Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Malware trouble

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Malware trouble

Unread postby LeeAJD » November 24th, 2010, 6:38 pm

I'm having some trouble with my laptop which i'm guessing is malware related. When I start my computer I get messages regarding 'oops.exe' and sometimes 'nonep' and I have no idea what these are but I know it's not good. I've also had a message on startup saying 'Failed to set data for 'rap''. I've got McAffee and also Adaware which just today gave me a messsage saying there was some malicious software running in the background but i'm still getting these other messages. Below is my HijackThis report and Uninstall list.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:34:00, on 24/11/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\Alex\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\Alex\windows\uk.exe
C:\Users\Alex\AppData\Roaming\Yqyxzo\olor.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Alex\Desktop\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... spire_7735
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACA ... spire_7735
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... spire_7735
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACA ... spire_7735
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,,c:\program files\microsoft\desktoplayer.exe
O1 - Hosts: ::1 localhost
O1 - Hosts: 74.208.10.249 gs.apple.com
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ProductReg] "C:\Program Files\Acer\WR_PopUp\ProductReg.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Dropbox.lnk = Alex\AppData\Roaming\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Microgaming\Poker\ladbrokesMPP\MPPoker.exe
O15 - Trusted Zone: http://*.mcafee.com
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GO36F4~1.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Unknown owner - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: lxbc_device - - C:\Windows\system32\lxbccoms.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe

--
End of file - 10397 bytes


Above & Beyond Screensaver
Acer Arcade Deluxe
Acer Arcade Deluxe
Acer Backup Manager
Acer Crystal Eye Webcam
Acer GridVista
Acer PowerSmart Manager
Acer Product Registration
Acer ScreenSaver
Acrobat.com
Acrobat.com
Ad-Aware
Ad-Aware
Adobe AIR
Adobe AIR
Adobe Anchor Service CS3
Adobe Anchor Service CS4
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge CS4
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps CS4
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Fireworks CS4
Adobe Fireworks CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe Media Player
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS3
Adobe Photoshop CS3
Adobe Reader 9.2
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support CS4
Adobe Update Manager CS3
Adobe Update Manager CS4
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Adobe XMP Panels CS4
Advertising Center
Age of Empires III
Age of Empires III - The WarChiefs
AmIcoSingLun
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ares 3.1.5.3037
Atomix.Atomix MP3 v2.3
AviSynth 2.5
BitTorrent
Bonjour
Broadcom Gigabit NetLink Controller
C:\Program Files\Acer GameZone\GameConsole
Cake Mania 2
Compatibility Pack for the 2007 Office system
Connect
Cooking Dash
Cradle of Rome
Dairy Dash
Digital Media Converter Pro 3.2
DivX Setup
DolbyFiles
Dream Day Honeymoon
eSobi v2
eSobi v2
F1 2010
F1 2010
ffdshow (remove only)
Football Manager 2010
Free YouTube to iPod Converter version 3.9
Galapago
GameShadow
Google Desktop
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Update Helper
Intel(R) Graphics Media Accelerator Driver
Intel(R) TV Wizard
iTunes
Java(TM) 6 Update 20
Jewel Quest Solitaire
Junk Mail filter update
kuler
Ladbrokes Poker
Launch Manager
Lexmark Z500-Z600 Series
LSI HDA Modem
Luxor 2
Macromedia Dreamweaver MX
Macromedia Extension Manager
Macromedia Flash MX
MagicDisc 2.7.106
Mahjong Escape Ancient China
McAfee SecurityCenter
McAfee Virtual Technician
Menu Templates - Starter Kit
Microsoft Choice Guard
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Standard 2007
Microsoft Office Standard 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Works
Microsoft WSE 3.0 Runtime
Mixed In Key 2.5
Movie Templates - Starter Kit
Mozilla Firefox (3.6.12)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero BurnRights
Nero ControlCenter
Nero CoverDesigner
Nero Disc Copy Gadget
Nero DiscSpeed
Nero DriveSpeed
Nero InfoTool
Nero Installer
Nero PhotoSnap
Nero Recode
Nero Rescue Agent
Nero ShowTime
Nero StartSmart
Nero Vision
Nero WaveEditor
NeroBurningROM
NeroExpress
neroxml
Network Play System (Patching)
NTI Backup Now 5
NTI Media Maker 8
NVIDIA GAME System Software 2.8.1
Ocean Express
OGA Notifier 2.0.0048.0
OpenAL
Orbit Downloader
Orion
Parking Dash
PDF Settings
Photoshop Camera Raw
PSP Video 9 5.04
Puzzle Express
QuickTime
Rainbow Web
Rapport
Rapport
Rapture3D 2.4.4 Game
Realtek High Definition Audio Driver
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB982135)
Security Update for Microsoft Office Word 2007 (KB982135)
Sherlock Holmes versus Jack the Ripper
SopCast 3.2.9
SoundTrax
Steam
Suite Shared Configuration CS4
Synaptics Pointing Device Driver
TeamViewer 5
The Sims Superstar
Tradewinds 2
Tri-Peaks Solitaire To Go
Turbo Pizza
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb983486)
Upgrade Kit
VC80CRTRedist - 8.0.50727.4053
Virtual DJ - Atomix Productions
VirtualCloneDrive
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Wedding Dash
Winamp
WinAVI Video Converter
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Player Firefox Plugin
WinRAR archiver
Xvid 1.2.1 final uninstall
Youda Marina
Zuma Deluxe

Regards
Alex
LeeAJD
Regular Member
 
Posts: 47
Joined: November 24th, 2010, 6:28 pm
Advertisement
Register to Remove

Re: Malware trouble

Unread postby MWR 3 day Mod » November 28th, 2010, 12:49 am

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: Malware trouble

Unread postby Cypher » November 29th, 2010, 1:20 pm

Hi checking your logs now be right back.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Malware trouble

Unread postby Cypher » November 29th, 2010, 1:38 pm

Hi and welcome to Malware Removal Forum, sorry for the delay in answering your request for help the forum is really busy.
My name is Cypher, and I will be helping you with your malware problems.
If you no longer require help i would be grateful if you would let me know.

Before we start please note the following important guidelines.
  • The instructions being given are for YOUR computer and system only!.
    Using these instructions on a different computer, can damage that computer and possibly make it inoperable!
  • If you don't know or understand something, please don't hesitate to ask.
  • Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
  • Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
    Absence of symptoms does not mean that everything is clear.
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • Please DO NOT install any other software (or hardware) during the cleaning process.
  • Print each set of instructions... if possible...your Internet connection will not be available during some fix processes.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.
Backup Made Easy - XP
How to backup your data - Vista



Win 7 Advice:
  • All applications I ask to be used will require to be run in Administrator mode. IE: Right click on and select Run as Administrator.
  • The Operating System(Windows 7) in use comes with a inbuilt utility called User Access Control(UAC).
  • When prompted by this with anything I ask you to do carry out please select the option Allow.



Remove P2P Programs

  • I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

    BitTorrent

  • Please read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.
  • Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.
  • Click on Start > All programs > Accessories > Run.
  • In the open text box copy/paste appwiz.cpl Then click Ok.
  • Uninstall the programs listed above (in red) and any other P2P you have installed NOW.
  • Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.

While you are in Add/remove programs uninstall the following also.
Ad-Aware
Advertising Center


Next.

Run CKScanner

  • Please download CKScanner from Here
  • Important: - Save it to your desktop.
  • Right-click CKScanner.exe > select " Run as administrator " then click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

Next.

Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware and save to your desktop.

  • Right-click mbam-setup.exe And select " Run as administrator " then follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to:
    Update Malwarebytes' Anti-Malware
    Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Quick Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Check all items except items in the C:\System Volume Information folder... and click Remove Selected.
    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
  • When completed, a log will open in Notepad. Please copy and paste the log back into your next reply
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Next.

RSIT (Random's System Information Tool)

Please download RSIT by random/random... and save it to your desktop.
  • Right click on RSIT.exe and select "Run As Administrator" to run it. If Windows UAC prompts you, please allow it.
  • Please read the disclaimer... click on Continue.
  • RSIT will start running. When done... 2 logs files...will be produced.
  • The first one, "log.txt", << will be maximized
  • The second one, "info.txt", << will be minimized.
Please post both... "log.txt" and "info.txt", file contents in your next reply.
(These logs can be lengthy, so post 1 log per reply please.)


Logs/Information to Post in your Next Reply

  • CKFiles.txt.
  • Malwarebytes log.
  • RSIT log.txt and info.txt contents.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Malware trouble

Unread postby LeeAJD » November 30th, 2010, 10:04 am

CKFiles

CKScanner - Additional Security Risks - These are not necessarily bad
scanner sequence 3.RP.11
----- EOF -----


Malwarebytes'

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5216

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

30/11/2010 13:52:47
mbam-log-2010-11-30 (13-52-47).txt

Scan type: Quick scan
Objects scanned: 171325
Time elapsed: 7 minute(s), 55 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 1
Files Infected: 5

Memory Processes Infected:
c:\Windows\Temp\yucu\setup.exe (Spyware.Passwords.XGen) -> 1784 -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AMService (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (c:\windows\system32\userinit.exe,,c:\program files\microsoft\desktoplayer.exe) Good: (userinit.exe) -> Quarantined and deleted successfully.

Folders Infected:
c:\driversxxx.exe (Trojan.Spyeyes) -> Quarantined and deleted successfully.

Files Infected:
c:\Windows\Temp\yucu\setup.exe (Spyware.Passwords.XGen) -> Delete on reboot.
c:\windows\temp\isvs\setup.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\program files\microsoft\desktoplayer.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\driversxxx.exe\driversxxx.exe (Trojan.Spyeyes) -> Quarantined and deleted successfully.
c:\driversxxx.exe\config.bin (Trojan.Spyeyes) -> Quarantined and deleted successfully.
LeeAJD
Regular Member
 
Posts: 47
Joined: November 24th, 2010, 6:28 pm

Re: Malware trouble

Unread postby LeeAJD » November 30th, 2010, 10:06 am

RSIT log.txt

Logfile of random's system information tool 1.08 (written by random/random)
Run by Alex at 2010-11-30 13:57:03
Microsoft Windows 7 Home Premium
System drive C: has 198 GB (67%) free of 295 GB
Total RAM: 3001 MB (64% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:57:26, on 30/11/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\igfxsrvc.exe
C:\Users\Alex\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Alex\Desktop\RSIT.exe
C:\Program Files\trend micro\Alex.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... spire_7735
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACA ... spire_7735
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... spire_7735
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACA ... spire_7735
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: ::1 localhost
O1 - Hosts: 74.208.10.249 gs.apple.com
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ProductReg] "C:\Program Files\Acer\WR_PopUp\ProductReg.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Dropbox.lnk = Alex\AppData\Roaming\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Microgaming\Poker\ladbrokesMPP\MPPoker.exe
O15 - Trusted Zone: http://*.mcafee.com
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GO36F4~1.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Unknown owner - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxbc_device - - C:\Windows\system32\lxbccoms.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe

--
End of file - 10187 bytes

======Scheduled tasks folder======

C:\Windows\tasks\At1.job
C:\Windows\tasks\At10.job
C:\Windows\tasks\At11.job
C:\Windows\tasks\At12.job
C:\Windows\tasks\At13.job
C:\Windows\tasks\At14.job
C:\Windows\tasks\At15.job
C:\Windows\tasks\At16.job
C:\Windows\tasks\At17.job
C:\Windows\tasks\At18.job
C:\Windows\tasks\At19.job
C:\Windows\tasks\At2.job
C:\Windows\tasks\At20.job
C:\Windows\tasks\At21.job
C:\Windows\tasks\At22.job
C:\Windows\tasks\At23.job
C:\Windows\tasks\At24.job
C:\Windows\tasks\At25.job
C:\Windows\tasks\At26.job
C:\Windows\tasks\At27.job
C:\Windows\tasks\At28.job
C:\Windows\tasks\At29.job
C:\Windows\tasks\At3.job
C:\Windows\tasks\At30.job
C:\Windows\tasks\At31.job
C:\Windows\tasks\At32.job
C:\Windows\tasks\At33.job
C:\Windows\tasks\At34.job
C:\Windows\tasks\At35.job
C:\Windows\tasks\At36.job
C:\Windows\tasks\At37.job
C:\Windows\tasks\At38.job
C:\Windows\tasks\At39.job
C:\Windows\tasks\At4.job
C:\Windows\tasks\At40.job
C:\Windows\tasks\At41.job
C:\Windows\tasks\At42.job
C:\Windows\tasks\At43.job
C:\Windows\tasks\At44.job
C:\Windows\tasks\At45.job
C:\Windows\tasks\At46.job
C:\Windows\tasks\At47.job
C:\Windows\tasks\At48.job
C:\Windows\tasks\At5.job
C:\Windows\tasks\At6.job
C:\Windows\tasks\At7.job
C:\Windows\tasks\At8.job
C:\Windows\tasks\At9.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\McDefragTask.job
C:\Windows\tasks\McQcTask.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}]
Octh Class - C:\Program Files\Orbitdownloader\orbitcth.dll [2010-08-30 237644]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll [2010-02-17 62784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-10-28 297648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll [2010-10-28 843832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-05-23 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-10-28 297648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-07-12 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-07-12 174104]
"Persistence"=C:\Windows\system32\igfxpers.exe [2009-07-12 150552]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [2010-09-21 47904]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-09-08 421888]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2010-06-10 1218008]
"VirtualCloneDrive"=C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [2009-06-17 85160]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-11-11 421160]
"Malwarebytes' Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-11-29 963976]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2009-07-14 144384]
"ProductReg"=C:\Program Files\Acer\WR_PopUp\ProductReg.exe [2008-11-17 135168]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-10-06 68856]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files\Steam\Steam.exe [2010-05-01 1238352]

C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Dropbox.lnk - C:\Users\Alex\AppData\Roaming\Dropbox\bin\Dropbox.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\PROGRA~1\Google\GOOGLE~1\GO36F4~1.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2009-07-03 215552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"legalnoticetext"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Orbitdownloader\orbitdm.exe"="C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit"
"C:\Program Files\Orbitdownloader\orbitnet.exe"="C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - "C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe" "%1"

======List of files/folders created in the last 1 months======

2010-11-30 13:57:04 ----D---- C:\Program Files\trend micro
2010-11-30 13:57:03 ----D---- C:\rsit
2010-11-30 12:16:00 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys
2010-11-30 12:15:55 ----A---- C:\Windows\system32\drivers\mbam.sys
2010-11-30 12:06:26 ----D---- C:\Users\Alex\AppData\Roaming\Vomu
2010-11-30 12:06:26 ----D---- C:\Users\Alex\AppData\Roaming\Emwu
2010-11-30 11:50:54 ----D---- C:\Users\Alex\AppData\Roaming\Onfe
2010-11-30 11:50:54 ----D---- C:\Users\Alex\AppData\Roaming\Odula
2010-11-29 16:08:27 ----D---- C:\Users\Alex\AppData\Roaming\Ylhyvy
2010-11-29 16:08:27 ----D---- C:\Users\Alex\AppData\Roaming\Bocyl
2010-11-26 21:18:53 ----D---- C:\Users\Alex\AppData\Roaming\Ysucwa
2010-11-26 21:18:53 ----D---- C:\Users\Alex\AppData\Roaming\Coybme
2010-11-24 22:07:58 ----D---- C:\Users\Alex\AppData\Roaming\Yqyxzo
2010-11-24 22:07:58 ----D---- C:\Users\Alex\AppData\Roaming\Uzfuz
2010-11-24 12:09:18 ----D---- C:\Users\Alex\AppData\Roaming\Ynar
2010-11-24 12:09:18 ----D---- C:\Users\Alex\AppData\Roaming\Ifeqb
2010-11-24 12:05:37 ----D---- C:\Users\Alex\AppData\Roaming\Etfac
2010-11-24 12:05:36 ----D---- C:\Users\Alex\AppData\Roaming\Cumiu
2010-11-24 11:58:13 ----D---- C:\Users\Alex\AppData\Roaming\Ulowup
2010-11-24 11:58:13 ----D---- C:\Users\Alex\AppData\Roaming\Opyro
2010-11-22 11:02:12 ----D---- C:\Users\Alex\AppData\Roaming\Oryl
2010-11-22 11:02:12 ----D---- C:\Users\Alex\AppData\Roaming\Hayp
2010-11-22 09:14:14 ----D---- C:\Users\Alex\AppData\Roaming\Qexoan
2010-11-22 09:14:14 ----D---- C:\Users\Alex\AppData\Roaming\Kionum
2010-11-20 22:04:22 ----D---- C:\Users\Alex\AppData\Roaming\Xaedma
2010-11-20 22:04:22 ----D---- C:\Users\Alex\AppData\Roaming\Weazah
2010-11-20 06:54:23 ----D---- C:\Users\Alex\AppData\Roaming\Wyyc
2010-11-20 06:54:23 ----D---- C:\Users\Alex\AppData\Roaming\Obaku
2010-11-20 06:51:45 ----D---- C:\Users\Alex\AppData\Roaming\Lyhool
2010-11-20 06:51:45 ----D---- C:\Users\Alex\AppData\Roaming\Gireo
2010-11-20 06:51:42 ----D---- C:\ProgramData\Office Genuine Advantage
2010-11-18 15:25:06 ----A---- C:\Windows\system32\MRT.exe
2010-11-18 15:22:30 ----D---- C:\Users\Alex\AppData\Roaming\Neiba
2010-11-18 15:22:30 ----D---- C:\Users\Alex\AppData\Roaming\Epyze
2010-11-18 12:40:40 ----D---- C:\Users\Alex\AppData\Roaming\Nevi
2010-11-18 12:40:39 ----D---- C:\Users\Alex\AppData\Roaming\Iqsati
2010-11-16 23:20:24 ----D---- C:\Program Files\iPod
2010-11-15 14:54:28 ----D---- C:\Users\Alex\AppData\Roaming\Uwaxy
2010-11-15 14:54:28 ----D---- C:\Users\Alex\AppData\Roaming\Elky
2010-11-11 16:36:05 ----A---- C:\Windows\system32\rapture3d_oal.dll
2010-11-11 16:36:05 ----A---- C:\Windows\system32\mkl_blueripple.dll
2010-11-11 16:36:04 ----D---- C:\Program Files\BRS
2010-11-11 16:35:58 ----RA---- C:\Windows\system32\tmpDBBF.tmp
2010-11-11 16:35:58 ----D---- C:\Program Files\OpenAL
2010-11-11 16:35:58 ----A---- C:\Windows\system32\wrap_oal.dll
2010-11-11 16:35:58 ----A---- C:\Windows\system32\OpenAL32.dll
2010-11-11 16:35:56 ----A---- C:\Windows\system32\XAudio2_7.dll
2010-11-11 16:35:56 ----A---- C:\Windows\system32\XAPOFX1_5.dll
2010-11-11 16:35:55 ----A---- C:\Windows\system32\xactengine3_7.dll
2010-11-11 16:35:55 ----A---- C:\Windows\system32\D3DX9_43.dll
2010-11-11 16:35:55 ----A---- C:\Windows\system32\d3dx11_43.dll
2010-11-11 16:35:55 ----A---- C:\Windows\system32\d3dx10_43.dll
2010-11-11 16:35:55 ----A---- C:\Windows\system32\d3dcsx_43.dll
2010-11-11 16:35:55 ----A---- C:\Windows\system32\D3DCompiler_43.dll
2010-11-11 16:35:54 ----A---- C:\Windows\system32\XAudio2_6.dll
2010-11-11 16:35:54 ----A---- C:\Windows\system32\XAPOFX1_4.dll
2010-11-11 16:35:54 ----A---- C:\Windows\system32\xactengine3_6.dll
2010-11-11 16:35:54 ----A---- C:\Windows\system32\X3DAudio1_7.dll
2010-11-11 16:35:53 ----A---- C:\Windows\system32\XAudio2_5.dll
2010-11-11 16:35:53 ----A---- C:\Windows\system32\xactengine3_5.dll
2010-11-11 16:35:52 ----A---- C:\Windows\system32\D3DCompiler_42.dll
2010-11-11 16:35:51 ----A---- C:\Windows\system32\d3dcsx_42.dll
2010-11-11 16:35:50 ----A---- C:\Windows\system32\d3dx11_42.dll
2010-11-11 16:35:48 ----A---- C:\Windows\system32\XAPOFX1_3.dll
2010-11-11 16:35:44 ----A---- C:\Windows\system32\XAudio2_2.dll
2010-11-11 16:35:44 ----A---- C:\Windows\system32\XAPOFX1_1.dll
2010-11-11 16:35:44 ----A---- C:\Windows\system32\xactengine3_2.dll
2010-11-11 16:33:52 ----A---- C:\Windows\system32\d3dx10_42.dll
2010-11-11 16:33:50 ----A---- C:\Windows\system32\D3DX9_42.dll
2010-11-11 16:33:04 ----D---- C:\Windows\system32\xlive
2010-11-11 16:33:04 ----D---- C:\Program Files\Microsoft Games for Windows - LIVE
2010-11-11 16:24:39 ----D---- C:\Program Files\Codemasters
2010-11-11 16:00:00 ----D---- C:\Program Files\Elaborate Bytes
2010-11-10 17:22:06 ----D---- C:\Users\Alex\AppData\Roaming\Oludod
2010-11-10 17:22:06 ----D---- C:\Users\Alex\AppData\Roaming\Kyzo
2010-11-02 23:33:46 ----D---- C:\Users\Alex\AppData\Roaming\Uqyz
2010-11-02 23:33:46 ----D---- C:\Users\Alex\AppData\Roaming\Mawo
2010-11-02 23:29:30 ----D---- C:\Users\Alex\AppData\Roaming\Wyvoo
2010-11-02 23:29:30 ----D---- C:\Users\Alex\AppData\Roaming\Azfia
2010-10-31 23:14:26 ----D---- C:\Users\Alex\AppData\Roaming\Inykse
2010-10-31 23:14:26 ----D---- C:\Users\Alex\AppData\Roaming\Dyuwi
2010-10-31 20:24:16 ----D---- C:\Users\Alex\AppData\Roaming\Giimuq
2010-10-31 20:24:16 ----D---- C:\Users\Alex\AppData\Roaming\Cefi
2010-10-31 17:39:01 ----D---- C:\Users\Alex\AppData\Roaming\Qaiz
2010-10-31 17:39:01 ----D---- C:\Users\Alex\AppData\Roaming\Foyf
2010-10-31 11:27:09 ----D---- C:\Users\Alex\AppData\Roaming\Quen
2010-10-31 11:27:09 ----D---- C:\Users\Alex\AppData\Roaming\Huhol

======List of files/folders modified in the last 1 months======

2010-11-30 13:57:15 ----D---- C:\Windows\Temp
2010-11-30 13:57:04 ----RD---- C:\Program Files
2010-11-30 13:56:04 ----D---- C:\Windows\system32\config
2010-11-30 13:55:24 ----D---- C:\Users\Alex\AppData\Roaming\Dropbox
2010-11-30 13:55:05 ----D---- C:\Windows
2010-11-30 13:54:19 ----D---- C:\Windows\system32\drivers
2010-11-30 13:53:39 ----D---- C:\Windows\Cooking Dash
2010-11-30 12:16:02 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-11-30 12:05:09 ----HD---- C:\ProgramData
2010-11-30 12:03:06 ----SHD---- C:\Windows\Installer
2010-11-30 12:02:56 ----DC---- C:\Windows\system32\DRVSTORE
2010-11-30 12:02:56 ----D---- C:\ProgramData\Lavasoft
2010-11-30 12:02:54 ----D---- C:\Windows\System32
2010-11-30 11:58:25 ----D---- C:\Windows\system32\Tasks
2010-11-30 11:58:24 ----D---- C:\Windows\Tasks
2010-11-24 22:33:54 ----D---- C:\Windows\Prefetch
2010-11-24 12:41:14 ----D---- C:\Windows\system32\NDF
2010-11-22 18:49:46 ----D---- C:\Windows\inf
2010-11-20 22:03:32 ----D---- C:\Windows\Minidump
2010-11-20 22:01:52 ----D---- C:\Windows\system32\catroot
2010-11-18 15:29:34 ----D---- C:\Windows\system32\zh-TW
2010-11-18 15:29:34 ----D---- C:\Windows\system32\zh-HK
2010-11-18 15:29:34 ----D---- C:\Windows\system32\tr-TR
2010-11-18 15:29:34 ----D---- C:\Windows\system32\sv-SE
2010-11-18 15:29:34 ----D---- C:\Windows\system32\pt-BR
2010-11-18 15:29:34 ----D---- C:\Windows\system32\nl-NL
2010-11-18 15:29:34 ----D---- C:\Windows\system32\nb-NO
2010-11-18 15:29:34 ----D---- C:\Windows\system32\ko-KR
2010-11-18 15:29:34 ----D---- C:\Windows\system32\it-IT
2010-11-18 15:29:34 ----D---- C:\Windows\system32\he-IL
2010-11-18 15:29:34 ----D---- C:\Windows\system32\fr-FR
2010-11-18 15:29:34 ----D---- C:\Windows\system32\fi-FI
2010-11-18 15:29:34 ----D---- C:\Windows\system32\es-ES
2010-11-18 15:29:34 ----D---- C:\Windows\system32\el-GR
2010-11-18 15:29:34 ----D---- C:\Windows\system32\de-DE
2010-11-18 15:29:34 ----D---- C:\Windows\system32\da-DK
2010-11-18 15:29:34 ----D---- C:\Windows\system32\ar-SA
2010-11-18 15:29:33 ----D---- C:\Windows\system32\en-US
2010-11-18 15:25:10 ----D---- C:\Windows\debug
2010-11-18 15:24:50 ----SHD---- C:\System Volume Information
2010-11-16 23:21:03 ----D---- C:\Program Files\iTunes
2010-11-16 23:20:23 ----D---- C:\Program Files\Common Files\Apple
2010-11-16 23:17:34 ----D---- C:\Windows\system32\DriverStore
2010-11-11 16:36:29 ----D---- C:\Windows\winsxs
2010-11-11 16:35:27 ----RSD---- C:\Windows\assembly
2010-11-11 16:24:07 ----SD---- C:\ProgramData\Microsoft
2010-11-08 01:19:49 ----D---- C:\Users\Alex\AppData\Roaming\Obogaq
2010-11-08 01:19:47 ----D---- C:\Users\Alex\AppData\Roaming\Tyux
2010-11-08 01:19:40 ----D---- C:\Users\Alex\AppData\Roaming\Xiofhu
2010-11-04 21:56:12 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-10-31 23:14:46 ----D---- C:\Windows\system32\catroot2

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2009-06-05 330264]
R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2010-04-27 45648]
R0 RapportKELL;RapportKELL; C:\Windows\System32\Drivers\RapportKELL.sys [2010-10-03 59240]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R0 UBHelper;UBHelper; C:\Windows\system32\drivers\UBHelper.sys [2008-01-31 13824]
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2009-12-17 26024]
R1 mfehidk;McAfee Inc. mfehidk; C:\Windows\system32\drivers\mfehidk.sys [2010-02-17 214664]
R1 MPFP;MPFP; C:\Windows\System32\Drivers\Mpfp.sys [2010-07-15 130424]
R1 RapportBuka;RapportBuka; \??\C:\Windows\system32\drivers\RapportBuka.sys [2010-03-02 390528]
R1 RapportCerberus_19917;RapportCerberus_19917; \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\19917\RapportCerberus_19917.sys [2010-10-03 34792]
R1 RapportPG;RapportPG; \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [2010-10-03 169320]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2009-12-07 281504]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2009-12-07 25888]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2009-04-06 1161664]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2009-07-13 1096704]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys [2009-03-26 21000]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2009-07-03 5922816]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2009-07-06 2657120]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI; C:\Windows\system32\drivers\IntcHdmi.sys [2009-05-25 122368]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\k57nd60x.sys [2008-09-04 223232]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\Windows\system32\drivers\mfeavfk.sys [2010-02-17 79816]
R3 mfebopk;McAfee Inc. mfebopk; C:\Windows\system32\drivers\mfebopk.sys [2010-02-17 35272]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\Windows\system32\drivers\mfesmfk.sys [2010-02-17 40552]
R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\Drivers\NTIDrvr.sys [2009-03-25 15360]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-12-05 204976]
R3 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys [2009-08-09 29696]
S0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-11-04 436792]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-13 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 dc3d;MS Hardware Device Detection Driver (HID); C:\Windows\system32\DRIVERS\dc3d.sys [2009-11-04 17408]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1; C:\Windows\system32\drivers\libusb0.sys [2007-03-20 16896]
S3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\Windows\system32\DRIVERS\mcdbus.sys []
S3 mferkdk;McAfee Inc. mferkdk; C:\Windows\system32\drivers\mferkdk.sys [2010-02-17 34248]
S3 NuidFltr;NUID filter driver; C:\Windows\system32\DRIVERS\NuidFltr.sys [2009-05-09 14736]
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2010-09-28 41984]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-13 52736]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-13 34944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [2009-03-27 14336]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-10-16 37664]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-07-27 345376]
R2 CLHNService;CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-12-18 75048]
R2 ePowerSvc;Acer ePower Service; C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2009-08-26 690720]
R2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-06-26 135664]
R2 lxbc_device;lxbc_device; C:\Windows\system32\lxbccoms.exe [2007-03-16 537520]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2010-06-10 865832]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2009-07-07 2482848]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2009-07-08 359952]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2010-02-17 144704]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2009-10-27 895696]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-09-23 935208]
R2 NTI IScheduleSvc;NTI IScheduleSvc; C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-04-11 61184]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-09-23 144632]
R2 RapportMgmtService;Rapport Management Service; C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe [2010-10-03 767208]
R2 TeamViewer5;TeamViewer 5; C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe [2010-07-06 173352]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-11-11 820008]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2010-02-17 606736]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-11-25 655624]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe []
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-10-06 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2010-02-24 365072]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-09-23 50424]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2010-05-01 390952]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-05-25 1343400]

-----------------EOF-----------------
LeeAJD
Regular Member
 
Posts: 47
Joined: November 24th, 2010, 6:28 pm

Re: Malware trouble

Unread postby LeeAJD » November 30th, 2010, 10:06 am

RSIT info.txt

info.txt logfile of random's system information tool 1.08 2010-11-30 13:57:30

======Uninstall list======

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A450831D-25F6-4F42-9662-D000B25E0D82}\Setup.exe" -uninstall
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA4BF92B-2AAF-11DA-9D78-000129760D75}\Setup.exe" -uninstall
Above & Beyond Screensaver-->"C:\Windows\Above & Beyond Screensaver Uninstaller\unins000.exe"
Acer Arcade Deluxe-->"C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\Setup.exe" /z-uninstall
Acer Arcade Deluxe-->"C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\Setup.exe" /z-uninstall
Acer Backup Manager-->C:\Program Files\InstallShield Installation Information\{72B776E5-4530-4C4B-9453-751DF87D9D93}\setup.exe -runfromtemp -l0x0409
Acer Crystal Eye Webcam-->C:\Program Files\InstallShield Installation Information\{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}\setup.exe -runfromtemp -l0x0009 -removeonly
Acer GridVista-->C:\Windows\GVUni.exe GridV.UNI
Acer PowerSmart Manager-->"C:\Program Files\InstallShield Installation Information\{3DB0448D-AD82-4923-B305-D001E521A964}\setup.exe" -runfromtemp -l0x0009 -removeonly
Acer Product Registration-->"C:\Program Files\InstallShield Installation Information\{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}\setup.exe" -runfromtemp -l0x0009 -removeonly
Acer ScreenSaver-->C:\Windows\Screensavers\Acer\Uninstall.exe
Acrobat.com-->msiexec /qb /x {77DCDCE3-2DED-62F3-8154-05E745472D07}
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Anchor Service CS4-->MsiExec.exe /I{1618734A-3957-4ADD-8199-F973763109A8}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge CS4-->MsiExec.exe /I{83877DB1-8B77-45BC-AB43-2BAC22E093E0}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps CS4-->MsiExec.exe /I{94D398EB-D2FD-4FD1-B8C4-592635E8A191}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe CSI CS4-->MsiExec.exe /I{0F723FC1-7606-4867-866C-CE80AD292DAF}
Adobe Default Language CS4-->MsiExec.exe /I{C52E3EC1-048C-45E1-8D53-10B0C6509683}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe ExtendScript Toolkit CS4-->MsiExec.exe /I{DE787736-66F0-4BD9-884B-E4BCA3661646}
Adobe Extension Manager CS4-->MsiExec.exe /I{054EFA56-2AC1-48F4-A883-0AB89874B972}
Adobe Fireworks CS4-->C:\Program Files\Common Files\Adobe\Installers\ccb135070a90ff24d6e7cc4bc5a59cb\Setup.exe --uninstall=1
Adobe Fireworks CS4-->MsiExec.exe /I{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil10i_ActiveX.exe -maintain activex
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\FlashUtil10l_Plugin.exe -maintain plugin
Adobe Fonts All-->MsiExec.exe /I{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe Media Player-->msiexec /qb /x {39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Media Player-->MsiExec.exe /I{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Output Module-->MsiExec.exe /I{BB4E33EC-8181-4685-96F7-8554293DEC6A}
Adobe PDF Library Files CS4-->MsiExec.exe /I{F93C84A6-0DC6-42AF-89FA-776F7C377353}
Adobe Photoshop CS3-->C:\Program Files\Common Files\Adobe\Installers\2ac78060bc5856b0c1cf873bb919b58\Setup.exe
Adobe Photoshop CS3-->MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Reader 9.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A92000000001}
Adobe Search for Help-->MsiExec.exe /I{F0E64E2E-3A60-40D8-A55D-92F6831875DA}
Adobe Service Manager Extension-->MsiExec.exe /I{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}
Adobe Setup-->MsiExec.exe /I{28773E11-6E44-46DC-90BD-273A3FA2CAC1}
Adobe Setup-->MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F-4D46604D2462}
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support CS4-->MsiExec.exe /I{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Update Manager CS4-->MsiExec.exe /I{05308C4E-7285-4066-BAE3-6B50DA6ED755}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Adobe XMP Panels CS4-->MsiExec.exe /I{18C9716F-C906-441F-BA66-CABAA5CB2DCE}
Advertising Center-->MsiExec.exe /X{B2EC4A38-B545-4A00-8214-13FE0E915E6D}
Age of Empires III - The WarChiefs-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{1C08A24C-B168-407E-A826-68FAF5F20710}
Age of Empires III-->C:\Program Files\InstallShield Installation Information\{70F8B183-99EB-4304-BA35-080E2DFFD2A3}\setup.exe -runfromtemp -l0x0409
AmIcoSingLun-->C:\Program Files\InstallShield Installation Information\{BF91B300-EEBC-4223-96F3-0FCBF7241B50}\setup.exe -runfromtemp -l0x0409
Apple Application Support-->MsiExec.exe /I{17424F35-8B77-4ADF-BC63-BF9B81418539}
Apple Mobile Device Support-->MsiExec.exe /I{308B6AEA-DE50-4666-996D-0FA461719D6B}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Ares 3.1.5.3037-->"C:\Program Files\Ares\unins000.exe"
Atomix.Atomix MP3 v2.3-->C:\PROGRA~1\ATOMIX~1\UNWISE.EXE C:\PROGRA~1\ATOMIX~1\INSTALL.LOG
AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"
Bonjour-->MsiExec.exe /X{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}
Broadcom Gigabit NetLink Controller-->MsiExec.exe /X{9AF0B106-56F1-461B-A270-95BC1682E282}
C:\Program Files\Acer GameZone\GameConsole-->"C:\Program Files\Acer GameZone\GameConsole\unins000.exe"
Cake Mania 2-->"C:\Program Files\Acer GameZone\Cake Mania 2\Uninstall.exe" "C:\Program Files\Acer GameZone\Cake Mania 2\install.log"
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Connect-->MsiExec.exe /I{B29AD377-CC12-490A-A480-1452337C618D}
Cooking Dash-->"C:\Program Files\Acer GameZone\Cooking Dash\Uninstall.exe" "C:\Program Files\Acer GameZone\Cooking Dash\install.log"
Cradle of Rome-->"C:\Program Files\Acer GameZone\Cradle of Rome\Uninstall.exe" "C:\Program Files\Acer GameZone\Cradle of Rome\install.log"
Dairy Dash-->"C:\Program Files\Acer GameZone\Dairy Dash\Uninstall.exe" "C:\Program Files\Acer GameZone\Dairy Dash\install.log"
Digital Media Converter Pro 3.2-->"C:\Program Files\Deskshare\Digital Media Converter Pro 3\unins000.exe"
DivX Setup-->C:\ProgramData\DivX\Setup\DivXSetup.exe /uninstall /bundleGroupId divx.com
DolbyFiles-->MsiExec.exe /X{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}
Dream Day Honeymoon-->"C:\Program Files\Acer GameZone\Dream Day Honeymoon\Uninstall.exe" "C:\Program Files\Acer GameZone\Dream Day Honeymoon\install.log"
eSobi v2-->C:\Program Files\InstallShield Installation Information\{15D967B5-A4BE-42AE-9E84-64CD062B25AA}\setup.exe -runfromtemp -l0x0409
eSobi v2-->MsiExec.exe /X{15D967B5-A4BE-42AE-9E84-64CD062B25AA}
F1 2010-->MsiExec.exe /I{434D0831-3E0C-4D03-A5D4-5E1000008400}
F1 2010-->MsiExec.exe /X{434D0831-3E0C-4D03-A5D4-5E1000008400}
ffdshow (remove only)-->"C:\Program Files\ffdshow\uninstall.exe"
Football Manager 2010-->"C:\Program Files\Sports Interactive\Football Manager 2010\Uninstall_Football Manager 2010\Uninstall Football Manager 2010.exe"
Free YouTube to iPod Converter version 3.9-->"C:\Program Files\DVDVideoSoft\Free YouTube to iPod Converter\unins000.exe"
Galapago-->"C:\Program Files\Acer GameZone\Galapago\Uninstall.exe" "C:\Program Files\Acer GameZone\Galapago\install.log"
GameShadow-->MsiExec.exe /I{6AEAD38B-383B-46FF-8A5D-00A822ADA77A}
Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_AC0049E063DE2AEA.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Intel(R) Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
Intel(R) TV Wizard-->C:\Windows\system32\TVWizudlg.exe -uninstall
iTunes-->MsiExec.exe /I{E8843212-F0FC-4C3B-BFF3-D51829CB4F19}
Java(TM) 6 Update 20-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216020FF}
Jewel Quest Solitaire-->"C:\Program Files\Acer GameZone\Jewel Quest Solitaire\Uninstall.exe" "C:\Program Files\Acer GameZone\Jewel Quest Solitaire\install.log"
Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}
kuler-->MsiExec.exe /I{098727E1-775A-4450-B573-3F441F1CA243}
Ladbrokes Poker-->C:\MICROG~1\Poker\LADBRO~1\LADBRO~1\UNWISE.EXE C:\MICROG~1\Poker\LADBRO~1\LADBRO~1\INSTALL.LOG
Launch Manager-->C:\Windows\UNINST32.EXE LManager.UNI
Lexmark Z500-Z600 Series-->C:\Program Files\Lexmark Z500-Z600 Series\Install\x86\Uninst.exe
LSI HDA Modem-->C:\Windows\agrsmdel
Luxor 2-->"C:\Program Files\Acer GameZone\Luxor 2\Uninstall.exe" "C:\Program Files\Acer GameZone\Luxor 2\install.log"
Macromedia Dreamweaver MX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8B4AB829-DFD3-436D-B808-D9733D76C590}\Setup.exe" -l0x9 mmUninstall
Macromedia Extension Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}\setup.exe" -l0x9 mmUninstall
Macromedia Flash MX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}\Setup.exe" -l0x9 UNINSTALL
MagicDisc 2.7.106-->C:\PROGRA~1\MAGICD~1\UNWISE.EXE C:\PROGRA~1\MAGICD~1\INSTALL.LOG
Mahjong Escape Ancient China-->"C:\Program Files\Acer GameZone\Mahjong Escape Ancient China\Uninstall.exe" "C:\Program Files\Acer GameZone\Mahjong Escape Ancient China\install.log"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe
McAfee Virtual Technician-->MsiExec.exe /I{8F1A20DC-251D-47B0-91B7-DCA2523EE6C9}
Menu Templates - Starter Kit-->MsiExec.exe /X{B78120A0-CF84-4366-A393-4D0A59BC546C}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}
Microsoft Games for Windows - LIVE-->MsiExec.exe /X{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint Viewer 2007 (English)-->MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Standard 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall STANDARDR /dll OSETUP.DLL
Microsoft Office Standard 2007-->MsiExec.exe /X{91120000-0012-0000-0000-0000000FF1CE}
Microsoft Office Suite Activation Assistant-->MsiExec.exe /X{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Works-->MsiExec.exe /I{67E03279-F703-408F-B4BF-46B5FC8D70CD}
Microsoft WSE 3.0 Runtime-->MsiExec.exe /X{E3E71D07-CD27-46CB-8448-16D4FB29AA13}
Mixed In Key 2.5-->C:\Program Files\Mixed In Key\Uninstall.exe
Movie Templates - Starter Kit-->MsiExec.exe /X{E498385E-1C51-459A-B45F-1721E37AA1A0}
Mozilla Firefox (3.6.12)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Nero BurnRights-->MsiExec.exe /X{7829DB6F-A066-4E40-8912-CB07887C20BB}
Nero ControlCenter-->MsiExec.exe /X{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}
Nero CoverDesigner-->MsiExec.exe /X{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}
Nero Disc Copy Gadget-->MsiExec.exe /X{F1861F30-3419-44DB-B2A1-C274825698B3}
Nero DiscSpeed-->MsiExec.exe /X{869200DB-287A-4DC0-B02B-2B6787FBCD4C}
Nero DriveSpeed-->MsiExec.exe /X{33CF58F5-48D8-4575-83D6-96F574E4D83A}
Nero InfoTool-->MsiExec.exe /X{FBCDFD61-7DCF-4E71-9226-873BA0053139}
Nero Installer-->MsiExec.exe /X{E8A80433-302B-4FF1-815D-FCC8EAC482FF}
Nero PhotoSnap-->MsiExec.exe /X{9E82B934-9A25-445B-B8DF-8012808074AC}
Nero Recode-->MsiExec.exe /X{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}
Nero Rescue Agent-->MsiExec.exe /X{368BA326-73AD-4351-84ED-3C0A7A52CC53}
Nero ShowTime-->MsiExec.exe /X{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}
Nero StartSmart-->MsiExec.exe /X{7748AC8C-18E3-43BB-959B-088FAEA16FB2}
Nero Vision-->MsiExec.exe /X{43E39830-1826-415D-8BAE-86845787B54B}
Nero WaveEditor-->MsiExec.exe /X{A209525B-3377-43F4-B886-32F6B6E7356F}
NeroBurningROM-->MsiExec.exe /X{D025A639-B9C9-417D-8531-208859000AF8}
NeroExpress-->MsiExec.exe /X{595A3116-40BB-4E0F-A2E8-D7951DA56270}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Network Play System (Patching)-->C:\Windows\IsUninst.exe -f"C:\Program Files\Electronic Arts\Network Play System\NPSPatch.isu"
NTI Backup Now 5-->C:\Program Files\InstallShield Installation Information\{12EFA1A4-AC3B-443C-8143-237EDE760403}\setup.exe -runfromtemp -l0x0409
NTI Media Maker 8-->C:\Program Files\InstallShield Installation Information\{2413930C-8309-47A6-BC61-5EF27A4222BC}\setup.exe -runfromtemp -l0x0409
NVIDIA GAME System Software 2.8.1-->MsiExec.exe /I{4F0C7CCF-5666-474B-B02E-AC514A95EC93}
Ocean Express-->"C:\Program Files\Acer GameZone\Ocean Express\Uninstall.exe" "C:\Program Files\Acer GameZone\Ocean Express\install.log"
OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}
OpenAL-->"C:\Program Files\OpenAL\OpenALwEAX.exe" /U
Orbit Downloader-->"C:\Program Files\Orbitdownloader\unins000.exe"
Orion-->MsiExec.exe /X{5B63A470-9334-44D1-AF61-6CE2DB565AE9}
Parking Dash-->"C:\Program Files\Acer GameZone\Parking Dash\Uninstall.exe" "C:\Program Files\Acer GameZone\Parking Dash\install.log"
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Photoshop Camera Raw-->MsiExec.exe /I{CC75AB5C-2110-4A7F-AF52-708680D22FE8}
PSP Video 9 5.04-->C:\Program Files\Red Kawa\Video Converter App\uninstaller.exe
Puzzle Express-->"C:\Program Files\Acer GameZone\Puzzle Express\Uninstall.exe" "C:\Program Files\Acer GameZone\Puzzle Express\install.log"
QuickTime-->MsiExec.exe /I{E7004147-2CCA-431C-AA05-2AB166B9785D}
Rainbow Web-->"C:\Program Files\Acer GameZone\Rainbow Web\Uninstall.exe" "C:\Program Files\Acer GameZone\Rainbow Web\install.log"
Rapport-->msiexec /x{1DD81E7D-0D28-4ceb-87B2-C041A4FCB215} /lvx+ "C:\ProgramData\Trusteer\Rapport\logs\uninstall.log"
Rapport-->MsiExec.exe /X{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}
Rapture3D 2.4.4 Game-->"C:\Program Files\BRS\unins000.exe"
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -removeonly
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A}
Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A}
Security Update for 2007 Microsoft Office System (KB982312)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {B0EC5722-241F-4CDA-83B4-AA5846B6F9F4}
Security Update for 2007 Microsoft Office System (KB982312)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B0EC5722-241F-4CDA-83B4-AA5846B6F9F4}
Security Update for 2007 Microsoft Office System (KB982331)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {E8766951-2B6C-4022-86E8-80D2D1762B76}
Security Update for 2007 Microsoft Office System (KB982331)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {E8766951-2B6C-4022-86E8-80D2D1762B76}
Security Update for Microsoft Office Excel 2007 (KB982308)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {C3F9A0DC-A5D1-4BB6-870E-2953E5A2487B}
Security Update for Microsoft Office Excel 2007 (KB982308)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C3F9A0DC-A5D1-4BB6-870E-2953E5A2487B}
Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB}
Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB}
Security Update for Microsoft Office Outlook 2007 (KB972363)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {120BE9A0-9B09-4855-9E0C-7DEE45CB03C0}
Security Update for Microsoft Office PowerPoint 2007 (KB982158)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {F5B70033-E79C-4569-90BF-BC9B4E4F3F46}
Security Update for Microsoft Office PowerPoint 2007 (KB982158)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F5B70033-E79C-4569-90BF-BC9B4E4F3F46}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Word 2007 (KB982135)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {0112C750-A06F-4F92-9C40-E5C1EA9A70EB}
Security Update for Microsoft Office Word 2007 (KB982135)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0112C750-A06F-4F92-9C40-E5C1EA9A70EB}
Sherlock Holmes versus Jack the Ripper-->"C:\Program Files\Focus\Frogwares\Sherlock Holmes versus Jack the Ripper\unins000.exe"
SopCast 3.2.9-->C:\Program Files\SopCast\uninst.exe
SoundTrax-->MsiExec.exe /X{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Suite Shared Configuration CS4-->MsiExec.exe /I{842B4B72-9E8F-4962-B3C1-1C422A5C4434}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TeamViewer 5-->C:\Program Files\TeamViewer\Version5\uninstall.exe
The Sims Superstar-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1A7F8DF6-5A3E-4CDF-BC82-BE26B407E21B}\Setup.exe" -l0009
Tradewinds 2-->"C:\Program Files\Acer GameZone\Tradewinds 2\Uninstall.exe" "C:\Program Files\Acer GameZone\Tradewinds 2\install.log"
Tri-Peaks Solitaire To Go-->"C:\Program Files\Acer GameZone\Tri-Peaks Solitaire To Go\Uninstall.exe" "C:\Program Files\Acer GameZone\Tri-Peaks Solitaire To Go\install.log"
Turbo Pizza-->"C:\Program Files\Acer GameZone\Turbo Pizza\Uninstall.exe" "C:\Program Files\Acer GameZone\Turbo Pizza\install.log"
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9}
Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9}
Update for Microsoft Office OneNote 2007 (KB980729)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {329050A9-EF80-40F9-B633-74508F54C1FF}
Update for Microsoft Office OneNote 2007 Help (KB963670)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2744EF05-38E1-4D5D-B333-E021EDAEA245}
Update for Microsoft Office Outlook 2007 Help (KB963677)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {0451F231-E3E3-4943-AB9F-58EB96171784}
Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876}
Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}
Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}
Update for Outlook 2007 Junk Email Filter (kb983486)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {913DFE19-32EC-4099-89AC-27FC493A7A2E}
Upgrade Kit-->"C:\Program Files\InstallShield Installation Information\{1D0FDD6D-3C5E-4588-8ED0-02DC88014BF2}\setup.exe" -runfromtemp -l0x0009 -removeonly
VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421}
Virtual DJ - Atomix Productions-->C:\PROGRA~1\VIRTUA~1\UNWISE.EXE C:\PROGRA~1\VIRTUA~1\INSTALL.LOG
VirtualCloneDrive-->"C:\Program Files\Elaborate Bytes\VirtualCloneDrive\vcd-uninst.exe" /D="C:\Program Files\Elaborate Bytes\VirtualCloneDrive"
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\Windows\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Wedding Dash-->"C:\Program Files\Acer GameZone\Wedding Dash\Uninstall.exe" "C:\Program Files\Acer GameZone\Wedding Dash\install.log"
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
WinAVI Video Converter-->"C:\Program Files\WinAVI Video Converter\unins000.exe"
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}
Windows Live Mail-->MsiExec.exe /I{6412CECE-8172-4BE5-935B-6CECACD2CA87}
Windows Live Messenger-->MsiExec.exe /X{A85FD55B-891B-4314-97A5-EA96C0BD80B5}
Windows Live Photo Gallery-->MsiExec.exe /X{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}
Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Sync-->MsiExec.exe /X{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Live Writer-->MsiExec.exe /X{178832DE-9DE0-4C87-9F82-9315A9B03985}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Xvid 1.2.1 final uninstall-->"C:\Program Files\Xvid\unins000.exe"
Youda Marina-->"C:\Windows\Youda Marina\uninstall.exe" "/U:F:\\Uninstall\uninstall.xml"
Zuma Deluxe-->"C:\Program Files\Acer GameZone\Zuma Deluxe\Uninstall.exe" "C:\Program Files\Acer GameZone\Zuma Deluxe\install.log"

======Hosts File======

74.208.10.249 gs.apple.com

======System event log======

Computer Name: Alex-PC
Event Code: 4376
Message: Servicing has required reboot to complete the operation of setting package KB905866(Update) into Uninstall Requested(Uninstall Requested) state
Record Number: 50875
Source Name: Microsoft-Windows-Servicing
Time Written: 20100212030222.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Alex-PC
Event Code: 4376
Message: Servicing has required reboot to complete the operation of setting package KB905866(Update) into Uninstall Requested(Uninstall Requested) state
Record Number: 50872
Source Name: Microsoft-Windows-Servicing
Time Written: 20100212030222.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Alex-PC
Event Code: 4376
Message: Servicing has required reboot to complete the operation of setting package KB905866(Update) into Uninstall Requested(Uninstall Requested) state
Record Number: 50870
Source Name: Microsoft-Windows-Servicing
Time Written: 20100212030222.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Alex-PC
Event Code: 4376
Message: Servicing has required reboot to complete the operation of setting package KB905866(Update) into Uninstall Requested(Uninstall Requested) state
Record Number: 50866
Source Name: Microsoft-Windows-Servicing
Time Written: 20100212030221.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Alex-PC
Event Code: 4376
Message: Servicing has required reboot to complete the operation of setting package KB905866(Update) into Uninstall Requested(Uninstall Requested) state
Record Number: 50864
Source Name: Microsoft-Windows-Servicing
Time Written: 20100212030221.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

=====Application event log=====

Computer Name: Alex-PC
Event Code: 8194
Message: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005. This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {bfba4f67-d261-49cc-b761-7358ed3d8f0c}
Record Number: 1059
Source Name: VSS
Time Written: 20091006190221.000000-000
Event Type: Error
User:

Computer Name: Alex-PC
Event Code: 1533
Message:
Record Number: 1049
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20091006190033.000000-000
Event Type: Error
User: NT AUTHORITY\SYSTEM

Computer Name: Alex-PC
Event Code: 10
Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Record Number: 1038
Source Name: Microsoft-Windows-WMI
Time Written: 20091007025945.000000-000
Event Type: Error
User:

Computer Name: Alex-PC
Event Code: 1008
Message:
Record Number: 1034
Source Name: Microsoft-Windows-Search
Time Written: 20091007025945.000000-000
Event Type: Warning
User:

Computer Name: WIN-YH68CJN11DD
Event Code: 1530
Message:
Record Number: 1028
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20090628121425.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

=====Security event log=====

Computer Name: Alex-PC
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
Security ID: S-1-5-21-56358666-3744733117-3476403463-1000
Account Name: Alex
Account Domain: Alex-PC
Logon ID: 0x45f4de9

Privileges: SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 7903
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091218151929.109000-000
Event Type: Audit Success
User:

Computer Name: Alex-PC
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: ALEX-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Logon Type: 7

New Logon:
Security ID: S-1-5-21-56358666-3744733117-3476403463-1000
Account Name: Alex
Account Domain: Alex-PC
Logon ID: 0x45f4df7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x328
Process Name: C:\Windows\System32\winlogon.exe

Network Information:
Workstation Name: ALEX-PC
Source Network Address: 127.0.0.1
Source Port: 0

Detailed Authentication Information:
Logon Process: User32
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 7902
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091218151929.109000-000
Event Type: Audit Success
User:

Computer Name: Alex-PC
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: ALEX-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Logon Type: 7

New Logon:
Security ID: S-1-5-21-56358666-3744733117-3476403463-1000
Account Name: Alex
Account Domain: Alex-PC
Logon ID: 0x45f4de9
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x328
Process Name: C:\Windows\System32\winlogon.exe

Network Information:
Workstation Name: ALEX-PC
Source Network Address: 127.0.0.1
Source Port: 0

Detailed Authentication Information:
Logon Process: User32
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 7901
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091218151929.109000-000
Event Type: Audit Success
User:

Computer Name: Alex-PC
Event Code: 4648
Message: A logon was attempted using explicit credentials.

Subject:
Security ID: S-1-5-18
Account Name: ALEX-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Account Whose Credentials Were Used:
Account Name: Alex
Account Domain: Alex-PC
Logon GUID: {00000000-0000-0000-0000-000000000000}

Target Server:
Target Server Name: localhost
Additional Information: localhost

Process Information:
Process ID: 0x328
Process Name: C:\Windows\System32\winlogon.exe

Network Information:
Network Address: 127.0.0.1
Port: 0

This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Record Number: 7900
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091218151929.109000-000
Event Type: Audit Success
User:

Computer Name: Alex-PC
Event Code: 4634
Message: An account was logged off.

Subject:
Security ID: S-1-5-21-56358666-3744733117-3476403463-1000
Account Name: Alex
Account Domain: Alex-PC
Logon ID: 0x45aea55

Logon Type: 7

This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Record Number: 7899
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091218123533.390000-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=2
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 10, GenuineIntel
"PROCESSOR_REVISION"=170a
"DFSTRACINGON"=FALSE
"NTIPath"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\;
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\QuickTime\QTSystem\
"Pathtem"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"asl.log"=Destination=file;OnFirstLog=command,environment
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------
LeeAJD
Regular Member
 
Posts: 47
Joined: November 24th, 2010, 6:28 pm

Re: Malware trouble

Unread postby LeeAJD » November 30th, 2010, 10:09 am

Since i've done this a couple of hours ago I haven't had any strange pop-ups. Performance may have picked up slightly.

One thing I have noticed is when I tried to find the log from Malwarebytes' my Documents and Settings folder is nowhere to be seen!

Regards
Alex
LeeAJD
Regular Member
 
Posts: 47
Joined: November 24th, 2010, 6:28 pm

Re: Malware trouble

Unread postby Cypher » November 30th, 2010, 12:37 pm

Hi Alex.
Continue with the instructions below please.

Back Up registry with ERUNT

  • Please use the following link and download ERUNT to your desktop. HERE
  • Click on the erunt-setup.exe
  • Follow the prompts to install ERUNT
  • Choose language
  • A set up window will pop up. It will ask: Create ERUNT entry in to the Start up folder, answer NO

    Image
  • Backup your registry to the default location

Note: To restore your registry (if needed), go to the folder and start ERDNT.exe

Next

We need to disable McAfee Security Center and its components temporarily as it will interfere with the fix.

  • Open McAfee Security Center.
  • Click on Home on the left pane.
  • Beside Computer & Files, click on the arrow button.
  • Next, click on the arrow button beside Configure at the middle right (NOT the bottom one).
  • You will come to a new page. Please check (click) Off for all the protections. Remember to scroll down.
  • You will be prompted, select Never and just click OK.
  • Note: Don't forget to re-enable it after the fix.

Here is an illustration to assist you:
Image

Next.

Download and Run ComboFix

  • Please download ComboFix from one of the following links.

    Link 1.

    Link 2.

    **IMPORTANT !!! Save ComboFix.exe to your Desktop**
  • Please disable any Antivirus or Firewall you have active, as shown in this topic. Please close all open application windows.
  • Double click on ComboFix.exe & follow the prompts
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console
Image
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Image

  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply
A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Malware trouble

Unread postby LeeAJD » November 30th, 2010, 3:15 pm

ComboFix.txt

ComboFix 10-11-30.01 - Alex 30/11/2010 18:52:45.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3001.1791 [GMT 0:00]
Running from: c:\users\Alex\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Internet Explorer\complete.dat
c:\program files\Internet Explorer\dmlconf.dat
c:\users\Alex\AppData\Roaming\.#
c:\users\Alex\AppData\Roaming\Azfia
c:\users\Alex\AppData\Roaming\Azfia\amqo.toc
c:\users\Alex\AppData\Roaming\Bocyl
c:\users\Alex\AppData\Roaming\Bocyl\yxuh.exe
c:\users\Alex\AppData\Roaming\Coybme
c:\users\Alex\AppData\Roaming\Coybme\olmy.exe
c:\users\Alex\AppData\Roaming\Cumiu
c:\users\Alex\AppData\Roaming\Cumiu\noetb.exe
c:\users\Alex\AppData\Roaming\Dyuwi
c:\users\Alex\AppData\Roaming\Dyuwi\opod.zyt
c:\users\Alex\AppData\Roaming\Elky
c:\users\Alex\AppData\Roaming\Elky\dyosp.oba
c:\users\Alex\AppData\Roaming\Emwu
c:\users\Alex\AppData\Roaming\Emwu\geeha.exe
c:\users\Alex\AppData\Roaming\Epyze
c:\users\Alex\AppData\Roaming\Epyze\yxhan.efy
c:\users\Alex\AppData\Roaming\Etfac
c:\users\Alex\AppData\Roaming\Etfac\ycrez.ygy
c:\users\Alex\AppData\Roaming\Foyf
c:\users\Alex\AppData\Roaming\Foyf\epmio.uqs
c:\users\Alex\AppData\Roaming\Giimuq
c:\users\Alex\AppData\Roaming\Giimuq\iwuq.qyi
c:\users\Alex\AppData\Roaming\Hayp
c:\users\Alex\AppData\Roaming\Hayp\xamy.yfm
c:\users\Alex\AppData\Roaming\Ifeqb
c:\users\Alex\AppData\Roaming\Ifeqb\axagi.exe
c:\users\Alex\AppData\Roaming\Iqsati
c:\users\Alex\AppData\Roaming\Iqsati\goove.exe
c:\users\Alex\AppData\Roaming\Kionum
c:\users\Alex\AppData\Roaming\Kionum\wefu.exe
c:\users\Alex\AppData\Roaming\Kyzo
c:\users\Alex\AppData\Roaming\Kyzo\ancif.xep
c:\users\Alex\AppData\Roaming\Lyhool
c:\users\Alex\AppData\Roaming\Lyhool\tora.uph
c:\users\Alex\AppData\Roaming\Maag
c:\users\Alex\AppData\Roaming\Maag\touli.ute
c:\users\Alex\AppData\Roaming\Mawo
c:\users\Alex\AppData\Roaming\Mawo\nezuz.ipy
c:\users\Alex\AppData\Roaming\Neiba
c:\users\Alex\AppData\Roaming\Neiba\kiaf.exe
c:\users\Alex\AppData\Roaming\Nevi
c:\users\Alex\AppData\Roaming\Nevi\mofum.nya
c:\users\Alex\AppData\Roaming\Obaku
c:\users\Alex\AppData\Roaming\Obaku\ytxey.isu
c:\users\Alex\AppData\Roaming\Odula
c:\users\Alex\AppData\Roaming\Odula\edge.exe
c:\users\Alex\AppData\Roaming\Onfe
c:\users\Alex\AppData\Roaming\Onfe\iqiw.idd
c:\users\Alex\AppData\Roaming\Opyro
c:\users\Alex\AppData\Roaming\Opyro\ilpy.exe
c:\users\Alex\AppData\Roaming\Oryl
c:\users\Alex\AppData\Roaming\Oryl\beevi.exe
c:\users\Alex\AppData\Roaming\Qexoan
c:\users\Alex\AppData\Roaming\Qexoan\uzsyu.fii
c:\users\Alex\AppData\Roaming\Quen
c:\users\Alex\AppData\Roaming\Quen\ogiko.urt
c:\users\Alex\AppData\Roaming\Ulowup
c:\users\Alex\AppData\Roaming\Ulowup\teaq.lye
c:\users\Alex\AppData\Roaming\Uwaxy
c:\users\Alex\AppData\Roaming\Uwaxy\gezyy.exe
c:\users\Alex\AppData\Roaming\Uzfuz
c:\users\Alex\AppData\Roaming\Uzfuz\uhfyn.siy
c:\users\Alex\AppData\Roaming\Vomu
c:\users\Alex\AppData\Roaming\Vomu\ilihi.axo
c:\users\Alex\AppData\Roaming\Weazah
c:\users\Alex\AppData\Roaming\Weazah\utry.ahu
c:\users\Alex\AppData\Roaming\Xaedma
c:\users\Alex\AppData\Roaming\Xaedma\viyf.exe
c:\users\Alex\AppData\Roaming\Ycom
c:\users\Alex\AppData\Roaming\Ycom\feyv.ney
c:\users\Alex\AppData\Roaming\Ylhyvy
c:\users\Alex\AppData\Roaming\Ylhyvy\ashoz.zaa
c:\users\Alex\AppData\Roaming\Ynar
c:\users\Alex\AppData\Roaming\Ynar\keyf.byk
c:\users\Alex\AppData\Roaming\Ysikol
c:\users\Alex\AppData\Roaming\Ysikol\ruys.qee
c:\users\Alex\AppData\Roaming\Ysucwa
c:\users\Alex\AppData\Roaming\Ysucwa\alap.rou
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\wpcap.dll

.
((((((((((((((((((((((((( Files Created from 2010-10-28 to 2010-11-30 )))))))))))))))))))))))))))))))
.

2010-11-30 19:04 . 2010-11-30 19:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-11-30 18:43 . 2010-11-30 18:43 -------- d-----w- c:\program files\ERUNT
2010-11-30 13:57 . 2010-11-30 13:57 -------- d-----w- c:\program files\trend micro
2010-11-30 13:57 . 2010-11-30 13:57 -------- d-----w- C:\rsit
2010-11-30 12:16 . 2010-11-29 17:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-30 12:15 . 2010-11-29 17:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-24 22:07 . 2010-11-25 09:41 -------- d-----w- c:\users\Alex\AppData\Roaming\Yqyxzo
2010-11-20 14:28 . 2010-11-20 14:28 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Apple Computer
2010-11-20 14:21 . 2010-11-20 14:21 -------- d-----w- c:\users\Default\AppData\Roaming\Apple Computer
2010-11-20 14:21 . 2010-11-20 14:21 -------- d-----w- c:\users\Default\AppData\Local\Apple Computer
2010-11-20 06:54 . 2010-11-25 09:33 -------- d-----w- c:\users\Alex\AppData\Roaming\Wyyc
2010-11-20 06:51 . 2010-11-25 09:33 -------- d-----w- c:\users\Alex\AppData\Roaming\Gireo
2010-11-20 06:51 . 2010-11-20 06:51 -------- d-----w- c:\programdata\Office Genuine Advantage
2010-11-16 23:20 . 2010-11-16 23:20 -------- d-----w- c:\program files\iPod
2010-11-11 16:36 . 2010-07-28 19:10 1380352 ----a-w- c:\windows\system32\rapture3d_oal.dll
2010-11-11 16:36 . 2010-03-01 20:51 17686528 ----a-w- c:\windows\system32\mkl_blueripple.dll
2010-11-11 16:36 . 2010-11-11 16:36 -------- d-----w- c:\program files\BRS
2010-11-11 16:33 . 2009-09-04 17:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2010-11-11 16:33 . 2009-09-04 17:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-11-11 16:33 . 2010-11-11 16:34 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2010-11-11 16:33 . 2010-11-11 16:33 -------- d-----w- c:\windows\system32\xlive
2010-11-11 16:24 . 2010-11-11 16:24 -------- d-----w- c:\program files\Codemasters
2010-11-11 16:00 . 2010-11-11 16:00 -------- d-----w- c:\program files\Elaborate Bytes
2010-11-10 17:22 . 2010-11-25 09:33 -------- d-----w- c:\users\Alex\AppData\Roaming\Oludod
2010-11-02 23:33 . 2010-11-03 10:14 -------- d-----w- c:\users\Alex\AppData\Roaming\Uqyz
2010-11-02 23:29 . 2010-11-08 01:19 -------- d-----w- c:\users\Alex\AppData\Roaming\Wyvoo
2010-10-31 23:14 . 2010-11-08 01:19 -------- d-----w- c:\users\Alex\AppData\Roaming\Inykse
2010-10-31 20:24 . 2010-11-08 01:19 -------- d-----w- c:\users\Alex\AppData\Roaming\Cefi

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-10 19:42 . 2010-10-18 23:45 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-11-04 21:58 . 2009-12-07 09:54 436792 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-10-29 14:23 . 2010-10-29 14:23 0 ----a-w- c:\windows\system32\config\systemprofile\AppData\Local\Uyudogicabe.bin
2010-10-03 22:43 . 2010-10-03 22:43 59240 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2010-09-28 15:44 . 2010-09-28 15:44 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-09-28 15:44 . 2010-09-28 15:44 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-09-08 10:17 . 2010-09-08 10:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 10:17 . 2010-09-08 10:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-06-17 19:31 . 2010-06-17 19:31 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
Code: Select all
<pre>
c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher .exe
c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent .exe
c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc .exe
c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService .exe
c:\program files\Adobe\Reader 9.0\Reader\Reader_sl .exe
c:\program files\AmIcoSingLun\AmIcoSinglun .exe
c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager .exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier .exe
c:\program files\Common Files\Java\Java Update\jusched .exe
c:\program files\DivX\DivX Update\DivXUpdate .exe
c:\program files\Google\Google Desktop Search\GoogleDesktop .exe
c:\program files\iTunes\iTunesHelper .exe
c:\program files\Launch Manager\LManager .exe
c:\program files\Malwarebytes' Anti-Malware\mbam .exe
c:\program files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray .exe
c:\program files\QuickTime\QTTask .exe
c:\program files\Realtek\Audio\HDA\RtHDVCpl .exe
c:\program files\Realtek\Audio\HDA\Skytel .exe
c:\program files\Synaptics\SynTP\SynTPEnh .exe
c:\windows\PLFSetI .exe
</pre>


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2009-07-14 144384]
"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-11-17 135168]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-06 68856]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-07-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-07-12 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-07-12 150552]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-21 47904]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-06-10 1218008]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-11 421160]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-11-29 963976]

c:\users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Alex\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 15:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-05-01 05:37 1238352 ----a-w- c:\program files\Steam\steam.exe

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-11-04 436792]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-26 135664]
R3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\system32\DRIVERS\dc3d.sys [2009-11-04 17408]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [x]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [2007-03-20 16896]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-09-23 50424]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-25 1343400]
S0 RapportKELL;RapportKELL;c:\windows\System32\Drivers\RapportKELL.sys [2010-10-03 59240]
S1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [2010-03-02 390528]
S1 RapportCerberus_19917;RapportCerberus_19917;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\19917\RapportCerberus_19917.sys [2010-10-03 34792]
S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [2010-10-03 169320]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-12-18 75048]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2009-08-26 690720]
S2 lxbc_device;lxbc_device;c:\windows\system32\lxbccoms.exe [2007-03-16 537520]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-04-11 61184]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-09-23 144632]
S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [2010-10-03 767208]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-07-06 173352]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-05-25 122368]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2008-09-04 223232]


--- Other Services/Drivers In Memory ---

*Deregistered* - mwlPSDFilter
*Deregistered* - mwlPSDNServ
*Deregistered* - mwlPSDVDisk
.
Contents of the 'Scheduled Tasks' folder

2010-11-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-26 09:43]

2010-11-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-26 09:43]

2010-10-18 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-10-18 11:22]

2010-10-18 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-10-18 11:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACA ... spire_7735
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACA ... spire_7735
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Trusted Zone: internet
Trusted Zone: mcafee.com
FF - ProfilePath - c:\users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\4qqrwy1e.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk
FF - component: c:\program files\Orbitdownloader\addons\OneClickYouTubeDownloader\components\GrabXpcom.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\McAfee\Supportability\MVT\NPMVTPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Alex\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\users\Alex\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - HiddenExtension: XULRunner: {9B3371F8-9E72-429F-90C6-F97EF776E86C} - c:\windows\system32\config\systemprofile\AppData\Local\{9B3371F8-9E72-429F-90C6-F97EF776E86C}\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -

AddRemove-Free YouTube to iPod Converter_is1 - c:\program files\DVDVideoSoft\Free YouTube to iPod Converter\unins000.exe
AddRemove-LSI Soft Modem - c:\windows\agrsmdel



**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7600 Disk: WDC_WD32 rev.11.0 -> Harddisk0\DR0 -> \Device\Ide\iaStor0

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86FEAEC5]<<
_asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x1c; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0x885b4872; SUB DWORD [EBP-0x4], 0x885b412e; PUSH EDI; CALL 0xffffffffffffdf33; }
1 ntkrnlpa!IofCallDriver[0x83049458] -> \Device\Harddisk0\DR0[0x87093030]
3 CLASSPNP[0x8B40459E] -> ntkrnlpa!IofCallDriver[0x83049458] -> \IAAStorageDevice-1[0x865E7028]
[0x870DE688] -> IRP_MJ_CREATE -> 0x86FEAEC5
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
detected disk devices:
\Device\Ide\IAAStorageDevice-1 -> \??\IDE#DiskWDC_WD3200BEVT-22ZCT0___________________11.01A11#4&11dfb34e&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user & kernel MBR OK
sectors 625142446 (+255): user != kernel
Warning: possible TDL3 rootkit infection !

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-11-30 19:10:06
ComboFix-quarantined-files.txt 2010-11-30 19:10

Pre-Run: 205,281,947,648 bytes free
Post-Run: 208,293,564,416 bytes free

- - End Of File - - 4CDBD34892D7D84E5A87E3B6B87A6E52
LeeAJD
Regular Member
 
Posts: 47
Joined: November 24th, 2010, 6:28 pm

Re: Malware trouble

Unread postby Cypher » November 30th, 2010, 3:49 pm

Hi LeeAJD.
Please disable McAfee SecurityCenter again before running this fix.

ComboFix - CFScript
This script is for this user and computer ONLY! Using this tool incorrectly could cause problems with your operating system... preventing it from ever starting again!
You will not have Internet access when you execute ComboFix. All open windows will need to be closed!
  1. Please open Notepad and copy/paste all the text below... into the window:
    Code: Select all
    http://www.malwareremoval.com/forum/viewtopic.php?f=11&t=54584&p=557167#p557167
    
    Collect::
    c:\users\Alex\AppData\Roaming\Yqyxzo
    c:\users\Alex\AppData\Roaming\Wyyc
    c:\users\Alex\AppData\Roaming\Gireo
    c:\users\Alex\AppData\Roaming\Oludod
    c:\users\Alex\AppData\Roaming\Uqyz
    c:\users\Alex\AppData\Roaming\Wyvoo
    c:\users\Alex\AppData\Roaming\Inykse
    c:\users\Alex\AppData\Roaming\Cefi
    c:\windows\system32\config\systemprofile\AppData\Local\Uyudogicabe.bin
    
    Registry::
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
    
    RegLock::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    
    RenV::
    c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher .exe
    c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent .exe
    c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc .exe
    c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService .exe
    c:\program files\Adobe\Reader 9.0\Reader\Reader_sl .exe
    c:\program files\AmIcoSingLun\AmIcoSinglun .exe
    c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager .exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier .exe
    c:\program files\Common Files\Java\Java Update\jusched .exe
    c:\program files\DivX\DivX Update\DivXUpdate .exe
    c:\program files\Google\Google Desktop Search\GoogleDesktop .exe
    c:\program files\iTunes\iTunesHelper .exe
    c:\program files\Launch Manager\LManager .exe
    c:\program files\Malwarebytes' Anti-Malware\mbam .exe
    c:\program files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray .exe
    c:\program files\QuickTime\QTTask .exe
    c:\program files\Realtek\Audio\HDA\RtHDVCpl .exe
    c:\program files\Realtek\Audio\HDA\Skytel .exe
    c:\program files\Synaptics\SynTP\SynTPEnh .exe
    c:\windows\PLFSetI .exe
    
    AtJob:: 
    
  2. Save it to your desktop as CFScript.txt
  3. Please disable any Antivirus or Firewall you have active, as shown in this topic. Please close all open application windows.
    *Only* when the 2 items above (Step 3) have been taken care of...
  4. Drag the CFScript.txt (icon) into the ComboFix.exe icon... as seen in the image below:
    Image
    This will cause ComboFix to run again.
    Do Not use your keyboard or mouse click anywhere in the ComboFix window, as this may cause the program to stall or crash.
    Do Not touch your computer when ComboFix is running!
  5. When finished ComboFix will create a log file... you can save this file to a convenient place.
Please copy/paste the ComboFix log file in your next reply.

Next.

Please download TDSSKiller.zip and extract (unzip) it to your Desktop.
  • Double click on TDSSKiller.exe to launch it.
  • Click on Start Scan, the scan will run.
  • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  • To find the log go to Start > Computer > C:
  • Post the contents of that log in your next reply please.
  • DO NOT TRY TO FIX ANYTHING AT THIS POINT


Logs/Information to Post in your Next Reply

  • ComboFix log.
  • TDSSKiller log.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Malware trouble

Unread postby LeeAJD » December 1st, 2010, 9:39 am

Combofix

http://www.malwareremoval.com/forum/vie ... 67#p557167

Collect::
c:\users\Alex\AppData\Roaming\Yqyxzo
c:\users\Alex\AppData\Roaming\Wyyc
c:\users\Alex\AppData\Roaming\Gireo
c:\users\Alex\AppData\Roaming\Oludod
c:\users\Alex\AppData\Roaming\Uqyz
c:\users\Alex\AppData\Roaming\Wyvoo
c:\users\Alex\AppData\Roaming\Inykse
c:\users\Alex\AppData\Roaming\Cefi
c:\windows\system32\config\systemprofile\AppData\Local\Uyudogicabe.bin

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

RenV::
c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher .exe
c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent .exe
c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc .exe
c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService .exe
c:\program files\Adobe\Reader 9.0\Reader\Reader_sl .exe
c:\program files\AmIcoSingLun\AmIcoSinglun .exe
c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager .exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier .exe
c:\program files\Common Files\Java\Java Update\jusched .exe
c:\program files\DivX\DivX Update\DivXUpdate .exe
c:\program files\Google\Google Desktop Search\GoogleDesktop .exe
c:\program files\iTunes\iTunesHelper .exe
c:\program files\Launch Manager\LManager .exe
c:\program files\Malwarebytes' Anti-Malware\mbam .exe
c:\program files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray .exe
c:\program files\QuickTime\QTTask .exe
c:\program files\Realtek\Audio\HDA\RtHDVCpl .exe
c:\program files\Realtek\Audio\HDA\Skytel .exe
c:\program files\Synaptics\SynTP\SynTPEnh .exe
c:\windows\PLFSetI .exe

AtJob::


TDSSKiller

2010/12/01 13:37:13.0375 TDSS rootkit removing tool 2.4.10.0 Nov 28 2010 18:35:56
2010/12/01 13:37:13.0375 ================================================================================
2010/12/01 13:37:13.0375 SystemInfo:
2010/12/01 13:37:13.0375
2010/12/01 13:37:13.0375 OS Version: 6.1.7600 ServicePack: 0.0
2010/12/01 13:37:13.0375 Product type: Workstation
2010/12/01 13:37:13.0375 ComputerName: ALEX-PC
2010/12/01 13:37:13.0375 UserName: Alex
2010/12/01 13:37:13.0375 Windows directory: C:\Windows
2010/12/01 13:37:13.0375 System windows directory: C:\Windows
2010/12/01 13:37:13.0375 Processor architecture: Intel x86
2010/12/01 13:37:13.0375 Number of processors: 2
2010/12/01 13:37:13.0375 Page size: 0x1000
2010/12/01 13:37:13.0375 Boot type: Normal boot
2010/12/01 13:37:13.0375 ================================================================================
2010/12/01 13:37:13.0687 Initialize success
2010/12/01 13:37:22.0579 ================================================================================
2010/12/01 13:37:22.0579 Scan started
2010/12/01 13:37:22.0579 Mode: Manual;
2010/12/01 13:37:22.0579 ================================================================================
2010/12/01 13:37:23.0235 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2010/12/01 13:37:23.0297 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2010/12/01 13:37:23.0344 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2010/12/01 13:37:23.0422 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2010/12/01 13:37:23.0469 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2010/12/01 13:37:23.0500 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2010/12/01 13:37:23.0640 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2010/12/01 13:37:23.0765 AgereSoftModem (faa5a0b80e011464c7654851ce3d7fe7) C:\Windows\system32\DRIVERS\AGRSM.sys
2010/12/01 13:37:23.0827 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2010/12/01 13:37:23.0874 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2010/12/01 13:37:23.0952 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2010/12/01 13:37:23.0968 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2010/12/01 13:37:24.0015 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2010/12/01 13:37:24.0046 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2010/12/01 13:37:24.0061 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2010/12/01 13:37:24.0124 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
2010/12/01 13:37:24.0155 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2010/12/01 13:37:24.0186 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
2010/12/01 13:37:24.0249 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2010/12/01 13:37:24.0327 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2010/12/01 13:37:24.0358 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2010/12/01 13:37:24.0405 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/12/01 13:37:24.0483 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2010/12/01 13:37:24.0576 athr (76bab0c824e2d05b940c4dd40a9b08bf) C:\Windows\system32\DRIVERS\athr.sys
2010/12/01 13:37:24.0685 atksgt (70f72c50d39f5afa76c17f86223a7c4f) C:\Windows\system32\DRIVERS\atksgt.sys
2010/12/01 13:37:24.0795 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2010/12/01 13:37:24.0888 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2010/12/01 13:37:24.0951 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2010/12/01 13:37:24.0997 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2010/12/01 13:37:25.0044 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
2010/12/01 13:37:25.0091 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2010/12/01 13:37:25.0138 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2010/12/01 13:37:25.0185 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2010/12/01 13:37:25.0216 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2010/12/01 13:37:25.0263 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2010/12/01 13:37:25.0294 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2010/12/01 13:37:25.0341 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2010/12/01 13:37:25.0590 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2010/12/01 13:37:25.0637 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2010/12/01 13:37:25.0684 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2010/12/01 13:37:25.0762 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2010/12/01 13:37:25.0809 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/12/01 13:37:25.0840 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2010/12/01 13:37:25.0887 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2010/12/01 13:37:25.0933 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2010/12/01 13:37:25.0980 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2010/12/01 13:37:26.0027 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2010/12/01 13:37:26.0105 dc3d (33e7ab50f87f97abd9057205e27cb182) C:\Windows\system32\DRIVERS\dc3d.sys
2010/12/01 13:37:26.0167 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2010/12/01 13:37:26.0214 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2010/12/01 13:37:26.0277 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2010/12/01 13:37:26.0323 DKbFltr (c701324c9e0c25dd9d60311bd87fbc84) C:\Windows\system32\DRIVERS\DKbFltr.sys
2010/12/01 13:37:26.0417 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2010/12/01 13:37:26.0479 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys
2010/12/01 13:37:26.0667 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2010/12/01 13:37:26.0838 ElbyCDIO (44996a2addd2db7454f2ca40b67d8941) C:\Windows\system32\Drivers\ElbyCDIO.sys
2010/12/01 13:37:26.0916 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2010/12/01 13:37:26.0963 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2010/12/01 13:37:27.0041 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2010/12/01 13:37:27.0072 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2010/12/01 13:37:27.0135 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2010/12/01 13:37:27.0181 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2010/12/01 13:37:27.0213 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2010/12/01 13:37:27.0259 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/12/01 13:37:27.0291 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2010/12/01 13:37:27.0353 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2010/12/01 13:37:27.0384 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2010/12/01 13:37:27.0447 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
2010/12/01 13:37:27.0493 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2010/12/01 13:37:27.0540 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2010/12/01 13:37:27.0634 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2010/12/01 13:37:27.0665 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/12/01 13:37:27.0712 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2010/12/01 13:37:27.0743 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2010/12/01 13:37:27.0790 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2010/12/01 13:37:27.0852 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2010/12/01 13:37:27.0915 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2010/12/01 13:37:27.0977 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2010/12/01 13:37:28.0024 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2010/12/01 13:37:28.0071 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/12/01 13:37:28.0149 iaStor (d483687eace0c065ee772481a96e05f5) C:\Windows\system32\DRIVERS\iaStor.sys
2010/12/01 13:37:28.0227 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
2010/12/01 13:37:28.0445 igfx (45d1a22c0e932768729dd422e175a448) C:\Windows\system32\DRIVERS\igdkmd32.sys
2010/12/01 13:37:28.0617 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2010/12/01 13:37:28.0741 IntcAzAudAddService (f2baa4ff548f7f0317f7638951c1cd9c) C:\Windows\system32\drivers\RTKVHDA.sys
2010/12/01 13:37:28.0851 IntcHdmiAddService (e63cd0d9aa8d406cabde5aa718936f40) C:\Windows\system32\drivers\IntcHdmi.sys
2010/12/01 13:37:28.0882 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2010/12/01 13:37:28.0913 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2010/12/01 13:37:28.0975 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/12/01 13:37:29.0022 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2010/12/01 13:37:29.0085 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2010/12/01 13:37:29.0209 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2010/12/01 13:37:29.0241 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2010/12/01 13:37:29.0287 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/12/01 13:37:29.0365 k57nd60x (eac21e8014c7e6ee341afffb7e2bbd54) C:\Windows\system32\DRIVERS\k57nd60x.sys
2010/12/01 13:37:29.0428 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/12/01 13:37:29.0459 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/12/01 13:37:29.0506 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2010/12/01 13:37:29.0568 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2010/12/01 13:37:29.0677 libusb0 (020dfdb1927c996c990e70ed86cfdb06) C:\Windows\system32\drivers\libusb0.sys
2010/12/01 13:37:29.0755 lirsgt (f8a7212d0864ef5e9185fb95e6623f4d) C:\Windows\system32\DRIVERS\lirsgt.sys
2010/12/01 13:37:29.0818 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/12/01 13:37:29.0896 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2010/12/01 13:37:29.0927 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2010/12/01 13:37:29.0958 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2010/12/01 13:37:29.0989 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2010/12/01 13:37:30.0052 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2010/12/01 13:37:30.0208 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2010/12/01 13:37:30.0255 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2010/12/01 13:37:30.0317 mfeavfk (bafdd5e28baea99d7f4772af2f5ec7ee) C:\Windows\system32\drivers\mfeavfk.sys
2010/12/01 13:37:30.0379 mfebopk (1d003e3056a43d881597d6763e83b943) C:\Windows\system32\drivers\mfebopk.sys
2010/12/01 13:37:30.0442 mfehidk (3f138a1c8a0659f329f242d1e389b2cf) C:\Windows\system32\drivers\mfehidk.sys
2010/12/01 13:37:30.0489 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\Windows\system32\drivers\mferkdk.sys
2010/12/01 13:37:30.0551 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\Windows\system32\drivers\mfesmfk.sys
2010/12/01 13:37:30.0613 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2010/12/01 13:37:30.0645 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2010/12/01 13:37:30.0691 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2010/12/01 13:37:30.0738 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2010/12/01 13:37:30.0785 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2010/12/01 13:37:30.0863 MPFP (4fc96dab9d75c1f544ba45ccbafcae7e) C:\Windows\system32\Drivers\Mpfp.sys
2010/12/01 13:37:30.0910 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2010/12/01 13:37:30.0941 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2010/12/01 13:37:30.0972 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2010/12/01 13:37:31.0019 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/12/01 13:37:31.0066 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/12/01 13:37:31.0113 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/12/01 13:37:31.0175 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2010/12/01 13:37:31.0222 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2010/12/01 13:37:31.0300 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2010/12/01 13:37:31.0331 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2010/12/01 13:37:31.0362 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2010/12/01 13:37:31.0425 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2010/12/01 13:37:31.0456 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/12/01 13:37:31.0503 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2010/12/01 13:37:31.0549 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2010/12/01 13:37:31.0596 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/12/01 13:37:31.0643 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2010/12/01 13:37:31.0674 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2010/12/01 13:37:31.0705 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2010/12/01 13:37:31.0768 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2010/12/01 13:37:31.0815 NDIS (db2532a906d4660b920ce247074d3896) C:\Windows\system32\drivers\ndis.sys
2010/12/01 13:37:31.0830 Suspicious file (Forged): C:\Windows\system32\drivers\ndis.sys. Real md5: db2532a906d4660b920ce247074d3896, Fake md5: 23759d175a0a9baaf04d05047bc135a8
2010/12/01 13:37:31.0830 NDIS - detected Rootkit.Win32.TDSS.tdl3 (0)
2010/12/01 13:37:31.0877 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2010/12/01 13:37:31.0924 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/12/01 13:37:31.0986 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/12/01 13:37:32.0017 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/12/01 13:37:32.0049 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2010/12/01 13:37:32.0095 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2010/12/01 13:37:32.0127 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2010/12/01 13:37:32.0220 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2010/12/01 13:37:32.0251 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2010/12/01 13:37:32.0298 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2010/12/01 13:37:32.0376 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
2010/12/01 13:37:32.0470 NTIDrvr (6dcaa65f49ef3b97a5cffc0cb5de1c2f) C:\Windows\system32\Drivers\NTIDrvr.sys
2010/12/01 13:37:32.0532 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\Windows\system32\DRIVERS\NuidFltr.sys
2010/12/01 13:37:32.0579 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2010/12/01 13:37:32.0610 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
2010/12/01 13:37:32.0641 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
2010/12/01 13:37:32.0673 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2010/12/01 13:37:32.0735 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/12/01 13:37:32.0797 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2010/12/01 13:37:32.0844 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2010/12/01 13:37:32.0875 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2010/12/01 13:37:32.0922 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2010/12/01 13:37:32.0953 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2010/12/01 13:37:33.0000 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2010/12/01 13:37:33.0031 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2010/12/01 13:37:33.0078 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2010/12/01 13:37:33.0234 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2010/12/01 13:37:33.0281 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2010/12/01 13:37:33.0343 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2010/12/01 13:37:33.0406 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
2010/12/01 13:37:33.0468 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2010/12/01 13:37:33.0531 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2010/12/01 13:37:33.0593 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2010/12/01 13:37:33.0671 RapportBuka (e2aa111b00f5205ffd52a57f48b4f642) C:\Windows\system32\drivers\RapportBuka.sys
2010/12/01 13:37:33.0843 RapportCerberus_19917 (539fbdcff37a24102c507092b333ec2b) C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\19917\RapportCerberus_19917.sys
2010/12/01 13:37:33.0967 RapportKELL (b64262f33c53d690ed662fde57102b10) C:\Windows\system32\Drivers\RapportKELL.sys
2010/12/01 13:37:34.0108 RapportPG (c9b8a131aaf77d969cbc3987537b319d) C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
2010/12/01 13:37:34.0186 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2010/12/01 13:37:34.0248 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2010/12/01 13:37:34.0295 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/12/01 13:37:34.0357 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/12/01 13:37:34.0389 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2010/12/01 13:37:34.0420 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2010/12/01 13:37:34.0467 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2010/12/01 13:37:34.0498 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/12/01 13:37:34.0560 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2010/12/01 13:37:34.0591 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2010/12/01 13:37:34.0623 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2010/12/01 13:37:34.0685 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2010/12/01 13:37:34.0763 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2010/12/01 13:37:34.0825 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2010/12/01 13:37:34.0872 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2010/12/01 13:37:34.0950 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/12/01 13:37:35.0013 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2010/12/01 13:37:35.0059 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2010/12/01 13:37:35.0106 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2010/12/01 13:37:35.0169 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2010/12/01 13:37:35.0200 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2010/12/01 13:37:35.0262 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
2010/12/01 13:37:35.0293 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2010/12/01 13:37:35.0340 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2010/12/01 13:37:35.0387 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2010/12/01 13:37:35.0418 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2010/12/01 13:37:35.0449 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2010/12/01 13:37:35.0512 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2010/12/01 13:37:35.0605 sptd (a199171385be17973fd800fa91f8f78a) C:\Windows\system32\Drivers\sptd.sys
2010/12/01 13:37:35.0652 srv (50a83ca406c808bd35ac9141a0c7618f) C:\Windows\system32\DRIVERS\srv.sys
2010/12/01 13:37:35.0699 srv2 (dce7e10feaabd4cae95948b3de5340bb) C:\Windows\system32\DRIVERS\srv2.sys
2010/12/01 13:37:35.0730 srvnet (bd1433a32792fd0dc450479094fc435a) C:\Windows\system32\DRIVERS\srvnet.sys
2010/12/01 13:37:35.0808 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2010/12/01 13:37:35.0855 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2010/12/01 13:37:35.0933 SynTP (aee6e411a915f50101895ba8dc5c15d4) C:\Windows\system32\DRIVERS\SynTP.sys
2010/12/01 13:37:36.0042 Tcpip (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\drivers\tcpip.sys
2010/12/01 13:37:36.0120 TCPIP6 (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\DRIVERS\tcpip.sys
2010/12/01 13:37:36.0167 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2010/12/01 13:37:36.0214 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2010/12/01 13:37:36.0245 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2010/12/01 13:37:36.0276 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2010/12/01 13:37:36.0339 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2010/12/01 13:37:36.0417 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/12/01 13:37:36.0479 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2010/12/01 13:37:36.0526 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2010/12/01 13:37:36.0573 UBHelper (f763e070843ee2803de1395002b42938) C:\Windows\system32\drivers\UBHelper.sys
2010/12/01 13:37:36.0619 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2010/12/01 13:37:36.0682 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2010/12/01 13:37:36.0729 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2010/12/01 13:37:36.0760 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2010/12/01 13:37:36.0853 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys
2010/12/01 13:37:36.0900 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/12/01 13:37:36.0931 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2010/12/01 13:37:36.0963 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
2010/12/01 13:37:37.0009 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
2010/12/01 13:37:37.0041 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2010/12/01 13:37:37.0087 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2010/12/01 13:37:37.0134 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/12/01 13:37:37.0165 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/12/01 13:37:37.0228 usbvideo (f642a7e4bf78cfa359cca0a3557c28d7) C:\Windows\system32\Drivers\usbvideo.sys
2010/12/01 13:37:37.0321 VClone (94d73b62e458fb56c9ce60aa96d914f9) C:\Windows\system32\DRIVERS\VClone.sys
2010/12/01 13:37:37.0384 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2010/12/01 13:37:37.0431 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/12/01 13:37:37.0462 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2010/12/01 13:37:37.0509 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2010/12/01 13:37:37.0540 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2010/12/01 13:37:37.0571 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2010/12/01 13:37:37.0602 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2010/12/01 13:37:37.0633 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2010/12/01 13:37:37.0680 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2010/12/01 13:37:37.0711 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2010/12/01 13:37:37.0774 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2010/12/01 13:37:37.0821 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
2010/12/01 13:37:37.0867 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
2010/12/01 13:37:37.0914 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2010/12/01 13:37:37.0945 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2010/12/01 13:37:37.0977 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2010/12/01 13:37:38.0070 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2010/12/01 13:37:38.0117 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2010/12/01 13:37:38.0226 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2010/12/01 13:37:38.0257 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2010/12/01 13:37:38.0382 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
2010/12/01 13:37:38.0460 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/12/01 13:37:38.0523 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/12/01 13:37:38.0601 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2010/12/01 13:37:38.0632 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/12/01 13:37:38.0741 ================================================================================
2010/12/01 13:37:38.0741 Scan finished
2010/12/01 13:37:38.0741 ================================================================================
2010/12/01 13:37:38.0772 Detected object count: 1
2010/12/01 13:38:11.0981 Rootkit.Win32.TDSS.tdl3(NDIS) - User select action: Skip
LeeAJD
Regular Member
 
Posts: 47
Joined: November 24th, 2010, 6:28 pm

Re: Malware trouble

Unread postby LeeAJD » December 1st, 2010, 9:43 am

I've still had a couple of pop-ups whilst browsing the internet and McAffee has given me a few messages regarding trojans, mainly something like oops.exe.

Seems to be getting better though. I haven't had any messages on start-up from 'nonep' etc.
LeeAJD
Regular Member
 
Posts: 47
Joined: November 24th, 2010, 6:28 pm

Re: Malware trouble

Unread postby Cypher » December 1st, 2010, 12:17 pm

Hi LeeAJD.
What you posted wasn't the ComboFix log it was the script i used as a fix.
Please go to C: and post the ComboFix.txt located there.

Next.

  • First go to Start > Computer > C: and delete the TDSSKiller log that was created there.
  • Next Right click on TDSSKiller.exe and select " Run as administrator " to run it.
  • Click on Start Scan, the scan will run.
  • When the scan has finished Ensure Cure ( the default) is selected... then click Continue > Reboot now.
  • When finished re-booting, a log of the cleanup will be found at C:\TDSSKiller.2.4.0.0_DD.MM.YYYY_HH.MM.SS_log.txt.
  • To find the log go to Start > Computer > C:
  • Post the contents of that log in your next reply please.

Next.

MBRCheck

    Please download MBRCheck.exe and save it to your desktop.
  • Right click on MBRCheck.exe and select " Run as administrator " to run it.
  • A window similar to this should open on your desktop:

Image

  • If you are prompted with options, enter N at the prompt and press Enter
  • Press Enter again.
  • A log will open on your Desktop ...... MBRCheck_mm.dd.yy_hh.mm.ss.txt (where mm.dd.yy_hh.mm.ss are the date and time the scan was run)
  • Please post the contents of the log in your next reply.


Logs/Information to Post in your Next Reply

  • ComboFix.txt.
  • TDSSKiller log.
  • MBRCheck
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Malware trouble

Unread postby LeeAJD » December 1st, 2010, 12:53 pm

Apologies. Here's the ComboFix log

ComboFix

ComboFix 10-11-30.08 - Alex 01/12/2010 12:20:24.2.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3001.2137 [GMT 0:00]
Running from: c:\users\Alex\Desktop\ComboFix.exe
Command switches used :: c:\users\Alex\Desktop\CFScript.txt
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\config\systemprofile\AppData\Local\Uyudogicabe.bin

.
((((((((((((((((((((((((( Files Created from 2010-11-01 to 2010-12-01 )))))))))))))))))))))))))))))))
.

2010-12-01 12:41 . 2010-12-01 12:41 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2010-12-01 12:41 . 2010-12-01 12:41 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2010-12-01 12:41 . 2010-12-01 12:41 -------- d-----w- c:\users\TEMP.Alex-PC\AppData\Local\temp
2010-12-01 12:41 . 2010-12-01 12:41 -------- d-----w- c:\users\Mcx1-ALEX-PC\AppData\Local\temp
2010-12-01 12:41 . 2010-12-01 12:41 -------- d-----w- c:\users\Mcx1-ALEX-PC.Alex-PC\AppData\Local\temp
2010-12-01 12:41 . 2010-12-01 12:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-01 12:02 . 2010-12-01 12:02 -------- d-----w- c:\program files\alot
2010-12-01 12:01 . 2010-12-01 12:01 -------- d-----w- c:\program files\WhiteSmoke
2010-11-30 18:43 . 2010-11-30 18:43 -------- d-----w- c:\program files\ERUNT
2010-11-30 13:57 . 2010-11-30 13:57 -------- d-----w- c:\program files\trend micro
2010-11-30 13:57 . 2010-11-30 13:57 -------- d-----w- C:\rsit
2010-11-30 12:16 . 2010-11-29 17:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-30 12:15 . 2010-11-29 17:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-24 22:07 . 2010-11-25 09:41 -------- d-----w- c:\users\Alex\AppData\Roaming\Yqyxzo
2010-11-20 14:28 . 2010-11-20 14:28 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Apple Computer
2010-11-20 14:21 . 2010-11-20 14:21 -------- d-----w- c:\users\Default\AppData\Roaming\Apple Computer
2010-11-20 14:21 . 2010-11-20 14:21 -------- d-----w- c:\users\Default\AppData\Local\Apple Computer
2010-11-20 06:54 . 2010-11-25 09:33 -------- d-----w- c:\users\Alex\AppData\Roaming\Wyyc
2010-11-20 06:51 . 2010-11-25 09:33 -------- d-----w- c:\users\Alex\AppData\Roaming\Gireo
2010-11-20 06:51 . 2010-11-20 06:51 -------- d-----w- c:\programdata\Office Genuine Advantage
2010-11-16 23:20 . 2010-11-16 23:20 -------- d-----w- c:\program files\iPod
2010-11-11 16:36 . 2010-07-28 19:10 1380352 ----a-w- c:\windows\system32\rapture3d_oal.dll
2010-11-11 16:36 . 2010-03-01 20:51 17686528 ----a-w- c:\windows\system32\mkl_blueripple.dll
2010-11-11 16:36 . 2010-11-11 16:36 -------- d-----w- c:\program files\BRS
2010-11-11 16:33 . 2009-09-04 17:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2010-11-11 16:33 . 2009-09-04 17:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-11-11 16:33 . 2010-11-11 16:34 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2010-11-11 16:33 . 2010-11-11 16:33 -------- d-----w- c:\windows\system32\xlive
2010-11-11 16:24 . 2010-11-11 16:24 -------- d-----w- c:\program files\Codemasters
2010-11-11 16:00 . 2010-11-11 16:00 -------- d-----w- c:\program files\Elaborate Bytes
2010-11-10 17:22 . 2010-11-25 09:33 -------- d-----w- c:\users\Alex\AppData\Roaming\Oludod
2010-11-02 23:33 . 2010-11-03 10:14 -------- d-----w- c:\users\Alex\AppData\Roaming\Uqyz
2010-11-02 23:29 . 2010-11-08 01:19 -------- d-----w- c:\users\Alex\AppData\Roaming\Wyvoo

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-10 19:42 . 2010-10-18 23:45 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-11-04 21:58 . 2009-12-07 09:54 436792 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-10-03 22:43 . 2010-10-03 22:43 59240 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2010-09-28 15:44 . 2010-09-28 15:44 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-09-28 15:44 . 2010-09-28 15:44 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-09-08 10:17 . 2010-09-08 10:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 10:17 . 2010-09-08 10:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-06-17 19:31 . 2010-06-17 19:31 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-11-30_19.05.34 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:55 . 2010-12-01 12:14 47484 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2010-07-31 17:00 . 2010-08-01 11:01 49152 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\PrivacIE\index.dat
+ 2010-07-31 17:00 . 2010-12-01 12:02 49152 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\PrivacIE\index.dat
+ 2010-12-01 12:02 . 2010-12-01 12:02 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010120120101202\index.dat
- 2010-07-02 19:52 . 2010-11-30 12:31 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2010-07-02 19:52 . 2010-11-30 18:50 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2010-10-29 14:23 . 2010-12-01 12:02 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Feeds Cache\index.dat
- 2010-10-29 14:23 . 2010-10-29 14:23 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Feeds Cache\index.dat
+ 2010-02-12 15:24 . 2010-12-01 12:12 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-02-12 15:24 . 2010-11-30 13:55 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-02-12 15:24 . 2010-12-01 12:12 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-02-12 15:24 . 2010-11-30 13:55 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-02-12 15:24 . 2010-12-01 12:12 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-02-12 15:24 . 2010-11-30 13:55 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-02-12 19:01 . 2010-12-01 12:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-02-12 19:01 . 2010-11-30 13:55 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-02-12 19:01 . 2010-11-30 13:55 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-02-12 19:01 . 2010-12-01 12:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-02-12 15:35 . 2010-12-01 12:14 9916 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-56358666-3744733117-3476403463-1000_UserData.bin
+ 2010-12-01 12:02 . 2010-12-01 12:02 3584 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{CEBD267F-FD42-11DF-BD2C-001F16AA5708}.dat
+ 2010-12-01 12:02 . 2010-12-01 12:02 3584 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{CEB13F9D-FD42-11DF-BD2C-001F16AA5708}.dat
+ 2010-12-01 12:02 . 2010-12-01 12:02 4096 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{CEBD2680-FD42-11DF-BD2C-001F16AA5708}.dat
+ 2010-12-01 12:02 . 2010-12-01 12:02 8704 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{CEB13F9E-FD42-11DF-BD2C-001F16AA5708}.dat
+ 2010-12-01 11:48 . 2010-12-01 12:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-11-30 13:54 . 2010-11-30 13:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-11-30 13:54 . 2010-11-30 13:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-12-01 11:48 . 2010-12-01 12:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-02-12 19:00 . 2010-12-01 11:45 298122 c:\windows\System32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2010-02-12 15:21 . 2010-11-30 16:34 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2010-02-12 15:21 . 2010-12-01 12:31 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2010-02-12 14:27 . 2010-12-01 12:12 180224 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-02-12 14:27 . 2010-11-30 18:45 180224 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:41 . 2010-12-01 12:12 524288 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:41 . 2010-11-30 18:45 524288 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-06-28 11:53 . 2008-07-29 18:29 200704 c:\windows\PLFSetI.exe
+ 2009-07-14 02:03 . 2010-12-01 11:59 6815744 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:03 . 2010-11-30 14:06 6815744 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2010-02-12 14:27 . 2010-12-01 12:12 2293760 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-02-12 14:27 . 2010-11-30 18:45 2293760 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2009-07-14 144384]
"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-11-17 135168]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-06 68856]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-07-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-07-12 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-07-12 150552]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-07-13 47904]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-06-10 1218008]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-16 141608]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10i_ActiveX.exe" [2010-08-23 232912]

c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Launch WhiteSmoke.lnk - c:\program files\WhiteSmoke\WSEnrichment.exe [2010-11-10 2170880]

c:\users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Alex\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-11-04 436792]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-26 135664]
R3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\system32\DRIVERS\dc3d.sys [2009-11-04 17408]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-06-17 30192]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [2007-03-20 16896]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-09-23 50424]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-25 1343400]
S0 RapportKELL;RapportKELL;c:\windows\System32\Drivers\RapportKELL.sys [2010-10-03 59240]
S1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [2010-03-02 390528]
S1 RapportCerberus_19917;RapportCerberus_19917;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\19917\RapportCerberus_19917.sys [2010-10-03 34792]
S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [2010-10-03 169320]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-12-18 75048]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2009-08-26 690720]
S2 lxbc_device;lxbc_device;c:\windows\system32\lxbccoms.exe [2007-03-16 537520]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-04-11 61184]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-09-23 144632]
S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [2010-10-03 767208]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-07-06 173352]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-05-25 122368]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2008-09-04 223232]


--- Other Services/Drivers In Memory ---

*Deregistered* - mwlPSDFilter
*Deregistered* - mwlPSDNServ
*Deregistered* - mwlPSDVDisk
.
Contents of the 'Scheduled Tasks' folder

2010-12-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-26 09:43]

2010-12-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-26 09:43]

2010-10-18 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-10-18 11:22]

2010-10-18 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-10-18 11:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACA ... spire_7735
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACA ... spire_7735
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Trusted Zone: internet
Trusted Zone: mcafee.com
FF - ProfilePath - c:\users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\4qqrwy1e.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk
FF - component: c:\program files\Orbitdownloader\addons\OneClickYouTubeDownloader\components\GrabXpcom.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\McAfee\Supportability\MVT\NPMVTPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Alex\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\users\Alex\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - HiddenExtension: XULRunner: {9B3371F8-9E72-429F-90C6-F97EF776E86C} - c:\windows\system32\config\systemprofile\AppData\Local\{9B3371F8-9E72-429F-90C6-F97EF776E86C}\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7600 Disk: WDC_WD32 rev.11.0 -> Harddisk0\DR0 -> \Device\Ide\iaStor0

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x871EBEC5]<<
_asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x1c; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0x885b4872; SUB DWORD [EBP-0x4], 0x885b412e; PUSH EDI; CALL 0xffffffffffffdf33; }
1 ntkrnlpa!IofCallDriver[0x83046458] -> \Device\Harddisk0\DR0[0x8728F408]
3 CLASSPNP[0x843DF59E] -> ntkrnlpa!IofCallDriver[0x83046458] -> \IAAStorageDevice-1[0x85AC2028]
[0x87618580] -> IRP_MJ_CREATE -> 0x871EBEC5
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
detected disk devices:
\Device\Ide\IAAStorageDevice-1 -> \??\IDE#DiskWDC_WD3200BEVT-22ZCT0___________________11.01A11#4&11dfb34e&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user & kernel MBR OK
sectors 625142446 (+255): user != kernel
Warning: possible TDL3 rootkit infection !

**************************************************************************
.
Completion time: 2010-12-01 13:32:46
ComboFix-quarantined-files.txt 2010-12-01 13:32
ComboFix2.txt 2010-11-30 19:10

Pre-Run: 208,304,738,304 bytes free
Post-Run: 208,235,470,848 bytes free

- - End Of File - - 589996AAFDE96450FA54AF6700AB46BA
LeeAJD
Regular Member
 
Posts: 47
Joined: November 24th, 2010, 6:28 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 302 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware