Jump to content

malware removal help requested


Recommended Posts

My computer restarted after which my desktop was empty, my desktop picture was missing, and the program list from the start button is empty.

When I go to windows explorer I can go to program files and I see all of programs but the icons are light.

I tried to run dds.scr but it opens in notepad.

I saw in another log where the person who started the thread was instructed to post the files that he had. So I have attacked the mbam-log quick scan 2 runs the 1st run detected and removed a number of files, the 2nd run came out clean. I also attached the gmer file.

I hope you are able to help me.

Thanks,

Jerry

I just found this link dds script fix on bleeping computers.

...

Posted 30 May 2010 - 03:53 PM

Hi,

please download this file: xp_scr_fix.

Unpack the file onto your desktop and double-click it. You will be asked if you wish to merge the file with you registry, say yes.

You should then be able to run DDS.scr.

regards myrti

...

The poster belongs to a group Malware Removal Instructor.

Thanks,

Jerry

mbam-log-2011-07-10 (13-57-07).txt

mbam-log-2011-07-10 (21-28-01).txt

ark.txt

Link to post
Share on other sites

Thanks for getting back to me.

Sorry about sending the logs as attachments.

MBAM - I'm at work now, I will update, quick scan, and post the resutls later.

DDS - I am unable to run DDS, the file opens in notepad. I found a thread on Bleeping computers that mentioned running a scr fix program. As I have already initiated your team I thought I would wait to hear from you before doing this.

Thanks,

Jerry

Link to post
Share on other sites

Here is the MBAM quick scan log:

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7146

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.11

15/07/2011 10:21:04 AM

mbam-log-2011-07-15 (10-21-04).txt

Scan type: Quick scan

Objects scanned: 182532

Time elapsed: 16 minute(s), 25 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

  • Staff

Hi,

Try this instead:

Download OTL.exe by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe.
  • Click Run Scan and let the program run uninterrupted.
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.

Link to post
Share on other sites

hers is the Extra.txt file

OTL Extras logfile created on: 18/07/2011 12:32:29 AM - Run 1

OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Main\My Documents\Downloads

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.11)

Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 1.35 Gb Available Physical Memory | 67.65% Memory free

2.58 Gb Paging File | 2.13 Gb Available in Paging File | 82.68% Paging File free

Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 34.33 Gb Total Space | 2.31 Gb Free Space | 6.72% Space Free | Partition Type: NTFS

Computer Name: DELL | User Name: Main | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)

InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [ACDBrowse] -- "C:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe" "%1" (ACD Systems Ltd.)

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 1

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\WINDOWS\SYSTEM32\MMC.EXE" = C:\WINDOWS\SYSTEM32\MMC.EXE:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)

"C:\Program Files\Azureus\Azureus.exe" = C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus

"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)

"C:\Program Files\BitTorrent\BitTorrent.exe" = C:\Program Files\BitTorrent\BitTorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)

"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java Platform SE binary -- (Sun Microsystems, Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE

"{109D28C7-FB38-483A-9C91-001CB59E2699}" = EPSON CardMonitor

"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in

"{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}" = Intel® PROSet for Wired Connections

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{1D643CD4-4DD6-11D7-A4E0-000874180BB3}" = Microsoft Money 2004

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{24AE6B5B-3D5A-488C-9224-1BEE11F75DD9}" = TurboTax 2010

"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java 6 Update 23

"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes

"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour

"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support

"{2E0695EE-ED29-4D96-BD77-2A9A17EDF0D6}" = Cypress USB Mass Storage Driver Installation

"{30C50520-1B5E-4FD1-A87B-444F86E21033}" = Nero 7 Premium

"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java SE Runtime Environment 6 Update 1

"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java 6 Update 3

"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{35725FBC-A136-4A46-9F29-091759D9BB93}" = MVision

"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold

"{3F9463B3-D41D-443E-B072-4AD7A1E2A149}" = London Drugs Calendars and Cards

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3

"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger

"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime

"{5783F2D7-0301-0409-0002-0060B0CE6BBA}" = AutoCAD 2005 - English

"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool

"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.3

"{6B36DEBF-27D0-4B1E-858D-D397091C6C7D}" = HP Precisionscan Pro 3.1

"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer

"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03

"{72E3FF67-450F-4ADD-99A7-4147780F6C7B}_is1" = Shaw Support 3.3.2

"{748F4870-8350-11D3-B0BF-080009FB4A19}" = HP Share-to-Web

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware

"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client

"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor

"{7C5B4583-7CBF-4289-B195-03B553959DEA}" = VoiceOver Kit

"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport

"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper

"{82C19692-571C-45D2-BAF2-278225787A35}" = ImageMixer 3 SE

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar

"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility

"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver

"{8C64E145-54BA-11D6-91B1-00500462BE80}" = Microsoft Money 2004 System Pack

"{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}" = Musicmatch® Jukebox

"{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}" = Logitech QuickCam

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9DE9E293-5D7B-4312-88C2-BDFAEC5310AE}" = Microsoft .NET Framework 3.0

"{9ECE13D2-C028-44CB-8A96-A65196E7BBE7}_is1" = Convert AVI to MP4 1.3

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AA0D2D5F-612B-45D3-8759-DA87206E5CC9}" = QuickTax 2008

"{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}" = Dell Media Experience

"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0

"{B0255743-165B-4BD5-8DA8-37DFB9930014}" = Norton Ghost

"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars

"{BA63612E-0458-416A-ADCD-B2349194F20F}" = Creative ZEN Nano Plus

"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5

"{BEF726DD-4037-4214-8C6A-E625C02D2870}" = Logitech Audio Echo Cancellation Component

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update

"{C48817E7-AA05-4151-A99D-1E1E550CE801}" = EPSON PhotoStarter3.1

"{C73F2967-062E-48F2-A462-D335B8950183}" = Safari

"{C9E4932C-8417-4E4C-A0E3-EE534810AB4D}" = ClearType Tuning Control Panel Applet

"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CDE4CC8B-134B-421E-943C-90799E56F664}" = Dell Media Experience Update

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center

"{D8320DD6-FE47-41DE-B116-4158B7AE3F37}" = ACDSee for Pentax 2.0

"{E4375AC9-EDE1-4943-A0E3-801CEB7041DF}" = Dell Support 3.2.1

"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer

"{ECB9C58E-C565-4683-9599-B72290BD3B25}" = QuickTax 2009

"{F007CBCE-D714-4C0B-8CE9-9B0D78116468}" = ViewNX

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe InDesign 2.0" = Adobe InDesign 2.0.1

"Adobe Photoshop 6.0" = Adobe Photoshop 6.0

"Adobe SVG Viewer" = Adobe SVG Viewer 3.0

"Audacity_is1" = Audacity 1.2.6

"AudibleManager" = AudibleManager

"Autodesk DWF Viewer" = Autodesk DWF Viewer

"BitTorrent" = BitTorrent

"BitTorrentBar Toolbar" = BitTorrentBar Toolbar

"CAL" = Canon Camera Access Library

"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX

"CameraWindowLauncher" = Canon Utilities CameraWindow

"conduitEngine" = Conduit Engine

"CSCLIB" = Canon Camera Support Core Library

"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver

"EOS Utility" = Canon Utilities EOS Utility

"EPSON Printer and Utilities" = EPSON Printer Software

"Handbrake" = Handbrake 0.9.4

"HijackThis" = HijackThis 2.0.2

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"Intel® 537EP V9x DF PCI Modem" = Intel® 537EP V9x DF PCI Modem

"jZip" = jZip

"LAME for Audacity_is1" = LAME v3.98.2 for Audacity

"legacyqcam_11.00" = Logitech Legacy USB Camera Driver Package

"lvdrivers_11.50" = Logitech QuickCam Driver Package

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800

"MetaFrame Presentation Server Web Client for Win32" = MetaFrame Presentation Server Web Client for Win32

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.0" = Microsoft .NET Framework 3.0

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft Security Client" = Microsoft Security Essentials

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"MSNINST" = MSN

"MSTrueTypeProperties" = Microsoft OpenType Font Properties Extension (Remove Only)

"MyCamera" = Canon Utilities MyCamera

"Nero Sipps!UninstallKey" = Nero Sipps

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"NoAdware_is1" = NoAdware v4.0

"Picasa 3" = Picasa 3

"PROSet" = Intel® PRO Network Adapters and Drivers

"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX

"RealPlayer 12.0" = RealPlayer

"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX

"Shaw Internet Update_is1" = Shaw Internet Update 3.3.1

"SM1FX_AT" = USB Storage Adapter FX (SM1)

"Spyware Doctor" = Spyware Doctor 7.0

"SysInfo" = Creative System Information

"TeamViewer 3" = TeamViewer 3

"uTorrent" = µTorrent

"ViewpointMediaPlayer" = Viewpoint Media Player

"VLC media player" = VLC media player 1.1.5

"VSO ConvertXtoDVD_is1" = ConvertXtoDVD 2.1.8.191

"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7

"WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"winusb0100" = Microsoft WinUsb 1.0

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"f031ef6ac137efc5" = Dell Driver Download Manager

"Google Chrome" = Google Chrome

"System Qualifier" = System Qualifier

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 06/07/2011 9:45:07 PM | Computer Name = DELL | Source = MPSampleSubmission | ID = 5000

Description = EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4

3.0.8107.0, P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),

P8 NIL, P9 NIL, P10 NIL.

Error - 07/07/2011 8:41:46 AM | Computer Name = DELL | Source = MPSampleSubmission | ID = 5000

Description = EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4

3.0.8107.0, P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),

P8 NIL, P9 NIL, P10 NIL.

Error - 07/07/2011 8:42:14 AM | Computer Name = DELL | Source = Microsoft Security Client | ID = 5000

Description =

Error - 07/07/2011 8:42:32 AM | Computer Name = DELL | Source = MPSampleSubmission | ID = 5000

Description = EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4

3.0.8107.0, P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),

P8 NIL, P9 NIL, P10 NIL.

Error - 07/07/2011 8:42:43 AM | Computer Name = DELL | Source = Microsoft Security Client | ID = 5000

Description =

Error - 07/07/2011 8:43:55 AM | Computer Name = DELL | Source = MPSampleSubmission | ID = 5000

Description = EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4

3.0.8107.0, P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),

P8 NIL, P9 NIL, P10 NIL.

Error - 07/07/2011 9:22:47 AM | Computer Name = DELL | Source = Application Error | ID = 1000

Description = Faulting application mbam.exe, version 1.51.0.1074, faulting module

ntdll.dll, version 5.1.2600.6055, fault address 0x00010a19.

Error - 08/07/2011 12:42:18 AM | Computer Name = DELL | Source = MPSampleSubmission | ID = 5000

Description = EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4

3.0.8107.0, P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),

P8 NIL, P9 NIL, P10 NIL.

Error - 09/07/2011 12:42:17 AM | Computer Name = DELL | Source = MPSampleSubmission | ID = 5000

Description = EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4

3.0.8107.0, P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),

P8 NIL, P9 NIL, P10 NIL.

Error - 10/07/2011 12:42:17 AM | Computer Name = DELL | Source = MPSampleSubmission | ID = 5000

Description = EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4

3.0.8107.0, P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),

P8 NIL, P9 NIL, P10 NIL.

[ System Events ]

Error - 17/07/2011 2:34:42 AM | Computer Name = DELL | Source = Microsoft Antimalware | ID = 2001

Description = %%860 has encountered an error trying to update signatures. New Signature

Version: Previous Signature Version: 1.107.1229.0 Update Source: %%859 Update Stage:

%%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current

Engine Version: Previous Engine Version: 1.1.7000.0 Error code: 0x80070424 Error

description: The specified service does not exist as an installed service.

Error - 17/07/2011 2:34:49 AM | Computer Name = DELL | Source = Microsoft Antimalware | ID = 2001

Description = %%860 has encountered an error trying to update signatures. New Signature

Version: Previous Signature Version: 1.107.1229.0 Update Source: %%851 Update Stage:

%%852 Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.7000.0&avdelta=1.107.1229.0&asdelta=1.107.1229.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

Signature

Type: %%800 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:

Previous Engine Version: 1.1.7000.0 Error code: 0x80072f76 Error description: The

requested header was not found

Error - 17/07/2011 2:34:49 AM | Computer Name = DELL | Source = Microsoft Antimalware | ID = 2001

Description = %%860 has encountered an error trying to update signatures. New Signature

Version: Previous Signature Version: 1.107.1229.0 Update Source: %%851 Update Stage:

%%852 Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.7000.0&avdelta=1.107.1229.0&asdelta=1.107.1229.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

Signature

Type: %%801 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:

Previous Engine Version: 1.1.7000.0 Error code: 0x80072f76 Error description: The

requested header was not found

Error - 17/07/2011 2:34:49 AM | Computer Name = DELL | Source = Microsoft Antimalware | ID = 2001

Description = %%860 has encountered an error trying to update signatures. New Signature

Version: Previous Signature Version: 1.107.1229.0 Update Source: %%851 Update Stage:

%%852 Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.7000.0&avdelta=1.107.1229.0&asdelta=1.107.1229.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

Signature

Type: %%800 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:

Previous Engine Version: 1.1.7000.0 Error code: 0x80072f76 Error description: The

requested header was not found

Error - 17/07/2011 2:34:49 AM | Computer Name = DELL | Source = Microsoft Antimalware | ID = 2001

Description = %%860 has encountered an error trying to update signatures. New Signature

Version: Previous Signature Version: 1.107.1229.0 Update Source: %%851 Update Stage:

%%852 Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.7000.0&avdelta=1.107.1229.0&asdelta=1.107.1229.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

Signature

Type: %%801 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:

Previous Engine Version: 1.1.7000.0 Error code: 0x80072f76 Error description: The

requested header was not found

Error - 17/07/2011 9:57:14 PM | Computer Name = DELL | Source = Microsoft Antimalware | ID = 2001

Description = %%860 has encountered an error trying to update signatures. New Signature

Version: Previous Signature Version: 1.107.1229.0 Update Source: %%859 Update Stage:

%%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current

Engine Version: Previous Engine Version: 1.1.7000.0 Error code: 0x80070424 Error

description: The specified service does not exist as an installed service.

Error - 17/07/2011 9:57:38 PM | Computer Name = DELL | Source = Microsoft Antimalware | ID = 2001

Description = %%860 has encountered an error trying to update signatures. New Signature

Version: Previous Signature Version: 1.107.1229.0 Update Source: %%851 Update Stage:

%%852 Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.7000.0&avdelta=1.107.1229.0&asdelta=1.107.1229.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

Signature

Type: %%800 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:

Previous Engine Version: 1.1.7000.0 Error code: 0x80072f76 Error description: The

requested header was not found

Error - 17/07/2011 9:57:38 PM | Computer Name = DELL | Source = Microsoft Antimalware | ID = 2001

Description = %%860 has encountered an error trying to update signatures. New Signature

Version: Previous Signature Version: 1.107.1229.0 Update Source: %%851 Update Stage:

%%852 Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.7000.0&avdelta=1.107.1229.0&asdelta=1.107.1229.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

Signature

Type: %%801 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:

Previous Engine Version: 1.1.7000.0 Error code: 0x80072f76 Error description: The

requested header was not found

Error - 17/07/2011 9:57:38 PM | Computer Name = DELL | Source = Microsoft Antimalware | ID = 2001

Description = %%860 has encountered an error trying to update signatures. New Signature

Version: Previous Signature Version: 1.107.1229.0 Update Source: %%851 Update Stage:

%%852 Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.7000.0&avdelta=1.107.1229.0&asdelta=1.107.1229.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

Signature

Type: %%800 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:

Previous Engine Version: 1.1.7000.0 Error code: 0x80072f76 Error description: The

requested header was not found

Error - 17/07/2011 9:57:38 PM | Computer Name = DELL | Source = Microsoft Antimalware | ID = 2001

Description = %%860 has encountered an error trying to update signatures. New Signature

Version: Previous Signature Version: 1.107.1229.0 Update Source: %%851 Update Stage:

%%852 Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.7000.0&avdelta=1.107.1229.0&asdelta=1.107.1229.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

Signature

Type: %%801 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:

Previous Engine Version: 1.1.7000.0 Error code: 0x80072f76 Error description: The

requested header was not found

< End of report >

Link to post
Share on other sites

Here is teh OTL.txt log:

OTL logfile created on: 18/07/2011 12:32:29 AM - Run 1

OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Main\My Documents\Downloads

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.11)

Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 1.35 Gb Available Physical Memory | 67.65% Memory free

2.58 Gb Paging File | 2.13 Gb Available in Paging File | 82.68% Paging File free

Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 34.33 Gb Total Space | 2.31 Gb Free Space | 6.72% Space Free | Partition Type: NTFS

Computer Name: DELL | User Name: Main | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/18 00:30:12 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Main\My Documents\Downloads\OTL.exe

PRC - [2010/11/30 14:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe

PRC - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

PRC - [2010/05/14 12:44:46 | 000,501,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe

PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007/10/25 17:33:22 | 000,563,984 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

PRC - [2007/10/19 14:19:22 | 000,141,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

PRC - [2007/10/19 14:17:28 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

PRC - [2006/08/28 21:57:12 | 000,395,776 | ---- | M] (Gteko Ltd.) -- C:\Program Files\Dell Support\DSAgnt.exe

PRC - [2001/07/03 10:17:04 | 000,065,536 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe

========== Modules (SafeList) ==========

MOD - [2011/07/18 00:30:12 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Main\My Documents\Downloads\OTL.exe

MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

MOD - [2007/10/19 14:19:10 | 000,109,080 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcInj.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)

SRV - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)

SRV - [2010/03/15 11:50:36 | 001,142,224 | ---- | M] (PC Tools) [Disabled | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)

SRV - [2010/03/11 11:09:22 | 000,366,840 | ---- | M] (PC Tools) [Disabled | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)

SRV - [2010/02/02 09:13:54 | 000,070,928 | ---- | M] (PC Tools) [Disabled | Stopped] -- C:\Program Files\Spyware Doctor\TFEngine\TFService.exe -- (ThreatFire)

SRV - [2008/01/19 20:01:08 | 004,388,192 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Norton Ghost\Agent\VProSvc.exe -- (Norton Ghost)

SRV - [2007/12/20 17:13:46 | 001,553,896 | ---- | M] (Symantec) [On_Demand | Stopped] -- C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe -- (SymSnapService)

SRV - [2007/10/19 14:21:16 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)

SRV - [2007/10/19 14:19:22 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)

SRV - [2007/10/19 14:17:28 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)

SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)

SRV - [2007/01/31 15:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Disabled | Stopped] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)

SRV - [2005/04/26 20:46:56 | 000,074,360 | ---- | M] (Autodesk, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)

========== Driver Services (SafeList) ==========

DRV - [2011/07/11 20:52:09 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{01C494BE-5CCC-4A31-9F55-9D04E3C66905}\MpKsl6f6a4fa2.sys -- (MpKsl6f6a4fa2)

DRV - [2010/04/08 14:29:32 | 000,063,360 | ---- | M] (PC Tools) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\pctplsg.sys -- (pctplsg)

DRV - [2010/03/29 10:06:14 | 000,218,592 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)

DRV - [2010/02/05 09:17:56 | 000,233,136 | ---- | M] (PC Tools) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\pctgntdi.sys -- (pctgntdi)

DRV - [2008/04/13 13:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\nwlnkipx.sys -- (NwlnkIpx)

DRV - [2008/01/19 20:12:42 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\WimFltr.sys -- (WimFltr)

DRV - [2008/01/19 19:45:40 | 000,038,112 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\v2imount.sys -- (v2imount)

DRV - [2008/01/19 19:40:16 | 000,015,088 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\vproeventmonitor.sys -- (VProEventMonitor)

DRV - [2007/12/20 17:13:54 | 000,136,416 | ---- | M] (StorageCraft) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symsnap.sys -- (symsnap)

DRV - [2007/10/19 14:16:30 | 002,109,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\Lvckap.sys -- (LVcKap)

DRV - [2007/10/11 21:01:06 | 000,023,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\lvuvcflt.sys -- (FilterService)

DRV - [2007/10/11 21:00:54 | 003,647,384 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\lvuvc.sys -- (LVUVC) Logitech QuickCam Pro 9000(UVC)

DRV - [2007/10/11 21:00:42 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\LVUSBSta.sys -- (LVUSBSta)

DRV - [2007/10/11 20:59:12 | 001,920,920 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\lvpopflt.sys -- (lvpopflt)

DRV - [2007/10/11 19:59:24 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\LVPr2Mon.sys -- (LVPr2Mon)

DRV - [2007/10/11 19:59:02 | 002,142,488 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\LVMVdrv.sys -- (LVMVDrv)

DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys -- (dsunidrv)

DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\winusb.sys -- (WinUSB)

DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)

DRV - [2005/09/14 07:15:44 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\pfc.sys -- (pfc)

DRV - [2004/08/04 06:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\NWLNKNB.SYS -- (NwlnkNb)

DRV - [2004/08/04 06:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\NWLNKSPX.SYS -- (NwlnkSpx)

DRV - [2004/06/15 23:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC53.sys -- (IntelC53)

DRV - [2004/03/05 23:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC52.sys -- (IntelC52)

DRV - [2004/03/05 23:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC51.sys -- (IntelC51)

DRV - [2004/03/05 23:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys -- (mohfilt)

DRV - [2002/11/08 14:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.weatheroffice.ec.gc.ca/city/pages/mb-38_metric_e.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\prxtbBit2.dll (Conduit Ltd.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Search"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Documents and Settings\Main\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll (Google Inc.)

[2011/04/30 21:32:55 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\rtfsum42.default\extensions

[2010/12/12 11:34:05 | 000,000,000 | -H-D | M] (BitTorrentBar Community Toolbar) -- C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\rtfsum42.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}

[2010/12/12 11:34:10 | 000,000,000 | -H-D | M] (Conduit Engine) -- C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\rtfsum42.default\extensions\engine@conduit.com

[2011/04/30 21:33:21 | 000,000,000 | -H-D | M] (MP3 Rocket Toolbar) -- C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\rtfsum42.default\extensions\toolbar@ask.com

[2010/05/10 12:01:00 | 000,000,714 | -H-- | M] () -- C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\rtfsum42.default\searchplugins\shaw.png

[2010/05/10 12:01:00 | 000,000,471 | -H-- | M] () -- C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\rtfsum42.default\searchplugins\shaw.src

File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\TALKBACK@MOZILLA.ORG

O1 HOSTS File: ([2004/08/04 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - File not found

O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.

O2 - BHO: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\prxtbBit2.dll (Conduit Ltd.)

O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)

O2 - BHO: (MP3 Rocket Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.

O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\prxtbBit2.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (MP3 Rocket Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)

O3 - HKCU\..\Toolbar\WebBrowser: (BitTorrentBar Toolbar) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files\BitTorrentBar\prxtbBit2.dll (Conduit Ltd.)

O3 - HKCU\..\Toolbar\WebBrowser: (MP3 Rocket Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()

O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4 - HKCU..\Run: [bitTorrent] C:\Program Files\BitTorrent\BitTorrent.exe (BitTorrent, Inc.)

O4 - HKCU..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)

O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10n_ActiveX.exe (Adobe Systems, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)

O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll (Google Inc.)

O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\SYSTEM32\nwprovau.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKCU\..Trusted Domains: google.com ([picasa] http in Trusted sites)

O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6886.cab (Windows Live Safety Center Base Module)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.59.176.13 64.59.176.15 64.59.177.226

O18 - Protocol\Handler\intu-qt2007 {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - File not found

O18 - Protocol\Handler\intu-qt2008 {05E53CE9-66C8-4a9e-A99F-FDB7A8E7B596} - C:\Program Files\QuickTax 2008\ic2008pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)

O18 - Protocol\Handler\intu-qt2009 {03947252-2355-4e9b-B446-8CCC75C43370} - C:\Program Files\QuickTax 2009\ic2009pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)

O18 - Protocol\Handler\intu-tt2010 {97A0575E-2309-4e75-8509-B1F9390C4DE7} - C:\Program Files\TurboTax 2010\ic2010pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Documents and Settings\Main\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Main\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2004/08/10 14:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{4fd2224e-2265-11de-bb52-001111a8e8f6}\Shell - "" = AutoRun

O33 - MountPoints2\{4fd2224e-2265-11de-bb52-001111a8e8f6}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{4fd2224e-2265-11de-bb52-001111a8e8f6}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O35 - HKCU\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/10 14:22:09 | 000,607,017 | ---- | C] (Swearware) -- C:\Documents and Settings\Main\Desktop\dds.scr

[2011/07/10 08:34:57 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Main\Recent

[2011/07/10 08:28:36 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2011/07/10 08:28:36 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011/07/10 08:28:27 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2011/07/10 08:28:26 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2011/07/10 01:33:49 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Main\Start Menu\Programs\Windows XP Fix

[2011/06/21 16:24:51 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Main\Desktop\Kijiji

[2008/02/03 13:13:41 | 000,047,360 | -H-- | C] (VSO Software) -- C:\Documents and Settings\Main\Application Data\pcouffin.sys

[2005/02/14 19:31:07 | 000,036,963 | R--- | C] (Cypress Semiconductor) -- C:\Program Files\Common Files\SM1updtr.dll

[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/18 00:01:04 | 000,000,232 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

[2011/07/17 01:34:41 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job

[2011/07/16 06:00:12 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\DriverNavigator Scheduled Scan.job

[2011/07/15 10:03:42 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/07/11 20:52:08 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL

[2011/07/11 20:50:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT

[2011/07/11 01:14:02 | 000,000,526 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled scanning task.job

[2011/07/10 22:38:37 | 001,327,397 | ---- | M] () -- C:\Documents and Settings\Main\Desktop\tdsskiller.zip

[2011/07/10 21:42:47 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Main\Desktop\jerry - mfzfz8k1.exe

[2011/07/10 21:34:02 | 000,607,017 | ---- | M] (Swearware) -- C:\Documents and Settings\Main\Desktop\dds.scr

[2011/07/10 21:31:48 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Main\Desktop\Defogger.exe

[2011/07/10 08:26:25 | 000,000,256 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~17424164

[2011/07/10 08:26:25 | 000,000,200 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~17424164r

[2011/07/10 01:33:50 | 000,000,809 | -H-- | M] () -- C:\Documents and Settings\Main\Desktop\Windows XP Fix.lnk

[2011/07/10 01:33:42 | 000,000,336 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\17424164

[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2011/07/01 23:07:59 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2011/06/30 21:54:20 | 000,111,104 | -H-- | M] () -- C:\Documents and Settings\Main\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/06/18 16:46:17 | 000,002,519 | -H-- | M] () -- C:\Documents and Settings\Main\Desktop\ACDSee for Pentax 2.0.lnk

[2011/06/18 16:23:06 | 010,985,472 | -H-- | M] () -- C:\Documents and Settings\Main\My Documents\my money.mny

[2011/06/18 16:21:33 | 017,146,326 | RH-- | M] () -- C:\Documents and Settings\Main\My Documents\my money Backup.mbf

[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/15 10:03:42 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/07/10 22:38:30 | 001,327,397 | ---- | C] () -- C:\Documents and Settings\Main\Desktop\tdsskiller.zip

[2011/07/10 21:42:39 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Main\Desktop\jerry - mfzfz8k1.exe

[2011/07/10 21:33:01 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Main\Desktop\Defogger.exe

[2011/07/10 01:33:53 | 000,000,256 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~17424164

[2011/07/10 01:33:53 | 000,000,200 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~17424164r

[2011/07/10 01:33:50 | 000,000,809 | -H-- | C] () -- C:\Documents and Settings\Main\Desktop\Windows XP Fix.lnk

[2011/07/10 01:33:42 | 000,000,336 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\17424164

[2011/05/20 21:23:06 | 000,015,150 | -HS- | C] () -- C:\Documents and Settings\Main\Local Settings\Application Data\747073s32x2s4it14g

[2011/05/20 21:23:06 | 000,015,150 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\747073s32x2s4it14g

[2011/04/10 19:55:19 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

[2010/06/26 21:03:38 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Ambient

[2010/06/26 21:03:38 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Main\Application Data\Action

[2010/06/26 21:03:38 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdw.DAT

[2010/06/26 21:03:38 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Application Support

[2010/06/26 20:45:40 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Alerts

[2010/06/26 20:45:40 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Main\Application Data\Abstract

[2010/06/26 20:45:40 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT

[2010/06/26 20:45:40 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Analog Sync

[2010/06/24 20:39:03 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll.old

[2010/02/08 22:02:32 | 000,087,608 | -H-- | C] () -- C:\Documents and Settings\Main\Application Data\ezpinst.exe

[2009/03/28 20:30:57 | 000,000,125 | ---- | C] () -- C:\WINDOWS\System32\ver.ini

[2009/03/21 10:56:00 | 001,043,456 | ---- | C] () -- C:\WINDOWS\System32\lgbpd.exe

[2009/03/21 10:56:00 | 000,229,376 | ---- | C] () -- C:\WINDOWS\System32\sdl.dll

[2009/03/21 10:56:00 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\lgbskin.dll

[2009/03/21 10:56:00 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\lgbsysinfo.dll

[2009/03/21 10:56:00 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\xcon.dll

[2008/04/19 13:21:24 | 000,072,192 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll

[2008/02/03 13:13:41 | 000,087,608 | -H-- | C] () -- C:\Documents and Settings\Main\Application Data\inst.exe

[2008/02/03 13:13:41 | 000,007,824 | -H-- | C] () -- C:\Documents and Settings\Main\Application Data\pcouffin.cat

[2008/02/03 13:13:41 | 000,001,144 | -H-- | C] () -- C:\Documents and Settings\Main\Application Data\pcouffin.inf

[2008/02/03 12:46:39 | 000,003,082 | ---- | C] () -- C:\WINDOWS\System32\affv9869p2now.sys

[2008/01/02 21:59:16 | 000,059,500 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini

[2007/12/14 22:08:01 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat

[2007/10/11 19:59:24 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys

[2007/01/04 23:55:20 | 000,028,674 | ---- | C] () -- C:\WINDOWS\System32\srprcp3.dll

[2007/01/04 23:55:20 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\sxtwg32.dll

[2007/01/04 23:55:20 | 000,024,577 | ---- | C] () -- C:\WINDOWS\System32\yheyote.dll

[2007/01/04 23:55:20 | 000,021,504 | ---- | C] () -- C:\WINDOWS\System32\cks3w2k.dll

[2006/11/11 08:15:34 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2006/04/13 22:37:43 | 000,000,145 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT3.DAT

[2006/04/07 00:02:16 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE

[2006/02/09 14:46:30 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\ZSHP1020.EXE

[2006/02/09 14:46:30 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\VSHP1020.DLL

[2005/11/24 22:36:56 | 000,000,182 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT4.DAT

[2005/11/24 22:36:42 | 000,000,093 | ---- | C] () -- C:\WINDOWS\R300.ini

[2005/11/22 21:51:39 | 000,111,104 | -H-- | C] () -- C:\Documents and Settings\Main\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2005/10/25 21:22:15 | 000,000,109 | ---- | C] () -- C:\WINDOWS\webica.ini

[2005/10/07 21:29:51 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini

[2005/09/15 19:07:09 | 001,236,992 | ---- | C] () -- C:\WINDOWS\System32\cfgmig32.dll

[2005/09/15 19:07:09 | 001,187,840 | ---- | C] () -- C:\WINDOWS\System32\winsflt.dll

[2005/09/15 18:51:01 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\yhwukey.dll

[2005/09/15 18:51:01 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\2iovegt.dll

[2005/09/14 20:40:49 | 000,000,163 | ---- | C] () -- C:\WINDOWS\AcdStitch.INI

[2005/08/05 12:43:48 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\FileOps.exe

[2005/03/06 23:19:38 | 000,009,126 | ---- | C] () -- C:\WINDOWS\cdplayer.ini

[2005/03/06 13:12:21 | 000,031,744 | ---- | C] () -- C:\WINDOWS\System32\stxsote.dll

[2005/03/03 20:33:28 | 000,000,472 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2005/02/15 17:31:34 | 000,000,127 | -H-- | C] () -- C:\Documents and Settings\Main\Local Settings\Application Data\fusioncache.dat

[2005/02/14 19:34:40 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Main\Local Settings\Application Data\imageCache7.db

[2005/02/08 20:09:13 | 000,072,436 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat

[2004/12/22 14:21:04 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2004/12/22 14:17:12 | 000,000,390 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2004/12/22 14:08:49 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2004/12/22 13:59:26 | 000,002,048 | --S- | C] () -- C:\WINDOWS\BOOTSTAT.DAT

[2004/12/22 13:57:50 | 000,452,196 | ---- | C] () -- C:\WINDOWS\System32\PERFH009.DAT

[2004/12/22 13:57:50 | 000,076,354 | ---- | C] () -- C:\WINDOWS\System32\PERFC009.DAT

[2004/12/22 13:38:44 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2004/09/22 13:47:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

[2004/08/10 14:13:12 | 000,000,780 | ---- | C] () -- C:\WINDOWS\ORUN32.INI

[2004/08/10 14:08:08 | 000,339,440 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2004/08/10 14:03:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2004/08/10 14:02:16 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2004/08/10 11:08:26 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN

[2004/08/10 11:08:26 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT

[2004/08/04 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\MLANG.DAT

[2004/08/04 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\PERFI009.DAT

[2004/08/04 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\DSSEC.DAT

[2004/08/04 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\MIB.BIN

[2004/08/04 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\PERFD009.DAT

[2004/08/04 06:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\SECUPD.DAT

[2004/08/04 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

[2004/08/04 06:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI

[2004/08/04 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT

[2004/07/19 17:01:02 | 000,045,056 | ---- | C] () -- C:\WINDOWS\SETPWRCG.EXE

[2004/05/26 16:09:26 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\DSRIRREM.EXE

[2002/01/02 20:21:22 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HPNVRRes.dll

[2001/01/24 01:31:18 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\prntfix.exe

[2000/04/14 17:50:02 | 000,343,040 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll

[1999/01/22 13:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

[1998/06/11 14:08:06 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll

[1998/01/12 03:00:00 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL

[1980/01/01 01:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 196 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7631EA83

@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8

< End of report >

Link to post
Share on other sites

I found this link to Kaspersky http://support.kaspersky.com/viruses/solutions?qid=208280684 It has TDSSKiller.zip, which I could not run when I created this thread, and a download of TDSSKiller.exe. I downloaded this file and ran it. It found and cleaned one item, unfortunately it does not seem to save the log so I can not post it here.

I ran unhide.exe and have all of my desktop back.

It has been a week now since my first post, I see a lot of views (of course that could be me checking for updates), but no solutions. I realize this is a voluntary service and I greatly appreciate it I just want to get a sense of how bad my system is. Will I need to byte the bullet and rebuild it?

Link to post
Share on other sites

  • Staff

Hi,

Grab a fresh copy of TDSSKiller, run it, and post its log.

Please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

2011/07/23 11:03:41.0453 9420 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56

2011/07/23 11:03:41.0906 9420 ================================================================================

2011/07/23 11:03:41.0906 9420 SystemInfo:

2011/07/23 11:03:41.0906 9420

2011/07/23 11:03:41.0906 9420 OS Version: 5.1.2600 ServicePack: 3.0

2011/07/23 11:03:41.0906 9420 Product type: Workstation

2011/07/23 11:03:41.0906 9420 ComputerName: DELL

2011/07/23 11:03:41.0906 9420 UserName: Main

2011/07/23 11:03:41.0906 9420 Windows directory: C:\WINDOWS

2011/07/23 11:03:41.0906 9420 System windows directory: C:\WINDOWS

2011/07/23 11:03:41.0906 9420 Processor architecture: Intel x86

2011/07/23 11:03:41.0906 9420 Number of processors: 2

2011/07/23 11:03:41.0906 9420 Page size: 0x1000

2011/07/23 11:03:41.0906 9420 Boot type: Normal boot

2011/07/23 11:03:41.0906 9420 ================================================================================

2011/07/23 11:03:52.0687 9420 Initialize success

2011/07/23 11:03:55.0343 1064 ================================================================================

2011/07/23 11:03:55.0343 1064 Scan started

2011/07/23 11:03:55.0343 1064 Mode: Manual;

2011/07/23 11:03:55.0343 1064 ================================================================================

2011/07/23 11:04:03.0093 1064 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

2011/07/23 11:04:03.0546 1064 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/07/23 11:04:04.0281 1064 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2011/07/23 11:04:07.0781 1064 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

2011/07/23 11:04:09.0578 1064 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys

2011/07/23 11:04:10.0687 1064 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2011/07/23 11:04:11.0671 1064 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys

2011/07/23 11:04:12.0500 1064 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

2011/07/23 11:04:13.0156 1064 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

2011/07/23 11:04:13.0562 1064 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

2011/07/23 11:04:14.0140 1064 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

2011/07/23 11:04:14.0609 1064 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

2011/07/23 11:04:15.0281 1064 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

2011/07/23 11:04:16.0437 1064 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

2011/07/23 11:04:17.0203 1064 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

2011/07/23 11:04:18.0140 1064 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

2011/07/23 11:04:18.0812 1064 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

2011/07/23 11:04:19.0375 1064 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

2011/07/23 11:04:20.0203 1064 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

2011/07/23 11:04:21.0671 1064 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/07/23 11:04:24.0296 1064 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/07/23 11:04:26.0812 1064 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/07/23 11:04:28.0390 1064 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/07/23 11:04:31.0421 1064 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/07/23 11:04:33.0125 1064 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

2011/07/23 11:04:33.0578 1064 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/07/23 11:04:34.0609 1064 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

2011/07/23 11:04:36.0000 1064 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

2011/07/23 11:04:36.0796 1064 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/07/23 11:04:37.0609 1064 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/07/23 11:04:38.0359 1064 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/07/23 11:04:40.0156 1064 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

2011/07/23 11:04:41.0625 1064 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

2011/07/23 11:04:43.0203 1064 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

2011/07/23 11:04:44.0656 1064 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

2011/07/23 11:04:45.0968 1064 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/07/23 11:04:47.0203 1064 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2011/07/23 11:04:48.0703 1064 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2011/07/23 11:04:49.0734 1064 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/07/23 11:04:50.0718 1064 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2011/07/23 11:04:51.0765 1064 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

2011/07/23 11:04:52.0734 1064 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/07/23 11:04:53.0359 1064 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys

2011/07/23 11:04:54.0343 1064 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys

2011/07/23 11:04:55.0375 1064 E100B (7d91dc6342248369f94d6eba0cf42e99) C:\WINDOWS\system32\DRIVERS\e100b325.sys

2011/07/23 11:04:56.0515 1064 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/07/23 11:04:57.0328 1064 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

2011/07/23 11:04:58.0093 1064 FilterService (bcef16e3aedd1b44bca45f748d975d73) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys

2011/07/23 11:04:58.0765 1064 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2011/07/23 11:04:59.0421 1064 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2011/07/23 11:05:00.0125 1064 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2011/07/23 11:05:00.0875 1064 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/07/23 11:05:01.0609 1064 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/07/23 11:05:02.0281 1064 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

2011/07/23 11:05:02.0984 1064 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/07/23 11:05:03.0703 1064 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/07/23 11:05:04.0343 1064 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

2011/07/23 11:05:05.0343 1064 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/07/23 11:05:06.0265 1064 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

2011/07/23 11:05:06.0921 1064 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

2011/07/23 11:05:07.0484 1064 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/07/23 11:05:08.0734 1064 ialm (0f0194c4b635c10c3f785e4fee52d641) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

2011/07/23 11:05:09.0984 1064 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/07/23 11:05:11.0187 1064 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

2011/07/23 11:05:12.0734 1064 IntelC51 (7509c548400f4c9e0211e3f6e66abbe6) C:\WINDOWS\system32\DRIVERS\IntelC51.sys

2011/07/23 11:05:13.0687 1064 IntelC52 (9584ffdd41d37f2c239681d0dac2513e) C:\WINDOWS\system32\DRIVERS\IntelC52.sys

2011/07/23 11:05:14.0328 1064 IntelC53 (cf0b937710cec6ef39416edecd803cbb) C:\WINDOWS\system32\DRIVERS\IntelC53.sys

2011/07/23 11:05:15.0031 1064 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

2011/07/23 11:05:15.0703 1064 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2011/07/23 11:05:16.0359 1064 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2011/07/23 11:05:17.0000 1064 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/07/23 11:05:17.0703 1064 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/07/23 11:05:18.0531 1064 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/07/23 11:05:19.0281 1064 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/07/23 11:05:19.0953 1064 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/07/23 11:05:20.0640 1064 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/07/23 11:05:21.0281 1064 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/07/23 11:05:21.0968 1064 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2011/07/23 11:05:22.0718 1064 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/07/23 11:05:24.0953 1064 LVcKap (8113133ec42dd6c566908008ce913edd) C:\WINDOWS\system32\DRIVERS\LVcKap.sys

2011/07/23 11:05:27.0531 1064 LVMVDrv (0dd5b8af4917a2821047450195c511b3) C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys

2011/07/23 11:05:30.0156 1064 lvpopflt (e1158b0cb852db0573922c92e6e564de) C:\WINDOWS\system32\DRIVERS\lvpopflt.sys

2011/07/23 11:05:31.0703 1064 LVPr2Mon (406b1d186f75b4b4832d6237859e1b00) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys

2011/07/23 11:05:32.0468 1064 LVUSBSta (be5e104be263921d6842c555db6a5c23) C:\WINDOWS\system32\drivers\LVUSBSta.sys

2011/07/23 11:05:34.0921 1064 LVUVC (eacd1eb2d82ed2adc753afeee1d4d660) C:\WINDOWS\system32\DRIVERS\lvuvc.sys

2011/07/23 11:05:37.0296 1064 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/07/23 11:05:38.0015 1064 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2011/07/23 11:05:38.0656 1064 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys

2011/07/23 11:05:39.0312 1064 mohfilt (59b8b11ff70728eec60e72131c58b716) C:\WINDOWS\system32\DRIVERS\mohfilt.sys

2011/07/23 11:05:39.0937 1064 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/07/23 11:05:40.0640 1064 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2011/07/23 11:05:41.0312 1064 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/07/23 11:05:42.0062 1064 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\WINDOWS\system32\DRIVERS\MpFilter.sys

2011/07/23 11:05:43.0140 1064 MpKsl8db545bf (5f53edfead46fa7adb78eee9ecce8fdf) C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{579A36FB-AB48-4E0F-B28B-B7D8C8D54C71}\MpKsl8db545bf.sys

2011/07/23 11:05:44.0140 1064 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

2011/07/23 11:05:44.0984 1064 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/07/23 11:05:46.0015 1064 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/07/23 11:05:47.0109 1064 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2011/07/23 11:05:47.0750 1064 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/07/23 11:05:48.0500 1064 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/07/23 11:05:49.0203 1064 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/07/23 11:05:49.0984 1064 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/07/23 11:05:50.0703 1064 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

2011/07/23 11:05:51.0453 1064 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2011/07/23 11:05:52.0203 1064 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

2011/07/23 11:05:53.0046 1064 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2011/07/23 11:05:53.0734 1064 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

2011/07/23 11:05:54.0406 1064 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/07/23 11:05:55.0171 1064 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/07/23 11:05:55.0906 1064 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/07/23 11:05:56.0687 1064 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/07/23 11:05:57.0359 1064 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/07/23 11:05:58.0171 1064 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/07/23 11:05:58.0984 1064 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2011/07/23 11:06:00.0109 1064 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/07/23 11:06:00.0812 1064 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/07/23 11:06:02.0437 1064 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2011/07/23 11:06:04.0218 1064 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/07/23 11:06:05.0125 1064 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/07/23 11:06:05.0875 1064 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys

2011/07/23 11:06:06.0609 1064 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys

2011/07/23 11:06:07.0328 1064 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys

2011/07/23 11:06:08.0031 1064 omci (53d5f1278d9edb21689bbbcecc09108d) C:\WINDOWS\system32\DRIVERS\omci.sys

2011/07/23 11:06:08.0921 1064 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

2011/07/23 11:06:09.0640 1064 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/07/23 11:06:10.0359 1064 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/07/23 11:06:11.0078 1064 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/07/23 11:06:12.0406 1064 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/07/23 11:06:13.0125 1064 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

2011/07/23 11:06:13.0875 1064 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys

2011/07/23 11:06:14.0671 1064 PCTCore (807ff1dd6e1bdf8e7d2062fca0daecaf) C:\WINDOWS\system32\drivers\PCTCore.sys

2011/07/23 11:06:15.0625 1064 pctgntdi (d15669bd3e1cf18f00b46a7949ea541f) C:\WINDOWS\SYSTEM32\DRIVERS\pctgntdi.sys

2011/07/23 11:06:16.0406 1064 pctplsg (30c931fcb8df713bcd2fb7ce763a0b47) C:\WINDOWS\SYSTEM32\DRIVERS\pctplsg.sys

2011/07/23 11:06:19.0375 1064 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

2011/07/23 11:06:20.0015 1064 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

2011/07/23 11:06:20.0734 1064 pfc (5903fa75200807ad739286bbf40c4904) C:\WINDOWS\system32\drivers\pfc.sys

2011/07/23 11:06:21.0375 1064 PMEM (2b85237f904c5bdf7ad386f0ede19bd3) C:\WINDOWS\system32\drivers\PMEMNT.SYS

2011/07/23 11:06:22.0140 1064 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/07/23 11:06:22.0875 1064 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/07/23 11:06:23.0562 1064 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/07/23 11:06:24.0281 1064 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2011/07/23 11:06:25.0015 1064 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

2011/07/23 11:06:25.0765 1064 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

2011/07/23 11:06:26.0531 1064 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

2011/07/23 11:06:27.0281 1064 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

2011/07/23 11:06:28.0218 1064 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

2011/07/23 11:06:28.0828 1064 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/07/23 11:06:29.0546 1064 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/07/23 11:06:30.0281 1064 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/07/23 11:06:31.0046 1064 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/07/23 11:06:31.0859 1064 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/07/23 11:06:32.0671 1064 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/07/23 11:06:33.0484 1064 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2011/07/23 11:06:34.0343 1064 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/07/23 11:06:35.0125 1064 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/07/23 11:06:35.0984 1064 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/07/23 11:06:36.0703 1064 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2011/07/23 11:06:37.0375 1064 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

2011/07/23 11:06:38.0125 1064 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2011/07/23 11:06:39.0406 1064 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

2011/07/23 11:06:40.0062 1064 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

2011/07/23 11:06:41.0203 1064 smwdm (4aa922332433cdeb8b82c072c212e32e) C:\WINDOWS\system32\drivers\smwdm.sys

2011/07/23 11:06:42.0218 1064 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS

2011/07/23 11:06:42.0953 1064 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

2011/07/23 11:06:43.0593 1064 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2011/07/23 11:06:44.0296 1064 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/07/23 11:06:45.0156 1064 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/07/23 11:06:46.0093 1064 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

2011/07/23 11:06:46.0828 1064 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/07/23 11:06:47.0531 1064 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2011/07/23 11:06:48.0203 1064 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

2011/07/23 11:06:48.0828 1064 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

2011/07/23 11:06:49.0515 1064 symsnap (c9273531eac75ee225e3170fb6107fa3) C:\WINDOWS\system32\DRIVERS\symsnap.sys

2011/07/23 11:06:50.0250 1064 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

2011/07/23 11:06:50.0859 1064 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

2011/07/23 11:06:51.0546 1064 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/07/23 11:06:52.0390 1064 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/07/23 11:06:53.0109 1064 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/07/23 11:06:53.0765 1064 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/07/23 11:06:54.0421 1064 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/07/23 11:06:55.0734 1064 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

2011/07/23 11:06:56.0781 1064 TVICHW32 (e266683fc95abdec17cd378564e1b54b) C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS

2011/07/23 11:06:58.0000 1064 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2011/07/23 11:06:58.0687 1064 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

2011/07/23 11:06:59.0546 1064 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2011/07/23 11:07:00.0453 1064 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys

2011/07/23 11:07:01.0156 1064 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

2011/07/23 11:07:02.0046 1064 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2011/07/23 11:07:02.0671 1064 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/07/23 11:07:03.0265 1064 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/07/23 11:07:03.0859 1064 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2011/07/23 11:07:04.0500 1064 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2011/07/23 11:07:05.0109 1064 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/07/23 11:07:05.0703 1064 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2011/07/23 11:07:06.0328 1064 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys

2011/07/23 11:07:07.0187 1064 v2imount (b4d63048d6358e7c6ab61b98b8cff263) C:\WINDOWS\system32\DRIVERS\v2imount.sys

2011/07/23 11:07:07.0796 1064 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2011/07/23 11:07:08.0390 1064 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

2011/07/23 11:07:08.0984 1064 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

2011/07/23 11:07:09.0390 1064 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/07/23 11:07:09.0765 1064 VProEventMonitor (e78781b2c86c92a0a738df566460f716) C:\WINDOWS\system32\DRIVERS\vproeventmonitor.sys

2011/07/23 11:07:10.0187 1064 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/07/23 11:07:11.0906 1064 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys

2011/07/23 11:07:14.0421 1064 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/07/23 11:07:15.0390 1064 WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\WINDOWS\system32\DRIVERS\wimfltr.sys

2011/07/23 11:07:15.0984 1064 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys

2011/07/23 11:07:16.0984 1064 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

2011/07/23 11:07:17.0875 1064 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

2011/07/23 11:07:18.0437 1064 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2011/07/23 11:07:19.0593 1064 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2011/07/23 11:07:19.0796 1064 MBR (0x1B8) (b16a2359f4962b0c622d81a1c1f4b703) \Device\Harddisk0\DR0

2011/07/23 11:07:19.0953 1064 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR4

2011/07/23 11:07:20.0000 1064 Boot (0x1200) (745a9c01216984e4a6a476a4698a62af) \Device\Harddisk0\DR0\Partition0

2011/07/23 11:07:20.0093 1064 Boot (0x1200) (afcf14b2ba751d345b129862516d4bb5) \Device\Harddisk1\DR4\Partition0

2011/07/23 11:07:20.0109 1064 ================================================================================

2011/07/23 11:07:20.0109 1064 Scan finished

2011/07/23 11:07:20.0109 1064 ================================================================================

2011/07/23 11:07:20.0125 1148 Detected object count: 0

2011/07/23 11:07:20.0125 1148 Actual detected object count: 0

Combo fix

ComboFix 11-07-23.01 - Main 23/07/2011 9:13.1.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1328 [GMT -5:00]

Running from: c:\documents and settings\Main\My Documents\Downloads\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Main\Application Data\inst.exe

c:\documents and settings\Main\Application Data\PriceGong

c:\documents and settings\Main\Application Data\PriceGong\Data\1.xml

c:\documents and settings\Main\Application Data\PriceGong\Data\a.xml

c:\documents and settings\Main\Application Data\PriceGong\Data\b.xml

c:\documents and settings\Main\Application Data\PriceGong\Data\c.xml

c:\documents and settings\Main\Application Data\PriceGong\Data\d.xml

c:\documents and settings\Main\Application Data\PriceGong\Data\e.xml

c:\documents and settings\Main\Application Data\PriceGong\Data\f.xml

c:\documents and settings\Main\Application Data\PriceGong\Data\g.xml

c:\documents and settings\Main\Application Data\PriceGong\Data\h.xml

c:\documents and settings\Main\Application Data\PriceGong\Data\i.xml

c:\documents and settings\Main\Application Data\PriceGong\Data\J.xml

c:\documents and settings\Main\Application Data\PriceGong\Data\k.xml

c:\documents and settings\Main\Application Data\PriceGong\Data\l.xml

c:\documents and settings\Main\Application Data\PriceGong\Data\m.xml

c:\documents and settings\Main\Application Data\PriceGong\Data\mru.xml

c:\documents and settings\Main\Application Data\PriceGong\Data\n.xml

c:\documents and settings\Main\Application Data\PriceGong\Data\o.xml

c:\documents and settings\Main\Application Data\PriceGong\Data\p.xml

c:\documents and settings\Main\Application Data\PriceGong\Data\q.xml

c:\documents and settings\Main\Application Data\PriceGong\Data\r.xml

c:\documents and settings\Main\Application Data\PriceGong\Data\s.xml

c:\documents and settings\Main\Application Data\PriceGong\Data\t.xml

c:\documents and settings\Main\Application Data\PriceGong\Data\u.xml

c:\documents and settings\Main\Application Data\PriceGong\Data\v.xml

c:\documents and settings\Main\Application Data\PriceGong\Data\w.xml

c:\documents and settings\Main\Application Data\PriceGong\Data\x.xml

c:\documents and settings\Main\Application Data\PriceGong\Data\y.xml

c:\documents and settings\Main\Application Data\PriceGong\Data\z.xml

c:\documents and settings\Main\Desktop\Windows XP Fix.lnk

c:\documents and settings\Main\GoToAssistDownloadHelper.exe

c:\documents and settings\Main\Start Menu\Programs\Windows XP Fix

c:\documents and settings\Main\Start Menu\Programs\Windows XP Fix\Uninstall Windows XP Fix.lnk

c:\documents and settings\Main\Start Menu\Programs\Windows XP Fix\Windows XP Fix.lnk

c:\documents and settings\Main\System

c:\documents and settings\Main\System\win_qs7.jqx

c:\windows\system32\_000053_.tmp.dll

c:\windows\system32\regobj.dll

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_usnjsvc

.

.

((((((((((((((((((((((((( Files Created from 2011-06-23 to 2011-07-23 )))))))))))))))))))))))))))))))

.

.

2011-07-23 02:12 . 2011-07-13 03:39 6881616 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C137EDD3-A8CD-4FB8-BAE9-38D55ACA7F94}\mpengine.dll

2011-07-10 13:28 . 2011-07-07 00:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-10 13:28 . 2011-07-07 00:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-10 13:28 . 2011-07-15 15:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-06-07 15:55 . 2010-11-18 04:07 7074640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-06-04 14:12 . 2011-06-04 14:12 0 ----a-w- c:\windows\system32\ConduitEngine.tmp

2011-05-25 00:14 . 2010-06-25 01:58 222080 ------w- c:\windows\system32\MpSigStub.exe

2003-08-27 20:19 . 2005-02-15 00:31 36963 -c--a-r- c:\program files\Common Files\SM1updtr.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files\BitTorrentBar\prxtbBit2.dll" [2011-03-28 176936]

.

[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]

2011-03-28 16:22 176936 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]

2011-03-28 16:22 176936 ----a-w- c:\program files\BitTorrentBar\prxtbBit2.dll

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2011-02-02 00:17 1487240 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files\BitTorrentBar\prxtbBit2.dll" [2011-03-28 176936]

"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-03-28 176936]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-02-02 1487240]

.

[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]

.

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{88C7F2AA-F93F-432C-8F0E-B7D85967A527}"= "c:\program files\BitTorrentBar\prxtbBit2.dll" [2011-03-28 176936]

"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-03-28 176936]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-02-02 1487240]

.

[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]

.

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-08-29 395776]

"BitTorrent"="c:\program files\BitTorrent\BitTorrent.exe" [2011-04-12 400760]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-04 68856]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ \0

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ImageMixer 3 SE Camera Monitor.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ImageMixer 3 SE Camera Monitor.lnk

backup=c:\windows\pss\ImageMixer 3 SE Camera Monitor.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Nikon Monitor.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Nikon Monitor.lnk

backup=c:\windows\pss\Nikon Monitor.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Shaw Support.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Shaw Support.lnk

backup=c:\windows\pss\Shaw Support.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

c:\windows\system32\dumprep 0 -k [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]

2010-10-08 22:04 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

2006-10-09 17:28 139264 -c--a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2010-01-04 11:14 135664 -c--atw- c:\documents and settings\Main\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]

2006-03-24 01:13 77824 -c--a-w- c:\windows\SYSTEM32\hkcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]

2006-03-24 01:17 118784 -c--a-w- c:\windows\SYSTEM32\igfxpers.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]

2006-03-24 01:17 94208 -c--a-w- c:\windows\SYSTEM32\igfxtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelMeM]

2003-09-04 02:12 221184 -c--a-w- c:\program files\Intel\Modem Event Monitor\IntelMEM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]

2010-05-11 16:51 1287120 ----a-w- c:\program files\Spyware Doctor\pctsTray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2011-03-07 20:33 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]

2007-10-25 22:37 2178832 -c--a-w- c:\program files\Logitech\QuickCam\Quickcam.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]

2006-01-17 18:03 53248 -c--a-w- c:\program files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

2007-01-19 17:54 5674352 -c--a-w- c:\program files\MSN Messenger\msnmsgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2006-01-12 22:40 155648 -c--a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 14.0]

2008-01-20 01:01 2245984 -c--a-w- c:\program files\Norton Ghost\Agent\VProTray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-11-29 23:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]

2001-07-03 15:11 57344 -c--a-w- c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\shawnotify]

2009-08-26 18:39 378152 ----a-w- c:\progra~1\shaw\Update\siuloader.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SM1BG]

2003-08-27 20:20 94208 -c--a-r- c:\windows\SM1bg.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2007-09-25 07:11 132496 -c--a-w- c:\program files\Java\jre1.6.0_03\bin\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2007-06-04 12:49 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2009-11-12 13:55 198160 -c--a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]

2006-03-30 21:45 313472 -c--a-r- c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]

2010-09-12 13:05 328568 ----a-w- c:\program files\uTorrent\uTorrent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"gusvc"=3 (0x3)

"usnjsvc"=3 (0x3)

"NBService"=3 (0x3)

"WMPNetworkSvc"=3 (0x3)

"Norton Ghost"=2 (0x2)

"gupdate"=2 (0x2)

"CCALib8"=2 (0x2)

"Apple Mobile Device"=2 (0x2)

"iPod Service"=3 (0x3)

"ThreatFire"=3 (0x3)

"sdCoreService"=2 (0x2)

"sdAuxService"=2 (0x2)

"Browser Defender Update Service"=2 (0x2)

"Bonjour Service"=2 (0x2)

"JavaQuickStarterService"=2 (0x2)

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\WINDOWS\\SYSTEM32\\MMC.EXE"=

"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"c:\\Program Files\\MSN Messenger\\livecall.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\BitTorrent\\BitTorrent.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

.

R0 PCTCore;PCTools KDS;c:\windows\SYSTEM32\DRIVERS\PCTCore.sys [24/06/2010 8:36 PM 218592]

R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\SYSTEM32\dllhost.exe [04/08/2004 6:00 AM 5120]

S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]

S1 MpKsl0396a499;MpKsl0396a499;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5622441A-9AE5-4AB2-AAC5-D054C0035ABF}\MpKsl0396a499.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5622441A-9AE5-4AB2-AAC5-D054C0035ABF}\MpKsl0396a499.sys [?]

S1 MpKsl18375d36;MpKsl18375d36;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C137EDD3-A8CD-4FB8-BAE9-38D55ACA7F94}\MpKsl18375d36.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C137EDD3-A8CD-4FB8-BAE9-38D55ACA7F94}\MpKsl18375d36.sys [?]

S1 MpKsl9cba335b;MpKsl9cba335b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{01C494BE-5CCC-4A31-9F55-9D04E3C66905}\MpKsl9cba335b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{01C494BE-5CCC-4A31-9F55-9D04E3C66905}\MpKsl9cba335b.sys [?]

S3 SymSnapService;SymSnapService;c:\program files\Norton Ghost\Shared\Drivers\SymSnapService.exe [20/12/2007 5:13 PM 1553896]

S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [05/02/2010 10:08 AM 135664]

S4 pctgntdi;pctgntdi;c:\windows\SYSTEM32\DRIVERS\pctgntdi.sys [24/06/2010 8:37 PM 233136]

S4 pctplsg;pctplsg;c:\windows\SYSTEM32\DRIVERS\pctplsg.sys [24/06/2010 8:36 PM 63360]

S4 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [24/06/2010 8:36 PM 366840]

S4 ThreatFire;ThreatFire;c:\program files\Spyware Doctor\TFEngine\TFService.exe service --> c:\program files\Spyware Doctor\TFEngine\TFService.exe service [?]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WUAUSERV

.

Contents of the 'Scheduled Tasks' folder

.

2011-07-23 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 18:26]

.

2011-07-23 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job

- c:\program files\Ask.com\UpdateTask.exe [2011-02-02 00:17]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.weatheroffice.ec.gc.ca/city/pages/mb-38_metric_e.html

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html

Trusted Zone: google.com\picasa

TCP: DhcpNameServer = 64.59.176.13 64.59.176.15 64.59.177.226

Handler: intu-qt2007 - {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} -

.

.

------- File Associations -------

.

.scr=AutoCADScriptFile

.

- - - - ORPHANS REMOVED - - - -

.

MSConfigStartUp-DellSupportCenter - c:\program files\Dell Support Center\bin\sprtcmd.exe

MSConfigStartUp-DVDLauncher - c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

MSConfigStartUp-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe

MSConfigStartUp-Windows Defender - c:\program files\Windows Defender\MSASCui.exe

AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-07-23 09:38

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-2310296646-677077201-1683307819-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3F4DBEDC-5A0D-DAF9-7F66-57028823D7F9}*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(7540)

c:\windows\system32\WININET.dll

c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll

c:\progra~1\WINDOW~2\wmpband.dll

c:\windows\system32\ieframe.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe

c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\system32\CTsvcCDA.exe

c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

c:\windows\system32\msdtc.exe

c:\program files\Common Files\Java\Java Update\jucheck.exe

.

**************************************************************************

.

Completion time: 2011-07-23 09:52:57 - machine was rebooted

ComboFix-quarantined-files.txt 2011-07-23 14:52

.

Pre-Run: 2,403,729,408 bytes free

Post-Run: 3,355,217,920 bytes free

.

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

.

Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4

- - End Of File - - 270EE1ED4ECF7FA090B5E90AEE6B6806

Link to post
Share on other sites

  • Staff

Hi,

Please see:

HijackThis Forum Policy

We will not be party to obvious use of key gens, cracks, warez or other illegal means of downloading software, music, videos ect. This means no P2P evidence will be supported. Logs that show these in them, will given the option to remove the P2P items. Keygens, cracks, warez and similar will have the thread closed period. It's theft and against the law.

This goes for uTorrent, BitTorrent, Azureus, and anything else you may have installed.

Link to post
Share on other sites

P2P software has have been removed. I re-ran combofix, here is the new log:

ComboFix 11-07-26.02 - Main 26/07/2011 9:48.2.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1514 [GMT -5:00]

Running from: c:\documents and settings\Main\My Documents\Downloads\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

.

((((((((((((((((((((((((( Files Created from 2011-06-26 to 2011-07-26 )))))))))))))))))))))))))))))))

.

.

2011-07-25 22:31 . 2011-07-25 22:31 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F38DD569-D9AF-4E30-9FB7-A0864503A8B0}\MpKsl852f0511.sys

2011-07-25 09:18 . 2011-07-13 03:39 6881616 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F38DD569-D9AF-4E30-9FB7-A0864503A8B0}\mpengine.dll

2011-07-10 13:28 . 2011-07-07 00:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-10 13:28 . 2011-07-07 00:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-10 13:28 . 2011-07-15 15:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-07-13 03:39 . 2010-11-18 04:07 6881616 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-06-04 14:12 . 2011-06-04 14:12 0 ----a-w- c:\windows\system32\ConduitEngine.tmp

2011-06-02 14:02 . 2004-08-04 11:00 1858944 ----a-w- c:\windows\system32\win32k.sys

2011-05-25 00:14 . 2010-06-25 01:58 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-05-02 15:31 . 2004-08-04 11:00 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-04-29 17:25 . 2004-08-04 11:00 151552 ----a-w- c:\windows\system32\schannel.dll

2011-04-29 16:19 . 2004-08-04 11:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2003-08-27 20:19 . 2005-02-15 00:31 36963 -c--a-r- c:\program files\Common Files\SM1updtr.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2011-02-02 00:17 1487240 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-02-02 1487240]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-02-02 1487240]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-08-29 395776]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-04 68856]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ \0

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ImageMixer 3 SE Camera Monitor.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ImageMixer 3 SE Camera Monitor.lnk

backup=c:\windows\pss\ImageMixer 3 SE Camera Monitor.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Nikon Monitor.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Nikon Monitor.lnk

backup=c:\windows\pss\Nikon Monitor.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Shaw Support.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Shaw Support.lnk

backup=c:\windows\pss\Shaw Support.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

c:\windows\system32\dumprep 0 -k [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]

2010-10-08 22:04 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

2006-10-09 17:28 139264 -c--a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2010-01-04 11:14 135664 -c--atw- c:\documents and settings\Main\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]

2006-03-24 01:13 77824 -c--a-w- c:\windows\SYSTEM32\hkcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]

2006-03-24 01:17 118784 -c--a-w- c:\windows\SYSTEM32\igfxpers.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]

2006-03-24 01:17 94208 -c--a-w- c:\windows\SYSTEM32\igfxtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelMeM]

2003-09-04 02:12 221184 -c--a-w- c:\program files\Intel\Modem Event Monitor\IntelMEM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]

2010-05-11 16:51 1287120 ----a-w- c:\program files\Spyware Doctor\pctsTray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2011-03-07 20:33 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]

2007-10-25 22:37 2178832 -c--a-w- c:\program files\Logitech\QuickCam\Quickcam.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]

2006-01-17 18:03 53248 -c--a-w- c:\program files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

2007-01-19 17:54 5674352 -c--a-w- c:\program files\MSN Messenger\msnmsgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2006-01-12 22:40 155648 -c--a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 14.0]

2008-01-20 01:01 2245984 -c--a-w- c:\program files\Norton Ghost\Agent\VProTray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-11-29 23:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]

2001-07-03 15:11 57344 -c--a-w- c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SM1BG]

2003-08-27 20:20 94208 -c--a-r- c:\windows\SM1bg.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2007-09-25 07:11 132496 -c--a-w- c:\program files\Java\jre1.6.0_03\bin\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2007-06-04 12:49 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2009-11-12 13:55 198160 -c--a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]

2006-03-30 21:45 313472 -c--a-r- c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"gusvc"=3 (0x3)

"usnjsvc"=3 (0x3)

"NBService"=3 (0x3)

"WMPNetworkSvc"=3 (0x3)

"Norton Ghost"=2 (0x2)

"gupdate"=2 (0x2)

"CCALib8"=2 (0x2)

"Apple Mobile Device"=2 (0x2)

"iPod Service"=3 (0x3)

"ThreatFire"=3 (0x3)

"sdCoreService"=2 (0x2)

"sdAuxService"=2 (0x2)

"Browser Defender Update Service"=2 (0x2)

"Bonjour Service"=2 (0x2)

"JavaQuickStarterService"=2 (0x2)

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\WINDOWS\\SYSTEM32\\MMC.EXE"=

"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"c:\\Program Files\\MSN Messenger\\livecall.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

.

R0 PCTCore;PCTools KDS;c:\windows\SYSTEM32\DRIVERS\PCTCore.sys [24/06/2010 8:36 PM 218592]

R1 MpKsl852f0511;MpKsl852f0511;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F38DD569-D9AF-4E30-9FB7-A0864503A8B0}\MpKsl852f0511.sys [25/07/2011 5:31 PM 28752]

R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\SYSTEM32\dllhost.exe [04/08/2004 6:00 AM 5120]

S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]

S1 MpKsl0396a499;MpKsl0396a499;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5622441A-9AE5-4AB2-AAC5-D054C0035ABF}\MpKsl0396a499.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5622441A-9AE5-4AB2-AAC5-D054C0035ABF}\MpKsl0396a499.sys [?]

S1 MpKsl18375d36;MpKsl18375d36;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C137EDD3-A8CD-4FB8-BAE9-38D55ACA7F94}\MpKsl18375d36.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C137EDD3-A8CD-4FB8-BAE9-38D55ACA7F94}\MpKsl18375d36.sys [?]

S1 MpKsl9cba335b;MpKsl9cba335b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{01C494BE-5CCC-4A31-9F55-9D04E3C66905}\MpKsl9cba335b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{01C494BE-5CCC-4A31-9F55-9D04E3C66905}\MpKsl9cba335b.sys [?]

S3 SymSnapService;SymSnapService;c:\program files\Norton Ghost\Shared\Drivers\SymSnapService.exe [20/12/2007 5:13 PM 1553896]

S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [05/02/2010 10:08 AM 135664]

S4 pctgntdi;pctgntdi;c:\windows\SYSTEM32\DRIVERS\pctgntdi.sys [24/06/2010 8:37 PM 233136]

S4 pctplsg;pctplsg;c:\windows\SYSTEM32\DRIVERS\pctplsg.sys [24/06/2010 8:36 PM 63360]

S4 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [24/06/2010 8:36 PM 366840]

S4 ThreatFire;ThreatFire;c:\program files\Spyware Doctor\TFEngine\TFService.exe service --> c:\program files\Spyware Doctor\TFEngine\TFService.exe service [?]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - MPKSL852F0511

.

Contents of the 'Scheduled Tasks' folder

.

2011-07-25 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 18:26]

.

2011-07-26 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job

- c:\program files\Ask.com\UpdateTask.exe [2011-02-02 00:17]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.weatheroffice.ec.gc.ca/city/pages/mb-38_metric_e.html

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Settings,ProxyOverride = *.local

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html

Trusted Zone: google.com\picasa

TCP: DhcpNameServer = 64.59.176.13 64.59.176.15 64.59.177.226

Handler: intu-qt2007 - {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} -

.

.

------- File Associations -------

.

.scr=AutoCADScriptFile

.

- - - - ORPHANS REMOVED - - - -

.

MSConfigStartUp-shawnotify - c:\progra~1\shaw\update\siuloader.exe

MSConfigStartUp-uTorrent - c:\program files\uTorrent\uTorrent.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-07-26 09:59

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-2310296646-677077201-1683307819-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3F4DBEDC-5A0D-DAF9-7F66-57028823D7F9}*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(1700)

c:\windows\system32\WININET.dll

c:\progra~1\WINDOW~2\wmpband.dll

c:\windows\system32\ieframe.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2011-07-26 10:04:42

ComboFix-quarantined-files.txt 2011-07-26 15:04

ComboFix2.txt 2011-07-23 14:52

.

Pre-Run: 2,800,144,384 bytes free

Post-Run: 2,809,724,928 bytes free

.

Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4

- - End Of File - - D267AB6A90D570C1496B5E80A07C248A

Link to post
Share on other sites

here is another MBAM log:

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7292

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.11

27/07/2011 3:30:57 AM

mbam-log-2011-07-27 (03-30-56).txt

Scan type: Full scan (C:\|G:\|)

Objects scanned: 277808

Time elapsed: 3 hour(s), 23 minute(s), 27 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

  • Staff

Hi,

I didn't see evidence of a backdoor trojan, so you should be fine.

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

Glad to hear that. My system seems to be running OK now. Since I had the problem I have not been using it for anything but the cleaning process. I wanted to wait till I got a clean bill of health.

When this is done I was going to ask you for your advice for security software. In the past I used Norton, but it bogged my system down. Then I switched to fsecure (it was free from my ISP Shaw), but after an update it bogged my system down again. So I switched to Microsoft Security Essentials. This is the second time my system was hit by a virus with MSE.

Do you happen to know what the virus's that I had do? Are they key loggers? Do they look for passwords in cookies and send them back? Do they look for specific types of files to send back?

Thanks for your help and time.

Jerry

Here is the eset log:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=7.00.6000.17098 (vista_gdr.110420-1745)

# OnlineScanner.ocx=1.0.0.6528

# api_version=3.0.2

# EOSSerial=31b096816bb71745bb8434f3ab122304

# end=stopped

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-08-02 04:23:25

# local_time=2011-08-01 11:23:25 (-0600, Central Daylight Time)

# country="Canada"

# lang=9

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=2304 16777215 100 0 0 0 0 0

# compatibility_mode=2560 16777215 100 0 0 0 0 0

# compatibility_mode=5891 16776533 42 87 0 23359037 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=20279

# found=0

# cleaned=0

# scan_time=1249

esets_scanner_update returned -1 esets_gle=53251

# version=7

# iexplore.exe=7.00.6000.17098 (vista_gdr.110420-1745)

# OnlineScanner.ocx=1.0.0.6528

# api_version=3.0.2

# EOSSerial=31b096816bb71745bb8434f3ab122304

# end=stopped

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-08-02 04:29:16

# local_time=2011-08-01 11:29:16 (-0600, Central Daylight Time)

# country="Canada"

# lang=9

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=2304 16777215 100 0 0 0 0 0

# compatibility_mode=2560 16777215 100 0 0 0 0 0

# compatibility_mode=5891 16776533 42 87 0 23360413 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=8612

# found=0

# cleaned=0

# scan_time=224

esets_scanner_update returned -1 esets_gle=53251

# version=7

# iexplore.exe=7.00.6000.17098 (vista_gdr.110420-1745)

# OnlineScanner.ocx=1.0.0.6528

# api_version=3.0.2

# EOSSerial=31b096816bb71745bb8434f3ab122304

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-08-02 07:07:56

# local_time=2011-08-02 02:07:56 (-0600, Central Daylight Time)

# country="Canada"

# lang=9

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=2304 16777215 100 0 0 0 0 0

# compatibility_mode=2560 16777215 100 0 0 0 0 0

# compatibility_mode=5891 16776533 42 87 0 23361039 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=121141

# found=0

# cleaned=0

# scan_time=9120

Here is the checkup log:

Results of screen317's Security Check version 0.99.18

Windows XP Service Pack 3

Internet Explorer 7 Out of date!

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

ESET Online Scanner v3

Microsoft Security Essentials

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

HijackThis 2.0.2

Java 6 Update 23

Java SE Runtime Environment 6 Update 1

Java 6 Update 3

Java 2 Runtime Environment, SE v1.4.2_03

Out of date Java installed!

Flash Player Out of Date!

Adobe Flash Player 10.2.159.1

````````````````````````````````

Process Check:

objlist.exe by Laurent

Windows Defender MSMpEng.exe

Microsoft Security Essentials msseces.exe

Microsoft Security Client Antimalware MsMpEng.exe

``````````End of Log````````````

Link to post
Share on other sites

  • Staff

Hi Jerry,

When this is done I was going to ask you for your advice for security software. In the past I used Norton, but it bogged my system down. Then I switched to fsecure (it was free from my ISP Shaw), but after an update it bogged my system down again. So I switched to Microsoft Security Essentials. This is the second time my system was hit by a virus with MSE.
I personally use MSE and have never had issues. However, an antivirus alone is not enough for adequate protection. I complement MSE with the PRO version of MBAM; with it, it's likely that this issue would have been prevented in the first place. It is a lifetime license for the best anti-malware protection available today. Keep in mind that you weren't infected with a virus and antivirus software isn't designed to catch malware like MBAM does. With MSE and MBAM PRO, I think you would be very well protected for the future.
Do you happen to know what the virus's that I had do? Are they key loggers? Do they look for passwords in cookies and send them back? Do they look for specific types of files to send back?
I didn't see any evidence of a keylogger; these fake alert trojans nowadays try to scam you into purchasing fake security software.

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program (if present):

HijackThis 2.0.2

Java™ 6 Update 23

Java™ SE Runtime Environment 6 Update 1

Java™ 6 Update 3

Java 2 Runtime Environment, SE v1.4.2_03

Adobe Flash Player 10.2.159.1

Restart your computer.

Get the latest version of Java and Adobe Flash Player.

Let me know what issues remain.

-screen317

Link to post
Share on other sites

Hi Chris,

After this one I was thinking that I would purchase MBAM Pro.

My system seems to be close to back to normal. It does seem to be quite a bit slower that it used to be. I guess I will have to look at this. I also noticed that during start up the task bar is now appearing as a multi shaded blue bar.

Thanks for all of your help and advice.

Jerry

Link to post
Share on other sites

  • Staff

Hi,

Yes, feel free to delete the tools we used, and their associated logs.

We can look into the performance issue.

Next, please run the PCPitstop Full Tests here (NOT the PCMatic scan or any other scan; simply register with the box on the left and you will be taken to the Full Tests/Overdrive Test). When the tests are complete, a results page will pop up. Copy and paste the URL of the Results screen and post it here for me.

Link to post
Share on other sites

  • Staff

Hi,

PCPitStop noted several things that you can do to improve the shape your computer is in.

Pay particular attention to these items:

• Delete Temporary Files:

Please download CCleaner and save it to your desktop.

  • Run the CCleaner installer.
  • During installation process, please UNCHECK "Add CCleaner Yahoo! Toolbar".
  • Please do NOT run a scan yet!

Now, open CCleaner:

  • Click the "Windows" tab.
  • Select the following:
    • Check everything under the "Internet Explorer" section.
    • Check everything under the "Windows Explorer" section.
    • Check everything under the "System" section.
    • Check ONLY "Old Prefetch data" under the "Advanced" section.

    [*]Then, click the "Applications" tab:

    • CHECK everything there.

    [*]Next, click the "Options" button in the left pane, then click the "Advanced" button:

    • CHECK : "Only delete files in Windows Temp folders older than 48 hours".

    [*]Next, click the "Cleaner" button in the left pane, then click the "Run Cleaner" button (bottom right), click "OK" at the prompt.

    [*]When done, please exit CCleaner.

CAUTION: Please do NOT use the "Issues" button in the left pane. This is a built-in registry cleaner. If you don’t know how to use it, you may cause irreparable damage to your system.

• Reduce System Restore space (Drive C):

Right click My Computer and click Properties. Select the System Restore tab, and move the slider to 3%. You're pretty much wasting disk space otherwise.

• Defragment Drive C:

Defragmenting is a must. It's one of the large reasons for system slowdowns. I use Defraggler to defragment. It is free to download and you can use it forever. I recommend installing it and defragmenting as soon as possible.

Also take the time to take a look at the other tips PCPitStop reported. I've just highlighted some of the more important ones.

You might also want to try freeing up some space on drive C.

After doing all that, reboot a couple of times and see how things are running now.

Link to post
Share on other sites

  • 3 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.