Jump to content

Ping.exe problem


Recommended Posts

I have the same ping.exe problem many others appear to have. I've run MBAM, ESET online scan and TDSSKiller. They've found infections but the ping.exe keeps coming back in Task Manager. DDS logs attached. Thanks in advance for your help.

Please note: Avast is not actually installed on the machine; it's some residual file that wouldn't go away after it was uninstalled (it's the notifier file that stays in the lower right corner of the taskbar).

dds.txt

Attach.zip

Link to post
Share on other sites

Hello purdie7! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/paste in your next reply.

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check. Check the Scan All Users too.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Once OTL has completed its first scan it will save notepad copies of the scans in the folder that OTL was started from. Unless set to produce an Extras log it will only produce OTL.txt in subsequent scans.

A copy of an OTL fix log is saved in a text file at

  • :\_OTL\MovedFiles
    • in most cases this will be C:\_OTL\MovedFiles

Link to post
Share on other sites

OTL logfile created on: 12/6/2011 12:35:07 PM - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Carol\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

767.42 Mb Total Physical Memory | 516.95 Mb Available Physical Memory | 67.36% Memory free

1.83 Gb Paging File | 1.58 Gb Available in Paging File | 85.93% Paging File free

Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 37.30 Gb Total Space | 24.85 Gb Free Space | 66.62% Space Free | Partition Type: NTFS

Computer Name: PRINCESS | User Name: Carol | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Carol\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)

PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)

PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (Intel Corporation)

PRC - C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe (Intel Corporation)

PRC - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe (Intel Corporation)

PRC - C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation)

========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\system32\sqlesw32.dll ()

MOD - C:\Program Files\Alwil Software\Avast5\defs\11092200\algo.dll ()

MOD - C:\Program Files\Alwil Software\Avast5\defs\11092200\aswRep.dll ()

MOD - C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()

MOD - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF ()

MOD - \\?\globalroot\systemroot\system32\mswsock.dll ()

MOD - \\.\globalroot\systemroot\system32\mswsock.dll ()

MOD - C:\Program Files\Intel\Wireless\Bin\libeay32.dll ()

========== Win32 Services (SafeList) ==========

SRV - (SqlCSS) -- File not found

SRV - (AppMgmt) -- File not found

SRV - (6to4) -- File not found

SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)

SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)

SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)

SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)

SRV - (OwnershipProtocol) -- C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe (Intel Corporation)

========== Driver Services (SafeList) ==========

DRV - (IDMTDI) -- C:\WINDOWS\system32\drivers\idmtdi.sys (Tonec Inc.)

DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (ALWIL Software)

DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (ALWIL Software)

DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (ALWIL Software)

DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (ALWIL Software)

DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (ALWIL Software)

DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (ALWIL Software)

DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )

DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.)

DRV - (PLUsbbc2) -- C:\WINDOWS\system32\drivers\usbbc2.sys (Prolific Technology Inc.)

DRV - (LLUSBFLT) -- C:\WINDOWS\system32\drivers\llusbflt.sys (Laplink Software, Inc.)

DRV - (w29n51) Intel® -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel® Corporation)

DRV - (Cam5603D) -- C:\WINDOWS\system32\drivers\BisonCam.sys (Bison Electronics. Inc. )

DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)

DRV - (IWCA) -- C:\WINDOWS\system32\drivers\iwca.sys (Intel Corporation)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1606980848-1897051121-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKU\S-1-5-21-1606980848-1897051121-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

IE - HKU\S-1-5-21-1606980848-1897051121-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=Z131&install_date=20110911

IE - HKU\S-1-5-21-1606980848-1897051121-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = about:blank

IE - HKU\S-1-5-21-1606980848-1897051121-839522115-1004\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

IE - HKU\S-1-5-21-1606980848-1897051121-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1606980848-1897051121-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"

FF - prefs.js..keyword.URL: "http://www.bing.com/search?pc=Z131&form=ZGAADF&install_date=20110911&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2011/06/13 22:10:32 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/04 03:13:13 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/29 19:53:33 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Documents and Settings\Carol\Application Data\IDM\idmmzcc5 [2011/12/02 01:37:15 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Documents and Settings\Carol\Application Data\IDM\idmmzcc5 [2011/12/02 01:37:15 | 000,000,000 | ---D | M]

[2011/06/06 15:56:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Carol\Application Data\Mozilla\Extensions

[2011/12/04 20:58:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Carol\Application Data\Mozilla\Firefox\Profiles\jqy0ujzd.default\extensions

[2011/09/11 20:46:04 | 000,000,000 | ---D | M] ("OutWit Kernel") -- C:\Documents and Settings\Carol\Application Data\Mozilla\Firefox\Profiles\jqy0ujzd.default\extensions\{5fb1186a-3398-4c47-b579-0f2eee222ad1}

[2011/09/11 20:46:03 | 000,000,000 | ---D | M] ("OutWit Hub") -- C:\Documents and Settings\Carol\Application Data\Mozilla\Firefox\Profiles\jqy0ujzd.default\extensions\base-outfit@outwit.com

[2011/09/11 02:44:39 | 000,001,945 | ---- | M] () -- C:\Documents and Settings\Carol\Application Data\Mozilla\Firefox\Profiles\jqy0ujzd.default\searchplugins\bing-zugo.xml

[2011/12/04 03:13:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2011/12/04 03:13:13 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

() (No name found) -- C:\DOCUMENTS AND SETTINGS\CAROL\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JQY0UJZD.DEFAULT\EXTENSIONS\{3D7EB24F-2740-49DF-8937-200B1CC08F8A}.XPI

() (No name found) -- C:\DOCUMENTS AND SETTINGS\CAROL\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JQY0UJZD.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI

() (No name found) -- C:\DOCUMENTS AND SETTINGS\CAROL\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JQY0UJZD.DEFAULT\EXTENSIONS\INFO@YOUTUBE-MP3.ORG.XPI

() (No name found) -- C:\DOCUMENTS AND SETTINGS\CAROL\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JQY0UJZD.DEFAULT\EXTENSIONS\MULTILINKS@PLUGIN.XPI

() (No name found) -- C:\DOCUMENTS AND SETTINGS\CAROL\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JQY0UJZD.DEFAULT\EXTENSIONS\STATUS4EVAR@CALIGONSTUDIOS.COM.XPI

[2011/12/04 03:13:13 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2011/06/13 22:10:32 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2011/06/07 11:35:34 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll

[2011/06/29 19:53:33 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll

[2011/06/29 19:53:33 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll

[2011/06/29 19:53:33 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll

[2011/06/29 19:53:33 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll

[2011/06/29 19:53:33 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll

[2011/06/29 19:53:33 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll

[2011/06/29 19:53:33 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll

[2011/03/22 13:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll

[2011/12/04 03:13:11 | 000,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml

[2011/12/04 03:13:11 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old

[2011/12/04 03:13:11 | 000,001,131 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml

[2011/12/04 03:13:11 | 000,002,364 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml

[2011/12/04 03:13:11 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

[2011/12/04 03:13:11 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml

[2011/12/04 03:13:11 | 000,001,096 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

Hosts file not found

O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)

O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O3 - HKU\S-1-5-21-1606980848-1897051121-839522115-1004\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKU\S-1-5-21-1606980848-1897051121-839522115-1004\..\Toolbar\ShellBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O3 - HKU\S-1-5-21-1606980848-1897051121-839522115-1004\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKU\S-1-5-21-1606980848-1897051121-839522115-1004\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)

O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)

O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)

O4 - HKLM..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe (Intel Corporation)

O4 - HKLM..\Run: [intelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)

O4 - HKLM..\Run: [intelZeroConfig] C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation)

O4 - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)

O4 - HKU\S-1-5-21-1606980848-1897051121-839522115-1004..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1606980848-1897051121-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()

O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DA36750B-3FCF-4363-932F-7DC7C76D50AF}: DhcpNameServer = 209.18.47.61 209.18.47.62

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)

O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UIHost - (logonui.exe) -C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) -C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") -C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)

O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)

O20 - Winlogon\Notify\dimsntfy: DllName - (%SystemRoot%\System32\dimsntfy.dll) - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\IntelWireless: DllName - (C:\Program Files\Intel\Wireless\Bin\LgNotify.dll) - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll (Intel Corporation)

O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\sqlesw32: DllName - (sqlesw32.dll) - C:\WINDOWS\System32\sqlesw32.dll ()

O20 - Winlogon\Notify\Sqlseses: DllName - (sqlesw32.dll) - C:\WINDOWS\System32\sqlesw32.dll ()

O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\WgaLogon: DllName - (WgaLogon.dll) - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)

O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O24 - Desktop Components:0 () - file:///C:/DOCUME~1/Carol/LOCALS~1/Temp/msohtml1/01/clip_image001.jpg

O24 - Desktop Components:1 (My Current Home Page) - About:Home

O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msapsspc.dll) -C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (schannel.dll) -C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (digest.dll) -C:\WINDOWS\System32\digest.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msnsspc.dll) -C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) -C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) -C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) -C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) -C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) -C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/05/11 14:24:59 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{dbd0d3bc-3e5e-11de-8c18-0013ce99e371}\Shell\AutoRun\command - "" = E:\system\viewer\FlipVideoforPC.exe

O33 - MountPoints2\{dbd0d3bc-3e5e-11de-8c18-0013ce99e371}\Shell\Flip Video for PC\command - "" = E:\system\viewer\FlipVideoforPC.exe

O33 - MountPoints2\E\Shell - "" = AutoRun

O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/06 12:29:41 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Carol\Desktop\OTL.exe

[2011/12/06 06:19:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer

[2011/12/05 14:54:46 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos

[2011/12/05 14:54:45 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Carol\My Documents\My Videos

[2011/12/05 14:54:45 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures

[2011/12/05 14:54:45 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music

[2011/12/05 14:54:05 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Carol\Desktop\dds.scr

[2011/12/05 13:46:15 | 004,328,165 | ---- | C] (Swearware) -- C:\Documents and Settings\Carol\Desktop\ComboFix.exe

[2011/12/05 05:58:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun

[2011/12/05 03:54:31 | 001,566,512 | ---- | C] (Kaspersky Lab ZAO) -- C:\TDSSKiller.exe

[2011/12/03 13:59:17 | 000,000,000 | -HSD | C] -- C:\WINDOWS\assembly

[2011/12/02 22:06:41 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF

[2011/12/02 01:37:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carol\Application Data\IDM

[2011/12/02 01:37:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carol\Application Data\DMCache

[2011/12/02 01:35:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carol\Start Menu\Programs\Internet Download Manager

[2011/12/02 01:35:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Internet Download Manager

[2011/12/02 01:35:42 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Download Manager

[2011/11/29 14:27:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carol\My Documents\New Folder

[2011/11/29 11:30:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Mp3tag

[2011/11/14 08:39:02 | 000,101,616 | ---- | C] (Tonec Inc.) -- C:\WINDOWS\System32\drivers\idmtdi.sys

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/06 12:29:43 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Carol\Desktop\OTL.exe

[2011/12/06 12:02:01 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2011/12/06 02:39:06 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011/12/06 02:38:58 | 000,030,098 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml

[2011/12/06 02:38:40 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2011/12/06 02:38:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011/12/06 00:23:11 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2011/12/05 22:54:19 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2011/12/05 15:21:51 | 000,003,255 | ---- | M] () -- C:\Documents and Settings\Carol\Desktop\Attach.zip

[2011/12/05 14:54:11 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Carol\Desktop\dds.scr

[2011/12/05 13:46:17 | 004,328,165 | ---- | M] (Swearware) -- C:\Documents and Settings\Carol\Desktop\ComboFix.exe

[2011/12/05 03:53:23 | 001,547,774 | ---- | M] () -- C:\tdsskiller.zip

[2011/12/04 16:05:51 | 000,100,926 | ---- | M] () -- C:\WINDOWS\System32\itusbcore.dat

[2011/12/04 16:05:51 | 000,000,196 | ---- | M] () -- C:\WINDOWS\System32\itlsvc.dat

[2011/12/04 13:58:26 | 000,037,888 | ---- | M] () -- C:\WINDOWS\System32\sqlesw32.dll

[2011/12/03 23:16:37 | 000,047,616 | ---- | M] () -- C:\Documents and Settings\Carol\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/12/03 23:07:38 | 000,000,211 | -HS- | M] () -- C:\boot.ini

[2011/12/03 15:45:49 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\d28617c.com.b

[2011/12/03 15:45:20 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\nOBeTJj.dat

[2011/11/24 12:33:42 | 001,566,512 | ---- | M] (Kaspersky Lab ZAO) -- C:\TDSSKiller.exe

[2011/11/12 03:01:46 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2011/11/08 18:28:58 | 000,315,076 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2011/11/08 18:28:58 | 000,041,238 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/05 15:21:51 | 000,003,255 | ---- | C] () -- C:\Documents and Settings\Carol\Desktop\Attach.zip

[2011/12/05 05:58:31 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2011/12/05 03:54:26 | 001,547,774 | ---- | C] () -- C:\tdsskiller.zip

[2011/12/04 16:05:51 | 000,100,926 | ---- | C] () -- C:\WINDOWS\System32\itusbcore.dat

[2011/12/04 16:05:51 | 000,000,196 | ---- | C] () -- C:\WINDOWS\System32\itlsvc.dat

[2011/12/04 13:58:26 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\sqlesw32.dll

[2011/12/03 15:45:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\d28617c.com.b

[2011/12/03 15:43:00 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\nOBeTJj.dat

[2011/06/07 14:02:12 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe

[2011/06/07 14:01:19 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll

[2010/07/30 13:37:01 | 000,001,130 | ---- | C] () -- C:\Documents and Settings\Carol\Local Settings\Application Data\FASTWiz.html

[2009/10/12 16:07:29 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

[2009/06/16 17:45:31 | 000,120,406 | ---- | C] () -- C:\WINDOWS\hpqins00.dat

[2008/11/11 15:20:04 | 000,000,262 | ---- | C] () -- C:\WINDOWS\RtlRack.ini

[2008/07/21 15:14:10 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll

[2007/05/28 14:00:18 | 000,016,007 | ---- | C] () -- C:\WINDOWS\hpwscr05.dat

[2007/03/06 17:35:41 | 000,047,616 | ---- | C] () -- C:\Documents and Settings\Carol\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2006/07/22 17:16:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2006/07/22 17:16:01 | 000,006,533 | ---- | C] () -- C:\WINDOWS\mozver.dat

[2006/07/22 16:34:40 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\iwca.dll

[2006/07/22 16:27:46 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2006/07/22 15:39:11 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2006/07/22 15:33:37 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2006/07/22 11:25:37 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2006/07/22 11:24:17 | 000,267,800 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2004/08/04 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2004/08/04 07:00:00 | 000,315,076 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2004/08/04 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2004/08/04 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2004/08/04 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2004/08/04 07:00:00 | 000,041,238 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2004/08/04 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2004/08/04 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2004/08/04 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

[2004/08/04 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2003/09/22 12:49:36 | 000,015,190 | ---- | C] () -- C:\WINDOWS\M2000Twn.ini

[2003/04/10 08:26:20 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2003/04/10 08:25:18 | 000,004,604 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

========== LOP Check ==========

[2010/04/09 06:29:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software

[2011/06/10 13:27:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ

[2011/06/10 13:52:21 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan

[2010/07/30 12:45:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2010/04/20 12:56:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2011/06/10 13:52:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carol\Application Data\Canon

[2010/02/25 11:13:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carol\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2011/08/07 22:12:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carol\Application Data\CompanionLink

[2011/12/06 01:08:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carol\Application Data\DMCache

[2009/11/20 17:58:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carol\Application Data\E-centives

[2011/07/02 21:31:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carol\Application Data\FileZilla

[2011/12/02 15:45:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carol\Application Data\Foxit Software

[2011/06/10 13:46:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carol\Application Data\GrabPro

[2011/12/02 17:37:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carol\Application Data\IDM

[2009/06/26 14:04:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carol\Application Data\Image Zone Express

[2010/07/30 12:49:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carol\Application Data\Laplink

[2011/12/05 03:07:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carol\Application Data\Mp3tag

[2011/12/02 13:44:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carol\Application Data\Orbit

[2011/09/11 20:46:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carol\Application Data\OutWit

[2009/06/25 15:21:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carol\Application Data\Printer Info Cache

[2011/06/09 19:11:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carol\Application Data\ProgSense

[2006/07/22 17:27:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carol\Application Data\Thunderbird

[2010/03/16 18:34:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carol\Application Data\YouSendIt

========== Purity Check ==========

< End of report >

Link to post
Share on other sites

It appears that you have installed on your system avast! 5 antivirus. We should clean them:

Step 1

Follow the instructions here to clean Avast leftovers:

http://www.avast.com/uninstall-utility

Step 2

  • Run OTL.exe
  • Under Custom Scans/Fixes post the following script:

:OTL
MOD - C:\WINDOWS\system32\sqlesw32.dll ()
[2011/12/04 13:58:26 | 000,037,888 | ---- | M] () -- C:\WINDOWS\System32\sqlesw32.dll
O20 - Winlogon\Notify\sqlesw32: DllName - (sqlesw32.dll) - C:\WINDOWS\System32\sqlesw32.dll ()
O20 - Winlogon\Notify\Sqlseses: DllName - (sqlesw32.dll) - C:\WINDOWS\System32\sqlesw32.dll ()
[2011/12/03 15:45:49 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\d28617c.com.b
[2011/12/03 15:45:20 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\nOBeTJj.dat
SRV - (SqlCSS) -- File not found

:Commands
[emptytemp]
[resethosts]
[clearallrestorepoints]

  • Then click the Run Fix button at the top
  • Let the program run unhindered,when it is done it will say "Fix Complete press ok to open log".
  • Please post that log in your next reply.

Link to post
Share on other sites

All processes killed

========== OTL ==========

C:\WINDOWS\system32\sqlesw32.dll moved successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sqlesw32\ deleted successfully.

File C:\WINDOWS\System32\sqlesw32.dll not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Sqlseses\ deleted successfully.

File C:\WINDOWS\System32\sqlesw32.dll not found.

C:\WINDOWS\system32\d28617c.com.b moved successfully.

C:\Documents and Settings\All Users\Application Data\nOBeTJj.dat moved successfully.

Service SqlCSS stopped successfully!

Service SqlCSS deleted successfully!

File File not found not found.

========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 41620 bytes

User: All Users

User: Carol

->Temp folder emptied: 535943190 bytes

->Temporary Internet Files folder emptied: 245216588 bytes

->Java cache emptied: 477395 bytes

->FireFox cache emptied: 129969016 bytes

->Flash cache emptied: 1772470 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 41620 bytes

User: LocalService

->Temp folder emptied: 65984 bytes

->Temporary Internet Files folder emptied: 58613 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 191675060 bytes

->Java cache emptied: 2789 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 2162283 bytes

%systemroot%\System32 .tmp files removed: 2577 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 46618905 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 14590 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 228043 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,101.00 mb

HOSTS file reset successfully

Unable to start service SRService!

OTL by OldTimer - Version 3.2.31.0 log created on 12082011_034727

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Link to post
Share on other sites

The ESET scan didn't produce a log file, only a log for threats:

C:\Documents and Settings\Carol\Desktop\personal files (7-16-11)\setup files\OrbitSetup4.1.01.exe Win32/OpenCandy application deleted - quarantined

C:\Documents and Settings\Carol\Desktop\personal files (7-16-11)\setup files\OrbitSetup4.1.02.exe Win32/OpenCandy application deleted - quarantined

C:\Documents and Settings\Carol\Desktop\personal files (7-16-11)\setup files\winamp561_full_emusic-7plus_en-us.exe Win32/OpenCandy application deleted - quarantined

C:\Documents and Settings\Carol\Local Settings\Application Data\tcpCommsplugin\Dfrgcfg32.dll a variant of Win32/Sefnit.CC trojan cleaned by deleting (after the next restart) - quarantined

C:\Documents and Settings\Carol\Local Settings\Temp\NODA21C.tmp a variant of Win32/Sefnit.CC trojan cleaned by deleting (after the next restart) - quarantined

C:\Documents and Settings\Carol\Local Settings\Temporary Internet Files\Content.IE5\8P2JKXYN\spotlightpath[1].htm HTML/Iframe.B.Gen virus deleted - quarantined

C:\Documents and Settings\Carol\Local Settings\Temporary Internet Files\Content.IE5\9UHIPHQO\spotlightpath[1].htm HTML/Iframe.B.Gen virus deleted - quarantined

C:\Documents and Settings\Carol\Local Settings\Temporary Internet Files\Content.IE5\GDWXKZKB\spotlightpath[1].htm HTML/Iframe.B.Gen virus deleted - quarantined

C:\Documents and Settings\Carol\Local Settings\Temporary Internet Files\Content.IE5\GDWXKZKB\spotlightpath[2].htm HTML/Iframe.B.Gen virus deleted - quarantined

C:\Documents and Settings\Carol\Local Settings\Temporary Internet Files\Content.IE5\NR05L4VF\news[1].htm JS/Kryptik.EC trojan cleaned by deleting - quarantined

C:\WINDOWS\system32\drivers\netbt.sys a variant of Win32/Rootkit.Kryptik.FW trojan unable to clean

C:\_OTL\MovedFiles\12082011_034727\C_WINDOWS\system32\sqlesw32.dll Win32/Wimpixo.AS trojan cleaned by deleting - quarantined

Operating memory multiple threats

Malwarebytes:

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8314

Windows 5.1.2600 Service Pack 3

Internet Explorer 6.0.2900.5512

12/9/2011 6:41:38 AM

mbam-log-2011-12-09 (06-41-37).txt

Scan type: Full scan (C:\|)

Objects scanned: 238825

Time elapsed: 59 minute(s), 21 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Download the latest version of TDSSKiller from here and save it to your Desktop.

  1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    tdss_1.jpg
  2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
    tdss_2.jpg
  3. Click the Start Scan button.
    tdss_3.jpg
  4. If a suspicious object is detected, the default action will be Skip, click on Continue.
    tdss_4.jpg
  5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
  6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    tdss_5.jpg
  7. Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Link to post
Share on other sites

17:50:25.0171 2496 TDSS rootkit removing tool 2.6.22.0 Dec 7 2011 13:21:06

17:50:25.0453 2496 ============================================================

17:50:25.0453 2496 Current date / time: 2011/12/12 17:50:25.0453

17:50:25.0453 2496 SystemInfo:

17:50:25.0453 2496

17:50:25.0453 2496 OS Version: 5.1.2600 ServicePack: 3.0

17:50:25.0453 2496 Product type: Workstation

17:50:25.0453 2496 ComputerName: PRINCESS

17:50:25.0718 2496 UserName: Carol

17:50:25.0718 2496 Windows directory: C:\WINDOWS

17:50:25.0718 2496 System windows directory: C:\WINDOWS

17:50:25.0718 2496 Processor architecture: Intel x86

17:50:25.0718 2496 Number of processors: 1

17:50:25.0718 2496 Page size: 0x1000

17:50:25.0718 2496 Boot type: Normal boot

17:50:25.0718 2496 ============================================================

17:50:26.0953 2496 Initialize success

17:51:03.0937 3356 ============================================================

17:51:03.0937 3356 Scan started

17:51:03.0937 3356 Mode: Manual; SigCheck; TDLFS;

17:51:03.0937 3356 ============================================================

17:51:05.0078 3356 Abiosdsk - ok

17:51:05.0156 3356 abp480n5 - ok

17:51:05.0296 3356 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

17:51:06.0906 3356 ACPI - ok

17:51:07.0015 3356 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

17:51:07.0250 3356 ACPIEC - ok

17:51:07.0328 3356 adpu160m - ok

17:51:07.0453 3356 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

17:51:07.0578 3356 aec - ok

17:51:07.0703 3356 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys

17:51:07.0703 3356 AegisP ( UnsignedFile.Multi.Generic ) - warning

17:51:07.0703 3356 AegisP - detected UnsignedFile.Multi.Generic (1)

17:51:07.0796 3356 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

17:51:07.0859 3356 AFD - ok

17:51:07.0906 3356 Aha154x - ok

17:51:07.0937 3356 aic78u2 - ok

17:51:07.0984 3356 aic78xx - ok

17:51:08.0234 3356 ALCXWDM (dd8520280304b6145a6be31008748c7c) C:\WINDOWS\system32\drivers\ALCXWDM.SYS

17:51:08.0750 3356 ALCXWDM - ok

17:51:08.0796 3356 AliIde - ok

17:51:08.0859 3356 amsint - ok

17:51:08.0921 3356 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

17:51:09.0046 3356 Arp1394 - ok

17:51:09.0078 3356 asc - ok

17:51:09.0093 3356 asc3350p - ok

17:51:09.0109 3356 asc3550 - ok

17:51:09.0140 3356 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

17:51:09.0265 3356 AsyncMac - ok

17:51:09.0296 3356 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

17:51:09.0421 3356 atapi - ok

17:51:09.0437 3356 Atdisk - ok

17:51:09.0484 3356 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

17:51:09.0609 3356 Atmarpc - ok

17:51:09.0656 3356 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

17:51:09.0796 3356 audstub - ok

17:51:09.0859 3356 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

17:51:09.0984 3356 Beep - ok

17:51:10.0093 3356 Cam5603D (273daec27d2aaddc0e7918c35ffa15e3) C:\WINDOWS\system32\Drivers\BisonCam.sys

17:51:10.0234 3356 Cam5603D - ok

17:51:10.0296 3356 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

17:51:10.0421 3356 cbidf2k - ok

17:51:10.0468 3356 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

17:51:10.0609 3356 CCDECODE - ok

17:51:10.0625 3356 cd20xrnt - ok

17:51:10.0640 3356 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

17:51:10.0781 3356 Cdaudio - ok

17:51:10.0843 3356 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

17:51:10.0968 3356 Cdfs - ok

17:51:11.0000 3356 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

17:51:11.0125 3356 Cdrom - ok

17:51:11.0156 3356 Changer - ok

17:51:11.0171 3356 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

17:51:11.0296 3356 CmBatt - ok

17:51:11.0328 3356 CmdIde - ok

17:51:11.0359 3356 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

17:51:11.0453 3356 Compbatt - ok

17:51:11.0484 3356 Cpqarray - ok

17:51:11.0500 3356 dac2w2k - ok

17:51:11.0515 3356 dac960nt - ok

17:51:11.0562 3356 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

17:51:11.0671 3356 Disk - ok

17:51:11.0765 3356 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

17:51:11.0953 3356 dmboot - ok

17:51:12.0000 3356 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

17:51:12.0125 3356 dmio - ok

17:51:12.0140 3356 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

17:51:12.0281 3356 dmload - ok

17:51:12.0328 3356 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

17:51:12.0453 3356 DMusic - ok

17:51:12.0468 3356 dpti2o - ok

17:51:12.0500 3356 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

17:51:12.0625 3356 drmkaud - ok

17:51:12.0687 3356 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

17:51:12.0828 3356 Fastfat - ok

17:51:12.0859 3356 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

17:51:13.0000 3356 Fdc - ok

17:51:13.0046 3356 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

17:51:13.0171 3356 Fips - ok

17:51:13.0187 3356 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

17:51:13.0328 3356 Flpydisk - ok

17:51:13.0390 3356 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

17:51:13.0500 3356 FltMgr - ok

17:51:13.0546 3356 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

17:51:13.0687 3356 Fs_Rec - ok

17:51:13.0750 3356 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

17:51:13.0875 3356 Ftdisk - ok

17:51:13.0921 3356 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

17:51:13.0937 3356 GEARAspiWDM - ok

17:51:13.0968 3356 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

17:51:14.0093 3356 Gpc - ok

17:51:14.0156 3356 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

17:51:14.0296 3356 HidUsb - ok

17:51:14.0312 3356 hpn - ok

17:51:14.0390 3356 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

17:51:14.0437 3356 HTTP - ok

17:51:14.0453 3356 i2omgmt - ok

17:51:14.0468 3356 i2omp - ok

17:51:14.0515 3356 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

17:51:14.0640 3356 i8042prt - ok

17:51:14.0703 3356 IDMTDI (330a6a0baf4fd945bde14c7b1d88d9b9) C:\WINDOWS\system32\DRIVERS\idmtdi.sys

17:51:14.0734 3356 IDMTDI - ok

17:51:14.0750 3356 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

17:51:14.0906 3356 Imapi - ok

17:51:14.0921 3356 ini910u - ok

17:51:14.0968 3356 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

17:51:15.0140 3356 IntelIde - ok

17:51:15.0187 3356 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

17:51:15.0312 3356 intelppm - ok

17:51:15.0343 3356 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

17:51:15.0484 3356 Ip6Fw - ok

17:51:15.0515 3356 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

17:51:15.0640 3356 IpFilterDriver - ok

17:51:15.0671 3356 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

17:51:15.0796 3356 IpInIp - ok

17:51:15.0859 3356 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

17:51:15.0968 3356 IpNat - ok

17:51:16.0015 3356 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

17:51:16.0140 3356 IPSec - ok

17:51:16.0187 3356 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

17:51:16.0359 3356 IRENUM - ok

17:51:16.0421 3356 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

17:51:16.0546 3356 isapnp - ok

17:51:16.0609 3356 IWCA (872d090ca5c306f62d1982bce6302376) C:\WINDOWS\system32\DRIVERS\iwca.sys

17:51:16.0718 3356 IWCA - ok

17:51:16.0765 3356 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

17:51:16.0890 3356 Kbdclass - ok

17:51:16.0953 3356 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

17:51:17.0046 3356 kbdhid - ok

17:51:17.0093 3356 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

17:51:17.0218 3356 kmixer - ok

17:51:17.0281 3356 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

17:51:17.0421 3356 KSecDD - ok

17:51:17.0437 3356 lbrtfdc - ok

17:51:17.0500 3356 LLUSBFLT (4ed28529be6266bc3c1eb18be925314a) C:\WINDOWS\system32\drivers\llusbflt.sys

17:51:17.0531 3356 LLUSBFLT ( UnsignedFile.Multi.Generic ) - warning

17:51:17.0531 3356 LLUSBFLT - detected UnsignedFile.Multi.Generic (1)

17:51:17.0578 3356 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

17:51:17.0718 3356 mnmdd - ok

17:51:17.0765 3356 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

17:51:17.0890 3356 Modem - ok

17:51:17.0937 3356 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

17:51:18.0078 3356 Mouclass - ok

17:51:18.0125 3356 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

17:51:18.0265 3356 mouhid - ok

17:51:18.0312 3356 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

17:51:18.0437 3356 MountMgr - ok

17:51:18.0453 3356 mraid35x - ok

17:51:18.0500 3356 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

17:51:18.0625 3356 MRxDAV - ok

17:51:18.0703 3356 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

17:51:18.0781 3356 MRxSmb - ok

17:51:18.0828 3356 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

17:51:18.0953 3356 Msfs - ok

17:51:19.0000 3356 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

17:51:19.0140 3356 MSKSSRV - ok

17:51:19.0187 3356 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

17:51:19.0296 3356 MSPCLOCK - ok

17:51:19.0328 3356 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

17:51:19.0468 3356 MSPQM - ok

17:51:19.0515 3356 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

17:51:19.0609 3356 mssmbios - ok

17:51:19.0671 3356 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

17:51:19.0796 3356 MSTEE - ok

17:51:19.0875 3356 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

17:51:19.0921 3356 Mup - ok

17:51:19.0968 3356 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

17:51:20.0093 3356 NABTSFEC - ok

17:51:20.0156 3356 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

17:51:20.0281 3356 NDIS - ok

17:51:20.0328 3356 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

17:51:20.0453 3356 NdisIP - ok

17:51:20.0515 3356 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

17:51:20.0546 3356 NdisTapi - ok

17:51:20.0578 3356 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

17:51:20.0703 3356 Ndisuio - ok

17:51:20.0750 3356 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

17:51:20.0859 3356 NdisWan - ok

17:51:20.0906 3356 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

17:51:20.0968 3356 NDProxy - ok

17:51:21.0015 3356 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

17:51:21.0140 3356 NetBIOS - ok

17:51:21.0187 3356 NetBT (ca470b69a999dc0e02435b260b2acb5f) C:\WINDOWS\system32\DRIVERS\netbt.sys

17:51:21.0187 3356 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\netbt.sys. Real md5: ca470b69a999dc0e02435b260b2acb5f, Fake md5: d797eac317dc59db1e29f389c470b348

17:51:21.0187 3356 NetBT ( Rootkit.Win32.ZAccess.k ) - infected

17:51:21.0187 3356 NetBT - detected Rootkit.Win32.ZAccess.k (0)

17:51:21.0250 3356 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

17:51:21.0375 3356 NIC1394 - ok

17:51:21.0421 3356 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

17:51:21.0546 3356 Npfs - ok

17:51:21.0609 3356 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

17:51:21.0765 3356 Ntfs - ok

17:51:21.0828 3356 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

17:51:21.0968 3356 Null - ok

17:51:22.0171 3356 nv (4430f78a49e8fb6b63d191fd38dae52e) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

17:51:22.0437 3356 nv ( UnsignedFile.Multi.Generic ) - warning

17:51:22.0437 3356 nv - detected UnsignedFile.Multi.Generic (1)

17:51:22.0671 3356 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

17:51:22.0796 3356 NwlnkFlt - ok

17:51:22.0843 3356 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

17:51:22.0984 3356 NwlnkFwd - ok

17:51:23.0031 3356 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

17:51:23.0156 3356 ohci1394 - ok

17:51:23.0203 3356 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys

17:51:23.0328 3356 Parport - ok

17:51:23.0343 3356 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

17:51:23.0484 3356 PartMgr - ok

17:51:23.0515 3356 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

17:51:23.0656 3356 ParVdm - ok

17:51:23.0687 3356 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

17:51:23.0812 3356 PCI - ok

17:51:23.0828 3356 PCIDump - ok

17:51:23.0875 3356 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

17:51:24.0000 3356 PCIIde - ok

17:51:24.0031 3356 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

17:51:24.0140 3356 Pcmcia - ok

17:51:24.0156 3356 PDCOMP - ok

17:51:24.0171 3356 PDFRAME - ok

17:51:24.0187 3356 PDRELI - ok

17:51:24.0218 3356 PDRFRAME - ok

17:51:24.0234 3356 perc2 - ok

17:51:24.0250 3356 perc2hib - ok

17:51:24.0296 3356 PLUsbbc2 (deb5a23f8625d7d84daff899478a4893) C:\WINDOWS\system32\Drivers\usbbc2.sys

17:51:24.0328 3356 PLUsbbc2 ( UnsignedFile.Multi.Generic ) - warning

17:51:24.0328 3356 PLUsbbc2 - detected UnsignedFile.Multi.Generic (1)

17:51:24.0421 3356 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

17:51:24.0562 3356 PptpMiniport - ok

17:51:24.0609 3356 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

17:51:24.0703 3356 PSched - ok

17:51:24.0765 3356 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

17:51:24.0890 3356 Ptilink - ok

17:51:24.0937 3356 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys

17:51:24.0937 3356 PxHelp20 - ok

17:51:24.0968 3356 ql1080 - ok

17:51:24.0984 3356 Ql10wnt - ok

17:51:25.0000 3356 ql12160 - ok

17:51:25.0015 3356 ql1240 - ok

17:51:25.0031 3356 ql1280 - ok

17:51:25.0046 3356 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

17:51:25.0187 3356 RasAcd - ok

17:51:25.0234 3356 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

17:51:25.0359 3356 Rasl2tp - ok

17:51:25.0468 3356 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

17:51:25.0562 3356 RasPppoe - ok

17:51:25.0609 3356 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

17:51:25.0750 3356 Raspti - ok

17:51:25.0828 3356 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

17:51:25.0953 3356 Rdbss - ok

17:51:25.0984 3356 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

17:51:26.0109 3356 RDPCDD - ok

17:51:26.0203 3356 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

17:51:26.0218 3356 RDPWD - ok

17:51:26.0250 3356 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

17:51:26.0359 3356 redbook - ok

17:51:26.0421 3356 RTL8023xp (cf84b1f0e8b14d4120aaf9cf35cbb265) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys

17:51:26.0500 3356 RTL8023xp - ok

17:51:26.0546 3356 s24trans (208491a652c79871737edfe629de2c45) C:\WINDOWS\system32\DRIVERS\s24trans.sys

17:51:26.0578 3356 s24trans ( UnsignedFile.Multi.Generic ) - warning

17:51:26.0578 3356 s24trans - detected UnsignedFile.Multi.Generic (1)

17:51:26.0625 3356 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys

17:51:26.0718 3356 sdbus - ok

17:51:26.0765 3356 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

17:51:26.0890 3356 Secdrv - ok

17:51:26.0937 3356 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys

17:51:27.0046 3356 Serial - ok

17:51:27.0078 3356 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

17:51:27.0203 3356 Sfloppy - ok

17:51:27.0234 3356 Simbad - ok

17:51:27.0265 3356 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

17:51:27.0390 3356 SLIP - ok

17:51:27.0421 3356 Sparrow - ok

17:51:27.0453 3356 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

17:51:27.0578 3356 splitter - ok

17:51:27.0625 3356 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

17:51:27.0750 3356 sr - ok

17:51:27.0796 3356 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

17:51:27.0906 3356 Srv - ok

17:51:27.0953 3356 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys

17:51:28.0093 3356 StillCam - ok

17:51:28.0140 3356 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

17:51:28.0265 3356 streamip - ok

17:51:28.0296 3356 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

17:51:28.0406 3356 swenum - ok

17:51:28.0437 3356 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

17:51:28.0546 3356 swmidi - ok

17:51:28.0578 3356 symc810 - ok

17:51:28.0593 3356 symc8xx - ok

17:51:28.0671 3356 SYMIDSCO - ok

17:51:28.0687 3356 sym_hi - ok

17:51:28.0703 3356 sym_u3 - ok

17:51:28.0750 3356 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

17:51:28.0890 3356 sysaudio - ok

17:51:28.0953 3356 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

17:51:29.0125 3356 Tcpip - ok

17:51:29.0140 3356 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

17:51:29.0265 3356 TDPIPE - ok

17:51:29.0312 3356 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

17:51:29.0437 3356 TDTCP - ok

17:51:29.0468 3356 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

17:51:29.0578 3356 TermDD - ok

17:51:29.0593 3356 TosIde - ok

17:51:29.0640 3356 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

17:51:29.0765 3356 Udfs - ok

17:51:29.0781 3356 ultra - ok

17:51:29.0859 3356 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

17:51:30.0000 3356 Update - ok

17:51:30.0062 3356 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys

17:51:30.0125 3356 USBAAPL - ok

17:51:30.0156 3356 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

17:51:30.0296 3356 usbccgp - ok

17:51:30.0328 3356 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

17:51:30.0468 3356 usbehci - ok

17:51:30.0500 3356 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

17:51:30.0625 3356 usbhub - ok

17:51:30.0671 3356 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

17:51:30.0796 3356 usbprint - ok

17:51:30.0828 3356 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

17:51:30.0953 3356 usbscan - ok

17:51:31.0000 3356 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

17:51:31.0109 3356 USBSTOR - ok

17:51:31.0156 3356 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

17:51:31.0281 3356 usbuhci - ok

17:51:31.0296 3356 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

17:51:31.0421 3356 VgaSave - ok

17:51:31.0437 3356 ViaIde - ok

17:51:31.0468 3356 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

17:51:31.0578 3356 VolSnap - ok

17:51:31.0734 3356 w29n51 (68eb5bc07781a36a63633541c11e1ad6) C:\WINDOWS\system32\DRIVERS\w29n51.sys

17:51:31.0984 3356 w29n51 - ok

17:51:32.0031 3356 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

17:51:32.0156 3356 Wanarp - ok

17:51:32.0171 3356 WDICA - ok

17:51:32.0218 3356 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

17:51:32.0343 3356 wdmaud - ok

17:51:32.0375 3356 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

17:51:32.0515 3356 WmiAcpi - ok

17:51:32.0593 3356 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

17:51:32.0718 3356 WSTCODEC - ok

17:51:32.0765 3356 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

17:51:32.0968 3356 \Device\Harddisk0\DR0 - ok

17:51:32.0968 3356 Boot (0x1200) (a4caf59c1f10bcfce1fac26eac879f85) \Device\Harddisk0\DR0\Partition0

17:51:32.0968 3356 \Device\Harddisk0\DR0\Partition0 - ok

17:51:32.0984 3356 ============================================================

17:51:32.0984 3356 Scan finished

17:51:32.0984 3356 ============================================================

17:51:33.0109 2616 Detected object count: 6

17:51:33.0109 2616 Actual detected object count: 6

17:52:48.0281 2616 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user

17:52:48.0281 2616 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip

17:52:48.0296 2616 LLUSBFLT ( UnsignedFile.Multi.Generic ) - skipped by user

17:52:48.0296 2616 LLUSBFLT ( UnsignedFile.Multi.Generic ) - User select action: Skip

17:52:52.0437 2616 Backup copy found, using it..

17:52:52.0515 2616 C:\WINDOWS\system32\DRIVERS\netbt.sys - will be cured on reboot

17:52:54.0859 2616 NetBT ( Rootkit.Win32.ZAccess.k ) - User select action: Cure

17:52:54.0859 2616 nv ( UnsignedFile.Multi.Generic ) - skipped by user

17:52:54.0859 2616 nv ( UnsignedFile.Multi.Generic ) - User select action: Skip

17:52:54.0859 2616 PLUsbbc2 ( UnsignedFile.Multi.Generic ) - skipped by user

17:52:54.0859 2616 PLUsbbc2 ( UnsignedFile.Multi.Generic ) - User select action: Skip

17:52:54.0875 2616 s24trans ( UnsignedFile.Multi.Generic ) - skipped by user

17:52:54.0875 2616 s24trans ( UnsignedFile.Multi.Generic ) - User select action: Skip

17:53:19.0000 2492 Deinitialize success

Link to post
Share on other sites

I have good news for you => Your system is clean now! :)

Here are some tips to prevent future malware problems:

You need to ensure that you have the latest versions of: Adobe Reader and Java. Before you download and install the latest versions is important to uninstall them, so for this purpose: Click Start => Control Panel => Add or Remove Programs highlight them and click on Remove button. Next, click on each of the programs to download it:

Slowly and carefully install applications and then restart your computer.

Let the cleaning tools we use. First get rid of OTL:

  1. Double-click OTL.exe to start the program.
  2. Close all other programs apart from OTL as this step will require a reboot
  3. On the OTL main screen, press the CLEANUP button
  4. Say Yes to the prompt and then allow the program to reboot your computer.

At this stage, you don't need the online scanner, so:

To remove the ESET Online Scanner components from your computer, start the Add or Remove Programs applet from Control Panel, select the ESET Online Scanner entry and click Remove. A restart may be required to complete uninstallation.

Please manually delete TDSSKiller and aswclear.

Some quick tips:

  1. Antivirus software - I see that you have no antivirus install on your system, so take a look here more closely. It's always necessary. Always updated antivirus program will save you many future problems. Here some good free antivirus solutions:

[*]Firewall - Your Windows OS has a built-in firewall, but it is weak and in no way good for the current requirements for optimal security, so I recommend you choose a suitable firewall on my advice below. A firewall will protect you from attacks coming from the global network. Without a firewall your computer is susceptible to being hacked and taken over. Here some good free firewall solutions:

[*]Alternative browser - Due to the large market share of Internet Explorer, it is a top target of the writers of malware, so we recommend using an alternative browser. There are many better alternatives to Internet Explorer regarding security, features and speed such as:

[*]Program updates - Updating the software is really important for the productivity, but also for their security. Here is an application that will help in checking the new versions and updates for your programs. It is called FileHippo Update Checker and you can download it from here.

[*]Clear old system restore points - Once your system is infected as a result there will be infected restore points that need to be cleaned.

  1. Open Start => All Programs => Accessories => System tools => Disk Cleanup.
  2. In the Drop down box that appears select your main drive e.g. C:\
  3. Click OK.
  4. The System will do some calculation and display a dialogue box with TABS.
  5. Select the More Options tab.
  6. At the bottom will be a system restore box with a CLEANUP button. Click on it.
  7. Accept the Warning and select OK again, the program will close and you are done.

[*]Create a new system restore point - Now that everything is fine, it is necessary to create a new restore point to restore your system to an earlier stage in case you get a problem. Do the following:

  1. Click Start, point to All Programs, point to Accessories, point to System Tools, and then click System Restore.
  2. In the System Restore dialog box, click Create a restore point, and then click Next.
  3. Type a description for your restore point, such as "After Cleanup", then click Create.

Safe surfing! ;)

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.