Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Battling something Nasty

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Battling something Nasty

Unread postby slysnake » December 13th, 2011, 8:32 pm

Long story, but I'm having a lot of problems with my computer. Started with that nasty fake MS Security virus and then in my attempt to remove it I may have downloaded something else. Not sure.

Hijackthis pops up a window saying it can't write to hostfile. Also my Google seems to go to various languages similar to if I was using a proxy, but no proxy is installed. McAfee Virus protection, Firewall, Malwarebytes won't run. Browsers will not connect to McAfee, malwarebytes, or any other type site on the web, Just gets redirected.

Here's my log, hope you can help.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:27:30 PM, on 12/13/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Acunetix\Web Vulnerability Scanner 7\WVSScheduler7.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\Program Files\Lock Folder XP\LFService.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spamihilator\spamihilator.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\DellTPad\Apntex.exe
C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe
C:\PROGRA~1\COMMON~1\McAfee\MSC\McUICnt.exe
c:\PROGRA~1\mcafee\msc\mcupdmgr.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\WINDOWS\explorer.exe
C:\Trend Micro\HiJackThis\HiJackThis.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O1 - Hosts: ::1 localhost
O1 - Hosts: 216.240.133.193 http://www.google-analytics.com.
O1 - Hosts: 216.240.133.193 ad-emea.doubleclick.net.
O1 - Hosts: 216.240.133.193 http://www.statcounter.com.
O1 - Hosts: 69.72.252.254 http://www.google-analytics.com.
O1 - Hosts: 69.72.252.254 ad-emea.doubleclick.net.
O1 - Hosts: 69.72.252.254 http://www.statcounter.com.
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LFService] C:\Program Files\Lock Folder XP\LFService.exe -start
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [QuickFinder Scheduler] "c:\Program Files\Corel\WordPerfect Office X5\Programs\QFSCHD150.EXE"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1078081533-813497703-725345543-1004\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 (User '?')
O4 - HKUS\S-1-5-21-1078081533-813497703-725345543-1004\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe /startup (User '?')
O4 - HKUS\S-1-5-21-1078081533-813497703-725345543-1004\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - S-1-5-21-1078081533-813497703-725345543-1004 Startup: Spamihilator.lnk = C:\Program Files\Spamihilator\spamihilator.exe (User '?')
O4 - Startup: Spamihilator.lnk = C:\Program Files\Spamihilator\spamihilator.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Open with WordPerfect - c:\Program Files\Corel\WordPerfect Office X5\Programs\WPLauncher.hta
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\mcsniepl.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Acunetix WVS Scheduler v7 (AcuWVSSchedulerv7) - Acunetix Ltd. - C:\Program Files\Acunetix\Web Vulnerability Scanner 7\WVSScheduler7.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Unknown owner - (no file)
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe

--
End of file - 7754 bytes
slysnake
Active Member
 
Posts: 13
Joined: December 13th, 2011, 8:22 pm
Advertisement
Register to Remove

Re: Battling something Nasty

Unread postby deltalima » December 15th, 2011, 4:32 pm

Checking your log - back soon.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Battling something Nasty

Unread postby deltalima » December 15th, 2011, 4:43 pm

Hi slysnake,

Welcome to the forum.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Please note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please do not run any scans or make any changes to the system unless I ask you too.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

Download and run OTL
Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

Please download GMER Rootkit Scanner from here.
  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
  • Click on the "Scan" and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in SAFE MODE
Important! Please do not select the "Show all" checkbox during the scan..

Please post the GMER log along with OTL.txt and Extras.txt from the OTL scan into your next reply.

Please let me know if the computer is used for home or for business use.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Battling something Nasty

Unread postby slysnake » December 15th, 2011, 10:04 pm

Thank you for looking into this:

Here is the OTL Log:

OTL logfile created on: 12/15/2011 6:48:48 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Dad\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.56 Gb Available Physical Memory | 78.15% Memory free
4.85 Gb Paging File | 4.24 Gb Available in Paging File | 87.41% Paging File free
Paging file location(s): C:\pagefile.sys 3070 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 45.70 Gb Free Space | 61.31% Space Free | Partition Type: NTFS
Drive D: | 73.24 Gb Total Space | 64.32 Gb Free Space | 87.82% Space Free | Partition Type: NTFS

Computer Name: DADSAREA | User Name: Dad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Dad\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Spamihilator\spamihilator.exe (Michel Krämer)
PRC - C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe (McAfee, Inc.)
PRC - c:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Lock Folder XP\LFService.exe ()
PRC - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
PRC - C:\Program Files\Acunetix\Web Vulnerability Scanner 7\WVSScheduler7.exe (Acunetix Ltd.)
PRC - C:\Program Files\Outlook Express\msimn.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Program Files\Webroot\Washer\WasherSvc.exe (Webroot Software, Inc.)
PRC - C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.exe (Creative Technology Ltd)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Spamihilator\zlib1.dll ()
MOD - C:\Program Files\Spamihilator\sqlite3.dll ()
MOD - C:\Program Files\Lock Folder XP\LFService.exe ()
MOD - C:\WINDOWS\system32\cpwmon2k.dll ()
MOD - \\?\globalroot\systemroot\system32\mswsock.dll ()
MOD - \\.\globalroot\systemroot\system32\mswsock.dll ()


========== Win32 Services (SafeList) ==========

SRV - (vsmon) -- File not found
SRV - (mfevtp) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MatSvc) -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe (Microsoft Corporation)
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (AcuWVSSchedulerv7) -- C:\Program Files\Acunetix\Web Vulnerability Scanner 7\WVSScheduler7.exe (Acunetix Ltd.)
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
SRV - (wwEngineSvc) -- C:\Program Files\Webroot\Washer\WasherSvc.exe (Webroot Software, Inc.)
SRV - (PSI_SVC_2) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)


========== Driver Services (SafeList) ==========

DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfefirek) -- C:\WINDOWS\system32\drivers\mfefirek.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mfetdi2k) -- C:\WINDOWS\system32\drivers\mfetdi2k.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\WINDOWS\system32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfendiskmp) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
DRV - (mfendisk) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (cfwids) -- C:\WINDOWS\system32\drivers\cfwids.sys (McAfee, Inc.)
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (npf) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (mfesmfk) -- C:\WINDOWS\system32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\WINDOWS\system32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (LFSys) -- C:\WINDOWS\system32\drivers\lf30xp.sys ()
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (ezplay) -- C:\WINDOWS\system32\drivers\ezplay.sys (VSO Software)
DRV - (tbhsd) -- C:\WINDOWS\system32\drivers\tbhsd.sys (RapidSolution Software AG)
DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (redbook) -- C:\WINDOWS\system32\drivers\redbook.sys ()
DRV - (Sentinel) -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS (SafeNet, Inc.)
DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (AN983) -- C:\WINDOWS\system32\drivers\an983.sys (ADMtek Incorporated.)
DRV - (emupia) -- C:\WINDOWS\system32\drivers\emupia2k.sys (Creative Technology Ltd)
DRV - (ctac32k) -- C:\WINDOWS\system32\drivers\ctac32k.sys (Creative Technology Ltd)
DRV - (hap16v2k) -- C:\WINDOWS\system32\drivers\haP16v2k.sys (Creative Technology Ltd)
DRV - (ha10kx2k) -- C:\WINDOWS\system32\drivers\ha10kx2k.sys (Creative Technology Ltd)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (ctprxy2k) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV - (ctdvda2k) -- C:\WINDOWS\system32\drivers\ctdvda2k.sys (Creative Technology Ltd)
DRV - (PfModNT) -- C:\WINDOWS\system32\drivers\pfmodnt.sys (Creative Technology Ltd.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 188.59.252.190:80

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 188.59.252.190:80

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1078081533-813497703-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-1078081533-813497703-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-1078081533-813497703-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-1078081533-813497703-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: acunetixwebscanner@attila.gerendi:1.0.44
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}:0.16
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:2.9
FF - prefs.js..network.proxy.backup.ftp: "121.10.120.214"
FF - prefs.js..network.proxy.backup.ftp_port: 80
FF - prefs.js..network.proxy.backup.gopher: "121.10.120.214"
FF - prefs.js..network.proxy.backup.gopher_port: 80
FF - prefs.js..network.proxy.backup.socks: "121.10.120.214"
FF - prefs.js..network.proxy.backup.socks_port: 80
FF - prefs.js..network.proxy.backup.ssl: "121.10.120.214"
FF - prefs.js..network.proxy.backup.ssl_port: 80
FF - prefs.js..network.proxy.ftp: "193.116.157.195"
FF - prefs.js..network.proxy.ftp_port: 80
FF - prefs.js..network.proxy.gopher: "193.116.157.195"
FF - prefs.js..network.proxy.gopher_port: 80
FF - prefs.js..network.proxy.http: "193.116.157.195"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "193.116.157.195"
FF - prefs.js..network.proxy.socks_port: 80
FF - prefs.js..network.proxy.ssl: "193.116.157.195"
FF - prefs.js..network.proxy.ssl_port: 80

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Musicnotes.com/Musicnotes Viewer: C:\Program Files\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@Sibelius.com/Scorch Plugin: C:\Program Files\Musicnotes\npsibelius.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2009/07/24 18:09:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/06 21:43:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/19 19:52:31 | 000,000,000 | ---D | M]

[2008/11/19 21:17:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dad\Application Data\Mozilla\Extensions
[2011/12/12 21:27:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\5jk7z0zs.default\extensions
[2010/03/01 18:24:15 | 000,000,000 | ---D | M] (Live HTTP Headers) -- C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\5jk7z0zs.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
[2010/12/06 17:20:48 | 000,000,000 | ---D | M] (Acunetix Web Scanner) -- C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\5jk7z0zs.default\extensions\acunetixwebscanner@attila.gerendi
[2011/12/10 18:25:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/14 11:27:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2009/08/05 12:54:46 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2009/07/24 18:09:22 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2011/04/14 13:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
[2010/07/17 04:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

========== Chrome ==========

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\8.0.552.237\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\8.0.552.237\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\8.0.552.237\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.210.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U21 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: BitTorrent (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
CHR - plugin: Musicnotes (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npmusicn.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: ScorchPlugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPSibelius.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: DNA Plug-in (Enabled) = C:\Program Files\DNA\plugins\npbtdna.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2011/12/12 06:05:11 | 000,001,401 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 216.240.133.193 http://www.google-analytics.com.
O1 - Hosts: 216.240.133.193 ad-emea.doubleclick.net.
O1 - Hosts: 216.240.133.193 http://www.statcounter.com.
O1 - Hosts: 69.72.252.254 http://www.google-analytics.com.
O1 - Hosts: 69.72.252.254 ad-emea.doubleclick.net.
O1 - Hosts: 69.72.252.254 http://www.statcounter.com.
O3 - HKU\S-1-5-21-1078081533-813497703-725345543-1004\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [LFService] C:\Program Files\Lock Folder XP\LFService.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickFinder Scheduler] c:\Program Files\Corel\WordPerfect Office X5\Programs\QFSCHD150.EXE (Corel Corporation)
O4 - HKU\S-1-5-21-1078081533-813497703-725345543-1004..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKU\S-1-5-21-1078081533-813497703-725345543-1004..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe (Webroot Software, Inc.)
O4 - HKU\S-1-5-21-1078081533-813497703-725345543-1004..\RunOnce: [Index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe (Webroot Software, Inc.)
O4 - Startup: C:\Documents and Settings\Dad\Start Menu\programs\Startup\Spamihilator.lnk = C:\Program Files\Spamihilator\spamihilator.exe (Michel Krämer)
O4 - Startup: C:\Documents and Settings\Mom\Start Menu\programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1078081533-813497703-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Open with WordPerfect - c:\Program Files\Corel\WordPerfect Office X5\Programs\WPLauncher.hta ()
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\nwprovau.dll File not found
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 97.64.168.12 97.64.183.165
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B6284CF7-85A7-4855-B87D-EF32FEAFF102}: DhcpNameServer = 97.64.168.12 97.64.183.165
O18 - Protocol\Handler\livecall - No CLSID value found
O18 - Protocol\Handler\msnim - No CLSID value found
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/29 21:35:34 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/03/27 20:00:06 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{802f713b-dcdb-11e0-b743-001217539451}\Shell\open\command - "" = C:\WINDOWS\Explorer.exe -- [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/15 18:42:35 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dad\Desktop\OTL.exe
[2011/12/15 18:31:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2011/12/14 21:16:50 | 005,062,112 | ---- | C] (Check Point Software Technologies LTD) -- C:\Documents and Settings\Dad\Desktop\zaSetupWeb_101_065_000.exe
[2011/12/14 21:01:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dad\Desktop\Bookmarks
[2011/12/13 18:45:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2011/12/10 20:33:34 | 000,014,664 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\stinger.sys
[2011/12/10 16:46:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Tiny Personal Firewall 2005
[2011/12/10 16:46:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PFShared
[2011/12/10 16:46:04 | 000,000,000 | ---D | C] -- C:\Program Files\Tiny Firewall
[2011/12/10 16:44:33 | 004,297,552 | ---- | C] (Tiny Software ) -- C:\Documents and Settings\Dad\My Documents\tpf-6.5.92.exe
[2011/12/10 16:31:42 | 000,000,000 | ---D | C] -- C:\virus stuff
[2011/12/10 15:56:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/12/10 15:19:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/12/10 15:19:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/12/04 15:34:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\RegCure
[2011/12/04 15:34:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2011/12/04 15:34:23 | 000,000,000 | ---D | C] -- C:\Program Files\RegCure
[2011/12/04 15:27:05 | 000,000,000 | ---D | C] -- C:\Program Files\Havij_new_1.15v_p0rtabl3
[2011/11/18 18:25:23 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Dad\Recent
[2009/04/26 18:32:55 | 000,094,208 | ---- | C] (VSO Software) -- C:\Documents and Settings\Dad\Application Data\ezplay.sys
[2009/04/26 18:32:42 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Dad\Application Data\pcouffin.sys
[2008/08/31 19:47:33 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\KILLAPPS.EXE
[2008/08/31 19:47:23 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/15 18:43:30 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Dad\Desktop\co0992rv.exe
[2011/12/15 18:42:49 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dad\Desktop\OTL.exe
[2011/12/15 18:19:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/14 21:41:29 | 000,031,452 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-00000002-00001102-00000004-20021102}.rfx
[2011/12/14 21:41:29 | 000,031,452 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-00000002-00001102-00000004-20021102}.rfx
[2011/12/14 21:41:29 | 000,031,440 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-00000002-00001102-00000004-20021102}.rfx
[2011/12/14 21:41:29 | 000,031,440 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-00000002-00001102-00000004-20021102}.rfx
[2011/12/14 21:41:29 | 000,030,912 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-00000001-00001102-00000004-10031102}.rfx
[2011/12/14 21:41:29 | 000,030,912 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-00000001-00001102-00000004-10031102}.rfx
[2011/12/14 21:41:29 | 000,029,760 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-00000001-00001102-00000004-10031102}.rfx
[2011/12/14 21:41:29 | 000,029,760 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-00000001-00001102-00000004-10031102}.rfx
[2011/12/14 21:41:29 | 000,002,064 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2011/12/14 21:41:29 | 000,002,064 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2011/12/14 21:41:29 | 000,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000002-00000000-00000002-00001102-00000004-20021102}.dat
[2011/12/14 21:41:29 | 000,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000002-00000000-00000001-00001102-00000004-10031102}.dat
[2011/12/14 21:41:29 | 000,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000002-00001102-00000004-20021102}.dat
[2011/12/14 21:41:29 | 000,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000001-00001102-00000004-10031102}.dat
[2011/12/14 21:16:51 | 005,062,112 | ---- | M] (Check Point Software Technologies LTD) -- C:\Documents and Settings\Dad\Desktop\zaSetupWeb_101_065_000.exe
[2011/12/13 22:20:25 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/13 19:56:25 | 002,377,856 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/13 18:16:34 | 000,001,284 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.new
[2011/12/13 16:41:47 | 000,014,664 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\stinger.sys
[2011/12/13 16:38:59 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Dad\Local Settings\Application Data\housecall.guid.cache
[2011/12/12 22:05:22 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2011/12/12 21:32:02 | 000,013,002 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/12 21:30:55 | 000,024,148 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k
[2011/12/12 17:30:40 | 000,432,784 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/12/12 17:30:40 | 000,067,740 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/12/12 06:05:11 | 000,001,401 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/12/12 06:01:53 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/11 19:46:36 | 000,006,580 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2011/12/10 18:05:05 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Dad\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/12/10 16:44:23 | 004,297,552 | ---- | M] (Tiny Software ) -- C:\Documents and Settings\Dad\My Documents\tpf-6.5.92.exe
[2011/12/10 16:34:20 | 000,361,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcpip.sys
[2011/12/10 08:53:30 | 000,004,378 | -HS- | M] () -- C:\Documents and Settings\Dad\Local Settings\Application Data\4h32ql3b74d874
[2011/12/10 08:53:30 | 000,004,378 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\4h32ql3b74d874
[2011/12/06 22:52:56 | 000,014,792 | -HS- | M] () -- C:\Documents and Settings\Dad\Local Settings\Application Data\u0ff12t5vq0alc
[2011/12/06 22:52:56 | 000,014,792 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\u0ff12t5vq0alc
[2011/12/04 15:34:30 | 000,000,386 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2011/12/04 15:34:30 | 000,000,368 | ---- | M] () -- C:\WINDOWS\tasks\RegCure.job
[2011/12/03 10:15:55 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/11/23 07:25:32 | 001,859,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\win32k.sys
[2011/11/23 07:25:32 | 001,859,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/15 18:43:27 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Dad\Desktop\co0992rv.exe
[2011/12/13 22:20:25 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/13 16:38:59 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Dad\Local Settings\Application Data\housecall.guid.cache
[2011/12/10 17:35:12 | 000,024,148 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k
[2011/12/10 15:20:36 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/10 08:50:57 | 000,004,378 | -HS- | C] () -- C:\Documents and Settings\Dad\Local Settings\Application Data\4h32ql3b74d874
[2011/12/10 08:50:57 | 000,004,378 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\4h32ql3b74d874
[2011/12/06 19:23:02 | 000,014,792 | -HS- | C] () -- C:\Documents and Settings\Dad\Local Settings\Application Data\u0ff12t5vq0alc
[2011/12/06 19:23:02 | 000,014,792 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\u0ff12t5vq0alc
[2011/12/04 15:34:30 | 000,000,386 | ---- | C] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2011/12/04 15:34:30 | 000,000,368 | ---- | C] () -- C:\WINDOWS\tasks\RegCure.job
[2011/11/13 12:15:37 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2011/10/18 18:30:06 | 000,000,140 | -H-- | C] () -- C:\Documents and Settings\Dad\Application Data\lakerda1967.sys
[2011/10/18 18:30:05 | 000,010,584 | ---- | C] () -- C:\Documents and Settings\Dad\Application Data\docXConverter (3).ini
[2011/09/05 20:10:00 | 000,011,350 | -HS- | C] () -- C:\Documents and Settings\Dad\Local Settings\Application Data\s5u64pg23774170bcv4al7ei4780nmvv373f65p8017a0ok
[2011/09/05 20:10:00 | 000,011,350 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\s5u64pg23774170bcv4al7ei4780nmvv373f65p8017a0ok
[2011/09/04 20:54:13 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2011/04/18 20:00:18 | 000,000,043 | ---- | C] () -- C:\Documents and Settings\Dad\Application Data\1.gif
[2011/02/08 18:24:32 | 000,000,543 | ---- | C] () -- C:\Documents and Settings\Dad\Application Data\AutoGK.ini
[2010/11/01 19:47:37 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\ptlx55.dat.{5728B11F-B697-47AA-9C1B-8ECB545B5193}
[2010/10/17 19:23:16 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Dad\Application Data\Autorun.vbs
[2010/08/26 22:03:46 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2010/02/03 21:28:32 | 000,000,071 | ---- | C] () -- C:\WINDOWS\EPSONCD.INI
[2010/01/26 20:09:02 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2009/11/09 15:21:02 | 000,066,560 | ---- | C] () -- C:\WINDOWS\System32\ntrights.exe
[2009/10/23 19:14:19 | 000,000,040 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2009/10/05 15:09:42 | 001,658,973 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll
[2009/10/05 15:09:42 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\PtSSE2.dll
[2009/10/05 15:09:42 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2009/08/03 03:42:08 | 000,068,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\lf30xp.sys
[2009/04/28 21:31:21 | 000,000,724 | ---- | C] () -- C:\WINDOWS\wacam.ini
[2009/04/26 18:32:55 | 000,007,861 | ---- | C] () -- C:\Documents and Settings\Dad\Application Data\ezplay.cat
[2009/04/26 18:32:55 | 000,001,104 | ---- | C] () -- C:\Documents and Settings\Dad\Application Data\ezplay.inf
[2009/04/26 18:32:55 | 000,000,125 | ---- | C] () -- C:\Documents and Settings\Dad\Application Data\ezplay.ini
[2009/04/26 18:32:42 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Dad\Application Data\inst.exe
[2009/04/26 18:32:42 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Dad\Application Data\pcouffin.cat
[2009/04/26 18:32:42 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Dad\Application Data\pcouffin.inf
[2009/03/17 21:50:19 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\libssl32.dll
[2009/01/25 15:10:48 | 000,179,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/01/08 17:01:22 | 000,629,760 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/11/19 21:17:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/09/21 17:22:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Textart.INI
[2008/09/20 22:14:36 | 000,796,048 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2008/08/31 19:51:30 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2008/08/31 19:51:29 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\SFMAN.DAT
[2008/08/31 19:50:50 | 000,000,384 | ---- | C] () -- C:\WINDOWS\System32\DVCStateBkp-{00000002-00000000-00000002-00001102-00000004-20021102}.dat
[2008/08/31 19:50:50 | 000,000,384 | ---- | C] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000002-00001102-00000004-20021102}.dat
[2008/08/31 19:50:26 | 000,000,384 | ---- | C] () -- C:\WINDOWS\System32\DVCStateBkp-{00000002-00000000-00000001-00001102-00000004-10031102}.dat
[2008/08/31 19:50:26 | 000,000,384 | ---- | C] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000001-00001102-00000004-10031102}.dat
[2008/08/31 19:47:48 | 000,043,080 | ---- | C] () -- C:\WINDOWS\System32\e10kxwdm.ini
[2008/08/31 19:47:48 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2008/08/31 19:47:38 | 000,256,927 | ---- | C] () -- C:\WINDOWS\System32\ctsbas2w.dat
[2008/08/31 19:47:38 | 000,228,510 | ---- | C] () -- C:\WINDOWS\System32\CTSBASW.DAT
[2008/08/31 19:47:37 | 000,222,293 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2008/08/31 19:47:37 | 000,139,944 | ---- | C] () -- C:\WINDOWS\System32\ctbas2w.dat
[2008/08/31 19:47:37 | 000,111,996 | ---- | C] () -- C:\WINDOWS\System32\CTBASICW.DAT
[2008/08/31 19:47:36 | 000,298,971 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat
[2008/08/31 19:47:36 | 000,054,190 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2008/08/31 19:47:33 | 000,005,515 | ---- | C] () -- C:\WINDOWS\System32\ENSDEF.INI
[2008/08/31 19:47:33 | 000,000,194 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2008/08/31 19:47:31 | 000,184,320 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE
[2008/08/31 19:47:31 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\REGPLIB.EXE
[2008/08/31 19:47:16 | 000,000,184 | ---- | C] () -- C:\WINDOWS\System32\e000002.dat
[2008/08/31 19:47:16 | 000,000,184 | ---- | C] () -- C:\WINDOWS\System32\e000001.dat
[2008/08/31 19:46:08 | 000,831,600 | ---- | C] () -- C:\WINDOWS\System32\Ctaa1.dat
[2008/08/31 19:42:34 | 000,000,136 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2008/08/31 16:25:20 | 000,000,604 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\T2
[2008/08/31 16:25:20 | 000,000,604 | -H-- | C] () -- C:\Program Files\STLL Notifier
[2008/08/30 23:05:04 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/08/30 22:29:40 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2008/08/30 22:29:40 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2008/08/30 22:29:40 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2008/08/30 22:29:40 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2008/08/30 22:29:40 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2008/08/30 22:29:40 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2008/08/30 22:29:40 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2008/08/30 22:29:40 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2008/08/30 22:29:40 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2008/08/30 22:29:40 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2008/08/30 22:29:40 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2008/08/30 22:29:40 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2008/08/30 22:29:40 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2008/08/30 22:29:40 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2008/08/30 22:29:40 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2008/08/30 22:29:40 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2008/08/30 22:28:00 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EP_SPR380.ini
[2008/08/30 22:26:58 | 000,000,058 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2008/08/30 21:42:55 | 000,006,580 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2008/08/30 21:42:55 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\C281340229.sys
[2008/08/29 22:13:34 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/08/29 21:56:57 | 000,000,452 | ---- | C] () -- C:\WINDOWS\WinInit.Ini
[2008/08/29 21:37:23 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/08/29 21:33:12 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/08/29 16:23:26 | 000,057,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\redbook.sys
[2008/08/29 16:21:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/08/29 16:20:56 | 002,377,856 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/06/18 13:59:56 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2004/03/18 17:40:32 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2004/03/18 17:40:24 | 000,667,648 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2003/10/06 13:16:00 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\nvcod.dll
[2002/10/15 16:54:04 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2001/08/18 06:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/18 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/18 06:00:00 | 000,432,784 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/18 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/18 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/18 06:00:00 | 000,067,740 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/18 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/18 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/18 06:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/18 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2001/08/18 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C8B8CEBD
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:264B2CC4
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D74B6CF5
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:264A9BB7
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8

< End of report >
slysnake
Active Member
 
Posts: 13
Joined: December 13th, 2011, 8:22 pm

Re: Battling something Nasty

Unread postby slysnake » December 15th, 2011, 10:12 pm

And here is the Extras.txt

OTL Extras logfile created on: 12/15/2011 6:48:48 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Dad\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.56 Gb Available Physical Memory | 78.15% Memory free
4.85 Gb Paging File | 4.24 Gb Available in Paging File | 87.41% Paging File free
Paging file location(s): C:\pagefile.sys 3070 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 45.70 Gb Free Space | 61.31% Space Free | Partition Type: NTFS
Drive D: | 73.24 Gb Total Space | 64.32 Gb Free Space | 87.82% Space Free | Partition Type: NTFS

Computer Name: DADSAREA | User Name: Dad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-1078081533-813497703-725345543-1004\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services -- (Rosetta Stone Ltd. )
"C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone Version 3 Application -- (Rosetta Stone Ltd. )

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Spamihilator\cdcc.exe" = C:\Program Files\Spamihilator\cdcc.exe:*:Enabled:Spamihilator DCC Filter Configuration -- ()
"C:\Program Files\Spamihilator\dccproc.exe" = C:\Program Files\Spamihilator\dccproc.exe:*:Enabled:Spamihilator DCC Filter -- ()
"C:\Program Files\Spamihilator\spamihilator.exe" = C:\Program Files\Spamihilator\spamihilator.exe:*:Enabled:Spamihilator -- (Michel Krämer)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
"C:\Program Files\Sibelius Software\Sibelius 6\RegTool.exe" = C:\Program Files\Sibelius Software\Sibelius 6\RegTool.exe:*:Enabled:RegTool.exe -- ()
"C:\Program Files\Sibelius Software\Sibelius 6\Sibelius.exe" = C:\Program Files\Sibelius Software\Sibelius 6\Sibelius.exe:*:Enabled:Sibelius.exe -- (Sibelius Software, a division of Avid Technology, Inc. and its licensors.)
"C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services -- (Rosetta Stone Ltd. )
"C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone Version 3 Application -- (Rosetta Stone Ltd. )


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{DE6DE4A1-0343-4DBE-9DC2-E667AA03F579}" = WordPerfect Office X5
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{06A1BE8A-4CA4-4A39-B9E4-E815AA8FE05C}" = Sony Noise Reduction Plug-In 2.0h
"{13EBF9E8-82FF-47D0-A324-534B79EF7F71}" = WordPerfect Office X5 - WT
"{148E08FF-D7C4-46ED-8D4D-601C67FE0AFD}" = Rosetta Stone Version 3
"{17C5A285-F7B6-492B-8F3B-343D02B84D75}" = WordPerfect Office X5 - Common
"{17FE44E2-D21A-4F0C-BE49-798A8FBC374E}" = Sibelius 6
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19B4CD07-1919-4002-B28F-A5D2027026E0}" = WordPerfect Office X5 - IPM
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 3.3
"{1DF03ECE-6AF4-414E-B118-C316F151A9A2}" = Corel WordPerfect Office - iFilter
"{1F0D7D15-8A36-4AE4-8573-70BEA7DF379D}" = WordPerfect Office X5 - Migration Manager
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 21
"{2B040D56-BD5A-4990-A50C-33CDBCE03112}_is1" = Acunetix Web Vulnerability Scanner 7.0
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{378BAC91-3AE8-45F0-90E4-4F81E3EAEBC5}" = WordPerfect Office X5 - PR
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4873CC58-69D8-490D-9E5C-001DC2EE2010}" = WordPerfect Lightning - Messages
"{4873CC58-69D8-490D-9E5C-001DC2EE2020}" = WordPerfect Lightning - IPM
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AEA9A23-D627-4699-8A0F-FC474308C2E6}" = Sony Sound Forge 9.0
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57CDBAE6-0896-4E78-88F0-C673E4BB44FD}" = Lock Folder XP
"{5A180ED5-0AC1-410A-B790-5E0319CD0A93}" = Sentinel Protection Installer 7.4.0
"{64459BD5-3AE8-4689-B7B0-D57B667D8399}" = WordPerfect Office X5 - PerfectExperts EN
"{67ED9603-CB76-4338-B7B0-690FE144C4DA}" = WordPerfect Lightning
"{6C13C708-FF28-4991-84E6-5526A0EE677B}" = WordPerfect Office X5 - Oxford
"{6E4B1E42-A831-44B4-A705-D006F68560EC}" = WordPerfect Office X5 - Graphics
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71D2F8EE-9D45-4D95-A6F6-F6433C2B94B5}" = WordPerfect Office X5 - System EN
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7C62AE50-2EE0-40C7-8789-A3715335B215}" = Spamihilator 1.0.0 (32 bit)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E2514D9-DC24-4634-B348-61F3EF0F1628}" = Sound Blaster Audigy 2 ZS
"{9ED38F62-7A50-4145-8C5D-0FCFFBF10A7B}" = Visual C++ CRT 9.0
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6FD1334-FD75-4951-935D-08F8C7E4C6B0}" = WordPerfect Office X5 - Sharepoint
"{AC76BA86-7AD7-1033-7B44-A80000000002}" = Adobe Reader 8
"{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}" = PixiePack Codec Pack
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B62C4524-41B5-4E65-952B-36AEC51E3F55}" = WordPerfect Office X5
"{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center
"{BC8032F1-0D5E-43C6-B14A-77AC8F9690B5}" = DesignPro 5.0 Media Edition
"{BE282C23-5484-47FF-B2C1-EBEA5C891033}" = Nero 8
"{BEFBEDDF-1417-4C8A-92FB-F003C0D41199}" = OpenOffice.org 3.2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C23B8C30-E05E-4CB5-8188-F27CC3B2DD3E}" = Sibelius 5
"{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb" = Microsoft Automated Troubleshooting Services Shim
"{CD5C6C29-E6CB-4DF3-B45F-A04087B1C294}" = WordPerfect Office X5 - Templates
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D4167D08-0F61-4F44-BC3F-26B4960745C4}" = WordPerfect Office X5 - Skins
"{D7643510-C1AE-44AD-B0F9-0665C4D73BFD}" = WordPerfect Office X5 - LegalTools
"{DAEDCD3D-B981-4F10-B17B-764753EDAF9F}" = WordPerfect Office X5 - QP
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529001}" = WordPerfect Office X4 - ICA
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529010}" = WordPerfect Office X4 - Common
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529011}" = WordPerfect Office X4 - WP
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529012}" = WordPerfect Office X4 - QP
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529013}" = WordPerfect Office X4 - PR
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529014}" = WordPerfect Office X4 - Content
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529016}" = WordPerfect Office X4 - Skins
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529017}" = WordPerfect Office X4 - Filters
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529018}" = WordPerfect Office X4 - Graphics
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529023}" = WordPerfect Office X4 - System
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529030}" = WordPerfect Office X4 - Migration Manager
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529040}" = WordPerfect Office X4 - IPM
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529046}" = WordPerfect Office X4 - IPM T EN
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529050}" = WordPerfect Office X4 - PerfectExperts
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529080}" = WordPerfect Office X4 - MAIL
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529100}" = WordPerfect Office X4 - EN
"{DE6DE4A1-0343-4DBE-9DC2-E667AA03F579}" = WordPerfect Office X5 - Setup Files
"{E539B721-4458-4EFC-8BD0-04D4842051AE}" = Wordperfect Office X5 - EN
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E67732DE-3387-4F1E-BDDA-2D0C08BC025B}" = WordPerfect Office X5 - Filters
"{EC25B803-4BDB-47F7-B877-FCE7D7966C0F}" = Visual C++ CRT 9.0 SP1
"{EC61C6D9-159B-4B14-AAF3-AF33FCFA50DD}" = WordPerfect Office X5 - WP
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6EE49FD-B736-4888-A05A-115F3B1160FA}" = WordPerfect Lightning - MSOM
"{F843C6A3-224D-4615-94F8-3C461BD9AEA0}" = Jasc Paint Shop Pro 9
"{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}" = EPSON Print CD
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Belltech InfoProtect - Data Security 1.3_is1" = Belltech InfoProtect - Data Security 1.3
"CCleaner" = CCleaner
"CutePDF Writer Installation" = CutePDF Writer 2.8
"DelinvFile_is1" = DelinvFile - 4.04
"EPSON Printer and Utilities" = EPSON Printer Software
"FileASSASSIN" = FileASSASSIN
"Finale 2010" = Finale 2010
"FormatFactory" = FormatFactory 2.70
"Free Window Registry Repair" = Free Window Registry Repair
"Garritan Instruments for Finale" = Garritan Instruments for Finale
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"InstallShield_{BC8032F1-0D5E-43C6-B14A-77AC8F9690B5}" = DesignPro 5.0 Media Edition
"jahPlayer" = jahPlayer
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)
"MSC" = McAfee AntiVirus Plus
"Musicnotes Combined Installer_is1" = Musicnotes Software Suite 1.5.5
"NetsparkerCommunityEdition" = Netsparker [Community Edition] - Web Application Security Scanner
"NVIDIA Display Driver" = NVIDIA Display Driver
"OpenLibraries" = OpenLibraries
"PDFtoMusic Pro" = PDFtoMusic Pro
"Raptor_is1" = Raptor 3
"RealAlt_is1" = Real Alternative 1.9.0 Lite
"RegistryWizard_is1" = RegistryWizard 3.1.0.401
"Silent Package Run-Time Sample" = EPSON Stylus Photo R380 User's Guide
"SysInfo" = Creative System Information
"VobSub" = VobSub v2.23 (Remove Only)
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WIC" = Windows Imaging Component
"Window Washer" = Window Washer
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPatrol" = WinPatrol 2009
"WinPcapInst" = WinPcap 4.1.1
"WinRAR archiver" = WinRAR archiver
"Wireshark" = Wireshark 1.2.1
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)
"ZoneAlarm" = ZoneAlarm
slysnake
Active Member
 
Posts: 13
Joined: December 13th, 2011, 8:22 pm

Re: Battling something Nasty

Unread postby slysnake » December 15th, 2011, 10:23 pm

Proving impossible to post the logs. Tried Firefox and IE and they just return errors
slysnake
Active Member
 
Posts: 13
Joined: December 13th, 2011, 8:22 pm

Re: Battling something Nasty

Unread postby slysnake » December 15th, 2011, 10:24 pm

Hmmm... Not being allowed to connect to post logs. I know you don't want attachements, but I'm going to try that
You do not have the required permissions to view the files attached to this post.
slysnake
Active Member
 
Posts: 13
Joined: December 13th, 2011, 8:22 pm

Re: Battling something Nasty

Unread postby slysnake » December 15th, 2011, 10:31 pm

That seems to be the only way I can post the log. GMER said there is rootkit activity present. here is the GMER log
You do not have the required permissions to view the files attached to this post.
slysnake
Active Member
 
Posts: 13
Joined: December 13th, 2011, 8:22 pm

Re: Battling something Nasty

Unread postby deltalima » December 16th, 2011, 5:30 am

Please let me know if the computer is used for home or for business use.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Battling something Nasty

Unread postby slysnake » December 16th, 2011, 12:33 pm

It's a home computer
slysnake
Active Member
 
Posts: 13
Joined: December 13th, 2011, 8:22 pm

Re: Battling something Nasty

Unread postby deltalima » December 16th, 2011, 12:40 pm

slysnake wrote:It's a home computer


Has the computer ever been connected to the company network at Mapinfo Ltd in Windsor?
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Battling something Nasty

Unread postby slysnake » December 16th, 2011, 10:24 pm

No, not to my knowlege. Never heard of that company
slysnake
Active Member
 
Posts: 13
Joined: December 13th, 2011, 8:22 pm

Re: Battling something Nasty

Unread postby slysnake » December 17th, 2011, 10:55 am

we do have a wireless router, if that makes a difference. There are three computers in our home but I don't think we have them set to network because they all just connect through the wireless router. This computer is older and it was connected through a hardwire router before. But nothing outside our home.
slysnake
Active Member
 
Posts: 13
Joined: December 13th, 2011, 8:22 pm

Re: Battling something Nasty

Unread postby deltalima » December 17th, 2011, 11:08 am

Hi slysnake,

Remove P2P Programs

  • I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

    BitTorrentDNA - Firefox plugin


  • Please read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.
  • Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

Please remove BitTorrentDNA from within Firefox.


Registry Cleaners


I don't personally recommend the use of ANY registry cleaners. Here is an excerpt from a discussion on regcleaners
Most reg cleaners aren't bad as such, but they aren't perfect and even the best have been known to cause problems. The point we are trying to make is that the risk of using one far outweighs any benefit. If it does work perfectly you will not see any difference. If it doesn't work properly you may end up with an expensive doorstop.


This post by Bill Castner is veryinformative: WhatTheTech Forum

Please uninstall
RegistryWizard
Free Window Registry Repair


TDSSKiller

  • Please Download TDSSKiller.zip and save it on your desktop.
  • Extract (unzip) its contents to your Desktop.
  • Double-click the TDSSKiller Folder on your desktop.
  • Right-click on TDSSKiller.exe and click Copy then Paste it directly on to your Desktop.
  • Important!: Run this fix once and once only.
  • Double click the TDSSKiller icon on you're desktop then click Start scan.
  • A box will appear saying System scan completed.
  • If any Malicious objects are found click Cure > Continue > Reboot now.
  • A log file should be created on your C: drive named something like TDSSKiller.2.4.0.0 24.07.2010.
  • To find the log click Start > Computer > C:.
  • Please post the contents of that log in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Battling something Nasty

Unread postby slysnake » December 17th, 2011, 8:11 pm

OK, Removed the items as directed. Ran the program and it said it found 4 problems. Cured 3 but one was a locked folder and the default setting on the program was skip instead of cure. Should I have cured that one as well? Here's the log:

17:57:27.0609 3284 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
17:57:29.0593 3284 ============================================================
17:57:29.0593 3284 Current date / time: 2011/12/17 17:57:29.0593
17:57:29.0593 3284 SystemInfo:
17:57:29.0593 3284
17:57:29.0593 3284 OS Version: 5.1.2600 ServicePack: 3.0
17:57:29.0593 3284 Product type: Workstation
17:57:29.0593 3284 ComputerName: DADSAREA
17:57:29.0593 3284 UserName: Dad
17:57:29.0593 3284 Windows directory: C:\WINDOWS
17:57:29.0593 3284 System windows directory: C:\WINDOWS
17:57:29.0593 3284 Processor architecture: Intel x86
17:57:29.0593 3284 Number of processors: 1
17:57:29.0593 3284 Page size: 0x1000
17:57:29.0593 3284 Boot type: Normal boot
17:57:29.0593 3284 ============================================================
17:57:31.0703 3284 Initialize success
17:57:35.0656 3808 ============================================================
17:57:35.0656 3808 Scan started
17:57:35.0656 3808 Mode: Manual;
17:57:35.0656 3808 ============================================================
17:57:36.0812 3808 Abiosdsk - ok
17:57:36.0859 3808 abp480n5 - ok
17:57:36.0968 3808 ACPI (d8fb7d1c3f5bfa3f53fe9cc6367e9e99) C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:57:36.0984 3808 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ACPI.sys. Real md5: d8fb7d1c3f5bfa3f53fe9cc6367e9e99, Fake md5: 8fd99680a539792a30e97944fdaecf17
17:57:36.0984 3808 ACPI ( Virus.Win32.Rloader.a ) - infected
17:57:36.0984 3808 ACPI - detected Virus.Win32.Rloader.a (0)
17:57:37.0140 3808 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
17:57:37.0140 3808 ACPIEC - ok
17:57:37.0218 3808 adpu160m - ok
17:57:37.0296 3808 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
17:57:37.0312 3808 aec - ok
17:57:37.0453 3808 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\WINDOWS\system32\drivers\Afc.sys
17:57:37.0546 3808 Afc - ok
17:57:37.0640 3808 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
17:57:37.0656 3808 AFD - ok
17:57:37.0750 3808 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
17:57:37.0750 3808 agp440 - ok
17:57:37.0812 3808 Aha154x - ok
17:57:37.0859 3808 aic78u2 - ok
17:57:37.0906 3808 aic78xx - ok
17:57:37.0984 3808 AliIde - ok
17:57:38.0046 3808 amsint - ok
17:57:38.0140 3808 AN983 (116bff96077a4a724e0aab800525ceb5) C:\WINDOWS\system32\DRIVERS\AN983.sys
17:57:38.0140 3808 AN983 - ok
17:57:38.0296 3808 ApfiltrService (e8a8e6072cb7e2032e85e7735daa511f) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
17:57:38.0390 3808 ApfiltrService - ok
17:57:38.0515 3808 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
17:57:38.0531 3808 Arp1394 - ok
17:57:38.0593 3808 asc - ok
17:57:38.0625 3808 asc3350p - ok
17:57:38.0906 3808 asc3550 - ok
17:57:39.0281 3808 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:57:39.0312 3808 AsyncMac - ok
17:57:39.0593 3808 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
17:57:39.0593 3808 atapi - ok
17:57:39.0656 3808 Atdisk - ok
17:57:39.0703 3808 ATE_PROCMON - ok
17:57:39.0796 3808 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:57:39.0796 3808 Atmarpc - ok
17:57:39.0921 3808 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
17:57:39.0937 3808 audstub - ok
17:57:40.0062 3808 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
17:57:40.0078 3808 Beep - ok
17:57:40.0187 3808 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
17:57:40.0187 3808 cbidf2k - ok
17:57:40.0265 3808 cd20xrnt - ok
17:57:40.0343 3808 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
17:57:40.0359 3808 Cdaudio - ok
17:57:40.0515 3808 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
17:57:40.0531 3808 Cdfs - ok
17:57:40.0625 3808 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:57:40.0640 3808 Cdrom - ok
17:57:40.0734 3808 cfwids (1dcb5209601a70e36c70fe8d197d62cb) C:\WINDOWS\system32\drivers\cfwids.sys
17:57:40.0828 3808 cfwids - ok
17:57:40.0875 3808 Changer - ok
17:57:40.0937 3808 CmdIde - ok
17:57:41.0000 3808 Cpqarray - ok
17:57:41.0156 3808 ctac32k (e7610aba1f551eb77b6bb2274d194f93) C:\WINDOWS\system32\drivers\ctac32k.sys
17:57:41.0265 3808 ctac32k - ok
17:57:41.0390 3808 ctaud2k (e9ee8b502acfbd0955d081d7a1ccce24) C:\WINDOWS\system32\drivers\ctaud2k.sys
17:57:41.0390 3808 ctaud2k - ok
17:57:41.0531 3808 ctdvda2k (437f2b31ba8b6b264d38b4fe6682faec) C:\WINDOWS\system32\drivers\ctdvda2k.sys
17:57:41.0562 3808 ctdvda2k - ok
17:57:41.0687 3808 ctprxy2k (90fd30ea61c68df474a0b398f03e6d9b) C:\WINDOWS\system32\drivers\ctprxy2k.sys
17:57:41.0750 3808 ctprxy2k - ok
17:57:41.0859 3808 ctsfm2k (ab564ee9668bf9af1c3e5544cceade1d) C:\WINDOWS\system32\drivers\ctsfm2k.sys
17:57:41.0937 3808 ctsfm2k - ok
17:57:42.0015 3808 dac2w2k - ok
17:57:42.0109 3808 dac960nt - ok
17:57:42.0218 3808 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
17:57:42.0218 3808 Disk - ok
17:57:42.0406 3808 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
17:57:42.0484 3808 dmboot - ok
17:57:42.0625 3808 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
17:57:42.0640 3808 dmio - ok
17:57:42.0750 3808 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
17:57:42.0750 3808 dmload - ok
17:57:42.0921 3808 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
17:57:42.0937 3808 DMusic - ok
17:57:43.0031 3808 dpti2o - ok
17:57:43.0125 3808 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
17:57:43.0140 3808 drmkaud - ok
17:57:43.0281 3808 emupia (8b2303cf5fdc7e97a975bd1069cd99d6) C:\WINDOWS\system32\drivers\emupia2k.sys
17:57:43.0343 3808 emupia - ok
17:57:43.0468 3808 ezplay (73e701e0fa4d2fc7d22efceff276c50a) C:\WINDOWS\system32\Drivers\ezplay.sys
17:57:43.0546 3808 ezplay - ok
17:57:43.0687 3808 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
17:57:43.0687 3808 Fastfat - ok
17:57:43.0781 3808 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
17:57:43.0796 3808 Fdc - ok
17:57:43.0890 3808 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
17:57:43.0890 3808 Fips - ok
17:57:44.0000 3808 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
17:57:44.0015 3808 Flpydisk - ok
17:57:44.0203 3808 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
17:57:44.0203 3808 FltMgr - ok
17:57:44.0312 3808 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:57:44.0312 3808 Fs_Rec - ok
17:57:44.0437 3808 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:57:44.0468 3808 Ftdisk - ok
17:57:44.0578 3808 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
17:57:44.0593 3808 gameenum - ok
17:57:44.0671 3808 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:57:44.0687 3808 Gpc - ok
17:57:44.0828 3808 ha10kx2k (e64325ba1ede4a2551a0be186c61d4d7) C:\WINDOWS\system32\drivers\ha10kx2k.sys
17:57:44.0906 3808 ha10kx2k - ok
17:57:45.0031 3808 hap16v2k (a28be5017b423a783dd0d0a4cd3b48f5) C:\WINDOWS\system32\drivers\hap16v2k.sys
17:57:45.0093 3808 hap16v2k - ok
17:57:45.0171 3808 hpn - ok
17:57:45.0218 3808 hpt3xx - ok
17:57:45.0328 3808 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
17:57:45.0343 3808 HTTP - ok
17:57:45.0484 3808 i2omgmt - ok
17:57:45.0531 3808 i2omp - ok
17:57:45.0625 3808 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:57:45.0625 3808 i8042prt - ok
17:57:45.0781 3808 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
17:57:45.0781 3808 Imapi - ok
17:57:45.0859 3808 ini910u - ok
17:57:45.0906 3808 IntelIde - ok
17:57:46.0093 3808 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:57:46.0109 3808 intelppm - ok
17:57:46.0312 3808 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
17:57:46.0328 3808 ip6fw - ok
17:57:46.0437 3808 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:57:46.0437 3808 IpFilterDriver - ok
17:57:46.0546 3808 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:57:46.0546 3808 IpInIp - ok
17:57:46.0656 3808 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:57:46.0671 3808 IpNat - ok
17:57:46.0812 3808 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:57:46.0812 3808 IPSec - ok
17:57:46.0906 3808 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
17:57:46.0906 3808 IRENUM - ok
17:57:47.0093 3808 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:57:47.0125 3808 isapnp - ok
17:57:47.0250 3808 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:57:47.0281 3808 Kbdclass - ok
17:57:47.0453 3808 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
17:57:47.0484 3808 kmixer - ok
17:57:47.0609 3808 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
17:57:47.0609 3808 KSecDD - ok
17:57:47.0671 3808 lbrtfdc - ok
17:57:47.0781 3808 LFSys (e4efb8836261928770a762b95bf813c8) C:\WINDOWS\system32\Drivers\LF30XP.sys
17:57:47.0937 3808 LFSys - ok
17:57:48.0078 3808 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys
17:57:48.0093 3808 MBAMProtector - ok
17:57:48.0250 3808 mfeapfk (36b47b1e9c537f8f2b4481084b8f7d22) C:\WINDOWS\system32\drivers\mfeapfk.sys
17:57:48.0343 3808 mfeapfk - ok
17:57:48.0515 3808 mfeavfk (cde41293db871a75cd99eb0ce781356b) C:\WINDOWS\system32\drivers\mfeavfk.sys
17:57:48.0609 3808 mfeavfk - ok
17:57:48.0671 3808 mfeavfk01 - ok
17:57:48.0765 3808 mfebopk (e22385f64bdf0ad81157479496e33c4a) C:\WINDOWS\system32\drivers\mfebopk.sys
17:57:48.0859 3808 mfebopk - ok
17:57:49.0046 3808 mfefirek (215666a8a85023ef019b510cbb67f678) C:\WINDOWS\system32\drivers\mfefirek.sys
17:57:49.0156 3808 mfefirek - ok
17:57:49.0265 3808 mfehidk (56d330981866a72f061dd16cc5004513) C:\WINDOWS\system32\drivers\mfehidk.sys
17:57:49.0312 3808 mfehidk - ok
17:57:49.0453 3808 mfendisk (62acda4e958e2a392557ba3c6c754a58) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
17:57:49.0546 3808 mfendisk - ok
17:57:49.0562 3808 mfendiskmp (62acda4e958e2a392557ba3c6c754a58) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
17:57:49.0562 3808 mfendiskmp - ok
17:57:49.0640 3808 mferkdet (89b564d63c53fc0c6782ab07eea63acf) C:\WINDOWS\system32\drivers\mferkdet.sys
17:57:49.0734 3808 mferkdet - ok
17:57:49.0843 3808 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\WINDOWS\system32\drivers\mferkdk.sys
17:57:49.0937 3808 mferkdk - ok
17:57:50.0093 3808 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\WINDOWS\system32\drivers\mfesmfk.sys
17:57:50.0187 3808 mfesmfk - ok
17:57:50.0296 3808 mfetdi2k (922e64ca38e38106498fb3435a8e399d) C:\WINDOWS\system32\drivers\mfetdi2k.sys
17:57:50.0375 3808 mfetdi2k - ok
17:57:50.0531 3808 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
17:57:50.0531 3808 mnmdd - ok
17:57:50.0625 3808 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
17:57:50.0640 3808 Modem - ok
17:57:50.0734 3808 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:57:50.0750 3808 Mouclass - ok
17:57:50.0843 3808 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
17:57:50.0843 3808 MountMgr - ok
17:57:50.0906 3808 mraid35x - ok
17:57:51.0031 3808 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:57:51.0046 3808 MRxDAV - ok
17:57:51.0203 3808 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:57:51.0218 3808 MRxSmb - ok
17:57:51.0359 3808 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
17:57:51.0359 3808 Msfs - ok
17:57:51.0500 3808 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:57:51.0500 3808 MSKSSRV - ok
17:57:51.0578 3808 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:57:51.0593 3808 MSPCLOCK - ok
17:57:51.0687 3808 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
17:57:51.0703 3808 MSPQM - ok
17:57:51.0812 3808 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:57:51.0828 3808 mssmbios - ok
17:57:51.0921 3808 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
17:57:51.0937 3808 Mup - ok
17:57:52.0046 3808 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
17:57:52.0062 3808 NDIS - ok
17:57:52.0187 3808 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:57:52.0187 3808 NdisTapi - ok
17:57:52.0281 3808 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:57:52.0281 3808 Ndisuio - ok
17:57:52.0343 3808 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:57:52.0359 3808 NdisWan - ok
17:57:52.0500 3808 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
17:57:52.0500 3808 NDProxy - ok
17:57:52.0609 3808 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
17:57:52.0609 3808 NetBIOS - ok
17:57:52.0703 3808 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
17:57:52.0718 3808 NetBT - ok
17:57:52.0843 3808 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
17:57:52.0859 3808 NIC1394 - ok
17:57:52.0937 3808 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
17:57:52.0953 3808 nm - ok
17:57:53.0093 3808 npf (b9730495e0cf674680121e34bd95a73b) C:\WINDOWS\system32\drivers\npf.sys
17:57:53.0250 3808 npf - ok
17:57:53.0359 3808 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
17:57:53.0359 3808 Npfs - ok
17:57:53.0500 3808 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
17:57:53.0531 3808 Ntfs - ok
17:57:53.0687 3808 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
17:57:53.0687 3808 Null - ok
17:57:53.0875 3808 nv (71dbdc08df86b80511e72953fa1ad6b0) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
17:57:53.0984 3808 nv - ok
17:57:54.0125 3808 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:57:54.0125 3808 NwlnkFlt - ok
17:57:54.0250 3808 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:57:54.0265 3808 NwlnkFwd - ok
17:57:54.0359 3808 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
17:57:54.0359 3808 ohci1394 - ok
17:57:54.0500 3808 ossrv (8db15d0105d92c2fbca5e83cd882a477) C:\WINDOWS\system32\drivers\ctoss2k.sys
17:57:54.0578 3808 ossrv - ok
17:57:54.0687 3808 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
17:57:54.0687 3808 Parport - ok
17:57:54.0781 3808 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
17:57:54.0781 3808 PartMgr - ok
17:57:54.0875 3808 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
17:57:54.0890 3808 ParVdm - ok
17:57:54.0984 3808 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
17:57:55.0000 3808 PCI - ok
17:57:55.0046 3808 PCIDump - ok
17:57:55.0171 3808 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
17:57:55.0171 3808 PCIIde - ok
17:57:55.0296 3808 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
17:57:55.0312 3808 Pcmcia - ok
17:57:55.0437 3808 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
17:57:55.0515 3808 pcouffin - ok
17:57:55.0609 3808 PDCOMP - ok
17:57:55.0656 3808 PDFRAME - ok
17:57:55.0718 3808 PDRELI - ok
17:57:55.0750 3808 PDRFRAME - ok
17:57:55.0796 3808 perc2 - ok
17:57:55.0859 3808 perc2hib - ok
17:57:56.0015 3808 PfModNT (c8a2d6ff660ac601b7bb9a9b16a5c25e) C:\WINDOWS\system32\drivers\PfModNT.sys
17:57:56.0015 3808 PfModNT - ok
17:57:56.0171 3808 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:57:56.0171 3808 PptpMiniport - ok
17:57:56.0281 3808 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
17:57:56.0281 3808 Processor - ok
17:57:56.0343 3808 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
17:57:56.0359 3808 PSched - ok
17:57:56.0468 3808 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:57:56.0468 3808 Ptilink - ok
17:57:56.0531 3808 ql1080 - ok
17:57:56.0578 3808 Ql10wnt - ok
17:57:56.0625 3808 ql12160 - ok
17:57:56.0671 3808 ql1240 - ok
17:57:56.0718 3808 ql1280 - ok
17:57:56.0812 3808 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:57:56.0828 3808 RasAcd - ok
17:57:56.0968 3808 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:57:56.0984 3808 Rasl2tp - ok
17:57:57.0093 3808 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:57:57.0109 3808 RasPppoe - ok
17:57:57.0218 3808 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
17:57:57.0234 3808 Raspti - ok
17:57:57.0359 3808 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:57:57.0375 3808 Rdbss - ok
17:57:57.0484 3808 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:57:57.0484 3808 RDPCDD - ok
17:57:57.0593 3808 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
17:57:57.0593 3808 RDPWD - ok
17:57:57.0703 3808 redbook (247dd8b6b53919644bafa6921c3d534c) C:\WINDOWS\system32\DRIVERS\redbook.sys
17:57:57.0718 3808 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\redbook.sys. Real md5: 247dd8b6b53919644bafa6921c3d534c, Fake md5: f828dd7e1419b6653894a8f97a0094c5
17:57:57.0718 3808 redbook ( Rootkit.Win32.ZAccess.aml ) - infected
17:57:57.0718 3808 redbook - detected Rootkit.Win32.ZAccess.aml (0)
17:57:57.0875 3808 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:57:57.0875 3808 Secdrv - ok
17:57:58.0031 3808 Sentinel (95a26d5d8ceda33377af627dafc2796f) C:\WINDOWS\System32\Drivers\SENTINEL.SYS
17:57:58.0109 3808 Sentinel - ok
17:57:58.0203 3808 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
17:57:58.0203 3808 serenum - ok
17:57:58.0265 3808 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
17:57:58.0265 3808 Serial - ok
17:57:58.0375 3808 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
17:57:58.0390 3808 Sfloppy - ok
17:57:58.0484 3808 Simbad - ok
17:57:58.0531 3808 Sparrow - ok
17:57:58.0625 3808 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
17:57:58.0625 3808 splitter - ok
17:57:58.0781 3808 sptd (d15da1ba189770d93eea2d7e18f95af9) C:\WINDOWS\system32\Drivers\sptd.sys
17:57:58.0781 3808 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: d15da1ba189770d93eea2d7e18f95af9
17:57:58.0781 3808 sptd ( LockedFile.Multi.Generic ) - warning
17:57:58.0781 3808 sptd - detected LockedFile.Multi.Generic (1)
17:57:58.0859 3808 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
17:57:58.0875 3808 sr - ok
17:57:58.0921 3808 srescan - ok
17:57:59.0062 3808 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
17:57:59.0093 3808 Srv - ok
17:57:59.0203 3808 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
17:57:59.0218 3808 swenum - ok
17:57:59.0312 3808 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
17:57:59.0328 3808 swmidi - ok
17:57:59.0562 3808 symc810 - ok
17:57:59.0609 3808 symc8xx - ok
17:57:59.0656 3808 sym_hi - ok
17:57:59.0703 3808 sym_u3 - ok
17:57:59.0796 3808 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
17:57:59.0796 3808 sysaudio - ok
17:57:59.0937 3808 tbhsd (c26c6dff638d9e51dc5cc60a7785d057) C:\WINDOWS\system32\drivers\tbhsd.sys
17:58:00.0031 3808 tbhsd - ok
17:58:00.0156 3808 Tcpip (20d3ff09b7c5ad348e304b1ef58cb9a7) C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:58:00.0171 3808 Tcpip - ok
17:58:00.0312 3808 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
17:58:00.0328 3808 TDPIPE - ok
17:58:00.0437 3808 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
17:58:00.0453 3808 TDTCP - ok
17:58:00.0562 3808 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
17:58:00.0562 3808 TermDD - ok
17:58:00.0640 3808 TosIde - ok
17:58:00.0734 3808 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
17:58:00.0750 3808 Udfs - ok
17:58:01.0015 3808 ultra - ok
17:58:01.0140 3808 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
17:58:01.0187 3808 Update - ok
17:58:01.0328 3808 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:58:01.0343 3808 usbccgp - ok
17:58:01.0484 3808 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:58:01.0484 3808 usbehci - ok
17:58:01.0593 3808 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:58:01.0609 3808 usbhub - ok
17:58:01.0734 3808 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:58:01.0750 3808 usbprint - ok
17:58:01.0859 3808 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:58:01.0859 3808 USBSTOR - ok
17:58:01.0984 3808 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:58:01.0984 3808 usbuhci - ok
17:58:02.0109 3808 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
17:58:02.0125 3808 VgaSave - ok
17:58:02.0187 3808 ViaIde - ok
17:58:02.0296 3808 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
17:58:02.0312 3808 VolSnap - ok
17:58:02.0390 3808 vsdatant - ok
17:58:02.0546 3808 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:58:02.0546 3808 Wanarp - ok
17:58:02.0671 3808 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
17:58:02.0859 3808 Wdf01000 - ok
17:58:02.0921 3808 WDICA - ok
17:58:03.0046 3808 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
17:58:03.0062 3808 wdmaud - ok
17:58:03.0250 3808 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
17:58:03.0250 3808 WS2IFSL - ok
17:58:03.0328 3808 MBR (0x1B8) (2839639fa37b8353e792a2a30a12ced3) \Device\Harddisk0\DR0
17:58:03.0328 3808 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - infected
17:58:03.0328 3808 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
17:58:03.0343 3808 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
17:58:03.0562 3808 \Device\Harddisk1\DR1 - ok
17:58:03.0578 3808 MBR (0x1B8) (8ff255184f078c9c04e6a2ce66117c5c) \Device\Harddisk2\DR4
17:58:03.0593 3808 \Device\Harddisk2\DR4 - ok
17:58:03.0593 3808 Boot (0x1200) (20dde0dd0a52d1da28da4697100bc7c0) \Device\Harddisk0\DR0\Partition0
17:58:03.0593 3808 \Device\Harddisk0\DR0\Partition0 - ok
17:58:03.0625 3808 Boot (0x1200) (7e0f8f883b7fa194f5f1b6420e364624) \Device\Harddisk1\DR1\Partition0
17:58:03.0625 3808 \Device\Harddisk1\DR1\Partition0 - ok
17:58:04.0015 3808 Boot (0x1200) (afc1c9e46e398753040b86c1ea61a79d) \Device\Harddisk2\DR4\Partition0
17:58:04.0015 3808 \Device\Harddisk2\DR4\Partition0 - ok
17:58:04.0015 3808 ============================================================
17:58:04.0015 3808 Scan finished
17:58:04.0015 3808 ============================================================
17:58:04.0046 3800 Detected object count: 4
17:58:04.0046 3800 Actual detected object count: 4
18:00:13.0703 3800 Backup copy found, using it..
18:00:13.0734 3800 C:\WINDOWS\system32\DRIVERS\ACPI.sys - will be cured on reboot
18:00:13.0734 3800 ACPI ( Virus.Win32.Rloader.a ) - User select action: Cure
18:00:14.0078 3800 Backup copy found, using it..
18:00:14.0093 3800 C:\WINDOWS\system32\DRIVERS\redbook.sys - will be cured on reboot
18:00:21.0390 3800 redbook ( Rootkit.Win32.ZAccess.aml ) - User select action: Cure
18:00:21.0390 3800 sptd ( LockedFile.Multi.Generic ) - skipped by user
18:00:21.0390 3800 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
18:00:21.0453 3800 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - will be cured on reboot
18:00:21.0453 3800 \Device\Harddisk0\DR0 - ok
18:00:21.0453 3800 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - User select action: Cure
18:00:29.0718 3176 Deinitialize success
slysnake
Active Member
 
Posts: 13
Joined: December 13th, 2011, 8:22 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 14 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware