Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Virus that chnages start button turns toolbar white

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Virus that chnages start button turns toolbar white

Unread postby nmcdonald1959 » May 24th, 2011, 4:29 pm

This manifests itself on my laptop by turning the bottom toolbar/system tray white and altering the start button. It also mutes the sound and disables my printer.

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by John P McDonald at 21:03:45.42 on 24/05/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1023.522 [GMT 1:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\mfevtps.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\system32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
C:\WINDOWS\system32\wltray.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFIE.EXE
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe
C:\PROGRA~1\COMMON~1\McAfee\MSC\McUICnt.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe
C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe
C:\Documents and Settings\John P McDonald\My Documents\Downloads\dds.scr
.
============== Pseudo HJT Report ===============
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.ask.com/web?o=13110&l=dis
uSearch Bar = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s
mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110516211631.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {AC0524AC-EED5-42D4-BE88-FB15E1879C7B} - No File
TB: {F73BCCF8-1DCE-4C5B-B8B7-18E16E248526} - No File
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {4E7BD74F-2B8D-469E-A1FB-F862B587B57D} - No File
TB: {E97B5F2E-CA8E-4D34-BDA3-44EEC4ED2B12} - No File
uRun: [ibmmessages] c:\program files\ibm\messages by ibm\ibmmessages.exe
uRun: [updateMgr] c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe AcRdB7_0_9
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\Wcescomm.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [<NO NAME>]
uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [EPSON SX510W Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatifie.exe /fu "c:\docume~1\johnpm~1\locals~1\temp\E_S24.tmp" /EF "HKCU"
mRun: [S3TRAY2] S3Tray2.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper
mRun: [TpShocks] TpShocks.exe
mRun: [TPHOTKEY] c:\progra~1\thinkpad\pkgmgr\hotkey\TPHKMGR.exe
mRun: [TP4EX] tp4ex.exe
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [UC_Start] c:\program files\ibm\updater\\ucstartup.exe
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [ibmmessages] c:\program files\ibm\messages by ibm\\ibmmessages.exe
mRun: [IBMPRC] c:\ibmtools\utils\ibmprc.exe
mRun: [QCWLICON] c:\program files\thinkpad\connectutilities\QCWLICON.EXE
mRun: [BMMGAG] RunDll32 c:\progra~1\thinkpad\utilit~1\pwrmonit.dll,StartPwrMonitor
mRun: [BMMLREF] c:\program files\thinkpad\utilities\BMMLREF.EXE
mRun: [BMMMONWND] rundll32.exe c:\progra~1\thinkpad\utilit~1\BatInfEx.dll,BMMAutonomicMonitor
mRun: [EPSON Stylus CX3600 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe
mRun: [IndexSearch] c:\program files\scansoft\paperport\IndexSearch.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [btbb_McciTrayApp] "c:\program files\bt broadband desktop help\btbb\BTHelpNotifier.exe"
mRun: [wltray.exe] c:\windows\system32\wltray.exe
mRun: [NokiaMServer] c:\program files\common files\nokia\mplatform\NokiaMServer /watchfiles startup
mRun: [EEventManager] c:\progra~1\epsons~1\eventm~1\EEventManager.exe
mRun: [TrackPointSrv] tp4serv.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4 ... 41-win.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shoc ... wflash.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: QConGina - QConGina.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli pwdmon
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\johnpm~1\applic~1\mozilla\firefox\profiles\n1j1jeoo.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://login.yahoo.com/config/login_ve ... oo.com/%3f
FF - component: c:\documents and settings\john p mcdonald\application data\mozilla\firefox\profiles\n1j1jeoo.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\john p mcdonald\application data\mozilla\firefox\profiles\n1j1jeoo.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - component: c:\program files\nokia\nokia ovi suite\connectors\bookmarks connector\firefoxextension\components\FirefoxExtension.dll
FF - plugin: c:\program files\common files\motive\npMotive.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - Ext: Update Service: updater@foxstart.com - c:\program files\mozilla firefox\extensions\updater@foxstart.com
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\program files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\documents and settings\all users\application data\google\toolbar for firefox\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\program files\nokia\nokia ovi suite\connectors\bookmarks connector\FirefoxExtension
FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\mcafee\SiteAdvisor
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-5-16 387480]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-1-6 84200]
R1 TPPWR;TPPWR;c:\windows\system32\drivers\TPPWR.SYS [2007-5-21 16384]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-6-15 88176]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-1-6 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-1-6 271480]
R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-1-6 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-1-6 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-1-6 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-1-6 141792]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-1-6 56064]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-1-6 153280]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-1-6 52320]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-1-6 314088]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2011-1-6 88736]
R3 QCNDISIF;QCNDISIF;c:\windows\system32\drivers\qcndisif.sys [2007-5-21 12288]
S0 jruicar;jruicar;c:\windows\system32\drivers\vwsjvrhn.sys --> c:\windows\system32\drivers\vwsjvrhn.sys [?]
S2 USBHSB;GeneLink File Transfer Driver;c:\windows\system32\drivers\usbhsb.sys [2009-3-31 18690]
S3 BEHRINGER_2902;usb-audio.de driver for BEHRINGER USB AUDIO;c:\windows\system32\drivers\BUSB2902.sys [2009-10-22 340480]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-2-15 38224]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2011-1-6 88736]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-1-6 84488]
S3 Tp4Track;IBM PS/2 TrackPoint Driver;c:\windows\system32\drivers\tp4track.sys [2003-11-13 13904]
.
=============== Created Last 30 ================
.
2011-05-18 19:04:22 388096 ----a-r- c:\docume~1\johnpm~1\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-05-18 19:04:19 -------- d-----w- c:\program files\Trend Micro
2011-05-16 20:13:52 387480 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-04-26 18:49:10 4474 ----a-w- c:\windows\GATHER.KM
.
==================== Find3M ====================
.
2011-05-18 15:46:00 90112 ----a-w- c:\windows\DUMP5840.tmp
2011-05-14 16:45:39 90112 ----a-w- c:\windows\DUMPf0ba.tmp
2011-05-14 16:02:29 90112 ----a-w- c:\windows\DUMP9a83.tmp
2011-05-14 15:30:23 90112 ----a-w- c:\windows\DUMPba32.tmp
2011-05-14 15:23:51 90112 ----a-w- c:\windows\DUMP373a.tmp
2011-05-14 04:41:33 90112 ----a-w- c:\windows\DUMP83dc.tmp
2011-05-14 04:31:59 90112 ----a-w- c:\windows\DUMP56f2.tmp
2011-05-14 04:15:21 90112 ----a-w- c:\windows\DUMP57c3.tmp
2011-05-13 17:44:26 90112 ----a-w- c:\windows\DUMP4618.tmp
2011-05-13 08:05:05 90112 ----a-w- c:\windows\DUMPb83e.tmp
2011-05-13 07:35:39 90112 ----a-w- c:\windows\DUMPb404.tmp
2011-05-12 09:01:12 90112 ----a-w- c:\windows\DUMPf78b.tmp
2011-05-12 08:58:41 90112 ----a-w- c:\windows\DUMPf1fd.tmp
2011-05-12 08:56:14 90112 ----a-w- c:\windows\DUMPf030.tmp
2011-05-12 08:53:49 90112 ----a-w- c:\windows\DUMPeb42.tmp
2011-05-12 08:51:25 90112 ----a-w- c:\windows\DUMPfdaf.tmp
2011-05-12 08:44:25 90112 ----a-w- c:\windows\DUMP1182.tmp
2011-04-14 13:01:38 141792 ----a-w- c:\windows\system32\mfevtps.exe
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: TOSHIBA_MK4026GAX rev.PA107E -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x873094F0]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8730f7d0]; MOV EAX, [0x8730f84c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x87342AB8]
3 CLASSPNP[0xF76F1FD7] -> nt!IofCallDriver[0x804E37D5] -> \Device\0000009a[0x8736A9E8]
5 ACPI[0xF7658620] -> nt!IofCallDriver[0x804E37D5] -> [0x87344940]
\Driver\atapi[0x873A4F38] -> IRP_MJ_CREATE -> 0x873094F0
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { JMP 0x10; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8730933B
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 21:07:46.47 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 27/05/2007 03:21:16
System Uptime: 24/05/2011 14:45:26 (7 hours ago)
.
Motherboard: IBM | | 23744WG
Processor: Intel(R) Pentium(R) M processor 1.70GHz | None | 1698/400mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 33 GiB total, 2.159 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Brain_Boxes 1-Port_RS232_card
Device ID: PCMCIA\BRAIN_BOXES-1-PORT_RS232_CARD-A1EE\1
Manufacturer:
Name: Brain_Boxes 1-Port_RS232_card
PNP Device ID: PCMCIA\BRAIN_BOXES-1-PORT_RS232_CARD-A1EE\1
Service:
.
Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia E51
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia E51
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd
.
==== System Restore Points ===================
.
RP770: 16/03/2011 18:17:49 - System Checkpoint
RP771: 17/03/2011 18:57:47 - System Checkpoint
RP772: 18/03/2011 19:50:41 - System Checkpoint
RP773: 20/03/2011 11:57:10 - System Checkpoint
RP774: 21/03/2011 17:57:56 - System Checkpoint
RP775: 22/03/2011 18:38:49 - System Checkpoint
RP776: 23/03/2011 19:04:58 - System Checkpoint
RP777: 24/03/2011 20:05:39 - System Checkpoint
RP778: 25/03/2011 20:09:10 - System Checkpoint
RP779: 28/03/2011 16:53:44 - Software Distribution Service 3.0
RP780: 29/03/2011 17:47:23 - System Checkpoint
RP781: 30/03/2011 17:56:16 - System Checkpoint
RP782: 31/03/2011 18:24:15 - System Checkpoint
RP783: 01/04/2011 20:59:42 - System Checkpoint
RP784: 03/04/2011 10:13:14 - System Checkpoint
RP785: 04/04/2011 17:26:08 - System Checkpoint
RP786: 05/04/2011 17:27:58 - System Checkpoint
RP787: 07/04/2011 09:50:22 - System Checkpoint
RP788: 08/04/2011 10:58:51 - System Checkpoint
RP789: 09/04/2011 12:00:05 - System Checkpoint
RP790: 10/04/2011 12:13:33 - System Checkpoint
RP791: 11/04/2011 17:59:02 - System Checkpoint
RP792: 12/04/2011 18:37:43 - System Checkpoint
RP793: 13/04/2011 19:48:35 - System Checkpoint
RP794: 14/04/2011 19:58:09 - System Checkpoint
RP795: 15/04/2011 09:20:56 - Software Distribution Service 3.0
RP796: 16/04/2011 09:25:01 - System Checkpoint
RP797: 17/04/2011 11:37:26 - System Checkpoint
RP798: 18/04/2011 17:18:50 - System Checkpoint
RP799: 19/04/2011 18:16:58 - System Checkpoint
RP800: 20/04/2011 19:01:35 - System Checkpoint
RP801: 21/04/2011 19:47:35 - System Checkpoint
RP802: 22/04/2011 03:00:55 - Software Distribution Service 3.0
RP803: 23/04/2011 03:12:25 - System Checkpoint
RP804: 24/04/2011 04:12:06 - System Checkpoint
RP805: 25/04/2011 05:12:11 - System Checkpoint
RP806: 25/04/2011 12:14:00 - Installed ProScan
RP807: 26/04/2011 18:19:23 - System Checkpoint
RP808: 28/04/2011 18:01:43 - System Checkpoint
RP809: 30/04/2011 07:05:05 - System Checkpoint
RP810: 02/05/2011 20:57:12 - System Checkpoint
RP811: 04/05/2011 21:26:02 - System Checkpoint
RP812: 05/05/2011 22:08:08 - System Checkpoint
.
==== Installed Programs ======================
.
3D Dream House Designer
ABBYY FineReader 6.0 Sprint
Access IBM
Access IBM Message Center
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop Elements 6.0
Amazon MP3 Downloader 1.0.9
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
BBC iPlayer Desktop
BEHRINGER USB AUDIO DRIVER
BlackBerry Desktop Software 6.0
BlackBerry Device Software Updater
Bonjour
BT Broadband Anywhere S620 Update Wizard
BT Broadband Desktop Help
BT NetProtect Plus
BT Voyager 1065 Wireless Utility
BT Yahoo! Applications
CA Yahoo! Anti-Spy (remove only)
Compatibility Pack for the 2007 Office system
Critical Update for Windows Media Player 11 (KB959772)
DVD Decrypter (Remove Only)
energyXT2.07
Epson Easy Photo Print 2
Epson Event Manager
Epson Printer Software Downloader
EPSON Scan
Epson Stylus SX510W_TX550W Manual
EPSON SX510W Series Printer Uninstall
EPSON Web-To-Page
EpsonNet Print
Free CD to MP3 Converter
Handbrake 0.9.4
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
IBM 32-bit Runtime Environment for Java 2, v1.4.1
IBM Access Connections
IBM Active Protection System
IBM DLA
IBM Integrated 56K Modem
IBM RecordNow!
IBM Rescue and Recovery with Rapid Restore
IBM Themes
IBM ThinkPad Battery MaxiMiser and Power Management Features
IBM ThinkPad Configuration
IBM ThinkPad EasyEject Utility
IBM ThinkPad Keyboard Customizer Utility
IBM ThinkPad Power Management Driver
IBM ThinkPad Presentation Director
IBM ThinkPad UltraNav Driver
IBM ThinkPad UltraNav Wizard
IBM ThinkVantage Technologies Welcome Message
IBM TrackPoint Accessibility Features
IBM TrackPoint Support
IBM Update Connector
Intel(R) PRO Network Adapters and Drivers
Intel(R) Sebring API
InterVideo WinDVD
IPIX ActiveX Viewer
iTunes
Java Auto Updater
Malwarebytes' Anti-Malware
McAfee Uninstall Wizard
Microsoft .NET Compact Framework 2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft ActiveSync
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Professional
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.9
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Word Supplemental Templates and Wizards
Mirar
MobileMe Control Panel
Mozilla Firefox (3.6.17)
MSVC80_x86
MSVC80_x86_v2
MSVC90_x86
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyDealAssistant.com
Native Instruments AC Box Combo
Native Instruments Service Center
Nokia Connectivity Cable Driver
Nokia Ovi Suite
Nokia Ovi Suite Software Updater
Nokia PC Suite
OGA Notifier 2.0.0048.0
Ovi Desktop Sync Engine
OviMPlatform
Paint Shop Pro 7
PaperPort
PC-Doctor for Windows
PC Connectivity Solution
ProScan
ProScan 5.8
QuickTime
Runtime 8.0 Libraries
Safari
Save
ScanTool.net for Windows v1.20
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2124261)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2290570)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB970483)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976323)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Skype Toolbars
Skype™ 4.2
Sonic Update Manager
Spotify
ThinkPad FullScreen Magnifier
ThinkPad Software Installer
Ultra Video Joiner 4.7.1127
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VoiceOver Kit
Wallpapers
WavePad Sound Editor
WebFldrs XP
Windows Driver Package - FTDI CDM Driver Package (02/17/2009 2.04.16)
Windows Driver Package - Nokia Modem (06/01/2009 4.1)
Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.3)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
XML Paper Specification Shared Components Pack 1.0
XPS Essentials Pack
XPS Essentials Pack 1.0
Yahoo! BrowserPlus 2.9.8
.
==== Event Viewer Messages From Past Week ========
.
24/05/2011 21:03:56, error: Service Control Manager [7016] - The BrSplService service has reported an invalid current state 0.
23/05/2011 20:48:04, error: System Error [1003] - Error code 1000000a, parameter1 00000004, parameter2 00000002, parameter3 00000001, parameter4 804ede8e.
22/05/2011 10:42:51, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the HTTP SSL service to connect.
22/05/2011 10:42:51, error: Service Control Manager [7000] - The HTTP SSL service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
18/05/2011 11:23:28, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\system32\WININET.dll. Reference error message: The operation completed successfully. .
18/05/2011 11:23:27, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.Windows.Common-Controls.mui. Reference error message: Insufficient system resources exist to complete the requested service. .
18/05/2011 11:23:27, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\system32\urlmon.dll. Reference error message: The operation completed successfully. .
18/05/2011 05:41:50, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified module could not be found.
18/05/2011 05:41:50, error: RemoteAccess [20070] - Point to Point Protocol engine was unable to load the C:\WINDOWS\System32\rasppp.dll module. The specified module could not be found.
18/05/2011 05:41:49, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.Windows.Common-Controls. Reference error message: Insufficient system resources exist to complete the requested service. .
18/05/2011 05:41:49, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\system32\modemui.dll. Reference error message: The operation completed successfully. .
18/05/2011 05:30:43, error: RemoteAccess [20151] - The Control Protocol IPCP in the Point to Point Protocol module (unknown) returned an error while initializing. A dynamic link library (DLL) initialization routine failed.
18/05/2011 05:30:41, error: Service Control Manager [7023] - The Remote Access Connection Manager service terminated with the following error: The specified module could not be found.
18/05/2011 05:30:40, error: Rasman [20063] - Remote Access Connection Manager failed to start because the Point to Point Protocol failed to initialize. The specified module could not be found.
17/05/2011 19:09:54, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
17/05/2011 17:25:06, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
17/05/2011 17:25:06, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
17/05/2011 17:19:08, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
17/05/2011 17:19:07, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
17/05/2011 17:17:54, error: Service Control Manager [7023] - The IPSEC Services service terminated with the following error: The authentication service is unknown.
17/05/2011 17:17:54, error: Service Control Manager [7000] - The GeneLink File Transfer Driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
17/05/2011 17:17:04, error: Modem [2] - Not enough resources were available for the driver.
.
==== End Of File ===========================
nmcdonald1959
Active Member
 
Posts: 11
Joined: May 18th, 2011, 3:10 pm
Advertisement
Register to Remove

Re: Virus that chnages start button turns toolbar white

Unread postby Gary R » May 26th, 2011, 4:17 pm

Looking over your log, back soon
User avatar
Gary R
Administrator
Administrator
 
Posts: 21864
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Virus that chnages start button turns toolbar white

Unread postby Gary R » May 26th, 2011, 4:35 pm

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.


Unless informed of in advance, failure to post replies within 3 days will result in this thread being closed.


Hi

I'm Gary R, I'll be glad to help you with your computer problems.

Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Please observe these rules while we work:
  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to install any new software (other than those I ask you to) until we've got your computer clean.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If your defensive programmes warn you about any of those tools, be assured that they are not infected, and are safe to use.
If you can do these things, everything should go smoothly.
  • As you're using XP, you'll need Administrator privileges to perform the fixes. (XP accounts are Administrator by default)
It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


Download ComboFix from one of these locations and save it to your Desktop: (if you already have a copy of Combofix, delete it and use this version)

Link 1
Link 2

IMPORTANT !!! ComboFix.exe must be run from your Desktop

  • Disable your AntiVirus and AntiSpyware applications, they may otherwise interfere with Combofix. There are details for disabling many programmes here.
  • Double click on ComboFix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install Microsoft Windows Recovery Console.

**Please note: If Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Image

Once Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Image

Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you.

Please include this log in your next reply. ......... (it can also be found at C:\ComboFix.txt)

IMPORTANT
  • Do not use your computer while Combofix is running.
  • Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  • If you've lost your Internet connection when Combofix has completely finished, re-start your computer to restore it.
If you have any problems with these instructions, a detailed Tutorial for how to use Combofix is available here.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21864
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Virus that chnages start button turns toolbar white

Unread postby nmcdonald1959 » May 29th, 2011, 4:45 am

Thank you for taking the time to help me. Much appreciated. I've run Combofix and here is the log.

ComboFix 11-05-27.02 - John P McDonald 28/05/2011 18:34:35.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1023.679 [GMT 1:00]
Running from: c:\documents and settings\John P McDonald\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Resident AV is active
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc100.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc1006.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc101.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc1067.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc10B.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc10CB.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc1123.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc1134.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc1186.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc11A1.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc11D.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc11FA.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc122.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc1285.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc129.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc12D.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc131A.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc1391.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc1495.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc151.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc152.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc156.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc157.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc1574.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc157C.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc15A.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc15D.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc1613.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc163.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc165F.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc16B.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc16CC.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc16D.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc16E.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc173.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc1755.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc17A.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc17A4.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc17F.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc183.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc18E.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc18F.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc192.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc195B.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc197.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc19C9.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc1AA8.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc1AC.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc1B18.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc1B4.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc1BA.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc1C01.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc1C1.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc1C3.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc1C4.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc1C9.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc1CA.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc1CCD.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc1CE.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc1CF.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc1D0.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc1D5.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc1DF.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc1E8.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc1EA.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc1EC8.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc1F.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc1F0A.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc1F52.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc1FC.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc20.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc203.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc2042.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc20A.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc217.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc218.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc218A.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc21F.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc220.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc225.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc227.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc228.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc22C.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc22D.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc232.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc233.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc234.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc23E.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc24.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc244.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc245.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc2477.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc24A.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc24B.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc24F.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc257.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc25A.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc268.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc277.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc279.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc282.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc283.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc293.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc299.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc29D.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc2A2.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc2A8.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc2AB.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc2B.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc2B6.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc2C7.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc2CF.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc2D.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc2D1.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc2D3.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc2D5.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc2DF.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc2E2.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc2E3.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc2E9.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc2EC.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc2F.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc2FF.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc30.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc308.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc309.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc31.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc311.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc31C.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc31E.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc32.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc32A.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc32E.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc33.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc330.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc331.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc332.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc333.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc334.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc34.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc34A.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc35.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc355.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc36.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc368.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc37.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc374.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc377.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc37A.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc37E.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc37F.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc38.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc387.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc388.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc39.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc391.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc39A.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc3A.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc3AA.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc3AB.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc3B.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc3B0.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc3B3.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc3C3.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc3CB.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc3CF.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc3D.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc3D9.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc3DC.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc3E.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc3E4.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc3E7.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc3EF.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc3F.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc3F6.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc3FA.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc40.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc407.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc408.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc40B.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc41.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc416.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc42.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc425.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc43.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc435.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc43B.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc44A.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc44B.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc451.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc45B.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc462.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc46B.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc472.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc483.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc498.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc49A.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc49E.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc4A2.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc4A9.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc4C.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc4C0.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc4C4.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc4C5.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc4C7.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc4D.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc4D3.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc4D4.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc4DF.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc4E.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc4E6.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc4EE.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc4F.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc4F0.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc4F1.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc4F6.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc4F9.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc4FB.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc50.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc50A.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc517.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc520.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc522.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc52B.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc52C.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc53E.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc54.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc547.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc55D.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc56C.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc57.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc575.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc57F.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc58.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc58C.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc59.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc5A.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc5AB.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc5AE.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc5B1.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc5C0.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc5C4.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc5C5.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc5D.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc5E3.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc5F.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc60C.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc60E.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc625.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc62D.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc64D.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc650.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc655.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc66A.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc67.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc68.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc680.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc689.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc694.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc69A.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc6B2.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc6C7.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc6CB.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc6DB.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc6E.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc6E8.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc6F.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc70.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc70F.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc71.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc712.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc72D.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc72E.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc746.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc748.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc755.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc767.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc77.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc780.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc790.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc7BA.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc7BB.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc7C.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc7D2.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc7E5.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc7EA.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc7F1.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc80.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc819.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc821.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc827.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc846.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc847.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc85C.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc86.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc86B.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc870.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc871.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc87B.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc880.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc88E.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc892.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc894.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc8A.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc8A9.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc8BF.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc8D8.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc8F0.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc928.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc929.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc947.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc95.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc96.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc969.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc96C.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc96F.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc973.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc975.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc98D.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc996.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc999.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc99F.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc9A3.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc9CB.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mcc9EB.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mccA1.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mccA3.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mccA4.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mccA5.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mccA68.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mccA7A.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mccA7B.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mccA8.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mccA9.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mccAA1.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mccAA3.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mccAB.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mccAB5.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mccAC.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mccAEA.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mccAF.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mccB05.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mccB08.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mccB09.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mccB19.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mccB31.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mccB36.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mccB37.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mccB66.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mccB8.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mccB8C.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mccBAA.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mccBB8.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mccBC1.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mccBE.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mccBF.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mccBF7.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mccC1.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mccC2E.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mccC3.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mccC30.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mccC48.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mccC7.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mccC8.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mccC9E.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mccCA.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mccCBD.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mccCCB.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mccCD8.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mccCE.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mccD0C.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mccD13.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mccD22.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mccDA8.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mccDC.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mccDEF.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mccE7F.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mccE9.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mccEA.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mccEA9.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mccEB.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mccEBC.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mccEC7.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mccF0C.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mccF37.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mccF9.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mccF9C.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mccFA0.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mccFA6.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mccFC.tmp
c:\documents and settings\John P McDonald\Local Settings\Temporary Internet Files\mccFE.tmp
c:\documents and settings\John P McDonald\WINDOWS
c:\program files\IBM\Updater\ucstartup.exe
c:\windows\system32\Cache
.
.
((((((((((((((((((((((((( Files Created from 2011-04-28 to 2011-05-28 )))))))))))))))))))))))))))))))
.
.
2011-05-18 19:04 . 2011-05-18 19:04 388096 ----a-r- c:\documents and settings\John P McDonald\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-05-18 19:04 . 2011-05-18 19:04 -------- d-----w- c:\program files\Trend Micro
2011-05-16 20:13 . 2011-04-14 13:01 387480 ------w- c:\windows\system32\drivers\mfehidk.sys
2011-05-06 06:48 . 2011-05-06 06:48 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-28 17:04 . 2011-04-26 18:49 4474 ----a-w- c:\windows\GATHER.KM
2011-05-18 15:46 . 2007-05-21 02:14 90112 ----a-w- c:\windows\DUMP5840.tmp
2011-05-14 16:45 . 2007-05-21 02:14 90112 ----a-w- c:\windows\DUMPf0ba.tmp
2011-05-14 16:02 . 2007-05-21 02:14 90112 ----a-w- c:\windows\DUMP9a83.tmp
2011-05-14 15:30 . 2007-05-21 02:14 90112 ----a-w- c:\windows\DUMPba32.tmp
2011-05-14 15:23 . 2007-05-21 02:14 90112 ----a-w- c:\windows\DUMP373a.tmp
2011-05-14 04:41 . 2007-05-21 02:14 90112 ----a-w- c:\windows\DUMP83dc.tmp
2011-05-14 04:31 . 2007-05-21 02:14 90112 ----a-w- c:\windows\DUMP56f2.tmp
2011-05-14 04:15 . 2007-05-21 02:14 90112 ----a-w- c:\windows\DUMP57c3.tmp
2011-05-13 17:44 . 2007-05-21 02:14 90112 ----a-w- c:\windows\DUMP4618.tmp
2011-05-13 08:05 . 2007-05-21 02:14 90112 ----a-w- c:\windows\DUMPb83e.tmp
2011-05-13 07:35 . 2007-05-21 02:14 90112 ----a-w- c:\windows\DUMPb404.tmp
2011-05-12 09:01 . 2007-05-21 02:14 90112 ----a-w- c:\windows\DUMPf78b.tmp
2011-05-12 08:58 . 2007-05-21 02:14 90112 ----a-w- c:\windows\DUMPf1fd.tmp
2011-05-12 08:56 . 2007-05-21 02:14 90112 ----a-w- c:\windows\DUMPf030.tmp
2011-05-12 08:53 . 2007-05-21 02:14 90112 ----a-w- c:\windows\DUMPeb42.tmp
2011-05-12 08:51 . 2007-05-21 02:14 90112 ----a-w- c:\windows\DUMPfdaf.tmp
2011-05-12 08:44 . 2007-05-21 02:14 90112 ----a-w- c:\windows\DUMP1182.tmp
2011-04-14 13:01 . 2011-01-06 12:11 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-04-14 13:01 . 2011-01-06 12:10 141792 ----a-w- c:\windows\system32\mfevtps.exe
2011-04-14 13:01 . 2011-01-06 12:10 88736 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2011-04-14 13:01 . 2011-01-06 12:10 84488 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-04-14 13:01 . 2011-01-06 12:10 84200 ------w- c:\windows\system32\drivers\mfetdi2k.sys
2011-04-14 13:01 . 2011-01-06 12:10 52320 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-04-14 13:01 . 2011-01-06 12:10 314088 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-04-14 13:01 . 2011-01-06 12:10 95824 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2011-04-14 13:01 . 2011-01-06 12:10 56064 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-04-14 13:01 . 2011-01-06 12:10 153280 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-03-07 05:33 . 2003-02-20 16:10 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37 . 1980-01-01 07:00 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 1980-01-01 07:00 1857920 ----a-w- c:\windows\system32\win32k.sys
2009-09-06 11:58 . 2009-08-31 11:46 210944 ----a-w- c:\program files\mozilla firefox\components\rpff.dll
2011-04-14 13:01 . 2011-01-06 12:11 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ibmmessages"="c:\program files\IBM\Messages By IBM\ibmmessages.exe" [2004-07-22 442368]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-06-25 1414144]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"S3TRAY2"="S3Tray2.exe" [2001-10-12 69632]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-06-16 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-06-16 512000]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2004-02-05 897024]
"TpShocks"="TpShocks.exe" [2004-03-27 102400]
"TPHOTKEY"="c:\progra~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [2004-08-17 94208]
"TP4EX"="tp4ex.exe" [2002-09-04 53248]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2003-12-25 208896]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-09-02 127035]
"ibmmessages"="c:\program files\IBM\Messages By IBM\\ibmmessages.exe" [2004-07-22 442368]
"IBMPRC"="c:\ibmtools\UTILS\ibmprc.exe" [2004-03-19 90112]
"QCWLICON"="c:\program files\ThinkPad\ConnectUtilities\QCWLICON.EXE" [2004-11-09 81920]
"BMMGAG"="c:\progra~1\ThinkPad\UTILIT~1\pwrmonit.dll" [2004-07-29 110592]
"BMMLREF"="c:\program files\ThinkPad\Utilities\BMMLREF.EXE" [2004-07-29 20480]
"BMMMONWND"="c:\progra~1\ThinkPad\UTILIT~1\BatInfEx.dll" [2004-07-29 395776]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904]
"btbb_McciTrayApp"="c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" [2009-09-14 1584640]
"wltray.exe"="c:\windows\system32\wltray.exe" [2005-03-01 733292]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
"TrackPointSrv"="tp4serv.exe" [2003-11-13 94208]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-04-05 1195408]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-5-21 24576]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\QConGina]
2004-11-09 10:53 262144 ----a-w- c:\windows\system32\QConGina.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IBM\\Updater\\jre\\bin\\java.exe"=
"c:\\Program Files\\IBM\\Updater\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\IBM\\Updater\\ucsmb.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Nokia\\Nokia Ovi Suite\\NokiaOviSuite.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=
"c:\\Program Files\\BT Broadband Desktop Help\\btbb\\BTHelpBrowser.exe"=
"c:\\Program Files\\BT Broadband Desktop Help\\btbb\\BTHelpNotifier.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [06/01/2011 13:10 84200]
R1 TPPWR;TPPWR;c:\windows\system32\drivers\TPPWR.SYS [21/05/2007 03:49 16384]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [15/06/2009 20:07 88176]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [06/01/2011 13:10 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [06/01/2011 13:10 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [06/01/2011 13:11 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [06/01/2011 13:10 141792]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [06/01/2011 13:10 56064]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [06/01/2011 13:10 314088]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [06/01/2011 13:10 88736]
R3 QCNDISIF;QCNDISIF;c:\windows\system32\drivers\qcndisif.sys [21/05/2007 03:47 12288]
S0 jruicar;jruicar;c:\windows\system32\drivers\vwsjvrhn.sys --> c:\windows\system32\drivers\vwsjvrhn.sys [?]
S2 USBHSB;GeneLink File Transfer Driver;c:\windows\system32\drivers\usbhsb.sys [31/03/2009 17:12 18690]
S3 BEHRINGER_2902;usb-audio.de driver for BEHRINGER USB AUDIO;c:\windows\system32\drivers\BUSB2902.sys [22/10/2009 09:54 340480]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [15/02/2009 18:57 38224]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [06/01/2011 13:10 88736]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [06/01/2011 13:10 84488]
S3 Tp4Track;IBM PS/2 TrackPoint Driver;c:\windows\system32\drivers\tp4track.sys [13/11/2003 11:12 13904]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2007-05-21 c:\windows\Tasks\BMMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\BMMTASK.EXE [2007-05-21 08:37]
.
2011-05-06 c:\windows\Tasks\Epson Printer Software Downloader.job
- c:\program files\EPSON\EPAPDL\E_SAPDL2.EXE [2009-05-26 11:43]
.
2011-05-28 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-13 21:18]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.ask.com/web?o=13110&l=dis
mSearch Bar = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s
TCP: DhcpNameServer = 192.168.1.254
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\John P McDonald\Application Data\Mozilla\Firefox\Profiles\n1j1jeoo.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://login.yahoo.com/config/login_ve ... oo.com/%3f
FF - Ext: Update Service: updater@foxstart.com - c:\program files\Mozilla Firefox\extensions\updater@foxstart.com
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\documents and settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\McAfee\SiteAdvisor
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-SITEguard - (no file)
Toolbar-{AC0524AC-EED5-42D4-BE88-FB15E1879C7B} - (no file)
Toolbar-{F73BCCF8-1DCE-4C5B-B8B7-18E16E248526} - (no file)
HKCU-Run-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
HKLM-Run-UC_Start - c:\program files\IBM\Updater\\ucstartup.exe
HKLM-Run-EPSON Stylus CX3600 Series - c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-McAfee Uninstall Utility - c:\progra~1\McAfee.com\Shared\mcappins.exe
AddRemove-DealAssistant - c:\documents and settings\John P McDonald\Application Data\DealAssistant\DAUninstall.exe
AddRemove-Save - c:\program files\Save\SaveUninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-28 19:22
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: TOSHIBA_MK4026GAX rev.PA107E -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8733533B
user & kernel MBR OK
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\EGATHDRV]
"ImagePath"="\??\c:\windows\GATHER.KM"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-639836632-2406333127-758162611-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1776)
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll
.
- - - - - - - > 'lsass.exe'(1836)
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(3948)
c:\windows\system32\WININET.dll
c:\windows\system32\SynTPFcs.dll
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\windows\system32\ieframe.dll
c:\progra~1\ThinkPad\UTILIT~1\pwrmonit.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\MSVCR80.dll
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\ibmpmsvc.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\S24EvMon.exe
c:\windows\System32\wltrysvc.exe
c:\windows\System32\bcmwltry.exe
c:\windows\system32\brss01a.exe
c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\windows\system32\rundll32.exe
c:\windows\System32\QCONSVC.EXE
c:\windows\system32\RegSrvc.exe
c:\windows\system32\TpKmpSVC.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\windows\system32\TpShocks.exe
c:\program files\ThinkPad\UltraNav Wizard\UNavTray.EXE
c:\program files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
c:\program files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
c:\windows\system32\RunDll32.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe
c:\program files\Microsoft ActiveSync\Wcescomm.exe
c:\progra~1\MICROS~4\rapimgr.exe
c:\program files\Common Files\InstallShield\UpdateService\agent.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclIrSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
.
**************************************************************************
.
Completion time: 2011-05-28 19:43:05 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-28 18:42
.
Pre-Run: 4,184,322,048 bytes free
Post-Run: 6,433,443,840 bytes free
.
- - End Of File - - E1CC9BE0C376FDF8AA85023C113DE58D
nmcdonald1959
Active Member
 
Posts: 11
Joined: May 18th, 2011, 3:10 pm

Re: Virus that chnages start button turns toolbar white

Unread postby Gary R » May 29th, 2011, 9:08 am

Didn't see what I expected to see there ......

Download TDSSKiller.zip and extract it to your Desktop.
  • Double click on TDSSKiller.exe to launch it.
    • If using Vista or Windows7, when prompted by UAC allow the prompt.
  • Click on Start Scan
  • The scan will run.
  • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  • Post the contents in your next reply please.
  • DO NOT TRY TO FIX ANYTHING AT THIS POINT

Next

Download OTL by OldTimer to your Desktop.

Alternative Download

If you already have a copy of OTL delete it and use this version.

  • Double click OTL.exe to launch the programme.
  • Check the following.
    • Scan all users.
    • Standard Output.
    • Lop check.
    • Purity check.
  • Under Extra Registry section, select Use SafeList
  • Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
  • When finished it will produce two logs.
    • OTL.txt (open on your desktop).
    • Extras.txt (minimised in your taskbar)
  • Please post me both logs.

Summary of the logs I need from you in your next post:
  • TDSSKiller log
  • OTL.txt
  • Extras.txt


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21864
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Virus that chnages start button turns toolbar white

Unread postby nmcdonald1959 » May 29th, 2011, 2:14 pm

2011/05/29 19:09:08.0695 0268 TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24
2011/05/29 19:09:09.0597 0268 ================================================================================
2011/05/29 19:09:09.0597 0268 SystemInfo:
2011/05/29 19:09:09.0597 0268
2011/05/29 19:09:09.0597 0268 OS Version: 5.1.2600 ServicePack: 3.0
2011/05/29 19:09:09.0597 0268 Product type: Workstation
2011/05/29 19:09:09.0597 0268 ComputerName: IBM-A342C680B2F
2011/05/29 19:09:09.0617 0268 UserName: John P McDonald
2011/05/29 19:09:09.0617 0268 Windows directory: C:\WINDOWS
2011/05/29 19:09:09.0617 0268 System windows directory: C:\WINDOWS
2011/05/29 19:09:09.0617 0268 Processor architecture: Intel x86
2011/05/29 19:09:09.0617 0268 Number of processors: 1
2011/05/29 19:09:09.0617 0268 Page size: 0x1000
2011/05/29 19:09:09.0617 0268 Boot type: Normal boot
2011/05/29 19:09:09.0617 0268 ================================================================================
2011/05/29 19:09:13.0112 0268 Initialize success
2011/05/29 19:09:18.0329 1188 ================================================================================
2011/05/29 19:09:18.0329 1188 Scan started
2011/05/29 19:09:18.0329 1188 Mode: Manual;
2011/05/29 19:09:18.0329 1188 ================================================================================
2011/05/29 19:09:23.0377 1188 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS
2011/05/29 19:09:23.0927 1188 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
2011/05/29 19:09:24.0719 1188 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/05/29 19:09:25.0209 1188 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/05/29 19:09:25.0600 1188 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\System32\DRIVERS\adpu160m.sys
2011/05/29 19:09:26.0291 1188 aeaudio (75bee80a25fc7f690dcd57570dc159c1) C:\WINDOWS\system32\drivers\aeaudio.sys
2011/05/29 19:09:27.0102 1188 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/05/29 19:09:27.0563 1188 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/05/29 19:09:28.0284 1188 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/05/29 19:09:29.0065 1188 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/05/29 19:09:29.0415 1188 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\System32\DRIVERS\agpCPQ.sys
2011/05/29 19:09:29.0846 1188 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\System32\DRIVERS\aha154x.sys
2011/05/29 19:09:30.0387 1188 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\System32\DRIVERS\aic78u2.sys
2011/05/29 19:09:31.0088 1188 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\System32\DRIVERS\aic78xx.sys
2011/05/29 19:09:31.0618 1188 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\System32\DRIVERS\aliide.sys
2011/05/29 19:09:32.0349 1188 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\System32\DRIVERS\alim1541.sys
2011/05/29 19:09:32.0740 1188 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\System32\DRIVERS\amdagp.sys
2011/05/29 19:09:33.0101 1188 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\System32\DRIVERS\amsint.sys
2011/05/29 19:09:33.0621 1188 ANC (11ab185a7af224800bbfb5b836974a17) C:\WINDOWS\system32\drivers\ANC.SYS
2011/05/29 19:09:34.0152 1188 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\System32\DRIVERS\asc.sys
2011/05/29 19:09:34.0823 1188 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\System32\DRIVERS\asc3350p.sys
2011/05/29 19:09:35.0384 1188 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\System32\DRIVERS\asc3550.sys
2011/05/29 19:09:35.0995 1188 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/05/29 19:09:36.0485 1188 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/05/29 19:09:37.0407 1188 ati2mtag (f0d0b0cdec0be32d775f404cac2604bf) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/05/29 19:09:38.0208 1188 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/05/29 19:09:38.0629 1188 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/05/29 19:09:39.0249 1188 BCM43XX (e7debb46b9ef1f28932e533be4a3d1a9) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2011/05/29 19:09:39.0730 1188 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/05/29 19:09:40.0241 1188 BEHRINGER_2902 (4ee79dc79d821500d5174047a9af708c) C:\WINDOWS\system32\Drivers\BUSB2902.sys
2011/05/29 19:09:40.0922 1188 BrScnUsb (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\Drivers\BrScnUsb.sys
2011/05/29 19:09:41.0573 1188 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\System32\DRIVERS\cbidf2k.sys
2011/05/29 19:09:41.0903 1188 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/05/29 19:09:42.0254 1188 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/05/29 19:09:42.0604 1188 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys
2011/05/29 19:09:43.0135 1188 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/05/29 19:09:43.0536 1188 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/05/29 19:09:43.0986 1188 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/05/29 19:09:44.0537 1188 cfwids (7fd604cd7a7a0ff8975af61bdf64c577) C:\WINDOWS\system32\drivers\cfwids.sys
2011/05/29 19:09:45.0438 1188 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/05/29 19:09:45.0809 1188 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\System32\DRIVERS\cmdide.sys
2011/05/29 19:09:46.0139 1188 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/05/29 19:09:46.0550 1188 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\System32\DRIVERS\cpqarray.sys
2011/05/29 19:09:46.0950 1188 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\System32\DRIVERS\dac2w2k.sys
2011/05/29 19:09:47.0331 1188 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\System32\DRIVERS\dac960nt.sys
2011/05/29 19:09:48.0032 1188 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/05/29 19:09:48.0693 1188 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/05/29 19:09:49.0374 1188 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/05/29 19:09:49.0775 1188 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/05/29 19:09:50.0165 1188 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/05/29 19:09:50.0576 1188 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\System32\DRIVERS\dpti2o.sys
2011/05/29 19:09:50.0886 1188 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/05/29 19:09:51.0287 1188 drvmcdb (f41619ae216b51d68dda163805eefaa9) C:\WINDOWS\system32\drivers\drvmcdb.sys
2011/05/29 19:09:52.0068 1188 drvnddm (b295700e684ed1984db1d6be40354421) C:\WINDOWS\system32\drivers\drvnddm.sys
2011/05/29 19:09:52.0659 1188 E1000 (8179a01475f75417011e27e322c7e0e3) C:\WINDOWS\system32\DRIVERS\e1000325.sys
2011/05/29 19:09:53.0370 1188 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/05/29 19:09:53.0740 1188 EGATHDRV (12bb0f2d065e181bd356a8f60e6f1cdc) C:\WINDOWS\GATHER.KM
2011/05/29 19:09:54.0141 1188 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/05/29 19:09:54.0561 1188 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/05/29 19:09:55.0032 1188 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/05/29 19:09:55.0423 1188 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/05/29 19:09:55.0893 1188 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/05/29 19:09:56.0354 1188 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/05/29 19:09:56.0725 1188 FTDIBUS (7c17235845d5ae3fb33ead47b5881521) C:\WINDOWS\system32\drivers\ftdibus.sys
2011/05/29 19:09:57.0686 1188 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/05/29 19:09:58.0117 1188 FTSER2K (23220a4709cc5785f9633ba71416145c) C:\WINDOWS\system32\drivers\ftser2k.sys
2011/05/29 19:09:58.0667 1188 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/05/29 19:09:59.0268 1188 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/05/29 19:09:59.0699 1188 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/05/29 19:10:00.0089 1188 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\System32\DRIVERS\hpn.sys
2011/05/29 19:10:00.0750 1188 HSFHWICH (62003dbef083dc07e5399f44fb4e22bc) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
2011/05/29 19:10:01.0732 1188 HSF_DP (f41cd40b94d91edf9443a527053ec549) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2011/05/29 19:10:02.0633 1188 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/05/29 19:10:03.0074 1188 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/05/29 19:10:03.0444 1188 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\System32\DRIVERS\i2omp.sys
2011/05/29 19:10:03.0865 1188 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/05/29 19:10:04.0315 1188 ibmfilter (4dc41ab5aa3f96fa7f01587dd9ccf467) C:\WINDOWS\system32\drivers\ibmfilter.sys
2011/05/29 19:10:04.0936 1188 IBMPMDRV (b9ad9ebe354af205277fdbfce5c5daec) C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys
2011/05/29 19:10:05.0567 1188 IBMTPCHK (e4fa96158a283618a0e1807bfdc12230) C:\WINDOWS\system32\drivers\IBMBLDID.SYS
2011/05/29 19:10:06.0178 1188 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/05/29 19:10:06.0619 1188 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\System32\DRIVERS\ini910u.sys
2011/05/29 19:10:07.0190 1188 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\System32\DRIVERS\intelide.sys
2011/05/29 19:10:07.0600 1188 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/05/29 19:10:07.0971 1188 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/05/29 19:10:08.0381 1188 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/05/29 19:10:08.0842 1188 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/05/29 19:10:09.0303 1188 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/05/29 19:10:09.0863 1188 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/05/29 19:10:10.0374 1188 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
2011/05/29 19:10:10.0885 1188 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/05/29 19:10:11.0436 1188 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/05/29 19:10:12.0317 1188 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/05/29 19:10:12.0708 1188 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/05/29 19:10:13.0178 1188 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/05/29 19:10:13.0699 1188 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/05/29 19:10:14.0740 1188 ltmodem5 (9ee18a5a45552673a67532ea37370377) C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys
2011/05/29 19:10:15.0451 1188 LVUSBSta (23f8ef78bb9553e465a476f3cee5ca18) C:\WINDOWS\system32\DRIVERS\LVUSBSta.sys
2011/05/29 19:10:15.0992 1188 MBAMSwissArmy (d68e165c3123aba3b1282eddb4213bd8) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011/05/29 19:10:17.0044 1188 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/05/29 19:10:17.0645 1188 mfeapfk (113445fc6a858ef453cded5b0a0df665) C:\WINDOWS\system32\drivers\mfeapfk.sys
2011/05/29 19:10:18.0296 1188 mfeavfk (dbf6e1b388d5c070d438c61adb990c30) C:\WINDOWS\system32\drivers\mfeavfk.sys
2011/05/29 19:10:19.0367 1188 mfebopk (a528b15e330edb83ea649be318d841d5) C:\WINDOWS\system32\drivers\mfebopk.sys
2011/05/29 19:10:20.0088 1188 mfefirek (c7da1b8003c89acedaa13768f7a1c622) C:\WINDOWS\system32\drivers\mfefirek.sys
2011/05/29 19:10:21.0080 1188 mfehidk (5e9679bb2fc4fa38ec8ca906c47acd46) C:\WINDOWS\system32\drivers\mfehidk.sys
2011/05/29 19:10:21.0751 1188 mfendisk (b1728195877b18ce63cf0cd00b2871eb) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
2011/05/29 19:10:22.0121 1188 mfendiskmp (b1728195877b18ce63cf0cd00b2871eb) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
2011/05/29 19:10:22.0612 1188 mferkdet (ce1711f7c3f72f6762abd241dcfd5ee1) C:\WINDOWS\system32\drivers\mferkdet.sys
2011/05/29 19:10:23.0283 1188 mfetdi2k (25e12c68b49a64ffc873603dfd578236) C:\WINDOWS\system32\drivers\mfetdi2k.sys
2011/05/29 19:10:23.0874 1188 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/05/29 19:10:24.0304 1188 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/05/29 19:10:24.0725 1188 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/05/29 19:10:25.0145 1188 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/05/29 19:10:25.0626 1188 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/05/29 19:10:26.0007 1188 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\System32\DRIVERS\mraid35x.sys
2011/05/29 19:10:26.0357 1188 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
2011/05/29 19:10:26.0808 1188 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
2011/05/29 19:10:27.0599 1188 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/05/29 19:10:28.0050 1188 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/05/29 19:10:28.0580 1188 MSIRCOMM (95c6432151ccff8617352f8e616a1aa4) C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys
2011/05/29 19:10:28.0951 1188 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/05/29 19:10:29.0281 1188 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/05/29 19:10:29.0782 1188 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/05/29 19:10:30.0143 1188 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/05/29 19:10:30.0623 1188 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/05/29 19:10:31.0054 1188 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/05/29 19:10:31.0464 1188 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/05/29 19:10:32.0176 1188 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/05/29 19:10:32.0546 1188 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/05/29 19:10:33.0067 1188 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/05/29 19:10:33.0387 1188 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/05/29 19:10:33.0908 1188 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/05/29 19:10:34.0299 1188 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/05/29 19:10:34.0990 1188 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/05/29 19:10:35.0520 1188 nmwcd (c3963d85b721a7f80d8a55f4e2867a3a) C:\WINDOWS\system32\drivers\ccdcmb.sys
2011/05/29 19:10:36.0211 1188 nmwcdc (3859c69a77793180548802dac9f34a38) C:\WINDOWS\system32\drivers\ccdcmbo.sys
2011/05/29 19:10:36.0902 1188 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/05/29 19:10:37.0403 1188 NSCIRDA (2adc0ca9945c65284b3d19bc18765974) C:\WINDOWS\system32\DRIVERS\nscirda.sys
2011/05/29 19:10:37.0934 1188 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/05/29 19:10:38.0635 1188 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/05/29 19:10:38.0955 1188 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/05/29 19:10:39.0306 1188 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/05/29 19:10:39.0847 1188 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
2011/05/29 19:10:40.0277 1188 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/05/29 19:10:40.0808 1188 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/05/29 19:10:41.0178 1188 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/05/29 19:10:41.0559 1188 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
2011/05/29 19:10:42.0270 1188 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/05/29 19:10:42.0991 1188 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/05/29 19:10:43.0402 1188 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/05/29 19:10:45.0054 1188 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\System32\DRIVERS\perc2.sys
2011/05/29 19:10:45.0605 1188 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\System32\DRIVERS\perc2hib.sys
2011/05/29 19:10:46.0947 1188 PID_PEPI (4bb5ac2dd485b8eefccb977ee66a68ad) C:\WINDOWS\system32\DRIVERS\LV302V32.SYS
2011/05/29 19:10:48.0359 1188 PMEM (fa292805788528c083f416e151b60ab6) C:\WINDOWS\SYSTEM32\Drivers\PMEMNT.SYS
2011/05/29 19:10:48.0789 1188 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/05/29 19:10:49.0160 1188 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/05/29 19:10:49.0520 1188 psadd (dc23b0d9a0282cb0d8281dbda431ac14) C:\WINDOWS\system32\Drivers\psadd.sys
2011/05/29 19:10:51.0333 1188 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/05/29 19:10:51.0694 1188 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/05/29 19:10:52.0084 1188 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/05/29 19:10:52.0445 1188 QCNDISIF (2feb0da5705df73ef15027512b998223) C:\WINDOWS\system32\drivers\qcndisif.SYS
2011/05/29 19:10:52.0945 1188 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\System32\DRIVERS\ql1080.sys
2011/05/29 19:10:53.0306 1188 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\System32\DRIVERS\ql10wnt.sys
2011/05/29 19:10:53.0686 1188 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\System32\DRIVERS\ql12160.sys
2011/05/29 19:10:54.0087 1188 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\System32\DRIVERS\ql1240.sys
2011/05/29 19:10:54.0538 1188 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\System32\DRIVERS\ql1280.sys
2011/05/29 19:10:55.0068 1188 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/05/29 19:10:55.0449 1188 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
2011/05/29 19:10:55.0820 1188 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/05/29 19:10:56.0200 1188 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/05/29 19:10:56.0551 1188 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/05/29 19:10:56.0891 1188 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/05/29 19:10:57.0292 1188 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/05/29 19:10:57.0772 1188 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/05/29 19:10:58.0213 1188 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/05/29 19:10:58.0604 1188 RimUsb (f17713d108aca124a139fde877eef68a) C:\WINDOWS\system32\Drivers\RimUsb.sys
2011/05/29 19:10:59.0244 1188 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
2011/05/29 19:10:59.0915 1188 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2011/05/29 19:11:00.0466 1188 RT73 (c7bcf9808e2a1b4cabe16ff7fbce5fab) C:\WINDOWS\system32\DRIVERS\rt73.sys
2011/05/29 19:11:01.0217 1188 s24trans (f8e1a385d08204a461e19cd9bca2b461) C:\WINDOWS\system32\DRIVERS\s24trans.sys
2011/05/29 19:11:01.0698 1188 S3SSavage (a94aa8161dd4711bc6f732f21d6407d6) C:\WINDOWS\system32\DRIVERS\s3ssavm.sys
2011/05/29 19:11:02.0389 1188 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/05/29 19:11:02.0749 1188 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/05/29 19:11:03.0280 1188 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/05/29 19:11:03.0671 1188 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/05/29 19:11:04.0031 1188 ShockMgr (482ddb9f0f6d88f0503910e1b9728042) C:\WINDOWS\system32\drivers\ShockMgr.sys
2011/05/29 19:11:04.0572 1188 Shockprf (3d593b089133f134f52d6de29b0d058b) C:\WINDOWS\system32\drivers\Shockprf.sys
2011/05/29 19:11:05.0604 1188 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\System32\DRIVERS\sisagp.sys
2011/05/29 19:11:06.0004 1188 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/05/29 19:11:06.0385 1188 Smapint (26341d0dd225d19fd50e0ee3c3c77502) C:\WINDOWS\system32\drivers\Smapint.sys
2011/05/29 19:11:07.0056 1188 smwdm (710a9684bf50e6fe7c227b9de41159da) C:\WINDOWS\system32\drivers\smwdm.sys
2011/05/29 19:11:07.0566 1188 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\System32\DRIVERS\sparrow.sys
2011/05/29 19:11:07.0937 1188 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/05/29 19:11:08.0448 1188 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/05/29 19:11:08.0998 1188 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/05/29 19:11:09.0659 1188 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys
2011/05/29 19:11:10.0300 1188 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
2011/05/29 19:11:10.0761 1188 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
2011/05/29 19:11:11.0352 1188 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/05/29 19:11:11.0742 1188 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/05/29 19:11:12.0113 1188 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/05/29 19:11:12.0483 1188 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\System32\DRIVERS\symc810.sys
2011/05/29 19:11:13.0074 1188 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\System32\DRIVERS\symc8xx.sys
2011/05/29 19:11:13.0635 1188 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\System32\DRIVERS\sym_hi.sys
2011/05/29 19:11:13.0986 1188 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\System32\DRIVERS\sym_u3.sys
2011/05/29 19:11:14.0707 1188 SynTP (9f21fcb5a5bbc7d730018f6b61f638cb) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/05/29 19:11:15.0328 1188 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/05/29 19:11:15.0938 1188 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/05/29 19:11:16.0389 1188 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/05/29 19:11:16.0720 1188 TDSMAPI (139b4d397d51cf60d6585597b1cf2f51) C:\WINDOWS\system32\drivers\TDSMAPI.SYS
2011/05/29 19:11:17.0310 1188 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/05/29 19:11:17.0691 1188 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/05/29 19:11:18.0061 1188 tfsnboio (1797f3375b4bf20e81d69ac8b11445b5) C:\WINDOWS\system32\dla\tfsnboio.sys
2011/05/29 19:11:18.0522 1188 tfsncofs (019ba601cb71a71143aed94f2db26250) C:\WINDOWS\system32\dla\tfsncofs.sys
2011/05/29 19:11:19.0023 1188 tfsndrct (87269d7fa6df7ef84b83bf5b0d2e031c) C:\WINDOWS\system32\dla\tfsndrct.sys
2011/05/29 19:11:19.0714 1188 tfsndres (c435768c370f35a5abf22bd6ca272014) C:\WINDOWS\system32\dla\tfsndres.sys
2011/05/29 19:11:20.0255 1188 tfsnifs (2a144ec7557efb9758d1c121688ebaf5) C:\WINDOWS\system32\dla\tfsnifs.sys
2011/05/29 19:11:20.0805 1188 tfsnopio (1aa2c61a846efbc200703e8dc250297f) C:\WINDOWS\system32\dla\tfsnopio.sys
2011/05/29 19:11:21.0446 1188 tfsnpool (b3b0b6616cae23ab1a4a5898ca6d5552) C:\WINDOWS\system32\dla\tfsnpool.sys
2011/05/29 19:11:21.0977 1188 tfsnudf (1614a1e396f296138d3fb1728f385e0b) C:\WINDOWS\system32\dla\tfsnudf.sys
2011/05/29 19:11:22.0548 1188 tfsnudfa (e5d5b8dde8c221fedc88680631294155) C:\WINDOWS\system32\dla\tfsnudfa.sys
2011/05/29 19:11:23.0289 1188 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\System32\DRIVERS\toside.sys
2011/05/29 19:11:23.0640 1188 Tp4Track (eef2d6e4ec9f24be67572c60f3778f8d) C:\WINDOWS\system32\DRIVERS\tp4track.sys
2011/05/29 19:11:24.0120 1188 TPHKDRV (a7c9656b3cac47a9f786aae88259d8b9) C:\WINDOWS\system32\drivers\TPHKDRV.sys
2011/05/29 19:11:24.0631 1188 TPPWR (dc5c49a5f38d377f7c9a99a5b0c4d1a0) C:\WINDOWS\system32\drivers\Tppwr.sys
2011/05/29 19:11:25.0232 1188 TSMAPIP (f2aba3066d7921d7fcdbd66dea88be11) C:\WINDOWS\system32\drivers\TSMAPIP.SYS
2011/05/29 19:11:25.0803 1188 TwoTrack (17687545f77a648af7f9f1064eb61191) C:\WINDOWS\system32\DRIVERS\TwoTrack.sys
2011/05/29 19:11:26.0323 1188 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/05/29 19:11:26.0674 1188 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\System32\DRIVERS\ultra.sys
2011/05/29 19:11:27.0465 1188 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/05/29 19:11:27.0946 1188 upperdev (0ccadc7391021376edbb8aa649d04e68) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
2011/05/29 19:11:28.0486 1188 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/05/29 19:11:29.0278 1188 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/05/29 19:11:29.0648 1188 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/05/29 19:11:29.0999 1188 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/05/29 19:11:30.0379 1188 USBHSB (1520d68da91748ba34ef00c57fa4ac5b) C:\WINDOWS\system32\Drivers\usbhsb.sys
2011/05/29 19:11:30.0890 1188 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/05/29 19:11:31.0351 1188 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/05/29 19:11:31.0791 1188 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/05/29 19:11:32.0282 1188 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys
2011/05/29 19:11:32.0632 1188 UsbserFilt (68b4f83cccf70a2ff32ee142c234332a) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
2011/05/29 19:11:33.0123 1188 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/05/29 19:11:33.0474 1188 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/05/29 19:11:33.0814 1188 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
2011/05/29 19:11:34.0185 1188 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/05/29 19:11:34.0535 1188 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\System32\DRIVERS\viaagp.sys
2011/05/29 19:11:34.0926 1188 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\System32\DRIVERS\viaide.sys
2011/05/29 19:11:35.0597 1188 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/05/29 19:11:37.0099 1188 w70n51 (c559ad65a908d1be718dc45664197413) C:\WINDOWS\system32\DRIVERS\w70n51.sys
2011/05/29 19:11:38.0491 1188 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/05/29 19:11:39.0042 1188 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
2011/05/29 19:11:40.0203 1188 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/05/29 19:11:40.0854 1188 winachsf (542a5f528a6cfebb4487b09538596d78) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/05/29 19:11:41.0896 1188 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/05/29 19:11:42.0276 1188 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/05/29 19:11:42.0727 1188 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/05/29 19:11:43.0508 1188 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/05/29 19:11:43.0748 1188 MBR (0x1B8) (127b52bd4b2d6588aaff86ea667b689a) \Device\Harddisk0\DR0
2011/05/29 19:11:43.0778 1188 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/05/29 19:11:43.0788 1188 ================================================================================
2011/05/29 19:11:43.0788 1188 Scan finished
2011/05/29 19:11:43.0788 1188 ================================================================================
2011/05/29 19:11:43.0829 5248 Detected object count: 1
2011/05/29 19:11:43.0829 5248 Actual detected object count: 1
2011/05/29 19:12:03.0216 5248 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/05/29 19:12:03.0216 5248 \Device\Harddisk0\DR0 - ok
2011/05/29 19:12:03.0216 5248 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure
nmcdonald1959
Active Member
 
Posts: 11
Joined: May 18th, 2011, 3:10 pm

Re: Virus that chnages start button turns toolbar white

Unread postby nmcdonald1959 » May 29th, 2011, 3:01 pm

OTL logfile created on: 29/05/2011 19:56:50 - Run 2
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\John P McDonald\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1022.91 Mb Total Physical Memory | 451.52 Mb Available Physical Memory | 44.14% Memory free
2.41 Gb Paging File | 1.67 Gb Available in Paging File | 69.63% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 32.54 Gb Total Space | 5.78 Gb Free Space | 17.76% Space Free | Partition Type: NTFS

Computer Name: IBM-A342C680B2F | User Name: John P McDonald | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/29 19:06:37 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John P McDonald\Desktop\OTL(2).exe
PRC - [2011/04/30 21:21:19 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/04/14 14:01:38 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2011/04/14 14:01:38 | 000,171,168 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2011/04/14 14:01:38 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
PRC - [2011/04/05 11:50:44 | 001,195,408 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2011/04/05 11:50:44 | 001,159,888 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\MSC\mcupdmgr.exe
PRC - [2011/02/16 15:49:08 | 000,088,176 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2010/07/20 11:45:24 | 001,531,904 | ---- | M] (Nokia) -- C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
PRC - [2010/06/22 14:22:52 | 000,138,752 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2010/06/14 15:07:14 | 000,615,936 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2010/03/10 15:10:40 | 000,439,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\MSC\McUICnt.exe
PRC - [2010/03/10 14:41:24 | 000,180,888 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSM\McSmtFwk.exe
PRC - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
PRC - [2009/10/27 10:15:02 | 000,120,832 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2009/10/27 10:13:44 | 000,090,112 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe
PRC - [2009/09/14 17:56:46 | 001,584,640 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
PRC - [2009/09/14 17:56:46 | 001,069,568 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe
PRC - [2009/06/25 15:12:42 | 001,414,144 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
PRC - [2009/04/07 10:13:10 | 000,673,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe
PRC - [2008/04/14 01:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/11 01:45:04 | 000,124,832 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
PRC - [2006/09/11 04:40:30 | 000,992,176 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
PRC - [2004/11/09 11:53:00 | 000,712,704 | ---- | M] (IBM Corp.) -- C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
PRC - [2004/11/09 11:53:00 | 000,081,920 | ---- | M] (IBM Corp.) -- C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
PRC - [2004/11/09 11:53:00 | 000,073,728 | ---- | M] (IBM Corp.) -- C:\WINDOWS\system32\QCONSVC.EXE
PRC - [2004/09/06 10:05:00 | 000,303,171 | ---- | M] (Intel Corporation ) -- C:\WINDOWS\system32\S24EvMon.exe
PRC - [2004/09/06 10:03:28 | 000,122,880 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\RegSrvc.exe
PRC - [2004/08/17 20:06:20 | 000,094,208 | ---- | M] () -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
PRC - [2004/07/22 10:01:00 | 000,442,368 | ---- | M] (IBM) -- C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
PRC - [2004/07/16 05:51:14 | 000,077,824 | ---- | M] () -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
PRC - [2004/06/16 18:53:34 | 000,110,592 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2004/03/19 21:21:10 | 000,339,968 | ---- | M] () -- C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
PRC - [2004/03/19 20:12:10 | 000,090,112 | ---- | M] (IBM Corp.) -- C:\IBMTOOLS\utils\ibmprc.exe
PRC - [2003/08/22 10:01:00 | 000,225,280 | ---- | M] (IBM Corporation) -- C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.exe
PRC - [2003/07/12 02:19:22 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe
PRC - [2002/01/10 23:01:34 | 000,065,536 | ---- | M] (IBM Corporation) -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe


========== Modules (SafeList) ==========

MOD - [2011/05/29 19:06:37 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John P McDonald\Desktop\OTL(2).exe
MOD - [2011/04/08 16:56:28 | 000,018,176 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2010/08/23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/09/14 17:56:44 | 000,198,656 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Common Files\Motive\McciContextHook_DSR.dll
MOD - [2004/06/16 18:53:26 | 000,065,536 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (RoxLiveShare9)
SRV - File not found [On_Demand | Stopped] -- -- (PsaSrv)
SRV - [2011/04/14 14:01:38 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2011/04/14 14:01:38 | 000,171,168 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011/04/14 14:01:38 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2011/02/16 15:49:08 | 000,088,176 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/10/07 20:34:28 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/06/14 15:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2009/02/16 22:42:41 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/04/14 01:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2008/04/14 01:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)
SRV - [2008/04/14 01:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2007/09/11 01:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
SRV - [2004/11/09 11:53:00 | 000,073,728 | ---- | M] (IBM Corp.) [Auto | Running] -- C:\WINDOWS\system32\QCONSVC.EXE -- (QCONSVC)
SRV - [2004/09/06 10:05:00 | 000,303,171 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\WINDOWS\system32\S24EvMon.exe -- (S24EventMonitor)
SRV - [2004/09/06 10:03:28 | 000,122,880 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\WINDOWS\system32\RegSrvc.exe -- (RegSrvc)
SRV - [2004/03/19 21:21:10 | 000,339,968 | ---- | M] () [Auto | Running] -- C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe -- (IBM Rapid Restore Ultra Service)
SRV - [2003/07/12 02:19:22 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\TpKmpSvc.exe -- (TpKmpSVC)


========== Driver Services (SafeList) ==========

DRV - [2011/05/28 18:04:17 | 000,004,474 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\GATHER.KM -- (EGATHDRV)
DRV - [2011/04/14 14:01:38 | 000,387,480 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2011/04/14 14:01:38 | 000,314,088 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2011/04/14 14:01:38 | 000,153,280 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2011/04/14 14:01:38 | 000,095,824 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2011/04/14 14:01:38 | 000,088,736 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2011/04/14 14:01:38 | 000,088,736 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2011/04/14 14:01:38 | 000,084,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2011/04/14 14:01:38 | 000,084,200 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2011/04/14 14:01:38 | 000,056,064 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2011/04/14 14:01:38 | 000,052,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/02/26 14:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010/02/26 14:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010/02/26 14:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010/02/26 14:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009/12/07 12:50:48 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/12/07 12:50:46 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/02/17 13:19:00 | 000,057,672 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2009/02/17 13:17:00 | 000,072,520 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/07/26 15:26:22 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/07/26 15:22:34 | 002,570,520 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2008/01/15 13:50:52 | 000,459,520 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2007/11/06 15:40:18 | 000,340,480 | R--- | M] (BEHRINGER) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BUSB2902.sys -- (BEHRINGER_2902)
DRV - [2007/05/21 03:45:12 | 000,013,312 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2005/03/01 15:00:00 | 000,371,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcmwl5.sys -- (BCM43XX)
DRV - [2004/11/09 11:53:00 | 000,012,288 | ---- | M] (IBM Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\qcndisif.sys -- (QCNDISIF)
DRV - [2004/11/09 11:53:00 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)
DRV - [2004/11/09 11:53:00 | 000,002,432 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.SYS -- (IBMTPCHK)
DRV - [2004/10/19 10:03:12 | 000,018,690 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\usbhsb.sys -- (USBHSB)
DRV - [2004/09/24 01:39:58 | 000,064,256 | ---- | M] (IBM) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ibmfilter.sys -- (ibmfilter)
DRV - [2004/08/25 21:28:46 | 000,787,456 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/08/04 06:41:36 | 000,606,684 | ---- | M] (LT) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2004/07/29 16:11:18 | 002,484,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w70n51.sys -- (w70n51) Intel(R)
DRV - [2004/07/29 09:37:00 | 000,016,384 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWR.SYS -- (TPPWR)
DRV - [2004/07/29 09:36:00 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SMAPINT.SYS -- (Smapint)
DRV - [2004/07/29 09:36:00 | 000,009,341 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS -- (TDSMAPI)
DRV - [2004/07/22 23:25:58 | 000,197,888 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2004/07/22 23:24:52 | 000,676,096 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/07/22 23:24:20 | 001,041,152 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/07/15 10:31:00 | 000,007,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2004/06/09 18:12:48 | 000,010,970 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2001/11/01 11:57:14 | 000,095,104 | ---- | M] (S3 Graphics, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3ssavm.sys -- (S3SSavage)
DRV - [2001/08/17 21:48:14 | 000,011,520 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TwoTrack.sys -- (TwoTrack)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-639836632-2406333127-758162611-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-639836632-2406333127-758162611-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-639836632-2406333127-758162611-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/web?o=13110&l=dis
IE - HKU\S-1-5-21-639836632-2406333127-758162611-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-639836632-2406333127-758162611-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.order.2: "Google"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "https://login.yahoo.com/config/login_verify2?.intl=uk&.partner=bt-1&.done=http%3a//bt.yahoo.com/%3f"
FF - prefs.js..extensions.enabledItems: updater@foxstart.com:1.1.3
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.3.42
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2008/11/28 12:05:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009/08/13 08:30:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010/09/06 20:11:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/05/26 11:08:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/16 21:16:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/21 10:10:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010/09/06 20:11:13 | 000,000,000 | ---D | M]

[2009/06/21 11:37:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\John P McDonald\Application Data\Mozilla\Extensions
[2009/04/02 21:49:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\John P McDonald\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2011/05/29 09:50:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\John P McDonald\Application Data\Mozilla\Firefox\Profiles\n1j1jeoo.default\extensions
[2009/09/03 07:57:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\John P McDonald\Application Data\Mozilla\Firefox\Profiles\n1j1jeoo.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/02 15:01:59 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\John P McDonald\Application Data\Mozilla\Firefox\Profiles\n1j1jeoo.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/05/29 09:50:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008/02/09 10:28:57 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/06/21 11:37:30 | 000,000,000 | ---D | M] ("Update Service") -- C:\Program Files\Mozilla Firefox\extensions\updater@foxstart.com
[2011/05/26 11:08:41 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2010/09/06 20:11:08 | 000,000,000 | ---D | M] (Firefox Synchronisation Extension) -- C:\PROGRAM FILES\NOKIA\NOKIA OVI SUITE\CONNECTORS\BOOKMARKS CONNECTOR\FIREFOXEXTENSION
[2009/09/06 12:58:42 | 000,210,944 | ---- | M] () -- C:\Program Files\Mozilla Firefox\components\rpff.dll
[2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/04/30 21:21:36 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2011/04/30 21:21:36 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2011/04/30 21:21:37 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2009/06/14 22:08:26 | 000,002,013 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\foxstart.xml
[2011/04/30 21:21:37 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/05/28 19:21:25 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110516211631.dll (McAfee, Inc.)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-639836632-2406333127-758162611-1005\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-639836632-2406333127-758162611-1005\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-A1FB-F862B587B57D} - No CLSID value found.
O3 - HKU\S-1-5-21-639836632-2406333127-758162611-1005\..\Toolbar\WebBrowser: (no name) - {E97B5F2E-CA8E-4D34-BDA3-44EEC4ED2B12} - No CLSID value found.
O3 - HKU\S-1-5-21-639836632-2406333127-758162611-1005\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [BMMGAG] C:\Program Files\ThinkPad\Utilities\PWRMONIT.DLL (IBM Corp.)
O4 - HKLM..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE ()
O4 - HKLM..\Run: [BMMMONWND] C:\Program Files\ThinkPad\Utilities\BATINFEX.DLL ()
O4 - HKLM..\Run: [btbb_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe ()
O4 - HKLM..\Run: [IBMPRC] C:\IBMTOOLS\utils\ibmprc.exe (IBM Corp.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE (IBM Corp.)
O4 - HKLM..\Run: [S3TRAY2] C:\WINDOWS\System32\S3Tray2.exe (S3 Graphics, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TP4EX] C:\WINDOWS\System32\TP4EX.exe (IBM Corporation)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe ()
O4 - HKLM..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe (IBM Corp.)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKU\S-1-5-21-639836632-2406333127-758162611-1005..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe (IBM)
O4 - HKU\S-1-5-21-639836632-2406333127-758162611-1005..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-639836632-2406333127-758162611-1005\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-639836632-2406333127-758162611-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-639836632-2406333127-758162611-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-639836632-2406333127-758162611-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/1.4 ... 41-win.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll ()
O20 - Winlogon\Notify\QConGina: DllName - QConGina.dll - C:\WINDOWS\System32\QConGina.dll (IBM Corp.)
O24 - Desktop WallPaper: C:\Documents and Settings\John P McDonald\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\John P McDonald\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/05/27 03:21:45 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/29 19:08:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John P McDonald\Desktop\tdsskiller
[2011/05/29 19:07:46 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/05/29 19:06:37 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\John P McDonald\Desktop\OTL(2).exe
[2011/05/29 09:31:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2011/05/28 19:43:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/05/28 17:49:44 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/05/28 17:36:59 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/05/28 17:36:59 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/05/28 17:36:59 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/05/28 17:36:59 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/05/28 17:35:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/05/28 17:32:55 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/28 17:32:46 | 000,000,000 | R--D | C] -- C:\Documents and Settings\John P McDonald\Start Menu\Programs\Administrative Tools
[2011/05/28 17:29:08 | 004,296,757 | R--- | C] (Swearware) -- C:\Documents and Settings\John P McDonald\Desktop\ComboFix.exe
[2011/05/18 20:04:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John P McDonald\Start Menu\Programs\HiJackThis
[2011/05/18 20:04:19 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/05/16 21:13:52 | 000,387,480 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys
[2011/05/07 08:53:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2011/05/06 07:48:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2011/05/05 20:14:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/05/03 05:19:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/05/02 16:25:55 | 007,734,240 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\John P McDonald\Desktop\mbam-setup.exe
[2007/05/21 01:17:05 | 000,151,552 | ---- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[20 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/29 19:06:37 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John P McDonald\Desktop\OTL(2).exe
[2011/05/29 19:05:59 | 001,301,452 | ---- | M] () -- C:\Documents and Settings\John P McDonald\Desktop\tdsskiller.zip
[2011/05/29 09:32:07 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/29 09:31:51 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2011/05/29 09:30:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/29 09:30:39 | 1072,664,576 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/28 19:21:25 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/05/28 18:04:17 | 000,004,474 | ---- | M] () -- C:\WINDOWS\GATHER.KM
[2011/05/28 17:49:54 | 000,000,310 | RHS- | M] () -- C:\BOOT.INI
[2011/05/28 17:35:50 | 004,296,757 | R--- | M] (Swearware) -- C:\Documents and Settings\John P McDonald\Desktop\ComboFix.exe
[2011/05/18 20:32:44 | 000,177,077 | ---- | M] () -- C:\Documents and Settings\John P McDonald\Desktop\screenshot.jpg
[2011/05/18 20:04:52 | 000,002,467 | ---- | M] () -- C:\Documents and Settings\John P McDonald\Desktop\HiJackThis.lnk
[2011/05/07 08:53:52 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/06 16:25:04 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\Epson Printer Software Downloader.job
[2011/05/02 18:55:35 | 001,006,778 | ---- | M] () -- C:\Documents and Settings\John P McDonald\Desktop\iExplore.exe
[2011/05/02 17:07:37 | 000,000,134 | ---- | M] () -- C:\Documents and Settings\John P McDonald\Desktop\hosts-perm.bat
[2011/05/02 16:27:00 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/02 16:24:28 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\John P McDonald\Desktop\mbam-setup.exe
[2011/05/02 16:16:14 | 000,000,275 | ---- | M] () -- C:\Documents and Settings\John P McDonald\Desktop\Shortcut to iExplore.lnk
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[20 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/29 19:05:52 | 001,301,452 | ---- | C] () -- C:\Documents and Settings\John P McDonald\Desktop\tdsskiller.zip
[2011/05/28 17:49:54 | 000,000,194 | ---- | C] () -- C:\Boot.bak
[2011/05/28 17:49:48 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/05/28 17:36:59 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/05/28 17:36:59 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/05/28 17:36:59 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/05/28 17:36:59 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/05/28 17:36:59 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/05/18 20:32:44 | 000,177,077 | ---- | C] () -- C:\Documents and Settings\John P McDonald\Desktop\screenshot.jpg
[2011/05/18 20:04:21 | 000,002,467 | ---- | C] () -- C:\Documents and Settings\John P McDonald\Desktop\HiJackThis.lnk
[2011/05/09 14:01:53 | 1072,664,576 | -HS- | C] () -- C:\hiberfil.sys
[2011/05/02 19:28:25 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\John P McDonald\Desktop\hosts-perm.bat
[2011/05/02 18:59:20 | 001,006,778 | ---- | C] () -- C:\Documents and Settings\John P McDonald\Desktop\iExplore.exe
[2011/05/02 16:27:00 | 000,000,795 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/02 16:16:14 | 000,000,275 | ---- | C] () -- C:\Documents and Settings\John P McDonald\Desktop\Shortcut to iExplore.lnk
[2011/04/27 18:32:00 | 000,000,102 | ---- | C] () -- C:\WINDOWS\boxworld.ini
[2010/12/19 14:40:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2010/12/01 17:11:57 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2010/12/01 17:11:57 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2010/12/01 17:11:57 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2010/12/01 17:11:57 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2010/12/01 17:11:57 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2010/12/01 17:11:57 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2010/12/01 17:11:57 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2010/12/01 17:11:57 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2010/12/01 17:11:57 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2010/12/01 17:11:57 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2010/12/01 17:11:57 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2010/12/01 17:11:57 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2010/12/01 17:11:57 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2010/12/01 17:11:57 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2010/12/01 17:11:56 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2010/12/01 17:11:56 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2010/12/01 16:52:41 | 000,002,272 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/08/24 18:33:06 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/06/13 21:22:43 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\AVERM.dll
[2010/06/13 21:22:42 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\AVEQT.dll
[2010/04/14 19:45:05 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\wltrysvc.exe
[2010/04/14 19:45:04 | 000,003,084 | ---- | C] () -- C:\WINDOWS\System32\bcmwlhom.ini
[2010/04/14 19:45:02 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe
[2010/04/14 19:44:59 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\AegisI2.exe
[2010/03/31 20:41:26 | 000,000,051 | ---- | C] () -- C:\WINDOWS\winlemm.ini
[2009/10/18 13:21:29 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\msvcsv60.dll
[2009/10/18 13:21:29 | 000,000,016 | ---- | C] () -- C:\WINDOWS\msocreg32.dat
[2009/10/01 18:52:14 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2009/09/11 08:20:52 | 000,027,568 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/07/17 19:50:43 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\$_hpcst$.hpc
[2009/06/21 11:37:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/06/15 19:51:42 | 000,000,138 | ---- | C] () -- C:\Documents and Settings\John P McDonald\Local Settings\Application Data\fusioncache.dat
[2009/04/16 21:04:22 | 000,044,032 | ---- | C] () -- C:\Documents and Settings\John P McDonald\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/31 17:12:24 | 000,018,690 | ---- | C] () -- C:\WINDOWS\System32\drivers\usbhsb.sys
[2009/02/18 21:31:38 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2009/02/05 12:16:32 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/02/01 15:04:54 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\John P McDonald\Application Data\$_hpcst$.hpc
[2009/01/30 18:14:17 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2008/10/04 14:01:48 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2008/10/04 14:01:47 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2008/10/04 14:01:01 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2008/10/04 14:01:01 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2008/10/04 14:00:59 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2008/10/04 14:00:58 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008/07/26 14:42:52 | 000,066,482 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2007/08/25 10:43:39 | 000,000,503 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2007/08/25 10:43:39 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2007/08/25 10:43:39 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2007/08/25 10:37:07 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\bridf05a.dat
[2007/08/25 10:35:13 | 000,027,019 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2007/08/14 16:27:09 | 000,122,448 | ---- | C] () -- C:\WINDOWS\Uninstall_Livebox.EXE
[2007/08/10 20:24:15 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\instlsp.exe
[2007/05/28 17:38:44 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2007/05/28 17:38:44 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2007/05/28 17:38:44 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2007/05/28 17:36:35 | 000,000,027 | ---- | C] () -- C:\WINDOWS\CDE CX3600E.ini
[2007/05/27 04:55:14 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\IYVU9_32.DLL
[2007/05/27 04:33:12 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/05/27 03:51:17 | 000,103,024 | ---- | C] () -- C:\WINDOWS\Unwise.exe
[2007/05/27 03:46:19 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2007/05/21 03:50:43 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/05/21 03:49:55 | 000,184,320 | ---- | C] () -- C:\WINDOWS\TPBATHLP.EXE
[2007/05/21 03:49:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2007/05/21 03:48:29 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2007/05/21 03:48:29 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2007/05/21 03:47:51 | 000,002,432 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.SYS
[2007/05/21 03:45:30 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\drivers\psasrv.exe
[2007/05/21 03:41:57 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2007/05/21 03:41:57 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2007/05/21 03:41:57 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2007/05/21 03:41:57 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2007/05/21 03:41:57 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2007/05/21 03:41:57 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2007/05/21 03:40:42 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/05/21 03:33:23 | 000,110,592 | ---- | C] () -- C:\WINDOWS\_tpiu000.exe
[2007/05/21 03:33:13 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\FPCALL.dll
[2007/05/21 03:32:23 | 000,009,341 | ---- | C] () -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS
[2007/05/21 03:30:24 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\TpKmpSvc.exe
[2007/05/21 02:13:54 | 000,002,481 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2007/05/21 01:17:05 | 000,389,120 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe
[2007/05/21 01:17:05 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2004/11/09 01:12:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/09/06 10:13:30 | 000,045,124 | ---- | C] () -- C:\WINDOWS\System32\LsaWrApi.dll
[2004/09/06 10:04:12 | 000,225,349 | ---- | C] () -- C:\WINDOWS\System32\C1XStngs.dll
[2004/08/02 22:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/03/19 20:12:10 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\pwdmon.dll
[2004/03/19 20:12:10 | 000,019,692 | ---- | C] () -- C:\WINDOWS\ibmprc.ini
[2004/01/09 14:10:32 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\AIBMRUNL.dll
[2003/11/13 11:12:00 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\tp4uires.dll
[2003/11/13 11:12:00 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\tp4unins.exe
[2003/11/13 11:12:00 | 000,005,600 | ---- | C] () -- C:\WINDOWS\System32\tp4table.dat
[2003/02/20 17:32:29 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/02/20 17:18:57 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2003/02/20 17:09:47 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2003/02/20 17:03:32 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/02/20 17:02:39 | 000,162,728 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2002/12/02 22:57:00 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2002/12/02 22:57:00 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2002/03/04 10:16:34 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
[2002/01/10 02:38:20 | 000,106,496 | ---- | C] () -- C:\WINDOWS\desktopset.exe
[2001/08/23 15:26:08 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2001/08/23 15:24:30 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT
[1999/01/22 19:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1980/01/01 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[1980/01/01 08:00:00 | 000,492,864 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[1980/01/01 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[1980/01/01 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[1980/01/01 08:00:00 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\e1000msg.dll
[1980/01/01 08:00:00 | 000,089,882 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[1980/01/01 08:00:00 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[1980/01/01 08:00:00 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ibmpmsvc.exe
[1980/01/01 08:00:00 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\tpinspm.dll
[1980/01/01 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[1980/01/01 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[1980/01/01 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[1980/01/01 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2010/12/01 17:29:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2009/03/03 22:16:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2007/06/05 00:31:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IBM
[2010/03/05 12:50:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2010/06/25 17:06:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2010/10/30 15:05:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kontiki
[2009/11/15 15:15:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2010/03/05 13:00:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2010/09/06 19:59:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache
[2010/03/05 12:09:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/11/21 15:53:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2007/09/09 19:05:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2009/02/17 20:34:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2009/02/19 21:59:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2010/12/01 17:24:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2010/04/13 21:48:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/10 10:41:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/06/02 17:59:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/02/26 22:41:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John P McDonald\Application Data\Amazon
[2010/02/28 18:05:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John P McDonald\Application Data\Anuman Interactive
[2009/12/28 20:29:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John P McDonald\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2010/12/02 14:52:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John P McDonald\Application Data\Blackberry Desktop
[2009/09/08 15:48:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John P McDonald\Application Data\Blitware
[2011/05/18 18:40:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John P McDonald\Application Data\Epson
[2009/10/08 20:02:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John P McDonald\Application Data\GARMIN
[2009/12/30 13:20:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John P McDonald\Application Data\HandBrake
[2007/05/27 03:30:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John P McDonald\Application Data\IBM
[2008/08/16 13:50:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John P McDonald\Application Data\InterVideo
[2010/06/25 17:06:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John P McDonald\Application Data\Juniper Networks
[2009/06/04 16:37:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John P McDonald\Application Data\Leadertech
[2009/11/11 20:20:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John P McDonald\Application Data\MP3Rocket
[2009/11/15 15:15:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John P McDonald\Application Data\NCH Swift Sound
[2010/09/06 22:34:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John P McDonald\Application Data\Nokia
[2010/09/06 22:34:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John P McDonald\Application Data\Nokia Ovi Suite
[2009/03/07 14:16:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John P McDonald\Application Data\PC Suite
[2010/11/29 20:49:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John P McDonald\Application Data\Research In Motion
[2007/09/09 19:18:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John P McDonald\Application Data\ScanSoft
[2009/11/11 20:28:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John P McDonald\Application Data\Softplicity
[2011/05/21 16:51:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John P McDonald\Application Data\Spotify
[2010/01/31 13:41:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John P McDonald\Application Data\uTorrent
[2009/09/21 12:01:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2008/10/06 14:05:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\SACore
[2007/05/21 03:50:02 | 000,000,314 | ---- | M] () -- C:\WINDOWS\Tasks\BMMTask.job
[2011/05/06 16:25:04 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\Epson Printer Software Downloader.job
[2011/05/29 09:31:51 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John P McDonald\My Documents\ScottishStarTrek.avi:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John P McDonald\My Documents\getvideo.wmv:Roxio EMC Stream

< End of report >
nmcdonald1959
Active Member
 
Posts: 11
Joined: May 18th, 2011, 3:10 pm

Re: Virus that chnages start button turns toolbar white

Unread postby nmcdonald1959 » May 29th, 2011, 3:01 pm

OTL Extras logfile created on: 29/05/2011 19:56:50 - Run 2
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\John P McDonald\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1022.91 Mb Total Physical Memory | 451.52 Mb Available Physical Memory | 44.14% Memory free
2.41 Gb Paging File | 1.67 Gb Available in Paging File | 69.63% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 32.54 Gb Total Space | 5.78 Gb Free Space | 17.76% Space Free | Partition Type: NTFS

Computer Name: IBM-A342C680B2F | User Name: John P McDonald | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-639836632-2406333127-758162611-1005\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"4481:TCP" = 4481:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software music sync service data transfer
"4481:UDP" = 4481:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software music sync service discovery
"4482:TCP" = 4482:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software music sync service data transfer
"4482:UDP" = 4482:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software music sync service discovery

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\IBM\Updater\jre\bin\java.exe" = C:\Program Files\IBM\Updater\jre\bin\java.exe:*:Enabled:IBM Update Connector -- (IBM)
"C:\Program Files\IBM\Updater\jre\bin\javaw.exe" = C:\Program Files\IBM\Updater\jre\bin\javaw.exe:*:Enabled:IBM Update Connector -- (IBM)
"C:\Program Files\IBM\Updater\ucsmb.exe" = C:\Program Files\IBM\Updater\ucsmb.exe:*:Enabled:IBM Update Connector -- (IBM Corporation, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\IBM\Updater\jre\bin\java.exe" = C:\Program Files\IBM\Updater\jre\bin\java.exe:*:Enabled:IBM Update Connector -- (IBM)
"C:\Program Files\IBM\Updater\jre\bin\javaw.exe" = C:\Program Files\IBM\Updater\jre\bin\javaw.exe:*:Enabled:IBM Update Connector -- (IBM)
"C:\Program Files\IBM\Updater\ucsmb.exe" = C:\Program Files\IBM\Updater\ucsmb.exe:*:Enabled:IBM Update Connector -- (IBM Corporation, Inc.)
"C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe" = C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process -- (Nokia Corporation)
"C:\Program Files\Spotify\spotify.exe" = C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd)
"C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" = C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe:*:Enabled:Nokia Ovi Suite 2 -- (Nokia)
"C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe" = C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe:*:Enabled:BlackBerry Desktop Software -- (Research In Motion)
"C:\Program Files\Epson Software\Event Manager\EEventManager.exe" = C:\Program Files\Epson Software\Event Manager\EEventManager.exe:*:Enabled:EEventManager Application -- (SEIKO EPSON CORPORATION)
"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.)
"C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe" = C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe:*:Enabled:BT Broadband Desktop Help -- (Alcatel-Lucent)
"C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" = C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe:*:Enabled:BT Broadband Desktop Help Notifier -- (Alcatel-Lucent)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{1007F41F-7D69-468E-8017-3849A5A973C2}" = IBM ThinkVantage Technologies Welcome Message
"{11783F13-C3A9-44A8-929B-21A476F65272}" = IBM Rescue and Recovery with Rapid Restore
"{11D3D948-2789-2E3D-03D7-282B537D8C01}" = BBC iPlayer Desktop
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = IBM DLA
"{1AFAE2EB-BC93-4B28-9C7C-004BBF974E3C}" = BT Voyager 1065 Wireless Utility
"{1F7CCFA3-D926-4882-B2A5-A0217ED25597}" = PC-Doctor for Windows
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2111B23F-7FDA-4A41-8309-E5A1663CA296}" = IBM ThinkPad Keyboard Customizer Utility
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{22B71A00-4DED-11D4-A5E5-0004AC564F43}" = IBM Access Connections
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23C12370-3A82-4558-B727-F345B473AD87}" = BlackBerry Device Software Updater
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3AB16E9C-C582-4BF0-A76C-37B18ED78B72}" = ProScan
"{3D39E775-DDDA-4327-B747-0BDC5F191331}" = Nokia PC Suite
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{45DF6D99-666D-41FA-8D62-0E183B6240F3}" = PC Connectivity Solution
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{625386A4-B6B6-4911-A6E8-23189C3F2D15}" = Microsoft .NET Compact Framework 2.0
"{67D7BC74-E8DF-4811-9B41-6023A8C9BB3F}" = Intel(R) Sebring API
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A69D94E-C569-4154-9643-72E94D1DDFDA}" = XPS Essentials Pack
"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari
"{6C72E14A-C1F3-45E5-8810-83CE3C19ED63}" = IBM 32-bit Runtime Environment for Java 2, v1.4.1
"{6CE96A14-61E2-48CC-837E-22710A953ADE}" = IBM Themes
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{71C97545-E547-4A8B-B0C8-61FF853270AC}" = PaperPort
"{72806716-7088-41B2-8FA6-717A2A164DAB}" = IBM Active Protection System
"{749A1EDD-16C2-4C63-B013-D38F0F953973}" = OviMPlatform
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7C5B4583-7CBF-4289-B195-03B553959DEA}" = VoiceOver Kit
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{8112C6B3-91E1-4560-8AB9-876DADFA37C5}" = Ovi Desktop Sync Engine
"{82512BC9-BD5D-4C50-BE4D-B98E7DF78687}" = IBM ThinkPad UltraNav Wizard
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}" = Epson Easy Photo Print 2
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D815BF3-2399-459C-B121-49373FEFB9E8}" = IBM Update Connector
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = IBM RecordNow!
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{AC0524AC-EED5-42D4-BE88-FB15E1879C7B}" = Mirar
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF4434001}" = Epson Printer Software Downloader
"{B8B4446F-87E1-4423-A47A-16832C24A199}" = Nokia Ovi Suite
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}" = BlackBerry Desktop Software 6.0
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7
"{E59219D4-23B8-11D3-A179-00C04F6C9FA4}" = Microsoft Word Supplemental Templates and Wizards
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EA4FA30B-7321-4428-90E9-28B088EC8DC9}" = Runtime 8.0 Libraries
"{EA664480-3844-11D5-8C25-444553540000}" = IBM TrackPoint Accessibility Features
"{EC6AF20D-4376-4070-BEE4-D3A0DFF7E140}" = Access IBM
"{EE5B5B24-EEFC-4C8B-BF8B-256D705BAD89}" = Nokia Ovi Suite Software Updater
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1FDAA01-988C-423F-AC12-0D8F333943FD}" = Nokia Connectivity Cable Driver
"{F386C340-DF4B-4BBA-9503-420FB7EDB395}" = Wallpapers
"{F413B3A4-EE5D-457C-BAE5-6E58D9589ED5}" = Access IBM Message Center
"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
"{F73BCCF8-1DCE-4C5B-B8B7-18E16E248526}" = Mirar
"{F9AFCCA5-BD15-4579-AC89-CF092F745EA3}" = BT Broadband Anywhere S620 Update Wizard
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"2DC0AA065FA83047D7ECD51C7000C1620D79A4C5" = Windows Driver Package - FTDI CDM Driver Package (02/17/2009 2.04.16)
"3D Dream House Designer" = 3D Dream House Designer
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"51A4D522DD31538335EF5736F0E7F588C70BCB12" = Windows Driver Package - FTDI CDM Driver Package (02/17/2009 2.04.16)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
"All ATI Software" = ATI - Software Uninstall Utility
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.9
"ATI Display Driver" = ATI Display Driver
"BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1" = BBC iPlayer Desktop
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.0
"BT Broadband Desktop Help" = BT Broadband Desktop Help
"BT Yahoo! Applications" = BT Yahoo! Applications
"cayahooantispy" = CA Yahoo! Anti-Spy (remove only)
"CNXT_MODEM_PCI_VEN_8086&DEV_24C6&SUBSYS_05591014" = IBM Integrated 56K Modem
"DVD Decrypter" = DVD Decrypter (Remove Only)
"E8A6D621B6D3FC5D43C68C549D959DE76EEF5D84" = Windows Driver Package - Nokia Modem (06/01/2009 4.1)
"EasyEject Utility" = IBM ThinkPad EasyEject Utility
"energyXT2_is1" = energyXT2.07
"Epson Printer Software Downloader" = Epson Printer Software Downloader
"EPSON Scanner" = EPSON Scan
"Epson Stylus SX510W_TX550W User’s Guide" = Epson Stylus SX510W_TX550W Manual
"EPSON SX510W Series" = EPSON SX510W Series Printer Uninstall
"F779F5541ABD99C95C03B0FD5E3C058B22DA0FF7" = Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.3)
"Free CD to MP3 Converter" = Free CD to MP3 Converter
"Handbrake" = Handbrake 0.9.4
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{6C72E14A-C1F3-45E5-8810-83CE3C19ED63}" = IBM 32-bit Runtime Environment for Java 2, v1.4.1
"IPIX ActiveX Viewer" = IPIX ActiveX Viewer
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17)
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Native Instruments AC Box Combo" = Native Instruments AC Box Combo
"Native Instruments Service Center" = Native Instruments Service Center
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia Ovi Suite" = Nokia Ovi Suite
"Nokia PC Suite" = Nokia PC Suite
"Power Features" = IBM ThinkPad Battery MaxiMiser and Power Management Features
"Power Management Driver" = IBM ThinkPad Power Management Driver
"Presentation Director" = IBM ThinkPad Presentation Director
"ProScan" = ProScan 5.8
"PROSet" = Intel(R) PRO Network Adapters and Drivers
"ScanTool.net for Windows" = ScanTool.net for Windows v1.20
"Spotify" = Spotify
"SynTPDeinstKey" = IBM ThinkPad UltraNav Driver
"ThinkPad Configuration" = IBM ThinkPad Configuration
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"ThinkPadSoftwareInstaller" = ThinkPad Software Installer
"TrackPoint" = IBM TrackPoint Support
"Ultra Video Joiner_is1" = Ultra Video Joiner 4.7.1127
"USB_AUDIO_DEusb-audio.deBehringer2902" = BEHRINGER USB AUDIO DRIVER
"WavePad" = WavePad Sound Editor
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9
"XpsEP" = XPS Essentials Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-639836632-2406333127-758162611-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 28/05/2011 12:18:26 | Computer Name = IBM-A342C680B2F | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 28/05/2011 12:18:26 | Computer Name = IBM-A342C680B2F | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5901456

Error - 28/05/2011 12:18:26 | Computer Name = IBM-A342C680B2F | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5901456

Error - 28/05/2011 12:18:39 | Computer Name = IBM-A342C680B2F | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 28/05/2011 12:18:39 | Computer Name = IBM-A342C680B2F | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5914384

Error - 28/05/2011 12:18:39 | Computer Name = IBM-A342C680B2F | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5914384

Error - 28/05/2011 13:07:51 | Computer Name = IBM-A342C680B2F | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x001a6f64.

Error - 28/05/2011 13:38:57 | Computer Name = IBM-A342C680B2F | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x001a6f64.

Error - 28/05/2011 14:31:54 | Computer Name = IBM-A342C680B2F | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x001a6f64.

Error - 29/05/2011 04:41:34 | Computer Name = IBM-A342C680B2F | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x001a6f64.

[ System Events ]
Error - 28/05/2011 14:30:09 | Computer Name = IBM-A342C680B2F | Source = DCOM | ID = 10010
Description = The server {209500FC-6B45-4693-8871-6296C4843751} did not register
with DCOM within the required timeout.

Error - 28/05/2011 14:30:50 | Computer Name = IBM-A342C680B2F | Source = DCOM | ID = 10010
Description = The server {209500FC-6B45-4693-8871-6296C4843751} did not register
with DCOM within the required timeout.

Error - 28/05/2011 14:32:09 | Computer Name = IBM-A342C680B2F | Source = DCOM | ID = 10010
Description = The server {209500FC-6B45-4693-8871-6296C4843751} did not register
with DCOM within the required timeout.

Error - 28/05/2011 14:37:19 | Computer Name = IBM-A342C680B2F | Source = Service Control Manager | ID = 7016
Description = The BrSplService service has reported an invalid current state 0.

Error - 29/05/2011 04:31:20 | Computer Name = IBM-A342C680B2F | Source = Service Control Manager | ID = 7000
Description = The GeneLink File Transfer Driver service failed to start due to the
following error: %%1058

Error - 29/05/2011 04:31:20 | Computer Name = IBM-A342C680B2F | Source = Service Control Manager | ID = 7023
Description = The IPSEC Services service terminated with the following error: %%1747

Error - 29/05/2011 04:36:19 | Computer Name = IBM-A342C680B2F | Source = DCOM | ID = 10010
Description = The server {209500FC-6B45-4693-8871-6296C4843751} did not register
with DCOM within the required timeout.

Error - 29/05/2011 04:37:29 | Computer Name = IBM-A342C680B2F | Source = DCOM | ID = 10010
Description = The server {209500FC-6B45-4693-8871-6296C4843751} did not register
with DCOM within the required timeout.

Error - 29/05/2011 04:42:54 | Computer Name = IBM-A342C680B2F | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Windows Management Instrumentation
service, but this action failed with the following error: %%1056

Error - 29/05/2011 14:58:20 | Computer Name = IBM-A342C680B2F | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Windows Management Instrumentation
service, but this action failed with the following error: %%1056


< End of report >
nmcdonald1959
Active Member
 
Posts: 11
Joined: May 18th, 2011, 3:10 pm

Re: Virus that chnages start button turns toolbar white

Unread postby Gary R » May 30th, 2011, 2:03 am

I see you did not follow the instructions I gave you, and selected the CURE action with TDSSKiller rather than the SKIP action action I asked you to select.

I need to know that you're going to follow the instructions exactly as I give them to you, otherwise it makes the whole clean-up process a whole lot more difficult.


Before using the CURE action I would have made a backup of your MBR which we could have restored to if anything went wrong, by running TDSSKiller without a backup you ran the risk of getting an unbootable machine which we may not have been able to recover.

Please follow ALL my instructions as I have written them, they all have a purpose even if it may not be apparent to you what it is.


OK lecture over, lets get back to cleaning your computer ;) .....

If you haven't already done so, please reboot your computer.

Next

  • Double click OTL.exe to launch the programme.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.
Code: Select all
:OTL
IE - HKU\S-1-5-21-639836632-2406333127-758162611-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/web?o=13110&l=dis
FF - prefs.js..browser.search.order.1: "Web Search"
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-639836632-2406333127-758162611-1005\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-639836632-2406333127-758162611-1005\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-A1FB-F862B587B57D} - No CLSID value found.
O3 - HKU\S-1-5-21-639836632-2406333127-758162611-1005\..\Toolbar\WebBrowser: (no name) - {E97B5F2E-CA8E-4D34-BDA3-44EEC4ED2B12} - No CLSID value found.

:Services
RoxLiveShare9

:Commands
[resethosts]
[emptytemp]
[emptyflash]

  • Click the Run Fix button.
  • OTL will now process the instructions.
  • When finished a box will open asking you to open the fix log, click OK.
  • The fix log will open.
  • Copy/Paste the log in your next reply please.

Note: If necessary, OTL may re-boot your computer, or request that you do so, if it does, re-boot your computer. A log will be produced upon re-boot.

Next

Please run a scan with ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
  • Please go HERE then click on: Image
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Copy and paste that log in your next reply please.
  • Now click on: Image (Selecting Uninstall application on close if you so wish)

Summary of the logs I need from you in your next post:
  • OTL log
  • E-Set log
  • How is your computer behaving now ???


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21864
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Virus that chnages start button turns toolbar white

Unread postby nmcdonald1959 » May 30th, 2011, 1:15 pm

Lecture accepted in good grace. I am up against it here as another of my computers tricks is to reboot when it wants. I can't print the instructions either but I will persevere.

All processes killed
========== OTL ==========
HKU\S-1-5-21-639836632-2406333127-758162611-1005\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Prefs.js: "Web Search" removed from browser.search.order.1
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-639836632-2406333127-758162611-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\S-1-5-21-639836632-2406333127-758162611-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4E7BD74F-2B8D-469E-A1FB-F862B587B57D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-A1FB-F862B587B57D}\ not found.
Registry value HKEY_USERS\S-1-5-21-639836632-2406333127-758162611-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E97B5F2E-CA8E-4D34-BDA3-44EEC4ED2B12} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E97B5F2E-CA8E-4D34-BDA3-44EEC4ED2B12}\ not found.
========== SERVICES/DRIVERS ==========
Service RoxLiveShare9 stopped successfully!
Service RoxLiveShare9 deleted successfully!
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 41703 bytes

User: John P McDonald
->Temp folder emptied: 1081691 bytes
->Temporary Internet Files folder emptied: 11532861 bytes
->Java cache emptied: 71681517 bytes
->FireFox cache emptied: 52908794 bytes
->Flash cache emptied: 2991037 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 3470546 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 5839 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 47264 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1571001 bytes
%systemroot%\System32 .tmp files removed: 4582417 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 43088 bytes
RecycleBin emptied: 173015 bytes

Total Files Cleaned = 143.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: John P McDonald
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.23.0 log created on 05302011_175805

Files\Folders moved on Reboot...
C:\Documents and Settings\John P McDonald\Local Settings\Temp\WCESLog.log moved successfully.

Registry entries deleted on Reboot...
nmcdonald1959
Active Member
 
Posts: 11
Joined: May 18th, 2011, 3:10 pm

Re: Virus that chnages start button turns toolbar white

Unread postby nmcdonald1959 » May 30th, 2011, 1:41 pm

I can't get my McAffee security console to open to allow me to disable the anti virus software. I'm guessing it's because I have a security shield with 2 updates that I'm being recommended to install. How should I proceed?
nmcdonald1959
Active Member
 
Posts: 11
Joined: May 18th, 2011, 3:10 pm

Re: Virus that chnages start button turns toolbar white

Unread postby Gary R » May 30th, 2011, 5:13 pm

Try running the E-Set scan without disabling McAfee.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21864
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Virus that chnages start button turns toolbar white

Unread postby nmcdonald1959 » May 31st, 2011, 1:38 am

Here is the ESET log. My task bar appears to be remaining in it's intended colour. I will check sound and printer this afternoon.


C:\Program Files\IWONGEI\Installr\1.bin\9uEIPlug.dll a variant of Win32/Toolbar.MyWebSearch application
C:\Program Files\Mozilla Firefox\components\rpff.dll probably a variant of Win32/Adware.GabPath.AH application
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP809\A0104341.exe a variant of Win32/Kryptik.NFW trojan
nmcdonald1959
Active Member
 
Posts: 11
Joined: May 18th, 2011, 3:10 pm

Re: Virus that chnages start button turns toolbar white

Unread postby Gary R » May 31st, 2011, 2:18 am

  • Double click OTL.exe to launch the programme.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.
Code: Select all
:Files
C:\Program Files\IWONGEI\Installr\1.bin\9uEIPlug.dll
C:\Program Files\Mozilla Firefox\components\rpff.dll

:Commands
[clearallrestorepoints]
[emptytemp]

  • Click the Run Fix button.
  • OTL will now process the instructions.
  • When finished a box will open asking you to open the fix log, click OK.
  • The fix log will open.
  • Copy/Paste the log in your next reply please.

Note: If necessary, OTL may re-boot your computer, or request that you do so, if it does, re-boot your computer. A log will be produced upon re-boot.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21864
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Virus that chnages start button turns toolbar white

Unread postby nmcdonald1959 » May 31st, 2011, 12:58 pm

All processes killed
========== FILES ==========
C:\Program Files\IWONGEI\Installr\1.bin\9uEIPlug.dll moved successfully.
C:\Program Files\Mozilla Firefox\components\rpff.dll moved successfully.
========== COMMANDS ==========
Restore points cleared and new OTL Restore Point set!

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: John P McDonald
->Temp folder emptied: 1385957 bytes
->Temporary Internet Files folder emptied: 1659733 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 41967888 bytes
->Flash cache emptied: 940 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 43.00 mb


OTL by OldTimer - Version 3.2.23.0 log created on 05312011_165948

Files\Folders moved on Reboot...
C:\Documents and Settings\John P McDonald\Local Settings\Temp\WCESLog.log moved successfully.

Registry entries deleted on Reboot...
nmcdonald1959
Active Member
 
Posts: 11
Joined: May 18th, 2011, 3:10 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 22 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware