but for some reason I am unable to connect to the internet. ComboFix 11-11-18.02 - Administrator 11/18/2011 16:00:28.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1917.1330 [GMT -6:00] Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66} * Resident AV is active . . WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\LocalService\Local Settings\Application Data\15baaa30 c:\documents and settings\LocalService\Local Settings\Application Data\15baaa30\@ . . ((((((((((((((((((((((((( Files Created from 2011-10-18 to 2011-11-18 ))))))))))))))))))))))))))))))) . . 2011-11-18 15:50 . 2011-11-18 15:51 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip 2011-11-17 15:27 . 2011-11-17 15:27 -------- d-----w- c:\program files\SpywareBlaster 2011-11-16 19:57 . 2011-11-16 19:57 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com 2011-11-16 19:57 . 2011-11-16 20:12 -------- d-----w- c:\program files\SUPERAntiSpyware 2011-11-16 19:57 . 2011-11-16 19:57 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2011-11-15 18:21 . 2011-11-17 15:14 -------- d-----w- c:\windows\system32\drivers\AVG 2011-11-14 09:20 . 2011-11-14 09:20 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-15 23:22 . 2011-08-08 17:57 426984 ----a-w- c:\windows\system32\HP2030SM.EXE 2011-11-11 14:46 . 2011-08-08 16:43 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-10-10 14:22 . 2008-04-14 09:00 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-10-07 12:23 . 2011-10-07 12:23 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2011-10-06 16:55 . 2011-08-08 16:13 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll 2011-10-06 16:55 . 2011-08-08 16:13 52096 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll 2011-10-06 16:55 . 2011-08-08 16:13 30592 ----a-w- c:\windows\system32\LMIport.dll 2011-10-06 16:55 . 2011-08-08 16:13 87424 ----a-w- c:\windows\system32\LMIinit.dll 2011-10-04 12:21 . 2011-10-04 12:21 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys 2011-09-28 07:06 . 2008-04-14 09:00 599040 ----a-w- c:\windows\system32\crypt32.dll 2011-09-26 16:41 . 2008-07-30 03:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll 2011-09-26 16:41 . 2008-04-14 09:00 220160 ----a-w- c:\windows\system32\oleacc.dll 2011-09-26 16:41 . 2008-04-14 09:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll 2011-09-13 12:30 . 2011-09-13 12:30 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys 2011-09-06 13:20 . 2008-04-14 09:00 1858944 ----a-w- c:\windows\system32\win32k.sys 2011-08-31 22:00 . 2011-09-16 20:43 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-08-22 23:48 . 2008-04-14 09:00 916480 ----a-w- c:\windows\system32\wininet.dll 2011-08-22 23:48 . 2008-04-14 09:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-08-22 23:48 . 2008-04-14 09:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2011-08-22 11:56 . 2008-04-14 09:00 385024 ----a-w- c:\windows\system32\html.iec . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-11-07 4617600] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-26 141336] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-26 173592] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-26 142872] "RTHDCPL"="RTHDCPL.EXE" [2009-10-16 18782720] "BizCover"="c:\bizcover\StartBizCover.exe" [2009-10-28 204088] "SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-21 525824] "LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2011-01-12 63048] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] "MVS Splash"="c:\program files\McAfee\Managed VirusScan\Agent\Splash.exe" [2009-04-13 468288] "McAfee Managed Services Tray"="c:\program files\McAfee\Managed VirusScan\Agent\StartMyagtTry.exe" [2009-04-13 87360] "HPUsageTracking"="c:\program files\HP\HP UT\bin\hppusg.exe" [2008-05-07 36864] "AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-10-25 2415456] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 2011-10-06 16:55 87424 ----a-w- c:\windows\system32\LMIinit.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\McAfee\\Managed VirusScan\\Agent\\myAgtSvc.exe"= "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Virtual Firefox\\firefox.exe"= "c:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Update\\GoogleUpdate.exe"= "c:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"= . R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [7/11/2011 12:14 AM 23120] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/13/2011 6:30 AM 32592] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [10/7/2011 6:23 AM 230608] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [7/11/2011 12:14 AM 295248] R1 FSLX;FSLX;c:\windows\system32\drivers\fslx.sys [2/20/2009 3:04 PM 195456] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 10:27 AM 12880] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 3:55 PM 67664] R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 5:38 PM 113496] R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [10/12/2011 6:25 AM 4433248] R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 5:09 AM 184828] R2 EngineServer;EngineServer;c:\program files\McAfee\Managed VirusScan\VScan\EngineServer.exe [8/8/2011 10:50 AM 8600] R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [7/6/2011 3:32 PM 366916] R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [1/11/2011 6:04 PM 12856] R2 myAgtSvc;McAfee Virus and Spyware Protection Service;c:\program files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe [8/8/2011 10:50 AM 165900] R2 regi;regi;c:\windows\system32\drivers\regi.sys [4/17/2007 9:09 PM 11032] R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [7/11/2011 1:14 AM 134608] R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [7/11/2011 1:14 AM 24272] R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [10/4/2011 6:21 AM 16720] R3 PCAlertDriver;PCAlertDriver;c:\bizcover\NTGLM7X.sys [5/20/2010 2:46 AM 30208] S2 0159701312820365mcinstcleanup;McAfee Application Installer Cleanup (0159701312820365);c:\docume~1\ADMINI~1\LOCALS~1\Temp\015970~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\015970~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe /medsvc --> c:\program files\Google\Update\GoogleUpdate.exe [?] S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - MFERKDK . Contents of the 'Scheduled Tasks' folder . 2011-11-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-499000131-4267111148-3219469454-500Core.job - c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-09 14:20] . 2011-11-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-499000131-4267111148-3219469454-500UA.job - c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-09 14:20] . . ------- Supplementary Scan ------- . uStart Page = hxxp://208.6.28.109/QQEST/LOGIN/LOGIN.ASP?country=us&rg=d93fe3d6-4a8d-43a1-90b0-bdc170414dcc uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 Trusted Zone: //about.htm/ Trusted Zone: //Exclude.htm/ Trusted Zone: //FWEvent.htm/ Trusted Zone: //LanguageSelection.htm/ Trusted Zone: //Message.htm/ Trusted Zone: //MyAgttryCmd.htm/ Trusted Zone: //MyAgttryNag.htm/ Trusted Zone: //MyNotification.htm/ Trusted Zone: //NOCLessUpdate.htm/ Trusted Zone: //quarantine.htm/ Trusted Zone: //ScanNow.htm/ Trusted Zone: //strings.vbs/ Trusted Zone: //Template.htm/ Trusted Zone: //Update.htm/ Trusted Zone: //VirFound.htm/ Trusted Zone: mcafee.com\* Trusted Zone: mcafeeasap.com\betavscan Trusted Zone: mcafeeasap.com\vs Trusted Zone: mcafeeasap.com\www TCP: DhcpNameServer = 192.168.1.254 FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uejjz7sd.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - google.com FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z125&form=ZGAADF&install_date=20111023&q= . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-11-18 16:11 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-499000131-4267111148-3219469454-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,08,2e,01,c9,6b,e5,6f,4f,be,5d,04,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,08,2e,01,c9,6b,e5,6f,4f,be,5d,04,\ . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(1024) c:\windows\system32\WININET.dll c:\program files\SUPERAntiSpyware\SASWINLO.DLL c:\windows\system32\LMIinit.dll c:\windows\system32\LMIRfsClientNP.dll . - - - - - - - > 'lsass.exe'(1096) c:\windows\system32\WININET.dll . Completion time: 2011-11-18 16:16:40 ComboFix-quarantined-files.txt 2011-11-18 22:16 ComboFix2.txt 2011-11-18 16:32 . Pre-Run: 127,200,555,008 bytes free Post-Run: 127,185,981,440 bytes free . - - End Of File - - 8E0956AFE75226DB74A89951B8759F38
  19. fdn3180
    ComboFix 11-11-18.02 - Administrator 11/18/2011 10:05:52.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1917.1354 [GMT -6:00] Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} AV: Total Protection *Enabled/Outdated* {8C354827-2F54-4E28-90DC-AD391E77808C} FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66} * Resident AV is active . . WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uejjz7sd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F} c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uejjz7sd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome.manifest c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uejjz7sd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\bar.js c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uejjz7sd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\bar.xul c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uejjz7sd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\buttons.js c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uejjz7sd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\constants.js c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uejjz7sd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\events.js c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uejjz7sd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\globals.js c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uejjz7sd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\hosts.js c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uejjz7sd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\init.js c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uejjz7sd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_images.png c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uejjz7sd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_maps.png c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uejjz7sd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_news.png c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uejjz7sd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_videos.png c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uejjz7sd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_web.png c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uejjz7sd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_amazon.png c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uejjz7sd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_ebay.png c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uejjz7sd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_facebook.png c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uejjz7sd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_games.png c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uejjz7sd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_msn.png c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uejjz7sd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_shopping.png c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uejjz7sd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_travel.png c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uejjz7sd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_twitter.png c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uejjz7sd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\startnow_logo.png c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uejjz7sd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\installer.xml c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uejjz7sd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\chevron_button.png c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uejjz7sd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_button_hover.png c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uejjz7sd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_button_normal.png c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uejjz7sd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_dropdown_button_normal.png c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uejjz7sd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_background.png c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uejjz7sd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_left.png c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uejjz7sd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_middle.png c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uejjz7sd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\separator.png c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uejjz7sd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\splitter.png c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uejjz7sd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ff_hover_c.png c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uejjz7sd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_c.png c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uejjz7sd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_l.png c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uejjz7sd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_r.png c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uejjz7sd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_c.png c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uejjz7sd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_l.png c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uejjz7sd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_r.png c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uejjz7sd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\toolbar.xml c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uejjz7sd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\locale\en-US\{5911488E-9D1E-40ec-8CBB-06B231CC153F}.dtd c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uejjz7sd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\skin\overlay.css c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uejjz7sd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\components\tellSvc.dll c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uejjz7sd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\install.rdf c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uejjz7sd.default\extensions\{dd288c79-094a-4fa1-85de-1da3dd55e3b2} c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uejjz7sd.default\extensions\{dd288c79-094a-4fa1-85de-1da3dd55e3b2}\chrome.manifest c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uejjz7sd.default\extensions\{dd288c79-094a-4fa1-85de-1da3dd55e3b2}\chrome\xulcache.jar c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uejjz7sd.default\extensions\{dd288c79-094a-4fa1-85de-1da3dd55e3b2}\defaults\preferences\xulcache.js c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uejjz7sd.default\extensions\{dd288c79-094a-4fa1-85de-1da3dd55e3b2}\install.rdf c:\documents and settings\All Users\Application Data\Tarma Installer c:\documents and settings\All Users\Application Data\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\_Setup.dll c:\documents and settings\All Users\Application Data\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\_Setupx.dll c:\documents and settings\All Users\Application Data\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\Setup.dat c:\documents and settings\All Users\Application Data\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\Setup.exe c:\documents and settings\All Users\Application Data\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\Setup.ico c:\documents and settings\All Users\Application Data\TEMP c:\windows\$NtUninstallKB16501$ c:\windows\$NtUninstallKB16501$\262817364 c:\windows\$NtUninstallKB16501$\364554800\@ c:\windows\$NtUninstallKB16501$\364554800\L\ktrspibc c:\windows\$NtUninstallKB16501$\364554800\loader.tlb c:\windows\$NtUninstallKB16501$\364554800\U\@00000001 c:\windows\$NtUninstallKB16501$\364554800\U\@000000c0 c:\windows\$NtUninstallKB16501$\364554800\U\@000000cb c:\windows\$NtUninstallKB16501$\364554800\U\@000000cf c:\windows\$NtUninstallKB16501$\364554800\U\@80000000 c:\windows\$NtUninstallKB16501$\364554800\U\@800000c0 c:\windows\$NtUninstallKB16501$\364554800\U\@800000cb c:\windows\$NtUninstallKB16501$\364554800\U\@800000cf c:\windows\system32\ c:\windows\system32\Cache c:\windows\system32\Cache\272512937d9e61a4.fb c:\windows\system32\Cache\287204568329e189.fb c:\windows\system32\Cache\28bc8f716fd76a47.fb c:\windows\system32\Cache\2c53092c95605355.fb c:\windows\system32\Cache\3917078cb68ec657.fb c:\windows\system32\Cache\590ba23ce359fd0c.fb c:\windows\system32\Cache\610289e025a3ee9a.fb c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb c:\windows\system32\Cache\75e76b8aed0d2a46.fb c:\windows\system32\Cache\ad10a52aff5e038d.fb c:\windows\system32\Cache\d201ef9910cd39de.fb c:\windows\system32\Cache\d2e94710a5708128.fb c:\windows\system32\Cache\d79b9dfe81484ec4.fb . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_Updater_Service_for_StartNow_Toolbar -------\Service_Updater Service for StartNow Toolbar . . ((((((((((((((((((((((((( Files Created from 2011-10-18 to 2011-11-18 ))))))))))))))))))))))))))))))) . . 2011-11-18 15:50 . 2011-11-18 15:51 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip 2011-11-17 15:27 . 2011-11-17 15:27 -------- d-----w- c:\program files\SpywareBlaster 2011-11-16 19:57 . 2011-11-16 19:57 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com 2011-11-16 19:57 . 2011-11-16 20:12 -------- d-----w- c:\program files\SUPERAntiSpyware 2011-11-16 19:57 . 2011-11-16 19:57 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2011-11-15 21:12 . 2011-11-17 17:13 -------- d-sh--w- c:\documents and settings\LocalService\Local Settings\Application Data\15baaa30 2011-11-15 18:21 . 2011-11-17 15:14 -------- d-----w- c:\windows\system32\drivers\AVG 2011-11-14 09:20 . 2011-11-14 09:20 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-15 23:22 . 2011-08-08 17:57 426984 ----a-w- c:\windows\system32\HP2030SM.EXE 2011-11-11 14:46 . 2011-08-08 16:43 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-10-10 14:22 . 2008-04-14 09:00 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-10-07 12:23 . 2011-10-07 12:23 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2011-10-06 16:55 . 2011-08-08 16:13 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll 2011-10-06 16:55 . 2011-08-08 16:13 52096 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll 2011-10-06 16:55 . 2011-08-08 16:13 30592 ----a-w- c:\windows\system32\LMIport.dll 2011-10-06 16:55 . 2011-08-08 16:13 87424 ----a-w- c:\windows\system32\LMIinit.dll 2011-10-04 12:21 . 2011-10-04 12:21 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys 2011-09-28 07:06 . 2008-04-14 09:00 599040 ----a-w- c:\windows\system32\crypt32.dll 2011-09-26 16:41 . 2008-07-30 03:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll 2011-09-26 16:41 . 2008-04-14 09:00 220160 ----a-w- c:\windows\system32\oleacc.dll 2011-09-26 16:41 . 2008-04-14 09:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll 2011-09-13 12:30 . 2011-09-13 12:30 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys 2011-09-06 13:20 . 2008-04-14 09:00 1858944 ----a-w- c:\windows\system32\win32k.sys 2011-08-31 22:00 . 2011-09-16 20:43 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-08-22 23:48 . 2008-04-14 09:00 916480 ----a-w- c:\windows\system32\wininet.dll 2011-08-22 23:48 . 2008-04-14 09:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-08-22 23:48 . 2008-04-14 09:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2011-08-22 11:56 . 2008-04-14 09:00 385024 ----a-w- c:\windows\system32\html.iec . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-11-07 4617600] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-26 141336] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-26 173592] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-26 142872] "RTHDCPL"="RTHDCPL.EXE" [2009-10-16 18782720] "BizCover"="c:\bizcover\StartBizCover.exe" [2009-10-28 204088] "SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-21 525824] "LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2011-01-12 63048] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] "MVS Splash"="c:\program files\McAfee\Managed VirusScan\Agent\Splash.exe" [2009-04-13 468288] "McAfee Managed Services Tray"="c:\program files\McAfee\Managed VirusScan\Agent\StartMyagtTry.exe" [2009-04-13 87360] "HPUsageTracking"="c:\program files\HP\HP UT\bin\hppusg.exe" [2008-05-07 36864] "AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-10-25 2415456] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 2011-10-06 16:55 87424 ----a-w- c:\windows\system32\LMIinit.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\McAfee\\Managed VirusScan\\Agent\\myAgtSvc.exe"= "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Virtual Firefox\\firefox.exe"= "c:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Update\\GoogleUpdate.exe"= "c:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"= . R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [7/11/2011 12:14 AM 23120] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/13/2011 6:30 AM 32592] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [10/7/2011 6:23 AM 230608] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [7/11/2011 12:14 AM 295248] R1 FSLX;FSLX;c:\windows\system32\drivers\fslx.sys [2/20/2009 3:04 PM 195456] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 10:27 AM 12880] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 3:55 PM 67664] R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 5:38 PM 113496] R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [10/12/2011 6:25 AM 4433248] R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 5:09 AM 184828] R2 EngineServer;EngineServer;c:\program files\McAfee\Managed VirusScan\VScan\EngineServer.exe [8/8/2011 10:50 AM 8600] R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [7/6/2011 3:32 PM 366916] R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [1/11/2011 6:04 PM 12856] R2 myAgtSvc;McAfee Virus and Spyware Protection Service;c:\program files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe [8/8/2011 10:50 AM 165900] R2 regi;regi;c:\windows\system32\drivers\regi.sys [4/17/2007 9:09 PM 11032] R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [7/11/2011 1:14 AM 134608] R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [7/11/2011 1:14 AM 24272] R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [10/4/2011 6:21 AM 16720] R3 PCAlertDriver;PCAlertDriver;c:\bizcover\NTGLM7X.sys [5/20/2010 2:46 AM 30208] S2 0159701312820365mcinstcleanup;McAfee Application Installer Cleanup (0159701312820365);c:\docume~1\ADMINI~1\LOCALS~1\Temp\015970~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\015970~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe /medsvc --> c:\program files\Google\Update\GoogleUpdate.exe [?] S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?] . Contents of the 'Scheduled Tasks' folder . 2011-11-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-499000131-4267111148-3219469454-500Core.job - c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-09 14:20] . 2011-11-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-499000131-4267111148-3219469454-500UA.job - c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-09 14:20] . . ------- Supplementary Scan ------- . uStart Page = hxxp://208.6.28.109/QQEST/LOGIN/LOGIN.ASP?country=us&rg=d93fe3d6-4a8d-43a1-90b0-bdc170414dcc uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 Trusted Zone: //about.htm/ Trusted Zone: //Exclude.htm/ Trusted Zone: //FWEvent.htm/ Trusted Zone: //LanguageSelection.htm/ Trusted Zone: //Message.htm/ Trusted Zone: //MyAgttryCmd.htm/ Trusted Zone: //MyAgttryNag.htm/ Trusted Zone: //MyNotification.htm/ Trusted Zone: //NOCLessUpdate.htm/ Trusted Zone: //quarantine.htm/ Trusted Zone: //ScanNow.htm/ Trusted Zone: //strings.vbs/ Trusted Zone: //Template.htm/ Trusted Zone: //Update.htm/ Trusted Zone: //VirFound.htm/ Trusted Zone: mcafee.com\* Trusted Zone: mcafeeasap.com\betavscan Trusted Zone: mcafeeasap.com\vs Trusted Zone: mcafeeasap.com\www TCP: DhcpNameServer = 192.168.1.254 FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uejjz7sd.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - google.com FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z125&form=ZGAADF&install_date=20111023&q= . - - - - ORPHANS REMOVED - - - - . WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file) AddRemove-AVG - c:\program files\AVG\AVG2012\avgmfapx.exe AddRemove-MVS - c:\program files\McAfee\Managed VirusScan\Agent\myinx AddRemove-StartNow Toolbar - c:\program files\StartNow Toolbar\StartNowToolbarUninstall.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-11-18 10:26 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-499000131-4267111148-3219469454-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,08,2e,01,c9,6b,e5,6f,4f,be,5d,04,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,08,2e,01,c9,6b,e5,6f,4f,be,5d,04,\ . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(1024) c:\windows\system32\WININET.dll c:\program files\SUPERAntiSpyware\SASWINLO.DLL c:\windows\system32\LMIinit.dll c:\windows\system32\LMIRfsClientNP.dll . - - - - - - - > 'lsass.exe'(1096) c:\windows\system32\WININET.dll . - - - - - - - > 'explorer.exe'(2940) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\msi.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\windows\system32\LMIRfsClientNP.dll . ------------------------ Other Running Processes ------------------------ . c:\progra~1\AVG\AVG2012\avgrsx.exe c:\program files\AVG\AVG2012\avgcsrvx.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\AVG\AVG2012\avgnsx.exe c:\program files\LogMeIn\x86\RaMaint.exe c:\program files\LogMeIn\x86\LogMeIn.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Common Files\Protexis\License Service\PsiService_2.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files\McAfee\Managed VirusScan\VScan\McShield.exe c:\windows\system32\wscntfy.exe c:\windows\RTHDCPL.EXE c:\windows\system32\igfxsrvc.exe c:\program files\McAfee\Managed VirusScan\Agent\myAgtTry.exe c:\bizcover\BizCover.exe . ************************************************************************** . Completion time: 2011-11-18 10:32:19 - machine was rebooted ComboFix-quarantined-files.txt 2011-11-18 16:32 . Pre-Run: 123,483,324,416 bytes free Post-Run: 127,156,031,488 bytes free . - - End Of File - - 674FA98AAF79B0395F428606BDF4B496
  20. fdn3180
    System is operating fine (for now) besides redirects from Google searches. AVG keeps notifying me of the problem but Malwarebytes, Spybot, and AVG have been unable to remove it. Also when I re-start my system I get this lovely message: "The maximum number of secrets that may be stored in a single system has been exceed. The length and number of secrets is limited to satisfy United States Department export restrictions." Attached is my AVG scan as well. Thanks for any help that can/will be provided. attach.txt dds.txt AVG Scan.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.