Jump to content

Please help with this infection


Recommended Posts

dds.txt

-------------------------------------

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 8.0.6001.18702

Run by Admin at 12:52:00 on 2013-06-12

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2040 [GMT -5:00]

.

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

============== Running Processes ================

.

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\RemitDATA\DoRA\DoRA.SVC.exe

C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\WINDOWS\system32\lxdqcoms.exe

C:\WINDOWS\system32\lxeacoms.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\capiws.exe

C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe

C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\AIM\AIM Pro\aimpro.exe

C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

C:\Program Files\Lexmark Z2400 Series\lxdqmon.exe

C:\Program Files\Lexmark S300-S400 Series\ezprint.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Canon\MyPrinter\BJMyPrt.exe

C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Lexmark S300-S400 Series\lxeamon.exe

C:\WINDOWS\Temp\temp86.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\NETGEAR\WNDA3100v2\WNDA3100v2.exe

C:\Documents and Settings\Admin\Application Data\Dropbox\bin\Dropbox.exe

C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

c:\program files\real\realplayer\RealPlay.exe

C:\Program Files\Internet Explorer\iexplore.exe

c:\program files\real\realplayer\update\realsched.exe

c:\program files\real\realplayer\RealPlay.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k imgsvc

.

============== Pseudo HJT Report ===============

.

uURLSearchHooks: SearchHook Class: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - c:\program files\devicevm\browser configuration utility\AddressBarSearch.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.8313.1002\swg.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

EB: Adobe PDF: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil11e_ActiveX.exe -update activex

mRun: [bCU] "c:\program files\devicevm\browser configuration utility\BCU.exe"

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /install

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"

mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"

mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [AIMPro] "c:\program files\aim\aim pro\aimpro.exe"

mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"

mRun: [lxdqmon.exe] "c:\program files\lexmark z2400 series\lxdqmon.exe"

mRun: [EzPrint] "c:\program files\lexmark s300-s400 series\ezprint.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon

mRun: [CanonSolutionMenuEx] c:\program files\canon\solution menu ex\CNSEMAIN.EXE /logon

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [lxeamon.exe] "c:\program files\lexmark s300-s400 series\lxeamon.exe"

mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot

mRun: [sonyAgent] c:\windows\temp\temp86.exe

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

StartupFolder: c:\docume~1\admin\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\admin\application data\dropbox\bin\Dropbox.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\eventr~1.lnk - c:\program files\the print shop 23\Remind.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wnda3100v2\WNDA3100v2.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\openvp~1.lnk - c:\program files\openvpn technologies\openvpn client\core\uiboot.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Explorer: NoDriveTypeAutoRun = dword:145

IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1300818914781

DPF: {79D6214F-CFCE-480F-9901-27950E78F1E6} - hxxps://tpotm.com/MLWebCacheCleaner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://aolsvc.aol.com/onlinegames/bejeweled2/popcaploader_v10.cab

TCP: NameServer = 192.168.0.1

TCP: Interfaces\{80D78845-1DF6-4A1D-959D-B6BAFADD98CA} : DHCPNameServer = 192.168.0.1

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\26.0.1410.43\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

.

============= SERVICES / DRIVERS ===============

.

R0 Achernar;Achernar - SCSI Command Filters;c:\windows\system32\drivers\Achernar.sys [2011-4-14 16851]

R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [2011-3-23 56208]

R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 195296]

R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2013-2-13 102008]

R1 AppleCharger;AppleCharger;c:\windows\system32\drivers\AppleCharger.sys [2011-3-22 19496]

R1 RapportCerberus_50414;RapportCerberus_50414;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\baseline\RapportCerberus32_50414.sys [2013-3-13 316984]

R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2013-2-13 102680]

R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2013-2-13 173880]

R2 BCUService;Browser Configuration Utility Service;c:\program files\devicevm\browser configuration utility\BCUService.exe [2009-10-15 223464]

R2 DoRA;WebScan DoRA;c:\program files\remitdata\dora\DoRA.SVC.exe [2006-12-14 20480]

R2 lxdq_device;lxdq_device;c:\windows\system32\lxdqcoms.exe -service --> c:\windows\system32\lxdqcoms.exe -service [?]

R2 lxea_device;lxea_device;c:\windows\system32\lxeacoms.exe -service --> c:\windows\system32\lxeacoms.exe -service [?]

R2 OpenVPNAccessClient;OpenVPN Access Client;c:\program files\openvpn technologies\openvpn client\core\capiws.exe [2010-8-12 24064]

R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2013-2-13 1124184]

R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2012-11-29 38608]

R2 WSWNDA3100v2;WSWNDA3100v2;c:\program files\netgear\wnda3100v2\WifiSvc.exe [2012-9-30 303360]

R3 Aldebaran;Aldebaran - SCSI Command Filters;c:\windows\system32\drivers\Aldebaran.sys [2011-4-14 11731]

R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2011-3-22 44032]

R3 MDPPORTVDD;MDPPORTVDD;c:\windows\system32\drivers\MDP_VDD.SYS [2012-10-25 77760]

R3 NPF;Netgroup Packet Filter;c:\windows\system32\drivers\npf.sys [2012-9-30 34064]

R3 RapportIaso;RapportIaso;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\baseline\RapportIaso.sys [2012-3-11 55448]

R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\drivers\tapoas.sys [2010-8-3 26112]

S2 5689;5689;\??\c:\docume~1\admin\locals~1\temp\5689.sys --> c:\docume~1\admin\locals~1\temp\5689.sys [?]

S2 lxdqCATSCustConnectService;lxdqCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdqserv.exe [2011-3-24 98984]

S2 lxeaCATSCustConnectService;lxeaCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxeaserv.exe [2010-4-14 193192]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-3-22 1691480]

S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]

S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\drivers\bcmwlhigh5.sys [2012-9-30 1034240]

S3 Linksys_adapter_H;Linksys Adapter Network Driver;c:\windows\system32\drivers\AE2500xp.sys [2013-1-19 1034240]

S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [2007-9-6 13824]

S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2007-10-12 99200]

.

=============== Created Last 30 ================

.

.

==================== Find3M ====================

.

2013-03-26 23:40:17 18432 ----a-w- c:\documents and settings\admin\hmrt41i651ej3.exe

.

============= FINISH: 12:53:32.89 ===============

attach.txt

----------------------------------------------------------------------------------

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 3/22/2011 1:32:49 PM

System Uptime: 6/12/2013 12:39:19 PM (0 hours ago)

.

Motherboard: Gigabyte Technology Co., Ltd. | | G31M-ES2L

Processor: Intel Pentium III Xeon processor | Socket 775 | 2799/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 466 GiB total, 421.494 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP519: 1/19/2013 3:18:46 PM - Software Distribution Service 3.0

RP520: 1/21/2013 8:31:50 AM - Software Distribution Service 3.0

RP521: 1/21/2013 8:16:53 PM - Software Distribution Service 3.0

RP522: 1/22/2013 10:36:47 AM - Software Distribution Service 3.0

RP523: 1/29/2013 7:35:35 AM - Software Distribution Service 3.0

RP524: 2/11/2013 10:15:59 AM - Software Distribution Service 3.0

RP525: 2/12/2013 10:44:56 AM - System Checkpoint

RP526: 2/13/2013 7:38:47 AM - Software Distribution Service 3.0

RP527: 2/14/2013 3:00:17 AM - Software Distribution Service 3.0

RP528: 2/17/2013 3:01:51 PM - Software Distribution Service 3.0

RP529: 2/20/2013 9:09:31 AM - Software Distribution Service 3.0

RP530: 2/23/2013 9:27:30 AM - Software Distribution Service 3.0

RP531: 2/24/2013 2:26:42 PM - Software Distribution Service 3.0

RP532: 2/25/2013 10:47:23 PM - System Checkpoint

RP533: 2/26/2013 9:33:15 AM - Software Distribution Service 3.0

RP534: 2/27/2013 3:00:14 AM - Software Distribution Service 3.0

RP535: 2/28/2013 3:29:58 AM - Software Distribution Service 3.0

RP536: 3/3/2013 8:33:45 AM - Software Distribution Service 3.0

RP537: 3/7/2013 9:15:10 AM - System Checkpoint

RP538: 3/8/2013 10:27:52 AM - System Checkpoint

RP539: 3/9/2013 11:57:52 AM - System Checkpoint

RP540: 3/10/2013 2:04:16 PM - System Checkpoint

RP541: 3/11/2013 2:23:15 PM - System Checkpoint

RP542: 3/12/2013 5:21:25 PM - Software Distribution Service 3.0

RP543: 3/13/2013 1:07:52 PM - Software Distribution Service 3.0

RP544: 3/13/2013 5:30:59 PM - Installed Rapport

RP545: 3/13/2013 5:39:17 PM - Software Distribution Service 3.0

RP546: 3/14/2013 8:50:56 PM - Software Distribution Service 3.0

RP547: 3/15/2013 9:59:49 PM - System Checkpoint

RP548: 3/16/2013 6:41:25 AM - Software Distribution Service 3.0

RP549: 3/17/2013 1:40:56 AM - Software Distribution Service 3.0

RP550: 3/18/2013 8:33:17 AM - Software Distribution Service 3.0

RP551: 3/19/2013 2:31:16 PM - Software Distribution Service 3.0

RP552: 3/25/2013 11:10:37 AM - Software Distribution Service 3.0

RP553: 3/26/2013 12:59:55 PM - System Checkpoint

RP554: 4/3/2013 12:37:58 AM - System Checkpoint

RP555: 4/4/2013 2:58:08 PM - System Checkpoint

RP556: 4/5/2013 3:39:49 PM - System Checkpoint

RP557: 4/6/2013 6:06:08 PM - System Checkpoint

RP558: 4/7/2013 7:09:17 PM - System Checkpoint

RP559: 4/8/2013 8:21:17 PM - System Checkpoint

.

==== Installed Programs ======================

.

Adobe Acrobat 8 Professional - English, Français, Deutsch

Adobe Acrobat 8.1.3 Professional

Adobe Flash Player 11 ActiveX

Adobe Photoshop 7.0

Adobe Reader X (10.1.1)

Adobe Shockwave Player 11.5

AIM Pro

ALPS MD-1000 Printer Driver

AOpen FM56-PV Controllerless PCI Modem

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver

Bonjour

Browser Configuration Utility

Canon Easy-PhotoPrint EX

Canon Inkjet Printer/Scanner/Fax Extended Survey Program

Canon MP Navigator EX 4.1

Canon MX360 series MP Drivers

Canon MX360 series User Registration

Canon My Printer

Canon Solution Menu EX

Canon Speed Dial Utility

Compatibility Pack for the 2007 Office system

Coupon Printer for Windows

Dropbox

DVD Suite

Google Chrome

Google Toolbar for Internet Explorer

Google Update Helper

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB2756822)

Hotfix for Windows XP (KB2779562)

Hotfix for Windows XP (KB915800-v4)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

HP Scanjet N6010 Drivers and Tools

iTunes

Java Auto Updater

Java 6 Update 24

Lexmark S300-S400 Series

Lexmark Z2400 Series

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2742597)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Application Error Reporting

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Office File Validation Add-In

Microsoft Office Professional Edition 2003

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 Redistributable

Microsoft Web Publishing Wizard 1.52

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Nero 7 Essentials

neroxml

NETGEAR WNDA3100v2 wireless USB 2.0 adapter

NVIDIA Drivers

NVIDIA PhysX v8.10.13

ON_OFF Charge B10.0422.2

OpenVPN Client

Paragon Backup & Recovery™ 10 Home

PowerDVD

Presto! PageManager 7.16

PrintMaster 2012 Platinum

QuickTime

Rapport

RealDownloader

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealNetworks - Microsoft Visual C++ 2010 Runtime

RealPlayer

Realtek High Definition Audio Driver

RealUpgrade 1.1

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)

Security Update for Microsoft Windows (KB2564958)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2530548)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2559049)

Security Update for Windows Internet Explorer 8 (KB2586448)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB2647516)

Security Update for Windows Internet Explorer 8 (KB2675157)

Security Update for Windows Internet Explorer 8 (KB2699988)

Security Update for Windows Internet Explorer 8 (KB2722913)

Security Update for Windows Internet Explorer 8 (KB2744842)

Security Update for Windows Internet Explorer 8 (KB2761465)

Security Update for Windows Internet Explorer 8 (KB2792100)

Security Update for Windows Internet Explorer 8 (KB2797052)

Security Update for Windows Internet Explorer 8 (KB2799329)

Security Update for Windows Internet Explorer 8 (KB2809289)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Search 4 - KB963093

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2482017)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2621440)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB2641653)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2647518)

Security Update for Windows XP (KB2653956)

Security Update for Windows XP (KB2655992)

Security Update for Windows XP (KB2659262)

Security Update for Windows XP (KB2660465)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB2676562)

Security Update for Windows XP (KB2685939)

Security Update for Windows XP (KB2686509)

Security Update for Windows XP (KB2691442)

Security Update for Windows XP (KB2695962)

Security Update for Windows XP (KB2698365)

Security Update for Windows XP (KB2705219)

Security Update for Windows XP (KB2707511)

Security Update for Windows XP (KB2709162)

Security Update for Windows XP (KB2712808)

Security Update for Windows XP (KB2718523)

Security Update for Windows XP (KB2719985)

Security Update for Windows XP (KB2723135)

Security Update for Windows XP (KB2724197)

Security Update for Windows XP (KB2727528)

Security Update for Windows XP (KB2731847)

Security Update for Windows XP (KB2753842-v2)

Security Update for Windows XP (KB2757638)

Security Update for Windows XP (KB2758857)

Security Update for Windows XP (KB2770660)

Security Update for Windows XP (KB2778344)

Security Update for Windows XP (KB2779030)

Security Update for Windows XP (KB2780091)

Security Update for Windows XP (KB2799494)

Security Update for Windows XP (KB2802968)

Security Update for Windows XP (KB2807986)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923789)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981349)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Sprint Mobile Broadband (Novatel Wireless) - Lite

The Print Shop 23

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 8 (KB2447568)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2607712)

Update for Windows XP (KB2616676)

Update for Windows XP (KB2641690)

Update for Windows XP (KB2661254-v2)

Update for Windows XP (KB2718704)

Update for Windows XP (KB2736233)

Update for Windows XP (KB2749655)

Update for Windows XP (KB898461)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

WebFldrs XP

WebScan DoRA

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 8

Windows Media Format 11 runtime

Windows Media Player 11

WinZip 11.1

.

==== Event Viewer Messages From Past Week ========

.

6/12/2013 12:49:18 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

6/12/2013 12:41:41 PM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

6/12/2013 12:41:41 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the lxeaCATSCustConnectService service to connect.

6/12/2013 12:41:41 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the lxdqCATSCustConnectService service to connect.

6/12/2013 12:41:41 PM, error: Service Control Manager [7000] - The lxeaCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

6/12/2013 12:41:41 PM, error: Service Control Manager [7000] - The lxdqCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

6/12/2013 12:41:41 PM, error: Service Control Manager [7000] - The 5689 service failed to start due to the following error: The system cannot find the file specified.

.

==== End Of File ===========================

Link to post
Share on other sites

Hello mikejones84 and welcome to Malwarebytes!

I am D-FRED-BROWN and I will be helping you. :)

Please print or save this topic. It will make it easier for you to follow the instructions and complete all of the necessary steps.

----------Step 1----------------

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

----------Step 2----------------

Please download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt

----------Step 3----------------

Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

***IMPORTANT: save ComboFix to your Desktop***

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review.

NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.

----------Step 4----------------

Please download Security Check by screen317 from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

----------Step 5----------------

In your next reply, please include the following:

  • TDSSKiller's logfile
  • MBAR mbar-log.txt and system-log.txt
  • ComboFix's report (C:\ComboFix.txt)
  • Security Check checkup.txt

After that, please let me know: How is your computer running now? Do you have any questions or concerns you'd like me to address? Don't hesitate to ask. :)

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Note:

Please make sure you are subscribed to this topic: Click on the "Follow This Topic" Button (at the top right of this page), make sure that the "Receive notification" box is checked and that it is set to "Instantly"

-------> Your topic will be closed if you haven't replied within 3 days! <--------

(If I don't respond within 24 hours, please send me a PM)

-DFB

Link to post
Share on other sites

TDSSKiller.2.8.18.0_12.06.2013_13.30.11_log.txt

----------------------------------------------------------------------------

13:30:11.0257 3740 TDSS rootkit removing tool 2.8.18.0 Jun 10 2013 21:44:19

13:30:11.0835 3740 ============================================================

13:30:11.0835 3740 Current date / time: 2013/06/12 13:30:11.0835

13:30:11.0835 3740 SystemInfo:

13:30:11.0835 3740

13:30:11.0835 3740 OS Version: 5.1.2600 ServicePack: 3.0

13:30:11.0835 3740 Product type: Workstation

13:30:11.0835 3740 ComputerName: MDR017

13:30:11.0835 3740 UserName: Admin

13:30:11.0835 3740 Windows directory: C:\WINDOWS

13:30:11.0835 3740 System windows directory: C:\WINDOWS

13:30:11.0835 3740 Processor architecture: Intel x86

13:30:11.0835 3740 Number of processors: 2

13:30:11.0835 3740 Page size: 0x1000

13:30:11.0835 3740 Boot type: Normal boot

13:30:11.0835 3740 ============================================================

13:30:13.0210 3740 Drive \Device\Harddisk0\DR0 - Size: 0x7470AFDE00 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

13:30:13.0210 3740 ============================================================

13:30:13.0210 3740 \Device\Harddisk0\DR0:

13:30:13.0210 3740 MBR partitions:

13:30:13.0210 3740 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D41

13:30:13.0210 3740 ============================================================

13:30:13.0241 3740 C: <-> \Device\Harddisk0\DR0\Partition1

13:30:13.0241 3740 ============================================================

13:30:13.0241 3740 Initialize success

13:30:13.0241 3740 ============================================================

13:30:14.0726 1800 ============================================================

13:30:14.0726 1800 Scan started

13:30:14.0726 1800 Mode: Manual;

13:30:14.0741 1800 ============================================================

13:30:16.0257 1800 ================ Scan system memory ========================

13:30:16.0257 1800 System memory - ok

13:30:16.0257 1800 ================ Scan services =============================

13:30:16.0429 1800 5689 - ok

13:30:16.0523 1800 Abiosdsk - ok

13:30:16.0523 1800 abp480n5 - ok

13:30:16.0570 1800 [ 11BB3CDC6F3F94EF667CCFD84755F2B2 ] Achernar C:\WINDOWS\system32\Drivers\Achernar.sys

13:30:16.0570 1800 Achernar - ok

13:30:16.0616 1800 [ EA38C961260F29295C6D03070FA9D0B5 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys

13:30:16.0616 1800 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ACPI.sys. Real md5: EA38C961260F29295C6D03070FA9D0B5, Fake md5: 8FD99680A539792A30E97944FDAECF17

13:30:16.0616 1800 ACPI ( Virus.Win32.Rloader.a ) - infected

13:30:16.0616 1800 ACPI - detected Virus.Win32.Rloader.a (0)

13:30:16.0648 1800 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys

13:30:16.0648 1800 ACPIEC - ok

13:30:16.0648 1800 adpu160m - ok

13:30:16.0695 1800 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys

13:30:16.0695 1800 aec - ok

13:30:16.0726 1800 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys

13:30:16.0726 1800 AFD - ok

13:30:16.0741 1800 Aha154x - ok

13:30:16.0741 1800 aic78u2 - ok

13:30:16.0741 1800 aic78xx - ok

13:30:16.0773 1800 [ 3CC4DD6676E81D9DB6409A1B935DCF3D ] Aldebaran C:\WINDOWS\System32\Drivers\Aldebaran.sys

13:30:16.0773 1800 Aldebaran - ok

13:30:16.0788 1800 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll

13:30:16.0788 1800 Alerter - ok

13:30:16.0804 1800 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe

13:30:16.0804 1800 ALG - ok

13:30:16.0804 1800 AliIde - ok

13:30:16.0866 1800 [ 267FC636801EDC5AB28E14036349E3BE ] Ambfilt C:\WINDOWS\system32\drivers\Ambfilt.sys

13:30:16.0898 1800 Ambfilt - ok

13:30:16.0898 1800 amsint - ok

13:30:16.0991 1800 [ D8E18021F91AD79CA8491CB5A5DA22D4 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

13:30:16.0991 1800 Apple Mobile Device - ok

13:30:17.0023 1800 [ F0A48CE44D3F368990CA8954340BD9A0 ] AppleCharger C:\WINDOWS\system32\DRIVERS\AppleCharger.sys

13:30:17.0023 1800 AppleCharger - ok

13:30:17.0023 1800 [ 95EF7247C50C7241FDAE39A9B3AFF4AE ] AppleChargerSrv C:\WINDOWS\system32\AppleChargerSrv.exe

13:30:17.0023 1800 AppleChargerSrv - ok

13:30:17.0038 1800 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll

13:30:17.0038 1800 AppMgmt - ok

13:30:17.0038 1800 asc - ok

13:30:17.0054 1800 asc3350p - ok

13:30:17.0054 1800 asc3550 - ok

13:30:17.0116 1800 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

13:30:17.0116 1800 aspnet_state - ok

13:30:17.0116 1800 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys

13:30:17.0116 1800 AsyncMac - ok

13:30:17.0132 1800 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys

13:30:17.0132 1800 atapi - ok

13:30:17.0132 1800 Atdisk - ok

13:30:17.0132 1800 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys

13:30:17.0148 1800 Atmarpc - ok

13:30:17.0179 1800 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll

13:30:17.0179 1800 AudioSrv - ok

13:30:17.0210 1800 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys

13:30:17.0210 1800 audstub - ok

13:30:17.0273 1800 [ BCDF72DCE41874B3AD9143D537B493B2 ] BCMH43XX C:\WINDOWS\system32\DRIVERS\bcmwlhigh5.sys

13:30:17.0288 1800 BCMH43XX - ok

13:30:17.0335 1800 [ 382B151DAFFE4A9CE9DA9F564B66761E ] BCUService C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe

13:30:17.0335 1800 BCUService - ok

13:30:17.0382 1800 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys

13:30:17.0382 1800 Beep - ok

13:30:17.0445 1800 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll

13:30:17.0445 1800 BITS - ok

13:30:17.0460 1800 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

13:30:17.0476 1800 Bonjour Service - ok

13:30:17.0523 1800 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll

13:30:17.0523 1800 Browser - ok

13:30:17.0554 1800 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys

13:30:17.0570 1800 cbidf2k - ok

13:30:17.0570 1800 cd20xrnt - ok

13:30:17.0601 1800 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys

13:30:17.0601 1800 Cdaudio - ok

13:30:17.0616 1800 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys

13:30:17.0616 1800 Cdfs - ok

13:30:17.0616 1800 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys

13:30:17.0616 1800 Cdrom - ok

13:30:17.0616 1800 Changer - ok

13:30:17.0648 1800 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe

13:30:17.0648 1800 CiSvc - ok

13:30:17.0648 1800 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe

13:30:17.0648 1800 ClipSrv - ok

13:30:17.0695 1800 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

13:30:17.0695 1800 clr_optimization_v2.0.50727_32 - ok

13:30:17.0695 1800 CmdIde - ok

13:30:17.0710 1800 COMSysApp - ok

13:30:17.0710 1800 Cpqarray - ok

13:30:17.0710 1800 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll

13:30:17.0726 1800 CryptSvc - ok

13:30:17.0726 1800 dac2w2k - ok

13:30:17.0726 1800 dac960nt - ok

13:30:17.0788 1800 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll

13:30:17.0788 1800 DcomLaunch - ok

13:30:17.0804 1800 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll

13:30:17.0804 1800 Dhcp - ok

13:30:17.0804 1800 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys

13:30:17.0804 1800 Disk - ok

13:30:17.0804 1800 dmadmin - ok

13:30:17.0866 1800 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys

13:30:17.0866 1800 dmboot - ok

13:30:17.0898 1800 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys

13:30:17.0898 1800 dmio - ok

13:30:17.0913 1800 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys

13:30:17.0913 1800 dmload - ok

13:30:17.0913 1800 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll

13:30:17.0913 1800 dmserver - ok

13:30:17.0960 1800 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys

13:30:17.0960 1800 DMusic - ok

13:30:17.0991 1800 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll

13:30:17.0991 1800 Dnscache - ok

13:30:17.0991 1800 [ 712052F6394BAC28408AE08CEC7A3FD4 ] DoRA C:\Program Files\RemitDATA\DoRA\DoRA.SVC.exe

13:30:17.0991 1800 DoRA - ok

13:30:18.0023 1800 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll

13:30:18.0101 1800 Dot3svc - ok

13:30:18.0101 1800 dpti2o - ok

13:30:18.0226 1800 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys

13:30:18.0273 1800 drmkaud - ok

13:30:18.0351 1800 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll

13:30:18.0382 1800 EapHost - ok

13:30:18.0460 1800 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll

13:30:18.0491 1800 ERSvc - ok

13:30:18.0523 1800 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe

13:30:18.0538 1800 Eventlog - ok

13:30:18.0585 1800 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll

13:30:18.0585 1800 EventSystem - ok

13:30:18.0601 1800 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys

13:30:18.0601 1800 Fastfat - ok

13:30:18.0632 1800 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll

13:30:18.0632 1800 FastUserSwitchingCompatibility - ok

13:30:18.0648 1800 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys

13:30:18.0648 1800 Fdc - ok

13:30:18.0648 1800 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys

13:30:18.0663 1800 Fips - ok

13:30:18.0710 1800 [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

13:30:18.0726 1800 FLEXnet Licensing Service - ok

13:30:18.0726 1800 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys

13:30:18.0726 1800 Flpydisk - ok

13:30:18.0757 1800 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys

13:30:18.0757 1800 FltMgr - ok

13:30:18.0820 1800 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

13:30:18.0820 1800 FontCache3.0.0.0 - ok

13:30:18.0820 1800 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys

13:30:18.0820 1800 Fs_Rec - ok

13:30:18.0835 1800 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys

13:30:18.0835 1800 Ftdisk - ok

13:30:18.0835 1800 gdrv - ok

13:30:18.0851 1800 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

13:30:18.0851 1800 GEARAspiWDM - ok

13:30:18.0866 1800 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys

13:30:18.0866 1800 Gpc - ok

13:30:18.0898 1800 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe

13:30:18.0898 1800 gupdate - ok

13:30:18.0898 1800 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe

13:30:18.0898 1800 gupdatem - ok

13:30:18.0960 1800 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

13:30:18.0960 1800 gusvc - ok

13:30:18.0976 1800 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

13:30:18.0976 1800 HDAudBus - ok

13:30:19.0007 1800 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

13:30:19.0007 1800 helpsvc - ok

13:30:19.0038 1800 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll

13:30:19.0038 1800 HidServ - ok

13:30:19.0070 1800 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys

13:30:19.0070 1800 HidUsb - ok

13:30:19.0101 1800 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll

13:30:19.0101 1800 hkmsvc - ok

13:30:19.0116 1800 [ 94AE0CEBC2F2B4F9AAA124BD17CD0DC5 ] hotcore3 C:\WINDOWS\system32\DRIVERS\hotcore3.sys

13:30:19.0116 1800 hotcore3 - ok

13:30:19.0116 1800 hpn - ok

13:30:19.0148 1800 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys

13:30:19.0148 1800 HTTP - ok

13:30:19.0195 1800 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll

13:30:19.0195 1800 HTTPFilter - ok

13:30:19.0195 1800 i2omgmt - ok

13:30:19.0210 1800 i2omp - ok

13:30:19.0257 1800 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys

13:30:19.0257 1800 i8042prt - ok

13:30:19.0320 1800 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

13:30:19.0335 1800 idsvc - ok

13:30:19.0445 1800 [ F82BC30BB2B608AF8B5540CDBAEA93A6 ] IJPLMSVC C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE

13:30:19.0445 1800 IJPLMSVC - ok

13:30:19.0460 1800 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys

13:30:19.0460 1800 Imapi - ok

13:30:19.0476 1800 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe

13:30:19.0476 1800 ImapiService - ok

13:30:19.0491 1800 ini910u - ok

13:30:19.0663 1800 [ DB01625D8E286CD17B94DCF088713D7F ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys

13:30:19.0695 1800 IntcAzAudAddService - ok

13:30:19.0695 1800 IntelIde - ok

13:30:19.0726 1800 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys

13:30:19.0726 1800 intelppm - ok

13:30:19.0757 1800 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

13:30:19.0757 1800 Ip6Fw - ok

13:30:19.0773 1800 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

13:30:19.0773 1800 IpFilterDriver - ok

13:30:19.0788 1800 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys

13:30:19.0788 1800 IpInIp - ok

13:30:19.0820 1800 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys

13:30:19.0820 1800 IpNat - ok

13:30:19.0882 1800 [ 33642C17C232AA272C68E446A2619899 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

13:30:19.0898 1800 iPod Service - ok

13:30:19.0898 1800 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys

13:30:19.0898 1800 IPSec - ok

13:30:19.0960 1800 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys

13:30:19.0960 1800 IRENUM - ok

13:30:19.0976 1800 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys

13:30:19.0976 1800 isapnp - ok

13:30:20.0038 1800 [ 5E06A9D23727DAF96FAA796F1135FDCD ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe

13:30:20.0038 1800 JavaQuickStarterService - ok

13:30:20.0054 1800 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys

13:30:20.0054 1800 Kbdclass - ok

13:30:20.0085 1800 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys

13:30:20.0085 1800 kbdhid - ok

13:30:20.0116 1800 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys

13:30:20.0116 1800 kmixer - ok

13:30:20.0148 1800 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys

13:30:20.0148 1800 KSecDD - ok

13:30:20.0179 1800 [ 96478FE91C5A37C673EBE3DA87C1A115 ] L1c C:\WINDOWS\system32\DRIVERS\l1c51x86.sys

13:30:20.0179 1800 L1c - ok

13:30:20.0226 1800 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll

13:30:20.0226 1800 LanmanServer - ok

13:30:20.0288 1800 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll

13:30:20.0288 1800 lanmanworkstation - ok

13:30:20.0288 1800 lbrtfdc - ok

13:30:20.0351 1800 [ BCDF72DCE41874B3AD9143D537B493B2 ] Linksys_adapter_H C:\WINDOWS\system32\DRIVERS\AE2500xp.sys

13:30:20.0366 1800 Linksys_adapter_H - ok

13:30:20.0366 1800 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll

13:30:20.0366 1800 LmHosts - ok

13:30:20.0445 1800 [ 0B0C4DB8A3886A7EAEE403D4674C5820 ] lxdqCATSCustConnectService C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdqserv.exe

13:30:20.0445 1800 lxdqCATSCustConnectService - ok

13:30:20.0445 1800 lxdq_device - ok

13:30:20.0491 1800 [ 2349335A8033FD9834D1C401EAE1C9BF ] lxeaCATSCustConnectService C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxeaserv.exe

13:30:20.0491 1800 lxeaCATSCustConnectService - ok

13:30:20.0507 1800 lxea_device - ok

13:30:20.0570 1800 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

13:30:20.0570 1800 MDM - ok

13:30:20.0616 1800 [ A1E9D936EAC07EE9386E87BAC1377FAD ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

13:30:20.0616 1800 mdmxsdk - ok

13:30:20.0663 1800 [ 245F590840D69A52C553A6A296464F8D ] MDPPORTVDD C:\WINDOWS\system32\Drivers\MDP_VDD.SYS

13:30:20.0663 1800 MDPPORTVDD - ok

13:30:20.0679 1800 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll

13:30:20.0679 1800 Messenger - ok

13:30:20.0695 1800 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys

13:30:20.0695 1800 mnmdd - ok

13:30:20.0726 1800 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe

13:30:20.0726 1800 mnmsrvc - ok

13:30:20.0741 1800 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys

13:30:20.0741 1800 Modem - ok

13:30:20.0757 1800 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys

13:30:20.0757 1800 MODEMCSA - ok

13:30:20.0804 1800 [ C7D9F9717916B34C1B00DD4834AF485C ] Monfilt C:\WINDOWS\system32\drivers\Monfilt.sys

13:30:20.0820 1800 Monfilt - ok

13:30:20.0820 1800 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys

13:30:20.0820 1800 Mouclass - ok

13:30:20.0835 1800 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys

13:30:20.0835 1800 mouhid - ok

13:30:20.0851 1800 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys

13:30:20.0851 1800 MountMgr - ok

13:30:20.0866 1800 [ CF105EE42E3F71E648CEBB3F666E1CF0 ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys

13:30:20.0866 1800 MpFilter - ok

13:30:20.0882 1800 mraid35x - ok

13:30:20.0898 1800 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys

13:30:20.0913 1800 MRxDAV - ok

13:30:20.0960 1800 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

13:30:20.0976 1800 MRxSmb - ok

13:30:21.0007 1800 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe

13:30:21.0007 1800 MSDTC - ok

13:30:21.0007 1800 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys

13:30:21.0023 1800 Msfs - ok

13:30:21.0023 1800 MSIServer - ok

13:30:21.0023 1800 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys

13:30:21.0038 1800 MSKSSRV - ok

13:30:21.0038 1800 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys

13:30:21.0038 1800 MSPCLOCK - ok

13:30:21.0054 1800 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys

13:30:21.0054 1800 MSPQM - ok

13:30:21.0101 1800 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys

13:30:21.0101 1800 mssmbios - ok

13:30:21.0132 1800 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys

13:30:21.0132 1800 Mup - ok

13:30:21.0163 1800 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll

13:30:21.0163 1800 napagent - ok

13:30:21.0195 1800 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys

13:30:21.0195 1800 NDIS - ok

13:30:21.0241 1800 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys

13:30:21.0241 1800 NdisTapi - ok

13:30:21.0257 1800 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys

13:30:21.0257 1800 Ndisuio - ok

13:30:21.0273 1800 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys

13:30:21.0273 1800 NdisWan - ok

13:30:21.0320 1800 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys

13:30:21.0320 1800 NDProxy - ok

13:30:21.0335 1800 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys

13:30:21.0335 1800 NetBIOS - ok

13:30:21.0351 1800 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys

13:30:21.0351 1800 NetBT - ok

13:30:21.0382 1800 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe

13:30:21.0382 1800 NetDDE - ok

13:30:21.0382 1800 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe

13:30:21.0382 1800 NetDDEdsdm - ok

13:30:21.0413 1800 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe

13:30:21.0413 1800 Netlogon - ok

13:30:21.0429 1800 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll

13:30:21.0429 1800 Netman - ok

13:30:21.0491 1800 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

13:30:21.0491 1800 NetTcpPortSharing - ok

13:30:21.0538 1800 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll

13:30:21.0538 1800 Nla - ok

13:30:21.0679 1800 [ A328A46D87BB92CE4D8A4528E9D84787 ] NMIndexingService C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

13:30:21.0679 1800 NMIndexingService - ok

13:30:21.0726 1800 [ 6623E51595C0076755C29C00846C4EB2 ] NPF C:\WINDOWS\system32\DRIVERS\npf.sys

13:30:21.0726 1800 NPF - ok

13:30:21.0741 1800 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys

13:30:21.0741 1800 Npfs - ok

13:30:21.0788 1800 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys

13:30:21.0804 1800 Ntfs - ok

13:30:21.0804 1800 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe

13:30:21.0804 1800 NtLmSsp - ok

13:30:21.0866 1800 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll

13:30:21.0866 1800 NtmsSvc - ok

13:30:21.0882 1800 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys

13:30:21.0882 1800 Null - ok

13:30:22.0038 1800 [ CE34061A298BFB4EBD1A0BB8592DC977 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

13:30:22.0210 1800 nv - ok

13:30:22.0257 1800 [ 77ECDF9E3D43D4E86E85B73886992625 ] NVSvc C:\WINDOWS\system32\nvsvc32.exe

13:30:22.0273 1800 NVSvc - ok

13:30:22.0304 1800 [ 67FB86EEB94059177642050718D57460 ] NWADI C:\WINDOWS\system32\DRIVERS\NWADIenum.sys

13:30:22.0320 1800 NWADI - ok

13:30:22.0351 1800 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

13:30:22.0351 1800 NwlnkFlt - ok

13:30:22.0366 1800 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

13:30:22.0366 1800 NwlnkFwd - ok

13:30:22.0382 1800 [ AB2155B8ACDF07E63E26C9A0ED07B825 ] NWUSBCDFIL C:\WINDOWS\system32\DRIVERS\NwUsbCdFil.sys

13:30:22.0382 1800 NWUSBCDFIL - ok

13:30:22.0398 1800 [ 4E651808B35656AC88A4DCDAF6CC1169 ] NWUSBModem C:\WINDOWS\system32\DRIVERS\nwusbmdm.sys

13:30:22.0398 1800 NWUSBModem - ok

13:30:22.0445 1800 [ 4E651808B35656AC88A4DCDAF6CC1169 ] NWUSBPort C:\WINDOWS\system32\DRIVERS\nwusbser.sys

13:30:22.0445 1800 NWUSBPort - ok

13:30:22.0460 1800 [ 4E651808B35656AC88A4DCDAF6CC1169 ] NWUSBPort2 C:\WINDOWS\system32\DRIVERS\nwusbser2.sys

13:30:22.0460 1800 NWUSBPort2 - ok

13:30:22.0554 1800 [ 8C02B0CC65BEE71124A565062BA77B39 ] OpenVPNAccessClient C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\capiws.exe

13:30:22.0554 1800 OpenVPNAccessClient - ok

13:30:22.0648 1800 [ 63545E409A639A9612E752FBD1629F1D ] OSCM Utility Service C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe

13:30:22.0648 1800 OSCM Utility Service - ok

13:30:22.0695 1800 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

13:30:22.0695 1800 ose - ok

13:30:22.0726 1800 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys

13:30:22.0726 1800 Parport - ok

13:30:22.0741 1800 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys

13:30:22.0741 1800 PartMgr - ok

13:30:22.0773 1800 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys

13:30:22.0788 1800 ParVdm - ok

13:30:22.0835 1800 [ 1961590AA191B6B7DCF18A6A693AF7B8 ] PCASp50 C:\WINDOWS\system32\Drivers\PCASp50.sys

13:30:22.0835 1800 PCASp50 - ok

13:30:22.0851 1800 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys

13:30:22.0851 1800 PCI - ok

13:30:22.0851 1800 PCIDump - ok

13:30:22.0866 1800 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys

13:30:22.0866 1800 PCIIde - ok

13:30:22.0882 1800 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys

13:30:22.0882 1800 Pcmcia - ok

13:30:22.0882 1800 PDCOMP - ok

13:30:22.0882 1800 PDFRAME - ok

13:30:22.0898 1800 PDRELI - ok

13:30:22.0898 1800 PDRFRAME - ok

13:30:22.0898 1800 perc2 - ok

13:30:22.0898 1800 perc2hib - ok

13:30:22.0945 1800 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe

13:30:22.0945 1800 PlugPlay - ok

13:30:22.0945 1800 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe

13:30:22.0945 1800 PolicyAgent - ok

13:30:22.0960 1800 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys

13:30:22.0960 1800 PptpMiniport - ok

13:30:22.0960 1800 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe

13:30:22.0960 1800 ProtectedStorage - ok

13:30:22.0960 1800 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys

13:30:22.0976 1800 PSched - ok

13:30:22.0976 1800 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys

13:30:22.0976 1800 Ptilink - ok

13:30:22.0976 1800 ql1080 - ok

13:30:22.0976 1800 Ql10wnt - ok

13:30:22.0991 1800 ql12160 - ok

13:30:22.0991 1800 ql1240 - ok

13:30:22.0991 1800 ql1280 - ok

13:30:23.0179 1800 [ CD55DB50735961FF8046AD3160E900A6 ] RapportCerberus_50414 C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_50414.sys

13:30:23.0179 1800 RapportCerberus_50414 - ok

13:30:23.0241 1800 [ 8D0A8AF4AD6BE98D2C807BF7B643B8BC ] RapportEI C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys

13:30:23.0241 1800 RapportEI - ok

13:30:23.0273 1800 [ AE845C6B4305AAD70B9FE2C1F2D4593D ] RapportIaso c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\baseline\rapportiaso.sys

13:30:23.0273 1800 RapportIaso - ok

13:30:23.0288 1800 [ 2DA510F53AA703D68D95E8AF82F5F2B4 ] RapportKELL C:\WINDOWS\system32\Drivers\RapportKELL.sys

13:30:23.0288 1800 RapportKELL - ok

13:30:23.0351 1800 [ 9B0E9AF5C264521C635A3C3CB966AF85 ] RapportMgmtService C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe

13:30:23.0366 1800 RapportMgmtService - ok

13:30:23.0366 1800 [ 11C5C0FDB224E88AAD8B6B712D1FE7DF ] RapportPG C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys

13:30:23.0366 1800 RapportPG - ok

13:30:23.0413 1800 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys

13:30:23.0413 1800 RasAcd - ok

13:30:23.0445 1800 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll

13:30:23.0460 1800 RasAuto - ok

13:30:23.0460 1800 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

13:30:23.0460 1800 Rasl2tp - ok

13:30:23.0491 1800 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll

13:30:23.0491 1800 RasMan - ok

13:30:23.0491 1800 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys

13:30:23.0507 1800 RasPppoe - ok

13:30:23.0507 1800 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys

13:30:23.0507 1800 Raspti - ok

13:30:23.0523 1800 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys

13:30:23.0523 1800 Rdbss - ok

13:30:23.0538 1800 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

13:30:23.0538 1800 RDPCDD - ok

13:30:23.0554 1800 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys

13:30:23.0554 1800 rdpdr - ok

13:30:23.0601 1800 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys

13:30:23.0601 1800 RDPWD - ok

13:30:23.0648 1800 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe

13:30:23.0648 1800 RDSessMgr - ok

13:30:23.0741 1800 [ A0FF419B61AE47E26ADF3BB15DB4F2FE ] RealNetworks Downloader Resolver Service C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe

13:30:23.0741 1800 RealNetworks Downloader Resolver Service - ok

13:30:23.0757 1800 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys

13:30:23.0757 1800 redbook - ok

13:30:23.0788 1800 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll

13:30:23.0788 1800 RemoteAccess - ok

13:30:23.0820 1800 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll

13:30:23.0820 1800 RemoteRegistry - ok

13:30:23.0913 1800 [ 06A49B7BDC36CFBF97DD90804F833369 ] RichVideo C:\Program Files\CyberLink\Shared Files\RichVideo.exe

13:30:23.0913 1800 RichVideo - ok

13:30:23.0945 1800 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe

13:30:23.0945 1800 RpcLocator - ok

13:30:23.0960 1800 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll

13:30:23.0960 1800 RpcSs - ok

13:30:24.0007 1800 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe

13:30:24.0007 1800 RSVP - ok

13:30:24.0038 1800 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe

13:30:24.0038 1800 SamSs - ok

13:30:24.0070 1800 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe

13:30:24.0085 1800 SCardSvr - ok

13:30:24.0101 1800 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll

13:30:24.0101 1800 Schedule - ok

13:30:24.0132 1800 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys

13:30:24.0148 1800 Secdrv - ok

13:30:24.0148 1800 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll

13:30:24.0148 1800 seclogon - ok

13:30:24.0179 1800 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll

13:30:24.0179 1800 SENS - ok

13:30:24.0195 1800 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys

13:30:24.0195 1800 serenum - ok

13:30:24.0210 1800 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys

13:30:24.0210 1800 Serial - ok

13:30:24.0257 1800 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys

13:30:24.0257 1800 Sfloppy - ok

13:30:24.0273 1800 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll

13:30:24.0273 1800 ShellHWDetection - ok

13:30:24.0288 1800 Simbad - ok

13:30:24.0288 1800 Sparrow - ok

13:30:24.0351 1800 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys

13:30:24.0351 1800 splitter - ok

13:30:24.0366 1800 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe

13:30:24.0366 1800 Spooler - ok

13:30:24.0398 1800 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys

13:30:24.0398 1800 sr - ok

13:30:24.0413 1800 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll

13:30:24.0413 1800 srservice - ok

13:30:24.0445 1800 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys

13:30:24.0445 1800 Srv - ok

13:30:24.0460 1800 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll

13:30:24.0460 1800 SSDPSRV - ok

13:30:24.0523 1800 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll

13:30:24.0523 1800 stisvc - ok

13:30:24.0538 1800 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys

13:30:24.0538 1800 swenum - ok

13:30:24.0570 1800 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys

13:30:24.0570 1800 swmidi - ok

13:30:24.0570 1800 SwPrv - ok

13:30:24.0570 1800 symc810 - ok

13:30:24.0570 1800 symc8xx - ok

13:30:24.0585 1800 sym_hi - ok

13:30:24.0585 1800 sym_u3 - ok

13:30:24.0616 1800 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys

13:30:24.0616 1800 sysaudio - ok

13:30:24.0663 1800 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe

13:30:24.0663 1800 SysmonLog - ok

13:30:24.0695 1800 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll

13:30:24.0695 1800 TapiSrv - ok

13:30:24.0726 1800 [ 827C8058C284FF0013E4462EFE2591A3 ] tapoas C:\WINDOWS\system32\DRIVERS\tapoas.sys

13:30:24.0726 1800 tapoas - ok

13:30:24.0788 1800 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys

13:30:24.0788 1800 Tcpip - ok

13:30:24.0820 1800 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys

13:30:24.0820 1800 TDPIPE - ok

13:30:24.0820 1800 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys

13:30:24.0835 1800 TDTCP - ok

13:30:24.0835 1800 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys

13:30:24.0835 1800 TermDD - ok

13:30:24.0882 1800 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll

13:30:24.0882 1800 TermService - ok

13:30:24.0882 1800 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll

13:30:24.0882 1800 Themes - ok

13:30:24.0913 1800 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe

13:30:24.0913 1800 TlntSvr - ok

13:30:24.0913 1800 TosIde - ok

13:30:24.0929 1800 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll

13:30:24.0929 1800 TrkWks - ok

13:30:24.0960 1800 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys

13:30:24.0960 1800 Udfs - ok

13:30:24.0991 1800 [ 6E0623289D4A476BC4178999A1C7DCF6 ] UimBus C:\WINDOWS\system32\DRIVERS\UimBus.sys

13:30:25.0007 1800 UimBus - ok

13:30:25.0007 1800 [ A5637C7DE21195B2591D28724F9CDAD5 ] Uim_IM C:\WINDOWS\system32\Drivers\Uim_IM.sys

13:30:25.0007 1800 Uim_IM - ok

13:30:25.0007 1800 ultra - ok

13:30:25.0070 1800 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys

13:30:25.0070 1800 Update - ok

13:30:25.0116 1800 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll

13:30:25.0116 1800 upnphost - ok

13:30:25.0116 1800 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe

13:30:25.0116 1800 UPS - ok

13:30:25.0148 1800 [ D4FB6ECC60A428564BA8768B0E23C0FC ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys

13:30:25.0148 1800 USBAAPL - ok

13:30:25.0195 1800 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys

13:30:25.0195 1800 usbccgp - ok

13:30:25.0257 1800 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys

13:30:25.0257 1800 usbehci - ok

13:30:25.0304 1800 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys

13:30:25.0304 1800 usbhub - ok

13:30:25.0351 1800 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys

13:30:25.0351 1800 usbprint - ok

13:30:25.0398 1800 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys

13:30:25.0398 1800 usbscan - ok

13:30:25.0445 1800 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

13:30:25.0445 1800 USBSTOR - ok

13:30:25.0476 1800 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys

13:30:25.0476 1800 usbuhci - ok

13:30:25.0523 1800 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys

13:30:25.0523 1800 VgaSave - ok

13:30:25.0523 1800 ViaIde - ok

13:30:25.0538 1800 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys

13:30:25.0538 1800 VolSnap - ok

13:30:25.0570 1800 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe

13:30:25.0570 1800 VSS - ok

13:30:25.0601 1800 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll

13:30:25.0601 1800 W32Time - ok

13:30:25.0616 1800 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys

13:30:25.0616 1800 Wanarp - ok

13:30:25.0616 1800 WDICA - ok

13:30:25.0632 1800 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys

13:30:25.0632 1800 wdmaud - ok

13:30:25.0663 1800 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll

13:30:25.0679 1800 WebClient - ok

13:30:25.0710 1800 [ E3DF12CE194D1DA6CA7FDC0D8FBCB55E ] Winachcf C:\WINDOWS\system32\DRIVERS\winachcf.sys

13:30:25.0726 1800 Winachcf - ok

13:30:25.0820 1800 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll

13:30:25.0820 1800 winmgmt - ok

13:30:25.0866 1800 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll

13:30:25.0866 1800 WmdmPmSN - ok

13:30:25.0945 1800 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll

13:30:25.0945 1800 Wmi - ok

13:30:26.0023 1800 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe

13:30:26.0023 1800 WmiApSrv - ok

13:30:26.0101 1800 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe

13:30:26.0116 1800 WMPNetworkSvc - ok

13:30:26.0195 1800 [ D161D62AE8D3F3EC1197B012D5E47431 ] WSWNDA3100v2 C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe

13:30:26.0195 1800 WSWNDA3100v2 - ok

13:30:26.0241 1800 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll

13:30:26.0241 1800 wuauserv - ok

13:30:26.0288 1800 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys

13:30:26.0288 1800 WudfPf - ok

13:30:26.0304 1800 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys

13:30:26.0304 1800 WudfRd - ok

13:30:26.0335 1800 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll

13:30:26.0335 1800 WudfSvc - ok

13:30:26.0382 1800 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll

13:30:26.0382 1800 WZCSVC - ok

13:30:26.0413 1800 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll

13:30:26.0413 1800 xmlprov - ok

13:30:26.0413 1800 ================ Scan global ===============================

13:30:26.0460 1800 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll

13:30:26.0491 1800 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll

13:30:26.0507 1800 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll

13:30:26.0538 1800 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe

13:30:26.0554 1800 [Global] - ok

13:30:26.0554 1800 ================ Scan MBR ==================================

13:30:26.0570 1800 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0

13:30:26.0788 1800 \Device\Harddisk0\DR0 - ok

13:30:26.0788 1800 ================ Scan VBR ==================================

13:30:26.0788 1800 [ 1E4E76DBDEC7EA776BF4F8DABA81F99D ] \Device\Harddisk0\DR0\Partition1

13:30:26.0788 1800 \Device\Harddisk0\DR0\Partition1 - ok

13:30:26.0788 1800 ============================================================

13:30:26.0788 1800 Scan finished

13:30:26.0788 1800 ============================================================

13:30:26.0788 5140 Detected object count: 1

13:30:26.0788 5140 Actual detected object count: 1

13:30:35.0523 5140 C:\WINDOWS\system32\DRIVERS\ACPI.sys - copied to quarantine

13:30:36.0070 5140 Backup copy found, using it..

13:30:36.0179 5140 C:\WINDOWS\system32\DRIVERS\ACPI.sys - will be cured on reboot

13:30:36.0179 5140 ACPI ( Virus.Win32.Rloader.a ) - User select action: Cure

13:30:53.0288 3972 Deinitialize success

TDSSKiller.2.8.18.0_12.06.2013_13.37.40_log.txt

-----------------------------------------------------------------------------------------------------

13:37:40.0000 2500 TDSS rootkit removing tool 2.8.18.0 Jun 10 2013 21:44:19

13:37:40.0546 2500 ============================================================

13:37:40.0546 2500 Current date / time: 2013/06/12 13:37:40.0546

13:37:40.0546 2500 SystemInfo:

13:37:40.0546 2500

13:37:40.0546 2500 OS Version: 5.1.2600 ServicePack: 3.0

13:37:40.0546 2500 Product type: Workstation

13:37:40.0546 2500 ComputerName: MDR017

13:37:40.0546 2500 UserName: Admin

13:37:40.0546 2500 Windows directory: C:\WINDOWS

13:37:40.0546 2500 System windows directory: C:\WINDOWS

13:37:40.0546 2500 Processor architecture: Intel x86

13:37:40.0546 2500 Number of processors: 2

13:37:40.0546 2500 Page size: 0x1000

13:37:40.0546 2500 Boot type: Normal boot

13:37:40.0546 2500 ============================================================

13:37:40.0546 2500 BG loaded

13:37:44.0281 2500 Drive \Device\Harddisk0\DR0 - Size: 0x7470AFDE00 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

13:38:55.0359 2500 ============================================================

13:38:55.0359 2500 \Device\Harddisk0\DR0:

13:39:00.0875 2500 MBR partitions:

13:39:00.0875 2500 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D41

13:39:00.0875 2500 ============================================================

13:39:01.0109 2500 C: <-> \Device\Harddisk0\DR0\Partition1

13:39:01.0109 2500 ============================================================

13:39:01.0109 2500 Initialize success

13:39:01.0109 2500 ============================================================

13:39:13.0765 2440 Deinitialize success

mbar-log-2013-06-12 (14-43-34).txt

---------------------------------------------------------------------

Malwarebytes Anti-Rootkit BETA 1.06.0.1003

www.malwarebytes.org

Database version: v2013.06.12.06

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Admin :: MDR017 [administrator]

6/12/2013 2:43:34 PM

mbar-log-2013-06-12 (14-43-34).txt

Scan type: Quick scan

Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P

Scan options disabled: Deep Anti-Rootkit Scan | PUP

Objects scanned: 222084

Time elapsed: 30 minute(s), 48 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

Physical Sectors Detected: 0

(No malicious items detected)

(end)

system-log.txt

----------------------------------------------------------------------------

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.06.0.1003

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

Java version: 1.6.0_24

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED

CPU speed: 2.799000 GHz

Memory total: 3488002048, free: 2717982720

Downloaded database version: v2013.06.12.06

Downloaded database version: v2013.05.22.01

Initializing...

------------ Kernel report ------------

06/12/2013 13:49:23

------------ Loaded modules -----------

\WINDOWS\system32\ntkrnlpa.exe

\WINDOWS\system32\hal.dll

\WINDOWS\system32\KDCOM.DLL

\WINDOWS\system32\BOOTVID.dll

68615310.sys

tsk33.tmp

\WINDOWS\system32\drivers\WMILIB.SYS

pci.sys

isapnp.sys

pciide.sys

\WINDOWS\system32\DRIVERS\PCIIDEX.SYS

MountMgr.sys

ftdisk.sys

dmload.sys

dmio.sys

PartMgr.sys

Achernar.sys

VolSnap.sys

atapi.sys

disk.sys

\WINDOWS\system32\DRIVERS\CLASSPNP.SYS

fltMgr.sys

sr.sys

MpFilter.sys

KSecDD.sys

Ntfs.sys

NDIS.sys

RapportKELL.sys

Mup.sys

hotcore3.sys

\SystemRoot\system32\DRIVERS\intelppm.sys

\SystemRoot\system32\DRIVERS\nv4_mini.sys

\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS

\SystemRoot\system32\DRIVERS\HDAudBus.sys

\SystemRoot\system32\DRIVERS\l1c51x86.sys

\SystemRoot\system32\DRIVERS\usbuhci.sys

\SystemRoot\system32\DRIVERS\USBPORT.SYS

\SystemRoot\system32\DRIVERS\usbehci.sys

\SystemRoot\system32\DRIVERS\winachcf.sys

\SystemRoot\System32\Drivers\Modem.SYS

\SystemRoot\system32\DRIVERS\serial.sys

\SystemRoot\system32\DRIVERS\serenum.sys

\SystemRoot\system32\DRIVERS\parport.sys

\SystemRoot\system32\DRIVERS\i8042prt.sys

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\DRIVERS\imapi.sys

\SystemRoot\System32\Drivers\Aldebaran.sys

\SystemRoot\system32\DRIVERS\cdrom.sys

\SystemRoot\system32\DRIVERS\redbook.sys

\SystemRoot\system32\DRIVERS\ks.sys

\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

\SystemRoot\system32\DRIVERS\audstub.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\system32\DRIVERS\psched.sys

\SystemRoot\system32\DRIVERS\msgpc.sys

\SystemRoot\system32\DRIVERS\ptilink.sys

\SystemRoot\system32\DRIVERS\raspti.sys

\SystemRoot\system32\DRIVERS\tapoas.sys

\SystemRoot\system32\DRIVERS\rdpdr.sys

\SystemRoot\system32\DRIVERS\termdd.sys

\SystemRoot\system32\DRIVERS\swenum.sys

\SystemRoot\system32\DRIVERS\update.sys

\SystemRoot\system32\DRIVERS\mssmbios.sys

\SystemRoot\system32\DRIVERS\NWADIenum.sys

\SystemRoot\system32\DRIVERS\UimBus.sys

\SystemRoot\System32\Drivers\Uim_IM.sys

\SystemRoot\System32\Drivers\UimFIO.SYS

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\drivers\RtkHDAud.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\system32\drivers\MODEMCSA.sys

\??\C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_50414.sys

\SystemRoot\System32\Drivers\Fs_Rec.SYS

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\system32\DRIVERS\HIDPARSE.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\Drivers\mnmdd.SYS

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\rasacd.sys

\SystemRoot\system32\DRIVERS\ipsec.sys

\SystemRoot\system32\DRIVERS\tcpip.sys

\SystemRoot\system32\DRIVERS\netbt.sys

\SystemRoot\System32\drivers\afd.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys

\??\C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\System32\Drivers\Fips.SYS

\SystemRoot\system32\DRIVERS\AppleCharger.sys

\SystemRoot\System32\Drivers\Cdfs.SYS

\SystemRoot\System32\Drivers\dump_atapi.sys

\SystemRoot\System32\Drivers\dump_WMILIB.SYS

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\System32\watchdog.sys

\SystemRoot\System32\drivers\dxg.sys

\SystemRoot\System32\drivers\dxgthk.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\System32\nv4_disp.dll

\SystemRoot\System32\ATMFD.DLL

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\drivers\wdmaud.sys

\SystemRoot\system32\drivers\sysaudio.sys

\SystemRoot\system32\DRIVERS\mrxdav.sys

\SystemRoot\System32\Drivers\ParVdm.SYS

\SystemRoot\system32\DRIVERS\srv.sys

\SystemRoot\system32\DRIVERS\mdmxsdk.sys

\??\C:\WINDOWS\system32\Drivers\MDP_VDD.SYS

\??\c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\baseline\rapportiaso.sys

\SystemRoot\System32\Drivers\HTTP.sys

\SystemRoot\system32\DRIVERS\npf.sys

\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys

\SystemRoot\system32\drivers\kmixer.sys

\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys

\WINDOWS\system32\ntdll.dll

----------- End -----------

Done!

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xffffffff8afb9ab8

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-3\

Lower Device Object: 0xffffffff8afbb940

Lower Device Driver Name: \Driver\atapi\

<<<2>>>

Device number: 0, partition: 1

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xffffffff8afb9ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xffffffff8af2f930, DeviceName: Unknown, DriverName: \Driver\PartMgr\

DevicePointer: 0xffffffff8afb9ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xffffffff8afbc2d0, DeviceName: \Device\0000006e\, DriverName: \Driver\ACPI\

DevicePointer: 0xffffffff8afbb940, DeviceName: \Device\Ide\IdeDeviceP0T0L0-3\, DriverName: \Driver\atapi\

------------ End ----------

Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

Upper DeviceData: 0x0, 0x0, 0x0

Lower DeviceData: 0x0, 0x0, 0x0

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

Device number: 0, partition: 1

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning drivers directory: C:\WINDOWS\system32\drivers...

<<<2>>>

Device number: 0, partition: 1

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: AAD7AAD7

Partition information:

Partition 0 type is Primary (0x7)

Partition is ACTIVE.

Partition starts at LBA: 63 Numsec = 976751937

Partition file system is NTFS

Partition is bootable

Partition 1 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 500106780160 bytes

Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-976751055-976771055)...

Done!

Infected: c:\WINDOWS\Temp\temp86.exe --> [Trojan.Lameshield.124]

Infected: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|SonyAgent --> [Trojan.Lameshield.124]

Infected: c:\WINDOWS\Temp\temp86.exe --> [Trojan.Lameshield.124]

Infected: c:\RECYCLER\S-1-5-21-746137067-688789844-1801674531-1003\$86fd170a1c208f4eb0e74952b0c1479d\n --> [Trojan.0Access]

Infected: HKCU\SOFTWARE\CLASSES\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} --> [Trojan.0Access]

Infected: HKCU\SOFTWARE\CLASSES\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\INPROCSERVER32 --> [Trojan.0Access]

Infected: c:\RECYCLER\S-1-5-18\$86fd170a1c208f4eb0e74952b0c1479d\@ --> [Trojan.Siredef.C]

Infected: c:\RECYCLER\S-1-5-18\$86fd170a1c208f4eb0e74952b0c1479d\n --> [Trojan.0Access]

Infected: c:\RECYCLER\S-1-5-21-746137067-688789844-1801674531-1003\$86fd170a1c208f4eb0e74952b0c1479d\@ --> [Trojan.Siredef.C]

Infected: c:\WINDOWS\Temp\0.5808670672236534.exe --> [Rootkit.0Access.ZPE]

Infected: c:\WINDOWS\Temp\0.7274720646072641.exe --> [Trojan.Ransom.ED]

Infected: c:\Documents and Settings\Admin\hmrt41i651ej3.exe --> [Trojan.Lameshield.124]

Infected: c:\Documents and Settings\NetworkService\5510195.exe --> [Trojan.Agent.RRE]

Infected: c:\RECYCLER\S-1-5-18\$86fd170a1c208f4eb0e74952b0c1479d\U\00000001.@ --> [Trojan.0Access]

Infected: c:\RECYCLER\S-1-5-18\$86fd170a1c208f4eb0e74952b0c1479d\U\80000000.@ --> [Trojan.0Access]

Infected: c:\RECYCLER\S-1-5-18\$86fd170a1c208f4eb0e74952b0c1479d\U\800000cb.@ --> [Trojan.0Access]

Infected: c:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\3FFIEK0C\calc[1].exe --> [Trojan.Agent.FSA44]

Infected: c:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\3FFIEK0C\calc[2].exe --> [Trojan.Agent.FSA44]

Infected: c:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\3FFIEK0C\calc[3].exe --> [Trojan.Agent.FSA44]

Infected: c:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\3FFIEK0C\calc[4].exe --> [Trojan.FakeAlert.FSA29]

Infected: c:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\3FFIEK0C\calc[5].exe --> [Trojan.Agent.FSA44]

Infected: c:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\8L8YB0KM\calc[1].exe --> [Trojan.Agent.FSA44]

Infected: c:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\8L8YB0KM\calc[2].exe --> [Trojan.Agent.FSA44]

Infected: c:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\A5B91A72\calc[1].exe --> [Trojan.Agent.FSA44]

Infected: c:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\A5B91A72\calc[2].exe --> [Trojan.Agent.FSA44]

Infected: c:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\A5B91A72\calc[3].exe --> [Trojan.Agent.FSA44]

Infected: c:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\A5B91A72\calc[4].exe --> [Trojan.Agent.FSA44]

Infected: c:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\A5B91A72\calc[5].exe --> [Trojan.Agent.FSA44]

Infected: c:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\KR0DDE5G\calc[1].exe --> [Trojan.Agent.FSA44]

Infected: c:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\KR0DDE5G\calc[2].exe --> [Trojan.Agent.FSA44]

Infected: c:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\KR0DDE5G\calc[3].exe --> [Trojan.Agent.FSA44]

Infected: c:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\KR0DDE5G\calc[4].exe --> [Trojan.Agent.FSA44]

Infected: c:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\KR0DDE5G\calc[5].exe --> [Trojan.FakeAlert.FSA29]

Infected: c:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\KR0DDE5G\calc[6].exe --> [Trojan.Agent.FSA44]

Infected: c:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\KR0DDE5G\calc[7].exe --> [Trojan.Agent.FSA44]

Infected: c:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\NU25OVGC\calc[1].exe --> [Trojan.Agent.FSA44]

Infected: c:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\NU25OVGC\calc[2].exe --> [Trojan.Agent.FSA44]

Infected: c:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\NU25OVGC\calc[3].exe --> [Trojan.Agent.FSA44]

Infected: c:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\NU25OVGC\calc[4].exe --> [Trojan.Agent.FSA44]

Infected: c:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\NU25OVGC\calc[5].exe --> [Trojan.Agent.FSA44]

Infected: c:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\NU25OVGC\calc[6].exe --> [Trojan.Agent.FSA44]

Infected: HKCU\SOFTWARE\CLASSES\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\INPROCSERVER32| --> [Trojan.Zaccess]

Infected: c:\RECYCLER\S-1-5-18\$86fd170a1c208f4eb0e74952b0c1479d\U --> [Trojan.Siredef.C]

Infected: c:\RECYCLER\S-1-5-21-746137067-688789844-1801674531-1003\$86fd170a1c208f4eb0e74952b0c1479d\U --> [Trojan.Siredef.C]

Infected: c:\RECYCLER\S-1-5-18\$86fd170a1c208f4eb0e74952b0c1479d\L --> [Trojan.Siredef.C]

Infected: c:\RECYCLER\S-1-5-21-746137067-688789844-1801674531-1003\$86fd170a1c208f4eb0e74952b0c1479d\L --> [Trojan.Siredef.C]

Infected: c:\RECYCLER\S-1-5-18\$86fd170a1c208f4eb0e74952b0c1479d --> [Trojan.Siredef.C]

Infected: c:\RECYCLER\S-1-5-21-746137067-688789844-1801674531-1003\$86fd170a1c208f4eb0e74952b0c1479d --> [Trojan.Siredef.C]

Infected: HKLM\SOFTWARE\CLASSES\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\INPROCSERVER32| --> [Trojan.0Access]

Infected: c:\Documents and Settings\Admin\Desktop\uSeRiNiT.exe --> [Heuristics.Reserved.Word.Exploit]

Scan finished

Creating System Restore point...

Cleaning up...

<<<2>>>

Device number: 0, partition: 1

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

Device number: 0, partition: 1

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

Device number: 0, partition: 1

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

Device number: 0, partition: 1

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

Device number: 0, partition: 1

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

Device number: 0, partition: 1

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

Device number: 0, partition: 1

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

Device number: 0, partition: 1

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

Device number: 0, partition: 1

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

Device number: 0, partition: 1

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

Device number: 0, partition: 1

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

Device number: 0, partition: 1

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

Device number: 0, partition: 1

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

Device number: 0, partition: 1

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

Device number: 0, partition: 1

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

Device number: 0, partition: 1

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

Device number: 0, partition: 1

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

Device number: 0, partition: 1

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

Device number: 0, partition: 1

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

Device number: 0, partition: 1

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

Device number: 0, partition: 1

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

Device number: 0, partition: 1

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

Device number: 0, partition: 1

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

Device number: 0, partition: 1

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

Device number: 0, partition: 1

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

Device number: 0, partition: 1

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

Device number: 0, partition: 1

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

Device number: 0, partition: 1

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

Device number: 0, partition: 1

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

Device number: 0, partition: 1

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

Device number: 0, partition: 1

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

Device number: 0, partition: 1

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

Device number: 0, partition: 1

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

Device number: 0, partition: 1

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

Device number: 0, partition: 1

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

Device number: 0, partition: 1

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

Device number: 0, partition: 1

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

Device number: 0, partition: 1

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

Device number: 0, partition: 1

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

Device number: 0, partition: 1

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

Device number: 0, partition: 1

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Executing an action fixdamage.exe...

Success!

Queuing an action fixdamage.exe

Removal scheduling successful. System shutdown needed.

System shutdown occurred

=======================================

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.06.0.1003

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

Java version: 1.6.0_24

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED

CPU speed: 2.800000 GHz

Memory total: 3488002048, free: 2659024896

Initializing...

------------ Kernel report ------------

06/12/2013 14:43:21

------------ Loaded modules -----------

\WINDOWS\system32\ntkrnlpa.exe

\WINDOWS\system32\hal.dll

\WINDOWS\system32\KDCOM.DLL

\WINDOWS\system32\BOOTVID.dll

\WINDOWS\system32\drivers\CLASSPNP.SYS

imofugc.sys

ACPI.sys

\WINDOWS\system32\DRIVERS\WMILIB.SYS

pci.sys

isapnp.sys

pciide.sys

\WINDOWS\system32\DRIVERS\PCIIDEX.SYS

MountMgr.sys

ftdisk.sys

dmload.sys

dmio.sys

PartMgr.sys

Achernar.sys

VolSnap.sys

atapi.sys

disk.sys

fltMgr.sys

sr.sys

MpFilter.sys

KSecDD.sys

Ntfs.sys

NDIS.sys

RapportKELL.sys

Mup.sys

hotcore3.sys

\SystemRoot\system32\DRIVERS\intelppm.sys

\SystemRoot\system32\DRIVERS\nv4_mini.sys

\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS

\SystemRoot\system32\DRIVERS\HDAudBus.sys

\SystemRoot\system32\DRIVERS\l1c51x86.sys

\SystemRoot\system32\DRIVERS\usbuhci.sys

\SystemRoot\system32\DRIVERS\USBPORT.SYS

\SystemRoot\system32\DRIVERS\usbehci.sys

\SystemRoot\system32\DRIVERS\winachcf.sys

\SystemRoot\System32\Drivers\Modem.SYS

\SystemRoot\system32\DRIVERS\serial.sys

\SystemRoot\system32\DRIVERS\serenum.sys

\SystemRoot\system32\DRIVERS\parport.sys

\SystemRoot\system32\DRIVERS\i8042prt.sys

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\DRIVERS\imapi.sys

\SystemRoot\System32\Drivers\Aldebaran.sys

\SystemRoot\system32\DRIVERS\cdrom.sys

\SystemRoot\system32\DRIVERS\redbook.sys

\SystemRoot\system32\DRIVERS\ks.sys

\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

\SystemRoot\system32\DRIVERS\audstub.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\system32\DRIVERS\psched.sys

\SystemRoot\system32\DRIVERS\msgpc.sys

\SystemRoot\system32\DRIVERS\ptilink.sys

\SystemRoot\system32\DRIVERS\raspti.sys

\SystemRoot\system32\DRIVERS\tapoas.sys

\SystemRoot\system32\DRIVERS\rdpdr.sys

\SystemRoot\system32\DRIVERS\termdd.sys

\SystemRoot\system32\DRIVERS\swenum.sys

\SystemRoot\system32\DRIVERS\update.sys

\SystemRoot\system32\DRIVERS\mssmbios.sys

\SystemRoot\system32\DRIVERS\NWADIenum.sys

\SystemRoot\system32\DRIVERS\UimBus.sys

\SystemRoot\System32\Drivers\Uim_IM.sys

\SystemRoot\System32\Drivers\UimFIO.SYS

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\drivers\RtkHDAud.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\system32\drivers\MODEMCSA.sys

\??\C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_50414.sys

\SystemRoot\System32\Drivers\Fs_Rec.SYS

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\system32\DRIVERS\HIDPARSE.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\Drivers\mnmdd.SYS

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\rasacd.sys

\SystemRoot\system32\DRIVERS\ipsec.sys

\SystemRoot\system32\DRIVERS\tcpip.sys

\SystemRoot\system32\DRIVERS\netbt.sys

\SystemRoot\system32\DRIVERS\ipnat.sys

\SystemRoot\System32\drivers\afd.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys

\??\C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\System32\Drivers\Fips.SYS

\SystemRoot\system32\DRIVERS\AppleCharger.sys

\SystemRoot\System32\Drivers\Cdfs.SYS

\SystemRoot\System32\Drivers\dump_atapi.sys

\SystemRoot\System32\Drivers\dump_WMILIB.SYS

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\System32\watchdog.sys

\SystemRoot\System32\drivers\dxg.sys

\SystemRoot\System32\drivers\dxgthk.sys

\SystemRoot\System32\nv4_disp.dll

\SystemRoot\System32\ATMFD.DLL

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\DRIVERS\mrxdav.sys

\SystemRoot\System32\Drivers\ParVdm.SYS

\SystemRoot\system32\drivers\wdmaud.sys

\SystemRoot\system32\drivers\sysaudio.sys

\SystemRoot\system32\DRIVERS\srv.sys

\SystemRoot\system32\DRIVERS\mdmxsdk.sys

\??\C:\WINDOWS\system32\Drivers\MDP_VDD.SYS

\SystemRoot\System32\Drivers\HTTP.sys

\SystemRoot\system32\drivers\kmixer.sys

\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys

\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys

\WINDOWS\system32\ntdll.dll

----------- End -----------

Done!

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xffffffff8affaab8

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-3\

Lower Device Object: 0xffffffff8af92940

Lower Device Driver Name: \Driver\atapi\

<<<2>>>

Device number: 0, partition: 1

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xffffffff8affaab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xffffffff8b004e08, DeviceName: Unknown, DriverName: \Driver\PartMgr\

DevicePointer: 0xffffffff8affaab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xffffffff8afa63b8, DeviceName: \Device\0000006d\, DriverName: \Driver\ACPI\

DevicePointer: 0xffffffff8af92940, DeviceName: \Device\Ide\IdeDeviceP0T0L0-3\, DriverName: \Driver\atapi\

------------ End ----------

Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

Upper DeviceData: 0x0, 0x0, 0x0

Lower DeviceData: 0x0, 0x0, 0x0

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

Device number: 0, partition: 1

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning drivers directory: C:\WINDOWS\system32\drivers...

<<<2>>>

Device number: 0, partition: 1

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: AAD7AAD7

Partition information:

Partition 0 type is Primary (0x7)

Partition is ACTIVE.

Partition starts at LBA: 63 Numsec = 976751937

Partition file system is NTFS

Partition is bootable

Partition 1 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 500106780160 bytes

Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-976751055-976771055)...

Done!

Scan finished

=======================================

Removal queue found; removal started

Removing c:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...

Removing c:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\bootstrap_0_0_63_i.mbam...

Removing c:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...

Removal finished

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.06.0.1003

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Non-administrative

Internet Explorer version: 8.0.6001.18702

Java version: 1.6.0_24

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED

CPU speed: 2.799000 GHz

Memory total: 3488002048, free: 3031629824

=======================================

Link to post
Share on other sites

combofix.txt

---------------------------------------------------------------

ComboFix 13-06-08.02 - Admin 06/12/2013 15:47:56.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2730 [GMT -5:00]

Running from: c:\documents and settings\Admin\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Admin\Desktop\Setup.exe

c:\documents and settings\Admin\WINDOWS

c:\program files\OpenVPN Technologies\OpenVPN Client\core\uiboot.exe

c:\windows\Downloaded Program Files\popcaploader.dll

c:\windows\Downloaded Program Files\popcaploader.inf

c:\windows\system32\drivers\npf.sys

c:\windows\system32\Packet.dll

c:\windows\system32\pthreadVC.dll

c:\windows\system32\WanPacket.dll

c:\windows\system32\wpcap.dll

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_5689

-------\Legacy_NPF

-------\Service_5689

-------\Service_NPF

.

.

((((((((((((((((((((((((( Files Created from 2013-05-12 to 2013-06-12 )))))))))))))))))))))))))))))))

.

.

2013-06-12 18:47 . 2013-06-12 18:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2013-06-12 18:30 . 2013-06-12 18:30 -------- d-----w- C:\TDSSKiller_Quarantine

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-06-12 18:32 . 2008-04-14 12:00 187776 ----a-w- c:\windows\system32\drivers\acpi.sys

2013-03-15 07:21 . 2013-03-25 16:10 7108640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E01F257E-D25E-460F-8667-F083A30004DD}\mpengine.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Admin\Application Data\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Admin\Application Data\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Admin\Application Data\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Admin\Application Data\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BCU"="c:\program files\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-15 375000]

"RTHDCPL"="RTHDCPL.EXE" [2010-03-26 19522592]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-25 13680640]

"nwiz"="nwiz.exe" [2008-12-25 1657376]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-25 86016]

"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-15 71216]

"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-09 52256]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

"AIMPro"="c:\program files\AIM\AIM Pro\aimpro.exe" [2007-10-09 5043528]

"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-15 623992]

"lxdqmon.exe"="c:\program files\Lexmark Z2400 Series\lxdqmon.exe" [2008-03-27 656040]

"EzPrint"="c:\program files\Lexmark S300-S400 Series\ezprint.exe" [2011-01-24 148280]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-07-26 2569616]

"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-09-15 1213848]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152]

"lxeamon.exe"="c:\program files\Lexmark S300-S400 Series\lxeamon.exe" [2011-01-24 770728]

"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2013-01-29 295072]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

.

c:\documents and settings\Admin\Start Menu\Programs\Startup\

Dropbox.lnk - c:\documents and settings\Admin\Application Data\Dropbox\bin\Dropbox.exe [2013-3-12 29106336]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2012-10-25 113664]

Event Reminder.lnk - c:\program files\The Print Shop 23\Remind.exe [2008-7-16 344064]

NETGEAR WNDA3100v2 Genie.lnk - c:\program files\NETGEAR\WNDA3100v2\WNDA3100v2.exe [2012-9-30 8453376]

OpenVPN Client.lnk - c:\qoobox\Quarantine\C\Program Files\OpenVPN Technologies\OpenVPN Client\core\uiboot.exe.vir [2010-8-12 19968]

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

.

R0 Achernar;Achernar - SCSI Command Filters;c:\windows\system32\drivers\Achernar.sys [4/14/2011 9:15 AM 16851]

R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [3/23/2011 6:17 PM 56208]

R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2/13/2013 9:19 AM 102008]

R1 AppleCharger;AppleCharger;c:\windows\system32\drivers\AppleCharger.sys [3/22/2011 1:42 PM 19496]

R1 RapportCerberus_50414;RapportCerberus_50414;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_50414.sys [3/13/2013 5:35 PM 316984]

R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [2/13/2013 9:19 AM 102680]

R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [2/13/2013 9:19 AM 173880]

R2 BCUService;Browser Configuration Utility Service;c:\program files\DeviceVM\Browser Configuration Utility\BCUService.exe [10/15/2009 3:06 PM 223464]

R2 DoRA;WebScan DoRA;c:\program files\RemitDATA\DoRA\DoRA.SVC.exe [12/14/2006 3:56 PM 20480]

R2 lxdq_device;lxdq_device;c:\windows\system32\lxdqcoms.exe -service --> c:\windows\system32\lxdqcoms.exe -service [?]

R2 lxea_device;lxea_device;c:\windows\system32\lxeacoms.exe -service --> c:\windows\system32\lxeacoms.exe -service [?]

R2 OpenVPNAccessClient;OpenVPN Access Client;c:\program files\OpenVPN Technologies\OpenVPN Client\core\capiws.exe [8/12/2010 5:45 PM 24064]

R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [2/13/2013 9:18 AM 1124184]

R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [11/29/2012 9:31 PM 38608]

R3 Aldebaran;Aldebaran - SCSI Command Filters;c:\windows\system32\drivers\Aldebaran.sys [4/14/2011 9:15 AM 11731]

R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [3/22/2011 1:41 PM 44032]

R3 MDPPORTVDD;MDPPORTVDD;c:\windows\system32\drivers\MDP_VDD.SYS [10/25/2012 6:16 AM 77760]

R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\drivers\tapoas.sys [8/3/2010 4:25 PM 26112]

S2 lxdqCATSCustConnectService;lxdqCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdqserv.exe [3/24/2011 12:45 PM 98984]

S2 lxeaCATSCustConnectService;lxeaCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxeaserv.exe [4/14/2010 8:45 PM 193192]

S2 WSWNDA3100v2;WSWNDA3100v2;c:\program files\NETGEAR\WNDA3100v2\WifiSvc.exe [9/30/2012 4:38 PM 303360]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [3/22/2011 1:41 PM 1691480]

S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]

S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\drivers\bcmwlhigh5.sys [9/30/2012 4:38 PM 1034240]

S3 Linksys_adapter_H;Linksys Adapter Network Driver;c:\windows\system32\drivers\AE2500xp.sys [1/19/2013 3:50 PM 1034240]

S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [9/6/2007 3:30 PM 13824]

S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [10/12/2007 4:04 PM 99200]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-03-29 10:06 1642448 ----a-w- c:\program files\Google\Chrome\Application\26.0.1410.43\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-04-06 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 22:57]

.

2013-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-22 19:10]

.

2013-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-22 19:10]

.

2013-06-12 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-746137067-688789844-1801674531-1003.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 21:30]

.

2013-06-12 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-746137067-688789844-1801674531-1003.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 21:30]

.

2013-06-12 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-746137067-688789844-1801674531-1003.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 21:30]

.

2013-04-02 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-746137067-688789844-1801674531-1003.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 21:30]

.

2013-06-12 c:\windows\Tasks\ReclaimerUpdateFiles_Admin.job

- c:\documents and settings\Admin\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\rnupgagent.exe [2013-06-12 17:51]

.

2013-06-12 c:\windows\Tasks\ReclaimerUpdateXML_Admin.job

- c:\documents and settings\Admin\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\rnupgagent.exe [2013-06-12 17:51]

.

2013-06-12 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_Admin.job

- c:\documents and settings\Admin\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\rnupgagent.exe [2013-06-12 17:51]

.

2013-06-12 c:\windows\Tasks\User_Feed_Synchronization-{52458429-A349-4BD3-8BCD-0FBE06BC6EC7}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 10:31]

.

.

------- Supplementary Scan -------

.

uInternet Settings,ProxyOverride = *.local

IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

TCP: DhcpNameServer = 192.168.0.1

DPF: {79D6214F-CFCE-480F-9901-27950E78F1E6} - hxxps://tpotm.com/MLWebCacheCleaner.cab

.

- - - - ORPHANS REMOVED - - - -

.

SafeBoot-26927596.sys

SafeBoot-MsMpSvc

AddRemove-RealPlayer 16.0 - c:\program files\real\realplayer\Update\r1puninst.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2013-06-12 16:04

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(3628)

c:\windows\system32\WININET.dll

c:\documents and settings\Admin\Application Data\Dropbox\bin\DropboxExt.17.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Canon\IJPLM\IJPLMSVC.EXE

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\lxdqcoms.exe

c:\windows\system32\lxeacoms.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\windows\system32\nvsvc32.exe

c:\program files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe

c:\program files\CyberLink\Shared Files\RichVideo.exe

c:\windows\system32\wscntfy.exe

c:\windows\RTHDCPL.EXE

c:\windows\system32\RUNDLL32.EXE

c:\program files\iPod\bin\iPodService.exe

c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

c:\program files\Common Files\Java\Java Update\jucheck.exe

.

**************************************************************************

.

Completion time: 2013-06-12 16:11:03 - machine was rebooted

ComboFix-quarantined-files.txt 2013-06-12 21:11

.

Pre-Run: 453,024,415,744 bytes free

Post-Run: 454,281,150,464 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

- - End Of File - - F0DF6201F0DF28048FCE445E12968529

8F558EB6672622401DA993E1E865C861

checkup.txt

-----------------------------------------------------------------------------------------

Results of screen317's Security Check version 0.99.64

Windows XP Service Pack 3 x86

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

Microsoft Security Essentials

Antivirus up to date! (On Access scanning disabled!)

`````````Anti-malware/Other Utilities Check:`````````

Java™ 6 Update 24

Java version out of Date!

Adobe Reader 10.1.1 Adobe Reader out of Date!

Google Chrome 25.0.1364.172

Google Chrome 26.0.1410.43

````````Process Check: objlist.exe by Laurent````````

Microsoft Security Essentials msseces.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C:: 12% Defragment your hard drive soon! (Do NOT defrag if SSD!)

````````````````````End of Log``````````````````````

Tried to get this all in one post but forum rejected it as too long. The computer seems well. I am performing this cleanup because my ISP specifies it is sending SPAM mail from my IP. Any do you have any suggestions on how I can check for that? Thanks!

Link to post
Share on other sites

I am performing this cleanup because my ISP specifies it is sending SPAM mail from my IP. Any do you have any suggestions on how I can check for that? Thanks!

We still have some more cleaning to do, so we'll get to the bottom of it.

As far as any Internet accounts, I'd strongly encourage you to change your passwords. It's likely they were compromised while you were infected. If you did any transactions while infected, definitely apprise your bank(s) of the situation.

---------------------

Your system look a whole lot better. Please run the following scans to see what else needs cleaning:

----------Step 1----------------

Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.

----------Step 2----------------

We need to create a New FULL OTL Report

  • Please download OTL from here if you have not done so already:

    [*]Save it to your desktop.

    [*]Double click on the OTL icon on your desktop.

    [*]Click the "Scan All Users" checkbox.

    [*]Change the "Extra Registry" option to "SafeList"

    [*]Push the Run Scan button.

    [*]Two reports will open, copy and paste them in a reply here:

    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

----------Step 3 (note: this scan may take a little time)----------------

I'd like us to scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetOnline.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.

    [*]Check esetAcceptTerms.png

    [*]Click the esetStart.png button.

    [*]Accept any security warnings from your browser.

    [*]Check esetScanArchives.png

    [*]Push the Start button.

    [*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

    [*]When the scan completes, push esetListThreats.png

    [*]Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

    [*]Push the esetBack.png button.

    [*]Push esetFinish.png

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

----------Step 4----------------

Please post the AdwCleaner logfile, the OTL.txt and Extras.txt, and the ESET online scan log in your next reply.

Let me know how things go.

Link to post
Share on other sites

AdwCleaner[R1].txt

--------------------------------------------------------------

# AdwCleaner v2.303 - Logfile created 06/13/2013 at 10:40:30

# Updated 08/06/2013 by Xplode

# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)

# User : Admin - MDR017

# Boot Mode : Normal

# Running from : C:\Documents and Settings\Admin\Desktop\AdwCleaner.exe

# Option [search]

***** [services] *****

Found : BCUService

***** [Files / Folders] *****

Folder Found : C:\Program Files\DeviceVM

***** [Registry] *****

Key Found : HKCU\Software\DeviceVM

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A}

Key Found : HKCU\Software\YahooPartnerToolbar

Key Found : HKLM\SOFTWARE\Classes\CLSID\{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{77AA6435-2488-4A94-9FE5-49519DD2ED9B}

Key Found : HKLM\Software\DeviceVM

Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966

Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A}]

Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [bCU]

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Google Chrome v26.0.1410.43

File : C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1473 octets] - [13/06/2013 10:40:30]

########## EOF - C:\AdwCleaner[R1].txt - [1533 octets] ##########

OTL.Txt

----------------------------

OTL logfile created on: 6/13/2013 10:42:50 AM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Admin\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.09 Gb Available Physical Memory | 64.35% Memory free

5.09 Gb Paging File | 4.06 Gb Available in Paging File | 79.80% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 465.75 Gb Total Space | 422.67 Gb Free Space | 90.75% Space Free | Partition Type: NTFS

Computer Name: MDR017 | User Name: Admin | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/06/13 10:39:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe

PRC - [2013/03/12 02:05:50 | 029,106,336 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Admin\Application Data\Dropbox\bin\Dropbox.exe

PRC - [2013/02/13 09:18:54 | 002,115,416 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe

PRC - [2013/02/13 09:18:54 | 001,124,184 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe

PRC - [2013/01/29 08:43:09 | 000,295,072 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe

PRC - [2012/11/29 21:31:04 | 000,038,608 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe

PRC - [2011/12/14 17:55:40 | 008,453,376 | ---- | M] () -- C:\Program Files\NETGEAR\WNDA3100v2\WNDA3100v2.exe

PRC - [2011/03/23 20:15:02 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

PRC - [2011/01/23 21:08:55 | 000,148,280 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\ezprint.exe

PRC - [2011/01/23 21:08:52 | 000,770,728 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\lxeamon.exe

PRC - [2010/09/14 19:09:52 | 001,213,848 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE

PRC - [2010/08/12 17:45:00 | 000,024,064 | ---- | M] () -- C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\capiws.exe

PRC - [2010/07/27 04:44:03 | 000,137,680 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe

PRC - [2010/07/25 21:08:00 | 002,569,616 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

PRC - [2010/04/14 20:45:22 | 000,598,696 | ---- | M] ( ) -- C:\WINDOWS\system32\lxeacoms.exe

PRC - [2009/10/15 15:06:46 | 000,223,464 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe

PRC - [2009/10/15 15:06:42 | 000,375,000 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe

PRC - [2008/10/14 22:38:56 | 000,623,992 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

PRC - [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2008/02/27 18:09:44 | 000,594,600 | ---- | M] ( ) -- C:\WINDOWS\system32\lxdqcoms.exe

PRC - [2007/12/12 15:08:46 | 000,155,648 | ---- | M] (Sprint Spectrum, L.L.C) -- C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe

PRC - [2006/12/14 15:56:58 | 000,020,480 | ---- | M] (RemitDATA) -- C:\Program Files\RemitDATA\DoRA\DoRA.SVC.exe

========== Modules (No Company Name) ==========

MOD - [2013/06/13 03:08:20 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\81b85db6e9fe04e4d1c9547b993acfce\System.Windows.Forms.ni.dll

MOD - [2013/03/13 17:35:44 | 000,557,368 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll

MOD - [2013/02/14 04:06:00 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\d7ee03714420b252415b952d40ef59e4\System.ServiceProcess.ni.dll

MOD - [2013/01/21 09:49:13 | 001,593,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7782f356a838c403b4a8e9c80df5a577\System.Drawing.ni.dll

MOD - [2013/01/21 09:48:19 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll

MOD - [2013/01/21 09:48:11 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll

MOD - [2012/11/29 21:31:04 | 000,038,608 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe

MOD - [2012/06/27 14:09:06 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll

MOD - [2011/12/14 17:55:40 | 008,453,376 | ---- | M] () -- C:\Program Files\NETGEAR\WNDA3100v2\WNDA3100v2.exe

MOD - [2011/12/14 10:43:04 | 000,278,528 | ---- | M] () -- C:\Program Files\NETGEAR\WNDA3100v2\WifiSvcLib.dll

MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2011/01/23 21:08:55 | 000,148,280 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\ezprint.exe

MOD - [2011/01/23 21:08:52 | 000,770,728 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\lxeamon.exe

MOD - [2010/08/12 17:45:00 | 000,024,064 | ---- | M] () -- C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\capiws.exe

MOD - [2010/07/27 04:44:03 | 000,137,680 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe

MOD - [2010/05/05 13:44:14 | 000,039,936 | ---- | M] () -- C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\OpenSSL.SSL.pyd

MOD - [2010/05/05 13:44:12 | 000,010,752 | ---- | M] () -- C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\OpenSSL.rand.pyd

MOD - [2010/05/05 13:44:10 | 000,051,200 | ---- | M] () -- C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\OpenSSL.crypto.pyd

MOD - [2010/05/05 13:43:08 | 000,008,192 | ---- | M] () -- C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\twisted.protocols._c_urlarg.pyd

MOD - [2010/04/05 06:56:20 | 000,094,359 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\epoemdll.dll

MOD - [2010/04/05 06:56:19 | 000,045,221 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\epstring.dll

MOD - [2010/04/05 06:56:17 | 002,203,803 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\epwizres.dll

MOD - [2010/04/05 06:56:07 | 000,716,954 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\epwizard.dll

MOD - [2010/04/05 06:55:15 | 000,159,890 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\customui.dll

MOD - [2010/04/05 06:55:04 | 000,061,604 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\epfunct.dll

MOD - [2010/04/05 06:54:59 | 000,123,033 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\eputil.dll

MOD - [2010/04/05 06:54:52 | 000,143,502 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\imagutil.dll

MOD - [2010/04/01 13:24:28 | 001,159,168 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\lxeadrs.dll

MOD - [2010/04/01 13:23:27 | 000,389,120 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\lxeascw.dll

MOD - [2010/03/16 13:05:00 | 000,020,480 | ---- | M] () -- C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\zope.interface._zope_interface_coptimizations.pyd

MOD - [2009/11/04 13:14:20 | 000,157,696 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxeadrpp.dll

MOD - [2009/10/26 09:27:14 | 000,011,776 | ---- | M] () -- C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\select.pyd

MOD - [2009/10/26 09:27:12 | 000,311,808 | ---- | M] () -- C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\_hashlib.pyd

MOD - [2009/10/26 09:27:06 | 000,153,088 | ---- | M] () -- C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\pyexpat.pyd

MOD - [2009/10/26 09:25:42 | 000,073,728 | ---- | M] () -- C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\_ctypes.pyd

MOD - [2009/10/26 09:25:18 | 000,645,120 | ---- | M] () -- C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\_ssl.pyd

MOD - [2009/10/26 09:25:02 | 000,040,448 | ---- | M] () -- C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\_socket.pyd

MOD - [2009/07/06 04:16:02 | 000,111,104 | ---- | M] () -- C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\win32file.pyd

MOD - [2009/07/05 06:35:58 | 000,028,160 | ---- | M] () -- C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\servicemanager.pyd

MOD - [2009/07/05 06:35:52 | 000,096,256 | ---- | M] () -- C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\win32api.pyd

MOD - [2009/07/05 06:35:44 | 000,041,472 | ---- | M] () -- C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\win32service.pyd

MOD - [2009/07/05 06:35:42 | 000,110,592 | ---- | M] () -- C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\win32security.pyd

MOD - [2009/07/05 06:35:38 | 000,036,352 | ---- | M] () -- C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\win32process.pyd

MOD - [2009/07/05 06:35:36 | 000,024,064 | ---- | M] () -- C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\win32pipe.pyd

MOD - [2009/07/05 06:35:28 | 000,017,920 | ---- | M] () -- C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\win32event.pyd

MOD - [2009/07/05 06:35:18 | 000,110,592 | ---- | M] () -- C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\pywintypes26.dll

MOD - [2009/06/27 11:11:12 | 000,503,202 | ---- | M] () -- C:\Program Files\DeviceVM\Browser Configuration Utility\sqlite3.dll

MOD - [2009/05/27 12:16:52 | 000,192,512 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxeadatr.dll

MOD - [2009/04/07 15:25:27 | 000,409,600 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\iptk.dll

MOD - [2009/03/10 01:43:49 | 000,155,648 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\lxeacaps.dll

MOD - [2009/03/02 10:25:47 | 000,151,552 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\lxeaptp.dll

MOD - [2009/02/20 08:48:44 | 000,023,552 | ---- | M] () -- C:\WINDOWS\system32\lxeasmr.dll

MOD - [2009/02/20 08:48:04 | 000,299,008 | ---- | M] () -- C:\WINDOWS\system32\lxeasm.dll

MOD - [2008/02/27 06:05:40 | 000,115,200 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxdqdrpp.dll

========== Services (SafeList) ==========

SRV - [2013/02/13 09:18:54 | 001,124,184 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)

SRV - [2012/11/29 21:31:04 | 000,038,608 | ---- | M] () [Auto | Running] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)

SRV - [2011/12/14 17:53:44 | 000,303,360 | ---- | M] () [Auto | Stopped] -- C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe -- (WSWNDA3100v2)

SRV - [2011/03/23 20:15:02 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2010/08/12 17:45:00 | 000,024,064 | ---- | M] () [Auto | Running] -- C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\capiws.exe -- (OpenVPNAccessClient)

SRV - [2010/07/27 04:44:03 | 000,137,680 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)

SRV - [2010/04/14 20:45:22 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\system32\lxeacoms.exe -- (lxea_device)

SRV - [2010/04/14 20:45:16 | 000,193,192 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxeaserv.exe -- (lxeaCATSCustConnectService)

SRV - [2010/04/06 17:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\AppleChargerSrv.exe -- (AppleChargerSrv)

SRV - [2009/10/15 15:06:46 | 000,223,464 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)

SRV - [2008/02/27 18:09:44 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\system32\lxdqcoms.exe -- (lxdq_device)

SRV - [2008/02/27 18:09:33 | 000,098,984 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdqserv.exe -- (lxdqCATSCustConnectService)

SRV - [2007/12/12 15:08:46 | 000,155,648 | ---- | M] (Sprint Spectrum, L.L.C) [Auto | Running] -- C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe -- (OSCM Utility Service)

SRV - [2006/12/14 15:56:58 | 000,020,480 | ---- | M] (RemitDATA) [Auto | Running] -- C:\Program Files\RemitDATA\DoRA\DoRA.SVC.exe -- (DoRA)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)

DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)

DRV - File not found [Kernel | System | Stopped] -- -- (Changer)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)

DRV - [2013/03/13 17:35:40 | 000,316,984 | ---- | M] () [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_50414.sys -- (RapportCerberus_50414)

DRV - [2013/02/13 09:19:12 | 000,173,880 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)

DRV - [2013/02/13 09:19:12 | 000,102,680 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)

DRV - [2013/02/13 09:19:12 | 000,102,008 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\RapportKELL.sys -- (RapportKELL)

DRV - [2011/03/28 18:22:30 | 001,034,240 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AE2500xp.sys -- (Linksys_adapter_H)

DRV - [2011/03/28 17:22:30 | 001,034,240 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bcmwlhigh5.sys -- (BCMH43XX)

DRV - [2010/10/12 20:11:06 | 000,395,464 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Uim_IM.sys -- (Uim_IM)

DRV - [2010/10/12 20:11:06 | 000,056,208 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\hotcore3.sys -- (hotcore3)

DRV - [2010/10/12 20:11:06 | 000,037,080 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\UimBus.sys -- (UimBus)

DRV - [2010/08/03 16:25:28 | 000,026,112 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tapoas.sys -- (tapoas)

DRV - [2010/04/22 16:08:26 | 000,019,496 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AppleCharger.sys -- (AppleCharger)

DRV - [2010/03/26 05:21:26 | 005,883,936 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)

DRV - [2009/11/17 18:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)

DRV - [2009/11/17 18:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)

DRV - [2009/07/27 02:09:52 | 000,044,032 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)

DRV - [2007/10/12 16:04:38 | 000,099,200 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser2.sys -- (NWUSBPort2)

DRV - [2007/10/12 16:04:38 | 000,099,200 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser.sys -- (NWUSBPort)

DRV - [2007/10/12 16:04:38 | 000,099,200 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbmdm.sys -- (NWUSBModem)

DRV - [2007/09/06 15:30:28 | 000,013,824 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NwUsbCdFil.sys -- (NWUSBCDFIL)

DRV - [2007/09/06 15:30:24 | 000,194,048 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI)

DRV - [2007/04/19 10:09:42 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)

DRV - [2003/10/09 09:55:04 | 000,011,731 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Aldebaran.sys -- (Aldebaran)

DRV - [2003/10/09 09:55:00 | 000,016,851 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\Achernar.sys -- (Achernar)

DRV - [2002/04/30 16:17:54 | 000,917,988 | ---- | M] (Conexant) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\winachcf.sys -- (Winachcf)

DRV - [2002/02/08 02:24:00 | 000,077,760 | ---- | M] (MK Systems CO., LTD.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MDP_VDD.SYS -- (MDPPORTVDD)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-746137067-688789844-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKU\S-1-5-21-746137067-688789844-1801674531-1003\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)

IE - HKU\S-1-5-21-746137067-688789844-1801674531-1003\..\SearchScopes,DefaultScope = {15B9BAB9-F422-4267-878F-6DA3CE356B07}

IE - HKU\S-1-5-21-746137067-688789844-1801674531-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\S-1-5-21-746137067-688789844-1801674531-1003\..\SearchScopes\{15B9BAB9-F422-4267-878F-6DA3CE356B07}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SPLBR2&pc=SPLH

IE - HKU\S-1-5-21-746137067-688789844-1801674531-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\S-1-5-21-746137067-688789844-1801674531-1003\..\SearchScopes\{933252CA-ACEE-42f1-9261-1D9EF9C20563}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=STDVM

IE - HKU\S-1-5-21-746137067-688789844-1801674531-1003\..\SearchScopes\{A27FC5BE-DB24-47f9-8E4B-6EFDB4BBDD1B}: "URL" = http://www.google.com/cse?cx=partner-pub-3794288947762788%3A2938615334&ie=UTF-8&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A2938615334&q={searchTerms}

IE - HKU\S-1-5-21-746137067-688789844-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-746137067-688789844-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)

FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/01/29 08:43:58 | 000,000,000 | ---D | M]

[2011/03/23 12:08:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Extensions

[2011/03/23 12:08:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Extensions\net.openvpn.client

========== Chrome ==========

CHR - homepage: http://www.google.com/

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}

CHR - homepage: http://www.google.com/

CHR - plugin: Shockwave Flash (Enabled) = c:\program files\google\chrome\application\24.0.1312.57\PepperFlash\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = c:\program files\google\chrome\application\24.0.1312.57\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = c:\program files\google\chrome\application\24.0.1312.57\pdf.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll

CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll

CHR - plugin: RealNetworks RealDownloader Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll

CHR - plugin: RealNetworks RealDownloader HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll

CHR - plugin: RealNetworks RealDownloader PepperFlashVideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll

CHR - plugin: RealDownloader Plugin (Enabled) = C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll

CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll

CHR - plugin: RealPlayer Download Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpplugin.dll

CHR - Extension: YouTube = C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Google Search = C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: RealDownloader = C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0\

CHR - Extension: Gmail = C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/06/12 16:04:23 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)

O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKU\S-1-5-21-746137067-688789844-1801674531-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)

O4 - HKLM..\Run: [AIMPro] C:\Program Files\AIM\AIM Pro\aimpro.exe (WebEx)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [bCU] C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)

O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)

O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)

O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark S300-S400 Series\ezprint.exe ()

O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()

O4 - HKLM..\Run: [lxdqmon.exe] C:\Program Files\Lexmark Z2400 Series\lxdqmon.exe ()

O4 - HKLM..\Run: [lxeamon.exe] C:\Program Files\Lexmark S300-S400 Series\lxeamon.exe ()

O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe ()

O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)

O4 - Startup: C:\Documents and Settings\Admin\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Admin\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Event Reminder.lnk = C:\Program Files\The Print Shop 23\Remind.exe (Broderbund Properties LLC)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WNDA3100v2 Genie.lnk = C:\Program Files\NETGEAR\WNDA3100v2\WNDA3100v2.exe ()

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\OpenVPN Client.lnk = C:\Qoobox\Quarantine\C\Program Files\OpenVPN Technologies\OpenVPN Client\core\uiboot.exe.vir ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-746137067-688789844-1801674531-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-746137067-688789844-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-21-746137067-688789844-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-21-746137067-688789844-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab (Microsoft Office Template and Media Control)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1300818914781 (MUWebControl Class)

O16 - DPF: {79D6214F-CFCE-480F-9901-27950E78F1E6} https://tpotm.com/MLWebCacheCleaner.cab (WebCacheCleaner Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://aolsvc.aol.com/onlinegames/bejeweled2/popcaploader_v10.cab (PopCapLoader Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{80D78845-1DF6-4A1D-959D-B6BAFADD98CA}: DhcpNameServer = 192.168.0.1

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2011/03/22 13:31:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/06/13 10:39:49 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe

[2013/06/13 10:39:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood

[2013/06/12 16:54:16 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2013/06/12 15:39:30 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2013/06/12 15:35:37 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2013/06/12 15:35:37 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2013/06/12 15:35:37 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2013/06/12 15:35:37 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2013/06/12 15:35:27 | 000,000,000 | ---D | C] -- C:\Qoobox

[2013/06/12 15:34:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt

[2013/06/12 14:38:59 | 000,000,000 | ---D | C] -- C:\Avenger

[2013/06/12 13:47:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2013/06/12 13:30:35 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine

[2013/06/12 13:28:35 | 005,078,680 | R--- | C] (Swearware) -- C:\Documents and Settings\Admin\Desktop\ComboFix.exe

[2013/06/12 13:26:24 | 002,240,864 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Admin\Desktop\tdsskiller.exe

[2013/06/12 12:52:00 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Admin\Start Menu\Programs\Administrative Tools

[2013/06/12 12:50:52 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\Admin\Desktop\dds.scr

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/06/13 10:39:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe

[2013/06/13 10:38:59 | 000,648,201 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\AdwCleaner.exe

[2013/06/13 10:33:10 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2013/06/13 04:44:03 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{52458429-A349-4BD3-8BCD-0FBE06BC6EC7}.job

[2013/06/13 03:25:42 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2013/06/13 03:24:50 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-746137067-688789844-1801674531-1003.job

[2013/06/13 03:24:35 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-746137067-688789844-1801674531-1003.job

[2013/06/13 03:24:32 | 000,206,824 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml

[2013/06/13 03:24:28 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\RNUpgradeHelperLogonPrompt_Admin.job

[2013/06/13 03:24:27 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2013/06/13 03:24:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2013/06/13 03:24:06 | 3488,075,776 | -HS- | M] () -- C:\hiberfil.sys

[2013/06/13 03:24:06 | 001,116,336 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2013/06/13 03:06:42 | 000,444,832 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2013/06/13 03:06:42 | 000,072,582 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2013/06/13 03:01:57 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2013/06/12 16:05:14 | 000,002,280 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\OpenVPN Client.lnk

[2013/06/12 16:04:23 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2013/06/12 16:04:00 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-746137067-688789844-1801674531-1003.job

[2013/06/12 15:39:35 | 000,000,327 | RHS- | M] () -- C:\boot.ini

[2013/06/12 13:41:16 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\ReclaimerUpdateFiles_Admin.job

[2013/06/12 13:33:41 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\ReclaimerUpdateXML_Admin.job

[2013/06/12 13:29:20 | 013,169,742 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\mbar-1.06.0.1003.zip

[2013/06/12 13:28:35 | 005,078,680 | R--- | M] (Swearware) -- C:\Documents and Settings\Admin\Desktop\ComboFix.exe

[2013/06/12 13:27:54 | 000,890,839 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\SecurityCheck.exe

[2013/06/12 13:26:24 | 002,240,864 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Admin\Desktop\tdsskiller.exe

[2013/06/12 12:50:59 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\Admin\Desktop\dds.scr

[2013/05/17 17:07:22 | 006,014,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/06/13 10:38:57 | 000,648,201 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\AdwCleaner.exe

[2013/06/12 15:39:35 | 000,000,210 | ---- | C] () -- C:\Boot.bak

[2013/06/12 15:39:31 | 000,260,272 | RHS- | C] () -- C:\cmldr

[2013/06/12 15:35:37 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2013/06/12 15:35:37 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2013/06/12 15:35:37 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2013/06/12 15:35:37 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2013/06/12 15:35:37 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2013/06/12 13:33:37 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\RNUpgradeHelperLogonPrompt_Admin.job

[2013/06/12 13:33:15 | 000,000,406 | ---- | C] () -- C:\WINDOWS\tasks\ReclaimerUpdateFiles_Admin.job

[2013/06/12 13:33:14 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\ReclaimerUpdateXML_Admin.job

[2013/06/12 13:29:20 | 013,169,742 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\mbar-1.06.0.1003.zip

[2013/06/12 13:27:54 | 000,890,839 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\SecurityCheck.exe

[2013/01/19 16:15:11 | 000,331,776 | ---- | C] () -- C:\WINDOWS\System32\LXEAinst.dll

[2013/01/19 16:15:10 | 000,372,736 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeacomm.dll

[2012/03/07 09:58:47 | 000,002,439 | ---- | C] () -- C:\Documents and Settings\Admin\PrintMaster-2012-Platinum.prefs

[2012/02/14 21:33:26 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2011/12/26 07:03:56 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2011/07/25 10:18:09 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2011/06/16 22:31:47 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2011/03/22 14:15:43 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

"ThreadingModel" = Both

"" = C:\RECYCLER\S-1-5-21-746137067-688789844-1801674531-1003\$86fd170a1c208f4eb0e74952b0c1479d\n. -- File not found

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shdocvw.dll -- [2010/12/20 17:15:52 | 001,510,400 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = C:\RECYCLER\S-1-5-18\$86fd170a1c208f4eb0e74952b0c1479d\n. -- File not found

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 07:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Admin\Desktop\mdr.mht:SummaryInformation

< End of report >

Extras.Txt

-------------------------------------------

OTL Extras logfile created on: 6/13/2013 10:42:50 AM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Admin\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.09 Gb Available Physical Memory | 64.35% Memory free

5.09 Gb Paging File | 4.06 Gb Available in Paging File | 79.80% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 465.75 Gb Total Space | 422.67 Gb Free Space | 90.75% Space Free | Partition Type: NTFS

Computer Name: MDR017 | User Name: Admin | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-746137067-688789844-1801674531-1003\SOFTWARE\Classes\<extension>]

.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{072A5217-8165-4AB7-8366-36CB3245DB60}" = OpenVPN Client

"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX360_series" = Canon MX360 series MP Drivers

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport

"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java 6 Update 24

"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1

"{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes

"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver

"{334FF5F7-7533-49F4-BFDF-3BE2BB9BEEC7}" = Sprint Mobile Broadband (Novatel Wireless) - Lite

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{390DD8BB-BB57-4942-A029-2D913E4E9D74}" = Microsoft Security Client

"{3C7839E7-21F4-49E0-B4D5-AC8ED818CCB0}" = NETGEAR WNDA3100v2 wireless USB 2.0 adapter

"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B10.0422.2

"{45B3A3BD-F90D-48FE-A147-D74878A51033}" = Nero 7 Essentials

"{485DF5E7-8379-4BFA-BAE1-9B8DBFE0D6B4}" = Paragon Backup & Recovery™ 10 Home

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD

"{6CEEE651-C102-4176-B61C-F5CC65051A8E}" = Presto! PageManager 7.16

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour

"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime

"{82AC7469-FF0E-4474-983D-EA9C422A11A3}" = WebScan DoRA

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support

"{A2F991E7-DDCD-42B7-AFEC-47789A099FDC}" = Browser Configuration Utility

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime

"{AC54E544-3E42-443C-A91D-A00A6974C592}" = NVIDIA PhysX v8.10.13

"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch

"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)

"{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}" = RealDownloader

"{C0510E20-B6DA-47AC-B435-29CAAB68E53A}" = HP Scanjet N6010 Drivers and Tools

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}" = WinZip 11.1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D3A04D2F-28C4-4D9C-8487-DAB75992AE09}" = AIM Pro

"{D49B0B95-DF54-40E9-9169-8BB6A6A1E03F}" = The Print Shop 23

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"5354-7805-5584-7014" = PrintMaster 2012 Platinum

"Adobe Acrobat 8 Professional - English, Français, Deutsch" = Adobe Acrobat 8.1.3 Professional

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Photoshop 7.0" = Adobe Photoshop 7.0

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"ALPS MD-1000" = ALPS MD-1000 Printer Driver

"Canon MX360 series User Registration" = Canon MX360 series User Registration

"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program

"CanonMyPrinter" = Canon My Printer

"CanonSolutionMenuEX" = Canon Solution Menu EX

"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows

"CXT10B6" = AOpen FM56-PV Controllerless PCI Modem

"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX

"Google Chrome" = Google Chrome

"ie8" = Windows Internet Explorer 8

"Lexmark S300-S400 Series" = Lexmark S300-S400 Series

"Lexmark Z2400 Series" = Lexmark Z2400 Series

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft Security Client" = Microsoft Security Essentials

"MP Navigator EX 4.1" = Canon MP Navigator EX 4.1

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"NVIDIA Drivers" = NVIDIA Drivers

"Rapport_msi" = Rapport

"Speed Dial Utility" = Canon Speed Dial Utility

"WebPost" = Microsoft Web Publishing Wizard 1.52

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-746137067-688789844-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"3 Tor" = 3 Tor

"Dropbox" = Dropbox

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 3/27/2013 5:25:11 PM | Computer Name = MDR017 | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 1985

Error - 3/27/2013 5:25:13 PM | Computer Name = MDR017 | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 3/27/2013 5:25:13 PM | Computer Name = MDR017 | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 3954

Error - 3/27/2013 5:25:13 PM | Computer Name = MDR017 | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 3954

Error - 3/27/2013 5:25:15 PM | Computer Name = MDR017 | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 3/27/2013 5:25:15 PM | Computer Name = MDR017 | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 5907

Error - 3/27/2013 5:25:15 PM | Computer Name = MDR017 | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 5907

Error - 6/12/2013 2:30:07 PM | Computer Name = MDR017 | Source = crypt32 | ID = 131083

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file.

Error - 6/12/2013 2:30:07 PM | Computer Name = MDR017 | Source = crypt32 | ID = 131083

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file.

Error - 6/12/2013 5:54:20 PM | Computer Name = MDR017 | Source = Application Error | ID = 1000

Description = Faulting application ~!#11.tmp, version 0.0.0.0, faulting module ~!#11.tmp,

version 0.0.0.0, fault address 0x0000112b.

[ System Events ]

Error - 6/12/2013 5:01:10 PM | Computer Name = MDR017 | Source = PlugPlayManager | ID = 11

Description = The device Root\LEGACY_NPF\0000 disappeared from the system without

first being prepared for removal.

Error - 6/12/2013 5:03:54 PM | Computer Name = MDR017 | Source = Service Control Manager | ID = 7009

Description = Timeout (30000 milliseconds) waiting for the lxdqCATSCustConnectService

service to connect.

Error - 6/12/2013 5:03:54 PM | Computer Name = MDR017 | Source = Service Control Manager | ID = 7000

Description = The lxdqCATSCustConnectService service failed to start due to the

following error: %%1053

Error - 6/12/2013 5:03:54 PM | Computer Name = MDR017 | Source = Service Control Manager | ID = 7009

Description = Timeout (30000 milliseconds) waiting for the lxeaCATSCustConnectService

service to connect.

Error - 6/12/2013 5:03:54 PM | Computer Name = MDR017 | Source = Service Control Manager | ID = 7000

Description = The lxeaCATSCustConnectService service failed to start due to the

following error: %%1053

Error - 6/13/2013 4:25:44 AM | Computer Name = MDR017 | Source = Service Control Manager | ID = 7009

Description = Timeout (30000 milliseconds) waiting for the lxdqCATSCustConnectService

service to connect.

Error - 6/13/2013 4:25:44 AM | Computer Name = MDR017 | Source = Service Control Manager | ID = 7000

Description = The lxdqCATSCustConnectService service failed to start due to the

following error: %%1053

Error - 6/13/2013 4:25:44 AM | Computer Name = MDR017 | Source = Service Control Manager | ID = 7009

Description = Timeout (30000 milliseconds) waiting for the lxeaCATSCustConnectService

service to connect.

Error - 6/13/2013 4:25:44 AM | Computer Name = MDR017 | Source = Service Control Manager | ID = 7000

Description = The lxeaCATSCustConnectService service failed to start due to the

following error: %%1053

Error - 6/13/2013 4:25:44 AM | Computer Name = MDR017 | Source = Service Control Manager | ID = 7023

Description = The Computer Browser service terminated with the following error:

%%1060

< End of report >

ESETLOG.txt

-------------------------------------

C:\Documents and Settings\Admin\Application Data\Sun\Java\Deployment\cache\6.0\22\6bddbdd6-4403760f multiple threats cleaned by deleting - quarantined

C:\Documents and Settings\Admin\Application Data\Sun\Java\Deployment\cache\6.0\22\6bddbdd6-4d75bfe0 a variant of Win32/Kryptik.AXNL trojan cleaned by deleting - quarantined

C:\Documents and Settings\Admin\Application Data\Sun\Java\Deployment\cache\6.0\41\4e7b48a9-3baafdf0 a variant of Java/Exploit.Agent.ONI trojan cleaned by deleting - quarantined

C:\Documents and Settings\Admin\Application Data\Sun\Java\Deployment\cache\6.0\55\1c69dc37-51d3cb84 a variant of Java/Exploit.Agent.ONI trojan cleaned by deleting - quarantined

C:\Documents and Settings\Admin\Local Settings\temp\ahaewrr.exe a variant of Win32/Kryptik.BDLM trojan cleaned by deleting - quarantined

C:\Documents and Settings\Admin\Local Settings\temp\~!#10.tmp a variant of Win32/Kryptik.BDLM trojan cleaned by deleting - quarantined

C:\Documents and Settings\Admin\Local Settings\temp\~!#11.tmp a variant of Win32/Kryptik.BDKP trojan cleaned by deleting - quarantined

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\30\2e95ad9e-14bab421 Win32/Sirefef.EV trojan cleaned by deleting - quarantined

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\48\63a09c70-342b0da3 a variant of Win32/Kryptik.AXRJ trojan cleaned by deleting - quarantined

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\53\21a4535-20de9324 Java/Exploit.Agent.NOS trojan cleaned by deleting - quarantined

C:\TDSSKiller_Quarantine\12.06.2013_13.30.11\rtkt0000\svc0000\tsk0000.dta Win32/Simda.M.Gen trojan deleted - quarantined

Operating memory multiple threats

Link to post
Share on other sites

----------Step 1----------------

We need to run an OTL Fix

  • Please reopen otlicon.png on your desktop.
  • Copy and Paste the following code into the customscanfix.png textbox.
    :OTL
    [2011/03/22 14:15:43 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
    "ThreadingModel" = Both
    "" = C:\RECYCLER\S-1-5-21-746137067-688789844-1801674531-1003\$86fd170a1c208f4eb0e74952b0c1479d\n. -- File not found

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shdocvw.dll -- [2010/12/20 17:15:52 | 001,510,400 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = C:\RECYCLER\S-1-5-18\$86fd170a1c208f4eb0e74952b0c1479d\n. -- File not found
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 07:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    :Commands
    [purity]
    [emptytemp]
    [emptyjava]
    [emptyflash]
    [Reboot]


  • Push runfix.png
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.

----------Step 2----------------

Instructions for DELETE:

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.

Afterwards, please reboot the computer.

----------Step 3----------------

Please post the OTL and AdwCleaner reports in your next reply. How are things running now?

Link to post
Share on other sites

Things seem fine. Need to find a way to monitor any outbound spam mail from this computer.

OTL06132013_171343.log

-----------------------------------------------

All processes killed

========== OTL ==========

C:\WINDOWS\assembly\Desktop.ini moved successfully.

File EY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.

File EY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] not found.

File EY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.

Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]\ not found.

Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]\ not found.

C:\WINDOWS\SET3.tmp deleted successfully.

C:\WINDOWS\SET4.tmp deleted successfully.

C:\WINDOWS\SET8.tmp deleted successfully.

C:\WINDOWS\System32\CONFIG.TMP deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: Admin

->Temp folder emptied: 1527652 bytes

->Temporary Internet Files folder emptied: 43327418 bytes

->Java cache emptied: 8630597 bytes

->Google Chrome cache emptied: 31907458 bytes

->Flash cache emptied: 77910 bytes

User: All Users

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 9470086 bytes

->Java cache emptied: 0 bytes

->Flash cache emptied: 13964 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 39793442 bytes

->Java cache emptied: 246111 bytes

->Flash cache emptied: 25023 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 10036 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 14518949 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 143.00 mb

[EMPTYJAVA]

User: Admin

->Java cache emptied: 0 bytes

User: All Users

User: Default User

User: LocalService

->Java cache emptied: 0 bytes

User: NetworkService

->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb

[EMPTYFLASH]

User: Admin

->Flash cache emptied: 0 bytes

User: All Users

User: Default User

User: LocalService

->Flash cache emptied: 0 bytes

User: NetworkService

->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 06132013_171343

Files\Folders moved on Reboot...

File\Folder C:\Documents and Settings\Admin\Local Settings\Temp\~DF3557.tmp not found!

File\Folder C:\Documents and Settings\Admin\Local Settings\Temp\~DF3705.tmp not found!

File\Folder C:\Documents and Settings\Admin\Local Settings\Temp\~DF8F50.tmp not found!

File\Folder C:\Documents and Settings\Admin\Local Settings\Temp\~DF8F61.tmp not found!

File\Folder C:\Documents and Settings\Admin\Local Settings\Temp\~DF8FA3.tmp not found!

File\Folder C:\Documents and Settings\Admin\Local Settings\Temp\~DF8FB4.tmp not found!

File\Folder C:\Documents and Settings\Admin\Local Settings\Temp\~DF90A4.tmp not found!

File\Folder C:\Documents and Settings\Admin\Local Settings\Temp\~DF90B5.tmp not found!

File\Folder C:\Documents and Settings\Admin\Local Settings\Temp\~DF91B2.tmp not found!

File\Folder C:\Documents and Settings\Admin\Local Settings\Temp\~DF91C3.tmp not found!

C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\YOXZ59B4\fastbutton[1].htm moved successfully.

C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\NU25OVGC\zrt_lookup[1].html moved successfully.

C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\KR0DDE5G\125[1].htm moved successfully.

C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\KR0DDE5G\online-scanner[1].htm moved successfully.

C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\KR0DDE5G\s-BiyweUPV0v-yRb-cjciFQlYEbsez9cZjKsNMjLOwM[1].eot moved successfully.

C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\A5B91A72\1028393326[1].htm moved successfully.

C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\A5B91A72\eec4b47b89ed52d7957c383ca9382bfc[2].htm moved successfully.

C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\A5B91A72\PIE[1].htc moved successfully.

C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\3FFIEK0C\blank[2].htm moved successfully.

C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\1M913OK5\index[1].php moved successfully.

C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\SuggestedSites.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

AdwCleaner[s1].txt

-------------------------------------------------------------------------

# AdwCleaner v2.303 - Logfile created 06/14/2013 at 10:11:51

# Updated 08/06/2013 by Xplode

# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)

# User : Admin - MDR017

# Boot Mode : Normal

# Running from : C:\Documents and Settings\Admin\Desktop\AdwCleaner.exe

# Option [Delete]

***** [services] *****

Stopped & Deleted : BCUService

***** [Files / Folders] *****

Folder Deleted : C:\Program Files\DeviceVM

***** [Registry] *****

Key Deleted : HKCU\Software\DeviceVM

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A}

Key Deleted : HKCU\Software\YahooPartnerToolbar

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{77AA6435-2488-4A94-9FE5-49519DD2ED9B}

Key Deleted : HKLM\Software\DeviceVM

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [bCU]

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Google Chrome v27.0.1453.110

File : C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1602 octets] - [13/06/2013 10:40:30]

AdwCleaner[s1].txt - [1566 octets] - [14/06/2013 10:11:51]

########## EOF - C:\AdwCleaner[s1].txt - [1626 octets] ##########

Link to post
Share on other sites

Things look good. Judging by your last few logs, I'd say your system is clean. :)

Before we move on, please take the time to install the following updates. Program updates are a critical part of your computer's safety net, as outdated applications leave you vulnerable to malware.

---------

Upgrade Java : (32 bits)

  • Download the latest version of Java SE Runtime Environment (JRE) JRE 7 Update 3 .
  • Under the JAVA Platform Standard Edition, click the "Download JRE" button to the right.
  • Accept License Agreement.".
  • Click on the link to download Windows Offline Installation 32 bit ( jre-7u3-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista or Win 7 users, right click on the jre-7u3-windows-i586.exe and select "Run as an Administrator.")

---------

Your version of Adobe Reader is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Adobe components and update:

  • Download the latest version of Adobe Reader and save it to your desktop.
  • Uncheck the "Free McAfee Security plan Plus" option or any other Toolbar you are offered
  • Click the download button at the bottom.
  • If you use Internet Explorer and do not wish to install the ActiveX element, simply click on the click here to download link on the next page.
  • Remove all older version of Adobe Reader: Go to Add/remove and uninstall all versions of Adobe Reader, Acrobat Reader and Adobe Acrobat.
    If you are unsure of how to use Add or Remove Programs, the please see this tutorial:How To Remove An Installed Program From Your Computer
  • Then from your desktop double-click on Adobe Reader to install the newest version.
    If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the "Adobe Setup - Welcome" window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.

---------

Please let me know how the updates went, as failed updates may be dule to malware.

Link to post
Share on other sites

Glad to hear the updates went successfully!

Unless there are any other issues, I will now provide you with some steps to better protect your computer.

First, however we need to remove ComboFix.

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall

-------------------

Let's remove OTL and the other tools we used as well:

  • Reopen otlicon.png on your desktop.
  • Click on cleanup.png
  • You will be prompted to reboot your system. Please do so.

-------------------

Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future. :)

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

-------------------

It is really dangerous to go online without an antivirus. Without one, you are extremely likely to get infected and the consequences could be even worse next time. All of the following are excellent free antiviruses. Be sure to only install one.

avast!.

AntiVir

AVG

Microsoft Security Essentials

-------------------

Please consider installing and running some of the following programs; they are either free or have free versions of commercial programs:

Spybot-Search & Destroy

A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features if you don't have the resident part of another anti-spyware program running.

SpywareBlaster

A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.

SpywareGuard

A tutorial on using SpywareGuard for real-time protection against spyware and hijackers may be found here.

-------------------

Please, consider maintaining a firewall with HIPS (Host Intrusion Prevention Systems). Firewalls are extremely important and are the first part of your computer's defense. HIPS stops malware by monitoring its behavior and it's very important, too.

A firewall is a software program or piece of hardware that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet.

If you are using the Windows Firewall please note that it doesn't monitor or block outbound traffic and is therefore less effective than other free alternatives.

These firewalls are good and do have free versions available

A tutorial on understanding and using firewalls may be found here.

-------------------

Please keep your security programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time.

-------------------

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:

http://www.spywarewa...nti-spyware.htm

A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

-------------------

Please consider using an alternate browser. Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScripts, can make it even more secure. Opera is another good option.

If you are interested, Firefox may be downloaded from here

Opera is available here: http://www.opera.com/download/

-------------------

For more useful information, please also read Tony Klein's excellent article: How did I get infected in the first place

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help.

-------------------

I would grateful if you could reply to this post so that I know you have read it and, if you have no other questions, the thread can then be closed.

I will leave the thread open for a few more days. If you need anything, just come back here and let me know. After that time you will have to send me a PM.

---------------------------------------------------------

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against malware, then click here:

paypal.gif Every little bit helps. smile.png

-DFB

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

After further review, I cannot get into my Windows Firewall settings window, and tried to uninstall and reinstall MSE, which is also failing to reinstall. I suspect I am still Hi-Jacked...

Firewall:

"Due to an unidentified problem, Windows cannot display Windows Firewall settings."

MSE:

During re-installation I get "Cannot complete the Security Essentials installation" Error Code: 0x80070643

Link to post
Share on other sites

Please download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt

--------------------

Next, run the 'fixdamage' tool included with Malwarebytes Anti-Rootkit located within the ‘Plugins’ folder and reboot.

Have the issues been resolved now?

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.