Gemma
-
Posts
30 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by Gemma
-
-
Hi Kevin,
While following your instruction links, I found Vosteran listed as a search engine in Google Chrome so I deleted it.
Below is the log and I no longer have Vosteran opening every time I open Chrome
Thanks for your help, it's greatly appreciated!
Gemma
---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.18, November 2014 (build 5.18.10802.0)
Started On Fri Nov 28 22:07:25 2014Engine: 1.1.11104.0
Signatures: 1.187.1116.0Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Fri Nov 28 22:18:29 2014Return code: 0 (0x0)
-
I am having so much trouble trying to upload these posts.
I keep getting a message that says "Your post was too long. Please go back and shorten it a little".
So I have attached the Zoek log. I hope this is ok.
And yes Vosteran Search is still opening in the second tab in Google Chrome
Cheers,
Gemma
-
Hi Kevin,
Apparently the post is too long with both logs so I will try (again) to post them, separately this time...
Malwarebytes Anti-Malware
www.malwarebytes.orgScan Date: 28/11/2014
Scan Time: 5:50:58 PM
Logfile: Mbam.txt
Administrator: YesVersion: 2.00.3.1025
Malware Database: v2014.11.28.03
Rootkit Database: v2014.11.22.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: DisabledOS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: UNICORNScan Type: Threat Scan
Result: Completed
Objects Scanned: 308596
Time Elapsed: 9 min, 11 secMemory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: EnabledProcesses: 0
(No malicious items detected)Modules: 0
(No malicious items detected)Registry Keys: 0
(No malicious items detected)Registry Values: 0
(No malicious items detected)Registry Data: 0
(No malicious items detected)Folders: 0
(No malicious items detected)Files: 0
(No malicious items detected)Physical Sectors: 0
(No malicious items detected)(end)
-
Hi,
I have recently had to install a new hard drive after my computer took a fall and I've been reinstalling all the software and drivers needed. I noticed two days ago that when I open Google Chrome, a second tab appears with "Vosteran Search". After googling I realised this is Malware. I have tried using Malwarebytes Pro, Bitdefender, Adwcleaner, JT, uninstalled from programs and removed the extension in Google Chrome but I still can't get rid of it!!!
Please help!
Logs attached. Too long to post in message apparently...
Thanks, Gemma
-
Merry Christmas MrC! I hope you're having a good one
I followed your last link with instructions and the following ip address always appears first: 66.223.50.32. When I checked the PID in task manager it is linked to vsserv.exe. I tried to end the process as suggested but I get the message "Operation could not be completed. Access is denied." I realise that vsserv.exe is used by Bitdefender so I tried shutting that down but the exe file still seems to be running and using a fair amount of memory usage still, varying between 2,000kb - 37,000kb. Usually at the higher end.
I am not sure what to do now...
-
It seems to be running ok but I still have this error message appearing in system logs today:
Event Type: Warning
Event Source: Tcpip
Event Category: None
Event ID: 4226
Date: 22/12/2012
Time: 7:58:11 AM
User: N/A
Computer: TONKA
Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 01 00 54 00 ......T.
0008: 00 00 00 00 82 10 00 80 ....
-
Ok, I found & fixed it. It was something called ROOT\LEGACY\SASKUTIL\0000 which was left behind when I uninstalled SuperAntiSpyware. So I downloaded an uninstall file to remove it from bleepingcomputer.com, rebooted and no more new device wizard!
-
I followed your instructions and windows update works now. And the last two reboots have been quick as they should be with no system error logs. I do still keep getting the new hardware wizard box appearing every time I reboot and I just select cancel as the hardware listed is "unknown". Windows update didn't show any updates for hardware were required and neither has FileHippo.
-
Sorry for the multiple posts but I also noticed in the system event list that updates (windows I think) have been terminated many times so I opened internet explorer and tried to check windows updates but I get the following:
Files required to use Windows Update are no longer registered or installed on your computer. To continue:
Register or reinstall the files for me now (Recommended)
Let me read about more steps that might be required to solve the problem
It then comes up with this:
Download and install the latest updating software
Registering: 100%...
And then after a 10 seconds or so, I get this:
The website has encountered a problem and cannot display the page you are trying to view. The options provided below might help you solve the problem.
For self-help options:
For assisted support options:
- Microsoft Online Assisted Support (no-cost for Windows Update issues)
- Microsoft Online Assisted Support (no-cost for Windows Update issues)
-
Shortly after I posted the above I had the blue screen of death again. I checked the system errors and I have had this message a few times in the past month. Not sure if it is relevant with my other pc issues!
Event Type: Error
Event Source: System Error
Event Category: (102)
Event ID: 1003
Date: 20/12/2012
Time: 8:16:24 PM
User: N/A
Computer: TONKA
Description:
Error code 1000008e, parameter1 c0000005, parameter2 bf8488a2, parameter3 b2300ae4, parameter4 00000000.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 53 79 73 74 65 6d 20 45 System E
0008: 72 72 6f 72 20 20 45 72 rror Er
0010: 72 6f 72 20 63 6f 64 65 ror code
0018: 20 31 30 30 30 30 30 38 1000008
0020: 65 20 20 50 61 72 61 6d e Param
0028: 65 74 65 72 73 20 63 30 eters c0
0030: 30 30 30 30 30 35 2c 20 000005,
0038: 62 66 38 34 38 38 61 32 bf8488a2
0040: 2c 20 62 32 33 30 30 61 , b2300a
0048: 65 34 2c 20 30 30 30 30 e4, 0000
0050: 30 30 30 30 0000
-
My pc is booting up faster than before but I had that new hardware wizard box appear when my user desktop loaded again today. Next to the name of the hardware it says "unknown". I cancelled out again. Latest log is below:
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ not found.
Registry value HKEY_USERS\S-1-5-21-1645522239-1993962763-839522115-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}\ not found.
Service WDICA stopped successfully!
Service WDICA deleted successfully!
Service VcommMgr stopped successfully!
Service VcommMgr deleted successfully!
File System32\Drivers\VcommMgr.sys not found.
Service VComm stopped successfully!
Service VComm deleted successfully!
File system32\DRIVERS\VComm.sys not found.
Service PDRFRAME stopped successfully!
Service PDRFRAME deleted successfully!
Service PDRELI stopped successfully!
Service PDRELI deleted successfully!
Service PDFRAME stopped successfully!
Service PDFRAME deleted successfully!
Service PDCOMP stopped successfully!
Service PDCOMP deleted successfully!
Service PCIDump stopped successfully!
Service PCIDump deleted successfully!
Service lbrtfdc stopped successfully!
Service lbrtfdc deleted successfully!
Service i2omgmt stopped successfully!
Service i2omgmt deleted successfully!
Service Changer stopped successfully!
Service Changer deleted successfully!
Service catchme stopped successfully!
Service catchme deleted successfully!
File H:\DOCUME~1\Gemma\LOCALS~1\Temp\catchme.sys not found.
Service BTHidMgr stopped successfully!
Service BTHidMgr deleted successfully!
File System32\Drivers\BTHidMgr.sys not found.
Service BTHidEnum stopped successfully!
Service BTHidEnum deleted successfully!
File system32\DRIVERS\vbtenum.sys not found.
Service Btcsrusb stopped successfully!
Service Btcsrusb deleted successfully!
File System32\Drivers\btcusb.sys not found.
Service BT stopped successfully!
Service BT deleted successfully!
File system32\DRIVERS\btnetdrv.sys not found.
Service BlueletSCOAudio stopped successfully!
Service BlueletSCOAudio deleted successfully!
File system32\DRIVERS\BlueletSCOAudio.sys not found.
Service BlueletAudio stopped successfully!
Service BlueletAudio deleted successfully!
File system32\DRIVERS\blueletaudio.sys not found.
OTL by OldTimer - Version 3.2.69.0 log created on 12202012_194500
-
Ok, I uninstalled Spybot & SuperAntiSpyware and rebooted. On reboot prior to my user desktop appearing, a new hardware wizard box appeared asking me where I wanted to search for install software, I had to select from local (recommended) or disc so I picked local then a box appeared to select cancel so I did. My pc then loaded my user desktop as normal...
OTL logfile created on: 20/12/2012 7:58:07 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = H:\Documents and Settings\Gemma\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy
3.25 Gb Total Physical Memory | 2.38 Gb Available Physical Memory | 73.18% Memory free
5.09 Gb Paging File | 4.26 Gb Available in Paging File | 83.76% Paging File free
Paging file location(s): H:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = H: | %SystemRoot% = H:\WINDOWS | %ProgramFiles% = H:\Program Files
Drive H: | 465.75 Gb Total Space | 360.21 Gb Free Space | 77.34% Space Free | Partition Type: NTFS
Drive M: | 931.51 Gb Total Space | 19.98 Gb Free Space | 2.14% Space Free | Partition Type: NTFS
Computer Name: TONKA | User Name: Gemma | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/12/20 07:56:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- H:\Documents and Settings\Gemma\Desktop\OTL.exe
PRC - [2012/12/11 19:01:49 | 001,343,032 | ---- | M] (Bitdefender) -- H:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe
PRC - [2012/12/11 19:00:41 | 000,055,544 | ---- | M] (Bitdefender) -- H:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe
PRC - [2012/12/11 19:00:31 | 001,613,368 | ---- | M] (Bitdefender) -- H:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe
PRC - [2012/12/05 12:15:17 | 001,242,728 | ---- | M] (Google Inc.) -- H:\Documents and Settings\Gemma\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2012/12/04 02:40:50 | 001,259,880 | ---- | M] (NVIDIA Corporation) -- H:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/11/30 13:06:58 | 001,263,512 | ---- | M] () -- H:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2012/11/13 11:21:55 | 000,309,424 | ---- | M] (Bitdefender) -- H:\Program Files\Bitdefender\Bitdefender 2013\downloader.exe
PRC - [2012/11/13 11:21:50 | 000,082,824 | ---- | M] (Bitdefender) -- H:\Program Files\Bitdefender\Bitdefender Safebox\safeboxservice.exe
PRC - [2012/09/29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- H:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- H:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- H:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/06/11 17:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) -- H:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.EXE
PRC - [2011/09/16 12:08:18 | 001,804,648 | ---- | M] (Hewlett-Packard Co.) -- H:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe
PRC - [2009/07/23 18:23:56 | 000,178,720 | ---- | M] () -- H:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
PRC - [2009/07/23 18:23:54 | 000,387,616 | ---- | M] () -- H:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
PRC - [2008/04/14 11:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\explorer.exe
PRC - [2007/08/09 18:27:52 | 000,073,728 | ---- | M] (HP) -- H:\WINDOWS\system32\HPZipm12.exe
PRC - [2005/05/12 01:33:52 | 000,479,232 | ---- | M] (Hewlett-Packard Co.) -- H:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
========== Modules (No Company Name) ==========
MOD - [2012/12/19 06:52:47 | 000,521,728 | ---- | M] () -- H:\Program Files\Bitdefender\Bitdefender 2013\otengines_00005_004\ashttpdsp.mdl
MOD - [2012/12/19 06:52:46 | 001,959,936 | ---- | M] () -- H:\Program Files\Bitdefender\Bitdefender 2013\otengines_00005_004\ashttpph.mdl
MOD - [2012/12/19 06:52:45 | 000,967,680 | ---- | M] () -- H:\Program Files\Bitdefender\Bitdefender 2013\otengines_00005_004\ashttprbl.mdl
MOD - [2012/12/19 06:52:44 | 000,644,096 | ---- | M] () -- H:\Program Files\Bitdefender\Bitdefender 2013\otengines_00005_004\ashttpbr.mdl
MOD - [2012/12/11 19:01:50 | 000,003,072 | ---- | M] () -- H:\Program Files\Bitdefender\Bitdefender 2013\ui\accessl.ui
MOD - [2012/12/11 19:01:39 | 000,099,304 | ---- | M] () -- H:\Program Files\Bitdefender\Bitdefender 2013\imsecurityal.dll
MOD - [2012/12/11 19:01:37 | 000,004,608 | ---- | M] () -- H:\Program Files\Bitdefender\Bitdefender 2013\ui\imsecurityal.ui
MOD - [2012/12/11 19:00:28 | 000,092,600 | ---- | M] () -- H:\Program Files\Bitdefender\Bitdefender 2013\bdmetrics.dll
MOD - [2012/12/11 18:58:18 | 000,203,840 | ---- | M] () -- H:\Program Files\Bitdefender\Bitdefender 2013\txmlutil.dll
MOD - [2012/12/05 12:15:15 | 000,460,904 | ---- | M] () -- H:\Documents and Settings\Gemma\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.97\ppgooglenaclpluginchrome.dll
MOD - [2012/12/05 12:15:14 | 004,008,040 | ---- | M] () -- H:\Documents and Settings\Gemma\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.97\pdf.dll
MOD - [2012/12/05 12:14:29 | 000,587,880 | ---- | M] () -- H:\Documents and Settings\Gemma\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.97\libglesv2.dll
MOD - [2012/12/05 12:14:28 | 000,124,520 | ---- | M] () -- H:\Documents and Settings\Gemma\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.97\libegl.dll
MOD - [2012/12/05 12:14:21 | 000,157,304 | ---- | M] () -- H:\Documents and Settings\Gemma\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.97\avutil-51.dll
MOD - [2012/12/05 12:14:20 | 000,275,576 | ---- | M] () -- H:\Documents and Settings\Gemma\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.97\avformat-54.dll
MOD - [2012/12/05 12:14:19 | 002,168,952 | ---- | M] () -- H:\Documents and Settings\Gemma\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.97\avcodec-54.dll
MOD - [2012/12/04 02:40:50 | 000,357,224 | ---- | M] () -- H:\Program Files\NVIDIA Corporation\nView\nvShell.dll
MOD - [2012/11/30 13:07:48 | 000,100,248 | ---- | M] () -- H:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2012/11/30 13:06:58 | 001,263,512 | ---- | M] () -- H:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2012/11/18 11:55:37 | 000,627,200 | ---- | M] () -- H:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\43b92a8dac90d1d6426274274abb69a6\System.Transactions.ni.dll
MOD - [2012/11/18 11:55:23 | 000,627,712 | ---- | M] () -- H:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\18a9c594469dc027497b448fb945aaca\System.EnterpriseServices.ni.dll
MOD - [2012/11/18 11:54:22 | 000,971,264 | ---- | M] () -- H:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\41cac4885974d07de06f0b4fec9883f0\System.Configuration.ni.dll
MOD - [2012/11/18 11:51:16 | 005,450,752 | ---- | M] () -- H:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\d35b50eb6bb7b1bfb6592419d9feba47\System.Xml.ni.dll
MOD - [2012/11/18 11:51:11 | 012,433,920 | ---- | M] () -- H:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6585a5fcaaa1b49b9a1bd9ca5c5c306e\System.Windows.Forms.ni.dll
MOD - [2012/11/18 11:50:59 | 001,592,320 | ---- | M] () -- H:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\da4bcb702feb770ce40cf1371b0c4d02\System.Drawing.ni.dll
MOD - [2012/11/18 11:50:47 | 006,616,576 | ---- | M] () -- H:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\d309c7e5107b3aed78e097659f94543b\System.Data.ni.dll
MOD - [2012/11/18 11:49:58 | 007,977,472 | ---- | M] () -- H:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\90ad0c96693527ae685ff40019bb33b0\System.ni.dll
MOD - [2012/11/18 11:49:52 | 011,492,352 | ---- | M] () -- H:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\3add69b075f3da012fb97ce00cd795c0\mscorlib.ni.dll
MOD - [2012/11/18 11:49:01 | 002,933,248 | ---- | M] () -- H:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2012/11/18 11:48:47 | 000,303,104 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2012/11/18 11:48:45 | 000,261,632 | ---- | M] () -- H:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2012/11/18 11:28:19 | 003,391,488 | ---- | M] () -- h:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_63d9324c\mscorlib.dll
MOD - [2012/11/18 11:28:17 | 000,843,776 | ---- | M] () -- h:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_66a01e83\system.drawing.dll
MOD - [2012/11/18 11:28:13 | 002,088,960 | ---- | M] () -- h:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_b5ca47f3\system.xml.dll
MOD - [2012/11/18 11:28:10 | 003,035,136 | ---- | M] () -- h:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_02546ef7\system.windows.forms.dll
MOD - [2012/11/18 11:28:03 | 001,966,080 | ---- | M] () -- h:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_f0478446\system.dll
MOD - [2012/11/18 11:27:57 | 002,064,384 | ---- | M] () -- h:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2012/11/18 11:27:55 | 001,232,896 | ---- | M] () -- h:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2012/11/13 11:21:48 | 000,918,696 | ---- | M] () -- H:\Program Files\Bitdefender\Bitdefender Safebox\system.data.sqlite.dll
MOD - [2012/11/13 11:20:59 | 000,394,408 | ---- | M] () -- \\?\H:\Program Files\Common Files\Bitdefender\Bitdefender Threat Scanner\trufos.dll
MOD - [2012/06/16 08:58:14 | 000,471,040 | ---- | M] () -- h:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2012/03/11 15:55:40 | 000,088,656 | ---- | M] () -- H:\WINDOWS\system32\cpwmon2k.dll
MOD - [2011/11/14 21:17:06 | 000,132,176 | ---- | M] () -- H:\Program Files\Bitdefender\Bitdefender 2013\bdfwcore.dll
MOD - [2011/10/03 19:26:03 | 001,339,392 | ---- | M] () -- h:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2011/09/25 13:55:15 | 000,774,144 | ---- | M] () -- h:\windows\assembly\gac\hpqbakup\3.0.0.0__a53cf5803f4c3827\hpqbakup.dll
MOD - [2011/09/18 17:10:18 | 000,065,536 | ---- | M] () -- h:\windows\assembly\gac\hpqisrtb\4.0.0.0__a53cf5803f4c3827\hpqisrtb.dll
MOD - [2011/09/18 17:10:13 | 000,380,928 | ---- | M] () -- h:\windows\assembly\gac\hpqcprsc\3.0.0.0__a53cf5803f4c3827\hpqcprsc.dll
MOD - [2011/09/18 17:10:02 | 001,032,192 | ---- | M] () -- h:\windows\assembly\gac\hpqedit\3.0.0.0__a53cf5803f4c3827\hpqedit.dll
MOD - [2011/09/18 17:10:02 | 000,004,096 | ---- | M] () -- h:\windows\assembly\gac\interop.hprblog\3.0.0.0__a53cf5803f4c3827\interop.hprblog.dll
MOD - [2011/09/18 17:10:01 | 000,163,840 | ---- | M] () -- h:\windows\assembly\gac\hpqvideo\3.0.0.0__a53cf5803f4c3827\hpqvideo.dll
MOD - [2011/09/18 17:10:00 | 000,053,248 | ---- | M] () -- h:\windows\assembly\gac\hpqovskn\3.0.0.0__a53cf5803f4c3827\hpqovskn.dll
MOD - [2011/09/18 17:09:59 | 000,512,000 | ---- | M] () -- h:\windows\assembly\gac\hpqimvlt\3.0.0.0__a53cf5803f4c3827\hpqimvlt.dll
MOD - [2011/09/18 17:09:59 | 000,015,360 | ---- | M] () -- h:\windows\assembly\gac\interop.hpqvideo\3.0.0.0__a53cf5803f4c3827\interop.hpqvideo.dll
MOD - [2011/09/18 17:09:59 | 000,010,752 | ---- | M] () -- h:\windows\assembly\gac\interop.hpqimgr\3.0.0.0__a53cf5803f4c3827\interop.hpqimgr.dll
MOD - [2011/09/18 17:09:58 | 000,364,544 | ---- | M] () -- h:\windows\assembly\gac\hpqtray\4.0.0.0__a53cf5803f4c3827\hpqtray.dll
MOD - [2011/09/18 17:09:58 | 000,188,416 | ---- | M] () -- h:\windows\assembly\gac\hpqimgrc\4.0.0.0__a53cf5803f4c3827\hpqimgrc.dll
MOD - [2011/09/18 17:09:58 | 000,069,632 | ---- | M] () -- h:\windows\assembly\gac\hpqglutl\4.0.0.0__a53cf5803f4c3827\hpqglutl.dll
MOD - [2011/09/18 17:09:58 | 000,057,344 | ---- | M] () -- h:\windows\assembly\gac\hpqimlib\3.0.0.0__a53cf5803f4c3827\hpqimlib.dll
MOD - [2011/09/18 17:09:58 | 000,045,056 | ---- | M] () -- h:\windows\assembly\gac\hpqthumb\3.0.0.0__a53cf5803f4c3827\hpqthumb.dll
MOD - [2011/09/18 17:09:58 | 000,036,864 | ---- | M] () -- h:\windows\assembly\gac\hpqfmrsc\4.0.0.0__a53cf5803f4c3827\hpqfmrsc.dll
MOD - [2011/09/18 17:09:58 | 000,020,480 | ---- | M] () -- h:\windows\assembly\gac\hpqiface\4.0.0.0__a53cf5803f4c3827\hpqiface.dll
MOD - [2011/09/18 17:09:57 | 000,589,824 | ---- | M] () -- h:\windows\assembly\gac\hpqcc2\3.0.0.0__a53cf5803f4c3827\hpqcc2.dll
MOD - [2011/09/18 17:09:57 | 000,024,576 | ---- | M] () -- h:\windows\assembly\gac\hpqasset\4.0.0.0__a53cf5803f4c3827\hpqasset.dll
MOD - [2011/09/18 17:08:16 | 000,065,536 | ---- | M] () -- h:\windows\assembly\gac\hpqmdmr\4.0.0.0__a53cf5803f4c3827\hpqmdmr.dll
MOD - [2011/09/18 17:08:16 | 000,057,344 | ---- | M] () -- h:\windows\assembly\gac\hpqprrsc\4.0.0.0__a53cf5803f4c3827\hpqprrsc.dll
MOD - [2011/09/18 17:08:15 | 000,430,080 | ---- | M] () -- h:\windows\assembly\gac\lead.wrapper\13.0.0.113__9cf889f53ea9b907\lead.wrapper.dll
MOD - [2011/09/18 17:08:15 | 000,090,112 | ---- | M] () -- h:\windows\assembly\gac\lead.drawing.imaging.imageprocessing\13.0.0.113__9cf889f53ea9b907\lead.drawing.imaging.imageprocessing.dll
MOD - [2011/09/18 17:08:15 | 000,086,016 | ---- | M] () -- h:\windows\assembly\gac\lead.drawing\13.0.0.113__9cf889f53ea9b907\lead.drawing.dll
MOD - [2011/09/18 17:08:15 | 000,077,824 | ---- | M] () -- h:\windows\assembly\gac\lead\13.0.0.113__9cf889f53ea9b907\lead.dll
MOD - [2011/09/18 17:08:15 | 000,069,632 | ---- | M] () -- h:\windows\assembly\gac\lead.windows.forms.drawingcontainer\13.0.0.113__9cf889f53ea9b907\lead.windows.forms.drawingcontainer.dll
MOD - [2011/09/18 17:08:15 | 000,040,960 | ---- | M] () -- h:\windows\assembly\gac\lead.windows.forms\13.0.0.113__9cf889f53ea9b907\lead.windows.forms.dll
MOD - [2011/09/18 17:08:14 | 000,225,280 | ---- | M] () -- h:\windows\assembly\gac\hpqutils\4.0.0.0__a53cf5803f4c3827\hpqutils.dll
MOD - [2011/09/18 17:08:14 | 000,069,632 | ---- | M] () -- h:\windows\assembly\gac\hpqntrop\4.0.0.0__a53cf5803f4c3827\hpqntrop.dll
MOD - [2011/09/18 17:08:14 | 000,036,864 | ---- | M] () -- h:\windows\assembly\gac\interop.hpqcxm08\3.0.0.0__a53cf5803f4c3827\interop.hpqcxm08.dll
MOD - [2011/09/18 17:06:04 | 000,007,680 | ---- | M] () -- h:\windows\assembly\gac\accessibility\1.0.5000.0__b03f5f7f11d50a3a\accessibility.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- H:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- H:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/07/23 18:23:56 | 000,178,720 | ---- | M] () -- H:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
MOD - [2009/07/23 18:23:54 | 000,387,616 | ---- | M] () -- H:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
MOD - [2009/07/23 18:23:48 | 000,436,768 | ---- | M] () -- H:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\SpecialCase.dll
MOD - [2009/07/23 18:23:08 | 000,068,128 | ---- | M] () -- H:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nv_common.dll
========== Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\qmgr.dll -- (BITS)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/12/16 17:53:50 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- H:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/11 19:01:49 | 001,343,032 | ---- | M] (Bitdefender) [Auto | Running] -- H:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe -- (VSSERV)
SRV - [2012/12/11 19:00:41 | 000,055,544 | ---- | M] (Bitdefender) [Auto | Running] -- H:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe -- (UPDATESRV)
SRV - [2012/12/11 18:58:00 | 000,061,736 | ---- | M] (Bitdefender) [Disabled | Stopped] -- H:\Program Files\Bitdefender\Bitdefender 2013\bdparentalservice.exe -- (BdDesktopParental)
SRV - [2012/12/04 02:40:50 | 001,259,880 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- H:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/11/13 11:21:50 | 000,082,824 | ---- | M] (Bitdefender) [Auto | Running] -- H:\Program Files\Bitdefender\Bitdefender Safebox\safeboxservice.exe -- (SafeBox)
SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- H:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- H:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/06/11 17:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- H:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/06/11 17:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- H:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.EXE -- (BBSvc)
SRV - [2009/07/23 18:23:56 | 000,178,720 | ---- | M] () [Auto | Running] -- H:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV - [2009/07/23 18:23:54 | 000,387,616 | ---- | M] () [Auto | Running] -- H:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)
SRV - [2007/08/09 18:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- H:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\VcommMgr.sys -- (VcommMgr)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\VComm.sys -- (VComm)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- H:\DOCUME~1\Gemma\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Boot | Stopped] -- System32\Drivers\BTHidMgr.sys -- (BTHidMgr)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\vbtenum.sys -- (BTHidEnum)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\btcusb.sys -- (Btcsrusb)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btnetdrv.sys -- (BT)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\BlueletSCOAudio.sys -- (BlueletSCOAudio)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\blueletaudio.sys -- (BlueletAudio)
DRV - [2012/12/19 19:37:43 | 000,035,144 | ---- | M] () [File_System | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV - [2012/12/11 19:00:56 | 000,242,504 | ---- | M] (BitDefender) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\avchv.sys -- (avchv)
DRV - [2012/11/13 11:21:14 | 000,343,456 | ---- | M] (BitDefender S.R.L.) [File_System | Boot | Running] -- H:\WINDOWS\system32\drivers\trufos.sys -- (trufos)
DRV - [2012/10/26 19:30:02 | 000,622,616 | ---- | M] (BitDefender) [File_System | Boot | Running] -- H:\WINDOWS\system32\drivers\avc3.sys -- (avc3)
DRV - [2012/10/26 19:28:52 | 000,134,136 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- H:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys -- (bdselfpr)
DRV - [2012/10/26 19:28:24 | 000,481,464 | ---- | M] (BitDefender) [File_System | On_Demand | Running] -- H:\WINDOWS\system32\drivers\avckf.sys -- (avckf)
DRV - [2012/10/26 19:28:21 | 000,066,392 | ---- | M] (BitDefender SRL) [File_System | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\bdsandbox.sys -- (BDSandBox)
DRV - [2012/10/01 15:24:16 | 000,161,312 | ---- | M] (BitDefender LLC) [File_System | Boot | Running] -- H:\WINDOWS\system32\drivers\gzflt.sys -- (gzflt)
DRV - [2012/09/29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- H:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/07/06 16:13:08 | 000,116,248 | ---- | M] (BitDefender LLC) [Kernel | On_Demand | Running] -- H:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf.sys -- (Bdfndisf)
DRV - [2012/04/17 15:40:22 | 000,072,704 | ---- | M] (BitDefender) [Kernel | System | Running] -- H:\WINDOWS\system32\drivers\bdvedisk.sys -- (BDVEDISK)
DRV - [2011/11/14 21:16:26 | 000,130,640 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- H:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdftdif.sys -- (bdftdif)
DRV - [2009/07/01 12:53:34 | 000,013,824 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2009/07/01 12:53:30 | 000,066,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2009/02/11 13:40:40 | 005,028,352 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2008/05/06 16:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1645522239-1993962763-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = about:windows update [binary data]
IE - HKU\S-1-5-21-1645522239-1993962763-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1645522239-1993962763-839522115-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1645522239-1993962763-839522115-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-1645522239-1993962763-839522115-1004\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2645238
IE - HKU\S-1-5-21-1645522239-1993962763-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1645522239-1993962763-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
IE - HKU\S-1-5-21-1645522239-1993962763-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 200.76.23.165:80
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@abr.gov.au/KeyMgmtPlugin: H:\Program Files\ABR\Plug-In\bin\npAUSkeyPlugin.dll (Commonwealth Government of Australia)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: H:\WINDOWS\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: H:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: H:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@csi.business.gov.au/CsiPlugin: H:\Program Files\Common-Use Signing Interface\bin\npCsiPlugin.dll (Commonwealth Government of Australia)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: H:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: H:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: H:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: H:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: H:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: H:\Documents and Settings\Gemma\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: H:\Documents and Settings\Gemma\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: H:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/12/16 19:33:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: H:\Program Files\Bitdefender\Bitdefender 2013\bdtbext [2012/09/06 11:56:29 | 000,000,000 | ---D | M]
========== Chrome ==========
CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = H:\Documents and Settings\Gemma\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = H:\Documents and Settings\Gemma\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = H:\Documents and Settings\Gemma\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.97\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = H:\Documents and Settings\Gemma\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Adobe Acrobat (Enabled) = H:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = H:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = H:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = H:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = H:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = H:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = H:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = H:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = H:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = H:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = H:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: ABR_AUSkey Mozilla Plugin (Enabled) = H:\Documents and Settings\Gemma\Local Settings\Application Data\ABR\Plug-In\bin\npAUSkeyPlugin.dll
CHR - plugin: Google Update (Enabled) = H:\Documents and Settings\Gemma\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: CSI Mozilla Plugin (Enabled) = H:\Program Files\Common-Use Signing Interface\bin\npCsiPlugin.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = H:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = H:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: iTunes Application Detector (Enabled) = H:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = H:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Disabled) = H:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - Extension: YouTube = H:\Documents and Settings\Gemma\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = H:\Documents and Settings\Gemma\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = H:\Documents and Settings\Gemma\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = H:\Documents and Settings\Gemma\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2012/12/19 06:18:11 | 000,444,027 | R--- | M]) - H:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15277 more lines...
O2 - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - H:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - H:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - No CLSID value found.
O2 - BHO: (no name) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - No CLSID value found.
O2 - BHO: (no name) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - H:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKU\S-1-5-21-1645522239-1993962763-839522115-1004\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] H:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [bdagent] H:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe (Bitdefender)
O4 - HKLM..\Run: [DivXMediaServer] H:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe ()
O4 - HKLM..\Run: [DivXUpdate] H:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [NvCplDaemon] H:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] H:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] H:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
O4 - HKU\S-1-5-21-1645522239-1993962763-839522115-1004..\Run: [FileHippo.com] H:\Program Files\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O4 - HKU\S-1-5-21-1645522239-1993962763-839522115-1004..\Run: [HP Photosmart 6510 series (NET)] H:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - Startup: H:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = H:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1645522239-1993962763-839522115-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1645522239-1993962763-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1645522239-1993962763-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1645522239-1993962763-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1645522239-1993962763-839522115-1010\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1645522239-1993962763-839522115-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - H:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1353196746656 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1348748221718 (MUWebControl Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0D9776FA-00BD-402A-9319-AAA9F5A244A1}: DhcpNameServer = 10.1.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - H:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (H:\WINDOWS\system32\userinit.exe) - H:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012/12/20 07:56:40 | 000,602,112 | ---- | C] (OldTimer Tools) -- H:\Documents and Settings\Gemma\Desktop\OTL.exe
[2012/12/19 21:57:02 | 000,000,000 | ---D | C] -- H:\Program Files\AGEIA Technologies
[2012/12/19 18:11:19 | 000,000,000 | ---D | C] -- H:\Documents and Settings\Gemma\Desktop\mbar
[2012/12/18 23:44:40 | 000,000,000 | RH-D | C] -- H:\Documents and Settings\Gemma\Recent
[2012/12/18 22:31:59 | 000,000,000 | -HSD | C] -- H:\RECYCLER
[2012/12/18 22:02:45 | 000,518,144 | ---- | C] (SteelWerX) -- H:\WINDOWS\SWREG.exe
[2012/12/18 22:02:45 | 000,406,528 | ---- | C] (SteelWerX) -- H:\WINDOWS\SWSC.exe
[2012/12/18 22:02:45 | 000,212,480 | ---- | C] (SteelWerX) -- H:\WINDOWS\SWXCACLS.exe
[2012/12/18 22:02:45 | 000,060,416 | ---- | C] (NirSoft) -- H:\WINDOWS\NIRCMD.exe
[2012/12/18 22:02:35 | 000,000,000 | ---D | C] -- H:\Qoobox
[2012/12/18 21:54:15 | 005,012,571 | R--- | C] (Swearware) -- H:\Documents and Settings\Gemma\Desktop\ComboFix.exe
[2012/12/18 21:47:17 | 000,000,000 | ---D | C] -- M:\Gemma's Stuff\ProcAlyzer Dumps
[2012/12/18 08:11:05 | 000,000,000 | ---D | C] -- H:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2012/12/18 08:10:32 | 000,000,000 | ---D | C] -- H:\Program Files\iPod
[2012/12/18 08:10:26 | 000,000,000 | ---D | C] -- H:\Program Files\iTunes
[2012/12/18 08:10:26 | 000,000,000 | ---D | C] -- H:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012/12/17 19:31:00 | 000,000,000 | ---D | C] -- H:\Documents and Settings\Gemma\Desktop\RK_Quarantine
[2012/12/17 10:28:21 | 000,688,992 | R--- | C] (Swearware) -- H:\Documents and Settings\Gemma\Desktop\dds.com
[2012/12/16 19:37:27 | 000,000,000 | ---D | C] -- H:\Documents and Settings\Gemma\Application Data\DDMSettings
[2012/12/16 19:25:35 | 000,000,000 | ---D | C] -- H:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2012/12/01 18:57:25 | 000,000,000 | ---D | C] -- H:\Other Videos
[2012/11/25 14:17:54 | 000,000,000 | ---D | C] -- H:\Program Files\Spybot - Search & Destroy 2
[2012/11/25 14:10:49 | 000,000,000 | ---D | C] -- H:\Program Files\CCleaner
========== Files - Modified Within 30 Days ==========
[2012/12/20 08:01:00 | 000,000,332 | ---- | M] () -- H:\WINDOWS\tasks\HP Photo Creations Messager.job
[2012/12/20 07:56:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- H:\Documents and Settings\Gemma\Desktop\OTL.exe
[2012/12/20 07:56:37 | 000,484,544 | ---- | M] () -- H:\WINDOWS\System32\perfh009.dat
[2012/12/20 07:56:37 | 000,080,814 | ---- | M] () -- H:\WINDOWS\System32\perfc009.dat
[2012/12/20 07:53:15 | 000,000,830 | ---- | M] () -- H:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/12/20 07:52:07 | 000,002,048 | --S- | M] () -- H:\WINDOWS\bootstat.dat
[2012/12/19 21:55:28 | 001,070,792 | ---- | M] () -- H:\WINDOWS\System32\nvdrsdb1.bin
[2012/12/19 21:55:28 | 000,000,001 | ---- | M] () -- H:\WINDOWS\System32\nvdrssel.bin
[2012/12/19 21:55:24 | 001,070,792 | ---- | M] () -- H:\WINDOWS\System32\nvdrsdb0.bin
[2012/12/19 21:27:52 | 000,013,646 | ---- | M] () -- H:\WINDOWS\System32\wpa.dbl
[2012/12/19 21:27:00 | 000,000,978 | ---- | M] () -- H:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-1993962763-839522115-1004UA.job
[2012/12/19 21:26:00 | 000,000,994 | ---- | M] () -- H:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-1993962763-839522115-1005UA.job
[2012/12/19 20:40:00 | 000,000,460 | ---- | M] () -- H:\WINDOWS\tasks\At2.job
[2012/12/19 19:37:43 | 000,035,144 | ---- | M] () -- H:\WINDOWS\System32\drivers\mbamchameleon.sys
[2012/12/19 18:10:55 | 013,485,902 | ---- | M] () -- H:\Documents and Settings\Gemma\Desktop\mbar-1.01.0.1011.zip
[2012/12/19 06:18:11 | 000,444,027 | R--- | M] () -- H:\WINDOWS\System32\drivers\etc\hosts
[2012/12/19 06:15:44 | 000,444,027 | R--- | M] () -- H:\WINDOWS\System32\drivers\etc\hosts.20121219-061811.backup
[2012/12/18 22:43:00 | 000,000,460 | ---- | M] () -- H:\WINDOWS\tasks\At3.job
[2012/12/18 22:14:59 | 000,000,027 | ---- | M] () -- H:\WINDOWS\System32\drivers\etc\hosts.20121219-061544.backup
[2012/12/18 21:55:06 | 005,012,571 | R--- | M] (Swearware) -- H:\Documents and Settings\Gemma\Desktop\ComboFix.exe
[2012/12/18 21:47:12 | 000,000,360 | RHS- | M] () -- H:\boot.ini
[2012/12/18 08:11:05 | 000,001,542 | ---- | M] () -- H:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/12/17 19:20:43 | 000,148,400 | ---- | M] () -- H:\WINDOWS\System32\FNTCACHE.DAT
[2012/12/17 10:28:23 | 000,688,992 | R--- | M] (Swearware) -- H:\Documents and Settings\Gemma\Desktop\dds.com
[2012/12/16 19:33:29 | 000,001,371 | ---- | M] () -- H:\Documents and Settings\Gemma\Desktop\DivX Movies.lnk
[2012/12/16 19:33:17 | 000,000,777 | ---- | M] () -- H:\Documents and Settings\All Users\Desktop\DivX Plus Player.lnk
[2012/12/16 19:33:05 | 000,000,817 | ---- | M] () -- H:\Documents and Settings\All Users\Desktop\DivX Plus Converter.lnk
[2012/12/16 19:29:52 | 000,002,262 | ---- | M] () -- H:\Documents and Settings\Gemma\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/12/16 19:29:51 | 000,002,284 | ---- | M] () -- H:\Documents and Settings\Gemma\Desktop\Google Chrome.lnk
[2012/12/16 19:25:57 | 000,001,632 | ---- | M] () -- H:\Documents and Settings\Gemma\Desktop\Update Checker.lnk
[2012/12/16 19:25:35 | 000,000,682 | ---- | M] () -- H:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/12/16 19:00:00 | 000,000,256 | ---- | M] () -- H:\WINDOWS\tasks\Malwarebytes' Anti-Malware.job
[2012/12/11 19:00:56 | 000,242,504 | ---- | M] (BitDefender) -- H:\WINDOWS\System32\drivers\avchv.sys
[2012/12/04 02:40:50 | 002,283,884 | ---- | M] () -- H:\WINDOWS\System32\nvdata.data
[2012/12/04 02:40:50 | 000,012,951 | ---- | M] () -- H:\WINDOWS\System32\nvinfo.pb
[2012/12/03 22:24:42 | 000,000,664 | ---- | M] () -- H:\WINDOWS\System32\d3d9caps.dat
[2012/12/01 19:00:10 | 000,000,260 | ---- | M] () -- H:\WINDOWS\tasks\Disk Cleanup.job
[2012/11/26 16:27:01 | 000,000,926 | ---- | M] () -- H:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-1993962763-839522115-1004Core.job
[2012/11/26 14:26:00 | 000,000,942 | ---- | M] () -- H:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-1993962763-839522115-1005Core.job
[2012/11/26 14:00:00 | 000,000,460 | ---- | M] () -- H:\WINDOWS\tasks\At4.job
[2012/11/25 22:14:21 | 000,000,164 | ---- | M] () -- M:\Gemma's Stuff\cc_20121125_221416.reg
[2012/11/25 22:14:00 | 000,000,830 | ---- | M] () -- M:\Gemma's Stuff\cc_20121125_221338.reg
[2012/11/25 22:13:21 | 000,213,628 | ---- | M] () -- M:\Gemma's Stuff\cc_20121125_220713.reg
[2012/11/25 16:35:44 | 000,444,088 | R--- | M] () -- H:\WINDOWS\System32\drivers\etc\hosts.20121126-153422.backup
[2012/11/25 16:35:18 | 000,444,088 | R--- | M] () -- H:\WINDOWS\System32\drivers\etc\hosts.20121125-163544.backup
========== Files Created - No Company Name ==========
[2012/12/19 19:37:43 | 000,035,144 | ---- | C] () -- H:\WINDOWS\System32\drivers\mbamchameleon.sys
[2012/12/19 07:36:31 | 013,485,902 | ---- | C] () -- H:\Documents and Settings\Gemma\Desktop\mbar-1.01.0.1011.zip
[2012/12/18 22:02:45 | 000,256,000 | ---- | C] () -- H:\WINDOWS\PEV.exe
[2012/12/18 22:02:45 | 000,208,896 | ---- | C] () -- H:\WINDOWS\MBR.exe
[2012/12/18 22:02:45 | 000,098,816 | ---- | C] () -- H:\WINDOWS\sed.exe
[2012/12/18 22:02:45 | 000,080,412 | ---- | C] () -- H:\WINDOWS\grep.exe
[2012/12/18 22:02:45 | 000,068,096 | ---- | C] () -- H:\WINDOWS\zip.exe
[2012/12/18 08:11:05 | 000,001,542 | ---- | C] () -- H:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/11/25 22:14:18 | 000,000,164 | ---- | C] () -- M:\Gemma's Stuff\cc_20121125_221416.reg
[2012/11/25 22:13:42 | 000,000,830 | ---- | C] () -- M:\Gemma's Stuff\cc_20121125_221338.reg
[2012/11/25 22:07:22 | 000,213,628 | ---- | C] () -- M:\Gemma's Stuff\cc_20121125_220713.reg
[2012/11/25 14:10:50 | 000,000,682 | ---- | C] () -- H:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/11/12 13:44:51 | 000,000,385 | ---- | C] () -- H:\Documents and Settings\Gemma\Application Datauser_gensett.xml
[2012/09/16 17:22:52 | 002,283,884 | ---- | C] () -- H:\WINDOWS\System32\nvdata.data
[2012/09/06 23:41:13 | 000,000,057 | ---- | C] () -- H:\Documents and Settings\All Users\Application Data\Ament.ini
[2012/03/18 18:19:36 | 000,047,104 | ---- | C] () -- H:\WINDOWS\AKDeInstall.exe
[2012/02/15 18:11:47 | 000,003,072 | ---- | C] () -- H:\WINDOWS\System32\iacenc.dll
[2011/11/13 20:02:09 | 000,000,664 | ---- | C] () -- H:\WINDOWS\System32\d3d9caps.dat
[2011/09/25 15:59:19 | 000,000,214 | ---- | C] () -- H:\WINDOWS\HP_InstantSHareJPG.ini
[2011/09/25 13:55:13 | 000,000,217 | ---- | C] () -- H:\WINDOWS\HP_IZClosingDiscErrorPatch.ini
[2011/09/25 12:58:08 | 000,000,227 | ---- | C] () -- H:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2011/09/19 09:20:28 | 000,000,128 | ---- | C] () -- H:\Documents and Settings\Gemma\Local Settings\Application Data\fusioncache.dat
[2011/04/09 13:05:17 | 000,000,695 | ---- | C] () -- H:\WINDOWS\MYOBP.INI
[2011/04/09 13:05:17 | 000,000,057 | ---- | C] () -- H:\WINDOWS\MYOB.INI
[2011/04/09 12:16:48 | 000,000,663 | ---- | C] () -- H:\WINDOWS\openrda.ini
[2011/04/09 12:16:38 | 000,000,000 | ---- | C] () -- H:\WINDOWS\drvxl32.INI
[2011/04/09 12:16:34 | 000,000,000 | ---- | C] () -- H:\WINDOWS\drvwd32.INI
[2011/03/15 18:39:22 | 000,000,214 | ---- | C] () -- H:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2010/08/08 23:35:00 | 000,079,872 | ---- | C] () -- H:\Documents and Settings\Gemma\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
========== ZeroAccess Check ==========
[2011/04/09 12:11:25 | 000,000,227 | RHS- | M] () -- H:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2010/04/17 03:09:07 | 001,509,888 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 23:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 11:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2012/12/03 22:10:19 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Administrator\Application Data\Bitdefender
[2012/12/18 08:10:58 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012/07/03 22:43:11 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\BDLogging
[2012/09/06 11:58:18 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\Bitdefender
[2011/10/15 18:37:19 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\CheckPoint
[2010/08/08 18:10:04 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\Kaspersky SDK
[2010/09/12 09:31:06 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\NokiaInstallerCache
[2010/09/12 09:34:48 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\PC Suite
[2010/08/08 22:31:41 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/07/11 17:43:24 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\{4C0DBD62-F011-4A41-B11D-BE5CFA6DEDD7}
[2012/10/01 15:21:03 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Elizabeth\Application Data\Bitdefender
[2010/09/20 14:06:03 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Elizabeth\Application Data\CheckPoint
[2010/09/20 14:06:12 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Elizabeth\Application Data\MailFrontier
[2012/11/19 17:26:52 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Gemma\Application Data\AUSkey
[2012/09/06 22:11:52 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Gemma\Application Data\Bitdefender
[2010/08/08 18:01:39 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Gemma\Application Data\CheckPoint
[2012/12/16 19:37:27 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Gemma\Application Data\DDMSettings
[2012/01/31 20:21:53 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Gemma\Application Data\Image Zone Express
[2011/07/11 15:55:31 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Gemma\Application Data\MailFrontier
[2010/09/12 09:34:45 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Gemma\Application Data\PC Suite
[2012/07/03 22:38:13 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Gemma\Application Data\QuickScan
========== Purity Check ==========
< End of report >
OTL Extras logfile created on: 20/12/2012 7:58:07 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = H:\Documents and Settings\Gemma\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy
3.25 Gb Total Physical Memory | 2.38 Gb Available Physical Memory | 73.18% Memory free
5.09 Gb Paging File | 4.26 Gb Available in Paging File | 83.76% Paging File free
Paging file location(s): H:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = H: | %SystemRoot% = H:\WINDOWS | %ProgramFiles% = H:\Program Files
Drive H: | 465.75 Gb Total Space | 360.21 Gb Free Space | 77.34% Space Free | Partition Type: NTFS
Drive M: | 931.51 Gb Total Space | 19.98 Gb Free Space | 2.14% Space Free | Partition Type: NTFS
Computer Name: TONKA | User Name: Gemma | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_USERS\S-1-5-21-1645522239-1993962763-839522115-1004\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"H:\Program Files\Windows Live\Messenger\wlcsdk.exe" = H:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"H:\Program Files\Windows Live\Messenger\msnmsgr.exe" = H:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"H:\Program Files\Bonjour\mDNSResponder.exe" = H:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"H:\Program Files\Windows Live\Messenger\wlcsdk.exe" = H:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"H:\Program Files\Windows Live\Messenger\msnmsgr.exe" = H:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"H:\Program Files\HP\HP Photosmart 6510 series\Bin\DeviceSetup.exe" = H:\Program Files\HP\HP Photosmart 6510 series\Bin\DeviceSetup.exe:LocalSubNet:Enabled:HP Device Setup (HP Photosmart 6510 series) -- (Hewlett-Packard Co.)
"H:\Program Files\HP\HP Photosmart 6510 series\Bin\HPNetworkCommunicator.exe" = H:\Program Files\HP\HP Photosmart 6510 series\Bin\HPNetworkCommunicator.exe:LocalSubNet:Enabled:HP Network Communicator (HP Photosmart 6510 series) -- (Hewlett-Packard Co.)
"H:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = H:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"H:\Program Files\iTunes\iTunes.exe" = H:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"H:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" = H:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{03B1B42B-F6DE-41d9-8CFF-DC44E895C7A7}" = PhotoGallery
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{069730C2-755A-485B-A205-27A1AAFA836A}" = InstantShareAlert
"{1976B721-8F15-4B86-92D2-725364AF8CE0}" = AUSkey software 1.4.0.3
"{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}" = Bing Bar
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21DB3D90-D816-4092-A260-CA3F6B55A6DD}" = Sonic_PrimoSDK
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23A7B376-BBEC-4e76-BBD7-0F155E70D74B}" = CP_Panorama1Config
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{32BDCCB8-9DC8-496d-9DB1-F77510775BDB}" = InstantShareDevices
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36E47DA1-10E1-45d9-8B19-14D19607CDCF}" = CP_CalendarTemplates1
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{55D5A77E-FAAA-4358-B3E5-6565E024F78B}" = MYOB ODBC Direct v10 AUS
"{56EE8B17-8274-418d-89AC-C057C5DB251E}" = RandMap
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{5A01C58E-B0EC-49b9-AD71-7C0468688087}" = CP_Package_Basic1
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{66BA8C26-AFE4-4408-807B-43E76B57EF53}" = SkinsHP1
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{710BF966-43C8-4216-A8EC-BC4E169FF7C1}" = MobileMe Control Panel
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{7E27304E-BAA2-4d90-A34E-76641FAFABB4}" = CP_AtenaShokunin1Config
"{8272813D-F806-4AD1-95E0-9F4340F4B329}" = HP Photosmart 6510 series Product Improvement Study
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99E420FC-372C-4107-BA85-4CC44E265C2A}" = MYOB AccountRight Plus v19
"{A06176AF-7494-4B29-BE74-F01323AD3233}" = MYOB BusinessBasics v1
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2F95F8C-CDA9-4B08-BAD1-CA9656E4EC14}" = HP Photosmart 6510 series Help
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A5BB5365-EFB4-44c3-A7E2-EB59B7EFD23D}" = CueTour
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI
"{AF06FEB8-B5BB-44EA-B554-B825A65025EC}" = HP Photosmart 6510 series Basic Device Software
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B0261E53-B6F1-474A-864B-E7C3CBF468E0}" = iTunes
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 310.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 310.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.53
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{B96D2269-568B-4CBF-9332-12FAE8B158F7}" = Medieval CUE Splitter
"{C078C299-C2C2-4110-A6EF-8D5E66C228DA}" = e-tax 2011
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FB3BE405-6BF0-490A-84B3-00611385EA0D}" = Common-Use Signing Interface
"{FBE569CA-BFEB-4E57-A674-F94D938E1AEF}" = e-tax 2010
"{FE64AE29-0883-4C70-8388-DC026019C900}" = HP Image Zone Express
"{FF7DD5BE-42FF-44B8-AF36-4A46CD2C6D42}" = AUSkey software 1.4.0.6
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Alt.Binz" = Alt.Binz 0.25.0
"Bitdefender" = Bitdefender Total Security 2013
"CCleaner" = CCleaner
"Common-Use Signing Interface" = Common-Use Signing Interface
"CutePDF Writer Installation" = CutePDF Writer 3.0
"Direct WAV MP3 Splitter_is1" = Direct WAV MP3 Splitter version 2.6.0.21
"DivX Setup" = DivX Setup
"DVD Flick_is1" = DVD Flick 1.3.0.7
"FileHippo.com" = FileHippo.com Update Checker
"HP Photo & Imaging" = HP Image Zone 5.3
"HP Photo Creations" = HP Photo Creations
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{55D5A77E-FAAA-4358-B3E5-6565E024F78B}" = MYOB ODBC Direct v10 AUS
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"InstallShield_{99E420FC-372C-4107-BA85-4CC44E265C2A}" = MYOB AccountRight Plus v19
"InstallShield_{A06176AF-7494-4B29-BE74-F01323AD3233}" = MYOB BusinessBasics v1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"mpegable DS" = mpegable DS decoder
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Non Driver CIO Components" = Non Driver CIO Components
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"oggcodecs" = oggcodecs 0.71.0946
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WET7Cable" = Windows Easy Transfer for Windows 7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.20 (32-bit)
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XP Codec Pack" = XP Codec Pack
"Xvid_is1" = Xvid 1.1.3 final uninstall
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1645522239-1993962763-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 3/12/2012 7:27:54 AM | Computer Name = TONKA | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x03237e30.
Error - 3/12/2012 7:27:59 AM | Computer Name = TONKA | Source = Application Error | ID = 1001
Description = Fault bucket 879003832.
[ System Events ]
Error - 19/12/2012 4:38:32 PM | Computer Name = TONKA | Source = DCOM | ID = 10010
Description = The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register
with DCOM within the required timeout.
Error - 19/12/2012 4:48:06 PM | Computer Name = TONKA | Source = Service Control Manager | ID = 7023
Description = The Automatic Updates service terminated with the following error:
%%126
Error - 19/12/2012 4:48:36 PM | Computer Name = TONKA | Source = DCOM | ID = 10010
Description = The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register
with DCOM within the required timeout.
Error - 19/12/2012 4:52:41 PM | Computer Name = TONKA | Source = Service Control Manager | ID = 7023
Description = The BITS service terminated with the following error: %%126
Error - 19/12/2012 4:52:41 PM | Computer Name = TONKA | Source = Service Control Manager | ID = 7023
Description = The Automatic Updates service terminated with the following error:
%%126
Error - 19/12/2012 4:53:40 PM | Computer Name = TONKA | Source = Service Control Manager | ID = 7023
Description = The Automatic Updates service terminated with the following error:
%%126
Error - 19/12/2012 4:54:10 PM | Computer Name = TONKA | Source = DCOM | ID = 10010
Description = The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register
with DCOM within the required timeout.
Error - 19/12/2012 4:58:29 PM | Computer Name = TONKA | Source = Service Control Manager | ID = 7023
Description = The BITS service terminated with the following error: %%126
Error - 19/12/2012 4:58:57 PM | Computer Name = TONKA | Source = Service Control Manager | ID = 7023
Description = The Automatic Updates service terminated with the following error:
%%126
Error - 19/12/2012 4:58:59 PM | Computer Name = TONKA | Source = DCOM | ID = 10010
Description = The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register
with DCOM within the required timeout.
< End of report >
-
Hi MrC
It took me 4 goes to get MBar to work (ended up having to run it in safemode first time) as I think Bitdefender, MBam or SpyBot were interfering with it and kept making my pc freeze during the scan. Once run twice it found nothing though! I have attached the logs.
I am still experiencing problems on start up (black screen/freeze) when Windows is booting up or screen freezes when loading my user screen and I have to reboot 2 times on average to get it to work. There are several error messages in my system event logs, with entries from 19/11/12 onwards. The first few I don't understand but the more recent ones relate to Spybot update failing on start up (I think) so maybe this is part of my problem. I will try uninstalling it and see if I still have problems. It may be best to just reinstall the OS over the christmas break if it continues.
Thanks heaps for your help. I really appreciate it.
Cheers,
Gemma
mbar-log-2012-12-19 (19-28-05).txt
-
Ok, here it is below. Also, I think when I had problems downloading RogueKiller the other day it was because Bitdefender thought it was an infected file.
ComboFix 12-12-17.02 - Gemma 18/12/2012 22:04:54.2.4 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3326.2485 [GMT 11:00]
Running from: h:\documents and settings\Gemma\Desktop\ComboFix.exe
AV: Bitdefender Antivirus *Disabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: Bitdefender Firewall *Enabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
h:\documents and settings\All Users\Application Data\1341315430.bdinstall.bin
h:\documents and settings\All Users\Application Data\1346892345.bdinstall.bin
h:\documents and settings\All Users\Application Data\1346892754.bdinstall.bin
h:\documents and settings\Gemma\Application Data\HPSU_48BitScanUpdate.log
h:\windows\system32\SET4D.tmp
h:\windows\system32\SET50.tmp
h:\windows\system32\SET54.tmp
h:\windows\system32\SET55.tmp
h:\windows\system32\SET5C.tmp
h:\windows\system32\SET5E.tmp
h:\windows\system32\URTTemp
h:\windows\system32\URTTemp\regtlib.exe
h:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Files Created from 2012-11-18 to 2012-12-18 )))))))))))))))))))))))))))))))
.
.
2012-12-17 21:10 . 2012-12-17 21:10 -------- d-----w- h:\program files\iPod
2012-12-17 21:10 . 2012-12-17 21:10 -------- d-----w- h:\program files\iTunes
2012-12-17 21:10 . 2012-12-17 21:10 -------- d-----w- h:\documents and settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-12-16 08:37 . 2012-12-16 08:37 -------- d-----w- h:\documents and settings\Gemma\Application Data\DDMSettings
2012-12-03 11:17 . 2012-12-03 11:17 -------- d-----w- h:\documents and settings\Administrator\Local Settings\Application Data\Google
2012-12-03 11:10 . 2012-12-03 11:10 -------- d-----w- h:\documents and settings\Administrator\Application Data\Bitdefender
2012-12-03 10:59 . 2012-12-03 10:59 -------- d-----w- h:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2012-12-03 09:49 . 2012-12-03 09:49 -------- d-----w- h:\documents and settings\Administrator\Application Data\Malwarebytes
2012-12-01 07:57 . 2012-12-03 11:16 -------- d-----w- H:\Other Videos
2012-11-25 03:18 . 2009-01-25 01:14 15224 ----a-w- h:\windows\system32\sdnclean.exe
2012-11-25 03:17 . 2012-11-25 03:18 -------- d-----w- h:\program files\Spybot - Search & Destroy 2
2012-11-25 03:10 . 2012-12-16 08:25 -------- d-----w- h:\program files\CCleaner
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-16 06:53 . 2012-04-08 10:09 73656 ----a-w- h:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-16 06:53 . 2012-04-08 10:09 697272 ----a-w- h:\windows\system32\FlashPlayerApp.exe
2012-12-11 08:00 . 2012-09-06 00:56 242504 ----a-w- h:\windows\system32\drivers\avchv.sys
2012-11-13 20:29 . 2012-11-13 20:29 354216 ----a-w- h:\windows\system32\DivXControlPanelApplet.cpl
2012-11-13 01:25 . 2004-08-04 12:00 1866368 ----a-w- h:\windows\system32\win32k.sys
2012-11-13 00:21 . 2012-09-06 00:52 343456 ----a-w- h:\windows\system32\drivers\trufos.sys
2012-11-06 00:41 . 2004-08-04 12:00 290560 ----a-w- h:\windows\system32\atmfd.dll
2012-11-02 02:02 . 2004-08-04 12:00 375296 ----a-w- h:\windows\system32\dpnet.dll
2012-11-01 12:17 . 2004-08-04 12:00 916992 ----a-w- h:\windows\system32\wininet.dll
2012-11-01 12:17 . 2004-08-04 12:00 43520 ----a-w- h:\windows\system32\licmgr10.dll
2012-11-01 12:17 . 2004-08-04 12:00 1469440 ----a-w- h:\windows\system32\inetcpl.cpl
2012-11-01 00:35 . 2004-08-04 12:00 385024 ----a-w- h:\windows\system32\html.iec
2012-10-26 08:30 . 2012-10-26 08:30 622616 ----a-w- h:\windows\system32\drivers\avc3.sys
2012-10-26 08:28 . 2012-09-06 00:56 481464 ----a-w- h:\windows\system32\drivers\avckf.sys
2012-10-26 08:28 . 2012-09-06 00:56 66392 ----a-w- h:\windows\system32\drivers\bdsandbox.sys
2012-10-24 16:12 . 2012-10-24 16:12 94208 ----a-w- h:\windows\system32\QuickTimeVR.qtx
2012-10-24 16:12 . 2012-10-24 16:12 69632 ----a-w- h:\windows\system32\QuickTime.qts
2012-10-12 08:42 . 2012-10-12 08:42 249856 ------w- h:\windows\Setup1.exe
2012-10-12 08:42 . 2012-10-12 08:42 73216 ----a-w- h:\windows\ST6UNST.EXE
2012-10-02 18:04 . 2004-08-04 12:00 58368 ----a-w- h:\windows\system32\synceng.dll
2012-10-01 04:24 . 2012-09-06 00:52 161312 ----a-w- h:\windows\system32\drivers\gzflt.sys
2012-09-29 08:54 . 2012-11-09 10:39 22856 ----a-w- h:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}]
2012-06-11 06:22 1307728 ----a-w- h:\program files\Microsoft\BingBar\7.1.391.0\BingExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox1]
@="{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}"
[HKEY_CLASSES_ROOT\CLSID\{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}]
2012-11-13 00:21 240920 ----a-w- h:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox2]
@="{342DAA0B-D796-460D-8566-901E08A1CCAD}"
[HKEY_CLASSES_ROOT\CLSID\{342DAA0B-D796-460D-8566-901E08A1CCAD}]
2012-11-13 00:21 240920 ----a-w- h:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox3]
@="{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}"
[HKEY_CLASSES_ROOT\CLSID\{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}]
2012-11-13 00:21 240920 ----a-w- h:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox4]
@="{33816773-98AE-4723-ADE0-EBE54C8B5A67}"
[HKEY_CLASSES_ROOT\CLSID\{33816773-98AE-4723-ADE0-EBE54C8B5A67}]
2012-11-13 00:21 240920 ----a-w- h:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FileHippo.com"="h:\program files\FileHippo.com\UpdateChecker.exe" [2012-11-23 307712]
"HP Photosmart 6510 series (NET)"="h:\program files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe" [2011-09-16 1804648]
"Spybot-S&D Cleaning"="h:\program files\Spybot - Search & Destroy 2\SDCleaner.exe" [2012-11-13 3713032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2009-02-02 18085888]
"AppleSyncNotifier"="h:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-01 59240]
"APSDaemon"="h:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"HP Software Update"="h:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-02-18 49208]
"Bdagent"="h:\program files\Bitdefender\Bitdefender 2013\bdagent.exe" [2012-12-01 1613368]
"Adobe ARM"="h:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896]
"NvMediaCenter"="h:\windows\system32\NvMcTray.dll" [2012-08-30 108392]
"NvCplDaemon"="h:\windows\system32\NvCpl.dll" [2012-08-30 15512424]
"QuickTime Task"="h:\program files\QuickTime\QTTask.exe" [2012-10-24 421888]
"SDTray"="h:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176]
"DivXMediaServer"="h:\program files\DivX\DivX Media Server\DivXMediaServer.exe" [2012-11-13 450560]
"DivXUpdate"="h:\program files\DivX\DivX Update\DivXUpdate.exe" [2012-11-30 1263512]
"iTunesHelper"="h:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="h:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
h:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Image Zone Fast Start.lnk - h:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-5-12 73728]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "h:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"h:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"h:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"h:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"h:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"h:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe"=
"h:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe"=
"h:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe"=
"h:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"=
"h:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"h:\\Program Files\\iTunes\\iTunes.exe"=
.
R0 avc3;avc3;h:\windows\system32\drivers\avc3.sys [26/10/2012 7:30 PM 622616]
R0 gzflt;gzflt;h:\windows\system32\drivers\gzflt.sys [6/09/2012 11:52 AM 161312]
R1 BDVEDISK;BDVEDISK;h:\windows\system32\drivers\bdvedisk.sys [6/09/2012 11:56 AM 72704]
R1 SASDIFSV;SASDIFSV;h:\program files\SUPERAntiSpyware\sasdifsv.sys [23/07/2011 3:27 AM 12880]
R1 SASKUTIL;SASKUTIL;h:\program files\SUPERAntiSpyware\SASKUTIL.SYS [13/07/2011 8:55 AM 67664]
R2 !SASCORE;SAS Core Service;h:\program files\SUPERAntiSpyware\SASCore.exe [12/07/2012 5:54 AM 116608]
R2 MBAMScheduler;MBAMScheduler;h:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [9/11/2012 9:39 PM 399432]
R2 SafeBox;SafeBox;h:\program files\Bitdefender\Bitdefender Safebox\safeboxservice.exe [6/09/2012 11:56 AM 82824]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;h:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [25/11/2012 2:18 PM 1103392]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;h:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [25/11/2012 2:18 PM 1369624]
R2 UPDATESRV;Bitdefender Desktop Update Service;h:\program files\Bitdefender\Bitdefender 2013\updatesrv.exe [6/09/2012 11:56 AM 55544]
R3 avchv;avchv Function Driver;h:\windows\system32\drivers\avchv.sys [6/09/2012 11:56 AM 242504]
R3 BBUpdate;BBUpdate;h:\program files\Microsoft\BingBar\7.1.391.0\SeaPort.EXE [11/06/2012 5:22 PM 240208]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;h:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf.sys [6/09/2012 11:56 AM 116248]
S2 BBSvc;BingBar Service;h:\program files\Microsoft\BingBar\7.1.391.0\BBSvc.EXE [11/06/2012 5:22 PM 193616]
S2 MBAMService;MBAMService;h:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [9/11/2012 9:39 PM 676936]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;h:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [25/11/2012 2:18 PM 168384]
S3 avckf;avckf;h:\windows\system32\drivers\avckf.sys [6/09/2012 11:56 AM 481464]
S3 BDSandBox;BDSandBox;h:\windows\system32\drivers\bdsandbox.sys [6/09/2012 11:56 AM 66392]
S3 MBAMProtector;MBAMProtector;h:\windows\system32\drivers\mbam.sys [9/11/2012 9:39 PM 22856]
S3 WDC_SAM;WD SCSI Pass Thru driver;h:\windows\system32\drivers\wdcsam.sys [6/05/2008 4:06 PM 11520]
S4 BdDesktopParental;Bitdefender Desktop Parental Control;h:\program files\Bitdefender\Bitdefender 2013\bdparentalservice.exe [6/09/2012 11:56 AM 59152]
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-18 h:\windows\Tasks\Adobe Flash Player Updater.job
- h:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 06:53]
.
2012-05-30 h:\windows\Tasks\AppleSoftwareUpdate.job
- h:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 07:57]
.
2012-11-10 h:\windows\Tasks\At1.job
- h:\program files\HP\HP Photosmart 6510 series\Bin\HPCustPartic.exe [2011-09-16 01:01]
.
2012-12-16 h:\windows\Tasks\At2.job
- h:\program files\HP\HP Photosmart 6510 series\Bin\HPCustPartic.exe [2011-09-16 01:01]
.
2012-12-16 h:\windows\Tasks\At3.job
- h:\program files\HP\HP Photosmart 6510 series\Bin\HPCustPartic.exe [2011-09-16 01:01]
.
2012-11-26 h:\windows\Tasks\At4.job
- h:\program files\HP\HP Photosmart 6510 series\Bin\HPCustPartic.exe [2011-09-16 01:01]
.
2012-12-18 h:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- h:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2012-11-25 03:08]
.
2012-12-01 h:\windows\Tasks\Disk Cleanup.job
- h:\windows\system32\cleanmgr.exe [2004-08-04 00:12]
.
2012-11-26 h:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-1993962763-839522115-1004Core.job
- h:\documents and settings\Gemma\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-08 10:57]
.
2012-12-17 h:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-1993962763-839522115-1004UA.job
- h:\documents and settings\Gemma\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-08 10:57]
.
2012-11-26 h:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-1993962763-839522115-1005Core.job
- h:\documents and settings\Elizabeth\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-25 04:56]
.
2012-12-17 h:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-1993962763-839522115-1005UA.job
- h:\documents and settings\Elizabeth\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-25 04:56]
.
2012-12-18 h:\windows\Tasks\HP Photo Creations Messager.job
- h:\documents and settings\All Users\Application Data\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11]
.
2012-12-16 h:\windows\Tasks\Malwarebytes' Anti-Malware.job
- h:\progra~1\MALWAR~1\mbam.exe [2012-11-09 08:54]
.
2012-11-25 h:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- h:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2012-11-25 03:07]
.
2012-11-25 h:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- h:\program files\Spybot - Search & Destroy 2\SDScan.exe [2012-11-25 03:07]
.
2012-03-19 h:\windows\Tasks\shutdown.job
- h:\windows\system32\shutdown.exe [2004-08-04 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Settings,ProxyOverride = <local>;*.local
uInternet Settings,ProxyServer = 200.76.23.165:80
IE: E&xport to Microsoft Excel - h:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.1.1.1
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-18364662.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-18 22:15
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1645522239-1993962763-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{35FF3DB5-B1F9-448B-3FC7-6CED177A7C9C}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"oagpihefnphanpfngepnpkplhbkhlj"=hex:64,61,67,6e,69,6e,62,61,00,84
"oakolcohlajajeehcenikdpffabegp"=hex:6a,61,6c,6e,70,6c,66,64,6e,68,6b,67,67,6d,
69,68,69,70,67,68,00,02
"naibbchnamilgnjlfiodjaoenkna"=hex:6a,61,67,6e,6e,6e,6c,63,61,69,62,67,6d,6c,
64,70,68,70,6e,69,00,02
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@h:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="h:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2012-12-18 22:26:12
ComboFix-quarantined-files.txt 2012-12-18 11:26
ComboFix2.txt 2011-11-20 04:18
.
Pre-Run: 387,294,380,032 bytes free
Post-Run: 387,721,732,096 bytes free
.
- - End Of File - - C9D8FB8810D04FE0CD90D57288070B81
-
07:43:49.0000 2960 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
07:43:51.0015 2960 ============================================================
07:43:51.0015 2960 Current date / time: 2012/12/18 07:43:51.0015
07:43:51.0015 2960 SystemInfo:
07:43:51.0015 2960
07:43:51.0015 2960 OS Version: 5.1.2600 ServicePack: 3.0
07:43:51.0015 2960 Product type: Workstation
07:43:51.0015 2960 ComputerName: TONKA
07:43:51.0015 2960 UserName: Gemma
07:43:51.0015 2960 Windows directory: H:\WINDOWS
07:43:51.0015 2960 System windows directory: H:\WINDOWS
07:43:51.0015 2960 Processor architecture: Intel x86
07:43:51.0015 2960 Number of processors: 4
07:43:51.0015 2960 Page size: 0x1000
07:43:51.0015 2960 Boot type: Normal boot
07:43:51.0015 2960 ============================================================
07:43:53.0031 2960 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
07:43:53.0031 2960 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1F8B1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
07:43:53.0093 2960 ============================================================
07:43:53.0093 2960 \Device\Harddisk0\DR0:
07:43:53.0093 2960 MBR partitions:
07:43:53.0093 2960 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D41
07:43:53.0093 2960 \Device\Harddisk1\DR1:
07:43:53.0093 2960 MBR partitions:
07:43:53.0093 2960 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x747055D1
07:43:53.0093 2960 ============================================================
07:43:53.0125 2960 H: <-> \Device\Harddisk0\DR0\Partition1
07:43:53.0156 2960 M: <-> \Device\Harddisk1\DR1\Partition1
07:43:53.0156 2960 ============================================================
07:43:53.0156 2960 Initialize success
07:43:53.0156 2960 ============================================================
07:44:56.0828 1716 Deinitialize success
-
Ok, I downloaded the software and double clicked to open. It seemed to start scanning straight away and then the opened window disappeared and a file called "RK_Quarantine" appeared on my desktop. Nothing seemed to be happening so I opened Google chrome and went back to the link above to read through your instructions again. When I returned to my desktop the RogueKiller file had disappeared! I tried to download it again and it said I had insufficient rights. I tried again by opening it in a different window and I got it to work.
Here is the report:
RogueKiller V8.4.0 [Dec 15 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Gemma [Admin rights]
Mode : Scan -- Date : 12/17/2012 19:45:37
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 4 ¤¤¤
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (200.76.23.165:80) -> FOUND
[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[17] : NtAllocateVirtualMemory @ 0x805A8AC2 -> HOOKED (\??\H:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys @ 0xB34DA060)
SSDT[19] : NtAssignProcessToJobObject @ 0x805D66A0 -> HOOKED (\??\H:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys @ 0xB34DABCA)
SSDT[25] : NtClose @ 0x805BC538 -> HOOKED (\??\H:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys @ 0xB34DDABA)
SSDT[31] : NtConnectPort @ 0x805A45D8 -> HOOKED (\??\H:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys @ 0xB34DC346)
SSDT[37] : NtCreateFile @ 0x805790A2 -> HOOKED (\??\H:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys @ 0xB34DB894)
SSDT[41] : NtCreateKey @ 0x806240F6 -> HOOKED (\??\H:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys @ 0xB34DCA3E)
SSDT[47] : NtCreateProcess @ 0x805D1250 -> HOOKED (\??\H:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys @ 0xB34DAE20)
SSDT[48] : NtCreateProcessEx @ 0x805D119A -> HOOKED (\??\H:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys @ 0xB34DAED6)
SSDT[50] : NtCreateSection @ 0x805AB3D0 -> HOOKED (\??\H:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys @ 0xB34DB1BE)
SSDT[53] : NtCreateThread @ 0x805D1038 -> HOOKED (\??\H:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys @ 0xB34D99D0)
SSDT[66] : NtDeviceIoControlFile @ 0x80579268 -> HOOKED (\??\H:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys @ 0xB34DCBAE)
SSDT[68] : NtDuplicateObject @ 0x805BE010 -> HOOKED (\??\H:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys @ 0xB34E0F48)
SSDT[84] : NtFsControlFile @ 0x8057929C -> HOOKED (\??\H:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys @ 0xB34DCE66)
SSDT[97] : NtLoadDriver @ 0x80584172 -> HOOKED (\??\H:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys @ 0xB34DA4D6)
SSDT[105] : NtMakeTemporaryObject @ 0x805BC5DC -> HOOKED (\??\H:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys @ 0xB34DD862)
SSDT[116] : NtOpenFile @ 0x8057A1A0 -> HOOKED (\??\H:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys @ 0xB34DB68C)
SSDT[122] : NtOpenProcess @ 0x805CB456 -> HOOKED (\??\H:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys @ 0xB34E09A0)
SSDT[125] : NtOpenSection @ 0x805AA3F4 -> HOOKED (\??\H:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys @ 0xB34DAF90)
SSDT[128] : NtOpenThread @ 0x805CB6E2 -> HOOKED (\??\H:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys @ 0xB34E0C50)
SSDT[137] : NtProtectVirtualMemory @ 0x805B8426 -> HOOKED (\??\H:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys @ 0xB34D9EE4)
SSDT[180] : NtQueueApcThread @ 0x805D2756 -> HOOKED (\??\H:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys @ 0xB34DACF2)
SSDT[193] : NtReplaceKey @ 0x806261CA -> HOOKED (\??\H:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys @ 0xB34DD6B0)
SSDT[199] : NtRequestPort @ 0x805A2A52 -> HOOKED (\??\H:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys @ 0xB34DC4B4)
SSDT[200] : NtRequestWaitReplyPort @ 0x805A2D7E -> HOOKED (\??\H:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys @ 0xB34DBE48)
SSDT[204] : NtRestoreKey @ 0x80625AD6 -> HOOKED (\??\H:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys @ 0xB34DD73A)
SSDT[210] : NtSecureConnectPort @ 0x805A3D6C -> HOOKED (\??\H:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys @ 0xB34DC8CE)
SSDT[213] : NtSetContextThread @ 0x805D2C1A -> HOOKED (\??\H:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys @ 0xB34D9B40)
SSDT[237] : NtSetSecurityObject @ 0x805C0636 -> HOOKED (\??\H:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys @ 0xB34DD60A)
SSDT[240] : NtSetSystemInformation @ 0x8060FD24 -> HOOKED (\??\H:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys @ 0xB34DA6D0)
SSDT[249] : NtShutdownSystem @ 0x80612FAE -> HOOKED (\??\H:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys @ 0xB34DD7CC)
SSDT[253] : NtSuspendProcess @ 0x805D4AE0 -> HOOKED (\??\H:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys @ 0xB34D9DBC)
SSDT[254] : NtSuspendThread @ 0x805D4952 -> HOOKED (\??\H:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys @ 0xB34D9C96)
SSDT[255] : NtSystemDebugControl @ 0x806180CA -> HOOKED (\??\H:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys @ 0xB34DAAFC)
SSDT[257] : NtTerminateProcess @ 0x805D22D8 -> HOOKED (\??\H:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys @ 0xB34E0898)
SSDT[258] : NtTerminateThread @ 0x805D24D2 -> HOOKED (\??\H:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys @ 0xB34E113A)
SSDT[262] : NtUnloadDriver @ 0x80584306 -> HOOKED (\??\H:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys @ 0xB34DD8F8)
SSDT[277] : NtWriteVirtualMemory @ 0x805B43D4 -> HOOKED (\??\H:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys @ 0xB34D9854)
S_SSDT[307] : NtUserAttachThreadInput -> HOOKED (\??\H:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys @ 0xB34D943C)
S_SSDT[322] : NtUserCallNoParam -> HOOKED (\??\H:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys @ 0xB34D9644)
S_SSDT[323] : NtUserCallOneParam -> HOOKED (\??\H:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys @ 0xB34D9596)
S_SSDT[347] : NtUserDdeSetQualityOfService -> HOOKED (\??\H:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys @ 0xB34D93A2)
S_SSDT[383] : NtUserGetAsyncKeyState -> HOOKED (\??\H:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys @ 0xB34D933E)
S_SSDT[414] : NtUserGetKeyboardState -> HOOKED (\??\H:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys @ 0xB34D91D0)
S_SSDT[416] : NtUserGetKeyState -> HOOKED (\??\H:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys @ 0xB34D916C)
S_SSDT[460] : NtUserMessageCall -> HOOKED (\??\H:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys @ 0xB34D8E76)
S_SSDT[475] : NtUserPostMessage -> HOOKED (\??\H:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys @ 0xB34D8C7C)
S_SSDT[476] : NtUserPostThreadMessage -> HOOKED (\??\H:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys @ 0xB34D8CFC)
S_SSDT[491] : NtUserRegisterRawInputDevices -> HOOKED (\??\H:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys @ 0xB34D8EFE)
S_SSDT[502] : NtUserSendInput -> HOOKED (\??\H:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys @ 0xB34D8C2A)
S_SSDT[549] : NtUserSetWindowsHookEx -> HOOKED (\??\H:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys @ 0xB34D827C)
S_SSDT[552] : NtUserSetWinEventHook -> HOOKED (\??\H:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys @ 0xB34D870A)
¤¤¤ HOSTS File: ¤¤¤
--> H:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
[...]
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: ST3500418AS +++++
--- User ---
[MBR] 1c16ffd9dacf72be06542c7b354713d1
[bSP] 68c87b7ffe18b9f0a2c898443aca5d42 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476929 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: WDC WD10EARS-00MVWB0 +++++
--- User ---
[MBR] 587c5cf1103601afa846cf3d5d548844
[bSP] f68e70e5f757c1f796d4abd4b4f885cc : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 953866 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1]_S_12172012_02d1945.txt >>
RKreport[1]_S_12172012_02d1945.txt
-
Hi there,
My pc has been running slow for several weeks now and I have run scans with malwarebytes & my antivirus software but found nothing. I recently upgraded sypbot search & destroy and ran the rootkit scan. It found something in two video files I got from a friend's portable harddrive so I deleted the files. I had opened one of the files to watch about a month ago. Last night when I shut down google chrome there was a pop window open with a link to some sex website. So I ran spybot's rootkit scan again and found this:
Type: Value
Object: 齈웰行令ᖐ哘
Location: HKLM\SYSTEM\ControlSet003\Control\Session Manager\
Details: Invisible to Win32
I have downloaded dds. Attached are the two files. If someone could help me out that would be appreciated.
Gemma
-
Thanks Maniac, all done now
-
Hi Maniac, I have been following your instructions and I am up to clearing the system restore points & creating new ones.
I have done scans with both MBAM and ZoneAlarm and both come back clean but I noticed that when I run a quick scan in MBAM 209,840 files were checked but in ZA a quick scan is only scanning 7,349 files. Tonight ZA has given me pop ups every hour to say the "security scan completed" even though the software is set to scan only once a day.
I was looking at the logs in ZoneAlarm just now and note that under OSFirewall there are several entries being blocked. The filename is H:\Windows\system32\svchost.exe. When I select more info it says "Generic Host Process for Win32 Services is trying to delete a value in the registry." but that my PC is safe. Should I be concerned about this?
Finally, while cleaning up tonight I found details of a pop up that appeared last month and I noted down at the time but forgot about until now "Access violation at address 7E429486 in module USER32.dll. Read of address 0020006C."
I probably sound paranoid but I just want to make sure nothing nasty is left behind
Oh, also, is it ok to re-able teatimer now?
Thanks again for your help! I really do appreciate it.
-
Ok, cool. Sounds great. Thanks
-
Hi Maniac, yes I think everything is ok! Thank you so much for helping me. I really do appreciate it. I will be making a donation via paypal. I hope it goes to you!
Do I now delete all the files and applications you asked me to download and keep on my desktop?
-
Ok. It is downloading like normal now. Much faster than last night.
-
Ok, I downloaded and ran the AVP Tool. It didn't find anything. There was only one report to save, automatic scan report. I have ADSL2+ internet speed so it's usually fast but it took well over an hour to download the AVP file averaging 13kb/sec!!
Could ComboFix have changed my internet settings because since I have run it, I now have an IE shortcut on my desktop and Chrome is no longer my default browser? I also wasn't able to download AVP Tool via Chrome. When I clicked on download I kept getting 404 error not found. When I opened IE and tried the page loaded right away.
Also, with my previous post below. Yesterday I stupidly disconnected the internet and then ended the top 2 processes and was worried about the number of processes running. I intended to keep my pc on until I heard from you however by doing that I shut down both MBAM and ZAlarm which meant handle.3XE started to run so I stopped that process too as I had no idea if it was ligit or not. I have since checked and there is no file H:\ComboFix\handle.3XE on the H drive!
Ok, my pc would not restart or shutdown so I cut the power (I know this isn't the best thing to do) but I waited a few minutes & booted up again. I followed the instructions as soon as the pc had loaded and Combofix worked, rebooting my pc as part of the process. Below is the log. After rebooting my ZoneAlarm software has started up again with a popup saying "Suspicious Behaviour Handle viewer is trying to install a driver and gain full access to OS" I have the option to allow or deny. When I select more information it says the application: H:\ComboFix\handle.3XEWhat should I do?
-
ComboFix 11-11-19.04 - Gemma 20/11/2011 15:07:43.1.4 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3326.2618 [GMT 11:00]
Running from: h:\documents and settings\Gemma\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
h:\documents and settings\All Users\Start Menu\HP Image Zone .lnk
h:\windows\jestertb.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_COMSYSAPP
-------\Service_COMSysApp
.
.
((((((((((((((((((((((((( Files Created from 2011-10-20 to 2011-11-20 )))))))))))))))))))))))))))))))
.
.
2011-11-19 09:47 . 2011-11-19 09:47 -------- d-----w- h:\program files\ESET
2011-11-17 10:18 . 2011-11-17 10:18 388096 ----a-r- h:\documents and settings\Gemma\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-11-17 10:18 . 2011-11-17 10:18 -------- d-----w- h:\program files\Trend Micro
2011-11-15 11:37 . 2011-11-15 11:37 -------- d-----w- h:\program files\Conduit
2011-11-15 10:30 . 2011-11-15 10:30 -------- d-----w- h:\documents and settings\Gemma\Application Data\Malwarebytes
2011-11-15 10:29 . 2011-11-15 10:29 -------- d-----w- h:\documents and settings\All Users\Application Data\Malwarebytes
2011-11-15 10:29 . 2011-11-15 10:29 -------- d-----w- h:\program files\Malwarebytes' Anti-Malware
2011-11-15 10:29 . 2011-08-31 06:00 22216 ----a-w- h:\windows\system32\drivers\mbam.sys
2011-11-14 05:24 . 2011-11-14 05:24 -------- d-----w- h:\documents and settings\UpdatusUser
2011-11-14 05:24 . 2011-11-14 05:24 -------- d-----w- h:\documents and settings\All Users\Application Data\NVIDIA
2011-11-14 05:24 . 2011-05-20 19:01 543336 ----a-w- h:\windows\system32\easyupdatusapiu.dll
2011-11-14 04:50 . 2011-11-14 04:50 -------- d-----w- h:\program files\Microsoft.NET
2011-11-13 11:05 . 2011-11-13 11:05 -------- d-----w- h:\documents and settings\Gemma\Application Data\SUPERAntiSpyware.com
2011-11-13 11:05 . 2011-11-13 11:05 -------- d-----w- h:\program files\SUPERAntiSpyware
2011-11-13 11:05 . 2011-11-13 11:05 -------- d-----w- h:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-11-03 10:33 . 2011-11-03 10:33 -------- d-----w- h:\documents and settings\LocalService\Application Data\Malwarebytes
2011-10-26 08:43 . 2011-10-26 08:43 -------- d-----w- h:\program files\iPod
2011-10-26 08:43 . 2011-10-26 08:43 -------- d-----w- h:\program files\iTunes
2011-10-26 08:38 . 2011-10-26 08:38 -------- d-----w- h:\program files\Bonjour
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-10 14:22 . 2010-08-07 07:12 692736 ----a-w- h:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2004-08-04 12:00 599040 ----a-w- h:\windows\system32\crypt32.dll
2011-09-26 00:41 . 2008-07-29 09:59 611328 ----a-w- h:\windows\system32\uiautomationcore.dll
2011-09-26 00:41 . 2004-08-04 12:00 220160 ----a-w- h:\windows\system32\oleacc.dll
2011-09-26 00:41 . 2004-08-04 12:00 20480 ----a-w- h:\windows\system32\oleaccrc.dll
2011-09-06 13:20 . 2004-08-04 12:00 1858944 ----a-w- h:\windows\system32\win32k.sys
2011-08-30 12:05 . 2011-08-30 12:05 83816 ----a-w- h:\windows\system32\dns-sd.exe
2011-08-30 12:05 . 2011-08-30 12:05 73064 ----a-w- h:\windows\system32\dnssd.dll
2011-08-30 12:05 . 2011-08-30 12:05 50536 ----a-w- h:\windows\system32\jdns_sd.dll
2011-08-30 12:05 . 2011-08-30 12:05 178536 ----a-w- h:\windows\system32\dnssdX.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="h:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-11-07 4617600]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2009-02-02 18085888]
"HP Software Update"="h:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-02-18 49208]
"Adobe Reader Speed Launcher"="h:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="h:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"DivXUpdate"="h:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"AppleSyncNotifier"="h:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"QuickTime Task"="h:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"APSDaemon"="h:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-26 59240]
"iTunesHelper"="h:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"NvMediaCenter"="NvMCTray.dll" [2011-05-20 111208]
"NvCplDaemon"="h:\windows\system32\NvCpl.dll" [2011-05-20 13895272]
"nwiz"="h:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-05-04 1632360]
"Malwarebytes' Anti-Malware"="h:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"ZoneAlarm"="h:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2011-11-09 73360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="h:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
h:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - h:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]
HP Image Zone Fast Start.lnk - h:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-5-12 73728]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "h:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- h:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"h:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"h:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"h:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"h:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"h:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"h:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"h:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"h:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"h:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"h:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"h:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"h:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"h:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"h:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"h:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"h:\\Program Files\\iTunes\\iTunes.exe"=
"h:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
.
R1 kl2;kl2;h:\windows\system32\drivers\kl2.sys [14/10/2010 5:08 PM 11352]
R1 SASDIFSV;SASDIFSV;h:\program files\SUPERAntiSpyware\sasdifsv.sys [23/07/2011 3:27 AM 12880]
R1 SASKUTIL;SASKUTIL;h:\program files\SUPERAntiSpyware\SASKUTIL.SYS [13/07/2011 8:55 AM 67664]
R2 !SASCORE;SAS Core Service;h:\program files\SUPERAntiSpyware\SASCore.exe [12/08/2011 10:38 AM 116608]
R2 MBAMService;MBAMService;h:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [15/11/2011 9:29 PM 366152]
R2 nvUpdatusService;NVIDIA Update Service Daemon;h:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [14/11/2011 4:24 PM 2214504]
R3 MBAMProtector;MBAMProtector;h:\windows\system32\drivers\mbam.sys [15/11/2011 9:29 PM 22216]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;h:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 1:16 PM 130384]
S3 WDC_SAM;WD SCSI Pass Thru driver;h:\windows\system32\drivers\wdcsam.sys [6/05/2008 4:06 PM 11520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;h:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 1:16 PM 753504]
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-14 h:\windows\Tasks\AppleSoftwareUpdate.job
- h:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 07:57]
.
2011-11-01 h:\windows\Tasks\Disk Cleanup.job
- h:\windows\system32\cleanmgr.exe [2004-08-04 00:12]
.
2011-11-07 h:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-1993962763-839522115-1004Core.job
- h:\documents and settings\Gemma\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-08 10:57]
.
2011-11-19 h:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-1993962763-839522115-1004UA.job
- h:\documents and settings\Gemma\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-08 10:57]
.
2011-11-12 h:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-1993962763-839522115-1005Core.job
- h:\documents and settings\Elizabeth\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-25 04:56]
.
2011-11-19 h:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-1993962763-839522115-1005UA.job
- h:\documents and settings\Elizabeth\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-25 04:56]
.
2011-10-23 h:\windows\Tasks\Malwarebytes' Anti-Malware.job
- h:\progra~1\MALWAR~1\mbam.exe [2011-11-15 06:01]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
uInternet Settings,ProxyOverride = <local>;*.local
uInternet Settings,ProxyServer = 200.76.23.165:80
IE: E&xport to Microsoft Excel - h:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.1.1.1
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{91da5e8a-3318-4f8c-b67e-5964de3ab546} - (no file)
AddRemove-NVIDIA Display Control Panel - h:\program files\NVIDIA Corporation\Uninstall\nvuninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-20 15:14
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1645522239-1993962763-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{35FF3DB5-B1F9-448B-3FC7-6CED177A7C9C}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"oagpihefnphanpfngepnpkplhbkhlj"=hex:64,61,67,6e,69,6e,62,61,00,84
"oakolcohlajajeehcenikdpffabegp"=hex:6a,61,6c,6e,70,6c,66,64,6e,68,6b,67,67,6d,
69,68,69,70,67,68,00,02
"naibbchnamilgnjlfiodjaoenkna"=hex:6a,61,67,6e,6e,6e,6c,63,61,69,62,67,6d,6c,
64,70,68,70,6e,69,00,02
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(724)
h:\program files\SUPERAntiSpyware\SASWINLO.DLL
h:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(3888)
h:\windows\system32\WININET.dll
h:\progra~1\CHECKP~1\ZONEAL~1\MAILFR~1\mlfhook.dll
h:\windows\system32\ieframe.dll
h:\windows\system32\WPDShServiceObj.dll
h:\windows\system32\PortableDeviceTypes.dll
h:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
h:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
h:\program files\Bonjour\mDNSResponder.exe
h:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
h:\windows\system32\nvsvc32.exe
h:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
h:\windows\RTHDCPL.EXE
h:\windows\system32\RunDLL32.exe
h:\program files\iPod\bin\iPodService.exe
h:\program files\HP\Digital Imaging\bin\hpqimzone.exe
h:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
h:\progra~1\CHECKP~1\ZONEAL~1\MAILFR~1\mantispm.exe
.
**************************************************************************
.
Completion time: 2011-11-20 15:18:32 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-20 04:18
.
Pre-Run: 465,173,950,464 bytes free
Post-Run: 465,053,671,424 bytes free
.
- - End Of File - - 1D45384C8B75C8B3FDA5AFC35DC91036
Can't get rid of Vosteran!
in Resolved Malware Removal Logs
Posted
Hi Kevin,
Yes, my computer is running fine now so you can close out. Thank you very much for your assistance.
And thank you for the link re PC security and best practices. I will take the advice.
Cheers,
Gemma