TechSpot

Malware disabling mcafee, redirecting internet searches and other symptoms

By funkduck
Aug 4, 2011
  1. Broni

    Broni Malware Annihilator Posts: 52,747   +342

  2. funkduck

    funkduck TS Rookie Topic Starter Posts: 36

    Heres the OTL
    OTL logfile created on: 11/08/2011 09:33:01 - Run 1
    OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Alex\Desktop
    Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    2.97 Gb Total Physical Memory | 1.75 Gb Available Physical Memory | 58.94% Memory free
    5.93 Gb Paging File | 4.67 Gb Available in Paging File | 78.73% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 287.83 Gb Total Space | 142.43 Gb Free Space | 49.48% Space Free | Partition Type: NTFS

    Computer Name: ALEXCURTIS | User Name: Alex | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/08/11 09:32:28 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
    PRC - [2011/06/22 18:01:18 | 001,550,136 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
    PRC - [2011/06/22 18:01:18 | 000,870,200 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
    PRC - [2011/03/21 22:10:00 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    PRC - [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2011/01/20 18:38:20 | 000,174,064 | ---- | M] (Panasonic Corporation) -- C:\Program Files\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
    PRC - [2010/11/20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
    PRC - [2010/10/09 10:18:00 | 000,016,384 | ---- | M] (thinkbroadband.com) -- C:\Program Files\thinkbroadband.com\tbbMeter\tbbLoaderService.exe
    PRC - [2010/06/08 17:41:48 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    PRC - [2010/04/23 16:04:12 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\O2 Assistant\bin\sprtsvc.exe
    PRC - [2010/04/23 16:04:12 | 000,185,640 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\O2 Assistant\bin\tgsrvc.exe
    PRC - [2010/04/23 16:04:10 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\O2 Assistant\bin\sprtcmd.exe
    PRC - [2010/03/02 19:52:00 | 000,140,640 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
    PRC - [2010/01/15 13:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
    PRC - [2009/08/18 03:36:36 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
    PRC - [2009/08/18 03:36:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
    PRC - [2009/04/13 21:16:31 | 000,180,224 | ---- | M] (ALPS) -- C:\Program Files\Apoint\Apvfb.exe
    PRC - [2009/04/13 21:16:30 | 000,155,648 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
    PRC - [2009/04/13 21:16:28 | 000,050,472 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApMsgFwd.exe
    PRC - [2009/03/24 03:00:00 | 001,983,816 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
    PRC - [2009/03/02 07:21:32 | 002,329,128 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
    PRC - [2009/03/02 07:21:32 | 000,789,032 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    PRC - [2009/03/02 07:21:32 | 000,567,848 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    PRC - [2009/02/05 20:41:46 | 000,091,432 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe
    PRC - [2009/02/05 20:41:44 | 000,390,440 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDms.exe
    PRC - [2009/02/05 20:41:44 | 000,120,104 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHCImp.exe
    PRC - [2009/02/05 20:41:44 | 000,075,048 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDs.exe
    PRC - [2009/02/05 20:41:44 | 000,070,952 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe
    PRC - [2009/01/20 00:43:04 | 000,394,536 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
    PRC - [2009/01/19 13:49:20 | 000,203,624 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
    PRC - [2009/01/06 03:04:54 | 000,109,088 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe
    PRC - [2008/12/18 18:53:50 | 000,317,288 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\ISB Utility\ISBMgr.exe
    PRC - [2008/09/18 18:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
    PRC - [2007/01/05 03:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/08/11 09:32:28 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
    MOD - [2010/11/20 12:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Auto | Stopped] -- -- (NMSAccessU)
    SRV - [2011/08/03 11:10:31 | 003,542,616 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_2da1ebd.dll -- (Akamai)
    SRV - [2011/06/22 18:01:18 | 000,870,200 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
    SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2011/03/01 09:56:36 | 000,052,288 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
    SRV - [2010/10/09 10:18:00 | 000,016,384 | ---- | M] (thinkbroadband.com) [Auto | Running] -- C:\Program Files\thinkbroadband.com\tbbMeter\tbbLoaderService.exe -- (tbbLoaderService)
    SRV - [2010/09/24 17:07:18 | 000,329,080 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
    SRV - [2010/06/24 09:28:20 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
    SRV - [2010/04/23 16:04:12 | 000,206,120 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\O2 Assistant\bin\sprtsvc.exe -- (sprtsvc_O2DA) SupportSoft Sprocket Service (O2DA)
    SRV - [2010/04/23 16:04:12 | 000,185,640 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\O2 Assistant\bin\tgsrvc.exe -- (tgsrvc_O2DA) SupportSoft Repair Service (O2DA)
    SRV - [2010/02/01 20:02:54 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2010/01/25 11:00:54 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
    SRV - [2010/01/15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
    SRV - [2009/08/18 03:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
    SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
    SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2009/03/02 07:21:32 | 000,567,848 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
    SRV - [2009/02/05 20:41:46 | 000,091,432 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe -- (SOHPlMgr)
    SRV - [2009/02/05 20:41:44 | 000,390,440 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms)
    SRV - [2009/02/05 20:41:44 | 000,120,104 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
    SRV - [2009/02/05 20:41:44 | 000,075,048 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
    SRV - [2009/02/05 20:41:44 | 000,070,952 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe -- (SOHDBSvr)
    SRV - [2009/01/20 00:43:04 | 000,394,536 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
    SRV - [2009/01/19 13:49:20 | 000,203,624 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
    SRV - [2009/01/17 05:59:08 | 000,083,240 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper)
    SRV - [2009/01/06 03:04:54 | 000,109,088 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe -- (RtkAudioService)
    SRV - [2008/09/18 18:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
    SRV - [2007/06/07 16:19:40 | 000,202,280 | R--- | M] () [Auto | Stopped] -- C:\Program Files\O2\bin\sprtsvc.exe -- (sprtsvc_O2) SupportSoft Sprocket Service (O2)
    SRV - [2007/01/05 03:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
    SRV - [2005/09/30 19:22:50 | 000,098,304 | ---- | M] (Canon Inc.) [Auto | Stopped] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
    DRV - [2011/08/03 11:25:32 | 000,216,912 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\29574\RapportCerberus32_29574.sys -- (RapportCerberus_29574)
    DRV - [2011/08/03 11:12:28 | 000,053,312 | ---- | M] (microOLAP Technologies LTD) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pssdklbf.sys -- (PSSDKLBF)
    DRV - [2011/08/03 11:11:28 | 000,038,976 | ---- | M] (microOLAP Technologies LTD) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pssdk42.sys -- (PSSDK42)
    DRV - [2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
    DRV - [2011/06/22 18:01:26 | 000,158,904 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
    DRV - [2011/06/22 18:01:26 | 000,066,360 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
    DRV - [2011/06/22 18:01:26 | 000,053,816 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\RapportKELL.sys -- (RapportKELL)
    DRV - [2010/11/20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV - [2010/11/20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
    DRV - [2010/04/14 02:01:48 | 000,045,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)
    DRV - [2010/03/04 17:36:59 | 000,390,528 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\RapportBuka.sys -- (RapportBuka)
    DRV - [2009/11/11 12:14:44 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
    DRV - [2009/11/11 12:14:12 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
    DRV - [2009/08/18 04:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
    DRV - [2009/07/14 01:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
    DRV - [2009/07/14 01:14:49 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDScan.sys -- (WSDScan)
    DRV - [2009/07/13 23:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
    DRV - [2009/07/13 23:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R)
    DRV - [2009/04/13 21:16:29 | 000,173,616 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
    DRV - [2009/02/23 21:07:18 | 000,155,808 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
    DRV - [2008/11/25 00:41:52 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)
    DRV - [2008/11/19 01:08:46 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)
    DRV - [2008/10/23 01:02:23 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\risdptsk.sys -- (risdptsk)
    DRV - [2008/10/23 01:02:02 | 000,068,608 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
    DRV - [2008/08/22 12:06:02 | 000,101,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
    DRV - [2008/06/07 01:02:55 | 000,131,000 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
    DRV - [2008/04/24 22:06:40 | 000,017,920 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
    DRV - [2007/04/18 04:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=SNYT&bmod=SNYT
    IE - HKLM\..\URLSearchHook: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files\Veoh_Web_Player\tbVeoh.dll (Conduit Ltd.)


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



    IE - HKU\S-1-5-21-3286186691-3134294517-363437892-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    IE - HKU\S-1-5-21-3286186691-3134294517-363437892-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\S-1-5-21-3286186691-3134294517-363437892-1000\..\URLSearchHook: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files\Veoh_Web_Player\tbVeoh.dll (Conduit Ltd.)
    IE - HKU\S-1-5-21-3286186691-3134294517-363437892-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-3286186691-3134294517-363437892-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.732: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohTVPlugin: C:\Program Files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll File not found
    FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohWebPlayer: C:\Program Files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll (Veoh)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Users\Alex\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( )
    FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Alex\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/06/08 17:43:15 | 000,000,000 | ---D | M]

    [2009/12/22 02:15:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\Mozilla\Extensions
    [2009/10/18 22:39:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org

    O1 HOSTS File: ([2011/08/10 10:07:58 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
    O2 - BHO: (Veoh Web Player Toolbar) - {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files\Veoh_Web_Player\tbVeoh.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Veoh Video Compass) - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll (Veoh Networks)
    O3 - HKLM\..\Toolbar: (Veoh Web Player Toolbar) - {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files\Veoh_Web_Player\tbVeoh.dll (Conduit Ltd.)
    O3 - HKU\S-1-5-21-3286186691-3134294517-363437892-1000\..\Toolbar\WebBrowser: (Veoh Web Player Toolbar) - {CD90BF73-20F6-44EF-993D-BB920303BD2E} - C:\Program Files\Veoh_Web_Player\tbVeoh.dll (Conduit Ltd.)
    O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
    O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
    O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
    O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
    O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
    O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
    O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\lam\mbam.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [MarketingTools] C:\Program Files\Sony\Marketing Tools\MarketingTools.exe (Sony Corporation)
    O4 - HKLM..\Run: [O2DA] C:\Program Files\O2 Assistant\bin\sprtcmd.exe (SupportSoft, Inc.)
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3286186691-3134294517-363437892-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3286186691-3134294517-363437892-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
    O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
    O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKU\S-1-5-21-3286186691-3134294517-363437892-1000\..Trusted Domains: o2.co.uk ([*.broadband] http in Trusted sites)
    O15 - HKU\S-1-5-21-3286186691-3134294517-363437892-1000\..Trusted Domains: o2.co.uk ([*.broadband] https in Trusted sites)
    O15 - HKU\S-1-5-21-3286186691-3134294517-363437892-1000\..Trusted Ranges: GD ([http] in Local intranet)
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-gb.cab (Windows Live Hotmail Photo Upload Tool)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
    O24 - Desktop WallPaper:
    O24 - Desktop BackupWallPaper:
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    Drivers32: msacm.ac3filter - C:\Windows\System32\ac3filter.acm ()
    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
    Drivers32: VIDC.dvsd - C:\Program Files\Common Files\Sony Shared\VideoLib\sonydv.dll File not found
    Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/08/11 09:32:04 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
    [2011/08/10 10:55:04 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2011/08/10 10:54:33 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2011/08/10 09:35:52 | 004,167,902 | R--- | C] (Swearware) -- C:\Users\Alex\Desktop\ComboFix.exe
    [2011/08/08 10:59:26 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2011/08/08 10:59:26 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2011/08/08 10:59:26 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2011/08/08 10:58:48 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2011/08/08 10:58:44 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/08/07 16:35:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
    [2011/08/06 18:30:13 | 001,404,208 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Alex\Desktop\tdsskiller.exe
    [2011/08/04 23:28:56 | 000,607,017 | R--- | C] (Swearware) -- C:\Users\Alex\Desktop\dds.scr
    [2011/08/04 23:24:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\lam
    [2011/08/04 23:24:35 | 000,000,000 | ---D | C] -- C:\Program Files\lam
    [2011/08/04 19:28:57 | 000,000,000 | ---D | C] -- C:\ProgramData\BabylonUpdater
    [2011/08/04 19:28:56 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\Babylon
    [2011/08/04 19:28:55 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Babylon
    [2011/08/04 19:28:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
    [2011/08/04 19:23:41 | 000,000,000 | ---D | C] -- C:\Users\Alex\Adobe Dreamweaver CS5.5
    [2011/08/04 19:09:33 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
    [2011/08/04 19:09:27 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Download Assistant
    [2011/07/31 15:49:47 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Spotify
    [2011/07/31 15:49:47 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\Spotify
    [2011/07/22 15:36:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    [2011/07/22 15:35:45 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2011/07/22 15:31:10 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
    [2011/07/13 18:11:49 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
    [1 C:\Users\Alex\Desktop\*.tmp files -> C:\Users\Alex\Desktop\*.tmp -> ]
     
  3. funkduck

    funkduck TS Rookie Topic Starter Posts: 36

    ========== Files - Modified Within 30 Days ==========

    [2011/08/11 09:32:28 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
    [2011/08/11 09:29:37 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2011/08/11 09:29:32 | 000,044,560 | -HS- | M] () -- C:\Windows\System32\c_18145.nl_
    [2011/08/11 09:29:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/08/10 10:49:00 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2011/08/10 10:07:58 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2011/08/10 09:35:53 | 004,167,902 | R--- | M] (Swearware) -- C:\Users\Alex\Desktop\ComboFix.exe
    [2011/08/10 09:34:18 | 000,002,286 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2011/08/09 12:02:30 | 000,230,619 | ---- | M] () -- C:\Users\Alex\Documents\Capture.PNG
    [2011/08/09 11:50:16 | 000,011,120 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/08/09 11:50:16 | 000,011,120 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/08/09 11:42:54 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
    [2011/08/09 11:41:47 | 2389,987,328 | -HS- | M] () -- C:\hiberfil.sys
    [2011/08/06 18:42:43 | 000,631,364 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2011/08/06 18:42:43 | 000,111,456 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2011/08/06 18:30:14 | 001,404,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Alex\Desktop\tdsskiller.exe
    [2011/08/05 08:36:08 | 000,139,264 | ---- | M] () -- C:\Users\Alex\Desktop\RKUnhookerLE.EXE
    [2011/08/05 00:07:31 | 000,294,216 | ---- | M] () -- C:\Users\Alex\Desktop\gmer.zip
    [2011/08/04 23:29:00 | 000,607,017 | R--- | M] (Swearware) -- C:\Users\Alex\Desktop\dds.scr
    [2011/08/04 23:26:45 | 000,302,592 | ---- | M] () -- C:\Users\Alex\Desktop\28sz8j2d.exe
    [2011/08/04 23:10:17 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/08/04 19:09:28 | 000,001,001 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Download Assistant.lnk
    [2011/08/03 11:12:28 | 000,053,312 | ---- | M] (microOLAP Technologies LTD) -- C:\Windows\System32\drivers\pssdklbf.sys
    [2011/08/03 11:11:28 | 000,038,976 | ---- | M] (microOLAP Technologies LTD) -- C:\Windows\System32\drivers\pssdk42.sys
    [2011/08/01 20:23:01 | 000,006,555 | ---- | M] () -- C:\Users\Alex\.recently-used.xbel
    [2011/07/31 15:49:45 | 000,000,949 | ---- | M] () -- C:\Users\Alex\Desktop\Spotify.lnk
    [2011/07/23 19:06:40 | 000,328,059 | ---- | M] () -- C:\Users\Alex\Documents\Lars Purring.caf
    [2011/07/23 19:06:36 | 000,767,937 | ---- | M] () -- C:\Users\Alex\Documents\Looking Through The Window.caf
    [2011/07/23 19:06:32 | 000,643,107 | ---- | M] () -- C:\Users\Alex\Documents\Cold November.caf
    [2011/07/23 19:06:30 | 001,222,677 | ---- | M] () -- C:\Users\Alex\Documents\MyRecording.caf
    [2011/07/23 19:06:24 | 000,467,751 | ---- | M] () -- C:\Users\Alex\Documents\Long Way Acoustic.caf
    [2011/07/23 19:06:23 | 001,564,476 | ---- | M] () -- C:\Users\Alex\Documents\Long Way.caf
    [2011/07/23 19:06:18 | 001,103,791 | ---- | M] () -- C:\Users\Alex\Documents\Time Delay.caf
    [2011/07/22 15:36:40 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2011/07/14 17:48:16 | 002,339,136 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [1 C:\Users\Alex\Desktop\*.tmp files -> C:\Users\Alex\Desktop\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/08/10 10:49:00 | 000,044,560 | -HS- | C] () -- C:\Windows\System32\c_18145.nl_
    [2011/08/09 12:02:30 | 000,230,619 | ---- | C] () -- C:\Users\Alex\Documents\Capture.PNG
    [2011/08/08 10:59:26 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2011/08/08 10:59:26 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2011/08/08 10:59:26 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2011/08/08 10:59:26 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2011/08/08 10:59:26 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2011/08/05 08:36:07 | 000,139,264 | ---- | C] () -- C:\Users\Alex\Desktop\RKUnhookerLE.EXE
    [2011/08/05 00:07:28 | 000,294,216 | ---- | C] () -- C:\Users\Alex\Desktop\gmer.zip
    [2011/08/04 23:26:45 | 000,302,592 | ---- | C] () -- C:\Users\Alex\Desktop\28sz8j2d.exe
    [2011/08/04 19:09:28 | 000,001,013 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Download Assistant.lnk
    [2011/08/04 19:09:28 | 000,001,001 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Download Assistant.lnk
    [2011/08/01 20:23:01 | 000,006,555 | ---- | C] () -- C:\Users\Alex\.recently-used.xbel
    [2011/07/31 15:49:45 | 000,000,949 | ---- | C] () -- C:\Users\Alex\Desktop\Spotify.lnk
    [2011/07/31 15:49:44 | 000,000,979 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
    [2011/07/23 19:06:39 | 000,328,059 | ---- | C] () -- C:\Users\Alex\Documents\Lars Purring.caf
    [2011/07/23 19:06:35 | 000,767,937 | ---- | C] () -- C:\Users\Alex\Documents\Looking Through The Window.caf
    [2011/07/23 19:06:32 | 000,643,107 | ---- | C] () -- C:\Users\Alex\Documents\Cold November.caf
    [2011/07/23 19:06:27 | 001,222,677 | ---- | C] () -- C:\Users\Alex\Documents\MyRecording.caf
    [2011/07/23 19:06:24 | 000,467,751 | ---- | C] () -- C:\Users\Alex\Documents\Long Way Acoustic.caf
    [2011/07/23 19:06:21 | 001,564,476 | ---- | C] () -- C:\Users\Alex\Documents\Long Way.caf
    [2011/07/23 19:06:16 | 001,103,791 | ---- | C] () -- C:\Users\Alex\Documents\Time Delay.caf
    [2011/07/22 15:36:40 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2011/04/28 10:44:53 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
    [2011/04/28 10:44:53 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
    [2011/04/28 10:44:53 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
    [2011/04/28 10:44:53 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
    [2011/04/28 10:44:53 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
    [2011/04/28 10:44:53 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
    [2011/04/28 10:44:53 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
    [2011/04/28 10:44:53 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
    [2011/04/28 10:44:53 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
    [2011/04/28 10:44:53 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
    [2011/04/28 10:44:53 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
    [2011/04/28 10:44:52 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
    [2011/04/28 10:44:52 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
    [2011/04/28 10:44:52 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
    [2011/04/28 10:44:52 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
    [2011/04/28 10:44:52 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
    [2011/04/28 10:44:52 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
    [2011/04/28 10:44:52 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
    [2011/04/28 10:44:52 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
    [2011/04/22 12:01:12 | 000,007,617 | ---- | C] () -- C:\Users\Alex\AppData\Local\resmon.resmoncfg
    [2010/12/22 12:38:13 | 000,020,459 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\UserTile.png
    [2010/09/03 09:12:42 | 000,166,272 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
    [2010/09/02 11:38:53 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
    [2010/08/25 21:14:56 | 002,654,262 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\ZBWallpaper.bmp
    [2010/01/17 18:46:42 | 000,005,632 | ---- | C] () -- C:\Users\Alex\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/12/27 19:09:49 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
    [2009/12/27 19:09:49 | 000,000,088 | RHS- | C] () -- C:\ProgramData\47B7AA6C58.sys
    [2009/12/22 02:30:55 | 000,021,316 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
    [2009/12/22 01:44:23 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2009/12/21 23:53:32 | 000,000,062 | ---- | C] () -- C:\Windows\WININIT.INI
    [2009/10/02 19:23:08 | 000,000,604 | -H-- | C] () -- C:\Program Files\STLL Notifier
    [2009/09/24 20:21:00 | 000,000,728 | ---- | C] () -- C:\Windows\{4507868A-A9CD-4ECC-BD54-0EAB6EE81D42}_WiseFW.ini
    [2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
    [2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
    [2009/07/14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2009/07/14 05:33:53 | 002,339,136 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
    [2009/07/14 03:05:48 | 000,631,364 | ---- | C] () -- C:\Windows\System32\perfh009.dat
    [2009/07/14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
    [2009/07/14 03:05:48 | 000,111,456 | ---- | C] () -- C:\Windows\System32\perfc009.dat
    [2009/07/14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
    [2009/07/14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
    [2009/07/14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
    [2009/07/14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
    [2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
    [2009/06/18 20:29:04 | 000,197,654 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
    [2009/06/17 17:52:40 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
    [2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
    [2009/05/15 19:54:35 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
    [2009/05/15 19:34:34 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
    [2009/02/18 18:55:22 | 000,294,912 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
    [2009/02/03 21:52:04 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe

    ========== LOP Check ==========

    [2011/03/28 16:15:35 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Amazon
    [2011/08/04 19:28:55 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Babylon
    [2011/03/30 22:36:03 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Canon
    [2011/08/04 19:09:33 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
    [2010/03/01 17:14:48 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Facebook
    [2010/08/19 23:00:25 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\fltk.org
    [2011/07/29 23:36:59 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\gtk-2.0
    [2010/10/24 16:23:16 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\inkscape
    [2009/12/22 02:15:19 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\InterVideo
    [2009/12/22 02:15:19 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Jasc
    [2009/12/22 02:15:39 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\NASA
    [2011/03/30 11:13:34 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\OpenOffice.org
    [2011/03/30 10:49:55 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Smart PDF Converter Pro
    [2011/07/31 17:19:48 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Spotify
    [2010/08/31 14:10:38 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Tatara Systems
    [2010/03/04 17:11:35 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Trusteer
    [2010/04/15 12:25:20 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Trusteer
    [2010/04/15 12:25:20 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Trusteer
    [2011/05/28 19:52:56 | 000,032,546 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < >

    < %SYSTEMDRIVE%\*.* >
    [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
    [2010/11/20 13:40:07 | 000,383,786 | RHS- | M] () -- C:\bootmgr
    [2009/12/22 09:37:27 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
    [2011/08/10 10:54:03 | 000,019,121 | ---- | M] () -- C:\ComboFix.txt
    [2009/06/10 22:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
    [2009/12/22 10:49:09 | 000,049,072 | ---- | M] () -- C:\Entries.lst
    [2011/08/09 11:41:47 | 2389,987,328 | -HS- | M] () -- C:\hiberfil.sys
    [2009/06/17 17:21:53 | 000,000,187 | ---- | M] () -- C:\Installer_Setup.log
    [2010/03/06 18:01:47 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2009/06/17 17:25:36 | 000,737,308 | ---- | M] () -- C:\lv.log
    [2010/03/06 18:01:47 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2011/08/09 11:41:51 | 3186,651,136 | -HS- | M] () -- C:\pagefile.sys
    [2010/03/04 00:06:11 | 000,000,714 | ---- | M] () -- C:\qhdebug.log
    [2009/05/15 19:58:56 | 000,002,420 | ---- | M] () -- C:\RHDSetup.log
    [2009/06/17 17:25:08 | 000,000,073 | -H-- | M] () -- C:\splash.idx
    [2011/08/06 18:32:03 | 000,075,122 | ---- | M] () -- C:\TDSSKiller.2.5.14.0_06.08.2011_18.30.45_log.txt
    [2009/06/17 17:53:30 | 000,385,952 | ---- | M] () -- C:\vcredist_x86.log
    [2009/05/12 19:38:16 | 000,003,632 | -H-- | M] () -- C:\version

    < %systemroot%\Fonts\*.com >
    [2009/07/14 05:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/14 05:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/14 05:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/14 05:52:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/10 22:31:19 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2006/09/12 20:00:00 | 000,027,136 | ---- | M] (CANON INC.) -- C:\Windows\system32\spool\prtprocs\w32x86\CNMPD7L.DLL
    [2010/04/24 05:00:00 | 000,027,648 | ---- | M] (CANON INC.) -- C:\Windows\system32\spool\prtprocs\w32x86\CNMPD9X.DLL
    [2010/08/25 05:00:00 | 000,027,648 | ---- | M] (CANON INC.) -- C:\Windows\system32\spool\prtprocs\w32x86\CNMPDAE.DLL
    [2006/09/12 20:00:00 | 000,069,632 | ---- | M] (CANON INC.) -- C:\Windows\system32\spool\prtprocs\w32x86\CNMPP7L.DLL
    [2010/04/24 05:00:00 | 000,070,656 | ---- | M] (CANON INC.) -- C:\Windows\system32\spool\prtprocs\w32x86\CNMPP9X.DLL
    [2010/08/25 05:00:00 | 000,073,216 | ---- | M] (CANON INC.) -- C:\Windows\system32\spool\prtprocs\w32x86\CNMPPAE.DLL
    [2009/07/14 02:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
    [2006/10/27 03:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\msonpppr.dll
    [2010/11/20 13:21:36 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\winprint.dll

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2009/07/10 13:15:46 | 000,306,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009/07/14 05:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini
    [2009/10/02 19:23:08 | 000,000,604 | -H-- | M] () -- C:\Program Files\STLL Notifier

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2009/10/01 12:11:10 | 000,000,444 | -HS- | M] () -- C:\Users\Alex\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop (1).ini
    [2011/04/14 12:40:10 | 000,000,221 | -HS- | M] () -- C:\Users\Alex\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
    [2009/10/26 21:11:21 | 000,000,260 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Hotmail.url

    < %USERPROFILE%\Desktop\*.exe >
    [2011/08/04 23:26:45 | 000,302,592 | ---- | M] () -- C:\Users\Alex\Desktop\28sz8j2d.exe
    [2011/08/10 09:35:53 | 004,167,902 | R--- | M] (Swearware) -- C:\Users\Alex\Desktop\ComboFix.exe
    [2011/08/11 09:32:28 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
    [2011/08/05 08:36:08 | 000,139,264 | ---- | M] () -- C:\Users\Alex\Desktop\RKUnhookerLE.EXE
    [2011/08/06 18:30:14 | 001,404,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Alex\Desktop\tdsskiller.exe
    [1 C:\Users\Alex\Desktop\*.tmp files -> C:\Users\Alex\Desktop\*.tmp -> ]

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009/06/10 22:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >
    [2011/02/25 13:29:18 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk
    [2011/02/25 13:29:18 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
    [2009/12/25 11:14:05 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
    [2009/12/25 11:14:06 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs
    [2011/02/25 13:29:18 | 001,056,768 | ---- | M] () -- C:\Windows\SECURITY\Database\tmp.edb

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2011/02/25 13:31:54 | 000,000,402 | -HS- | M] () -- C:\Users\Alex\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2010/09/10 18:46:03 | 000,000,088 | RHS- | M] () -- C:\ProgramData\47B7AA6C58.sys
    [2010/09/10 18:46:22 | 000,002,828 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    ========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
    [C:\Windows\$NtUninstallKB42752$] -> Error: Cannot create file handle -> Unknown point type

    < End of report >
     
  4. Broni

    Broni Malware Annihilator Posts: 52,747   +342

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
      O15 - HKU\S-1-5-21-3286186691-3134294517-363437892-1000\..Trusted Domains: o2.co.uk ([*.broadband] http in Trusted sites)
      O15 - HKU\S-1-5-21-3286186691-3134294517-363437892-1000\..Trusted Domains: o2.co.uk ([*.broadband] https in Trusted sites)
      O15 - HKU\S-1-5-21-3286186691-3134294517-363437892-1000\..Trusted Ranges: GD ([http] in Local intranet)
      [1 C:\Users\Alex\Desktop\*.tmp files -> C:\Users\Alex\Desktop\*.tmp -> ] 
      [2009/12/27 19:09:49 | 000,000,088 | RHS- | C] () -- C:\ProgramData\47B7AA6C58.sys
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ==================================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  5. funkduck

    funkduck TS Rookie Topic Starter Posts: 36

    Do you think my laptop will get better soon?! : (
     
  6. funkduck

    funkduck TS Rookie Topic Starter Posts: 36

    All processes killed
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
    Registry key HKEY_USERS\S-1-5-21-3286186691-3134294517-363437892-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\o2.co.uk\*.broadband\ deleted successfully.
    Invalid CLSID key: *.broadband
    Registry key HKEY_USERS\S-1-5-21-3286186691-3134294517-363437892-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\o2.co.uk\*.broadband\ not found.
    Invalid CLSID key: *.broadband
    Registry value HKEY_USERS\S-1-5-21-3286186691-3134294517-363437892-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\GD\\http deleted successfully.
    C:\Users\Alex\Desktop\~WRL0005.tmp deleted successfully.
    C:\ProgramData\47B7AA6C58.sys moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Alex
    ->Temp folder emptied: 286726476 bytes
    ->Temporary Internet Files folder emptied: 907725143 bytes
    ->Java cache emptied: 26005133 bytes
    ->Google Chrome cache emptied: 420480679 bytes
    ->Apple Safari cache emptied: 8725504 bytes
    ->Flash cache emptied: 74512 bytes

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 56468 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 2432 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 18932416 bytes

    Total Files Cleaned = 1,591.00 mb


    [EMPTYFLASH]

    User: Alex
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.26.1 log created on 08122011_003808

    Files\Folders moved on Reboot...
    File\Folder C:\Users\Alex\AppData\Local\Temp\Temp1_gmer.zip\gmer.exe not found!

    Registry entries deleted on Reboot...
     
  7. Broni

    Broni Malware Annihilator Posts: 52,747   +342

    The only thing I can guarantee is your computer being clean.
    Then we'll see.
    Did you try my advice regarding McAfee?
     
  8. funkduck

    funkduck TS Rookie Topic Starter Posts: 36

    Results of screen317's Security Check version 0.99.7
    Windows 7 Service Pack 1 (UAC is enabled)
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Disabled!
    McAfee AntiVirus Plus
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Java(TM) 6 Update 26
    Java(TM) 6 Update 22
    Out of date Java installed!
    Adobe Flash Player 10.1.53.64
    Adobe Reader X (10.1.0)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    ``````````End of Log````````````
     
  9. Broni

    Broni Malware Annihilator Posts: 52,747   +342

    Uninstall Java(TM) 6 Update 22 .

    What about McAfee?
     
  10. funkduck

    funkduck TS Rookie Topic Starter Posts: 36

    Uninstalled Java(TM) 6 Update 22.

    I have removed McAfee, but not yet reinstalled.
     
  11. funkduck

    funkduck TS Rookie Topic Starter Posts: 36

    Should I continue with Temp File Cleaner and then ESET?
     
  12. Broni

    Broni Malware Annihilator Posts: 52,747   +342

    Did you use the tool I suggested to uninstall McAfee?
     
  13. Broni

    Broni Malware Annihilator Posts: 52,747   +342

    Yes go ahead with TFC and Eset.
     
  14. funkduck

    funkduck TS Rookie Topic Starter Posts: 36

    Yes I used the tool you suggested.
    Mcafee is reinstalled but it is warning about infection W32/Katusha virus still.
     
  15. Broni

    Broni Malware Annihilator Posts: 52,747   +342

    I suspect false positive.
    This is a part of your online banking security.

    Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders, UN-check Hide protected operating system files.
    NOTE. Make sure to reverse the above changes, when done with this step.
    Upload following files to http://www.virustotal.com/ for security check:
    - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
    IMPORTANT! If the file is listed as already analyzed, click on Reanalyse file now button.
    Post scan results.
     
  16. funkduck

    funkduck TS Rookie Topic Starter Posts: 36

    File name:
    RapportMgmtService.exe

    Submission date:
    2011-08-12 00:57:50 (UTC)

    Current status:
    finished




    Result:
    36/ 43 (83.7%)


    VT Community

    not reviewed
    Safety score: -



    Compact

    Print results




    Antivirus

    Version

    Last Update

    Result



    AhnLab-V3

    2011.08.11.01

    2011.08.11

    Win-Trojan/Patched.DD



    AntiVir

    7.11.13.26

    2011.08.11

    W32/PatchLoad.A



    Antiy-AVL

    2.0.3.7

    2011.08.11

    -



    Avast

    4.8.1351.0

    2011.08.11

    Win32:patched-WQ [Trj]



    Avast5

    5.0.677.0

    2011.08.11

    Win32:patched-WQ [Trj]



    AVG

    10.0.0.1190

    2011.08.11

    Win32/Katusha.A



    BitDefender

    7.2

    2011.08.11

    Trojan.Patched.HE



    CAT-QuickHeal

    11.00

    2011.08.11

    W32.Patchload.O



    ClamAV

    0.97.0.0

    2011.08.12

    Trojan.Patched-167



    Commtouch

    5.3.2.6

    2011.08.11

    W32/Patched.G



    Comodo

    9712

    2011.08.12

    TrojWare.Win32.Patched.HN



    DrWeb

    5.0.2.03300

    2011.08.12

    Trojan.Starter.1695



    Emsisoft

    5.1.0.8

    2011.08.12

    Trojan-Spy.Win32.Zbot!IK



    eSafe

    7.0.17.0

    2011.08.10

    -



    eTrust-Vet

    36.1.8497

    2011.08.11

    Win32/Patchload.U



    F-Prot

    4.6.2.117

    2011.08.11

    W32/Patched.G



    F-Secure

    9.0.16440.0

    2011.08.12

    Trojan.Patched.HE



    Fortinet

    4.2.257.0

    2011.08.12

    -



    GData

    22

    2011.08.11

    Trojan.Patched.HE



    Ikarus

    T3.1.1.107.0

    2011.08.12

    Trojan-Spy.Win32.Zbot



    Jiangmin

    13.0.900

    2011.08.11

    TrojanSpy.Zbot.adxr



    K7AntiVirus

    9.109.5003

    2011.08.10

    Trojan



    Kaspersky

    9.0.0.837

    2011.08.12

    Trojan.Win32.Patched.mf



    McAfee

    5.400.0.1158

    2011.08.12

    W32/Katusha



    McAfee-GW-Edition

    2010.1D

    2011.08.12

    W32/Katusha



    Microsoft

    1.7104

    2011.08.11

    Virus:Win32/Patchload.O



    NOD32

    6370

    2011.08.12

    Win32/Patched.HN



    Norman

    6.07.10

    2011.08.11

    W32/Patched.BH



    nProtect

    2011-08-11.01

    2011.08.11

    -



    Panda

    10.0.3.5

    2011.08.11

    W32/Katusha.BN



    PCTools

    8.0.0.5

    2011.08.12

    Trojan.Paccyn



    Prevx

    3.0

    2011.08.12

    -



    Rising

    23.70.03.03

    2011.08.11

    Win32.Loader.li



    Sophos

    4.67.0

    2011.08.12

    W32/Patched-AK



    SUPERAntiSpyware

    4.40.0.1006

    2011.08.12

    -



    Symantec

    20111.2.0.82

    2011.08.12

    Trojan.Paccyn!inf



    TheHacker

    6.7.0.1.276

    2011.08.11

    -



    TrendMicro

    9.500.0.1008

    2011.08.11

    PTCH_KATUSHA.W



    TrendMicro-HouseCall

    9.500.0.1008

    2011.08.12

    PTCH_KATUSHA.W



    VBA32

    3.12.16.4

    2011.08.10

    Trojan-Spy.Zbot.gen



    VIPRE

    10143

    2011.08.12

    Virus.Win32.Agent.mpq (v)



    ViRobot

    2011.8.11.4617

    2011.08.11

    Win32.Patched.BE



    VirusBuster

    14.0.164.0

    2011.08.11

    Win32.Katusha.Gen





    Additional information

    Show all



    MD5 : 1ac0335744ee811c8494443ce1bbe7f2



    SHA1 : 5cec7e24351a1baef64bb33e9a4e48a6b91fb276



    SHA256: 6f65280dd321700473211fac74356ade83941a4408a0aa066086935c7341befd
     
  17. Broni

    Broni Malware Annihilator Posts: 52,747   +342

    Go ahead with TFC and Eset.
     
  18. funkduck

    funkduck TS Rookie Topic Starter Posts: 36

    TFC Done.
    ESET running. 56% done and 6 threats found so far.
     
  19. funkduck

    funkduck TS Rookie Topic Starter Posts: 36

    C:\Program Files\Bonjour\mDNSResponder.exe Win32/Patched.HN trojan
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe Win32/Patched.HN trojan
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe Win32/Patched.HN trojan
    C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe Win32/Patched.HN trojan
    C:\Program Files\thinkbroadband.com\tbbMeter\tbbMeter.exe Win32/Patched.HN trojan
    C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe Win32/Patched.HN trojan
    C:\Qoobox\Quarantine\C\Windows\System32\c_18145.nl_.vir probably a variant of Win32/Rootkit.KHEBOKS trojan
    C:\Windows\System32\c_18145.nl_ probably a variant of Win32/Rootkit.KHEBOKS trojan
     
  20. Broni

    Broni Malware Annihilator Posts: 52,747   +342

    Were those files removed, or they're still there?

    Did you reinstall McAfee?
     
  21. funkduck

    funkduck TS Rookie Topic Starter Posts: 36

    Files are still there. Do I need to check "Remove files" and redo the scan ?

    McAfee is reinstalled.
     
  22. Broni

    Broni Malware Annihilator Posts: 52,747   +342

    Yes.
     
  23. funkduck

    funkduck TS Rookie Topic Starter Posts: 36

    C:\Program Files\Bonjour\mDNSResponder.exe Win32/Patched.HN trojan cleaned - quarantined
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe Win32/Patched.HN trojan cleaned - quarantined
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe Win32/Patched.HN trojan cleaned - quarantined
    C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe Win32/Patched.HN trojan cleaned - quarantined
    C:\Program Files\thinkbroadband.com\tbbMeter\tbbMeter.exe Win32/Patched.HN trojan cleaned - quarantined
    C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe Win32/Patched.HN trojan error while cleaning
    C:\Qoobox\Quarantine\C\Windows\System32\c_18145.nl_.vir probably a variant of Win32/Rootkit.KHEBOKS trojan cleaned by deleting - quarantined
    C:\Windows\System32\c_18145.nl_ probably a variant of Win32/Rootkit.KHEBOKS trojan cleaned by deleting - quarantined
     
  24. Broni

    Broni Malware Annihilator Posts: 52,747   +342

    How is computer doing?
     
  25. funkduck

    funkduck TS Rookie Topic Starter Posts: 36

    Mcafee is persistently complaining about this still.

    C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe

    And restarting as it suggests does not fix the problem.

    How do I get rid of this ?
     

    Attached Files:

Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...