TechSpot

AVG won't remove-Trojan Horse Downloader.Generic 12.BPNF

By Mooovies
Jun 24, 2012
  1. Found this forum while searching for a fix for the infection in the thread title. Have followed the 5 steps and am posting my logs now. Any help would be greatly appreciated. Have been experienceing very slow computer and massive memory usage by svchost files. Also, google searches seem to randomly be re-directed to odd sites and a random "channel" will start playing through the speakers.

    MBAM Log

    Malwarebytes Anti-Malware (Trial) 1.61.0.1400
    www.malwarebytes.org
    Database version: v2012.06.24.06
    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Mooooo :: MOOOOOVIES [administrator]
    Protection: Enabled
    6/24/2012 8:00:01 PM
    mbam-log-2012-06-24 (20-00-01).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
    Scan options disabled:
    Objects scanned: 259453
    Time elapsed: 1 hour(s), 37 minute(s), 20 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)

    GMER Log

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-06-24 21:52:05
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST9120821A rev.3.04
    Running: 3jl4ltcj.exe; Driver: C:\DOCUME~1\Mooooo\LOCALS~1\Temp\uxliifog.sys

    ---- Disk sectors - GMER 1.0.15 ----
    Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!
    Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior
    ---- System - GMER 1.0.15 ----
    SSDT sptd.sys ZwEnumerateKey [0xF741EE2C]
    SSDT sptd.sys ZwEnumerateValueKey [0xF741F1BA]
    ---- Devices - GMER 1.0.15 ----
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 85E282C6
    Device \Driver\atapi \Device\Ide\IdePort0 [F732FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 85E282C6
    Device \Driver\atapi \Device\Ide\IdePort1 [F732FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T0L0-e 85E282C6
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e [F732FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\a5sii1wl \Device\Scsi\a5sii1wl1 85EA11E8
    Device \Driver\a5sii1wl \Device\Scsi\a5sii1wl1Port2Path0Target0Lun0 85EA11E8
    Device 863621E8
    Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
    Device 85FC77A0
    Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)
    AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
    ---- EOF - GMER 1.0.15 ----

    Attach Log

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 8/10/2006 2:16:48 AM
    System Uptime: 6/24/2012 9:57:05 PM (1 hours ago)
    .
    Motherboard: Hewlett-Packard | | 0850
    Processor: Intel(R) Pentium(R) 4 CPU 2.66GHz | WMT478/NWD | 2657/mhz
    .
    ==== Disk Partitions =========================
    .
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP1225: 4/7/2012 9:04:10 PM - Software Distribution Service 3.0
    RP1226: 4/8/2012 11:42:49 PM - System Checkpoint
    RP1227: 4/12/2012 12:56:12 AM - System Checkpoint
    RP1228: 4/12/2012 1:14:09 AM - Software Distribution Service 3.0
    RP1229: 4/15/2012 3:33:06 AM - System Checkpoint
    RP1230: 4/16/2012 11:33:43 PM - System Checkpoint
    RP1231: 4/19/2012 2:48:16 AM - System Checkpoint
    RP1232: 4/22/2012 1:56:52 PM - System Checkpoint
    RP1233: 4/25/2012 12:35:45 AM - System Checkpoint
    RP1234: 5/12/2012 5:29:26 PM - System Checkpoint
    RP1235: 5/13/2012 8:09:31 PM - Software Distribution Service 3.0
    RP1236: 5/18/2012 12:53:35 AM - Software Distribution Service 3.0
    RP1237: 6/23/2012 4:06:44 PM - Software Distribution Service 3.0
    RP1238: 6/24/2012 2:56:54 PM - Software Distribution Service 3.0
    RP1239: 6/24/2012 10:07:06 PM - Software Distribution Service 3.0
    .
    ==== Installed Programs ======================
    .
    Ad-Aware
    Adobe Acrobat 6.0 Professional
    Adobe Flash Player 11 ActiveX
    Adobe Photoshop Elements
    Adobe Reader 8.3.1
    Adobe Shockwave Player
    Adobe SVG Viewer
    Apple Application Support
    Apple Software Update
    ATI - Software Uninstall Utility
    ATI Control Panel
    ATI Display Driver
    AutoUpdate
    AVG 2012
    Bonjour
    Broadcom 802.11 Control Panel
    Broadcom 802.11 Driver
    Compatibility Pack for the 2007 Office system
    Conexant 56K ACLink Modem
    Conexant AC-Link Audio
    Critical Update for Windows Media Player 11 (KB959772)
    DivX Codec
    DivX Converter
    DivX Player
    DivX Web Player
    DVD Decrypter (Remove Only)
    DVD Shrink 3.2
    EPSON CardMonitor
    EPSON PhotoStarter3.0
    EPSON Print CD
    EPSON Printer Software
    EPSON Scan
    EPSON Web-To-Page
    ESPR320 Reference Guide
    Google Update Helper
    HDTV2DVD 0.4
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB2633952)
    Hotfix for Windows XP (KB915800-v4)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB981793)
    HP Product Detection
    ImgBurn (Remove Only)
    InterVideo WinDVD
    iTunes
    J2SE Runtime Environment 5.0 Update 10
    Java(TM) 6 Update 11
    Java(TM) 6 Update 3
    Linksys EasyLink Advisor
    LiveUpdate 2.6 (Symantec Corporation)
    Logitech Harmony Remote Software 7
    Logitech SetPoint
    Malwarebytes Anti-Malware version 1.61.0.1400
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2656353)
    Microsoft .NET Framework 1.1 Security Update (KB2656370)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office File Validation Add-In
    Microsoft Office Professional Edition 2003
    Microsoft Office Publisher 2003
    Microsoft Silverlight
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Windows XP Video Decoder Checkup Utility
    Move Networks Media Player for Internet Explorer
    MSXML 6.0 Parser (KB933579)
    Nero Suite
    NETGEAR WG511v2 54 Mbps Wireless PC Card
    Notebook Utilities
    OGA Notifier 2.0.0048.0
    One-Touch Buttons
    PC Tools on-the-fly Scanner 9.0
    PC Wizard 2010.1.94
    Pure Networks Platform
    Quick View Plus
    QuickTime
    Recuva
    Remote Control USB Driver
    SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Windows Internet Explorer 7 (KB2183461)
    Security Update for Windows Internet Explorer 7 (KB2360131)
    Security Update for Windows Internet Explorer 7 (KB2416400)
    Security Update for Windows Internet Explorer 7 (KB2497640)
    Security Update for Windows Internet Explorer 7 (KB2530548)
    Security Update for Windows Internet Explorer 7 (KB2544521)
    Security Update for Windows Internet Explorer 7 (KB2559049)
    Security Update for Windows Internet Explorer 7 (KB2586448)
    Security Update for Windows Internet Explorer 7 (KB2618444)
    Security Update for Windows Internet Explorer 7 (KB2647516)
    Security Update for Windows Internet Explorer 7 (KB928090)
    Security Update for Windows Internet Explorer 7 (KB929969)
    Security Update for Windows Internet Explorer 7 (KB931768)
    Security Update for Windows Internet Explorer 7 (KB933566)
    Security Update for Windows Internet Explorer 7 (KB937143)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 7 (KB972260)
    Security Update for Windows Internet Explorer 7 (KB974455)
    Security Update for Windows Internet Explorer 7 (KB976325)
    Security Update for Windows Internet Explorer 7 (KB978207)
    Security Update for Windows Internet Explorer 7 (KB982381)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2618444)
    Security Update for Windows Internet Explorer 8 (KB2647516)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Encoder (KB2447961)
    Security Update for Windows Media Encoder (KB954156)
    Security Update for Windows Media Encoder (KB979332)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 10 (KB911565)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows Media Player 9 (KB917734)
    Security Update for Windows Search 4 - KB963093
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2510581)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567053)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2584146)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB2598479)
    Security Update for Windows XP (KB2603381)
    Security Update for Windows XP (KB2618451)
    Security Update for Windows XP (KB2619339)
    Security Update for Windows XP (KB2620712)
    Security Update for Windows XP (KB2621440)
    Security Update for Windows XP (KB2624667)
    Security Update for Windows XP (KB2631813)
    Security Update for Windows XP (KB2633171)
    Security Update for Windows XP (KB2639417)
    Security Update for Windows XP (KB2641653)
    Security Update for Windows XP (KB2646524)
    Security Update for Windows XP (KB2647518)
    Security Update for Windows XP (KB2660465)
    Security Update for Windows XP (KB2661637)
    Security Update for Windows XP (KB913433)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981349)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Speccy
    SpeedFan (remove only)
    Sprint Desktop Sync
    Sprint media manager
    Spybot - Search & Destroy
    SpywareBlaster 4.2
    Synaptics Pointing Device Driver
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 7 (KB976749)
    Update for Windows Internet Explorer 8 (KB2598845)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2607712)
    Update for Windows XP (KB2616676)
    Update for Windows XP (KB2641690)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    VBA (3821h)
    VideoLAN VLC media player 0.8.6c
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    WebEx Support Manager for Internet Explorer
    WebFldrs XP
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Imaging Component
    Windows Internet Explorer 7
    Windows Media Encoder 9 Series
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Presentation Foundation
    Windows XP Service Pack 3
    WinRAR archiver
    WordPerfect Office 2002
    XML Paper Specification Shared Components Pack 1.0
    Yahoo! Anti-Spy
    Yahoo! Install Manager
    .
    ==== Event Viewer Messages From Past Week ========
    .
    6/23/2012 8:19:05 PM, error: Service Control Manager [7034] - The Telephony service terminated unexpectedly. It has done this 7 time(s).
    6/23/2012 8:19:05 PM, error: Service Control Manager [7034] - The System Event Notification service terminated unexpectedly. It has done this 7 time(s).
    6/23/2012 8:19:05 PM, error: Service Control Manager [7034] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 7 time(s).
    6/23/2012 8:19:05 PM, error: Service Control Manager [7034] - The Network Location Awareness (NLA) service terminated unexpectedly. It has done this 7 time(s).
    6/23/2012 8:19:05 PM, error: Service Control Manager [7034] - The COM+ Event System service terminated unexpectedly. It has done this 7 time(s).
    6/23/2012 8:19:05 PM, error: Service Control Manager [7031] - The Windows Time service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    6/23/2012 8:19:05 PM, error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 7 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    6/23/2012 7:52:36 PM, error: Service Control Manager [7034] - The Telephony service terminated unexpectedly. It has done this 4 time(s).
    6/23/2012 7:52:36 PM, error: Service Control Manager [7034] - The System Event Notification service terminated unexpectedly. It has done this 4 time(s).
    6/23/2012 7:52:36 PM, error: Service Control Manager [7034] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 4 time(s).
    6/23/2012 7:52:36 PM, error: Service Control Manager [7034] - The Network Location Awareness (NLA) service terminated unexpectedly. It has done this 4 time(s).
    6/23/2012 7:52:36 PM, error: Service Control Manager [7034] - The COM+ Event System service terminated unexpectedly. It has done this 4 time(s).
    6/23/2012 7:52:36 PM, error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 4 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    6/23/2012 7:52:35 PM, error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    6/23/2012 4:01:14 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Adobe Flash Player Update Service service to connect.
    6/23/2012 4:01:14 PM, error: Service Control Manager [7000] - The Adobe Flash Player Update Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    6/23/2012 3:35:42 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the .NET Runtime Optimization Service v2.0.50727_X86 service to connect.
    .
    ==== End Of File ===========================

    DDS Log

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702
    Run by Mooooo at 22:53:40 on 2012-06-24
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.959.108 [GMT -4:00]
    .
    AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
    C:\Program Files\AVG\AVG2012\avgcsrvx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    svchost.exe
    C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\carpserv.exe
    C:\Program Files\AVG\AVG2012\avgtray.exe
    C:\WINDOWS\system32\HPConfig.exe
    C:\Program Files\AVG\AVG2012\avgnsx.exe
    C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
    C:\Program Files\AVG\AVG2012\avgemcx.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.ajc.com/
    uInternet Settings,ProxyOverride = *.local
    BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7018.1622\swg.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
    TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [CARPService] carpserv.exe
    mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    mRun: [WebEx Document Loader] c:\windows\system32\spool\drivers\w32x86\3\E_FATI9FA.EXE /P21 "WebEx Document Loader" /O26 "WebEx Document Loader Port" /M "Stylus Photo R320"
    mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    dRunOnce: [AutoLaunch] c:\program files\lavasoft\ad-aware\AutoLaunch.exe monthly
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab
    DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} - hxxp://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
    DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://fb.familylink.com/we_are_related/stream/core/lib/AurigmaImageUploader/ImageUploader5.cab
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1193782944739
    DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
    DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - hxxps://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
    DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
    DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{3BF66501-402B-45EA-9144-08623F8AF6F1} : DhcpNameServer = 192.168.1.1
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
    Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 23120]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-1-19 32592]
    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-6-6 64160]
    R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2012-3-25 383368]
    R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2012-3-25 342168]
    R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2012-3-25 909728]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 230608]
    R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 40016]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-2-10 295248]
    R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [2012-3-25 203088]
    R3 ALiIRDA;ALi Infrared Device Driver;c:\windows\system32\drivers\alifir.sys [2006-8-9 26624]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-3-30 134608]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24272]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 16720]
    R3 CALIAUD;Conexant AMC 3D Environmental Audio;c:\windows\system32\drivers\caliaud.sys [2004-2-17 292352]
    R3 CALIHALA;CALIHALA;c:\windows\system32\drivers\calihal.sys [2004-2-17 273536]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-11 22344]
    S3 MEITUNER;FireBus MPEG2TS Tuner Subunit Device;c:\windows\system32\drivers\meistb.sys [2007-1-18 22891]
    S3 MSPANEL;Motorola AVC Panel Device;c:\windows\system32\drivers\mstapeo.sys [2007-1-18 49024]
    .
    =============== File Associations ===============
    .
    .txt=
    .
    =============== Created Last 30 ================
    .
    .
    ==================== Find3M ====================
    .
    2012-06-24 03:35:27 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-06-24 03:35:26 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-04-04 19:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    .
    =================== ROOTKIT ====================
    .
    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 5.1.2600 Disk: ST9120821A rev.3.04 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
    .
    device: opened successfully
    user: MBR read successfully
    .
    Disk trace:
    called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys PCTCore.sys ACPI.sys hal.dll >>UNKNOWN [0x85E4249F]<<
    c:\windows\system32\drivers\PCTCore.sys PC Tools Kernel Driver Suite
    _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x85e49740]; MOV EAX, [0x85e498b4]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
    1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x86336AB8]
    3 CLASSPNP[0xF7581FD7] -> nt!IofCallDriver[0x804E37D5] -> [0x86326920]
    5 PCTCore[0xF727482D] -> nt!IofCallDriver[0x804E37D5] -> \Device\00000085[0x863393B8]
    7 ACPI[0xF73D8620] -> nt!IofCallDriver[0x804E37D5] -> [0x862F4940]
    \Driver\atapi[0x85F82030] -> IRP_MJ_CREATE -> 0x85E4249F
    error: Read A device attached to the system is not functioning.
    kernel: MBR read successfully
    _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
    detected disk devices:
    detected hooks:
    \Driver\atapi DriverStartIo -> 0x85E422C6
    user & kernel MBR OK
    Warning: possible TDL3 rootkit infection !
    .
    ============= FINISH: 22:57:10.14 ===============
     
  2. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ==================================================

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  3. Mooovies

    Mooovies TS Rookie Topic Starter

    TDSSKiller Log

    01:21:33.0290 3304 TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32
    01:21:33.0821 3304 ============================================================
    01:21:33.0821 3304 Current date / time: 2012/06/25 01:21:33.0811
    01:21:33.0821 3304 SystemInfo:
    01:21:33.0821 3304
    01:21:33.0821 3304 OS Version: 5.1.2600 ServicePack: 3.0
    01:21:33.0821 3304 Product type: Workstation
    01:21:33.0821 3304 ComputerName: MOOOOOVIES
    01:21:33.0821 3304 UserName: Mooooo
    01:21:33.0821 3304 Windows directory: C:\WINDOWS
    01:21:33.0821 3304 System windows directory: C:\WINDOWS
    01:21:33.0821 3304 Processor architecture: Intel x86
    01:21:33.0821 3304 Number of processors: 1
    01:21:33.0821 3304 Page size: 0x1000
    01:21:33.0821 3304 Boot type: Normal boot
    01:21:33.0821 3304 ============================================================
    01:21:49.0033 3304 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
    01:21:49.0173 3304 Drive \Device\Harddisk1\DR2 - Size: 0x45DD826000 (279.46 Gb), SectorSize: 0x200, Cylinders: 0x8E81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    01:21:56.0433 3304 Drive \Device\Harddisk2\DR3 - Size: 0x45DD826000 (279.46 Gb), SectorSize: 0x200, Cylinders: 0x8E81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    01:22:03.0794 3304 ============================================================
    01:22:03.0794 3304 \Device\Harddisk0\DR0:
    01:22:03.0804 3304 MBR partitions:
    01:22:03.0814 3304 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xDF8F8C1
    01:22:03.0814 3304 \Device\Harddisk1\DR2:
    01:22:03.0814 3304 MBR partitions:
    01:22:03.0814 3304 \Device\Harddisk1\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x22EEAD02
    01:22:03.0814 3304 \Device\Harddisk2\DR3:
    01:22:03.0814 3304 MBR partitions:
    01:22:03.0814 3304 \Device\Harddisk2\DR3\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x22EEAD02
    01:22:03.0814 3304 ============================================================
    01:22:03.0954 3304 C: <-> \Device\Harddisk0\DR0\Partition0
    01:22:04.0004 3304 G: <-> \Device\Harddisk1\DR2\Partition0
    01:22:04.0074 3304 H: <-> \Device\Harddisk2\DR3\Partition0
    01:22:04.0205 3304 ============================================================
    01:22:04.0205 3304 Initialize success
     
  4. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    This is not a whole log.

     
  5. Mooovies

    Mooovies TS Rookie Topic Starter

    Ooops, here it is

    01:21:33.0290 3304 TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32
    01:21:33.0821 3304 ============================================================
    01:21:33.0821 3304 Current date / time: 2012/06/25 01:21:33.0811
    01:21:33.0821 3304 SystemInfo:
    01:21:33.0821 3304
    01:21:33.0821 3304 OS Version: 5.1.2600 ServicePack: 3.0
    01:21:33.0821 3304 Product type: Workstation
    01:21:33.0821 3304 ComputerName: MOOOOOVIES
    01:21:33.0821 3304 UserName: Mooooo
    01:21:33.0821 3304 Windows directory: C:\WINDOWS
    01:21:33.0821 3304 System windows directory: C:\WINDOWS
    01:21:33.0821 3304 Processor architecture: Intel x86
    01:21:33.0821 3304 Number of processors: 1
    01:21:33.0821 3304 Page size: 0x1000
    01:21:33.0821 3304 Boot type: Normal boot
    01:21:33.0821 3304 ============================================================
    01:21:49.0033 3304 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
    01:21:49.0173 3304 Drive \Device\Harddisk1\DR2 - Size: 0x45DD826000 (279.46 Gb), SectorSize: 0x200, Cylinders: 0x8E81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    01:21:56.0433 3304 Drive \Device\Harddisk2\DR3 - Size: 0x45DD826000 (279.46 Gb), SectorSize: 0x200, Cylinders: 0x8E81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    01:22:03.0794 3304 ============================================================
    01:22:03.0794 3304 \Device\Harddisk0\DR0:
    01:22:03.0804 3304 MBR partitions:
    01:22:03.0814 3304 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xDF8F8C1
    01:22:03.0814 3304 \Device\Harddisk1\DR2:
    01:22:03.0814 3304 MBR partitions:
    01:22:03.0814 3304 \Device\Harddisk1\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x22EEAD02
    01:22:03.0814 3304 \Device\Harddisk2\DR3:
    01:22:03.0814 3304 MBR partitions:
    01:22:03.0814 3304 \Device\Harddisk2\DR3\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x22EEAD02
    01:22:03.0814 3304 ============================================================
    01:22:03.0954 3304 C: <-> \Device\Harddisk0\DR0\Partition0
    01:22:04.0004 3304 G: <-> \Device\Harddisk1\DR2\Partition0
    01:22:04.0074 3304 H: <-> \Device\Harddisk2\DR3\Partition0
    01:22:04.0205 3304 ============================================================
    01:22:04.0205 3304 Initialize success
    01:22:04.0205 3304 ============================================================
    01:22:18.0355 1164 ============================================================
    01:22:18.0355 1164 Scan started
    01:22:18.0355 1164 Mode: Manual;
    01:22:18.0355 1164 ============================================================
    01:22:22.0851 1164 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
    01:22:22.0871 1164 61883 - ok
    01:22:22.0901 1164 Abiosdsk - ok
    01:22:22.0972 1164 abp480n5 - ok
    01:22:23.0192 1164 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    01:22:23.0272 1164 ACPI - ok
    01:22:23.0392 1164 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
    01:22:23.0402 1164 ACPIEC - ok
    01:22:23.0723 1164 AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    01:22:23.0843 1164 AdobeFlashPlayerUpdateSvc - ok
    01:22:23.0883 1164 adpu160m - ok
    01:22:24.0083 1164 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    01:22:24.0183 1164 aec - ok
    01:22:24.0384 1164 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
    01:22:24.0424 1164 AFD - ok
    01:22:24.0444 1164 Aha154x - ok
    01:22:24.0514 1164 aic78u2 - ok
    01:22:24.0594 1164 aic78xx - ok
    01:22:24.0664 1164 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
    01:22:24.0684 1164 Alerter - ok
    01:22:24.0764 1164 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
    01:22:24.0784 1164 ALG - ok
    01:22:24.0994 1164 aliadwdm (065a6d38a79216592de03f3525d6296e) C:\WINDOWS\system32\drivers\ac97ali.sys
    01:22:25.0115 1164 aliadwdm - ok
    01:22:25.0205 1164 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
    01:22:25.0215 1164 AliIde - ok
    01:22:25.0285 1164 ALiIRDA (d81f7d885e9393b09ec5e46ed8d91565) C:\WINDOWS\system32\DRIVERS\alifir.sys
    01:22:25.0305 1164 ALiIRDA - ok
    01:22:25.0325 1164 amsint - ok
    01:22:25.0535 1164 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
    01:22:25.0595 1164 AppMgmt - ok
    01:22:25.0655 1164 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
    01:22:25.0685 1164 Arp1394 - ok
    01:22:25.0705 1164 asc - ok
    01:22:25.0776 1164 asc3350p - ok
    01:22:25.0856 1164 asc3550 - ok
    01:22:26.0306 1164 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
    01:22:26.0437 1164 aspnet_state - ok
    01:22:26.0527 1164 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    01:22:26.0547 1164 AsyncMac - ok
    01:22:26.0657 1164 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    01:22:26.0657 1164 atapi - ok
    01:22:26.0677 1164 Atdisk - ok
    01:22:27.0328 1164 ati2mtag (83f24e252908e59c4a7ef203bf7f4c02) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
    01:22:27.0618 1164 ati2mtag - ok
    01:22:27.0698 1164 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    01:22:27.0718 1164 Atmarpc - ok
    01:22:27.0829 1164 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
    01:22:27.0849 1164 AudioSrv - ok
    01:22:27.0909 1164 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    01:22:27.0919 1164 audstub - ok
    01:22:28.0009 1164 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
    01:22:28.0029 1164 Avc - ok
    01:22:28.0249 1164 AVCSTRM (e625773d7b950842d582f713656859c0) C:\WINDOWS\system32\DRIVERS\avcstrm.sys
    01:22:28.0389 1164 AVCSTRM - ok
    01:22:32.0035 1164 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
    01:22:34.0428 1164 AVGIDSAgent - ok
    01:22:35.0309 1164 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
    01:22:35.0550 1164 AVGIDSDriver - ok
    01:22:36.0541 1164 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
    01:22:36.0611 1164 AVGIDSEH - ok
    01:22:36.0962 1164 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
    01:22:36.0982 1164 AVGIDSFilter - ok
    01:22:37.0062 1164 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
    01:22:37.0082 1164 AVGIDSShim - ok
    01:22:37.0452 1164 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
    01:22:37.0583 1164 Avgldx86 - ok
    01:22:37.0673 1164 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
    01:22:37.0693 1164 Avgmfx86 - ok
    01:22:37.0783 1164 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
    01:22:37.0803 1164 Avgrkx86 - ok
    01:22:37.0993 1164 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
    01:22:38.0434 1164 Avgtdix - ok
    01:22:39.0816 1164 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    01:22:39.0896 1164 avgwd - ok
    01:22:40.0316 1164 BCM43XX (b89bcf0a25aeb3b47030ac83287f894a) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
    01:22:40.0617 1164 BCM43XX - ok
    01:22:40.0687 1164 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    01:22:40.0697 1164 Beep - ok
    01:22:41.0007 1164 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
    01:22:41.0198 1164 BITS - ok
    01:22:41.0538 1164 Bonjour Service (673cf4f6bb1fbe09331b526802fbb892) C:\Program Files\Bonjour\mDNSResponder.exe
    01:22:41.0799 1164 Bonjour Service - ok
    01:22:41.0949 1164 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
    01:22:41.0989 1164 Browser - ok
    01:22:42.0029 1164 BVRPMPR5 - ok
    01:22:42.0279 1164 CALIAUD (f77ab3dea1b770a8c386797b29cdb5ad) C:\WINDOWS\system32\drivers\caliaud.sys
    01:22:42.0409 1164 CALIAUD - ok
    01:22:42.0660 1164 CALIHALA (86ce67eea284f55f8664d00902623ab9) C:\WINDOWS\system32\drivers\calihal.sys
    01:22:42.0770 1164 CALIHALA - ok
    01:22:42.0840 1164 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    01:22:42.0850 1164 cbidf2k - ok
    01:22:42.0920 1164 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    01:22:42.0930 1164 CCDECODE - ok
    01:22:42.0960 1164 cd20xrnt - ok
    01:22:43.0070 1164 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    01:22:43.0080 1164 Cdaudio - ok
    01:22:43.0181 1164 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    01:22:43.0211 1164 Cdfs - ok
    01:22:43.0301 1164 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    01:22:43.0331 1164 Cdrom - ok
    01:22:43.0351 1164 Changer - ok
    01:22:43.0431 1164 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
    01:22:43.0501 1164 CiSvc - ok
    01:22:43.0591 1164 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
    01:22:43.0611 1164 ClipSrv - ok
    01:22:43.0771 1164 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    01:22:43.0902 1164 clr_optimization_v2.0.50727_32 - ok
    01:22:43.0952 1164 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
    01:22:43.0972 1164 CmBatt - ok
    01:22:43.0992 1164 CmdIde - ok
    01:22:44.0082 1164 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
    01:22:44.0132 1164 Compbatt - ok
    01:22:44.0152 1164 COMSysApp - ok
    01:22:44.0292 1164 Cpqarray - ok
    01:22:44.0442 1164 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
    01:22:44.0482 1164 CryptSvc - ok
    01:22:44.0492 1164 dac2w2k - ok
    01:22:44.0573 1164 dac960nt - ok
    01:22:44.0863 1164 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
    01:22:45.0043 1164 DcomLaunch - ok
    01:22:45.0193 1164 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
    01:22:45.0244 1164 Dhcp - ok
    01:22:45.0304 1164 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    01:22:45.0334 1164 Disk - ok
    01:22:45.0414 1164 DKbFltr (2aebf5150b5761f19e48b587b3ac8842) C:\WINDOWS\system32\Drivers\DKbFltr.SYS
    01:22:45.0424 1164 DKbFltr - ok
    01:22:45.0454 1164 dmadmin - ok
    01:22:46.0025 1164 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    01:22:46.0575 1164 dmboot - ok
    01:22:46.0716 1164 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    01:22:46.0786 1164 dmio - ok
    01:22:46.0836 1164 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    01:22:46.0836 1164 dmload - ok
    01:22:46.0946 1164 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
    01:22:46.0956 1164 dmserver - ok
    01:22:47.0026 1164 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    01:22:47.0056 1164 DMusic - ok
    01:22:47.0317 1164 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
    01:22:47.0317 1164 Dnscache - ok
    01:22:47.0467 1164 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
    01:22:47.0517 1164 Dot3svc - ok
    01:22:47.0537 1164 dpti2o - ok
    01:22:47.0627 1164 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    01:22:47.0657 1164 drmkaud - ok
    01:22:47.0747 1164 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
    01:22:47.0767 1164 EapHost - ok
    01:22:47.0837 1164 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
    01:22:47.0857 1164 ERSvc - ok
    01:22:48.0008 1164 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
    01:22:48.0038 1164 Eventlog - ok
    01:22:48.0448 1164 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
    01:22:48.0528 1164 EventSystem - ok
    01:22:48.0638 1164 FA312 (aa855fb8a866281aacb393c1feab91ae) C:\WINDOWS\system32\DRIVERS\FA312nd5.sys
    01:22:48.0648 1164 FA312 - ok
    01:22:48.0799 1164 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    01:22:48.0899 1164 Fastfat - ok
    01:22:49.0039 1164 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
    01:22:49.0079 1164 FastUserSwitchingCompatibility - ok
    01:22:49.0339 1164 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    01:22:49.0349 1164 Fdc - ok
    01:22:49.0460 1164 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    01:22:49.0480 1164 Fips - ok
    01:22:49.0580 1164 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    01:22:49.0590 1164 Flpydisk - ok
    01:22:49.0750 1164 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    01:22:49.0800 1164 FltMgr - ok
    01:22:49.0960 1164 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    01:22:49.0990 1164 FontCache3.0.0.0 - ok
    01:22:50.0071 1164 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    01:22:50.0081 1164 Fs_Rec - ok
    01:22:50.0201 1164 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    01:22:50.0261 1164 Ftdisk - ok
    01:22:50.0331 1164 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
    01:22:50.0351 1164 GEARAspiWDM - ok
    01:22:50.0421 1164 giveio (77ebf3e9386daa51551af429052d88d0) C:\WINDOWS\system32\giveio.sys
    01:22:50.0431 1164 giveio - ok
    01:22:50.0561 1164 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    01:22:50.0581 1164 Gpc - ok
    01:22:50.0842 1164 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
    01:22:50.0902 1164 gupdate - ok
    01:22:50.0942 1164 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
    01:22:50.0942 1164 gupdatem - ok
    01:22:51.0332 1164 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    01:22:51.0473 1164 gusvc - ok
    01:22:51.0613 1164 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
    01:22:51.0613 1164 helpsvc - ok
    01:22:51.0683 1164 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
    01:22:51.0693 1164 HidServ - ok
    01:22:51.0783 1164 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    01:22:51.0823 1164 hidusb - ok
    01:22:51.0913 1164 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
    01:22:51.0943 1164 hkmsvc - ok
    01:22:52.0023 1164 HPCI (708f5d243ce450bc937dedabd39d3600) C:\WINDOWS\system32\DRIVERS\hpci.sys
    01:22:52.0033 1164 HPCI - ok
    01:22:52.0174 1164 HPConfig (cd040ac1f1b10f5ae56a1f51d107ab9b) C:\WINDOWS\system32\HPConfig.exe
    01:22:52.0234 1164 HPConfig - ok
    01:22:52.0284 1164 hpn - ok
    01:22:52.0424 1164 HPWirelessMgr (25b50908f4c033ca812e3ad898c942b8) C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
    01:22:52.0454 1164 HPWirelessMgr - ok
    01:22:52.0604 1164 HSFHWALI (908264a0f015b7086d9e4ddcfe46922a) C:\WINDOWS\system32\DRIVERS\HSFHWALI.sys
    01:22:52.0704 1164 HSFHWALI - ok
    01:22:53.0295 1164 HSF_DP (9b731969ba86d9a3ca55638264603e12) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
    01:22:53.0776 1164 HSF_DP - ok
    01:22:54.0327 1164 HSF_DPV (5a8585e84425e823d6cf22515cabf5d0) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
    01:22:54.0787 1164 HSF_DPV - ok
    01:22:55.0008 1164 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    01:22:55.0098 1164 HTTP - ok
    01:22:55.0188 1164 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
    01:22:55.0208 1164 HTTPFilter - ok
    01:22:55.0248 1164 i2omgmt - ok
    01:22:55.0338 1164 i2omp - ok
    01:22:55.0608 1164 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    01:22:55.0649 1164 i8042prt - ok
    01:22:56.0249 1164 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    01:22:56.0630 1164 idsvc - ok
    01:22:56.0730 1164 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    01:22:56.0750 1164 Imapi - ok
    01:22:56.0910 1164 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
    01:22:56.0970 1164 ImapiService - ok
    01:22:57.0051 1164 ini910u - ok
    01:22:57.0201 1164 IntelIde - ok
    01:22:57.0311 1164 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    01:22:57.0331 1164 intelppm - ok
    01:22:57.0451 1164 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    01:22:57.0471 1164 Ip6Fw - ok
    01:22:57.0561 1164 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    01:22:57.0581 1164 IpFilterDriver - ok
    01:22:57.0671 1164 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    01:22:57.0681 1164 IpInIp - ok
    01:22:57.0832 1164 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    01:22:57.0932 1164 IpNat - ok
    01:22:58.0463 1164 iPod Service (0ca8c2e721617aa2f923a8151c96fb33) C:\Program Files\iPod\bin\iPodService.exe
    01:22:58.0823 1164 iPod Service - ok
    01:22:59.0013 1164 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    01:22:59.0053 1164 IPSec - ok
    01:22:59.0204 1164 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
    01:22:59.0244 1164 irda - ok
    01:22:59.0314 1164 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    01:22:59.0324 1164 IRENUM - ok
    01:22:59.0394 1164 Irmon (49cc4533ce897cb2e93c1e84a818fde5) C:\WINDOWS\System32\irmon.dll
    01:22:59.0414 1164 Irmon - ok
    01:22:59.0524 1164 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    01:22:59.0564 1164 isapnp - ok
    01:22:59.0654 1164 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    01:22:59.0664 1164 Kbdclass - ok
    01:22:59.0704 1164 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    01:22:59.0754 1164 kbdhid - ok
    01:22:59.0895 1164 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    01:22:59.0995 1164 kmixer - ok
    01:23:00.0105 1164 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    01:23:00.0115 1164 KSecDD - ok
    01:23:00.0225 1164 L8042Kbd (5a11400ea1f0a106fe7edb28c270f7b8) C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
    01:23:00.0235 1164 L8042Kbd - ok
    01:23:00.0355 1164 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
    01:23:00.0385 1164 lanmanserver - ok
    01:23:00.0516 1164 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
    01:23:00.0576 1164 lanmanworkstation - ok
    01:23:01.0297 1164 Lavasoft Ad-Aware Service (193146149076b331c008c1c0af6fa5b9) C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    01:23:01.0747 1164 Lavasoft Ad-Aware Service - ok
    01:23:01.0888 1164 Lbd (419590ebe7855215bb157ea0cf0d0531) C:\WINDOWS\system32\DRIVERS\Lbd.sys
    01:23:01.0918 1164 Lbd - ok
    01:23:01.0958 1164 lbrtfdc - ok
    01:23:02.0108 1164 LHidFlt2 (63b00a26f62572e0d58e6c8d3b32bf59) C:\WINDOWS\system32\DRIVERS\LHidFlt2.Sys
    01:23:02.0138 1164 LHidFlt2 - ok
    01:23:02.0228 1164 LHidKe (31b582394da3290dff300f10952e9a4d) C:\WINDOWS\system32\DRIVERS\LHidKE.Sys
    01:23:02.0248 1164 LHidKe - ok
    01:23:02.0338 1164 LHidUsb (ac05a1b5c66d693b1598fd83617d1820) C:\WINDOWS\system32\Drivers\LHidUsb.Sys
    01:23:02.0368 1164 LHidUsb - ok
    01:23:02.0589 1164 LinksysUpdater (06dc2fdc6282f0d68910417b1150c848) C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
    01:23:02.0699 1164 LinksysUpdater - ok
    01:23:02.0769 1164 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
    01:23:02.0769 1164 LmHosts - ok
    01:23:02.0889 1164 LMouFlt2 (03abef1a29addc98c32ed0f336b98e90) C:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys
    01:23:02.0919 1164 LMouFlt2 - ok
    01:23:03.0039 1164 LMouKE (90a794d0a0bf3531c4ba1c0510449629) C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
    01:23:03.0059 1164 LMouKE - ok
    01:23:03.0129 1164 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys
    01:23:03.0159 1164 MBAMProtector - ok
    01:23:03.0540 1164 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    01:23:03.0840 1164 MBAMService - ok
    01:23:03.0910 1164 MDC8021X (73c0d9baa649c3df94761474e8c5f8c9) C:\WINDOWS\system32\DRIVERS\mdc8021x.sys
    01:23:03.0930 1164 MDC8021X - ok
    01:23:04.0061 1164 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
    01:23:04.0071 1164 mdmxsdk - ok
    01:23:04.0161 1164 MEITUNER (1968aa72f5c23c5010a126b5ee0c3539) C:\WINDOWS\system32\DRIVERS\meistb.sys
    01:23:04.0181 1164 MEITUNER - ok
    01:23:04.0261 1164 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
    01:23:04.0281 1164 Messenger - ok
    01:23:04.0361 1164 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    01:23:04.0361 1164 mnmdd - ok
    01:23:04.0421 1164 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
    01:23:04.0461 1164 mnmsrvc - ok
    01:23:04.0561 1164 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    01:23:04.0581 1164 Modem - ok
    01:23:04.0661 1164 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
    01:23:04.0672 1164 MODEMCSA - ok
    01:23:04.0792 1164 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    01:23:04.0802 1164 Mouclass - ok
    01:23:04.0832 1164 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    01:23:04.0862 1164 mouhid - ok
    01:23:04.0962 1164 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    01:23:04.0992 1164 MountMgr - ok
    01:23:05.0042 1164 mraid35x - ok
    01:23:05.0222 1164 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    01:23:05.0312 1164 MRxDAV - ok
    01:23:05.0623 1164 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    01:23:05.0793 1164 MRxSmb - ok
    01:23:05.0853 1164 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
    01:23:05.0863 1164 MSDTC - ok
    01:23:05.0963 1164 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    01:23:05.0993 1164 Msfs - ok
    01:23:06.0064 1164 MSIServer - ok
    01:23:06.0184 1164 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    01:23:06.0194 1164 MSKSSRV - ok
    01:23:06.0294 1164 MSPANEL (ad4609a1523656f740c70178e67fd5d2) C:\WINDOWS\system32\DRIVERS\mstapeo.sys
    01:23:06.0324 1164 MSPANEL - ok
    01:23:06.0364 1164 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    01:23:06.0394 1164 MSPCLOCK - ok
    01:23:06.0464 1164 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    01:23:06.0474 1164 MSPQM - ok
    01:23:06.0644 1164 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    01:23:06.0654 1164 mssmbios - ok
    01:23:06.0785 1164 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
    01:23:06.0795 1164 MSTEE - ok
    01:23:06.0915 1164 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
    01:23:06.0935 1164 Mup - ok
    01:23:07.0065 1164 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    01:23:07.0115 1164 NABTSFEC - ok
    01:23:07.0325 1164 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
    01:23:07.0445 1164 napagent - ok
    01:23:07.0626 1164 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    01:23:07.0706 1164 NDIS - ok
    01:23:07.0806 1164 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    01:23:07.0826 1164 NdisIP - ok
    01:23:07.0896 1164 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    01:23:07.0896 1164 NdisTapi - ok
    01:23:07.0936 1164 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    01:23:07.0956 1164 Ndisuio - ok
    01:23:08.0076 1164 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    01:23:08.0157 1164 NdisWan - ok
    01:23:08.0237 1164 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    01:23:08.0237 1164 NDProxy - ok
    01:23:08.0317 1164 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    01:23:08.0347 1164 NetBIOS - ok
    01:23:08.0477 1164 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    01:23:08.0617 1164 NetBT - ok
    01:23:08.0737 1164 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
    01:23:08.0787 1164 NetDDE - ok
    01:23:08.0827 1164 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
    01:23:08.0837 1164 NetDDEdsdm - ok
    01:23:08.0938 1164 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
    01:23:08.0938 1164 Netlogon - ok
    01:23:09.0098 1164 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
    01:23:09.0238 1164 Netman - ok
    01:23:09.0508 1164 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    01:23:09.0569 1164 NetTcpPortSharing - ok
    01:23:09.0679 1164 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
    01:23:09.0759 1164 NIC1394 - ok
    01:23:09.0969 1164 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
    01:23:10.0039 1164 Nla - ok
    01:23:10.0680 1164 nmservice (0f078c31e9123df22a49c54b26ce556a) C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    01:23:10.0951 1164 nmservice - ok
    01:23:11.0041 1164 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    01:23:11.0131 1164 Npfs - ok
    01:23:11.0591 1164 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    01:23:11.0832 1164 Ntfs - ok
    01:23:11.0922 1164 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
    01:23:11.0922 1164 NtLmSsp - ok
    01:23:12.0202 1164 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
    01:23:12.0383 1164 NtmsSvc - ok
    01:23:12.0483 1164 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    01:23:12.0483 1164 Null - ok
    01:23:12.0563 1164 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    01:23:12.0583 1164 NwlnkFlt - ok
    01:23:12.0643 1164 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    01:23:12.0713 1164 NwlnkFwd - ok
    01:23:12.0823 1164 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
    01:23:12.0893 1164 ohci1394 - ok
    01:23:13.0114 1164 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    01:23:13.0204 1164 ose - ok
    01:23:13.0384 1164 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
    01:23:13.0504 1164 Parport - ok
    01:23:13.0664 1164 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    01:23:13.0694 1164 PartMgr - ok
    01:23:13.0765 1164 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    01:23:13.0835 1164 ParVdm - ok
    01:23:13.0935 1164 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    01:23:13.0985 1164 PCI - ok
    01:23:14.0025 1164 PCIDump - ok
    01:23:14.0115 1164 PCIIde - ok
    01:23:14.0335 1164 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
    01:23:14.0446 1164 Pcmcia - ok
    01:23:14.0766 1164 PCTCore (3bdcb8b1f3af6c6b1dd0d3e93e9ea620) C:\WINDOWS\system32\drivers\PCTCore.sys
    01:23:14.0946 1164 PCTCore - ok
    01:23:15.0237 1164 pctDS (3c9fd593e95b98c642b4486cd122c2fb) C:\WINDOWS\system32\drivers\pctDS.sys
    01:23:15.0377 1164 pctDS - ok
    01:23:15.0868 1164 pctEFA (db6b6e47165b9647b215ceeb4db33b87) C:\WINDOWS\system32\drivers\pctEFA.sys
    01:23:16.0268 1164 pctEFA - ok
    01:23:16.0458 1164 PCTSD (0ee7d63f463b8efd387f0c2ba8312830) C:\WINDOWS\system32\Drivers\PCTSD.sys
    01:23:16.0539 1164 PCTSD - ok
    01:23:16.0619 1164 PDCOMP - ok
    01:23:16.0709 1164 PDFRAME - ok
    01:23:16.0779 1164 PDRELI - ok
    01:23:16.0859 1164 PDRFRAME - ok
    01:23:16.0939 1164 perc2 - ok
    01:23:17.0049 1164 perc2hib - ok
    01:23:17.0300 1164 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
    01:23:17.0310 1164 PlugPlay - ok
    01:23:17.0400 1164 pnarp (dea06627596015263360097c2608384e) C:\WINDOWS\system32\DRIVERS\pnarp.sys
    01:23:17.0410 1164 pnarp - ok
    01:23:17.0520 1164 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
    01:23:17.0520 1164 PolicyAgent - ok
    01:23:17.0650 1164 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    01:23:17.0680 1164 PptpMiniport - ok
    01:23:17.0720 1164 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
    01:23:17.0760 1164 ProtectedStorage - ok
    01:23:17.0870 1164 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    01:23:17.0901 1164 PSched - ok
    01:23:17.0961 1164 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    01:23:17.0971 1164 Ptilink - ok
    01:23:18.0071 1164 purendis (c0cdb9f7ce42c3487f0bea409bf5d153) C:\WINDOWS\system32\DRIVERS\purendis.sys
    01:23:18.0091 1164 purendis - ok
    01:23:18.0211 1164 PxHelp20 (1962166e0ceb740704f30fa55ad3d509) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    01:23:18.0231 1164 PxHelp20 - ok
    01:23:18.0241 1164 ql1080 - ok
    01:23:18.0281 1164 Ql10wnt - ok
    01:23:18.0351 1164 ql12160 - ok
    01:23:18.0431 1164 ql1240 - ok
    01:23:18.0511 1164 ql1280 - ok
    01:23:18.0662 1164 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    01:23:18.0662 1164 RasAcd - ok
    01:23:18.0762 1164 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
    01:23:18.0822 1164 RasAuto - ok
    01:23:18.0932 1164 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
    01:23:18.0942 1164 Rasirda - ok
    01:23:19.0022 1164 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    01:23:19.0042 1164 Rasl2tp - ok
    01:23:19.0242 1164 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
    01:23:19.0313 1164 RasMan - ok
    01:23:19.0413 1164 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    01:23:19.0443 1164 RasPppoe - ok
    01:23:19.0503 1164 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    01:23:19.0513 1164 Raspti - ok
    01:23:19.0683 1164 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    01:23:19.0763 1164 Rdbss - ok
    01:23:19.0813 1164 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    01:23:19.0823 1164 RDPCDD - ok
    01:23:20.0034 1164 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    01:23:20.0104 1164 rdpdr - ok
    01:23:20.0294 1164 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
    01:23:20.0334 1164 RDPWD - ok
    01:23:20.0514 1164 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
    01:23:20.0574 1164 RDSessMgr - ok
    01:23:20.0675 1164 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    01:23:20.0705 1164 redbook - ok
    01:23:20.0825 1164 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
    01:23:20.0845 1164 RemoteAccess - ok
    01:23:20.0965 1164 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
    01:23:20.0995 1164 RemoteRegistry - ok
    01:23:21.0115 1164 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
    01:23:21.0145 1164 RpcLocator - ok
    01:23:21.0606 1164 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
    01:23:21.0616 1164 RpcSs - ok
    01:23:21.0766 1164 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
    01:23:21.0896 1164 RSVP - ok
    01:23:21.0966 1164 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
    01:23:21.0966 1164 SamSs - ok
    01:23:22.0057 1164 sbp2port (b244960e5a1db8e9d5d17086de37c1e4) C:\WINDOWS\system32\DRIVERS\sbp2port.sys
    01:23:22.0077 1164 sbp2port - ok
    01:23:22.0207 1164 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
    01:23:22.0257 1164 SCardSvr - ok
    01:23:22.0407 1164 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
    01:23:22.0507 1164 Schedule - ok
    01:23:22.0647 1164 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    01:23:22.0667 1164 Secdrv - ok
    01:23:22.0747 1164 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
    01:23:22.0758 1164 seclogon - ok
    01:23:22.0828 1164 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
    01:23:22.0848 1164 SENS - ok
    01:23:22.0948 1164 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
    01:23:22.0978 1164 Serial - ok
    01:23:23.0148 1164 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    01:23:23.0158 1164 Sfloppy - ok
    01:23:23.0388 1164 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
    01:23:23.0549 1164 SharedAccess - ok
    01:23:23.0689 1164 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
    01:23:23.0699 1164 ShellHWDetection - ok
    01:23:23.0739 1164 Simbad - ok
    01:23:23.0879 1164 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
    01:23:23.0889 1164 SLIP - ok
    01:23:23.0969 1164 Sparrow - ok
    01:23:24.0089 1164 speedfan (5d6401db90ec81b71f8e2c5c8f0fef23) C:\WINDOWS\system32\speedfan.sys
    01:23:24.0099 1164 speedfan - ok
    01:23:24.0129 1164 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    01:23:24.0190 1164 splitter - ok
    01:23:24.0300 1164 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
    01:23:24.0300 1164 Spooler - ok
    01:23:24.0700 1164 sptd (4f576e516cc76ec50a244586bcfa1c78) C:\WINDOWS\system32\Drivers\sptd.sys
    01:23:24.0710 1164 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 4f576e516cc76ec50a244586bcfa1c78
    01:23:24.0710 1164 sptd ( LockedFile.Multi.Generic ) - warning
    01:23:24.0710 1164 sptd - detected LockedFile.Multi.Generic (1)
    01:23:24.0770 1164 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    01:23:24.0810 1164 sr - ok
    01:23:24.0951 1164 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
    01:23:25.0021 1164 srservice - ok
    01:23:25.0271 1164 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
    01:23:25.0381 1164 Srv - ok
    01:23:25.0501 1164 sscdbus (d6870895fe46a464a19141440eb6cc1e) C:\WINDOWS\system32\DRIVERS\sscdbus.sys
    01:23:25.0542 1164 sscdbus - ok
    01:23:25.0632 1164 sscdmdfl (0fe167362e4689b716cdc8d93adedda8) C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
    01:23:25.0642 1164 sscdmdfl - ok
    01:23:25.0782 1164 sscdmdm (55a15707e32b6709242ad127e62ca55a) C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
    01:23:25.0822 1164 sscdmdm - ok
    01:23:25.0922 1164 sscdserd (9fa66e361a99f8920c7609bae6814a0e) C:\WINDOWS\system32\DRIVERS\sscdserd.sys
    01:23:25.0962 1164 sscdserd - ok
    01:23:26.0072 1164 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
    01:23:26.0102 1164 SSDPSRV - ok
    01:23:26.0363 1164 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
    01:23:26.0493 1164 stisvc - ok
    01:23:26.0593 1164 StreamDispatcher (d69904a55aaace06b244e33824da89b7) C:\WINDOWS\system32\DRIVERS\strmdisp.sys
    01:23:26.0623 1164 StreamDispatcher - ok
    01:23:26.0693 1164 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    01:23:26.0713 1164 streamip - ok
    01:23:26.0763 1164 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    01:23:26.0773 1164 swenum - ok
    01:23:26.0893 1164 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    01:23:26.0913 1164 swmidi - ok
    01:23:26.0964 1164 SwPrv - ok
    01:23:27.0114 1164 symc810 - ok
    01:23:27.0194 1164 symc8xx - ok
    01:23:27.0264 1164 sym_hi - ok
    01:23:27.0344 1164 sym_u3 - ok
    01:23:27.0544 1164 SynTP (d7b9ad3abd0f7f9f694d71f38b5c7b72) C:\WINDOWS\system32\DRIVERS\SynTP.sys
    01:23:27.0655 1164 SynTP - ok
    01:23:27.0755 1164 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    01:23:27.0785 1164 sysaudio - ok
    01:23:27.0875 1164 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
    01:23:27.0925 1164 SysmonLog - ok
    01:23:28.0095 1164 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
    01:23:28.0185 1164 TapiSrv - ok
    01:23:28.0436 1164 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    01:23:28.0556 1164 Tcpip - ok
    01:23:28.0686 1164 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    01:23:28.0696 1164 TDPIPE - ok
    01:23:28.0756 1164 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    01:23:28.0766 1164 TDTCP - ok
    01:23:28.0866 1164 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    01:23:28.0886 1164 TermDD - ok
    01:23:29.0087 1164 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
    01:23:29.0257 1164 TermService - ok
    01:23:29.0377 1164 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
    01:23:29.0377 1164 Themes - ok
    01:23:29.0497 1164 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
    01:23:29.0537 1164 TlntSvr - ok
    01:23:29.0547 1164 TosIde - ok
    01:23:29.0748 1164 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
    01:23:29.0788 1164 TrkWks - ok
    01:23:29.0918 1164 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    01:23:29.0938 1164 Udfs - ok
    01:23:30.0018 1164 ultra - ok
    01:23:30.0318 1164 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    01:23:30.0479 1164 Update - ok
    01:23:30.0649 1164 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
    01:23:30.0739 1164 upnphost - ok
    01:23:30.0819 1164 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
    01:23:30.0839 1164 UPS - ok
    01:23:30.0929 1164 USBAAPL (026f7f224f088ee11e383bca448fff81) C:\WINDOWS\system32\Drivers\usbaapl.sys
    01:23:30.0949 1164 USBAAPL - ok
    01:23:31.0029 1164 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    01:23:31.0039 1164 usbccgp - ok
    01:23:31.0120 1164 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    01:23:31.0150 1164 usbehci - ok
    01:23:31.0280 1164 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    01:23:31.0300 1164 usbhub - ok
    01:23:31.0390 1164 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    01:23:31.0410 1164 usbprint - ok
    01:23:31.0450 1164 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    01:23:31.0470 1164 usbscan - ok
    01:23:31.0560 1164 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    01:23:31.0570 1164 USBSTOR - ok
    01:23:31.0710 1164 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    01:23:31.0730 1164 usbuhci - ok
    01:23:31.0811 1164 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    01:23:31.0821 1164 VgaSave - ok
    01:23:31.0871 1164 ViaIde - ok
    01:23:31.0981 1164 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    01:23:32.0011 1164 VolSnap - ok
    01:23:32.0211 1164 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
    01:23:32.0341 1164 VSS - ok
    01:23:32.0682 1164 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
    01:23:32.0802 1164 W32Time - ok
    01:23:33.0052 1164 W8335XP (738244934c71118a21f8d678067d057d) C:\WINDOWS\system32\DRIVERS\WG511v2XP.sys
    01:23:33.0172 1164 W8335XP - ok
    01:23:33.0263 1164 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    01:23:33.0283 1164 Wanarp - ok
    01:23:33.0363 1164 WDICA - ok
    01:23:33.0493 1164 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    01:23:33.0543 1164 wdmaud - ok
    01:23:33.0713 1164 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
    01:23:33.0743 1164 WebClient - ok
    01:23:34.0144 1164 winachsf (473ee64c368ce2eed110376c11960259) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
    01:23:34.0504 1164 winachsf - ok
    01:23:34.0715 1164 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
    01:23:34.0765 1164 winmgmt - ok
    01:23:34.0885 1164 WLTRYSVC - ok
    01:23:34.0985 1164 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
    01:23:35.0015 1164 WmdmPmSN - ok
    01:23:35.0376 1164 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
    01:23:35.0656 1164 Wmi - ok
    01:23:35.0997 1164 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
    01:23:36.0137 1164 WmiApSrv - ok
    01:23:36.0898 1164 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
    01:23:37.0369 1164 WMPNetworkSvc - ok
    01:23:37.0509 1164 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
    01:23:37.0559 1164 wscsvc - ok
    01:23:37.0689 1164 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    01:23:37.0699 1164 WSTCODEC - ok
    01:23:37.0779 1164 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
    01:23:37.0789 1164 wuauserv - ok
    01:23:37.0969 1164 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    01:23:38.0009 1164 WudfPf - ok
    01:23:38.0150 1164 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    01:23:38.0220 1164 WudfRd - ok
    01:23:38.0320 1164 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
    01:23:38.0350 1164 WudfSvc - ok
    01:23:38.0650 1164 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
    01:23:38.0851 1164 WZCSVC - ok
    01:23:38.0981 1164 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
    01:23:39.0041 1164 xmlprov - ok
    01:23:39.0311 1164 MBR (0x1B8) (faee7e40dfb0440ad2cfc39befa1f4c2) \Device\Harddisk0\DR0
    01:23:39.0321 1164 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
    01:23:39.0321 1164 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
    01:23:39.0381 1164 MBR (0x1B8) (2a1ce971e1f3708ac0afb403239a947d) \Device\Harddisk1\DR2
    01:23:39.0832 1164 \Device\Harddisk1\DR2 - ok
    01:23:39.0882 1164 MBR (0x1B8) (2a1ce971e1f3708ac0afb403239a947d) \Device\Harddisk2\DR3
    01:23:40.0353 1164 \Device\Harddisk2\DR3 - ok
    01:23:40.0393 1164 Boot (0x1200) (4da6fff1fabcf1be97ab229a8bb2e9b1) \Device\Harddisk0\DR0\Partition0
    01:23:40.0403 1164 \Device\Harddisk0\DR0\Partition0 - ok
    01:23:40.0473 1164 Boot (0x1200) (b0f2f8919fbbec14823b755db94606b3) \Device\Harddisk1\DR2\Partition0
    01:23:40.0483 1164 \Device\Harddisk1\DR2\Partition0 - ok
    01:23:40.0523 1164 Boot (0x1200) (e53b271575d51b0c537eba6ce0ebf35c) \Device\Harddisk2\DR3\Partition0
    01:23:40.0523 1164 \Device\Harddisk2\DR3\Partition0 - ok
    01:23:40.0543 1164 ============================================================
    01:23:40.0543 1164 Scan finished
    01:23:40.0543 1164 ============================================================
    01:23:40.0693 2104 Detected object count: 2
    01:23:40.0693 2104 Actual detected object count: 2
    01:24:04.0728 2104 sptd ( LockedFile.Multi.Generic ) - skipped by user
    01:24:04.0728 2104 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
    01:24:06.0180 2104 \Device\Harddisk0\DR0\# - copied to quarantine
    01:24:06.0180 2104 \Device\Harddisk0\DR0 - copied to quarantine
    01:24:06.0500 2104 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
    01:24:06.0550 2104 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
    01:24:06.0560 2104 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
    01:24:06.0581 2104 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
    01:24:06.0601 2104 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
    01:24:06.0631 2104 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
    01:24:06.0651 2104 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
    01:24:06.0701 2104 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
    01:24:06.0711 2104 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
    01:24:06.0711 2104 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
    01:24:06.0721 2104 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
    01:24:06.0731 2104 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
    01:24:06.0821 2104 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
    01:24:06.0821 2104 \Device\Harddisk0\DR0 - ok
    01:24:07.0922 2104 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
    01:24:13.0681 2616 Deinitialize success
     
  6. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Very good.

    Is AVG still complaining?

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  7. Mooovies

    Mooovies TS Rookie Topic Starter

    AVG seems good.

    ComboFix 12-06-28.01 - Mooooo 06/28/2012 3:16.1.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.959.644 [GMT -4:00]
    Running from: c:\documents and settings\Mooooo\Desktop\ComboFix.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\TEMP
    c:\documents and settings\Mooooo\WINDOWS
    c:\windows\dasetup.log
    c:\windows\desktop
    c:\windows\desktop\Instal~1.lnk
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-05-28 to 2012-06-28 )))))))))))))))))))))))))))))))
    .
    .
    2012-06-27 04:47 . 2012-06-02 19:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll.wusetup.1785527.new
    2012-06-25 05:41 . 2012-05-11 14:42 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
    2012-06-25 05:24 . 2012-06-25 05:24 -------- d-----w- C:\TDSSKiller_Quarantine
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-06-24 03:35 . 2012-04-08 20:21 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-06-24 03:35 . 2011-05-21 06:36 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-06-02 19:19 . 2007-06-05 02:14 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
    2012-06-02 19:19 . 2007-06-05 02:14 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
    2012-06-02 19:19 . 2006-08-10 06:11 329240 ----a-w- c:\windows\system32\wucltui.dll
    2012-06-02 19:19 . 2006-08-10 06:11 210968 ----a-w- c:\windows\system32\wuweb.dll
    2012-06-02 19:19 . 2006-08-10 06:11 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
    2012-06-02 19:19 . 2007-06-05 02:14 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
    2012-06-02 19:19 . 2006-08-10 06:11 53784 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-02 19:19 . 2006-08-10 06:11 35864 ----a-w- c:\windows\system32\wups.dll
    2012-06-02 19:19 . 2005-05-26 08:16 45080 ----a-w- c:\windows\system32\wups2.dll
    2012-06-02 19:19 . 2004-08-04 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
    2012-06-02 19:19 . 2007-06-05 02:14 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
    2012-06-02 19:19 . 2006-08-10 06:11 577048 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-02 19:19 . 2006-08-10 06:11 1933848 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-02 19:18 . 2007-10-31 20:02 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
    2012-06-02 19:18 . 2007-10-31 20:02 275696 ----a-w- c:\windows\system32\mucltui.dll
    2012-06-02 19:18 . 2007-07-30 23:18 214256 ----a-w- c:\windows\system32\muweb.dll
    2012-05-31 13:22 . 2004-08-04 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
    2012-05-16 15:08 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
    2012-05-15 13:20 . 2004-08-04 12:00 1863168 ----a-w- c:\windows\system32\win32k.sys
    2012-05-11 14:42 . 2004-08-04 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
    2012-05-11 14:42 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2012-05-11 11:38 . 2004-08-04 12:00 385024 ------w- c:\windows\system32\html.iec
    2012-05-04 13:12 . 2004-08-04 12:00 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-05-04 12:32 . 2004-08-03 22:59 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2012-05-02 13:46 . 2006-08-10 06:09 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-11-26 39408]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-03 102492]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1024000]
    "CARPService"="carpserv.exe" [2003-05-21 4608]
    "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-05-20 28160]
    "WebEx Document Loader"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE" [2004-04-26 98304]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    openURL.vbs [2012-6-28 331]
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
    backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
    backup=c:\windows\pss\Adobe Gamma Loader.exe.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
    backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
    backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^CorelCENTRAL 10.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\CorelCENTRAL 10.lnk
    backup=c:\windows\pss\CorelCENTRAL 10.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Desktop Application Director 10.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Desktop Application Director 10.lnk
    backup=c:\windows\pss\Desktop Application Director 10.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Harmony Remote.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Harmony Remote.lnk
    backup=c:\windows\pss\Logitech Harmony Remote.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
    backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NETGEAR WG511v2 Wireless Assistant.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NETGEAR WG511v2 Wireless Assistant.lnk
    backup=c:\windows\pss\NETGEAR WG511v2 Wireless Assistant.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
    backup=c:\windows\pss\Windows Search.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Mooooo^Start Menu^Programs^Startup^Sprint media monitor.lnk]
    path=c:\documents and settings\Mooooo\Start Menu\Programs\Startup\Sprint media monitor.lnk
    backup=c:\windows\pss\Sprint media monitor.lnkStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2011-03-30 01:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2011-08-31 01:57 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Display Settings]
    2002-08-15 10:26 45056 ----a-w- c:\program files\HPQ\Notebook Utilities\hptasks.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2010-11-18 01:59 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]
    2003-03-04 09:50 19968 ------w- c:\windows\LOGI_MWX.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2001-07-09 16:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmctxth]
    2008-09-14 22:38 648488 ----a-w- c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QT4HPOT]
    2003-01-31 03:02 102400 ----a-w- c:\program files\HPQ\One-Touch\ONETOUCH.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-09-08 15:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2007-09-25 06:11 132496 ----a-w- c:\program files\Java\jre1.6.0_03\bin\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2011-11-26 21:20 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TV Now]
    2003-01-30 14:34 282624 ----a-w- c:\program files\HPQ\Notebook Utilities\TvNow.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "WLTRYSVC"=2 (0x2)
    "iPod Service"=3 (0x3)
    "FastUserSwitchingCompatibility"=3 (0x3)
    "aawservice"=2 (0x2)
    "LinksysUpdater"=2 (0x2)
    "Bonjour Service"=2 (0x2)
    "Symantec AntiVirus"=3 (0x3)
    "Lavasoft Ad-Aware Service"=3 (0x3)
    "CiSvc"=3 (0x3)
    "Apple Mobile Device"=2 (0x2)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Corel\\WordPerfect Office 2002\\Register\\NAVBrowser.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Ahead\\Nero ShowTime\\ShowTime.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "67:UDP"= 67:UDP:DHCP Discovery Service
    .
    R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [3/25/2012 11:20 PM 383368]
    R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [3/25/2012 11:21 PM 342168]
    R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [3/25/2012 11:21 PM 909728]
    R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [5/14/2007 12:03 AM 682232]
    R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [3/25/2012 11:19 PM 203088]
    R3 ALiIRDA;ALi Infrared Device Driver;c:\windows\system32\drivers\alifir.sys [8/9/2006 10:00 PM 26624]
    R3 CALIAUD;Conexant AMC 3D Environmental Audio;c:\windows\system32\drivers\caliaud.sys [2/17/2004 5:58 PM 292352]
    R3 CALIHALA;CALIHALA;c:\windows\system32\drivers\calihal.sys [2/17/2004 5:59 PM 273536]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/26/2011 5:20 PM 136176]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/8/2012 4:21 PM 257224]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [11/26/2011 5:20 PM 136176]
    S3 MEITUNER;FireBus MPEG2TS Tuner Subunit Device;c:\windows\system32\drivers\meistb.sys [1/18/2007 2:04 AM 22891]
    S3 MSPANEL;Motorola AVC Panel Device;c:\windows\system32\drivers\mstapeo.sys [1/18/2007 2:04 AM 49024]
    S4 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [6/26/2008 3:52 PM 204800]
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-06-28 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 03:35]
    .
    2012-02-10 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
    .
    2012-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-11-26 21:20]
    .
    2012-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-11-26 21:20]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.ajc.com/
    uInternet Settings,ProxyOverride = *.local
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
    TCP: DhcpNameServer = 192.168.1.1
    .
    .
    ------- File Associations -------
    .
    .txt=
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    HKU-Default-RunOnce-AutoLaunch - c:\program files\Lavasoft\Ad-Aware\AutoLaunch.exe
    Notify-NavLogon - (no file)
    MSConfigStartUp-Ad-Watch - c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
    MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe
    MSConfigStartUp-ddoctorv2 - c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe
    MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe
    MSConfigStartUp-Yahoo! Pager - c:\program files\Yahoo!\Messenger\YahooMessenger.exe
    AddRemove-KB913433 - c:\windows\system32\MacroMed\Flash\genuinst.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-06-28 03:47
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    Completion time: 2012-06-28 03:54:34
    ComboFix-quarantined-files.txt 2012-06-28 07:54
    .
    Pre-Run: 85,135,241,216 bytes free
    Post-Run: 88,187,518,976 bytes free
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
    .
    - - End Of File - - 73B0ED6E696E0495EBC2F9B91FBDE9A5
     
  8. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Combo log looks good.

    Any current issues?

    ===============================

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\tasks\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /I " " /c
    dir /b "%systemroot%\*.exe" | find /I " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  9. Mooovies

    Mooovies TS Rookie Topic Starter

    Can't get OTL to finish scan. Have tried 3-4 times. Hangs up when searching for some Microsoft files (look like office install files) and a few similar Adobe files. Eventually, OTL hangs up and have to cancel out of operation. Also, a "thumbs.db" file has shown up on the desktop sometime since we started this cleanup process. Only other thing I notice is that the "show desktop" icon on the taskbar no longer has its standard graphic and no longer funtions.
     
  10. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Run OTL from safe mode.
     
  11. Mooovies

    Mooovies TS Rookie Topic Starter

    OTL logfile created on: 7/1/2012 1:41:42 AM - Run 1
    OTL by OldTimer - Version 3.2.53.0 Folder = C:\Documents and Settings\Administrator\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    958.98 Mb Total Physical Memory | 744.78 Mb Available Physical Memory | 77.66% Memory free
    1.89 Gb Paging File | 1.81 Gb Available in Paging File | 95.99% Paging File free
    Paging file location(s): C:\pagefile.sys 1056 2112 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 111.78 Gb Total Space | 83.23 Gb Free Space | 74.46% Space Free | Partition Type: NTFS
    Drive G: | 279.46 Gb Total Space | 66.63 Gb Free Space | 23.84% Space Free | Partition Type: NTFS
    Drive H: | 279.46 Gb Total Space | 204.05 Gb Free Space | 73.02% Space Free | Partition Type: NTFS

    Computer Name: MOOOOOVIES | User Name: Administrator | Logged in as Administrator.
    Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/07/01 01:40:58 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
    PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


    ========== Modules (No Company Name) ==========

    MOD - [2004/08/04 08:00:00 | 000,015,360 | ---- | M] () -- C:\WINDOWS\system32\tsd32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2012/06/23 23:35:49 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2008/09/14 18:38:42 | 000,648,488 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
    SRV - [2008/06/26 15:52:42 | 000,204,800 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe -- (LinksysUpdater)
    SRV - [2003/01/14 14:12:14 | 000,053,248 | ---- | M] (Hewlett-Packard Co.) [Auto | Stopped] -- C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe -- (HPWirelessMgr)
    SRV - [2002/08/15 10:11:00 | 000,151,552 | ---- | M] (Hewlett-Packard) [Auto | Stopped] -- C:\WINDOWS\system32\HPConfig.exe -- (HPConfig)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Mooooo\LOCALS~1\Temp\catchme.sys -- (catchme)
    DRV - File not found [Kernel | On_Demand | Stopped] -- D:\INSTAL~E\Core\BVRPMPR5.SYS -- (BVRPMPR5)
    DRV - File not found [Kernel | On_Demand | Unknown] -- -- (ax2uezvg)
    DRV - [2012/03/20 13:50:12 | 000,203,088 | ---- | M] (PC Tools) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\PCTSD.sys -- (PCTSD)
    DRV - [2012/03/16 12:15:40 | 000,383,368 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
    DRV - [2012/02/28 11:43:06 | 000,909,728 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pctEFA.sys -- (pctEFA)
    DRV - [2012/02/28 11:43:00 | 000,342,168 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pctDS.sys -- (pctDS)
    DRV - [2008/09/14 18:36:56 | 000,023,992 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
    DRV - [2008/09/14 18:36:54 | 000,025,272 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
    DRV - [2008/04/13 14:46:07 | 000,013,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avcstrm.sys -- (AVCSTRM)
    DRV - [2007/07/03 20:59:10 | 000,086,824 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdserd.sys -- (sscdserd) SAMSUNG Mobile Modem Diagnostic Serial Port (WDM)
    DRV - [2007/07/03 20:58:20 | 000,106,792 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
    DRV - [2007/07/03 20:57:24 | 000,011,944 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
    DRV - [2007/07/03 20:54:24 | 000,080,552 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
    DRV - [2007/05/14 00:03:37 | 000,682,232 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
    DRV - [2006/10/13 00:26:56 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
    DRV - [2006/09/24 09:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
    DRV - [2006/08/10 02:57:34 | 000,015,584 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
    DRV - [2005/05/20 16:01:32 | 000,025,600 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidKE.Sys -- (LHidKe)
    DRV - [2005/05/20 16:01:26 | 000,068,352 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
    DRV - [2005/05/20 16:00:36 | 000,013,056 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
    DRV - [2005/02/21 23:54:10 | 000,265,984 | ---- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WG511v2XP.sys -- (W8335XP) NETGEAR WG511v2 54 Mbps Wireless PC Card for Windows XP (8335)
    DRV - [2004/12/15 15:19:08 | 001,038,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
    DRV - [2004/12/15 15:18:28 | 000,703,232 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
    DRV - [2004/12/15 14:18:28 | 000,205,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWALI.sys -- (HSFHWALI)
    DRV - [2004/08/03 18:32:22 | 000,231,552 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97ali.sys -- (aliadwdm)
    DRV - [2004/05/15 21:29:12 | 000,701,952 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
    DRV - [2004/03/29 03:26:42 | 000,049,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mstapeo.sys -- (MSPANEL)
    DRV - [2004/02/17 17:59:18 | 000,273,536 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\calihal.sys -- (CALIHALA)
    DRV - [2004/02/17 17:58:40 | 000,292,352 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\caliaud.sys -- (CALIAUD)
    DRV - [2003/11/11 08:34:00 | 000,022,891 | ---- | M] (Matsushita Electric Industorial Co.,Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\meistb.sys -- (MEITUNER)
    DRV - [2003/05/21 15:35:56 | 000,030,592 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\strmdisp.sys -- (StreamDispatcher)
    DRV - [2003/05/21 15:31:22 | 001,063,040 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
    DRV - [2003/03/04 05:50:00 | 000,073,134 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lmouflt2.sys -- (LMouFlt2)
    DRV - [2003/03/04 05:50:00 | 000,037,804 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHIDUSB.SYS -- (LHidUsb)
    DRV - [2003/03/04 05:50:00 | 000,025,214 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHIDFLT2.SYS -- (LHidFlt2)
    DRV - [2002/07/17 12:09:12 | 000,014,504 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hpci.sys -- (HPCI)
    DRV - [2001/08/17 09:49:02 | 000,026,624 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alifir.sys -- (ALiIRDA)
    DRV - [2001/08/17 08:12:32 | 000,016,074 | ---- | M] (NETGEAR Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\FA312nd5.sys -- (FA312)
    DRV - [1996/04/03 15:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/...yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-515967899-492894223-1060284298-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
    IE - HKU\S-1-5-21-515967899-492894223-1060284298-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs =
    IE - HKU\S-1-5-21-515967899-492894223-1060284298-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B0 40 6C 97 4B 57 CD 01 [binary data]
    IE - HKU\S-1-5-21-515967899-492894223-1060284298-500\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKU\S-1-5-21-515967899-492894223-1060284298-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    ========== FireFox ==========

    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\


    O1 HOSTS File: ([2012/06/28 03:47:18 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
    O4 - HKLM..\Run: [CARPService] C:\WINDOWS\System32\carpserv.exe (Conexant Systems, Inc.)
    O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)
    O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
    O4 - HKLM..\Run: [WebEx Document Loader] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE (SEIKO EPSON CORPORATION)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-515967899-492894223-1060284298-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-40e1-a617-af65a72a0465/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab (VerifyGMN Class)
    O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://fb.familylink.com/we_are_related/stream/core/lib/AurigmaImageUploader/ImageUploader5.cab (Image Uploader Control)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1193782944739 (MUWebControl Class)
    O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
    O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class)
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx (Get_ActiveX Control)
    O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
    O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Java Plug-in 1.5.0_10)
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
    O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3BF66501-402B-45EA-9144-08623F8AF6F1}: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O24 - Desktop BackupWallPaper:
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/08/10 02:13:57 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (lsdelete)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    NetSvcs: 6to4 - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax ()
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll ()
    Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
    Drivers32: wave1 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

    CREATERESTOREPOINT
    Unable to start System Restore Service. Error code 10

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/07/01 01:40:52 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
    [2012/06/30 21:50:24 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2012/06/28 03:54:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
    [2012/06/28 03:04:52 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2012/06/28 02:39:06 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2012/06/28 02:39:06 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2012/06/28 02:39:06 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2012/06/28 02:39:06 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2012/06/28 02:38:35 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/06/28 02:37:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
    [2012/06/25 01:24:04 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/07/01 01:40:58 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
    [2012/07/01 01:35:18 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2012/07/01 01:34:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2012/07/01 01:31:01 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2012/06/30 23:02:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2012/06/30 22:59:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2012/06/28 03:47:18 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2012/06/28 03:05:06 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2012/06/28 01:37:56 | 000,009,662 | ---- | M] () -- C:\WINDOWS\EPISME00.SWB
    [2012/06/28 00:48:26 | 000,715,092 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
    [2012/06/27 00:20:05 | 000,540,032 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2012/06/26 09:43:59 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2012/06/26 09:35:11 | 000,472,404 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2012/06/26 09:35:11 | 000,084,578 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2012/06/25 01:14:35 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/06/28 03:05:05 | 000,000,211 | ---- | C] () -- C:\Boot.bak
    [2012/06/28 03:04:59 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2012/06/28 02:39:06 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2012/06/28 02:39:06 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2012/06/28 02:39:06 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2012/06/28 02:39:06 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2012/06/28 02:39:06 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2012/02/15 08:51:51 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2011/12/11 13:51:21 | 000,000,304 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~FzPg8dvwhjSKkO
    [2011/12/11 13:51:21 | 000,000,224 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~FzPg8dvwhjSKkOr
    [2011/12/11 13:51:10 | 000,000,456 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\FzPg8dvwhjSKkO
    [2011/04/24 16:20:32 | 000,001,350 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\2d2pby66n81o1jfx8jjj3yam53mniogj061m
    [2010/08/07 16:32:44 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
    [2007/02/15 04:13:39 | 000,000,042 | ---- | C] () -- C:\Documents and Settings\Administrator\default.pls
    [2006/10/29 15:37:04 | 000,001,367 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

    ========== LOP Check ==========

    [2010/10/13 22:50:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
    [2008/08/09 20:42:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Comcast
    [2010/10/13 23:48:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
    [2009/02/27 04:20:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Linksys
    [2007/12/06 02:23:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
    [2009/10/22 04:02:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
    [2009/02/27 04:20:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3FB8A741-47AB-4C67-A190-4F408213BBC6}
    [2010/10/29 13:16:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2009/06/06 15:39:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
    [2009/04/08 23:26:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    [2007/01/13 02:07:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mooooo\Application Data\EPSON
    [2007/02/28 01:02:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mooooo\Application Data\ImgBurn
    [2006/10/18 00:25:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mooooo\Application Data\InterVideo
    [2006/12/16 05:39:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mooooo\Application Data\Leadertech
    [2007/01/10 03:56:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mooooo\Application Data\OfficeUpdate12
    [2009/08/16 10:47:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mooooo\Application Data\RipIt4Me
    [2009/10/22 03:56:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mooooo\Application Data\Smith Micro
    [2009/10/21 23:53:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mooooo\Application Data\Sprint Desktop Sync
    [2012/03/25 23:13:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mooooo\Application Data\TestApp
    [2009/07/19 16:48:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mooooo\Application Data\Uniblue
    [2008/09/22 03:19:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mooooo\Application Data\Windows Search

    ========== Purity Check ==========



    ========== Custom Scans ==========

    < >

    < %SYSTEMDRIVE%\*.* >
    [2006/08/10 02:13:57 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2006/08/10 02:58:22 | 000,000,166 | ---- | M] () -- C:\bcmwl5.log
    [2011/12/12 02:02:01 | 000,000,211 | ---- | M] () -- C:\Boot.bak
    [2012/06/28 03:05:06 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
    [2012/06/28 03:54:35 | 000,015,224 | ---- | M] () -- C:\ComboFix.txt
    [2006/08/10 02:13:57 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2006/10/13 11:10:35 | 000,000,081 | ---- | M] () -- C:\DVDPATH.TXT
    [2008/03/07 01:44:09 | 000,001,024 | ---- | M] () -- C:\EPSONCD.Pal
    [2006/08/10 02:13:57 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2006/08/10 02:13:57 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2008/11/17 01:59:51 | 000,001,143 | ---- | M] () -- C:\net_save.dna
    [2004/08/04 08:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2008/08/30 02:20:17 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2012/07/01 01:33:20 | 1107,296,256 | -HS- | M] () -- C:\pagefile.sys
    [2011/03/14 00:10:16 | 000,004,403 | ---- | M] () -- C:\pcwdbg.log
    [2006/12/29 06:23:56 | 000,225,280 | ---- | M] () -- C:\PlayerHost.dll
    [2012/06/25 01:24:13 | 000,097,086 | ---- | M] () -- C:\TDSSKiller.2.7.41.0_25.06.2012_01.21.33_log.txt
    [2012/06/26 09:34:42 | 000,005,032 | ---- | M] () -- C:\TDSSKiller.2.7.41.0_26.06.2012_09.33.06_log.txt
    [2012/06/26 09:40:48 | 000,094,288 | ---- | M] () -- C:\TDSSKiller.2.7.42.0_26.06.2012_09.35.41_log.txt
    [2011/05/07 14:42:00 | 000,000,150 | ---- | M] () -- C:\YServer.txt

    < %systemroot%\Fonts\*.com >
    [2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
    [2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
    [2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
    [2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2006/08/10 02:13:28 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    [2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
    [2008/07/06 06:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2006/08/09 21:56:31 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
    [2006/08/09 21:56:31 | 000,659,456 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
    [2006/08/09 21:56:31 | 000,884,736 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
    [2008/08/30 02:28:00 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >

    < %USERPROFILE%\Desktop\*.exe >
    [2011/12/11 15:42:02 | 001,008,120 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\iExplore.exe
    [2011/12/11 16:13:07 | 009,851,496 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup.exe
    [2012/07/01 01:40:58 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\tasks\*.* >
    [2012/06/30 22:59:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2012/02/10 10:10:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2004/08/04 08:00:00 | 000,000,065 | R--- | M] () -- C:\WINDOWS\tasks\desktop.ini
    [2012/07/01 01:31:01 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2012/06/30 23:02:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2012/07/01 01:32:03 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >
    [2011/12/11 15:43:24 | 001,008,120 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\iExplore.exe
    [2011/12/11 15:46:01 | 001,008,120 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\rkill.exe
    [2011/12/11 15:54:52 | 001,577,776 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Administrator\My Documents\tdsskiller.exe
    [2011/12/11 15:31:52 | 000,684,297 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\unhide.exe

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /I " " /c >

    < dir /b "%systemroot%\*.exe" | find /I " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2012/07/01 01:40:10 | 000,049,152 | ---- | M] () -- C:\Documents and Settings\Administrator\Cookies\index.dat

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2007/06/26 22:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >
    [2008/04/13 20:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
    [2004/08/04 01:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
    [2004/08/04 01:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
    [2008/05/02 10:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
    [2008/04/13 13:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
    [2008/04/13 20:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
    [2007/04/02 14:07:23 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
    [2007/04/02 14:07:23 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
    [2007/04/02 14:07:24 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
    [2004/08/04 01:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
    [2004/08/04 01:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\LastSuccessTime /rs >

    < >
    < End of report >
     
  12. Mooovies

    Mooovies TS Rookie Topic Starter

    OTL Extras logfile created on: 7/1/2012 1:41:42 AM - Run 1
    OTL by OldTimer - Version 3.2.53.0 Folder = C:\Documents and Settings\Administrator\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    958.98 Mb Total Physical Memory | 744.78 Mb Available Physical Memory | 77.66% Memory free
    1.89 Gb Paging File | 1.81 Gb Available in Paging File | 95.99% Paging File free
    Paging file location(s): C:\pagefile.sys 1056 2112 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 111.78 Gb Total Space | 83.23 Gb Free Space | 74.46% Space Free | Partition Type: NTFS
    Drive G: | 279.46 Gb Total Space | 66.63 Gb Free Space | 23.84% Space Free | Partition Type: NTFS
    Drive H: | 279.46 Gb Total Space | 204.05 Gb Free Space | 73.02% Space Free | Partition Type: NTFS

    Computer Name: MOOOOOVIES | User Name: Administrator | Logged in as Administrator.
    Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .chm [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
    .cpl [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
    .reg [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
    .txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
    .vbe [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
    .wsf [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
    .wsh [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "139:TCP" = 139:TCP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22002
    "67:UDP" = 67:UDP:*:Enabled:DHCP Discovery Service

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Corel\WordPerfect Office 2002\Register\NAVBrowser.exe" = C:\Program Files\Corel\WordPerfect Office 2002\Register\NAVBrowser.exe:*:Disabled:NAVBrowser -- (Naviant, Inc.)
    "C:\Program Files\Ahead\Nero ShowTime\ShowTime.exe" = C:\Program Files\Ahead\Nero ShowTime\ShowTime.exe:*:Enabled:Nero ShowTime -- (Nero Software AG)
    "C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
    "{109D28C7-FB38-483A-9C91-001CB59E2699}" = EPSON CardMonitor
    "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
    "{28EAF1F5-4E32-4A52-ADAC-846CF1C5F06D}" = Pure Networks Platform
    "{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
    "{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
    "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{5983C895-DDA4-45D9-A8D1-877D5DE7693E}" = EPSON PhotoStarter3.0
    "{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
    "{5D312C74-93CA-4B79-BEBB-95D3982379E1}" = VBA (3821h)
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
    "{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
    "{80F19EAA-44C4-47C2-AE87-1C7628E858D6}" = Logitech Harmony Remote Software 7
    "{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{8912A802-1DD4-41F3-8450-B3209081BDB9}" = Sprint media manager
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
    "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{91190409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Publisher 2003
    "{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A0B295C3-FD3C-11D4-A811-0090279106C3}" = WordPerfect Office 2002
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A8F2DCDE-AE4E-4AC9-BECD-496FB80FBF6A}" = Notebook Utilities
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-1033-0000-7760-000000000001}" = Adobe Acrobat 6.0 Professional
    "{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1
    "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
    "{B93D24B3-928D-4805-B379-4AA47CB3794E}" = NETGEAR WG511v2 54 Mbps Wireless PC Card
    "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
    "{BF2A74BF-8D12-47F1-8B19-22B30AF6B0D1}" = Linksys EasyLink Advisor
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}" = WebEx Support Manager for Internet Explorer
    "{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D14F064B-F549-462F-BABD-857830FEA0B6}_is1" = PC Tools on-the-fly Scanner 9.0
    "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
    "{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
    "{E99DCB15-75AC-49CF-AF65-715AA1469E76}" = HDTV2DVD 0.4
    "{E9ED0801-253D-4FE9-AB20-F63DEFE72547}" = SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6
    "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
    "{F818A41D-3535-4949-83BB-E41121697A97}" = Sprint Desktop Sync
    "{FAE36873-1941-4076-A9A5-48812B5EA0B7}" = iTunes
    "{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
    "{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}" = EPSON Print CD
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Photoshop Elements 1.0" = Adobe Photoshop Elements
    "Adobe Shockwave Player" = Adobe Shockwave Player
    "Adobe SVG Viewer" = Adobe SVG Viewer
    "All ATI Software" = ATI - Software Uninstall Utility
    "ATI Display Driver" = ATI Display Driver
    "Broadcom 802.11 Application" = Broadcom 802.11 Control Panel
    "Broadcom 802.11b Network Adapter" = Broadcom 802.11 Driver
    "CNXT_MODEM_PCI_VEN_10B9&DEV_5457&SUBSYS_0850103C" = Conexant 56K ACLink Modem
    "Conexant PCI Audio" = Conexant AC-Link Audio
    "DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
    "DVD Decrypter" = DVD Decrypter (Remove Only)
    "DVD Shrink_is1" = DVD Shrink 3.2
    "EPSON Printer and Utilities" = EPSON Printer Software
    "EPSON Scanner" = EPSON Scan
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "ImgBurn" = ImgBurn (Remove Only)
    "InstallShield_{B93D24B3-928D-4805-B379-4AA47CB3794E}" = NETGEAR WG511v2 54 Mbps Wireless PC Card
    "InstallShield_{E9ED0801-253D-4FE9-AB20-F63DEFE72547}" = SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6
    "Linksys EasyLink Advisor" = Linksys EasyLink Advisor
    "LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "NeroMultiInstaller!UninstallKey" = Nero Suite
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "PC Wizard 2010_is1" = PC Wizard 2010.1.94
    "QT4HPOT" = One-Touch Buttons
    "QVP" = Quick View Plus
    "Recuva" = Recuva
    "Silent Package Run-Time Sample" = ESPR320 Reference Guide
    "Speccy" = Speccy
    "SpeedFan" = SpeedFan (remove only)
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "VLC media player" = VideoLAN VLC media player 0.8.6c
    "WIC" = Windows Imaging Component
    "Windows Media Encoder 9" = Windows Media Encoder 9 Series
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinRAR archiver" = WinRAR archiver
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
    "Yahoo! Anti-Spy" = Yahoo! Anti-Spy
    "YInstHelper" = Yahoo! Install Manager

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 6/27/2012 12:29:32 AM | Computer Name = MOOOOOVIES | Source = ESENT | ID = 490
    Description = svchost (1660) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
    for read / write access failed with system error 32 (0x00000020): "The process
    cannot access the file because it is being used by another process. ". The open
    file operation will fail with error -1032 (0xfffffbf8).

    Error - 6/27/2012 12:29:36 AM | Computer Name = MOOOOOVIES | Source = ESENT | ID = 490
    Description = svchost (1660) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
    for read / write access failed with system error 32 (0x00000020): "The process
    cannot access the file because it is being used by another process. ". The open
    file operation will fail with error -1032 (0xfffffbf8).

    Error - 6/27/2012 12:32:23 AM | Computer Name = MOOOOOVIES | Source = .NET Runtime Optimization Service | ID = 1101
    Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
    - Failed to compile: Microsoft.VisualC, Version=8.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
    . Error code = 0x80070020

    Error - 6/27/2012 1:21:17 AM | Computer Name = MOOOOOVIES | Source = .NET Runtime Optimization Service | ID = 1101
    Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
    - Failed to compile: Microsoft.VisualBasic, Version=8.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
    . Error code = 0x80070020

    Error - 6/27/2012 1:32:48 AM | Computer Name = MOOOOOVIES | Source = .NET Runtime Optimization Service | ID = 1101
    Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
    - Failed to compile: System.Workflow.Runtime, Version=3.0.0.0, Culture=neutral,
    PublicKeyToken=31bf3856ad364e35 . Error code = 0x80070020

    Error - 6/27/2012 1:33:54 AM | Computer Name = MOOOOOVIES | Source = .NET Runtime Optimization Service | ID = 1101
    Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
    - Failed to compile: System.Workflow.Runtime, Version=3.0.0.0, Culture=neutral,
    PublicKeyToken=31bf3856ad364e35 . Error code = 0x80070020

    Error - 6/30/2012 9:43:34 PM | Computer Name = MOOOOOVIES | Source = Application Hang | ID = 1002
    Description = Hanging application OTL.exe, version 3.2.53.0, hang module hungapp,
    version 0.0.0.0, hang address 0x00000000.

    Error - 6/30/2012 9:43:38 PM | Computer Name = MOOOOOVIES | Source = Application Hang | ID = 1001
    Description = Fault bucket -1259279348.

    Error - 6/30/2012 10:30:33 PM | Computer Name = MOOOOOVIES | Source = Application Hang | ID = 1002
    Description = Hanging application OTL.exe, version 3.2.53.0, hang module hungapp,
    version 0.0.0.0, hang address 0x00000000.

    Error - 6/30/2012 11:21:21 PM | Computer Name = MOOOOOVIES | Source = Application Hang | ID = 1002
    Description = Hanging application OTL.exe, version 3.2.53.0, hang module hungapp,
    version 0.0.0.0, hang address 0x00000000.

    [ System Events ]
    Error - 6/27/2012 12:48:52 AM | Computer Name = MOOOOOVIES | Source = Windows Update Agent | ID = 16
    Description = Unable to Connect: Windows is unable to connect to the automatic updates
    service and therefore cannot download and install updates according to the set
    schedule. Windows will continue to try to establish a connection.

    Error - 6/28/2012 2:07:12 AM | Computer Name = MOOOOOVIES | Source = Service Control Manager | ID = 7034
    Description = The MBAMService service terminated unexpectedly. It has done this
    1 time(s).

    Error - 6/28/2012 2:19:19 AM | Computer Name = MOOOOOVIES | Source = PlugPlayManager | ID = 11
    Description = The device Root\LEGACY_AVGIDSDRIVER\0000 disappeared from the system
    without first being prepared for removal.

    Error - 6/28/2012 2:19:19 AM | Computer Name = MOOOOOVIES | Source = PlugPlayManager | ID = 11
    Description = The device Root\LEGACY_AVGIDSEH\0000 disappeared from the system without
    first being prepared for removal.

    Error - 6/28/2012 2:19:19 AM | Computer Name = MOOOOOVIES | Source = PlugPlayManager | ID = 11
    Description = The device Root\LEGACY_AVGIDSFILTER\0000 disappeared from the system
    without first being prepared for removal.

    Error - 6/28/2012 2:19:19 AM | Computer Name = MOOOOOVIES | Source = PlugPlayManager | ID = 11
    Description = The device Root\LEGACY_AVGIDSSHIM\0000 disappeared from the system
    without first being prepared for removal.

    Error - 6/28/2012 2:19:19 AM | Computer Name = MOOOOOVIES | Source = PlugPlayManager | ID = 11
    Description = The device Root\LEGACY_AVGLDX86\0000 disappeared from the system without
    first being prepared for removal.

    Error - 6/28/2012 2:19:19 AM | Computer Name = MOOOOOVIES | Source = PlugPlayManager | ID = 11
    Description = The device Root\LEGACY_AVGTDIX\0000 disappeared from the system without
    first being prepared for removal.

    Error - 7/1/2012 1:34:58 AM | Computer Name = MOOOOOVIES | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    Fips intelppm PCTSD

    Error - 7/1/2012 1:35:32 AM | Computer Name = MOOOOOVIES | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service EventSystem
    with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}


    < End of report >
     
  13. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      DRV - File not found [Kernel | On_Demand | Unknown] -- -- (ax2uezvg)
      O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
      O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
      O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
      O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
      [2011/04/24 16:20:32 | 000,001,350 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\2d2pby66n81o1jfx8jjj3yam53mniogj061m
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ====================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  14. Mooovies

    Mooovies TS Rookie Topic Starter

    All processes killed
    ========== OTL ==========
    Error: No service named ax2uezvg was found to stop!
    Service\Driver key ax2uezvg not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
    Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
    C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Starting removal of ActiveX control {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
    C:\Program Files\WebEx\ieatgpc.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
    C:\Documents and Settings\All Users\Application Data\2d2pby66n81o1jfx8jjj3yam53mniogj061m moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 6682700 bytes
    ->Java cache emptied: 17507 bytes
    ->Flash cache emptied: 694 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: LocalService
    ->Temp folder emptied: 66016 bytes
    ->Temporary Internet Files folder emptied: 9748506 bytes
    ->Flash cache emptied: 44548 bytes

    User: Mooooo
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 43067024 bytes
    ->Java cache emptied: 861519 bytes
    ->Flash cache emptied: 1750942 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Java cache emptied: 10641 bytes
    ->Flash cache emptied: 33097 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 2260587 bytes
    %systemroot%\System32 .tmp files removed: 2577 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 483 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 62.00 mb


    [EMPTYJAVA]

    User: Administrator
    ->Java cache emptied: 0 bytes

    User: All Users

    User: Default User

    User: LocalService

    User: Mooooo
    ->Java cache emptied: 0 bytes

    User: NetworkService
    ->Java cache emptied: 0 bytes

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: Administrator
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default User

    User: LocalService
    ->Flash cache emptied: 0 bytes

    User: Mooooo
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.53.0 log created on 07022012_150224
    Files\Folders moved on Reboot...
    PendingFileRenameOperations files...
    Registry entries deleted on Reboot...
    ---------------------------------------------

    Results of screen317's Security Check version 0.99.24
    Windows XP Service Pack 3 x86
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Yahoo! Anti-Spy
    Java(TM) 6 Update 11
    Java(TM) 6 Update 3
    Out of date Java installed!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    ``````````End of Log````````````
    ------------------------------------------------

    Farbar Service Scanner Version: 02-07-2012
    Ran by Mooooo (administrator) on 02-07-2012 at 15:29:34
    Running from "C:\Documents and Settings\Mooooo\Desktop"
    Microsoft Windows XP Professional Service Pack 3 (X86)
    Boot Mode: Normal
    ****************************************************************
    Internet Services:
    ============
    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.

    Windows Firewall:
    =============
    Firewall Disabled Policy:
    ==================

    System Restore:
    ============
    System Restore Disabled Policy:
    ========================

    Security Center:
    ============
    Windows Update:
    ============
    Windows Autoupdate Disabled Policy:
    ============================

    File Check:
    ========
    C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
    C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
    C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
    C:\WINDOWS\system32\netman.dll => MD5 is legit
    C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\WINDOWS\system32\srsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
    C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
    C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
    C:\WINDOWS\system32\qmgr.dll => MD5 is legit
    C:\WINDOWS\system32\es.dll => MD5 is legit
    C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
    C:\WINDOWS\system32\svchost.exe => MD5 is legit
    C:\WINDOWS\system32\rpcss.dll => MD5 is legit
    C:\WINDOWS\system32\services.exe => MD5 is legit
    Extra List:
    =======
    Gpc(4) IPSec(6) irda(3) MDC8021X(9) NetBT(7) PSched(8) Tcpip(5)
    0x0B0000000600000001000000020000000300000004000000050000000B0000000C000000070000000800000009000000
    IpSec Tag value is correct.
    **** End of log ****

    ------------------------------------------------

    C:\TDSSKiller_Quarantine\25.06.2012_01.21.33\mbr0000\tdlfs0000\tsk0001.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\25.06.2012_01.21.33\mbr0000\tdlfs0000\tsk0002.dta Win64/Olmarik.AD trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\25.06.2012_01.21.33\mbr0000\tdlfs0000\tsk0003.dta Win32/Olmarik.AYH trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\25.06.2012_01.21.33\mbr0000\tdlfs0000\tsk0004.dta Win64/Olmarik.AG trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\25.06.2012_01.21.33\mbr0000\tdlfs0000\tsk0005.dta a variant of Win32/Rootkit.Kryptik.KB trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\25.06.2012_01.21.33\mbr0000\tdlfs0000\tsk0006.dta Win64/Olmarik.AF trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\25.06.2012_01.21.33\mbr0000\tdlfs0000\tsk0010.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\25.06.2012_01.21.33\mbr0000\tdlfs0000\tsk0011.dta Win64/Olmarik.X trojan cleaned by deleting - quarantined
     
  15. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it.
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.

    =============================================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [emptyjava]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    13. Please, let me know, how your computer is doing.
     
  16. Mooovies

    Mooovies TS Rookie Topic Starter

    Working my way down the list. I cannot get WOT to install. I think this may be related to the problem I mentiioned in post #9. My computer doesnt know what to do with a .msi file. I think my file association list was corrupted. Is there a fix available to reset the file associations to their windows default?
     
  17. Broni

    Broni Malware Annihilator Posts: 52,892   +344

  18. Mooovies

    Mooovies TS Rookie Topic Starter

    File associations are fixed. WOT installed as well as PSI & Filehippo. A few oddball things pop up here & there.........toolbars blacked out, openlink in new tab unavailable from right click, hlpsvc.exe slows cpu waaay down and today's history unavalable but shows up when "today" becomes "yesterday". Otherwise, all seems well. No problem with schost slowdown, no google hijack, no trojan horse.

    Here is the final OTL log

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 66016 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 0 bytes

    User: Mooooo
    ->Temp folder emptied: 219683589 bytes
    ->Temporary Internet Files folder emptied: 31769503 bytes
    ->Java cache emptied: 1957 bytes
    ->Flash cache emptied: 1419 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 483 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 1837 bytes

    Total Files Cleaned = 240.00 mb


    [EMPTYFLASH]

    User: Administrator
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default User

    User: LocalService
    ->Flash cache emptied: 0 bytes

    User: Mooooo
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    [EMPTYJAVA]

    User: Administrator
    ->Java cache emptied: 0 bytes

    User: All Users

    User: Default User

    User: LocalService

    User: Mooooo
    ->Java cache emptied: 0 bytes

    User: NetworkService
    ->Java cache emptied: 0 bytes

    Total Java Files Cleaned = 0.00 mb

    Restore point Set: OTL Restore Point

    OTL by OldTimer - Version 3.2.53.0 log created on 07042012_154406
    Files\Folders moved on Reboot...
    File\Folder C:\Documents and Settings\Mooooo\Local Settings\Temp\~DFA529.tmp not found!
    File\Folder C:\Documents and Settings\Mooooo\Local Settings\Temp\~DFA539.tmp not found!
    File\Folder C:\Documents and Settings\Mooooo\Local Settings\Temp\~DFA596.tmp not found!
    File\Folder C:\Documents and Settings\Mooooo\Local Settings\Temp\~DFA5B1.tmp not found!
    File\Folder C:\Documents and Settings\Mooooo\Local Settings\Temp\~DFA719.tmp not found!
    File\Folder C:\Documents and Settings\Mooooo\Local Settings\Temp\~DFA7A2.tmp not found!
    File\Folder C:\Documents and Settings\Mooooo\Local Settings\Temporary Internet Files\Content.IE5\KUJH3Y2D\avg-wont-remove-trojan-horse-downloader-generic-12-bpnf[1].htm not found!
    PendingFileRenameOperations files...
    File C:\Documents and Settings\Mooooo\Local Settings\Temp\~DFA529.tmp not found!
    File C:\Documents and Settings\Mooooo\Local Settings\Temp\~DFA539.tmp not found!
    File C:\Documents and Settings\Mooooo\Local Settings\Temp\~DFA596.tmp not found!
    File C:\Documents and Settings\Mooooo\Local Settings\Temp\~DFA5B1.tmp not found!
    File C:\Documents and Settings\Mooooo\Local Settings\Temp\~DFA719.tmp not found!
    File C:\Documents and Settings\Mooooo\Local Settings\Temp\~DFA7A2.tmp not found!
    File C:\Documents and Settings\Mooooo\Local Settings\Temporary Internet Files\Content.IE5\KUJH3Y2D\avg-wont-remove-trojan-horse-downloader-generic-12-bpnf[1].htm not found!
    Registry entries deleted on Reboot...
     
  19. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    What browser?

    I don't think hlpsvc.exe is a legit process.
    Download Process Explorer: http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
    Unzip ProcessExplorer.zip, and double click on procexp.exe to run the program.
    Click on View > Select Colunms.
    In addition to already pre-selected options, make sure, the Command Line is selected, and press OK.
    Go File>Save As, and save the report as Procexp.txt.
    Attach the file to your next reply.
     
  20. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    The issue seems to be resolved.
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...