Jump to content

Recommended Posts

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_31

Run by Owner at 13:06:44 on 2012-06-06

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.496 [GMT -4:00]

.

AV: PC Cleaners *Disabled/Updated* {737A8864-C2D9-4337-B49A-B5E35815B9BB}

AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Fighters\SPAMfighter\sfagent.exe

C:\WINDOWS\system32\Rundll32.exe

C:\Program Files\Epson Software\Event Manager\EEventManager.exe

C:\Program Files\Fighters\Tray\FightersTray.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\WINDOWS\system32\ctfmon.exe

svchost.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\WINDOWS\system32\svchost.exe -k HPService

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\Fighters\SPAMfighter\sfus.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\Program Files\Fighters\FighterSuiteService.exe

C:\WINDOWS\system32\imapi.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\internet explorer\iexplore.exe

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyOverride = <local>

mURLSearchHooks: H - No File

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: WormRadar.com IESiteBlocker.NavFilter: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - AVG Safe Search

BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Plugin for Media Finder: {ad4df010-e2fd-43ce-864a-6bd1edc59ac2} - c:\documents and settings\owner\application data\media finder\extensions\IEPlugin32.dll

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

{555d4d79-4bd2-4094-a395-cfc534424a05}

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [sfagent] c:\program files\fighters\spamfighter\sfagent.exe

mRun: [P17Helper] Rundll32 P17.dll,P17Helper

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [EEventManager] "c:\program files\epson software\event manager\EEventManager.exe"

mRun: [CommonToolkitTray] c:\program files\fighters\tray\FightersTray.exe

mRun: [updReg] c:\windows\UpdReg.EXE

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 0 (0x0)

IE: Download with &Media Finder

IE: {6224f700-cba3-4071-b251-47cb894244cd} - c:\program files\icq\ICQ.exe

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

Trusted Zone: champlainvalleycu.com\www

Trusted Zone: firefox

Trusted Zone: ketsujin.com\fighterace

Trusted Zone: ketsujin.com\primary

Trusted Zone: ketsujin.com\update

Trusted Zone: ketsujin.com\www

Trusted Zone: mozilla

Trusted Zone: msn.com

Trusted Zone: stormofaces.com\www

Trusted Zone: youtube.com\www

DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/Dcode/ActiveX/MSDcode.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1268514906265

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} - hxxp://support.gateway.com/support/serialharvest/gwCID.CAB

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab

DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15118/CTPID.cab

TCP: DhcpNameServer = 75.75.75.75 75.75.76.76

TCP: Interfaces\{7BBBCB59-6D43-451E-95B3-3C52A4E31F76} : DhcpNameServer = 75.75.75.75 75.75.76.76

Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll

Notify: DfLogon - LogonDll.dll

Notify: igfxcui - igfxsrvc.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

IFEO: mcmpeng.exe - svchost.exe

.

============= SERVICES / DRIVERS ===============

.

R0 DeepFrz;DeepFrz;c:\windows\system32\drivers\DeepFrz.sys [2007-10-25 131472]

R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 171064]

R1 MpKslfb466618;MpKslfb466618;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a0654dec-c1ec-463d-976a-e2ceecc40644}\MpKslfb466618.sys [2012-6-6 29904]

R2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-3-22 136176]

R2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\fighters\spamfighter\sfus.exe [2012-2-2 215688]

R2 Suite Service;Suite Service;c:\program files\fighters\FighterSuiteService.exe [2012-1-23 1324680]

S0 qpeaujk;qpeaujk; [x]

S1 gawhnqom;gawhnqom; [x]

S1 RemoveAny;RemoveAny driver;c:\windows\system32\drivers\RemoveAny.sys [2010-9-14 11392]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-23 253088]

S3 cpudrv;cpudrv;\??\c:\program files\systemrequirementslab\cpudrv.sys --> c:\program files\systemrequirementslab\cpudrv.sys [?]

S3 cpuz132;cpuz132; [x]

S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [2011-9-12 23456]

S3 dump_wmimmc;dump_wmimmc; [x]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-3-22 136176]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]

S3 PROCEXP151;PROCEXP151;\??\c:\windows\system32\drivers\procexp151.sys --> c:\windows\system32\drivers\PROCEXP151.SYS [?]

S3 uti3otqy;AVZ Kernel Driver;c:\windows\system32\drivers\uti3otqy.sys [2011-4-13 7168]

S3 wimmount;wimmount;c:\windows\system32\drivers\wimmount.sys [2010-6-15 19024]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2012-06-06 11:04:50 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-06 10:50:17 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a0654dec-c1ec-463d-976a-e2ceecc40644}\offreg.dll

2012-06-06 10:50:16 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a0654dec-c1ec-463d-976a-e2ceecc40644}\MpKslfb466618.sys

2012-06-06 09:33:01 6737808 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a0654dec-c1ec-463d-976a-e2ceecc40644}\mpengine.dll

.

==================== Find3M ====================

.

2012-04-23 18:07:41 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-04-23 18:07:41 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-03-23 14:44:02 73728 ----a-w- c:\windows\system32\javacpl.cpl

2012-03-23 14:44:00 472808 ----a-w- c:\windows\system32\deployJava1.dll

2012-03-21 00:44:12 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys

2010-03-26 01:39:40 40960 ----a-w- c:\program files\PPSFix.exe

2008-10-20 19:13:44 1820 ------w- c:\program files\IE80Blocker.cmd

.

============= FINISH: 13:07:49.56 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume1

Install Date: 3/13/2010 3:30:52 PM

System Uptime: 6/6/2012 5:11:02 AM (8 hours ago)

.

Motherboard: First International Computer, Inc. | | VG33

Processor: Intel® Pentium® 4 CPU 2.60GHz | Socket 478 | 2599/101mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 75 GiB total, 64.183 GiB free.

D: is CDROM ()

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}

Description: Officejet 4500 G510n-z

Device ID: ROOT\MULTIFUNCTION\0000

Manufacturer: HP

Name: Officejet 4500 G510n-z

PNP Device ID: ROOT\MULTIFUNCTION\0000

Service:

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

32 Bit HP CIO Components Installer

4500_G510nz_Help

4500G510nz

4500G510nz_Software_Min

7-Zip 9.20

Adobe Flash Player 11 Plugin

Belarc Advisor 8.2

BufferChm

CCleaner

Compatibility Pack for the 2007 Office system

Creative MediaSource 5

Creative Software AutoUpdate

Creative System Information

DScaler 5 Mpeg Decoders

Epson Copy Utility 3.5

Epson Event Manager

EPSON Perfection V33/V330 Photo Scanner Driver Update

EPSON Scan

eSupport UndeletePlus 3.0.2.1214

Eusing Free Registry Cleaner

Google Update Helper

Hewlett-Packard ACLM.NET v1.1.0.0

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB954708)

HP Officejet 4500 G510n-z

ICQ

Image Resizer Powertoy for Windows XP

Intel® Extreme Graphics Driver

Java Auto Updater

Java™ 6 Update 31

LiveReg (Symantec Corporation)

LiveUpdate 1.80 (Symantec Corporation)

Malwarebytes Anti-Malware version 1.61.0.1400

Media Player Classic - Home Cinema v1.5.2.3456

MemoriesOnTV 4.1.2

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Office Excel Viewer

Microsoft Security Client

Microsoft Security Essentials

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Microsoft Windows XP Video Decoder Checkup Utility

Microsoft Word 2000 SR-1

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

MSXML 6.0 Parser (KB925673)

Multimedia Keyboard Driver

Network

Nikon Message Center

Nikon Transfer

PolyView 4.41

PowerDVD

Realtek RTL8139/810x Fast Ethernet NIC Driver Setup

Scan

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft Windows (KB2564958)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB2647516)

Security Update for Windows Internet Explorer 8 (KB2675157)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player 8 (KB917734)

Security Update for Windows Media Player 9 (KB911565)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2621440)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB2641653)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2647518)

Security Update for Windows XP (KB2653956)

Security Update for Windows XP (KB2660465)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB954459)

Sound Blaster Audigy

SPAMfighter

Toolbox

Unlocker 1.8.9

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2607712)

Update for Windows XP (KB2616676)

Update for Windows XP (KB2641690)

Visual C++ 2008 x86 Runtime - (v9.0.30729)

Visual C++ 2008 x86 Runtime - v9.0.30729.01

WebFldrs XP

WebReg

Winamp (remove only)

Windows Backup Utility

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 8

Windows Media Format 11 runtime

Windows Media Player 11

Windows PowerShell™ 1.0

XLS Converter 1.7.2

YouTube Downloader 2.7.1

.

==== Event Viewer Messages From Past Week ========

.

6/6/2012 6:43:45 AM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.

6/6/2012 5:13:04 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: RemoveAny

6/6/2012 5:12:57 AM, error: Service Control Manager [7000] - The DF5Serv service failed to start due to the following error: The system cannot find the path specified.

.

==== End Of File ===========================

Link to post
Share on other sites

Welcome to the forum. What seems to be the problem??

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system (don't run any other options, they're not all bad!)

Post back the report.

MrC

------->Logs will be closed if you haven't replied within 3 days!<--------

Link to post
Share on other sites

Welcome to the forum. What seems to be the problem??

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system (don't run any other options, they're not all bad!)

Post back the report.

MrCRogueKiller V7.5.4 [06/07/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User: Owner [Admin rights]

Mode: Remove -- Date: 06/07/2012 13:47:13

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 6 ¤¤¤

[iFEO] HKLM\[...]\Image File Execution Options : mcmpeng.exe (svchost.exe) -> DELETED

[HJ] HKCU\[...]\Internet Settings : WarnOnHTTPSToHTTPRedirect (0) -> REPLACED (1)

[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)

[HJ] HKLM\[...]\System : ConsentPromptBehaviorUser (0) -> REPLACED (1)

[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD800EB-00DJF0 +++++

--- User ---

[MBR] a285e763d4f465cb98815325b7e61393

[bSP] 9aec4923865486ecc80ae08d016485f1 : Windows XP MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76316 Mo

Error reading LL1 MBR!

User = LL2 ... OK!

Finished : << RKreport[3].txt >>

RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

------->Logs will be closed if you haven't replied within 3 days!<--------

Link to post
Share on other sites

<Moderator kibbitz>

@jimvt

When you have a problem or question, please post directly into your Topic. Do not click on the Report button.

When you make replies here, your helper will be notified.

RKreport[3].txt should be on your Desktop (or in same folder as Roguekiller utility.

Please wait for MrC to help you.

Link to post
Share on other sites

<Moderator kibbitz>

@jimvt

When you have a problem or question, please post directly into your Topic. Do not click on the Report button.

When you make replies here, your helper will be notified.

RKreport[3].txt should be on your Desktop (or in same folder as Roguekiller utility.

Please wait for MrC to help you.

Ok, sorry...the rules were a bit confusing! I could not copy and past the report the first time. Did it get sent finally?

Link to post
Share on other sites

For about ten days I have been encountering some nasty thing that will not allow me to remove certain programs i.e., Mozzilla Firefox, Google Earth, AntCom, etc.

Each time I take them out with Add/Remove AND delete the registry references they come back after reboot.

Also all emails after May 1, 2012 are being deleted including yours.

I have tried a large number of "solutions" from Bleeping Computer and your site with no success.

I used ten of the "Chameleons" and each one would start a scan, find nothing and then stop.\

Any help apprecated.

JimD

Link to post
Share on other sites

Lets see what we can find.....

Please make sure system restore is running and create a new restore point before continuing.

XP <===> Vista & W7

XP users > please back up the registry using ERUNT.

-----------------------------------------

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

tdss_1.jpg

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

tdss_2.jpg

------------------------

Click the Start Scan button.

tdss_3.jpg

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.

tdss_4.jpg

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

tdss_5.jpg

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

Link to post
Share on other sites

While this was working a MS essentials window popped up and said something about "do nothing."

09:07:21.0522 1544 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16

09:07:25.0429 1544 ============================================================

09:07:25.0429 1544 Current date / time: 2012/06/08 09:07:25.0429

09:07:25.0429 1544 SystemInfo:

09:07:25.0429 1544

09:07:25.0429 1544 OS Version: 5.1.2600 ServicePack: 3.0

09:07:25.0429 1544 Product type: Workstation

09:07:25.0429 1544 ComputerName: HOME-N4TTGLLC4R

09:07:25.0429 1544 UserName: Owner

09:07:25.0429 1544 Windows directory: C:\WINDOWS

09:07:25.0429 1544 System windows directory: C:\WINDOWS

09:07:25.0429 1544 Processor architecture: Intel x86

09:07:25.0429 1544 Number of processors: 1

09:07:25.0429 1544 Page size: 0x1000

09:07:25.0429 1544 Boot type: Normal boot

09:07:25.0429 1544 ============================================================

09:07:33.0742 1544 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

09:07:33.0773 1544 ============================================================

09:07:33.0804 1544 \Device\Harddisk0\DR0:

09:07:33.0804 1544 MBR partitions:

09:07:33.0804 1544 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950E482

09:07:33.0804 1544 ============================================================

09:07:33.0835 1544 C: <-> \Device\Harddisk0\DR0\Partition0

09:07:33.0835 1544 ============================================================

09:07:33.0835 1544 Initialize success

09:07:33.0835 1544 ============================================================

09:07:56.0181 2932 ============================================================

09:07:56.0181 2932 Scan started

09:07:56.0181 2932 Mode: Manual; SigCheck; TDLFS;

09:07:56.0181 2932 ============================================================

09:07:56.0743 2932 Abiosdsk - ok

09:07:56.0759 2932 abp480n5 - ok

09:07:56.0915 2932 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

09:08:02.0634 2932 ACPI - ok

09:08:02.0744 2932 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

09:08:17.0463 2932 ACPIEC - ok

09:08:17.0682 2932 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

09:08:17.0792 2932 AdobeFlashPlayerUpdateSvc - ok

09:08:17.0807 2932 adpu160m - ok

09:08:17.0932 2932 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

09:08:18.0260 2932 aec - ok

09:08:18.0323 2932 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\WINDOWS\system32\drivers\Afc.sys

09:08:19.0104 2932 Afc - ok

09:08:19.0307 2932 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

09:08:19.0667 2932 AFD - ok

09:08:19.0698 2932 Aha154x - ok

09:08:19.0714 2932 aic78u2 - ok

09:08:19.0729 2932 aic78xx - ok

09:08:20.0448 2932 ALCXWDM (49899bb0ccc162fe6e2368ee93992950) C:\WINDOWS\system32\drivers\ALCXWDM.SYS

09:08:24.0230 2932 ALCXWDM - ok

09:08:24.0355 2932 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll

09:08:24.0683 2932 Alerter - ok

09:08:24.0745 2932 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe

09:08:24.0948 2932 ALG - ok

09:08:24.0964 2932 AliIde - ok

09:08:24.0980 2932 amsint - ok

09:08:25.0011 2932 AppMgmt - ok

09:08:25.0026 2932 asc - ok

09:08:25.0042 2932 asc3350p - ok

09:08:25.0073 2932 asc3550 - ok

09:08:25.0433 2932 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

09:08:25.0480 2932 aspnet_state - ok

09:08:25.0605 2932 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

09:08:25.0839 2932 AsyncMac - ok

09:08:26.0042 2932 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\ATAPI.SYS

09:08:26.0292 2932 atapi - ok

09:08:26.0308 2932 Atdisk - ok

09:08:26.0417 2932 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

09:08:26.0714 2932 Atmarpc - ok

09:08:26.0855 2932 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll

09:08:27.0167 2932 AudioSrv - ok

09:08:27.0292 2932 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

09:08:27.0511 2932 audstub - ok

09:08:27.0620 2932 BANTExt (5d7be7b19e827125e016325334e58ff1) C:\WINDOWS\System32\Drivers\BANTExt.sys

09:08:27.0636 2932 BANTExt ( UnsignedFile.Multi.Generic ) - warning

09:08:27.0636 2932 BANTExt - detected UnsignedFile.Multi.Generic (1)

09:08:27.0745 2932 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

09:08:27.0980 2932 Beep - ok

09:08:28.0527 2932 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll

09:08:29.0199 2932 BITS - ok

09:08:29.0355 2932 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll

09:08:29.0636 2932 Browser - ok

09:08:29.0964 2932 catchme - ok

09:08:30.0089 2932 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

09:08:30.0355 2932 cbidf2k - ok

09:08:30.0386 2932 cd20xrnt - ok

09:08:30.0496 2932 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

09:08:30.0777 2932 Cdaudio - ok

09:08:30.0949 2932 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

09:08:31.0293 2932 Cdfs - ok

09:08:31.0464 2932 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

09:08:31.0699 2932 Cdrom - ok

09:08:31.0730 2932 Changer - ok

09:08:31.0839 2932 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe

09:08:32.0105 2932 CiSvc - ok

09:08:32.0214 2932 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe

09:08:32.0464 2932 ClipSrv - ok

09:08:32.0558 2932 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

09:08:32.0761 2932 clr_optimization_v2.0.50727_32 - ok

09:08:33.0121 2932 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

09:08:33.0183 2932 clr_optimization_v4.0.30319_32 - ok

09:08:33.0199 2932 CmdIde - ok

09:08:33.0215 2932 COMSysApp - ok

09:08:33.0246 2932 Cpqarray - ok

09:08:33.0340 2932 cpudrv - ok

09:08:33.0355 2932 cpuz132 - ok

09:08:33.0511 2932 Creative Service for CDROM Access (3c8b6609712f4ff78e521f6dcfc4032b) C:\WINDOWS\system32\CTsvcCDA.exe

09:08:33.0574 2932 Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - warning

09:08:33.0574 2932 Creative Service for CDROM Access - detected UnsignedFile.Multi.Generic (1)

09:08:33.0699 2932 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll

09:08:33.0949 2932 CryptSvc - ok

09:08:34.0074 2932 ctljystk (71007bd2e1e26927fe3e4eb00c0beedf) C:\WINDOWS\system32\DRIVERS\ctljystk.sys

09:08:34.0340 2932 ctljystk - ok

09:08:34.0574 2932 ctsfm2k (8db84de3aab34a8b4c2f644eff41cd76) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys

09:08:34.0715 2932 ctsfm2k - ok

09:08:34.0730 2932 dac2w2k - ok

09:08:34.0746 2932 dac960nt - ok

09:08:35.0199 2932 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll

09:08:35.0652 2932 DcomLaunch - ok

09:08:35.0840 2932 DeepFrz (af3a25ac1f0b52ad231f8bde3937e105) C:\WINDOWS\system32\drivers\DeepFrz.sys

09:08:35.0902 2932 DeepFrz - ok

09:08:36.0090 2932 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll

09:08:36.0402 2932 Dhcp - ok

09:08:36.0496 2932 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

09:08:36.0824 2932 Disk - ok

09:08:36.0840 2932 dmadmin - ok

09:08:37.0730 2932 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

09:08:38.0715 2932 dmboot - ok

09:08:38.0934 2932 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

09:08:39.0324 2932 dmio - ok

09:08:39.0418 2932 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

09:08:39.0684 2932 dmload - ok

09:08:39.0793 2932 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll

09:08:40.0090 2932 dmserver - ok

09:08:40.0215 2932 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

09:08:40.0465 2932 DMusic - ok

09:08:40.0606 2932 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll

09:08:40.0887 2932 Dnscache - ok

09:08:41.0059 2932 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll

09:08:41.0371 2932 Dot3svc - ok

09:08:41.0387 2932 dpti2o - ok

09:08:41.0496 2932 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

09:08:41.0746 2932 drmkaud - ok

09:08:41.0871 2932 DrvAgent32 (651554e483712b708ede864d0ca1aa73) C:\WINDOWS\system32\Drivers\DrvAgent32.sys

09:08:41.0950 2932 DrvAgent32 ( UnsignedFile.Multi.Generic ) - warning

09:08:41.0950 2932 DrvAgent32 - detected UnsignedFile.Multi.Generic (1)

09:08:41.0965 2932 dump_wmimmc - ok

09:08:42.0090 2932 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll

09:08:42.0403 2932 EapHost - ok

09:08:42.0481 2932 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll

09:08:42.0778 2932 ERSvc - ok

09:08:42.0934 2932 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

09:08:43.0043 2932 Eventlog - ok

09:08:43.0325 2932 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\System32\es.dll

09:08:43.0512 2932 EventSystem - ok

09:08:43.0715 2932 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

09:08:44.0090 2932 Fastfat - ok

09:08:44.0262 2932 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

09:08:44.0465 2932 FastUserSwitchingCompatibility - ok

09:08:44.0590 2932 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

09:08:44.0872 2932 Fdc - ok

09:08:44.0965 2932 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

09:08:45.0247 2932 Fips - ok

09:08:45.0309 2932 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

09:08:45.0544 2932 Flpydisk - ok

09:08:45.0669 2932 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

09:08:45.0950 2932 FltMgr - ok

09:08:46.0309 2932 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

09:08:46.0419 2932 FontCache3.0.0.0 - ok

09:08:46.0512 2932 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

09:08:46.0778 2932 Fs_Rec - ok

09:08:46.0934 2932 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

09:08:47.0231 2932 Ftdisk - ok

09:08:47.0341 2932 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys

09:08:47.0575 2932 gameenum - ok

09:08:47.0591 2932 gawhnqom - ok

09:08:47.0747 2932 getPlusHelper - ok

09:08:47.0872 2932 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

09:08:48.0153 2932 Gpc - ok

09:08:48.0544 2932 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe

09:08:48.0653 2932 gupdate - ok

09:08:48.0669 2932 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe

09:08:48.0684 2932 gupdatem - ok

09:08:48.0934 2932 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

09:08:49.0216 2932 helpsvc - ok

09:08:49.0325 2932 hidgame (923ee4eef2582909a056904ca8026015) C:\WINDOWS\system32\DRIVERS\hidgame.sys

09:08:49.0575 2932 hidgame - ok

09:08:49.0622 2932 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll

09:08:49.0888 2932 HidServ - ok

09:08:50.0013 2932 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

09:08:50.0263 2932 HidUsb - ok

09:08:50.0403 2932 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll

09:08:50.0653 2932 hkmsvc - ok

09:08:50.0669 2932 hpn - ok

09:08:51.0497 2932 HPSLPSVC (568e44f6dcfa173f3670172b69379891) C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL

09:08:52.0122 2932 HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning

09:08:52.0138 2932 HPSLPSVC - detected UnsignedFile.Multi.Generic (1)

09:08:52.0294 2932 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys

09:08:52.0997 2932 HPZid412 - ok

09:08:53.0060 2932 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

09:08:53.0122 2932 HPZipr12 - ok

09:08:53.0232 2932 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys

09:08:53.0341 2932 HPZius12 - ok

09:08:53.0700 2932 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

09:08:53.0950 2932 HTTP - ok

09:08:54.0075 2932 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll

09:08:54.0310 2932 HTTPFilter - ok

09:08:54.0341 2932 i2omgmt - ok

09:08:54.0357 2932 i2omp - ok

09:08:54.0497 2932 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

09:08:54.0747 2932 i8042prt - ok

09:08:54.0919 2932 ialm (1406d6ef4436aee970efe13193123965) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

09:08:56.0216 2932 ialm - ok

09:08:56.0591 2932 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

09:08:56.0732 2932 IDriverT ( UnsignedFile.Multi.Generic ) - warning

09:08:56.0732 2932 IDriverT - detected UnsignedFile.Multi.Generic (1)

09:08:58.0123 2932 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

09:08:59.0154 2932 idsvc - ok

09:08:59.0310 2932 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

09:08:59.0560 2932 Imapi - ok

09:08:59.0826 2932 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe

09:09:00.0185 2932 ImapiService - ok

09:09:00.0201 2932 ini910u - ok

09:09:00.0326 2932 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

09:09:00.0560 2932 IntelIde - ok

09:09:00.0607 2932 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

09:09:00.0920 2932 intelppm - ok

09:09:01.0013 2932 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

09:09:01.0295 2932 ip6fw - ok

09:09:01.0420 2932 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

09:09:01.0685 2932 IpFilterDriver - ok

09:09:01.0732 2932 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

09:09:02.0013 2932 IpInIp - ok

09:09:02.0232 2932 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

09:09:02.0592 2932 IpNat - ok

09:09:02.0701 2932 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

09:09:02.0951 2932 IPSec - ok

09:09:03.0076 2932 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

09:09:03.0217 2932 IRENUM - ok

09:09:03.0357 2932 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

09:09:03.0639 2932 isapnp - ok

09:09:04.0185 2932 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe

09:09:04.0295 2932 JavaQuickStarterService - ok

09:09:04.0357 2932 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

09:09:04.0607 2932 Kbdclass - ok

09:09:04.0732 2932 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

09:09:04.0982 2932 kbdhid - ok

09:09:05.0186 2932 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

09:09:05.0545 2932 kmixer - ok

09:09:05.0701 2932 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

09:09:05.0982 2932 KSecDD - ok

09:09:06.0170 2932 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll

09:09:06.0326 2932 lanmanserver - ok

09:09:06.0467 2932 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll

09:09:06.0639 2932 lanmanworkstation - ok

09:09:06.0654 2932 lbrtfdc - ok

09:09:06.0779 2932 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll

09:09:07.0092 2932 LmHosts - ok

09:09:07.0108 2932 MBAMSwissArmy - ok

09:09:07.0233 2932 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll

09:09:07.0451 2932 Messenger - ok

09:09:07.0576 2932 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

09:09:07.0842 2932 mnmdd - ok

09:09:07.0967 2932 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\System32\mnmsrvc.exe

09:09:08.0280 2932 mnmsrvc - ok

09:09:08.0389 2932 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

09:09:08.0717 2932 Modem - ok

09:09:08.0842 2932 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys

09:09:09.0108 2932 MODEMCSA - ok

09:09:09.0233 2932 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

09:09:09.0483 2932 Mouclass - ok

09:09:09.0608 2932 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

09:09:09.0842 2932 mouhid - ok

09:09:09.0951 2932 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

09:09:10.0233 2932 MountMgr - ok

09:09:10.0498 2932 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys

09:09:10.0623 2932 MpFilter - ok

09:09:10.0889 2932 MpKsldfa608fc - ok

09:09:10.0920 2932 mraid35x - ok

09:09:11.0155 2932 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

09:09:11.0545 2932 MRxDAV - ok

09:09:12.0045 2932 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

09:09:12.0670 2932 MRxSmb - ok

09:09:12.0764 2932 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\System32\msdtc.exe

09:09:13.0030 2932 MSDTC - ok

09:09:13.0139 2932 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

09:09:13.0374 2932 Msfs - ok

09:09:13.0405 2932 MSIServer - ok

09:09:13.0514 2932 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

09:09:13.0749 2932 MSKSSRV - ok

09:09:14.0092 2932 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) c:\Program Files\Microsoft Security Client\MsMpEng.exe

09:09:14.0108 2932 MsMpSvc - ok

09:09:14.0186 2932 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

09:09:14.0421 2932 MSPCLOCK - ok

09:09:14.0483 2932 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

09:09:14.0717 2932 MSPQM - ok

09:09:14.0827 2932 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

09:09:15.0092 2932 mssmbios - ok

09:09:15.0296 2932 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

09:09:15.0436 2932 Mup - ok

09:09:15.0686 2932 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll

09:09:16.0030 2932 napagent - ok

09:09:16.0233 2932 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

09:09:16.0514 2932 NDIS - ok

09:09:16.0561 2932 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

09:09:16.0624 2932 NdisTapi - ok

09:09:16.0686 2932 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

09:09:16.0889 2932 Ndisuio - ok

09:09:16.0983 2932 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

09:09:17.0265 2932 NdisWan - ok

09:09:17.0343 2932 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

09:09:17.0405 2932 NDProxy - ok

09:09:17.0499 2932 Net Driver HPZ12 (510c138564486ff926a3f773205c63d1) C:\WINDOWS\system32\HPZinw12.dll

09:09:17.0530 2932 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning

09:09:17.0530 2932 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)

09:09:17.0608 2932 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

09:09:17.0827 2932 NetBIOS - ok

09:09:17.0921 2932 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

09:09:18.0233 2932 NetBT - ok

09:09:18.0327 2932 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

09:09:18.0546 2932 NetDDE - ok

09:09:18.0577 2932 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

09:09:18.0749 2932 NetDDEdsdm - ok

09:09:18.0811 2932 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

09:09:18.0999 2932 Netlogon - ok

09:09:19.0171 2932 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll

09:09:19.0437 2932 Netman - ok

09:09:19.0624 2932 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

09:09:19.0687 2932 NetTcpPortSharing - ok

09:09:19.0843 2932 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll

09:09:19.0952 2932 Nla - ok

09:09:20.0015 2932 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

09:09:20.0265 2932 Npfs - ok

09:09:20.0280 2932 npggsvc - ok

09:09:20.0343 2932 NPPTNT2 (9131fe60adfab595c8da53ad6a06aa31) C:\WINDOWS\system32\npptNT2.sys

09:09:20.0358 2932 NPPTNT2 ( UnsignedFile.Multi.Generic ) - warning

09:09:20.0358 2932 NPPTNT2 - detected UnsignedFile.Multi.Generic (1)

09:09:20.0624 2932 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

09:09:21.0171 2932 Ntfs - ok

09:09:21.0249 2932 ntgrip (e966288cf47889753ef88ff165ddb56d) C:\WINDOWS\system32\drivers\ntgrip.sys

09:09:21.0343 2932 ntgrip - ok

09:09:21.0374 2932 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe

09:09:21.0530 2932 NtLmSsp - ok

09:09:21.0749 2932 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll

09:09:22.0280 2932 NtmsSvc - ok

09:09:22.0343 2932 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

09:09:22.0546 2932 Null - ok

09:09:22.0593 2932 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

09:09:22.0812 2932 NwlnkFlt - ok

09:09:22.0859 2932 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

09:09:23.0124 2932 NwlnkFwd - ok

09:09:23.0187 2932 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys

09:09:23.0421 2932 NwlnkIpx - ok

09:09:23.0484 2932 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys

09:09:23.0718 2932 NwlnkNb - ok

09:09:23.0781 2932 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys

09:09:23.0999 2932 NwlnkSpx - ok

09:09:24.0077 2932 NwSapAgent (4b83fcbbe72af5f99d109798653e8b78) C:\WINDOWS\System32\ipxsap.dll

09:09:24.0296 2932 NwSapAgent - ok

09:09:24.0390 2932 ossrv (103a9b117a7d9903111955cdafe65ac6) C:\WINDOWS\system32\drivers\ctoss2k.sys

09:09:24.0453 2932 ossrv - ok

09:09:25.0046 2932 P17 (1db419cb76493f6292ccfbdc3466f5ff) C:\WINDOWS\system32\drivers\P17.sys

09:09:26.0125 2932 P17 - ok

09:09:26.0546 2932 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

09:09:26.0781 2932 Parport - ok

09:09:26.0812 2932 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

09:09:27.0031 2932 PartMgr - ok

09:09:27.0109 2932 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

09:09:27.0343 2932 ParVdm - ok

09:09:27.0406 2932 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

09:09:27.0656 2932 PCI - ok

09:09:27.0671 2932 PCIDump - ok

09:09:27.0703 2932 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

09:09:27.0890 2932 PCIIde - ok

09:09:27.0968 2932 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

09:09:28.0265 2932 Pcmcia - ok

09:09:28.0281 2932 PDCOMP - ok

09:09:28.0297 2932 PDFRAME - ok

09:09:28.0328 2932 PDRELI - ok

09:09:28.0343 2932 PDRFRAME - ok

09:09:28.0359 2932 perc2 - ok

09:09:28.0375 2932 perc2hib - ok

09:09:28.0500 2932 pfc (957b82ec80ad7ead64e5e47df6b0dc40) C:\WINDOWS\system32\drivers\pfc.sys

09:09:28.0609 2932 pfc ( UnsignedFile.Multi.Generic ) - warning

09:09:28.0609 2932 pfc - detected UnsignedFile.Multi.Generic (1)

09:09:28.0703 2932 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

09:09:28.0750 2932 PlugPlay - ok

09:09:28.0828 2932 Pml Driver HPZ12 (37e5e8ffbad35605daeec3224ea0e465) C:\WINDOWS\system32\HPZipm12.dll

09:09:28.0875 2932 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning

09:09:28.0875 2932 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)

09:09:28.0922 2932 Point32 (273afc65fabf97326aa78ffe38b1e071) C:\WINDOWS\system32\DRIVERS\point32.sys

09:09:28.0953 2932 Point32 - ok

09:09:29.0031 2932 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

09:09:29.0250 2932 PolicyAgent - ok

09:09:29.0328 2932 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

09:09:29.0562 2932 PptpMiniport - ok

09:09:29.0609 2932 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

09:09:29.0812 2932 Processor - ok

09:09:29.0828 2932 PROCEXP151 - ok

09:09:29.0859 2932 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

09:09:30.0062 2932 ProtectedStorage - ok

09:09:30.0109 2932 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

09:09:30.0344 2932 PSched - ok

09:09:30.0406 2932 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

09:09:30.0609 2932 Ptilink - ok

09:09:30.0640 2932 ql1080 - ok

09:09:30.0656 2932 Ql10wnt - ok

09:09:30.0687 2932 ql12160 - ok

09:09:30.0703 2932 ql1240 - ok

09:09:30.0719 2932 ql1280 - ok

09:09:30.0734 2932 qpeaujk - ok

09:09:30.0797 2932 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

09:09:30.0984 2932 RasAcd - ok

09:09:31.0062 2932 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll

09:09:31.0312 2932 RasAuto - ok

09:09:31.0359 2932 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

09:09:31.0578 2932 Rasl2tp - ok

09:09:31.0719 2932 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll

09:09:31.0984 2932 RasMan - ok

09:09:32.0031 2932 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

09:09:32.0328 2932 RasPppoe - ok

09:09:32.0406 2932 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

09:09:32.0609 2932 Raspti - ok

09:09:32.0734 2932 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

09:09:33.0000 2932 Rdbss - ok

09:09:33.0047 2932 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

09:09:33.0297 2932 RDPCDD - ok

09:09:33.0406 2932 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys

09:09:33.0531 2932 RDPWD - ok

09:09:33.0641 2932 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe

09:09:33.0891 2932 RDSessMgr - ok

09:09:33.0969 2932 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

09:09:34.0234 2932 redbook - ok

09:09:34.0281 2932 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll

09:09:34.0531 2932 RemoteAccess - ok

09:09:34.0594 2932 RemoveAny (97958de86e024ef6c2ffadc389816a57) C:\WINDOWS\system32\Drivers\removeany.sys

09:09:34.0672 2932 RemoveAny ( UnsignedFile.Multi.Generic ) - warning

09:09:34.0672 2932 RemoveAny - detected UnsignedFile.Multi.Generic (1)

09:09:34.0766 2932 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\System32\locator.exe

09:09:35.0000 2932 RpcLocator - ok

09:09:35.0235 2932 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll

09:09:35.0375 2932 RpcSs - ok

09:09:35.0485 2932 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\System32\rsvp.exe

09:09:35.0735 2932 RSVP - ok

09:09:35.0797 2932 rtl8139 (2ef9c0dc26b30b2318b1fc3faa1f0ae7) C:\WINDOWS\system32\DRIVERS\R8139n51.SYS

09:09:35.0906 2932 rtl8139 - ok

09:09:35.0985 2932 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

09:09:36.0188 2932 SamSs - ok

09:09:36.0297 2932 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe

09:09:36.0563 2932 SCardSvr - ok

09:09:36.0688 2932 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll

09:09:36.0969 2932 Schedule - ok

09:09:37.0016 2932 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

09:09:37.0141 2932 Secdrv - ok

09:09:37.0219 2932 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll

09:09:37.0422 2932 seclogon - ok

09:09:37.0485 2932 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll

09:09:37.0703 2932 SENS - ok

09:09:37.0750 2932 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

09:09:37.0953 2932 serenum - ok

09:09:38.0047 2932 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

09:09:38.0282 2932 Serial - ok

09:09:38.0375 2932 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

09:09:38.0579 2932 Sfloppy - ok

09:09:38.0766 2932 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll

09:09:39.0204 2932 SharedAccess - ok

09:09:39.0344 2932 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

09:09:39.0391 2932 ShellHWDetection - ok

09:09:39.0407 2932 Simbad - ok

09:09:39.0610 2932 SPAMfighter Update Service (1ec0a00a13095e8423548dfa3394e727) C:\Program Files\Fighters\SPAMfighter\sfus.exe

09:09:39.0797 2932 SPAMfighter Update Service - ok

09:09:39.0813 2932 Sparrow - ok

09:09:39.0891 2932 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

09:09:40.0110 2932 splitter - ok

09:09:40.0204 2932 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe

09:09:40.0282 2932 Spooler - ok

09:09:40.0344 2932 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

09:09:40.0469 2932 sr - ok

09:09:40.0594 2932 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll

09:09:40.0735 2932 srservice - ok

09:09:40.0922 2932 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

09:09:41.0251 2932 Srv - ok

09:09:41.0329 2932 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll

09:09:41.0438 2932 SSDPSRV - ok

09:09:41.0516 2932 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys

09:09:41.0672 2932 StillCam - ok

09:09:41.0860 2932 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll

09:09:42.0266 2932 stisvc - ok

09:09:42.0954 2932 Suite Service (a7e21e907c39fab021ced41296fc8019) C:\Program Files\Fighters\FighterSuiteService.exe

09:09:44.0985 2932 Suite Service - ok

09:09:45.0391 2932 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

09:09:45.0595 2932 swenum - ok

09:09:45.0657 2932 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

09:09:45.0876 2932 swmidi - ok

09:09:45.0892 2932 SwPrv - ok

09:09:45.0923 2932 symc810 - ok

09:09:45.0954 2932 symc8xx - ok

09:09:45.0970 2932 sym_hi - ok

09:09:46.0001 2932 sym_u3 - ok

09:09:46.0048 2932 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

09:09:46.0282 2932 sysaudio - ok

09:09:46.0376 2932 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe

09:09:46.0642 2932 SysmonLog - ok

09:09:46.0970 2932 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll

09:09:47.0314 2932 TapiSrv - ok

09:09:47.0798 2932 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\TCPIP.SYS

09:09:52.0470 2932 Tcpip - ok

09:09:52.0548 2932 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

09:09:52.0767 2932 TDPIPE - ok

09:09:52.0830 2932 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

09:09:53.0064 2932 TDTCP - ok

09:09:53.0142 2932 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

09:09:53.0423 2932 TermDD - ok

09:09:53.0767 2932 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll

09:09:54.0189 2932 TermService - ok

09:09:54.0408 2932 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

09:09:54.0423 2932 Themes - ok

09:09:54.0439 2932 TosIde - ok

09:09:54.0611 2932 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll

09:09:54.0861 2932 TrkWks - ok

09:09:54.0986 2932 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

09:09:55.0252 2932 Udfs - ok

09:09:55.0267 2932 ultra - ok

09:09:55.0439 2932 UnlockerDriver5 (d0cb75386d9e89c864d808d64ec9160f) C:\Program Files\Unlocker\UnlockerDriver5.sys

09:09:55.0470 2932 UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - warning

09:09:55.0470 2932 UnlockerDriver5 - detected UnsignedFile.Multi.Generic (1)

09:09:55.0908 2932 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

09:09:56.0517 2932 Update - ok

09:09:56.0814 2932 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll

09:09:57.0033 2932 upnphost - ok

09:09:57.0080 2932 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe

09:09:57.0361 2932 UPS - ok

09:09:57.0470 2932 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

09:09:57.0752 2932 usbccgp - ok

09:09:57.0861 2932 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

09:09:58.0127 2932 usbehci - ok

09:09:58.0267 2932 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

09:09:58.0533 2932 usbhub - ok

09:09:58.0642 2932 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

09:09:58.0892 2932 usbprint - ok

09:09:58.0986 2932 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

09:09:59.0236 2932 usbscan - ok

09:09:59.0330 2932 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

09:09:59.0549 2932 USBSTOR - ok

09:09:59.0627 2932 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

09:09:59.0846 2932 usbuhci - ok

09:09:59.0939 2932 uti3otqy (524d8d450622db4a7875b111c299a76b) C:\WINDOWS\system32\Drivers\uti3otqy.sys

09:09:59.0955 2932 uti3otqy ( UnsignedFile.Multi.Generic ) - warning

09:09:59.0955 2932 uti3otqy - detected UnsignedFile.Multi.Generic (1)

09:10:00.0080 2932 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

09:10:00.0299 2932 VgaSave - ok

09:10:00.0330 2932 ViaIde - ok

09:10:00.0408 2932 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

09:10:00.0643 2932 VolSnap - ok

09:10:01.0049 2932 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe

09:10:01.0361 2932 VSS - ok

09:10:01.0643 2932 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll

09:10:01.0924 2932 W32Time - ok

09:10:02.0018 2932 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

09:10:02.0252 2932 Wanarp - ok

09:10:02.0268 2932 WDICA - ok

09:10:02.0424 2932 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

09:10:02.0690 2932 wdmaud - ok

09:10:02.0815 2932 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll

09:10:03.0111 2932 WebClient - ok

09:10:03.0205 2932 wimmount (05fb36a51e04a6c6b3a5f125fa692e6b) C:\WINDOWS\system32\DRIVERS\wimmount.sys

09:10:03.0237 2932 wimmount - ok

09:10:03.0533 2932 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll

09:10:03.0846 2932 winmgmt - ok

09:10:03.0971 2932 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll

09:10:04.0190 2932 WmdmPmSN - ok

09:10:04.0440 2932 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\System32\wbem\wmiapsrv.exe

09:10:04.0721 2932 WmiApSrv - ok

09:10:05.0955 2932 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe

09:10:06.0877 2932 WMPNetworkSvc - ok

09:10:07.0971 2932 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

09:10:08.0690 2932 WPFFontCache_v0400 - ok

09:10:09.0331 2932 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

09:10:09.0549 2932 WS2IFSL - ok

09:10:09.0737 2932 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll

09:10:09.0971 2932 wscsvc - ok

09:10:10.0065 2932 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll

09:10:10.0299 2932 wuauserv - ok

09:10:10.0456 2932 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

09:10:10.0612 2932 WudfPf - ok

09:10:10.0675 2932 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

09:10:10.0800 2932 WudfRd - ok

09:10:10.0956 2932 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll

09:10:11.0034 2932 WudfSvc - ok

09:10:11.0550 2932 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll

09:10:12.0159 2932 WZCSVC - ok

09:10:12.0362 2932 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll

09:10:12.0612 2932 xmlprov - ok

09:10:12.0831 2932 {6080A529-897E-4629-A488-ABA0C29B635E} (fd1f4e9cf06c71c8d73a24acf18d8296) C:\WINDOWS\system32\drivers\ialmsbw.sys

09:10:12.0956 2932 {6080A529-897E-4629-A488-ABA0C29B635E} - ok

09:10:13.0081 2932 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (d4d7331d33d1fa73e588e5ce0d90a4c1) C:\WINDOWS\system32\drivers\ialmkchw.sys

09:10:13.0175 2932 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} - ok

09:10:13.0237 2932 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

09:10:15.0878 2932 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

09:10:15.0878 2932 \Device\Harddisk0\DR0 - detected TDSS File System (1)

09:10:15.0925 2932 Boot (0x1200) (8d022bc4bcda4d5385c02154e6c11a9f) \Device\Harddisk0\DR0\Partition0

09:10:15.0941 2932 \Device\Harddisk0\DR0\Partition0 - ok

09:10:15.0941 2932 ============================================================

09:10:15.0941 2932 Scan finished

09:10:15.0941 2932 ============================================================

09:10:16.0128 2888 Detected object count: 13

09:10:16.0128 2888 Actual detected object count: 13

09:11:46.0525 2888 BANTExt ( UnsignedFile.Multi.Generic ) - skipped by user

09:11:46.0525 2888 BANTExt ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:11:46.0525 2888 Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - skipped by user

09:11:46.0525 2888 Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:11:46.0525 2888 DrvAgent32 ( UnsignedFile.Multi.Generic ) - skipped by user

09:11:46.0525 2888 DrvAgent32 ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:11:46.0525 2888 HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user

09:11:46.0525 2888 HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:11:46.0525 2888 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user

09:11:46.0525 2888 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:11:46.0525 2888 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user

09:11:46.0525 2888 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:11:46.0541 2888 NPPTNT2 ( UnsignedFile.Multi.Generic ) - skipped by user

09:11:46.0541 2888 NPPTNT2 ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:11:46.0541 2888 pfc ( UnsignedFile.Multi.Generic ) - skipped by user

09:11:46.0541 2888 pfc ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:11:46.0541 2888 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user

09:11:46.0541 2888 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:11:46.0541 2888 RemoveAny ( UnsignedFile.Multi.Generic ) - skipped by user

09:11:46.0541 2888 RemoveAny ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:11:46.0556 2888 UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - skipped by user

09:11:46.0556 2888 UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:11:46.0556 2888 uti3otqy ( UnsignedFile.Multi.Generic ) - skipped by user

09:11:46.0556 2888 uti3otqy ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:11:48.0275 2888 \Device\Harddisk0\DR0\TDLFS\z00clicker.dll - copied to quarantine

09:11:58.0791 2888 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine

09:11:58.0838 2888 \Device\Harddisk0\DR0\TDLFS - deleted

09:11:58.0838 2888 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete

09:12:20.0652 1524 Deinitialize success

Link to post
Share on other sites

TDSSKiller found and fixed some malware.

------------------------------

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

ComboFix 12-06-08.01 - Owner 06/08/2012 10:05:10.31.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.618 [GMT -4:00]

Running from: c:\documents and settings\Owner\My Documents\Downloads\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Owner\Application Data\Media Finder\Extensions\IEPLugin32.dll

.

.

((((((((((((((((((((((((( Files Created from 2012-05-08 to 2012-06-08 )))))))))))))))))))))))))))))))

.

.

2012-06-08 13:28 . 2012-06-08 13:28 -------- d-----w- c:\windows\LastGood

2012-06-08 13:12 . 2012-05-08 16:40 6737808 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C698C3AC-2695-4769-809A-62F38112CA2A}\mpengine.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-23 18:07 . 2012-04-23 18:07 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-04-23 18:07 . 2012-04-23 18:07 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-04-13 07:36 . 2012-04-30 23:03 6734704 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-04-04 19:56 . 2012-04-02 15:54 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-23 14:44 . 2012-03-23 14:45 73728 ----a-w- c:\windows\system32\javacpl.cpl

2012-03-23 14:44 . 2011-05-11 18:50 472808 ----a-w- c:\windows\system32\deployJava1.dll

2012-03-21 00:44 . 2011-04-18 17:18 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys

2010-03-26 01:39 . 2008-05-11 20:57 40960 ----a-w- c:\program files\PPSFix.exe

2008-10-20 19:13 . 2008-10-20 19:13 1820 ------w- c:\program files\IE80Blocker.cmd

2012-03-18 20:08 . 2011-10-02 21:09 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"sfagent"="c:\program files\Fighters\SPAMfighter\sfagent.exe" [2012-02-02 1197704]

"P17Helper"="P17.dll" [2005-05-03 64512]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]

"CommonToolkitTray"="c:\program files\Fighters\Tray\FightersTray.exe" [2012-02-02 1453704]

"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled

Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DfLogon]

2007-10-25 12:48 65536 ----a-w- c:\windows\system32\LogonDll.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk /k:C *

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Nikon Monitor.lnk]

backup=c:\windows\pss\Nikon Monitor.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\system32\\dpnsvr.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=

"c:\\WINDOWS\\system32\\dxdiag.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}\\setup\\hpznui01.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=

"c:\\WINDOWS\\system32\\mmc.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=

.

R0 DeepFrz;DeepFrz;c:\windows\system32\drivers\DeepFrz.sys [10/25/2007 8:52 AM 131472]

R2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\Fighters\SPAMfighter\sfus.exe [2/2/2012 5:07 PM 215688]

R2 Suite Service;Suite Service;c:\program files\Fighters\FighterSuiteService.exe [1/23/2012 2:40 PM 1324680]

S0 qpeaujk;qpeaujk; [x]

S1 gawhnqom;gawhnqom; [x]

S1 RemoveAny;RemoveAny driver;c:\windows\system32\drivers\RemoveAny.sys [9/14/2010 1:04 PM 11392]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 2:16 PM 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/22/2012 9:07 AM 136176]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/23/2012 2:07 PM 253088]

S3 cpudrv;cpudrv;\??\c:\program files\SystemRequirementsLab\cpudrv.sys --> c:\program files\SystemRequirementsLab\cpudrv.sys [?]

S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [9/12/2011 7:31 AM 23456]

S3 dump_wmimmc;dump_wmimmc; [x]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/22/2012 9:07 AM 136176]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

S3 PROCEXP151;PROCEXP151;\??\c:\windows\system32\Drivers\PROCEXP151.SYS --> c:\windows\system32\Drivers\PROCEXP151.SYS [?]

S3 uti3otqy;AVZ Kernel Driver;c:\windows\system32\drivers\uti3otqy.sys [4/13/2011 10:53 AM 7168]

S3 wimmount;wimmount;c:\windows\system32\drivers\wimmount.sys [6/15/2010 5:52 AM 19024]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 2:16 PM 753504]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 12179347

*NewlyCreated* - MBAMSWISSARMY

*Deregistered* - 12179347

*Deregistered* - MBAMSwissArmy

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

getPlusHelper REG_MULTI_SZ getPlusHelper

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

HPService REG_MULTI_SZ HPSLPSVC

.

Contents of the 'Scheduled Tasks' folder

.

2012-06-08 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-23 18:07]

.

2012-06-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-22 13:07]

.

2012-06-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-22 13:07]

.

2012-06-08 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job

- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 21:03]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://search.babylon.com/?babsrc=HP_ss&affID=111015&mntrId=0ca0ea7f0000000000000040ca66ec0e

uInternet Settings,ProxyOverride = <local>

IE: Download with &Media Finder

Trusted Zone: champlainvalleycu.com\www

Trusted Zone: firefox

Trusted Zone: ketsujin.com\fighterace

Trusted Zone: ketsujin.com\primary

Trusted Zone: ketsujin.com\update

Trusted Zone: ketsujin.com\www

Trusted Zone: mozilla

Trusted Zone: msn.com

Trusted Zone: stormofaces.com\www

Trusted Zone: youtube.com\www

TCP: DhcpNameServer = 75.75.75.75 75.75.76.76

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab

FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\5xustack.jimvt\

FF - prefs.js: network.proxy.type - 0

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-06-08 10:17

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(400)

c:\windows\system32\LogonDll.dll

.

Completion time: 2012-06-08 10:21:01

ComboFix-quarantined-files.txt 2012-06-08 14:20

ComboFix2.txt 2011-09-05 18:50

ComboFix3.txt 2011-02-09 20:35

ComboFix4.txt 2010-12-27 17:21

.

Pre-Run: 63,071,211,520 bytes free

Post-Run: 63,093,985,280 bytes free

.

- - End Of File - - 1EFF175A26390DEEFEEB6CCEEE908A57

Link to post
Share on other sites

Please do this.......

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

4. If ComboFix wants to update.....please allow it to.

File::

c:\windows\system32\drivers\uti3otqy.sys

Driver::

qpeaujk

gawhnqom

uti3otqy

DDS::

uStart Page = hxxp://search.babylon.com/?

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScript.gif

Refering to the picture above, drag CFScript into ComboFix.exe

CAUTION: Do not mouse-click ComboFix while it is running. It may cause it to stall.

After reboot, (in case it asks to reboot)......

Please provide the contents of the ComboFix log (C:\ComboFix.txt) in your next reply.

MrC

Link to post
Share on other sites

Well..I'l be hornswoggled...as my grampa used to say.

I did as you directed..printed out the instructions...Combofix started...updated...and ran.

I left the computer for half an hour and we I got back...no comboxfix...no combofix.txt...nothing,nada.

I'll try it again and report.

JD

Link to post
Share on other sites

Tried again and watched the whole process....scanned 50+ sections...deleted one file....C:\windows\.....media finder.....too fast to read it.

Rebooted by itself...no C:\ComboFix.txt to be found with "Search"

MSE realtime protection back on...MBAM back on...now I've got the Yellow Shield icon on the desktop.

Emails deleted...what a mess.

Me? I'm gonna go have a martini!

Link to post
Share on other sites

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com (<---renamed version)

Save it to your desktop.

Double click on the icon on your desktop.

Click the Scan All Users checkbox.

Push the Quick Scan button.

The scan will take about 10 minutes...depends on your hard drive size.

Two reports will open, copy and paste them in a reply here: (or attach them as .txt files)

OTL.txt <-- Will be opened

Extra.txt <-- Will be minimized

MrC

Link to post
Share on other sites

OTL Extras logfile created on: 6/8/2012 8:03:01 PM - Run 1

OTL by OldTimer - Version 3.2.47.0 Folder = C:\Documents and Settings\Owner\My Documents\Downloads

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.49 Mb Total Physical Memory | 546.34 Mb Available Physical Memory | 53.80% Memory free

1.64 Gb Paging File | 1.32 Gb Available in Paging File | 80.59% Paging File free

Paging file location(s): C:\pagefile.sys 756 756 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 74.53 Gb Total Space | 59.59 Gb Free Space | 79.95% Space Free | Partition Type: NTFS

Drive E: | 3.62 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: HOME-N4TTGLLC4R | User Name: Owner | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1201055447-1169385113-3479457641-1003\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)

Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)

Directory [Winamp.Play] -- "C:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 1

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP

"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP

"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"D:\setup\hpznui01.exe" = D:\setup\hpznui01.exe:*:Enabled:hpznui01.exe

"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe

"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe

"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe

"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe

"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe

"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe

"C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe

"C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe

"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe

"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe

"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe

"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe

"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe

"C:\Program Files\HP\Digital Imaging\{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}\setup\hpznui01.exe" = C:\Program Files\HP\Digital Imaging\{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}\setup\hpznui01.exe:*:Enabled:hpznui01.exe -- (Hewlett-Packard)

"E:\setup\hpznui01.exe" = E:\setup\hpznui01.exe:*:Enabled:hpznui01.exe

"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()

"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\WINDOWS\system32\dpnsvr.exe" = C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server -- (Microsoft Corporation)

"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox -- (Mozilla Corporation)

"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)

"C:\WINDOWS\system32\dxdiag.exe" = C:\WINDOWS\system32\dxdiag.exe:*:Enabled:Microsoft DirectX Diagnostic Tool -- (Microsoft Corporation)

"C:\Program Files\HP\Digital Imaging\{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}\setup\hpznui01.exe" = C:\Program Files\HP\Digital Imaging\{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}\setup\hpznui01.exe:*:Enabled:hpznui01.exe -- (Hewlett-Packard)

"C:\Program Files\Epson Software\Event Manager\EEventManager.exe" = C:\Program Files\Epson Software\Event Manager\EEventManager.exe:*:Enabled:EEventManager.exe -- (SEIKO EPSON CORPORATION)

"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)

"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()

"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00170409-78E1-11D2-B60F-006097C998E7}" = Microsoft Word 2000 SR-1

"{014A3EE0-6C7F-47D9-BF3C-7027DD445E51}" = SPAMfighter

"{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager

"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan

"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client

"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.7.1

"{1B1DDAD2-C704-49F8-8FC2-18DAAD9A87C5}" = Sound Blaster Audigy

"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v1.5.2.3456

"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java 6 Update 31

"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm

"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3A4D5E2D-988D-4ee9-8E7F-3AC200A2B8F5}" = 4500G510nz_Software_Min

"{3B03E732-6150-4D0A-849F-C6F4141EA78C}" = EPSON Perfection V33/V330 Photo Scanner Driver Update

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{5B05FF91-F20C-4832-A8DE-E1912639C17C}" = 4500G510nz

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD

"{690879A5-18EF-447B-98D6-B699D51008AB}" = 4500_G510nz_Help

"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox

"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}" = HP Officejet 4500 G510n-z

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer

"{95120000-003F-0409-0000-0000000FF1CE}" = Microsoft Office Excel Viewer

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{97AA0C55-AFAD-4126-B21C-F1318FB6DADA}" = Realtek RTL8139/810x Fast Ethernet NIC Driver Setup

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AA72FB28-73B4-49E5-B6B4-E78F44BBD0AD}" = Epson Copy Utility 3.5

"{B2455727-ED8F-4643-8A6E-F4AB8DE3633D}" = Network

"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center

"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01

"{FF262740-C85A-11D5-BBEC-00D0B740900A}" = Multimedia Keyboard Driver

"7-Zip" = 7-Zip 9.20

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Belarc Advisor" = Belarc Advisor 8.2

"CCleaner" = CCleaner

"Creative Software AutoUpdate" = Creative Software AutoUpdate

"DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility

"DScaler 5 Mpeg Decoders_is1" = DScaler 5 Mpeg Decoders

"EPSON Scanner" = EPSON Scan

"eSupport UndeletePlus_is1" = eSupport UndeletePlus 3.0.2.1214

"Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner

"ICQ" = ICQ

"ie8" = Windows Internet Explorer 8

"LiveReg" = LiveReg (Symantec Corporation)

"LiveUpdate" = LiveUpdate 1.80 (Symantec Corporation)

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400

"MemoriesOnTV4_is1" = MemoriesOnTV 4.1.2

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft Security Client" = Microsoft Security Essentials

"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)

"PolyView" = PolyView 4.41

"SPAMfighter" = SPAMfighter

"SysInfo" = Creative System Information

"Unlocker" = Unlocker 1.8.9

"Winamp" = Winamp (remove only)

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"XLS Converter_is1" = XLS Converter 1.7.2

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 12/13/2011 10:02:16 AM | Computer Name = HOME-N4TTGLLC4R | Source = Application Error | ID = 1001

Description = Fault bucket 439450114.

Error - 12/18/2011 5:47:23 PM | Computer Name = HOME-N4TTGLLC4R | Source = Application Hang | ID = 1002

Description = Hanging application msimn.exe, version 6.0.2900.5512, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/19/2011 8:32:57 AM | Computer Name = HOME-N4TTGLLC4R | Source = Application Error | ID = 1000

Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting

module inetcomm.dll, version 6.0.2900.6157, fault address 0x000296b8.

Error - 12/19/2011 8:33:07 AM | Computer Name = HOME-N4TTGLLC4R | Source = Application Error | ID = 1001

Description = Fault bucket -1550194707.

Error - 12/19/2011 10:36:38 AM | Computer Name = HOME-N4TTGLLC4R | Source = MPSampleSubmission | ID = 5000

Description = EventType mptelemetry, P1 80240016, P2 begininstall, P3 install, P4

3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),

P8 NIL, P9 NIL, P10 NIL.

Error - 12/19/2011 12:32:20 PM | Computer Name = HOME-N4TTGLLC4R | Source = Application Hang | ID = 1002

Description = Hanging application msimn.exe, version 6.0.2900.5512, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/19/2011 12:32:26 PM | Computer Name = HOME-N4TTGLLC4R | Source = Application Hang | ID = 1001

Description = Fault bucket 736169863.

Error - 12/19/2011 12:43:11 PM | Computer Name = HOME-N4TTGLLC4R | Source = Application Hang | ID = 1002

Description = Hanging application msimn.exe, version 6.0.2900.5512, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/20/2011 11:43:01 AM | Computer Name = HOME-N4TTGLLC4R | Source = Application Hang | ID = 1002

Description = Hanging application msimn.exe, version 6.0.2900.5512, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/20/2011 11:53:29 AM | Computer Name = HOME-N4TTGLLC4R | Source = Application Hang | ID = 1002

Description = Hanging application msimn.exe, version 6.0.2900.5512, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]

Error - 6/8/2012 2:54:44 PM | Computer Name = HOME-N4TTGLLC4R | Source = Cdrom | ID = 262151

Description = The device, \Device\CdRom1, has a bad block.

Error - 6/8/2012 3:42:08 PM | Computer Name = HOME-N4TTGLLC4R | Source = Cdrom | ID = 262151

Description = The device, \Device\CdRom1, has a bad block.

Error - 6/8/2012 3:55:26 PM | Computer Name = HOME-N4TTGLLC4R | Source = Cdrom | ID = 262151

Description = The device, \Device\CdRom1, has a bad block.

Error - 6/8/2012 8:05:05 PM | Computer Name = HOME-N4TTGLLC4R | Source = Cdrom | ID = 262151

Description = The device, \Device\CdRom1, has a bad block.

Error - 6/8/2012 8:05:08 PM | Computer Name = HOME-N4TTGLLC4R | Source = Cdrom | ID = 262151

Description = The device, \Device\CdRom1, has a bad block.

Error - 6/8/2012 8:05:11 PM | Computer Name = HOME-N4TTGLLC4R | Source = Cdrom | ID = 262151

Description = The device, \Device\CdRom1, has a bad block.

Error - 6/8/2012 8:05:14 PM | Computer Name = HOME-N4TTGLLC4R | Source = Cdrom | ID = 262151

Description = The device, \Device\CdRom1, has a bad block.

Error - 6/8/2012 8:08:40 PM | Computer Name = HOME-N4TTGLLC4R | Source = Cdrom | ID = 262151

Description = The device, \Device\CdRom1, has a bad block.

Error - 6/8/2012 8:08:43 PM | Computer Name = HOME-N4TTGLLC4R | Source = Cdrom | ID = 262151

Description = The device, \Device\CdRom1, has a bad block.

Error - 6/8/2012 8:08:45 PM | Computer Name = HOME-N4TTGLLC4R | Source = Cdrom | ID = 262151

Description = The device, \Device\CdRom1, has a bad block.

< End of report >

Link to post
Share on other sites

OTL logfile created on: 6/8/2012 8:03:01 PM - Run 1

OTL by OldTimer - Version 3.2.47.0 Folder = C:\Documents and Settings\Owner\My Documents\Downloads

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.49 Mb Total Physical Memory | 546.34 Mb Available Physical Memory | 53.80% Memory free

1.64 Gb Paging File | 1.32 Gb Available in Paging File | 80.59% Paging File free

Paging file location(s): C:\pagefile.sys 756 756 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 74.53 Gb Total Space | 59.59 Gb Free Space | 79.95% Space Free | Partition Type: NTFS

Drive E: | 3.62 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: HOME-N4TTGLLC4R | User Name: Owner | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/08 19:58:52 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\Downloads\OTL.exe

PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe

PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe

PRC - [2012/02/02 17:07:22 | 000,215,688 | ---- | M] (SPAMfighter ApS) -- C:\Program Files\Fighters\SPAMfighter\sfus.exe

PRC - [2012/02/02 17:07:18 | 001,197,704 | ---- | M] (SPAMfighter ApS) -- C:\Program Files\Fighters\SPAMfighter\sfagent.exe

PRC - [2012/02/02 15:08:46 | 001,453,704 | ---- | M] (SPAMfighter ApS) -- C:\Program Files\Fighters\Tray\FightersTray.exe

PRC - [2012/01/23 14:40:12 | 001,324,680 | ---- | M] (SPAMfighter ApS) -- C:\Program Files\Fighters\FighterSuiteService.exe

PRC - [2009/12/03 11:12:12 | 000,976,320 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe

PRC - [2008/04/13 20:12:28 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Outlook Express\msimn.exe

PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2012/03/28 08:40:28 | 002,020,416 | ---- | M] () -- C:\Program Files\Fighters\SPAMfighter\sfse.dll

MOD - [2012/02/02 17:07:44 | 000,549,512 | ---- | M] () -- C:\Program Files\Fighters\SPAMfighter\sfsg.dll

MOD - [2007/10/25 08:48:02 | 000,065,536 | ---- | M] () -- C:\WINDOWS\system32\LogonDll.dll

MOD - [2005/05/03 07:38:42 | 000,064,512 | R--- | M] () -- C:\WINDOWS\system32\P17.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®

SRV - File not found [Auto | Stopped] -- -- (DF5Serv)

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)

SRV - File not found [On_Demand | Stopped] -- -- (ACDaemon)

SRV - [2012/04/23 14:07:42 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)

SRV - [2012/02/02 17:07:22 | 000,215,688 | ---- | M] (SPAMfighter ApS) [Auto | Running] -- C:\Program Files\Fighters\SPAMfighter\sfus.exe -- (SPAMfighter Update Service)

SRV - [2012/01/23 14:40:12 | 001,324,680 | ---- | M] (SPAMfighter ApS) [Auto | Running] -- C:\Program Files\Fighters\FighterSuiteService.exe -- (Suite Service)

SRV - [2010/08/29 15:55:06 | 003,739,080 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\system32\GameMon.des -- (npggsvc)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)

DRV - File not found [Kernel | Boot | Stopped] -- -- (qpeaujk)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\Drivers\PROCEXP151.SYS -- (PROCEXP151)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)

DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)

DRV - File not found [Kernel | System | Stopped] -- -- (gawhnqom)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (dump_wmimmc)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (cpuz132)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)

DRV - File not found [Kernel | System | Stopped] -- -- (Changer)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys -- (catchme)

DRV - [2011/09/12 07:31:32 | 000,023,456 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DrvAgent32.sys -- (DrvAgent32)

DRV - [2011/08/09 17:33:58 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BANTExt.sys -- (BANTExt)

DRV - [2011/04/13 10:53:15 | 000,007,168 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\uti3otqy.sys -- (uti3otqy)

DRV - [2010/09/14 13:04:46 | 000,011,392 | ---- | M] (HeavenWard) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\RemoveAny.sys -- (RemoveAny)

DRV - [2010/03/08 22:52:45 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)

DRV - [2008/04/13 14:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)

DRV - [2008/04/13 14:45:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)

DRV - [2007/10/25 08:52:42 | 000,131,472 | ---- | M] (Faronics Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\DeepFrz.sys -- (DeepFrz)

DRV - [2006/11/10 16:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)

DRV - [2006/10/02 13:38:48 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)

DRV - [2005/07/07 04:14:30 | 001,389,056 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P17.sys -- (P17)

DRV - [2005/01/10 06:15:30 | 000,106,496 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)

DRV - [2005/01/10 06:15:24 | 000,138,752 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)

DRV - [2005/01/03 20:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\npptNT2.sys -- (NPPTNT2)

DRV - [2003/06/02 02:01:48 | 000,719,052 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)

DRV - [2002/10/04 13:04:10 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)

DRV - [2002/08/29 08:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)

DRV - [2002/08/29 08:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)

DRV - [2001/08/17 16:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk)

DRV - [2001/08/17 14:02:32 | 000,008,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hidgame.sys -- (hidgame)

DRV - [2001/08/17 12:49:04 | 000,051,552 | ---- | M] (Kensington Technology Group) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ntgrip.sys -- (ntgrip)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.emachines.com

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.emachines.com

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1201055447-1169385113-3479457641-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKU\S-1-5-21-1201055447-1169385113-3479457641-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?babsrc=HP_ss&affID=111015&mntrId=0ca0ea7f0000000000000040ca66ec0e

IE - HKU\S-1-5-21-1201055447-1169385113-3479457641-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp

IE - HKU\S-1-5-21-1201055447-1169385113-3479457641-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKU\S-1-5-21-1201055447-1169385113-3479457641-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 48 DB A4 6F 94 0A CD 01 [binary data]

IE - HKU\S-1-5-21-1201055447-1169385113-3479457641-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-1201055447-1169385113-3479457641-1003\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=111015&mntrId=0ca0ea7f0000000000000040ca66ec0e

IE - HKU\S-1-5-21-1201055447-1169385113-3479457641-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1201055447-1169385113-3479457641-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"

FF - prefs.js..network.proxy.type: 4

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll ()

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/18 16:08:02 | 000,000,000 | ---D | M]

[2011/06/25 10:52:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions

[2012/06/08 17:54:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\5xustack.jimvt\extensions

[2012/06/08 17:54:54 | 000,000,000 | ---D | M] (Ant Video Downloader) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\5xustack.jimvt\extensions\anttoolbar@ant.com

[2011/12/03 13:16:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\a77eofet.default\extensions

[2012/04/02 11:49:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2012/03/23 10:45:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}

[2012/03/18 16:08:01 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2011/10/02 17:09:10 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2011/11/09 10:31:37 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/02/10 11:50:39 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - Reg Error: Value error. File not found

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Plugin for Media Finder) - {AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2} - C:\Documents and Settings\Owner\Application Data\Media Finder\Extensions\IEPlugin32.dll (Media Finder)

O3 - HKU\S-1-5-21-1201055447-1169385113-3479457641-1003\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.

O3 - HKU\S-1-5-21-1201055447-1169385113-3479457641-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O4 - HKLM..\Run: [CommonToolkitTray] C:\Program Files\Fighters\Tray\FightersTray.exe (SPAMfighter ApS)

O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)

O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found

O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4 - HKLM..\Run: [P17Helper] C:\WINDOWS\System32\P17.dll ()

O4 - HKLM..\Run: [sfagent] C:\Program Files\Fighters\SPAMfighter\sfagent.exe (SPAMfighter ApS)

O4 - HKLM..\Run: [updReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled [2010/08/09 10:11:03 | 000,000,000 | -H-D | M]

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1201055447-1169385113-3479457641-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1201055447-1169385113-3479457641-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-21-1201055447-1169385113-3479457641-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-21-1201055447-1169385113-3479457641-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: Download with &Media Finder - Reg Error: Value error. File not found

O9 - Extra Button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\Icq.exe ()

O9 - Extra 'Tools' menuitem : ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\Icq.exe ()

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)

O12 - Plugin for: .spop - Reg Error: Value error. File not found

O15 - HKU\S-1-5-21-1201055447-1169385113-3479457641-1003\..Trusted Domains: champlainvalleycu.com ([www] https in Trusted sites)

O15 - HKU\S-1-5-21-1201055447-1169385113-3479457641-1003\..Trusted Domains: firefox ([]https in Trusted sites)

O15 - HKU\S-1-5-21-1201055447-1169385113-3479457641-1003\..Trusted Domains: ketsujin.com ([fighterace] https in Trusted sites)

O15 - HKU\S-1-5-21-1201055447-1169385113-3479457641-1003\..Trusted Domains: ketsujin.com ([primary] https in Trusted sites)

O15 - HKU\S-1-5-21-1201055447-1169385113-3479457641-1003\..Trusted Domains: ketsujin.com ([update] https in Trusted sites)

O15 - HKU\S-1-5-21-1201055447-1169385113-3479457641-1003\..Trusted Domains: ketsujin.com ([www] https in Trusted sites)

O15 - HKU\S-1-5-21-1201055447-1169385113-3479457641-1003\..Trusted Domains: mozilla ([]https in Trusted sites)

O15 - HKU\S-1-5-21-1201055447-1169385113-3479457641-1003\..Trusted Domains: msn.com ([]https in Trusted sites)

O15 - HKU\S-1-5-21-1201055447-1169385113-3479457641-1003\..Trusted Domains: stormofaces.com ([www] https in Trusted sites)

O15 - HKU\S-1-5-21-1201055447-1169385113-3479457641-1003\..Trusted Domains: youtube.com ([www] https in Trusted sites)

O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab (Device Detection)

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (Reg Error: Key error.)

O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.microsoft.com/Dcode/ActiveX/MSDcode.cab (Microsoft Data Collection Control)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1268514906265 (WUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} http://support.gateway.com/support/serialharvest/gwCID.CAB (compid Class)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab (Creative Software AutoUpdate 2)

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/15118/CTPID.cab (Creative Software AutoUpdate Support Package)

O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)

O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7BBBCB59-6D43-451E-95B3-3C52A4E31F76}: DhcpNameServer = 75.75.75.75 75.75.76.76

O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\DfLogon: DllName - (LogonDll.dll) - C:\WINDOWS\System32\LogonDll.dll ()

O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)

O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O27 - HKLM IFEO\mcmpeng.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2012/02/08 11:38:39 | 025,409,024 | R--- | M] () - E:\AUTOBIOGRAPHY OF.doc -- [ CDFS ]

O34 - HKLM BootExecute: (autocheck autochk /k:C *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/30 16:34:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth

[2012/06/08 14:58:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/08 20:01:31 | 000,000,629 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Shortcut (2) to OTL.exe.lnk

[2012/06/08 19:59:57 | 000,000,629 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to OTL.exe.lnk

[2012/06/08 19:49:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2012/06/08 19:36:44 | 000,473,388 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2012/06/08 19:36:44 | 000,076,378 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2012/06/08 19:19:30 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2012/06/08 19:17:09 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2012/06/08 19:17:08 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2012/06/08 17:54:16 | 000,002,830 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\MrCharlie replied to Strange Virus and Malwarbytes.eml

[2012/06/08 14:34:45 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job

[2012/06/08 14:24:24 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012/05/31 09:22:09 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/08 20:01:31 | 000,000,629 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Shortcut (2) to OTL.exe.lnk

[2012/06/08 19:59:57 | 000,000,629 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to OTL.exe.lnk

[2012/06/08 19:02:22 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK

[2012/06/08 17:54:16 | 000,002,830 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\MrCharlie replied to Strange Virus and Malwarbytes.eml

[2012/04/02 12:01:39 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\LogonDll.dll

[2012/02/15 07:53:21 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2012/02/14 14:25:23 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\9481

[2012/02/14 14:25:23 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\2631

[2012/02/14 14:25:23 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1548

[2012/02/14 14:25:23 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1477

[2012/02/14 14:25:23 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\0359

[2012/02/04 12:26:03 | 000,000,583 | ---- | C] () -- C:\WINDOWS\System32\Shortcut to clipbrd.exe.lnk

[2012/01/30 12:40:58 | 000,065,793 | ---- | C] () -- C:\WINDOWS\System32\esfwad.bin

[2012/01/26 15:10:33 | 000,206,293 | ---- | C] () -- C:\WINDOWS\hpwins28.dat

[2012/01/26 15:10:33 | 000,000,418 | ---- | C] () -- C:\WINDOWS\hpwmdl28.dat

[2012/01/21 22:50:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI

[2012/01/20 20:53:27 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini

[2012/01/20 20:45:44 | 000,000,061 | ---- | C] () -- C:\WINDOWS\PERFV33_330.ini

[2012/01/19 17:04:41 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat

[2012/01/19 17:04:41 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat

[2012/01/19 17:04:41 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat

[2012/01/19 17:04:41 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat

[2012/01/19 17:04:41 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat

[2012/01/19 17:04:41 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat

[2012/01/19 17:04:41 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat

[2012/01/19 17:04:41 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat

[2012/01/19 17:04:41 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat

[2012/01/19 17:04:41 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat

[2012/01/19 17:04:41 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat

[2012/01/19 17:04:41 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat

[2012/01/19 17:04:41 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat

[2012/01/19 17:04:40 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat

[2012/01/19 17:04:40 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat

[2011/12/27 09:47:07 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys

[2011/12/26 12:16:38 | 000,207,256 | ---- | C] () -- C:\WINDOWS\hpwins28.dat.temp

[2011/12/26 10:38:12 | 000,000,418 | ---- | C] () -- C:\WINDOWS\hpwmdl28.dat.temp

[2011/10/15 13:30:03 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini

[2011/10/15 09:01:53 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat

[2011/09/30 10:27:46 | 000,005,627 | R--- | C] () -- C:\WINDOWS\System32\Ludap17.ini

[2011/09/30 10:27:46 | 000,000,039 | R--- | C] () -- C:\WINDOWS\System32\ctzapxx.ini

[2011/09/07 16:03:53 | 000,065,536 | R--- | C] ( ) -- C:\WINDOWS\System32\A3d.dll

[2011/05/23 07:38:02 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Sampler Instruments

[2011/05/23 07:38:02 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Owner\Application Data\Rule Actions

[2011/05/23 07:38:02 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT

[2011/05/11 14:35:35 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\gswin32c.exe

[2011/04/13 10:53:14 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\uti3otqy.sys

[2011/03/16 09:32:40 | 000,012,288 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/03/07 12:12:08 | 000,000,006 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\date

[2011/03/07 12:12:08 | 000,000,002 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\evf6

[2010/09/24 15:40:20 | 000,000,032 | ---- | C] () -- C:\WINDOWS\vb_mconf.ini

[2010/06/22 14:12:44 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 2628 bytes -> C:\WINDOWS\System32\OEMLOGO.BMP:Q30lsldxJoudresxAaaqpcawXc

< End of report >

Link to post
Share on other sites

Yes, I have to sleep once in a while :)

Can you have a look at these folders, do you recognize them?

You may have to enable hidden files to see them:

http://www.howtogeek...-folders-in-xp/

C:\Documents and Settings\Owner\Local Settings\Application Data\2631

C:\Documents and Settings\All Users\Application Data\1548

C:\Documents and Settings\All Users\Application Data\1477

C:\Documents and Settings\All Users\Application Data\0359

---------------------------

Please do this:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | Boot | Stopped] -- -- (qpeaujk)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
    DRV - File not found [Kernel | System | Stopped] -- -- (gawhnqom)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (dump_wmimmc)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (cpuz132)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - [2011/04/13 10:53:15 | 000,007,168 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\uti3otqy.sys -- (uti3otqy)
    IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\S-1-5-21-1201055447-1169385113-3479457641-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylo...0000040ca66ec0e
    IE - HKU\S-1-5-21-1201055447-1169385113-3479457641-1003\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...0000040ca66ec0e
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - Reg Error: Value error. File not found
    O3 - HKU\S-1-5-21-1201055447-1169385113-3479457641-1003\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKU\S-1-5-21-1201055447-1169385113-3479457641-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O12 - Plugin for: .spop - Reg Error: Value error. File not found
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
    :Commands
    [EMPTYJAVA]
    [emptytemp]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

MrC

Link to post
Share on other sites

I'm working on your directions now, MrC, meanwhile when I opened up this a.m. I had a Windows message about a BIOS problem in these files:

C:\Docum~1\Owner\Locals~1\Temp\WER224b.dir00\Mini0609-01.dmp

" .sysdata.xml

I sent the report back to MS and they said contact my BIOS mfg for an update.

FWIW

Jim

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.