Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
CONHOST.EXE
Comments
-
AVG 2011 Anti-Virus command line scanner
Copyright (c) 1992 - 2011 AVG Technologies
Program version 10.0.1392, engine 10.0.1520
Virus Database: Version 1520/3867 2011-08-30
C:\WINDOWS\Temp\conhost.exe Trojan horse Agent_r.AOB
C:\WINDOWS\Temp\conhost.exe (1396):\memory_008f0000 Trojan horse Agent_r.AOB
C:\WINDOWS\Temp\conhost.exe (1396) Trojan horse Agent_r.AOB Object was moved to Virus Vault.
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Locked file. Not tested.
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Locked file. Not tested.
C:\Documents and Settings\LocalService\NTUSER.DAT Locked file. Not tested.
C:\Documents and Settings\LocalService\ntuser.dat.LOG Locked file. Not tested.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Locked file. Not tested.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Locked file. Not tested.
C:\Documents and Settings\NetworkService\NTUSER.DAT Locked file. Not tested.
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Locked file. Not tested.
C:\Documents and Settings\Sanja\Local Settings\Application Data\Microsoft\CardSpace\CardSpaceSP2.db Locked file. Not tested.
C:\Documents and Settings\Sanja\Local Settings\Application Data\Microsoft\CardSpace\CardSpaceSP2.db.shadow Locked file. Not tested.
C:\Documents and Settings\Sanja\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Locked file. Not tested.
C:\Documents and Settings\Sanja\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Locked file. Not tested.
C:\Documents and Settings\Sanja\ntuser.dat Locked file. Not tested.
C:\Documents and Settings\Sanja\ntuser.dat.LOG Locked file. Not tested.
C:\pagefile.sys Locked file. Not tested.
C:\System Volume Information\ Locked file. Not tested.
C:\WINDOWS\system32\CatRoot2\edb.log Locked file. Not tested.
C:\WINDOWS\system32\CatRoot2\tmp.edb Locked file. Not tested.
C:\WINDOWS\system32\config\default Locked file. Not tested.
C:\WINDOWS\system32\config\default.LOG Locked file. Not tested.
C:\WINDOWS\system32\config\SAM Locked file. Not tested.
C:\WINDOWS\system32\config\SAM.LOG Locked file. Not tested.
C:\WINDOWS\system32\config\SECURITY Locked file. Not tested.
C:\WINDOWS\system32\config\SECURITY.LOG Locked file. Not tested.
C:\WINDOWS\system32\config\software Locked file. Not tested.
C:\WINDOWS\system32\config\software.LOG Locked file. Not tested.
C:\WINDOWS\system32\config\system Locked file. Not tested.
C:\WINDOWS\system32\config\system.LOG Locked file. Not tested.
C:\WINDOWS\Temp\conhost.exe Trojan horse Agent_r.AOB
Objects scanned : 1180217
Found infections : 4
Found PUPs : 0
Healed infections : 3
Healed PUPs : 0
Warnings : 0
0 -
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org
Database version: 7586
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702
31.8.2011 6:24:45
mbam-log-2011-08-31 (06-24-45).txt
Scan type: Full scan (C:\|)
Objects scanned: 285728
Time elapsed: 37 minute(s), 35 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WORT (Trojan.Vilsel) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wintask (Trojan.Agent) -> Value: wintask -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\program files\wintask.exe (Trojan.Agent) -> Quarantined and deleted successfully.0 -
open OTL, paste this in the custom scan/fixes box
:OTL
O20 - Winlogon\Notify\mehioto: DllName - C:\Documents and Settings\NetworkService\Local Settings\Application Data\mehioto.dll - File not found
O33 - MountPoints2\{6894e3dc-9754-11e0-a856-705ab62dd432}\Shell - "" = AutoRun
O33 - MountPoints2\{6894e3dc-9754-11e0-a856-705ab62dd432}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6894e3dc-9754-11e0-a856-705ab62dd432}\Shell\AutoRun\command - "" = F:\Autorun.exe
O33 - MountPoints2\{a8b1ccef-338f-11df-a60a-705ab62dd432}\Shell - "" = AutoRun
O33 - MountPoints2\{a8b1ccef-338f-11df-a60a-705ab62dd432}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a8b1ccef-338f-11df-a60a-705ab62dd432}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{aaa9dc7e-a238-11df-a6d2-705ab62dd432}\Shell\AutoRun\command - "" = H:\PMBP_Win.exe
[2010.04.14 18:15:11 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\Documents and Settings\All Users\Application Data\hpe32.dll
[2011.08.28 16:33:49 | 000,182,272 | ---- | M] () -- C:\Program Files\wintask.exe
[2011.07.22 18:57:13 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\2y3Hy1sh.dat
[2011.06.07 15:01:34 | 000,015,936 | -HS- | C] () -- C:\Documents and Settings\Sanja\Local Settings\Application Data\qex15n43oehns8r7
[2011.06.07 15:01:34 | 000,015,936 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\qex15n43oehns8r7
:Commands
[PURITY]
[EMPTYTEMP]
[EMPTYFLASH]
[RESETHOSTS]
[CREATERESTOREPOINT]
[Reboot]
:Files
ipconfig /flushdns /c
C:\WINDOWS\tasks\At*.job
Click Run Fix, post the log it gives you when you reboot.0 -
I did what u told me,and problem is still there. This is what Malwarebytes anti-malware is showing like popup window : Successfully blocked access to a malicious website 83.133.127.85 Type:outgoing,and when i have check quarantine there is : trojan.agent btmgen. do u want me to scan malwarebytes anti malware to show what is there > Thank u0
-
Zoran, update mbam run a quick scan, post that log here
do you recognise these folders
[2011/08/29 21:58:17 | 000,000,000 | ---D | C] -- C:\UnknownFolder118666
[2011/08/29 21:58:17 | 000,000,000 | ---D | C] -- C:\UnknownFolder108192
[2011/08/29 21:58:14 | 000,000,000 | ---D | C] -- C:\UnknownFolder93767
[2011/08/29 21:58:14 | 000,000,000 | ---D | C] -- C:\UnknownFolder108213
[2011/08/29 21:58:14 | 000,000,000 | ---D | C] -- C:\UnknownFolder108211
[2011/08/29 21:58:13 | 000,000,000 | ---D | C] -- C:\UnknownFolder93805
[2011/08/29 21:58:13 | 000,000,000 | ---D | C] -- C:\UnknownFolder18811
[2011/08/29 21:58:13 | 000,000,000 | ---D | C] -- C:\UnknownFolder108179
[2011/08/29 21:58:12 | 000,000,000 | ---D | C] -- C:\UnknownFolder93843
[2011/08/29 21:58:12 | 000,000,000 | ---D | C] -- C:\UnknownFolder93835
[2011/08/29 21:58:12 | 000,000,000 | ---D | C] -- C:\UnknownFolder118682
[2011/08/29 21:58:12 | 000,000,000 | ---D | C] -- C:\UnknownFolder118677
also open OTL click Quick Scan, post that log here0 -
Advertisement
-
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mehioto\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6894e3dc-9754-11e0-a856-705ab62dd432}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6894e3dc-9754-11e0-a856-705ab62dd432}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6894e3dc-9754-11e0-a856-705ab62dd432}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6894e3dc-9754-11e0-a856-705ab62dd432}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6894e3dc-9754-11e0-a856-705ab62dd432}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6894e3dc-9754-11e0-a856-705ab62dd432}\ not found.
File F:\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a8b1ccef-338f-11df-a60a-705ab62dd432}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a8b1ccef-338f-11df-a60a-705ab62dd432}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a8b1ccef-338f-11df-a60a-705ab62dd432}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a8b1ccef-338f-11df-a60a-705ab62dd432}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a8b1ccef-338f-11df-a60a-705ab62dd432}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a8b1ccef-338f-11df-a60a-705ab62dd432}\ not found.
File E:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aaa9dc7e-a238-11df-a6d2-705ab62dd432}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{aaa9dc7e-a238-11df-a6d2-705ab62dd432}\ not found.
File H:\PMBP_Win.exe not found.
C:\Documents and Settings\All Users\Application Data\hpe32.dll moved successfully.
File C:\Program Files\wintask.exe not found.
C:\Documents and Settings\All Users\Application Data\2y3Hy1sh.dat moved successfully.
C:\Documents and Settings\Sanja\Local Settings\Application Data\qex15n43oehns8r7 moved successfully.
C:\Documents and Settings\All Users\Application Data\qex15n43oehns8r7 moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 294912 bytes
->Temporary Internet Files folder emptied: 9624746 bytes
->FireFox cache emptied: 39935291 bytes
->Flash cache emptied: 566 bytes
User: All Users
User: Default User
->Temp folder emptied: 99086434 bytes
->Temporary Internet Files folder emptied: 216033 bytes
->Flash cache emptied: 321 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 42447 bytes
User: Sanja
->Temp folder emptied: 699924 bytes
->Temporary Internet Files folder emptied: 86622 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 90215447 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 3093358 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 27648 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2515589 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 242044542 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 216301 bytes
RecycleBin emptied: 3638 bytes
Total Files Cleaned = 466,00 mb
[EMPTYFLASH]
User: Administrator
->Flash cache emptied: 0 bytes
User: All Users
User: Default User
->Flash cache emptied: 0 bytes
User: LocalService
User: NetworkService
User: Sanja
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0,00 mb
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Sanja\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Sanja\Desktop\cmd.txt deleted successfully.
C:\WINDOWS\tasks\At1.job moved successfully.
C:\WINDOWS\tasks\At10.job moved successfully.
C:\WINDOWS\tasks\At11.job moved successfully.
C:\WINDOWS\tasks\At12.job moved successfully.
C:\WINDOWS\tasks\At13.job moved successfully.
C:\WINDOWS\tasks\At14.job moved successfully.
C:\WINDOWS\tasks\At15.job moved successfully.
C:\WINDOWS\tasks\At16.job moved successfully.
C:\WINDOWS\tasks\At17.job moved successfully.
C:\WINDOWS\tasks\At18.job moved successfully.
C:\WINDOWS\tasks\At19.job moved successfully.
C:\WINDOWS\tasks\At2.job moved successfully.
C:\WINDOWS\tasks\At20.job moved successfully.
C:\WINDOWS\tasks\At21.job moved successfully.
C:\WINDOWS\tasks\At22.job moved successfully.
C:\WINDOWS\tasks\At23.job moved successfully.
C:\WINDOWS\tasks\At24.job moved successfully.
C:\WINDOWS\tasks\At3.job moved successfully.
C:\WINDOWS\tasks\At4.job moved successfully.
C:\WINDOWS\tasks\At5.job moved successfully.
C:\WINDOWS\tasks\At6.job moved successfully.
C:\WINDOWS\tasks\At7.job moved successfully.
C:\WINDOWS\tasks\At8.job moved successfully.
C:\WINDOWS\tasks\At9.job moved successfully.
OTL by OldTimer - Version 3.2.26.6 log created on 09032011_160519
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...0 -
Hermiona, copy and paste this in the box custom scan/fixes in OTL
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
SaveMBR:0
clearallrestorepoints
%systemroot%\*. /mp /s
C:\*.*
click Quick Scan, post the log it gives0 -
OTL logfile created on: 3.9.2011 16:29:55 - Run 2
OTL by OldTimer - Version 3.2.26.6 Folder = C:\Documents and Settings\Sanja\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000041A | Country: Croatia | Language: HRV | Date Format: d.M.yyyy
1013,87 Mb Total Physical Memory | 604,62 Mb Available Physical Memory | 59,63% Memory free
2,39 Gb Paging File | 2,14 Gb Available in Paging File | 89,64% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 139,04 Gb Total Space | 63,37 Gb Free Space | 45,57% Space Free | Partition Type: NTFS
Computer Name: SINDOREA | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011.09.03 16:11:36 | 000,267,776 | ---- | M] (Ufasoft) -- C:\WINDOWS\Temp\conhost.exe
PRC - [2011.09.01 18:17:08 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011.08.29 19:49:08 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sanja\Desktop\OTL.exe
PRC - [2008.04.14 14:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
========== Modules (No Company Name) ==========
MOD - [2011.09.01 18:17:07 | 001,846,232 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011.08.15 12:31:09 | 006,277,280 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011.02.08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2009.11.23 15:53:58 | 000,113,448 | ---- | M] (Wacom Technology, Corp.) [Auto | Stopped] -- C:\Program Files\WTouch\WTouchService.exe -- (WTouchService)
SRV - [2009.11.23 15:53:56 | 004,497,704 | ---- | M] (Wacom Technology, Corp.) [Auto | Stopped] -- C:\WINDOWS\system32\Pen_Tablet.exe -- (TabletServicePen)
SRV - [2009.09.10 15:42:46 | 000,305,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2009.07.10 12:54:44 | 000,253,952 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Program Files\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2009.07.04 04:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Stopped] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2009.04.30 11:23:26 | 000,090,112 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)
SRV - [2008.11.04 12:39:20 | 000,014,336 | ---- | M] (Vodafone) [Auto | Stopped] -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)
SRV - [2008.04.18 07:54:02 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
========== Driver Services (SafeList) ==========
DRV - [2011.07.06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011.04.25 01:18:23 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011.03.16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011.03.01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011.02.22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011.01.07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010.05.10 20:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010.02.17 20:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009.08.31 12:18:16 | 005,891,584 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009.08.27 15:06:32 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV - [2009.06.22 06:59:26 | 001,574,112 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2009.05.20 11:54:06 | 000,013,736 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2009.05.06 19:15:38 | 001,759,744 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2009.03.02 07:03:48 | 000,038,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)
DRV - [2008.12.08 18:21:20 | 000,110,080 | R--- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnet.sys -- (ZTEusbnet)
DRV - [2008.12.08 18:21:20 | 000,105,344 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2008.12.08 18:21:20 | 000,104,960 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\zteusbvoice.sys -- (ZTEusbvoice)
DRV - [2008.12.08 18:21:20 | 000,104,960 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2008.12.08 18:21:20 | 000,104,960 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2008.12.08 18:21:20 | 000,007,680 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter)
DRV - [2008.12.02 05:52:00 | 000,058,800 | ---- | M] (Egis Incorporated.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV - [2008.12.02 05:52:00 | 000,017,840 | ---- | M] (Egis Incorporated.) [File_System | System | Stopped] -- C:\WINDOWS\system32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV - [2008.12.02 05:52:00 | 000,015,280 | ---- | M] (Egis Incorporated.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV - [2008.10.21 09:22:48 | 000,114,600 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017mdm.sys -- (s0017mdm)
DRV - [2008.10.21 09:22:48 | 000,109,736 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017unic.sys -- (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM)
DRV - [2008.10.21 09:22:48 | 000,108,328 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017mgmt.sys -- (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM)
DRV - [2008.10.21 09:22:48 | 000,104,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017obex.sys -- (s0017obex)
DRV - [2008.10.21 09:22:48 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017bus.sys -- (s0017bus) Sony Ericsson Device 0017 driver (WDM)
DRV - [2008.10.21 09:22:48 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017nd5.sys -- (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS)
DRV - [2008.10.21 09:22:48 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017mdfl.sys -- (s0017mdfl)
DRV - [2008.08.05 14:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2007.02.16 10:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2006.01.04 09:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_one&r=0xph03106305l0464wu95w54024788
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_one&r=0xph03106305l0464wu95w54024788
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.3: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.09.01 18:17:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.06.25 23:26:51 | 000,000,000 | ---D | M]
[2011.06.08 18:06:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2011.07.04 23:04:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.07.04 23:04:26 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010.05.12 17:18:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.05.12 17:18:37 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010.03.25 17:50:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011.09.01 18:17:08 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.05.12 17:18:35 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.01.01 10:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,000,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2010.01.01 10:00:00 | 000,000,786 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eudict.xml
[2010.10.21 00:51:34 | 000,003,803 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\MyHeritage.xml
[2010.01.01 10:00:00 | 000,001,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-hr.xml
O1 HOSTS File: ([2011.09.03 16:05:35 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [snp2uvc] C:\WINDOWS\System32\csnp2uvc.dll ( )
O4 - HKCU..\RunOnce: [spchecker] C:\Program Files\AVG\AVG10\Notification\SPCheckerTE.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acer VCM.lnk = C:\Program Files\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab (SysInfo Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Acer.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Acer.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.01.28 17:07:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
MsConfig - StartUpReg: Advanced SystemCare 3 - hkey= - key= - C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe (IObit)
MsConfig - StartUpReg: AVG9_TRAY - hkey= - key= - File not found
MsConfig - StartUpReg: swg - hkey= - key= - File not found
SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: mcmscsvc - Service
SafeBootMin: MCODS - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: AppMgmt - File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: mcmscsvc - Service
SafeBootNet: MCODS - Service
SafeBootNet: MpfService - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
Drivers32: msacm.divxa32 - C:\WINDOWS\System32\msaud32_divx.acm (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.VP60 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin
CLEARALLRESTOREPOINTS
Error creating restore point.
========== Files/Folders - Created Within 30 Days ==========
[2011.09.03 16:05:19 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.09.03 13:54:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\IObit
[2011.08.30 20:09:49 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010.03.18 11:10:15 | 000,196,608 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll
[2010.03.18 11:10:11 | 000,225,280 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll
========== Files - Modified Within 30 Days ==========
[2011.09.03 16:31:55 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2011.09.03 16:27:12 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011.09.03 16:10:43 | 000,445,798 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.09.03 16:10:43 | 000,073,004 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011.09.03 16:06:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.09.03 16:03:23 | 000,001,004 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to OTL.lnk
[2011.09.03 14:44:52 | 130,954,251 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011.09.03 14:40:32 | 000,000,932 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011.09.01 23:18:25 | 000,000,935 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to mbam.lnk
[2011.09.01 16:30:18 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.08.30 20:18:00 | 000,000,936 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011.08.11 12:44:44 | 000,000,127 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2011.08.09 18:21:21 | 000,000,694 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
========== Files Created - No Company Name ==========
[2011.09.03 16:31:55 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2011.09.03 16:03:23 | 000,001,004 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to OTL.lnk
[2011.09.01 23:18:25 | 000,000,935 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to mbam.lnk
[2011.09.01 16:37:35 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011.06.17 21:53:02 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2011.06.08 05:58:47 | 000,001,303 | ---- | C] () -- C:\WINDOWS\mgutil_reg.ini
[2011.06.08 05:58:47 | 000,000,119 | ---- | C] () -- C:\WINDOWS\mgutil_win.ini
[2011.04.04 00:22:41 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010.07.30 19:46:18 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010.07.05 00:53:46 | 000,727,648 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010.03.20 00:13:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010.03.18 11:10:15 | 001,759,744 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2010.03.18 11:10:15 | 000,028,544 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys
[2010.03.18 11:10:15 | 000,000,323 | ---- | C] () -- C:\WINDOWS\PidList.ini
[2010.01.28 21:15:02 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2010.01.28 20:09:37 | 000,189,796 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTConvEQ.dat
[2010.01.28 20:09:37 | 000,001,112 | ---- | C] () -- C:\WINDOWS\System32\drivers\RtHdatEx.dat
[2010.01.28 20:09:37 | 000,000,712 | ---- | C] () -- C:\WINDOWS\System32\drivers\SamSfPa.dat
[2010.01.28 20:09:37 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTEQEX2.dat
[2010.01.28 20:09:37 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTEQEX1.dat
[2010.01.28 20:09:37 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTEQEX0.dat
[2010.01.28 20:09:37 | 000,000,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTHDAEQ0.dat
[2010.01.28 20:09:37 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\rtkhdaud.dat
[2010.01.28 20:08:38 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2010.01.28 17:11:14 | 000,032,768 | ---- | C] () -- C:\WINDOWS\AMove.exe
[2010.01.28 17:10:18 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010.01.28 17:06:08 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010.01.28 17:05:22 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2010.01.28 16:46:09 | 000,007,003 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2010.01.28 16:46:08 | 000,020,480 | ---- | C] () -- C:\WINDOWS\LauncheRyDiscCalc.exe
[2010.01.28 16:45:48 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2010.01.28 16:45:46 | 000,445,798 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2010.01.28 16:45:46 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2010.01.28 16:45:46 | 000,073,004 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2010.01.28 16:45:46 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2010.01.28 16:45:45 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2010.01.28 16:45:44 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2010.01.28 16:45:44 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2010.01.28 16:45:41 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2010.01.28 16:45:41 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2010.01.28 16:45:35 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2010.01.28 16:45:32 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2010.01.28 09:02:34 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010.01.28 09:01:49 | 002,257,888 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008.12.30 20:13:14 | 000,137,196 | R--- | C] () -- C:\Documents and Settings\All Users\Application Data\DeviceManager.xml.rc4
[2008.08.20 16:45:46 | 000,020,270 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DeviceInstaller.xml
========== LOP Check ==========
[2011.06.08 05:56:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Auslogics
[2011.06.08 18:32:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\AVG10
[2011.09.03 13:54:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\IObit
[2011.06.08 05:54:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Vodafone
[2010.01.28 20:29:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acer
[2011.03.21 00:41:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acoustica
[2011.08.31 09:03:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010.04.14 18:16:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2011.03.15 00:01:32 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011.06.15 22:50:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010.01.28 20:38:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EgisTec
[2010.01.28 20:49:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eSobi
[2011.06.08 18:29:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010.04.14 22:10:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Partner
[2010.03.17 19:35:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2011.06.09 03:23:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010.03.19 21:44:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vodafone
[2011.06.08 16:31:07 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
========== Purity Check ==========
========== Custom Scans ==========
< %systemroot%\*. /mp /s >
< C:\*.* >
[2010.01.28 17:07:59 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010.03.18 11:07:27 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010.01.28 17:07:59 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2011.06.16 16:49:42 | 000,008,224 | ---- | M] () -- C:\GDIPFONTCACHEV1.DAT
[2010.01.28 17:07:59 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010.01.28 17:07:59 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008.04.14 14:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008.04.14 14:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011.09.03 16:06:17 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys
[2011.09.03 16:31:55 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
========== Alternate Data Streams ==========
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:93DE1838
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07BF512B
< End of report >0 -
its still there, going to need to run something stronger
download and run combofix, post the log it gives ( C:\combofix.txt )
http://www.bleepingcomputer.com/combofix/how-to-use-combofix0 -
Thank you. Will do that!
0 -
Advertisement
-
No,i don't recognise those files:
[2011/08/29 21:58:17 | 000,000,000 | ---D | C] -- C:\UnknownFolder118666
[2011/08/29 21:58:17 | 000,000,000 | ---D | C] -- C:\UnknownFolder108192
[2011/08/29 21:58:14 | 000,000,000 | ---D | C] -- C:\UnknownFolder93767
[2011/08/29 21:58:14 | 000,000,000 | ---D | C] -- C:\UnknownFolder108213
[2011/08/29 21:58:14 | 000,000,000 | ---D | C] -- C:\UnknownFolder108211
[2011/08/29 21:58:13 | 000,000,000 | ---D | C] -- C:\UnknownFolder93805
[2011/08/29 21:58:13 | 000,000,000 | ---D | C] -- C:\UnknownFolder18811
[2011/08/29 21:58:13 | 000,000,000 | ---D | C] -- C:\UnknownFolder108179
[2011/08/29 21:58:12 | 000,000,000 | ---D | C] -- C:\UnknownFolder93843
[2011/08/29 21:58:12 | 000,000,000 | ---D | C] -- C:\UnknownFolder93835
[2011/08/29 21:58:12 | 000,000,000 | ---D | C] -- C:\UnknownFolder118682
[2011/08/29 21:58:12 | 000,000,000 | ---D | C] -- C:\UnknownFolder1186770 -
zoran probably best if you go and follow those combofix instructions too0
-
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org
Database version: 7643
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
9/3/2011 4:17:33 PM
mbam-log-2011-09-03 (16-17-33).txt
Scan type: Quick scan
Objects scanned: 232145
Time elapsed: 18 minute(s), 49 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
c:\WINDOWS\Temp\conhost.exe (Trojan.Agent.BTMGen) -> 3640 -> Unloaded process successfully.
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\WINDOWS\Temp\conhost.exe (Trojan.Agent.BTMGen) -> Delete on reboot.0 -
you can leave the OTL step and follow my instructions about combofix zoran0
-
I had some problem with computer,windows stops,couldnt open . What is this mean Files Infected:
c:\WINDOWS\Temp\conhost.exe (Trojan.Agent.BTMGen) -> Delete on reboot.
By the way i am ready to folow your steps about combofix0 -
ComboFix 11-09-03.01 - Owner 09/04/2011 16:45:10.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.197 [GMT 1:00]
Running from: c:\documents and settings\Owner.HOME-DD2F005EFC\Desktop\ComboFix.exe
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Owner.HOME-DD2F005EFC\Application Data\Adobe\plugs
c:\documents and settings\Owner.HOME-DD2F005EFC\Application Data\Adobe\shed
c:\documents and settings\Owner.HOME-DD2F005EFC\Application Data\PriceGong
c:\documents and settings\Owner\WINDOWS
c:\program files\Windows Searchqu Toolbar
c:\program files\Windows Searchqu Toolbar\ToolBar(2)\chrome\skin\rss-collapse.png
c:\program files\Windows Searchqu Toolbar\ToolBar(2)\chrome\skin\rss-delete.png
c:\program files\Windows Searchqu Toolbar\ToolBar(2)\chrome\skin\rss-expand.png
c:\program files\Windows Searchqu Toolbar\ToolBar(2)\chrome\skin\rss-feed.png
c:\program files\Windows Searchqu Toolbar\ToolBar(2)\chrome\skin\rss-folder-remove.png
c:\program files\Windows Searchqu Toolbar\ToolBar(2)\chrome\skin\rss-folder-rename.png
c:\program files\Windows Searchqu Toolbar\ToolBar(2)\chrome\skin\rss-folder.png
c:\program files\Windows Searchqu Toolbar\ToolBar(2)\chrome\skin\rss-found.png
c:\program files\Windows Searchqu Toolbar\ToolBar(2)\chrome\skin\rss-reload.png
c:\program files\Windows Searchqu Toolbar\ToolBar(2)\chrome\skin\rss-subscribe.png
c:\program files\Windows Searchqu Toolbar\ToolBar(2)\chrome\skin\rss.png
c:\program files\Windows Searchqu Toolbar\ToolBar(2)\chrome\skin\rssback.gif
c:\program files\Windows Searchqu Toolbar\ToolBar(2)\chrome\skin\rsstopback.gif
c:\program files\Windows Searchqu Toolbar\ToolBar(2)\chrome\skin\search-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar(2)\chrome\skin\search.png
c:\program files\Windows Searchqu Toolbar\ToolBar(2)\chrome\skin\searchbar\searchbar-background-left.png
c:\program files\Windows Searchqu Toolbar\ToolBar(2)\chrome\skin\searchbar\searchbar-background-middle.png
c:\program files\Windows Searchqu Toolbar\ToolBar(2)\chrome\skin\searchbar\searchbar-background-right.png
c:\program files\Windows Searchqu Toolbar\ToolBar(2)\chrome\skin\searchqutb.css
c:\program files\Windows Searchqu Toolbar\ToolBar(2)\chrome\skin\settings.png
c:\program files\Windows Searchqu Toolbar\ToolBar(2)\chrome\skin\shopping.png
c:\program files\Windows Searchqu Toolbar\ToolBar(2)\chrome\skin\siteinfo.png
c:\program files\Windows Searchqu Toolbar\ToolBar(2)\chrome\skin\skin-bluelite.png
c:\program files\Windows Searchqu Toolbar\ToolBar(2)\chrome\skin\skin-bluesky.png
c:\program files\Windows Searchqu Toolbar\ToolBar(2)\chrome\skin\skin-grey.png
c:\program files\Windows Searchqu Toolbar\ToolBar(2)\chrome\skin\skin-lichen.png
c:\program files\Windows Searchqu Toolbar\ToolBar(2)\chrome\skin\skin-orange.png
c:\program files\Windows Searchqu Toolbar\ToolBar(2)\chrome\skin\skin-yellow.png
c:\program files\Windows Searchqu Toolbar\ToolBar(2)\chrome\skin\technorati.png
c:\program files\Windows Searchqu Toolbar\ToolBar(2)\chrome\skin\throbber.gif
c:\program files\Windows Searchqu Toolbar\ToolBar(2)\chrome\skin\toolbarsplitter.png
c:\program files\Windows Searchqu Toolbar\ToolBar(2)\chrome\skin\video.bmp
c:\program files\Windows Searchqu Toolbar\ToolBar(2)\chrome\skin\weather.png
c:\program files\Windows Searchqu Toolbar\ToolBar(2)\chrome\skin\web.png
c:\program files\Windows Searchqu Toolbar\ToolBar(2)\chrome\skin\widget_allocine.png
c:\program files\Windows Searchqu Toolbar\ToolBar(2)\chrome\skin\widget_bliptv.png
c:\program files\Windows Searchqu Toolbar\ToolBar(2)\chrome\skin\widget_calcal.png
c:\program files\Windows Searchqu Toolbar\ToolBar(2)\chrome\skin\widget_calculator.png
c:\program files\Windows Searchqu Toolbar\ToolBar(2)\chrome\skin\widget_gservices.png
c:\program files\Windows Searchqu Toolbar\ToolBar(2)\chrome\skin\widget_sudoku.png
c:\program files\Windows Searchqu Toolbar\ToolBar(2)\chrome\skin\widget_todo.jpg
c:\program files\Windows Searchqu Toolbar\ToolBar(2)\chrome\skin\widget_todo.png
c:\program files\Windows Searchqu Toolbar\ToolBar(2)\chrome\skin\widget_trio.png
c:\program files\Windows Searchqu Toolbar\ToolBar(2)\chrome\skin\widget_uconverter.png
c:\program files\Windows Searchqu Toolbar\ToolBar(2)\chrome\skin\widgets-square-16px.png
c:\program files\Windows Searchqu Toolbar\ToolBar(2)\chrome\skin\widgets.png
c:\program files\Windows Searchqu Toolbar\ToolBar(2)\chrome\skin\wikipedia.png
c:\program files\Windows Searchqu Toolbar\ToolBar(2)\chrome\skin\yahoosearch.png
c:\program files\Windows Searchqu Toolbar\ToolBar(2)\chrome\skin\yellow.gif
c:\program files\Windows Searchqu Toolbar\ToolBar(2)\chrome\skin\youtube.png
c:\program files\Windows Searchqu Toolbar\ToolBar(2)\chrome\skin\zoom.png
c:\program files\Windows Searchqu Toolbar\ToolBar(2)\components\windowmediator.js
c:\program files\Windows Searchqu Toolbar\ToolBar(2)\manifest.xml
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
\Legacy_TDSSSERV.SYS
.
.
((((((((((((((((((((((((( Files Created from 2011-08-04 to 2011-09-04 )))))))))))))))))))))))))))))))
.
.
2011-09-04 10:07 . 2011-09-04 13:39
d
w- c:\documents and settings\Owner.HOME-DD2F005EFC\Application Data\Sammsoft
2011-09-04 10:07 . 2011-09-04 10:07
d
w- C:\Firefox
2011-09-04 10:07 . 2011-09-04 10:09
d
w- c:\program files\Ask.com
2011-09-04 10:06 . 2011-09-04 15:27
d
w- c:\documents and settings\Owner.HOME-DD2F005EFC\Local Settings\Application Data\AskToolbar
2011-09-04 01:13 . 2011-09-04 01:13 1409 ----a-w- c:\windows\QTFont.for
2011-09-04 00:47 . 2011-09-04 00:54
d
w- c:\documents and settings\Owner.HOME-DD2F005EFC\Application Data\Search Settings
2011-09-04 00:46 . 2011-09-04 00:46
d
w- c:\windows\system32\config\systemprofile\Application Data\Application Updater
2011-09-04 00:46 . 2011-09-04 00:46
d
w- c:\program files\Application Updater
2011-09-04 00:46 . 2011-08-19 15:33 25944 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2011-09-04 00:45 . 2011-09-04 00:46
d
w- c:\program files\IObit Toolbar
2011-09-04 00:45 . 2011-09-04 00:45
d
w- c:\program files\Common Files\Spigot
2011-09-04 00:45 . 2010-11-26 17:02 14776 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2011-08-31 13:31 . 2011-09-04 13:41
d
w- c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2011-08-31 08:35 . 2011-08-31 08:35
d
w- c:\documents and settings\Owner.HOME-DD2F005EFC\Local Settings\Application Data\Threat Expert
2011-08-31 01:30 . 2011-08-31 01:30
d-sh--w- c:\documents and settings\Administrator\IETldCache
2011-08-30 19:10 . 2011-09-04 14:02
d
w- c:\documents and settings\All Users.WINDOWS\Application Data\AVAST Software
2011-08-30 19:10 . 2011-08-30 19:10
d
w- c:\program files\AVAST Software
2011-08-29 22:30 . 2011-07-06 18:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-29 22:30 . 2011-07-06 18:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-29 22:30 . 2011-08-31 00:27
d
w- c:\program files\Malwarebytes' Anti-Malware
2011-08-29 22:11 . 2011-08-29 22:11 512 ----a-w- C:\PhysicalMBR.bin
2011-08-29 22:09 . 2011-08-29 22:09
d
w- C:\_OTL
2011-08-29 21:51 . 2011-08-29 21:51
d
w- c:\documents and settings\All Users.WINDOWS\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
2011-08-29 21:41 . 2011-08-29 21:41
d
w- c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\NVIDIA Corporation
2011-08-29 12:28 . 2011-08-29 12:28
d
w- c:\documents and settings\Owner.HOME-DD2F005EFC\Application Data\Uniblue
2011-08-29 12:26 . 2011-08-29 12:26
d
w- c:\program files\Uniblue
2011-08-11 15:10 . 2011-08-12 07:25
d
w- c:\documents and settings\Owner.HOME-DD2F005EFC\Application Data\AVG
2011-08-11 14:26 . 2011-08-30 22:10
d
w- c:\documents and settings\All Users.WINDOWS\Application Data\AVG10
2011-08-11 14:26 . 2011-08-30 22:07
d
w- c:\windows\system32\drivers\AVG
2011-08-11 14:17 . 2011-08-30 22:09
d
w- c:\documents and settings\All Users.WINDOWS\Application Data\MFAData
2011-08-10 10:38 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-10 10:37 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-19 12:23 . 2011-06-01 00:02 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-15 13:29 . 2004-08-04 10:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2004-08-04 10:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10 . 2008-08-16 18:50 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36 . 2006-03-04 03:33 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36 . 2004-08-04 10:00 43520
w- c:\windows\system32\licmgr10.dll
2011-06-23 18:36 . 2004-08-04 10:00 1469440
w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05 . 2004-08-04 10:00 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2004-08-04 10:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-06-18 21:46 . 2009-08-18 10:30 564632 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\IdentityCRL\production\wlidui.dll
2011-06-18 21:45 . 2009-08-18 10:24 18328 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-06-12 22:40 . 2011-06-12 22:41 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-06-12 22:40 . 2010-05-11 07:27 472808 ----a-w- c:\windows\system32\deployJava1.dll
2007-06-25 14:10 . 2007-06-25 14:10 774144 ----a-w- c:\program files\RngInterstitial.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-08-23 20:20 1515688 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-08-23 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-08-23 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"12Voip"="c:\program files\12Voip.com\12Voip\12Voip.exe" [2011-08-17 13822248]
"Nonoh"="c:\program files\Nonoh.net\Nonoh\Nonoh.exe" [2011-08-22 13811488]
"Advanced SystemCare 4"="c:\program files\IObit\Advanced SystemCare 4\ASCTray.exe" [2011-08-09 417112]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-17 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2009-08-05 647520]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-04-10 68592]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-12-11 286720]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-27 202256]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-08-23 887976]
.
c:\documents and settings\Owner.HOME-DD2F005EFC\Start Menu\Programs\Startup\
SkypeMate.lnk - c:\program files\SkypeMate\SkypeMate.exe [2007-5-22 405504]
.
c:\documents and settings\Owner\Start Menu\Programs\Startup\
SkypeMate.lnk - c:\program files\SkypeMate\SkypeMate.exe [2007-5-22 405504]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dlbxcoms.exe"=
"c:\\Program Files\\12Voip.com\\12Voip\\12Voip.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Nonoh.net\\Nonoh\\Nonoh.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\BitTorrent\\BitTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [9/4/2011 1:45 AM 14776]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1/1/2010 9:20 PM 717296]
R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [5/29/2011 7:36 PM 328536]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [8/17/2011 1:00 PM 402328]
R2 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [9/4/2011 1:45 AM 820568]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8/29/2011 11:30 PM 366640]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8/29/2011 11:30 PM 22712]
S2 AMService;AMService;c:\windows\TEMP\voxn\setup.exe run --> c:\windows\TEMP\voxn\setup.exe run [?]
S2 gupdate1c9c340188e27a4;Google Update Service (gupdate1c9c340188e27a4);c:\program files\Google\Update\GoogleUpdate.exe [4/22/2009 12:46 PM 133104]
S3 FileMonitor;FileMonitor;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys [9/4/2011 1:45 AM 239600]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4/22/2009 12:46 PM 133104]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [8/29/2011 11:30 PM 41272]
S3 RegFilter;RegFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys [9/4/2011 1:45 AM 30368]
S3 UrlFilter;UrlFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys [9/4/2011 1:45 AM 16080]
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-04 c:\windows\Tasks\ASC4_PerformanceMonitor.job
- c:\program files\IObit\Advanced SystemCare 4\PMonitor.exe [2011-05-29 15:40]
.
2011-09-04 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-06-05 14:21]
.
2011-09-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-22 11:46]
.
2011-09-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-22 11:46]
.
2011-09-04 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-329068152-706699826-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 22:09]
.
2011-09-04 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-329068152-706699826-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 22:09]
.
2011-09-03 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]
.
2011-08-28 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]
.
2011-09-04 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2011-08-23 20:20]
.
2011-09-04 c:\windows\Tasks\SmartDefrag_Startup.job
- c:\program files\IObit\Smart Defrag 2\SmartDefrag.exe [2011-09-04 09:35]
.
2011-09-04 c:\windows\Tasks\User_Feed_Synchronization-{45E90AB1-9BDD-4C55-9282-71B5175B31F3}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 04:31]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.google.ie/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
Trusted Zone: internet
Trusted Zone: microsoft.com\update
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKU-Default-Run-KB821629.exe - c:\documents and settings\NetworkService.NT AUTHORITY\Application Data\KB821629.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-04 17:10
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: Maxtor_6L080L0 rev.BAJ41G20 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x82EB757B
user & kernel MBR OK
.
**************************************************************************
.
DLLs Loaded Under Running Processes
.
- - - - - - - > 'winlogon.exe'(736)
c:\windows\system32\WININET.dll
.
- - - - - - - > 'lsass.exe'(796)
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(2152)
c:\windows\system32\WININET.dll
c:\program files\Google\Quick Search Box\bin\1.2.1151.245\qsb.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Other Running Processes
.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Logitech\Video\FxSvr2.exe
.
**************************************************************************
.
Completion time: 2011-09-04 17:25:23 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-04 16:25
.
Pre-Run: 54,675,771,392 bytes free
Post-Run: 54,666,104,832 bytes free
.
- - End Of File - - 7280397301A2FD922E2B9ED027D55BCF0 -
perfect
open OTL, paste this in the custom scan/fixes box
c:\windows\system32\drivers\mrxsmb.sys /md5
c:\windows\system32\drivers\ndistapi.sys /md5
c:\windows\system32\drivers\rdpwd.sys /md5
click quick scan, post that log here0 -
ComboFix 11-09-01.03 - Sanja 04.09.2011 19:05:31.1.2 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.748 [GMT 2:00]
Running from: C:\Documents and Settings\Sanja\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
((((((((((((((((((((((((( Files Created from 2011-08-04 to 2011-09-04 )))))))))))))))))))))))))))))))
2011-09-03 20:16:14 . 2010-07-16 12:59:54 656320 ----a-w- C:\WINDOWS\system32\drivers\pctEFA.sys
2011-09-03 20:16:14 . 2010-07-16 12:59:54 338880 ----a-w- C:\WINDOWS\system32\drivers\pctDS.sys
2011-09-03 20:16:13 . 2011-01-17 07:10:26 251560 ----a-w- C:\WINDOWS\system32\drivers\pctgntdi.sys
2011-09-03 20:16:04 . 2010-12-10 14:57:26 160448 ----a-w- C:\WINDOWS\system32\drivers\PCTAppEvent.sys
2011-09-03 20:16:04 . 2010-12-10 11:24:12 239168 ----a-w- C:\WINDOWS\system32\drivers\PCTCore.sys
2011-09-03 20:15:57 . 2010-12-16 06:46:04 70536 ----a-w- C:\WINDOWS\system32\drivers\pctplsg.sys
2011-09-03 20:15:32 . 2011-09-04 15:08:46
d
w- C:\Program Files\PC Tools Security
2011-09-03 20:15:32 . 2011-09-03 21:37:46
d
w- C:\Program Files\Common Files\PC Tools
2011-09-03 20:15:32 . 2011-09-03 20:15:32
d
w- C:\Documents and Settings\Sanja\Application Data\PC Tools
2011-09-03 19:37:24 . 2011-09-03 20:16:00
d
w- C:\Documents and Settings\All Users\Application Data\PC Tools
2011-09-03 14:31:55 . 2011-09-03 14:31:55 512 ----a-w- C:\PhysicalMBR.bin
2011-09-03 14:05:19 . 2011-09-03 14:05:19
d
w- C:\_OTL
2011-09-03 11:54:26 . 2011-09-03 11:54:26
d
w- C:\Documents and Settings\Administrator\Application Data\IObit
2011-08-30 18:22:17 . 2011-08-30 18:22:17
d
w- C:\WINDOWS\system32\wbem\Repository
2011-08-15 10:31:09 . 2011-08-15 10:31:09 404640 ----a-w- C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2011-07-15 13:29:31 . 2010-01-28 14:45:41 456320 ----a-w- C:\WINDOWS\system32\drivers\mrxsmb.sys
2011-07-08 14:02:00 . 2010-01-28 14:45:43 10496 ----a-w- C:\WINDOWS\system32\drivers\ndistapi.sys
2011-07-06 17:52:42 . 2011-06-08 04:06:30 41272 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011-07-06 17:52:42 . 2011-06-08 04:06:28 22712 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys
2011-06-24 14:10:36 . 2010-01-28 15:05:17 139656 ----a-w- C:\WINDOWS\system32\drivers\rdpwd.sys
2011-06-23 18:36:30 . 2010-01-28 14:45:53 916480 ----a-w- C:\WINDOWS\system32\wininet.dll
2011-06-23 18:36:30 . 2010-01-28 14:45:39 43520 ----a-w- C:\WINDOWS\system32\licmgr10.dll
2011-06-23 18:36:30 . 2010-01-28 14:45:38 1469440 ----a-w- C:\WINDOWS\system32\inetcpl.cpl
2011-06-23 12:05:13 . 2010-01-28 14:45:37 385024 ----a-w- C:\WINDOWS\system32\html.iec
2011-06-20 17:44:52 . 2010-01-28 14:45:53 293376 ----a-w- C:\WINDOWS\system32\winsrv.dll
2011-09-01 16:17:08 . 2011-04-04 16:07:27 134104 ----a-w- C:\Program Files\mozilla firefox\components\browsercomps.dll<pre> C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl .exe C:\Program Files\AVG\AVG10\avgtray .exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM .exe C:\Program Files\DAEMON Tools Lite\DTLite .exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif .exe C:\Program Files\Launch Manager\LManager .exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor .exe C:\Program Files\Realtek\Audio\Drivers\AzMixerSel .exe C:\Program Files\Spybot - Search & Destroy\TeaTimer .exe C:\Program Files\Synaptics\SynTP\SynTPEnh .exe C:\Program Files\uTorrent\uTorrent .exe C:\WINDOWS\PLFSetL .exe </pre>
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-10 13:41:42 120104 ----a-w- C:\Program Files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2008-02-28 01:00:20 141848]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2008-02-28 01:00:04 166424]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2008-02-28 01:00:14 137752]
"RTHDCPL"="RTHDCPL.EXE" [2009-08-24 08:01:10 18702336]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 12:00:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 12:00:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 12:00:00 455168]
"snp2uvc"="C:\WINDOWS\system32\csnp2uvc.dll" [2009-02-16 17:32:38 196608]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 04:02:26 37296]
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 04:59:06 937920]
"AVG_TRAY"="C:\Program Files\AVG\AVG10\avgtray.exe" [2011-04-18 15:40:08 2334560]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 12:00:00 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acer VCM.lnk - C:\Program Files\Acer\Acer VCM\AcerVCM.exe [2010-1-28 708608]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 17:13:36 77824]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync\0C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3]
2010-08-10 13:10:58 2349776 ----a-w- C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG9_TRAY]
C:\PROGRA~1\AVG\AVG9\avgtray.exe [N/A]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [N/A]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"C:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8394:TCP"= 8394:TCP:League of Legends Launcher
"8394:UDP"= 8394:UDP:League of Legends Launcher
R0 AVGIDSEH;AVGIDSEH;C:\WINDOWS\system32\drivers\AVGIDSEH.sys [22.2.2011 8:13:02 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;C:\WINDOWS\system32\drivers\avgrkx86.sys [16.3.2011 16:03:20 32592]
R0 PCTCore;PCTools KDS;C:\WINDOWS\system32\drivers\PCTCore.sys [3.9.2011 22:16:04 239168]
R0 pctDS;PC Tools Data Store;C:\WINDOWS\system32\drivers\pctDS.sys [3.9.2011 22:16:14 338880]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\WINDOWS\system32\drivers\dtsoftbus01.sys [25.4.2011 1:15:56 218688]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;C:\WINDOWS\system32\drivers\l1c51x86.sys [28.1.2010 16:46:35 38912]
S1 Avgldx86;AVG AVI Loader Driver;C:\WINDOWS\system32\drivers\avgldx86.sys [7.1.2011 6:41:46 248656]
S1 mwlPSDFilter;mwlPSDFilter;C:\WINDOWS\system32\drivers\mwlPSDFilter.sys [28.1.2010 20:37:02 17840]
S1 mwlPSDNServ;mwlPSDNServ;C:\WINDOWS\system32\drivers\mwlPSDNserv.sys [28.1.2010 20:37:02 15280]
S1 mwlPSDVDisk;mwlPSDVDisk;C:\WINDOWS\system32\drivers\mwlPSDVDisk.sys [28.1.2010 20:37:02 58800]
S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv.sys [17.2.2010 20:25:48 12872]
S1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [10.5.2010 20:41:30 67656]
S2 avgwd;AVG WatchDog;C:\Program Files\AVG\AVG10\avgwdsvc.exe [8.2.2011 5:33:42 269520]
S2 gupdate;Usluga Google ažuriranje (gupdate);C:\Program Files\Google\Update\GoogleUpdate.exe [18.3.2010 0:33:01 135664]
S2 OMSI download service;Sony Ericsson OMSI download service;C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [14.4.2010 18:15:01 90112]
S2 RS_Service;Raw Socket Service;C:\Program Files\Acer\Acer VCM\RS_Service.exe [28.1.2010 20:50:19 253952]
S2 sdAuxService;PC Tools Auxiliary Service;C:\Program Files\PC Tools Security\pctsAuxs.exe [3.9.2011 22:15:36 366840]
S2 TabletServicePen;TabletServicePen;C:\WINDOWS\system32\Pen_Tablet.exe [13.5.2010 15:05:04 4497704]
S2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [28.1.2010 20:29:07 240160]
S2 VMCService;Vodafone Mobile Connect Service;C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [4.11.2008 12:39:20 14336]
S2 WTouchService;WTouch Service;C:\Program Files\WTouch\WTouchService.exe [13.5.2010 15:05:54 113448]
S3 Ambfilt;Ambfilt;C:\WINDOWS\system32\drivers\Ambfilt.sys [28.1.2010 20:09:27 1684736]
S3 gupdatem;Usluga Google ažuriranje (gupdatem);C:\Program Files\Google\Update\GoogleUpdate.exe [18.3.2010 0:33:01 135664]
S3 massfilter;ZTE Mass Storage Filter Driver;C:\WINDOWS\system32\drivers\massfilter.sys [19.3.2010 21:45:11 7680]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\system32\drivers\mbamswissarmy.sys [8.6.2011 6:06:30 41272]
S3 MWLService;MyWinLocker Service;C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe [10.9.2009 15:42:46 305448]
S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;C:\WINDOWS\system32\Drivers\RTS5121.sys --> C:\WINDOWS\system32\Drivers\RTS5121.sys [?]
S3 Rts516xIR;Realtek IR Driver;C:\WINDOWS\system32\DRIVERS\Rts516xIR.sys --> C:\WINDOWS\system32\DRIVERS\Rts516xIR.sys [?]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);C:\WINDOWS\system32\drivers\s0017bus.sys [14.4.2010 18:15:21 86824]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;C:\WINDOWS\system32\drivers\s0017mdfl.sys [14.4.2010 18:15:22 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;C:\WINDOWS\system32\drivers\s0017mdm.sys [14.4.2010 18:15:22 114600]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\drivers\s0017mgmt.sys [14.4.2010 18:15:25 108328]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);C:\WINDOWS\system32\drivers\s0017nd5.sys [14.4.2010 18:15:23 26024]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;C:\WINDOWS\system32\drivers\s0017obex.sys [14.4.2010 18:15:24 104616]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);C:\WINDOWS\system32\drivers\s0017unic.sys [14.4.2010 18:15:25 109736]
S3 wacmoumonitor;Wacom Mode Helper;C:\WINDOWS\system32\drivers\wacmoumonitor.sys [13.5.2010 15:05:07 16168]
S3 ZTEusbnet;ZTE USB-NDIS miniport;C:\WINDOWS\system32\drivers\ZTEusbnet.sys [19.3.2010 21:45:58 110080]
S3 ZTEusbvoice;ZTE VoUSB Port;C:\WINDOWS\system32\drivers\zteusbvoice.sys [19.3.2010 21:45:46 104960]
Contents of the 'Scheduled Tasks' folder
2011-09-04 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2010-03-17 22:33:01 . 2010-03-17 22:32:48]
2011-09-04 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2010-03-17 22:33:01 . 2010-03-17 22:32:48]
Supplementary Scan
uStart Page = my.daemon-search.com
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_one&r=0xph03106305l0464wu95w54024788
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
LSP: C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - C:\Documents and Settings\Sanja\Application Data\Mozilla\Firefox\Profiles\mgsiy0n3.default\
- - - - ORPHANS REMOVED - - - -
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS0 -
to hermiona
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in the quotebox below into it:RenV::
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl .exe
C:\Program Files\AVG\AVG10\avgtray .exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM .exe
C:\Program Files\DAEMON Tools Lite\DTLite .exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif .exe
C:\Program Files\Launch Manager\LManager .exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor .exe
C:\Program Files\Realtek\Audio\Drivers\AzMixerSel .exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer .exe
C:\Program Files\Synaptics\SynTP\SynTPEnh .exe
C:\Program Files\uTorrent\uTorrent .exe
C:\WINDOWS\PLFSetL .exe
Save this as CFScript.txt, in the same location as ComboFix.exe
drag CFScript into ComboFix.exe. When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.0 -
OTL logfile created on: 9/4/2011 7:31:59 PM - Run 7
OTL by OldTimer - Version 3.2.26.6 Folder = C:\Documents and Settings\Owner.HOME-DD2F005EFC\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
509.98 Mb Total Physical Memory | 69.61 Mb Available Physical Memory | 13.65% Memory free
1.22 Gb Paging File | 0.66 Gb Available in Paging File | 54.55% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.32 Gb Total Space | 51.00 Gb Free Space | 66.82% Space Free | Partition Type: NTFS
Computer Name: HOME-DD2F005EFC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/08/29 13:48:35 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Desktop\OTL.exe
PRC - [2011/08/25 10:35:18 | 001,584,472 | ---- | M] (IObit) -- C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe
PRC - [2011/08/23 21:20:18 | 000,887,976 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2011/08/22 16:32:22 | 013,811,488 | ---- | M] (Nonoh) -- C:\Program Files\Nonoh.net\Nonoh\nonoh.exe
PRC - [2011/08/17 18:32:50 | 013,822,248 | ---- | M] (12Voip) -- C:\Program Files\12Voip.com\12Voip\12voip.exe
PRC - [2011/08/17 13:00:38 | 000,402,328 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
PRC - [2011/08/09 16:56:40 | 000,417,112 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe
PRC - [2011/08/09 16:40:34 | 000,763,224 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\PMonitor.exe
PRC - [2011/08/09 16:38:38 | 000,328,536 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
PRC - [2011/07/20 12:19:46 | 000,820,568 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
PRC - [2011/07/06 19:52:38 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/03/27 09:44:19 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/04/10 16:44:08 | 000,068,592 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
PRC - [2008/09/24 14:32:48 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/22 07:36:24 | 000,405,504 | ---- | M] () -- C:\Program Files\SkypeMate\SkypeMate.exe
PRC - [2005/07/19 18:32:18 | 000,221,184 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\LVCOMSX.EXE
PRC - [2005/06/08 16:14:44 | 000,217,088 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Video\LogiTray.exe
PRC - [2005/06/08 15:44:56 | 000,192,512 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Video\FxSvr2.exe
========== Modules (No Company Name) ==========
MOD - [2011/08/20 00:30:48 | 000,103,424 | ---- | M] () -- C:\Program Files\Google\Quick Search Box\bin\1.2.1151.245\rlz.dll
MOD - [2011/08/19 16:33:28 | 000,047,960 | ---- | M] () -- C:\Program Files\IObit\Smart Defrag 2\NtfsData.dll
MOD - [2010/03/27 09:48:42 | 000,040,960 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
MOD - [2007/05/30 10:13:34 | 000,671,744 | ---- | M] () -- C:\Program Files\SkypeMate\SkypeMate.dll
MOD - [2007/05/30 07:15:46 | 000,077,824 | ---- | M] () -- C:\Program Files\SkypeMate\VistaVolume.dll
MOD - [2007/05/22 07:36:24 | 000,405,504 | ---- | M] () -- C:\Program Files\SkypeMate\SkypeMate.exe
MOD - [2004/09/14 18:49:02 | 000,073,728 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\dlbxPP5C.DLL
MOD - [2004/08/13 17:14:18 | 000,061,440 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 962\dlbxcnv4.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - File not found [Auto | Stopped] -- -- (AMService)
SRV - [2011/08/17 13:00:38 | 000,402,328 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2011/08/09 16:38:38 | 000,328,536 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe -- (AdvancedSystemCareService)
SRV - [2011/07/20 12:19:46 | 000,820,568 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)
SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2008/09/24 14:32:48 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2004/08/26 22:57:02 | 000,450,560 | ---- | M] (Dell) [On_Demand | Stopped] -- C:\WINDOWS\System32\dlbxcoms.exe -- (dlbx_device)
========== Driver Services (SafeList) ==========
DRV - [2011/07/11 14:40:46 | 000,239,600 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys -- (FileMonitor)
DRV - [2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/03/23 01:00:08 | 000,016,080 | ---- | M] (IObit.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys -- (UrlFilter)
DRV - [2011/03/23 01:00:06 | 000,030,368 | ---- | M] (IObit.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys -- (RegFilter)
DRV - [2010/11/26 18:02:52 | 000,014,776 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2010/01/01 21:20:31 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/08/05 22:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2007/06/18 20:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2005/05/27 10:32:52 | 001,317,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvcm.sys -- (QCMerced)
DRV - [2005/05/27 10:31:28 | 000,022,016 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2004/09/17 09:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/03/05 23:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2004/03/05 23:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2004/03/05 23:13:52 | 000,060,949 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2004/03/05 23:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)
DRV - [2001/08/22 08:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
Hosts file not found
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (Support.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Support.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Support.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [12Voip] C:\Program Files\12Voip.com\12Voip\12Voip.exe (12Voip)
O4 - HKCU..\Run: [Advanced SystemCare 4] C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe (IObit)
O4 - HKCU..\Run: [LogitechSoftwareUpdate] C:\Program Files\Logitech\Video\ManifestEngine.exe (Logitech Inc.)
O4 - HKCU..\Run: [Nonoh] C:\Program Files\Nonoh.net\Nonoh\Nonoh.exe (Nonoh)
O4 - Startup: C:\Documents and Settings\Owner.HOME-DD2F005EFC\Start Menu\Programs\Startup\SkypeMate.lnk = C:\Program Files\SkypeMate\SkypeMate.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([update] https in Trusted sites)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.microsoft.com/OAS/ActiveX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner.HOME-DD2F005EFC\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner.HOME-DD2F005EFC\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/06/02 12:14:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/09/04 15:15:38 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/09/04 12:19:40 | 004,194,725 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Desktop\ComboFix.exe
[2011/09/04 12:18:18 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users.WINDOWS\Documents\My Videos
[2011/09/04 12:18:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Favorites
[2011/09/04 11:07:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Application Data\Sammsoft
[2011/09/04 11:07:06 | 000,000,000 | ---D | C] -- C:\Firefox
[2011/09/04 11:07:00 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2011/09/04 11:06:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Local Settings\Application Data\AskToolbar
[2011/09/04 01:47:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\IObit Malware Fighter
[2011/09/04 01:47:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Application Data\Search Settings
[2011/09/04 01:46:10 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
[2011/09/04 01:45:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot
[2011/09/04 01:45:57 | 000,000,000 | ---D | C] -- C:\Program Files\IObit Toolbar
[2011/09/04 01:44:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Smart Defrag 2
[2011/08/31 14:31:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
[2011/08/31 09:35:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Local Settings\Application Data\Threat Expert
[2011/08/31 01:54:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\My Documents\downloads
[2011/08/30 20:10:00 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/08/30 20:10:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\AVAST Software
[2011/08/29 23:30:40 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/08/29 23:30:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/08/29 23:30:32 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/08/29 23:30:30 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/08/29 23:26:21 | 009,466,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Desktop\mbam-setup-1.51.1.1800.exe
[2011/08/29 23:09:47 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/08/29 22:51:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
[2011/08/29 13:48:26 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Desktop\OTL.exe
[2011/08/29 13:28:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Application Data\Uniblue
[2011/08/29 13:26:57 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2011/08/11 16:10:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Application Data\AVG
[2011/08/11 16:08:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\AVG PC Tuneup 2011
[2011/08/11 15:33:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Application Data\AVG10
[2011/08/11 15:26:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\AVG10
[2011/08/11 15:26:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2011/08/11 15:17:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\MFAData
[2011/01/15 14:05:32 | 011,261,896 | ---- | C] (http://www.ojosoft.com ) -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Local Settings\Application Data\total-video-converter.exe
[2007/06/25 15:10:15 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
========== Files - Modified Within 30 Days ==========
[2011/09/04 19:15:42 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/09/04 19:15:26 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/04 19:15:26 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-329068152-706699826-725345543-1003.job
[2011/09/04 19:15:25 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag_Startup.job
[2011/09/04 19:15:25 | 000,000,270 | ---- | M] () -- C:\WINDOWS\tasks\ASC4_PerformanceMonitor.job
[2011/09/04 19:15:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/04 19:09:06 | 000,000,234 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/09/04 18:59:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/04 18:06:45 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{45E90AB1-9BDD-4C55-9282-71B5175B31F3}.job
[2011/09/04 16:27:44 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-329068152-706699826-725345543-1003.job
[2011/09/04 15:14:13 | 004,194,725 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Desktop\ComboFix.exe
[2011/09/04 15:01:51 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/09/04 02:13:59 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2011/09/04 02:13:58 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2011/09/04 01:47:32 | 000,000,826 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\IObit Malware Fighter.lnk
[2011/09/04 01:45:09 | 000,000,841 | ---- | M] () -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Application Data\Microsoft\Internet Explorer\Quick Launch\Smart Defrag 2.lnk
[2011/09/04 01:45:06 | 000,000,823 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Smart Defrag 2.lnk
[2011/09/04 01:39:28 | 000,000,896 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Quick Care.lnk
[2011/09/04 01:39:27 | 000,000,874 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Advanced SystemCare 4.lnk
[2011/09/03 17:00:00 | 000,000,390 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2011/08/31 22:38:38 | 000,000,568 | ---- | M] () -- C:\WINDOWS\dellstat.ini
[2011/08/31 01:25:47 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/29 23:26:39 | 009,466,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Desktop\mbam-setup-1.51.1.1800.exe
[2011/08/29 23:11:33 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2011/08/29 13:48:35 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Desktop\OTL.exe
[2011/08/28 09:14:04 | 000,000,372 | ---- | M] () -- C:\WINDOWS\tasks\RegCure.job
[2011/08/19 16:33:26 | 000,025,944 | ---- | M] () -- C:\WINDOWS\System32\SmartDefragBootTime.exe
[2011/08/11 16:08:32 | 000,000,830 | ---- | M] () -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Desktop\AVG PC Tuneup 2011.lnk
[2011/08/11 08:20:44 | 000,463,826 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/08/11 08:20:44 | 000,080,750 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/08/11 08:11:44 | 000,000,127 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
========== Files Created - No Company Name ==========
[2011/09/04 15:15:38 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/09/04 15:15:38 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/09/04 11:09:15 | 000,000,234 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/09/04 02:13:59 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2011/09/04 02:13:58 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2011/09/04 01:55:27 | 000,000,280 | ---- | C] () -- C:\WINDOWS\tasks\SmartDefrag_Startup.job
[2011/09/04 01:47:32 | 000,000,826 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\IObit Malware Fighter.lnk
[2011/09/04 01:46:00 | 000,025,944 | ---- | C] () -- C:\WINDOWS\System32\SmartDefragBootTime.exe
[2011/09/04 01:45:42 | 000,014,776 | ---- | C] () -- C:\WINDOWS\System32\drivers\SmartDefragDriver.sys
[2011/09/04 01:45:09 | 000,000,841 | ---- | C] () -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Application Data\Microsoft\Internet Explorer\Quick Launch\Smart Defrag 2.lnk
[2011/09/04 01:45:06 | 000,000,823 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Smart Defrag 2.lnk
[2011/08/29 23:30:44 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/29 23:11:33 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2011/08/11 16:19:26 | 000,000,278 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-329068152-706699826-725345543-1003.job
[2011/08/11 16:08:32 | 000,000,830 | ---- | C] () -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Desktop\AVG PC Tuneup 2011.lnk
[2011/06/20 08:16:39 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2011/04/25 12:17:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ViewNX.INI
[2011/04/24 13:17:33 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Hybrid Basic
[2011/04/24 13:17:33 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Application Data\Home
[2011/04/24 13:17:33 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PKP_DLdw.DAT
[2011/04/24 13:17:33 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Images
[2011/04/24 13:14:09 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Horn Section
[2011/04/24 13:14:09 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Application Data\Helper Scripts
[2011/04/24 13:14:09 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PKP_DLdu.DAT
[2011/04/24 13:14:09 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Icons
[2011/01/14 15:31:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/03/04 00:47:07 | 000,000,021 | ---- | C] () -- C:\WINDOWS\FxSetDll.INI
[2009/12/30 22:04:32 | 000,000,121 | ---- | C] () -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Application Data\default.rss
[2009/11/23 14:48:50 | 000,005,184 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\N360BUOptions.ini
[2009/09/22 22:23:30 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/02/19 09:42:00 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\InstMed.exe
[2009/02/19 09:41:05 | 000,009,255 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/02/19 09:41:03 | 001,317,152 | ---- | C] () -- C:\WINDOWS\System32\drivers\lvcm.sys
[2009/01/12 01:54:22 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\tvqenc.dll
[2009/01/12 01:54:22 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\mp3dec.dll
[2009/01/12 01:54:21 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\tvqdec.dll
[2008/12/03 20:53:32 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2008/12/03 20:53:32 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2008/12/03 20:53:31 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2008/10/19 16:42:10 | 000,004,767 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2008/08/18 15:15:46 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/08/17 11:24:32 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/08/17 01:45:03 | 000,000,568 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2008/08/16 22:45:03 | 000,014,848 | ---- | C] () -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/08/16 20:41:23 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/08/16 20:39:28 | 000,287,704 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/08/16 19:59:02 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/08/16 19:51:53 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/08/14 11:17:31 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\dlbxins.dll
[2008/08/14 11:17:31 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\dlbxinsr.dll
[2008/08/14 11:17:31 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbxvs.dll
[2008/08/14 11:17:27 | 000,397,312 | ---- | C] () -- C:\WINDOWS\System32\dlbxutil.dll
[2008/08/14 11:17:27 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\dlbxcu.dll
[2008/08/14 11:17:27 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\dlbxcur.dll
[2008/08/14 11:17:24 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlbxinsb.dll
[2008/08/14 11:17:24 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\dlbxcub.dll
[2008/08/14 11:17:23 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\dlbxjswr.dll
[2005/03/22 19:48:43 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/22 19:48:43 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 11:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 11:00:00 | 000,463,826 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 11:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 11:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 11:00:00 | 000,080,750 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 11:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 11:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 11:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 11:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 11:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
========== LOP Check ==========
[2011/09/04 15:02:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\AVAST Software
[2011/08/30 23:10:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\AVG10
[2011/08/11 15:09:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg9
[2010/11/03 23:32:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Bandoo
[2011/03/14 16:49:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Common Files
[2009/11/09 17:39:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Downloaded Installations
[2011/02/03 20:00:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\DriverCure
[2011/04/24 13:17:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\EnterNHelp
[2011/01/05 00:00:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Fighters
[2011/04/22 17:39:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\FileServe Limited
[2011/05/28 15:29:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\IObit
[2009/06/13 21:49:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Messenger Plus!
[2011/08/30 23:09:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\MFAData
[2011/04/24 13:15:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Nikon
[2011/08/31 14:20:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\ParetoLogic
[2011/02/03 18:18:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\RegCure
[2011/09/04 02:05:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
[2011/04/24 13:17:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Ultima_T15
[2011/04/15 23:23:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\WinZip
[2008/12/06 01:05:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2011/08/29 22:51:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
[2011/09/04 12:06:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Application Data\12Voip
[2011/08/12 08:25:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Application Data\AVG
[2011/08/11 15:33:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Application Data\AVG10
[2009/11/28 12:50:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Application Data\AVG9
[2011/05/28 14:20:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Application Data\BitTorrent
[2008/12/06 00:55:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/02/03 18:07:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Application Data\DriverCure
[2010/05/11 16:42:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Application Data\EdAlive
[2010/03/04 01:35:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Application Data\Facebook
[2010/11/11 11:43:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Application Data\Fighters
[2010/07/10 12:43:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Application Data\FUJIFILM
[2011/05/29 18:54:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Application Data\Fytife
[2010/07/13 23:54:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Application Data\ImgBurn
[2011/09/04 09:54:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Application Data\IObit
[2011/05/27 17:00:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Application Data\Ivkyit
[2011/05/28 15:57:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Application Data\Mikyc
[2009/01/02 18:32:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Application Data\MSNInstaller
[2011/04/25 12:10:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Application Data\Nikon
[2011/09/04 19:20:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Application Data\Nonoh
[2011/02/03 10:22:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Application Data\ParetoLogic
[2011/09/04 14:39:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Application Data\Sammsoft
[2011/09/04 01:54:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Application Data\Search Settings
[2011/08/29 13:28:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Application Data\Uniblue
[2011/09/04 10:51:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Application Data\uTorrent
[2010/01/27 15:36:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-DD2F005EFC\Application Data\VoipZoom
[2011/09/04 19:15:25 | 000,000,270 | ---- | M] () -- C:\WINDOWS\Tasks\ASC4_PerformanceMonitor.job
[2011/09/03 17:00:00 | 000,000,390 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure Program Check.job
[2011/08/28 09:14:04 | 000,000,372 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure.job
[2011/09/04 19:09:06 | 000,000,234 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
[2011/09/04 19:15:25 | 000,000,280 | ---- | M] () -- C:\WINDOWS\Tasks\SmartDefrag_Startup.job
[2011/09/04 18:06:45 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{45E90AB1-9BDD-4C55-9282-71B5175B31F3}.job
========== Purity Check ==========
========== Custom Scans ==========
< c:\windows\system32\drivers\mrxsmb.sys /md5 >
[2011/07/15 14:29:31 | 000,456,320 | ---- | M] (Microsoft Corporation) MD5=7D304A5EB4344EBEEAB53A2FE3FFB9F0 -- c:\windows\system32\drivers\mrxsmb.sys
< c:\windows\system32\drivers\ndistapi.sys /md5 >
[2011/07/08 15:02:00 | 000,010,496 | ---- | M] (Microsoft Corporation) MD5=0109C4F3850DFBAB279542515386AE22 -- c:\windows\system32\drivers\ndistapi.sys
< c:\windows\system32\drivers\rdpwd.sys /md5 >
[2011/06/24 15:10:36 | 000,139,656 | ---- | M] (Microsoft Corporation) MD5=FC105DD312ED64EB66BFF111E8EC6EAC -- c:\windows\system32\drivers\rdpwd.sys
< >
========== Alternate Data Streams ==========
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:483AC68A
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:B63300D1
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:BD27B7FC
< End of report >0 -
Advertisement
-
are you having any problems with the PC now zoran ?0
-
Malwarebytes anti-malware is showing pop up : Successfully blocked access to a malicious website 83.133.127.85 Type outgoing,and when i have check quarantine there is : trojan.agent btmgen. do u want me to scan malwarebytes anti malware to show , my computer is working same as before but just that pop up make me mad,do u think that i should reinstall the windows0
-
zoran update mbam run a quick scan post that log here
I wouldn't reinstall windows myself, sounds like a false positive0 -
every time i have to restart computer to complitely remove virus,and when i do that same thing pop up again.
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org
Database version: 7651
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
9/4/2011 9:37:50 PM
mbam-log-2011-09-04 (21-37-50).txt
Scan type: Quick scan
Objects scanned: 232268
Time elapsed: 6 minute(s), 44 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
c:\WINDOWS\Temp\conhost.exe (Trojan.Agent.BTMGen) -> 3056 -> Unloaded process successfully.
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\WINDOWS\Temp\conhost.exe (Trojan.Agent.BTMGen) -> Quarantined and deleted successfully.0 -
download and run TDSSKiller
http://support.kaspersky.com/faq/?qid=208280684
post the log it gives you, its in C:\0 -
2011/09/04 22:41:57.0390 0428 TDSS rootkit removing tool 2.5.17.0 Aug 22 2011 15:46:57
2011/09/04 22:41:57.0593 0428 ================================================================================
2011/09/04 22:41:57.0593 0428 SystemInfo:
2011/09/04 22:41:57.0593 0428
2011/09/04 22:41:57.0593 0428 OS Version: 5.1.2600 ServicePack: 3.0
2011/09/04 22:41:57.0593 0428 Product type: Workstation
2011/09/04 22:41:57.0593 0428 ComputerName: HOME-DD2F005EFC
2011/09/04 22:41:57.0593 0428 UserName: Owner
2011/09/04 22:41:57.0593 0428 Windows directory: C:\WINDOWS
2011/09/04 22:41:57.0593 0428 System windows directory: C:\WINDOWS
2011/09/04 22:41:57.0593 0428 Processor architecture: Intel x86
2011/09/04 22:41:57.0593 0428 Number of processors: 1
2011/09/04 22:41:57.0593 0428 Page size: 0x1000
2011/09/04 22:41:57.0593 0428 Boot type: Normal boot
2011/09/04 22:41:57.0593 0428 ================================================================================
2011/09/04 22:42:06.0468 0428 Initialize success
2011/09/04 22:42:22.0062 1984 ================================================================================
2011/09/04 22:42:22.0062 1984 Scan started
2011/09/04 22:42:22.0062 1984 Mode: Manual;
2011/09/04 22:42:22.0062 1984 ================================================================================
2011/09/04 22:42:23.0531 1984 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/09/04 22:42:23.0656 1984 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/09/04 22:42:23.0906 1984 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/09/04 22:42:24.0031 1984 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/09/04 22:42:24.0843 1984 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/09/04 22:42:24.0968 1984 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/09/04 22:42:25.0156 1984 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/09/04 22:42:25.0281 1984 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/09/04 22:42:25.0406 1984 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/09/04 22:42:25.0562 1984 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/09/04 22:42:25.0671 1984 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/09/04 22:42:25.0859 1984 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/09/04 22:42:25.0984 1984 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/09/04 22:42:26.0093 1984 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/09/04 22:42:26.0203 1984 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
2011/09/04 22:42:26.0687 1984 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/09/04 22:42:26.0843 1984 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/09/04 22:42:27.0031 1984 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/09/04 22:42:27.0156 1984 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/09/04 22:42:27.0281 1984 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/09/04 22:42:27.0500 1984 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/09/04 22:42:27.0625 1984 E100B (ac9cf17ee2ae003c98eb4f5336c38058) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/09/04 22:42:27.0781 1984 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/09/04 22:42:27.0968 1984 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/09/04 22:42:28.0093 1984 FileMonitor (c21fc36d3cd28c2726fee10d397216c7) C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys
2011/09/04 22:42:28.0250 1984 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/09/04 22:42:28.0359 1984 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/09/04 22:42:28.0484 1984 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/09/04 22:42:28.0609 1984 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
2011/09/04 22:42:28.0734 1984 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/09/04 22:42:28.0859 1984 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/09/04 22:42:28.0953 1984 GEARAspiWDM (ab8a6a87d9d7255c3884d5b9541a6e80) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2011/09/04 22:42:29.0078 1984 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/09/04 22:42:29.0234 1984 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/09/04 22:42:29.0437 1984 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/09/04 22:42:29.0734 1984 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/09/04 22:42:29.0890 1984 ialm (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/09/04 22:42:30.0093 1984 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/09/04 22:42:30.0328 1984 IntelC51 (7509c548400f4c9e0211e3f6e66abbe6) C:\WINDOWS\system32\DRIVERS\IntelC51.sys
2011/09/04 22:42:30.0453 1984 IntelC52 (9584ffdd41d37f2c239681d0dac2513e) C:\WINDOWS\system32\DRIVERS\IntelC52.sys
2011/09/04 22:42:30.0562 1984 IntelC53 (de2686c0e012e6ae24acd6e79eb7ff5d) C:\WINDOWS\system32\DRIVERS\IntelC53.sys
2011/09/04 22:42:30.0671 1984 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/09/04 22:42:30.0781 1984 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/09/04 22:42:30.0921 1984 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/09/04 22:42:31.0078 1984 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/09/04 22:42:31.0187 1984 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/09/04 22:42:31.0312 1984 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/09/04 22:42:31.0421 1984 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/09/04 22:42:31.0546 1984 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/09/04 22:42:31.0656 1984 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/09/04 22:42:31.0781 1984 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/09/04 22:42:31.0906 1984 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/09/04 22:42:32.0031 1984 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/09/04 22:42:32.0265 1984 LVUSBSta (c5efbd05a5195402121711a6ebbb271f) C:\WINDOWS\system32\drivers\lvusbsta.sys
2011/09/04 22:42:32.0359 1984 MBAMProtector (eca00eed9ab95489007b0ef84c7149de) C:\WINDOWS\system32\drivers\mbam.sys
2011/09/04 22:42:32.0515 1984 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/09/04 22:42:32.0625 1984 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/09/04 22:42:32.0750 1984 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2011/09/04 22:42:32.0843 1984 mohfilt (59b8b11ff70728eec60e72131c58b716) C:\WINDOWS\system32\DRIVERS\mohfilt.sys
2011/09/04 22:42:32.0984 1984 motmodem (fe80c18ba448ddd76b7bead9eb203d37) C:\WINDOWS\system32\DRIVERS\motmodem.sys
2011/09/04 22:42:33.0078 1984 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/09/04 22:42:33.0203 1984 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/09/04 22:42:33.0312 1984 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/09/04 22:42:33.0515 1984 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/09/04 22:42:33.0640 1984 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/09/04 22:42:33.0781 1984 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/09/04 22:42:33.0921 1984 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/09/04 22:42:34.0031 1984 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/09/04 22:42:34.0156 1984 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/09/04 22:42:34.0265 1984 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/09/04 22:42:34.0375 1984 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/09/04 22:42:34.0484 1984 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/09/04 22:42:34.0593 1984 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/09/04 22:42:34.0718 1984 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/09/04 22:42:34.0843 1984 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/09/04 22:42:34.0968 1984 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/09/04 22:42:35.0062 1984 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/09/04 22:42:35.0187 1984 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/09/04 22:42:35.0296 1984 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/09/04 22:42:35.0437 1984 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/09/04 22:42:35.0562 1984 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/09/04 22:42:35.0718 1984 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/09/04 22:42:35.0843 1984 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/09/04 22:42:36.0031 1984 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/09/04 22:42:36.0140 1984 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/09/04 22:42:36.0250 1984 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/09/04 22:42:36.0359 1984 OMCI (cec7e2c6c1fa00c7ab2f5434f848ae51) C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
2011/09/04 22:42:36.0453 1984 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/09/04 22:42:36.0562 1984 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/09/04 22:42:36.0671 1984 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/09/04 22:42:36.0796 1984 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/09/04 22:42:37.0015 1984 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
2011/09/04 22:42:37.0125 1984 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/09/04 22:42:37.0750 1984 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/09/04 22:42:37.0875 1984 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/09/04 22:42:38.0000 1984 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/09/04 22:42:38.0109 1984 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/09/04 22:42:38.0234 1984 QCMerced (9a155d31b8e52f41b258282092cc93a7) C:\WINDOWS\system32\DRIVERS\LVCM.sys
2011/09/04 22:42:38.0750 1984 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/09/04 22:42:38.0875 1984 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/09/04 22:42:38.0984 1984 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/09/04 22:42:39.0109 1984 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/09/04 22:42:39.0234 1984 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/09/04 22:42:39.0343 1984 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/09/04 22:42:39.0468 1984 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/09/04 22:42:39.0578 1984 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/09/04 22:42:39.0718 1984 RegFilter (3bc05ec17f0a2bf4f141cb3d3390515e) C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\regfilter.sys
2011/09/04 22:42:39.0906 1984 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/09/04 22:42:40.0015 1984 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
2011/09/04 22:42:40.0156 1984 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/09/04 22:42:40.0250 1984 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/09/04 22:42:40.0375 1984 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/09/04 22:42:40.0578 1984 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/09/04 22:42:40.0703 1984 SmartDefragDriver (14bb60a4f1c5291217a05d5728c403e6) C:\WINDOWS\system32\Drivers\SmartDefragDriver.sys
2011/09/04 22:42:40.0812 1984 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys
2011/09/04 22:42:41.0015 1984 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/09/04 22:42:41.0140 1984 sptd (71e276f6d189413266ea22171806597b) C:\WINDOWS\system32\Drivers\sptd.sys
2011/09/04 22:42:41.0140 1984 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b
2011/09/04 22:42:41.0156 1984 sptd - detected LockedFile.Multi.Generic (1)
2011/09/04 22:42:41.0265 1984 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/09/04 22:42:41.0406 1984 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/09/04 22:42:41.0562 1984 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
2011/09/04 22:42:41.0671 1984 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/09/04 22:42:41.0781 1984 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/09/04 22:42:41.0890 1984 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/09/04 22:42:42.0484 1984 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/09/04 22:42:42.0796 1984 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/09/04 22:42:42.0953 1984 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/09/04 22:42:43.0078 1984 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/09/04 22:42:43.0187 1984 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/09/04 22:42:43.0390 1984 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/09/04 22:42:43.0609 1984 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/09/04 22:42:43.0781 1984 UrlFilter (6a65cd6761337d339001959232233f0d) C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\UrlFilter.sys
2011/09/04 22:42:43.0921 1984 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/09/04 22:42:44.0015 1984 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/09/04 22:42:44.0125 1984 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/09/04 22:42:44.0234 1984 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/09/04 22:42:44.0359 1984 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/09/04 22:42:44.0468 1984 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/09/04 22:42:44.0578 1984 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/09/04 22:42:44.0687 1984 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/09/04 22:42:44.0796 1984 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/09/04 22:42:45.0015 1984 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/09/04 22:42:45.0156 1984 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/09/04 22:42:45.0265 1984 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/09/04 22:42:45.0468 1984 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/09/04 22:42:45.0656 1984 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/09/04 22:42:45.0781 1984 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/09/04 22:42:46.0000 1984 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/09/04 22:42:46.0140 1984 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/09/04 22:42:46.0234 1984 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/09/04 22:42:46.0312 1984 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/09/04 22:42:46.0421 1984 Boot (0x1200) (18e14e413e540cc21efed9cbfc06af88) \Device\Harddisk0\DR0\Partition0
2011/09/04 22:42:46.0437 1984 ================================================================================
2011/09/04 22:42:46.0437 1984 Scan finished
2011/09/04 22:42:46.0437 1984 ================================================================================
2011/09/04 22:42:46.0468 3452 Detected object count: 1
2011/09/04 22:42:46.0468 3452 Actual detected object count: 1
2011/09/04 22:42:57.0781 3452 LockedFile.Multi.Generic(sptd) - User select action: Skip
2011/09/04 22:43:06.0875 0428 ================================================================================
2011/09/04 22:43:06.0875 0428 Scan started
2011/09/04 22:43:06.0875 0428 Mode: Manual;
2011/09/04 22:43:06.0875 0428 ================================================================================
2011/09/04 22:43:07.0250 0428 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/09/04 22:43:07.0375 0428 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/09/04 22:43:07.0578 0428 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/09/04 22:43:07.0703 0428 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/09/04 22:43:08.0390 0428 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/09/04 22:43:08.0500 0428 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/09/04 22:43:08.0703 0428 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/09/04 22:43:08.0812 0428 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/09/04 22:43:08.0968 0428 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/09/04 22:43:09.0109 0428 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/09/04 22:43:09.0218 0428 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/09/04 22:43:09.0406 0428 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/09/04 22:43:09.0515 0428 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/09/04 22:43:09.0640 0428 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/09/04 22:43:09.0750 0428 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
2011/09/04 22:43:10.0281 0428 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/09/04 22:43:10.0437 0428 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/09/04 22:43:10.0562 0428 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/09/04 22:43:10.0671 0428 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/09/04 22:43:10.0781 0428 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/09/04 22:43:11.0000 0428 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/09/04 22:43:11.0125 0428 E100B (ac9cf17ee2ae003c98eb4f5336c38058) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/09/04 22:43:11.0265 0428 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/09/04 22:43:11.0390 0428 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/09/04 22:43:11.0531 0428 FileMonitor (c21fc36d3cd28c2726fee10d397216c7) C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys
2011/09/04 22:43:11.0656 0428 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/09/04 22:43:11.0765 0428 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/09/04 22:43:11.0875 0428 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/09/04 22:43:12.0000 0428 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
2011/09/04 22:43:12.0109 0428 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/09/04 22:43:12.0218 0428 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/09/04 22:43:12.0312 0428 GEARAspiWDM (ab8a6a87d9d7255c3884d5b9541a6e80) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2011/09/04 22:43:12.0421 0428 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/09/04 22:43:12.0578 0428 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/09/04 22:43:12.0781 0428 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/09/04 22:43:13.0031 0428 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/09/04 22:43:13.0171 0428 ialm (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/09/04 22:43:13.0296 0428 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/09/04 22:43:13.0531 0428 IntelC51 (7509c548400f4c9e0211e3f6e66abbe6) C:\WINDOWS\system32\DRIVERS\IntelC51.sys
2011/09/04 22:43:13.0640 0428 IntelC52 (9584ffdd41d37f2c239681d0dac2513e) C:\WINDOWS\system32\DRIVERS\IntelC52.sys
2011/09/04 22:43:13.0750 0428 IntelC53 (de2686c0e012e6ae24acd6e79eb7ff5d) C:\WINDOWS\system32\DRIVERS\IntelC53.sys
2011/09/04 22:43:13.0859 0428 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/09/04 22:43:13.0968 0428 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/09/04 22:43:14.0078 0428 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/09/04 22:43:14.0187 0428 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/09/04 22:43:14.0296 0428 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/09/04 22:43:14.0421 0428 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/09/04 22:43:14.0531 0428 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/09/04 22:43:14.0640 0428 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/09/04 22:43:14.0765 0428 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/09/04 22:43:14.0890 0428 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/09/04 22:43:15.0000 0428 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/09/04 22:43:15.0109 0428 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/09/04 22:43:15.0296 0428 LVUSBSta (c5efbd05a5195402121711a6ebbb271f) C:\WINDOWS\system32\drivers\lvusbsta.sys
2011/09/04 22:43:15.0390 0428 MBAMProtector (eca00eed9ab95489007b0ef84c7149de) C:\WINDOWS\system32\drivers\mbam.sys
2011/09/04 22:43:15.0515 0428 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/09/04 22:43:15.0625 0428 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/09/04 22:43:15.0734 0428 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2011/09/04 22:43:15.0828 0428 mohfilt (59b8b11ff70728eec60e72131c58b716) C:\WINDOWS\system32\DRIVERS\mohfilt.sys
2011/09/04 22:43:15.0953 0428 motmodem (fe80c18ba448ddd76b7bead9eb203d37) C:\WINDOWS\system32\DRIVERS\motmodem.sys
2011/09/04 22:43:16.0062 0428 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/09/04 22:43:16.0171 0428 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/09/04 22:43:16.0296 0428 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/09/04 22:43:16.0484 0428 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/09/04 22:43:16.0593 0428 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/09/04 22:43:16.0718 0428 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/09/04 22:43:16.0843 0428 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/09/04 22:43:16.0968 0428 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/09/04 22:43:17.0093 0428 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/09/04 22:43:17.0203 0428 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/09/04 22:43:17.0312 0428 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/09/04 22:43:17.0421 0428 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/09/04 22:43:17.0531 0428 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/09/04 22:43:17.0656 0428 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/09/04 22:43:17.0765 0428 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/09/04 22:43:17.0875 0428 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/09/04 22:43:18.0000 0428 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/09/04 22:43:18.0109 0428 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/09/04 22:43:18.0234 0428 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/09/04 22:43:18.0343 0428 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/09/04 22:43:18.0468 0428 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/09/04 22:43:18.0625 0428 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/09/04 22:43:18.0750 0428 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/09/04 22:43:18.0890 0428 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/09/04 22:43:19.0000 0428 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/09/04 22:43:19.0109 0428 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/09/04 22:43:19.0218 0428 OMCI (cec7e2c6c1fa00c7ab2f5434f848ae51) C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
2011/09/04 22:43:19.0312 0428 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/09/04 22:43:19.0437 0428 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/09/04 22:43:19.0546 0428 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/09/04 22:43:19.0671 0428 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/09/04 22:43:19.0859 0428 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
2011/09/04 22:43:19.0984 0428 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/09/04 22:43:20.0593 0428 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/09/04 22:43:20.0703 0428 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/09/04 22:43:20.0812 0428 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/09/04 22:43:20.0921 0428 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/09/04 22:43:21.0046 0428 QCMerced (9a155d31b8e52f41b258282092cc93a7) C:\WINDOWS\system32\DRIVERS\LVCM.sys
2011/09/04 22:43:21.0515 0428 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/09/04 22:43:21.0656 0428 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/09/04 22:43:21.0781 0428 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/09/04 22:43:21.0906 0428 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/09/04 22:43:22.0015 0428 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/09/04 22:43:22.0125 0428 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/09/04 22:43:22.0265 0428 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/09/04 22:43:22.0375 0428 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/09/04 22:43:22.0515 0428 RegFilter (3bc05ec17f0a2bf4f141cb3d3390515e) C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\regfilter.sys
2011/09/04 22:43:22.0687 0428 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/09/04 22:43:22.0812 0428 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
2011/09/04 22:43:23.0000 0428 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/09/04 22:43:23.0093 0428 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/09/04 22:43:23.0218 0428 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/09/04 22:43:23.0406 0428 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/09/04 22:43:23.0546 0428 SmartDefragDriver (14bb60a4f1c5291217a05d5728c403e6) C:\WINDOWS\system32\Drivers\SmartDefragDriver.sys
2011/09/04 22:43:23.0671 0428 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys
2011/09/04 22:43:23.0843 0428 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/09/04 22:43:24.0000 0428 sptd (71e276f6d189413266ea22171806597b) C:\WINDOWS\system32\Drivers\sptd.sys
2011/09/04 22:43:24.0000 0428 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b
2011/09/04 22:43:24.0015 0428 sptd - detected LockedFile.Multi.Generic (1)
2011/09/04 22:43:24.0125 0428 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/09/04 22:43:24.0250 0428 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/09/04 22:43:24.0359 0428 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
2011/09/04 22:43:24.0484 0428 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/09/04 22:43:24.0593 0428 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/09/04 22:43:24.0703 0428 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/09/04 22:43:25.0296 0428 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/09/04 22:43:25.0437 0428 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/09/04 22:43:25.0546 0428 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/09/04 22:43:25.0656 0428 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/09/04 22:43:25.0781 0428 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/09/04 22:43:26.0015 0428 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/09/04 22:43:26.0203 0428 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/09/04 22:43:26.0359 0428 UrlFilter (6a65cd6761337d339001959232233f0d) C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\UrlFilter.sys
2011/09/04 22:43:26.0484 0428 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/09/04 22:43:26.0593 0428 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/09/04 22:43:26.0703 0428 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/09/04 22:43:26.0812 0428 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/09/04 22:43:26.0937 0428 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/09/04 22:43:27.0046 0428 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/09/04 22:43:27.0156 0428 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/09/04 22:43:27.0265 0428 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/09/04 22:43:27.0359 0428 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/09/04 22:43:27.0546 0428 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/09/04 22:43:27.0671 0428 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/09/04 22:43:27.0796 0428 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/09/04 22:43:28.0000 0428 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/09/04 22:43:28.0171 0428 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/09/04 22:43:28.0265 0428 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/09/04 22:43:28.0390 0428 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/09/04 22:43:28.0500 0428 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/09/04 22:43:28.0609 0428 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/09/04 22:43:28.0671 0428 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/09/04 22:43:28.0796 0428 Boot (0x1200) (18e14e413e540cc21efed9cbfc06af88) \Device\Harddisk0\DR0\Partition0
2011/09/04 22:43:28.0812 0428 ================================================================================
2011/09/04 22:43:28.0812 0428 Scan finished
2011/09/04 22:43:28.0812 0428 ================================================================================
2011/09/04 22:43:28.0843 3580 Detected object count: 1
2011/09/04 22:43:28.0843 3580 Actual detected object count: 1
2011/09/04 22:43:38.0875 3580 HKLM\SYSTEM\ControlSet001\services\sptd - will be deleted after reboot
2011/09/04 22:43:38.0875 3580 HKLM\SYSTEM\ControlSet002\services\sptd - will be deleted after reboot
2011/09/04 22:43:38.0890 3580 C:\WINDOWS\system32\Drivers\sptd.sys - will be deleted after reboot
2011/09/04 22:43:38.0890 3580 LockedFile.Multi.Generic(sptd) - User select action: Delete0 -
download aswMBR.exe
http://public.avast.com/~gmerek/aswMBR.htm
Double click the aswMBR.exe to run it
Click the [Scan] button to start scan
On completion of the scan click [Save log], save it to your desktop and post in your next reply0 -
Looks like that i have my problem sorted . Between mban and http://support.kaspersky.com/faq/?qid=208280684 wich i have scaned in normal and safe mode few times,last mban scan did not show any virus and mban pop up stops. Thank you for your patience,i will recomend this site to all my friends0
-
ASJ112 / All
So anyway, i got the PC back from the shop today, any suggestions about what to put on it to stop this happening again, The fella in the shop siad to get something that can scans websites(no idea what he's on about). I can get McAfee free in work but i'm not sure if its worth a pi*s. Should i put that malware one on it?
anyway thanks for any suggetions!0 -
Advertisement
-
install
http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html
and for an anti-virus use
http://www.avast.com/en-eu/free-antivirus-download
and use a browser like SRWare Iron
http://www.srware.net/en/software_srware_iron.php0
Advertisement