Browser Hijacker: Click GiftLoad- trouble removing it.

M

Melinda

New member
Hi,

My computer is running very slow- svc host is running hot, plus I have a browser hijacker.

Its my own fault. At home Im working on an ancient computer which I attempted to install Adobe Acrobat from CD (authentic from work) but half the serial number on the cover was missing. I foolishly went looking for a keygenerator. This may have been the source of the problem.

Maybe one in every three searches gets redirected to Google, to ebay or some other search engines.

I already had McAfee and Malaware Removal on the computer - ran them both several times after updating, but neither spotted the browser hijacker.

I cleared cookies and cache files with CCleaner.

I downloaded and ran Spybot SD- it identified but failed to remove Click Giftload. SpybotSD.exe now refuses to run saying that 'Framedyn.dll is missing. I should re-install. Yet it worked yesterday!

After reading your forum, I read the 'Before you post' thread, and now realise I shouldnt have used those tools at all.

As per your instructions I attempted to generate a DDS Log. Ive tried three times to get to DDS.scr, and Chrome repeatedly tells me the page is not available. Im going to keep trying.

I have Process Explorer and here is a screen print of what is running atm.
SVChost is going crazy.

 
I should add that I have downloaded and run the ERUNT tool.

Ive avoided signing into anything sensitive like bill /bank payments, but is it ok that I continue to sign into email? I cant avoid doing that during the week.

Is it too late to back up work documents to CDs?
 
Hi,

Do you have other system handy? If so, please try to download the tool with that.
 
Hi, Im sorry its taken a day or so to get back here but Ive been tearing my hair out.

I realised that my pen drive was connected to my computer and was concerned that I may infect another computer with it.

So I bought a fresh pen drive yesterday, and downloaded the dds tool from an uninfected friend's computer.

About an hour ago I stuck it in my usb port and it was listed in the drive directory. The moment I try to run it- it disappears from the directory. No kidding, its no longer there. Its gone.

My computer is beyond slow now. I can actually go to the store between clicking an application and it opening.

I have svc host going crazy and now I cant load the dds tool.

:(
 
Hi,

Download GMER here by clicking download exe -button and then saving it your desktop:
  • Double-click .exe that you downloaded
  • Click rootkit-tab, uncheck files option and then click scan.
  • Don't check
    Show All
    box while scanning in progress!
  • When scanning is ready, click Copy.
  • This copies log to clipboard
  • Post log (if the log is long, archive it into a zip file and attach instead of posting) in your reply.
 
Hi,

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
 
Thanks Blade! :) I really appreciate the effort you've taken!
Ok- hopefully you are now free to diagnose thii ancient computer!

----

OTL logfile created on: 25/03/2011 17:44:19 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Martha\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

247.00 Mb Total Physical Memory | 58.00 Mb Available Physical Memory | 24.00% Memory free
976.00 Mb Paging File | 364.00 Mb Available in Paging File | 37.00% Paging File free
Paging file location(s): C:\pagefile.sys 372 744 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.93 Gb Total Space | 6.13 Gb Free Space | 10.97% Space Free | Partition Type: NTFS

Computer Name: MARTHA | User Name: Martha | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Martha\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\Martha\Start Menu\Programs\Startup\procexp.exe (Sysinternals - www.sysinternals.com)
PRC - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MSC\mcinfo.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
PRC - c:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MSK\msksrver.exe (McAfee, Inc.)
PRC - c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
PRC - c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Martha\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (AppMgmt) -- File not found
SRV - (mcmscsvc) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV - (McSysmon) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (MpfService) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SRV - (MSK80Service) -- C:\Program Files\McAfee\MSK\MskSrver.exe (McAfee, Inc.)
SRV - (MBackMonitor) -- C:\Program Files\McAfee\MBK\MBackMonitor.exe (McAfee)
SRV - (McProxy) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (McNASvc) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)


========== Driver Services (SafeList) ==========

DRV - (MPFP) -- C:\WINDOWS\system32\drivers\Mpfp.sys (McAfee, Inc.)
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfesmfk) -- C:\WINDOWS\system32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\WINDOWS\system32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation)
DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation)
DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation)
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (mxnic) -- C:\WINDOWS\system32\drivers\mxnic.sys (Macronix International Co., Ltd. )
DRV - (irsir) -- C:\WINDOWS\system32\drivers\irsir.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.urban75.net/vbulletin/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

FF - HKLM\software\mozilla\Firefox\Extensions\\{4D6928D2-393B-4D0C-BE5A-0CAA73BF98FA}: C:\Documents and Settings\Martha\Local Settings\Application Data\{4D6928D2-393B-4D0C-BE5A-0CAA73BF98FA} [2010/03/05 11:47:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B8CA2B3C-AD44-4FE1-8F6A-DE7155E09B50}: C:\Documents and Settings\Anthea Parker\Local Settings\Application Data\{B8CA2B3C-AD44-4FE1-8F6A-DE7155E09B50} [2010/04/14 08:58:03 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2011/03/19 23:01:27 | 000,431,122 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14841 more lines...
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Cmaudio] File not found
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe (McAfee)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\Martha\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\Martha\Start Menu\Programs\Startup\procexp.exe (Sysinternals - www.sysinternals.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Lookup on Merriam Webster - C:\Program Files\ieSpell\Merriam Webster.HTM ()
O8 - Extra context menu item: Lookup on Wikipedia - C:\Program Files\ieSpell\wikipedia.HTM ()
O9 - Extra Button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - File not found
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} http://thirdforce.com/portals/0/webplayer7.0/awswax70.cab (Macromedia Authorware Web Player Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://go.divx.com/plugin/DivXBrowserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1168439284265 (MUWebControl Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/03/05 11:45:55 | 000,000,057 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/25 17:12:22 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Martha\Desktop\OTL.exe
[2011/03/20 18:09:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Identities
[2011/03/20 08:16:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/03/20 08:15:49 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/03/20 08:15:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/03/19 21:35:01 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Martha\Desktop\erunt-setup.exe
[2011/03/19 19:09:31 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/03/19 19:09:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/03/19 18:12:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/03/18 12:17:20 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/03/18 12:04:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Martha\Local Settings\Application Data\Sunbelt Software
[2011/03/18 11:55:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2011/03/18 08:52:12 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Martha\Recent
[2011/03/16 15:56:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/03/15 14:36:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/03/15 14:35:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/03/13 14:47:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Martha\Application Data\FileZilla
[2011/03/13 13:03:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\FileZilla FTP Client
[2011/03/13 13:01:31 | 000,000,000 | ---D | C] -- C:\Program Files\FileZilla FTP Client
[2011/03/11 08:12:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Martha\My Documents\notes & posts
[2011/03/10 10:40:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ImageConverter Plus
[2011/03/10 10:40:36 | 001,706,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\gdiplus.dll
[2011/03/10 10:40:25 | 000,180,224 | ---- | C] (fCoder Group International) -- C:\WINDOWS\System32\cnvshell.dll
[2011/03/10 10:39:31 | 000,000,000 | ---D | C] -- C:\Program Files\ImageConverter Plus
[2011/03/09 14:09:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\ImageConverter Plus
[2011/03/09 14:09:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Martha\My Documents\Image Converter Plus
[2011/03/09 12:53:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Martha\Local Settings\Application Data\CutePDF Writer
[2011/03/09 12:12:02 | 000,000,000 | ---D | C] -- C:\Program Files\Acro Software
[2011/03/09 10:29:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Martha\Word flyer templates
[2011/03/09 10:27:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Martha\My Documents\Illustrator templates
[2011/03/08 10:59:05 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Martha\My Documents\My Webs
[2011/03/08 10:42:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Martha\Application Data\PriceGong
[2011/03/07 12:11:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Martha\Local Settings\Application Data\Conduit
[2011/03/03 14:01:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Martha\My Documents\Handy Andy
[2011/03/03 12:28:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Martha\Application Data\Serif
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System\*.tmp files -> C:\WINDOWS\System\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/25 17:21:16 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/03/25 17:11:58 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/25 17:11:39 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Martha\Desktop\OTL.exe
[2011/03/25 14:53:12 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/03/25 12:17:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/03/25 10:27:51 | 000,007,074 | ---- | M] () -- C:\Documents and Settings\Martha\Desktop\log results.zip
[2011/03/25 09:15:02 | 000,301,568 | ---- | M] () -- C:\Documents and Settings\Martha\Desktop\h43exsi2.exe
[2011/03/25 09:00:52 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/25 09:00:19 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/25 08:54:31 | 000,019,871 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2011/03/25 08:53:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/03/24 19:48:30 | 000,058,368 | ---- | M] () -- C:\Documents and Settings\Martha\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/23 17:25:30 | 001,620,188 | ---- | M] () -- C:\Documents and Settings\Martha\Desktop\cinema-investment-proposal-final.pdf
[2011/03/22 16:59:35 | 000,217,569 | ---- | M] () -- C:\Documents and Settings\Martha\Desktop\6b19921b441a5674b061dabf4722601f.pdf
[2011/03/21 10:16:31 | 001,006,764 | ---- | M] () -- C:\Documents and Settings\Martha\Desktop\rkill.exe
[2011/03/20 19:23:53 | 000,000,129 | ---- | M] () -- C:\Documents and Settings\Martha\Local Settings\Application Data\fusioncache.dat
[2011/03/20 08:16:10 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Martha\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/03/20 08:15:57 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Martha\Desktop\ERUNT.lnk
[2011/03/20 00:03:20 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\Martha\PUTTY.RND
[2011/03/19 23:01:27 | 000,431,122 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/03/19 21:34:37 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Martha\Desktop\erunt-setup.exe
[2011/03/19 19:10:03 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Martha\Desktop\Spybot - Search & Destroy.lnk
[2011/03/19 10:40:50 | 000,002,483 | ---- | M] () -- C:\Documents and Settings\Martha\Desktop\Microsoft Word.lnk
[2011/03/18 13:44:53 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\userinit.exe
[2011/03/18 12:17:18 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/03/17 09:09:37 | 000,011,064 | ---- | M] () -- C:\Documents and Settings\Martha\My Documents\cc_20110317_090929.reg
[2011/03/16 12:17:46 | 000,000,872 | ---- | M] () -- C:\Documents and Settings\Martha\Desktop\handyandybuilders.com Secure WebDisk.lnk
[2011/03/15 16:14:04 | 000,000,060 | ---- | M] () -- C:\Documents and Settings\Martha\Desktop\Access cPanel Webmail.url
[2011/03/15 15:42:48 | 000,005,366 | ---- | M] () -- C:\Documents and Settings\Martha\Desktop\handyandybuilders.com Secure WebDisk.vbs
[2011/03/15 13:19:53 | 000,000,022 | ---- | M] () -- C:\Documents and Settings\Martha\Desktop\New WinRAR ZIP archive.zip
[2011/03/13 13:05:24 | 000,001,663 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\FileZilla Client.lnk
[2011/03/12 23:42:58 | 000,003,184 | ---- | M] () -- C:\Documents and Settings\Martha\My Documents\cc_20110312_234227.reg
[2011/03/12 22:27:54 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\Martha\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/03/10 11:29:08 | 003,708,214 | ---- | M] () -- C:\Documents and Settings\Martha\My Documents\1165796_63751301.png
[2011/03/10 10:40:49 | 000,000,666 | ---- | M] () -- C:\Documents and Settings\Martha\Desktop\ImageConverter Plus.lnk
[2011/03/09 16:26:18 | 000,166,712 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/03/01 01:00:00 | 000,000,334 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System\*.tmp files -> C:\WINDOWS\System\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/25 10:27:51 | 000,007,074 | ---- | C] () -- C:\Documents and Settings\Martha\Desktop\log results.zip
[2011/03/25 09:15:15 | 000,301,568 | ---- | C] () -- C:\Documents and Settings\Martha\Desktop\h43exsi2.exe
[2011/03/23 17:25:42 | 001,620,188 | ---- | C] () -- C:\Documents and Settings\Martha\Desktop\cinema-investment-proposal-final.pdf
[2011/03/22 16:59:51 | 000,217,569 | ---- | C] () -- C:\Documents and Settings\Martha\Desktop\6b19921b441a5674b061dabf4722601f.pdf
[2011/03/21 10:16:50 | 001,006,764 | ---- | C] () -- C:\Documents and Settings\Martha\Desktop\rkill.exe
[2011/03/20 19:23:53 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Martha\Local Settings\Application Data\fusioncache.dat
[2011/03/20 08:16:10 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Martha\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/03/20 08:15:57 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Martha\Desktop\ERUNT.lnk
[2011/03/19 19:10:02 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Martha\Desktop\Spybot - Search & Destroy.lnk
[2011/03/18 12:33:03 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/03/17 09:09:35 | 000,011,064 | ---- | C] () -- C:\Documents and Settings\Martha\My Documents\cc_20110317_090929.reg
[2011/03/15 16:14:04 | 000,000,060 | ---- | C] () -- C:\Documents and Settings\Martha\Desktop\Access cPanel Webmail.url
[2011/03/15 15:48:30 | 000,000,872 | ---- | C] () -- C:\Documents and Settings\Martha\Desktop\handyandybuilders.com Secure WebDisk.lnk
[2011/03/15 15:42:48 | 000,005,366 | ---- | C] () -- C:\Documents and Settings\Martha\Desktop\handyandybuilders.com Secure WebDisk.vbs
[2011/03/15 13:19:53 | 000,000,022 | ---- | C] () -- C:\Documents and Settings\Martha\Desktop\New WinRAR ZIP archive.zip
[2011/03/15 09:13:46 | 000,000,868 | ---- | C] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/03/13 13:05:24 | 000,001,663 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\FileZilla Client.lnk
[2011/03/12 23:42:50 | 000,003,184 | ---- | C] () -- C:\Documents and Settings\Martha\My Documents\cc_20110312_234227.reg
[2011/03/12 22:27:54 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\Martha\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/03/10 11:29:04 | 003,708,214 | ---- | C] () -- C:\Documents and Settings\Martha\My Documents\1165796_63751301.png
[2011/03/10 10:40:49 | 000,000,666 | ---- | C] () -- C:\Documents and Settings\Martha\Desktop\ImageConverter Plus.lnk
[2011/03/09 18:08:51 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Martha\PUTTY.RND
[2010/08/12 19:28:02 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2010/04/07 13:51:06 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/03/07 14:40:09 | 000,000,067 | ---- | C] () -- C:\WINDOWS\AVIConverter.INI
[2010/03/07 13:43:58 | 000,000,310 | ---- | C] () -- C:\Documents and Settings\Martha\Application Data\burnaware.ini
[2010/03/05 11:47:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Xqokonibumerujom.bin
[2010/03/05 11:47:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Edenimesumiwumez.dat
[2010/02/26 21:20:43 | 000,058,368 | ---- | C] () -- C:\Documents and Settings\Martha\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/21 01:42:18 | 000,000,314 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2007/10/05 07:41:50 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2007/06/26 20:22:12 | 000,000,015 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2007/06/26 17:03:51 | 000,010,240 | ---- | C] () -- C:\WINDOWS\hpdj3840.ini
[2007/01/13 10:32:48 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI
[2007/01/13 10:32:43 | 000,000,212 | ---- | C] () -- C:\WINDOWS\AWSHKWV.INI
[2006/11/11 20:09:18 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\FileOps.exe
[2006/11/08 21:40:13 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/08/17 19:53:12 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\lxakih.exe
[2006/08/17 19:53:11 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\lxaklcnp.dll
[2006/08/17 19:53:11 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\INSTMON.EXE
[2006/08/09 12:15:04 | 000,000,060 | ---- | C] () -- C:\WINDOWS\System32\SYSDRV.DAT
[2005/04/26 02:11:10 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/04/26 01:27:29 | 000,352,256 | ---- | C] () -- C:\WINDOWS\System32\HotlineClient.exe
[2005/04/25 23:31:16 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/04/25 23:24:53 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/04/25 23:06:29 | 000,000,449 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2005/04/25 23:06:29 | 000,000,338 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/04/25 23:05:55 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/04/25 23:05:52 | 000,442,620 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/04/25 23:05:52 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2005/04/25 23:05:52 | 000,072,046 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/04/25 23:05:52 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2005/04/25 23:05:51 | 000,005,151 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/04/25 23:05:50 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/04/25 23:05:48 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/04/25 23:05:43 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005/04/25 23:05:42 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2005/04/25 23:05:35 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005/04/25 23:05:27 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2005/04/25 16:17:17 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/04/25 16:16:19 | 000,166,712 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/04/23 22:02:10 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.exe
[2004/03/03 07:50:56 | 000,004,460 | ---- | C] () -- C:\WINDOWS\hpfmdl_s04_main.dat
[2004/02/11 18:39:07 | 000,000,316 | ---- | C] () -- C:\WINDOWS\hpfins_s04_main.dat
[2003/02/19 01:26:28 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C8B8CEBD
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:918DBCA9

< End of report >
 
OTL Extras logfile created on: 25/03/2011 17:44:19 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Martha\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

247.00 Mb Total Physical Memory | 58.00 Mb Available Physical Memory | 24.00% Memory free
976.00 Mb Paging File | 364.00 Mb Available in Paging File | 37.00% Paging File free
Paging file location(s): C:\pagefile.sys 372 744 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.93 Gb Total Space | 6.13 Gb Free Space | 10.97% Space Free | Partition Type: NTFS

Computer Name: MARTHA | User Name: Martha | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"MPSLegacyEnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
"C:\Documents and Settings\Anthea Parker\Local Settings\Temp\WZSE0.TMP\SymNRT.exe" = C:\Documents and Settings\Anthea Parker\Local Settings\Temp\WZSE0.TMP\SymNRT.exe:*:Enabled:Symantec Removal Utility
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{14C35072-D7D0-4B29-B5BF-C94E426D77E9}" = Sky Broadband
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{43DCF766-6838-4F9A-8C91-D92DA586DFA8}" = Microsoft Windows Journal Viewer
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5BBD0D3F-E4B2-4EE4-806A-07A95D4E2683}" = Sky Broadband Browser Branding
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{91710409-8000-11D3-8CFE-0150048383C9}" = Microsoft Application Error Reporting
"{91A4AD99-69CE-4745-97B7-0E0DFBECFDE5}" = Adobe Illustrator CS
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.2
"{B1591C79-1C35-4E09-AA15-F7D6923AFB96}" = HP Deskjet 3840
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B81023A5-71ED-46EB-BE3B-9F974D1155F1}" = HP Software Update
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Picture Package Music Transfer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"CCleaner" = CCleaner
"C-Media Audio Driver" = C-Media WDM Audio Driver
"ERUNT_is1" = ERUNT 1.1j
"FileZilla Client" = FileZilla Client 3.3.5.1
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"ie8" = Windows Internet Explorer 8
"ieSpell" = ieSpell
"ImageConverter Plus_is1" = ImageConverter Plus 7.1
"Lexmark Supplies Monitor" = Lexmark Supplies Monitor
"Lexmark Z55" = Lexmark Z55
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSC" = McAfee SecurityCenter
"MSNINST" = MSN
"PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software
"VLC media player" = VLC media player 1.0.5
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 24/03/2011 03:57:00 | Computer Name = MARTHA | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

Error - 24/03/2011 04:54:57 | Computer Name = MARTHA | Source = Microsoft Office 10 | ID = 2001
Description = Rejected Safe Mode action : Microsoft Word.

Error - 24/03/2011 05:11:57 | Computer Name = MARTHA | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 10.0.6866.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 24/03/2011 15:43:52 | Computer Name = MARTHA | Source = McLogEvent | ID = 5051
Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 3340 (0xd0c) Thread address : 0x121123F6 Thread message : Build VSCORE.14.0.0.435
/ 5400.1158 Object being scanned = \Device\HarddiskVolume1\Program Files\McAfee.com\Agent\mcupdate.exe

by **\MCUPDATE.EXE 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0)
5006(0)(0) 5004(0)(0)

Error - 24/03/2011 15:53:21 | Computer Name = MARTHA | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

Error - 24/03/2011 17:12:31 | Computer Name = MARTHA | Source = McLogEvent | ID = 5051
Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 2348 (0x92c) Thread address : 0x12026890 Thread message : Build VSCORE.14.0.0.435
/ 5400.1158 Object being scanned = \Device\HarddiskVolume1\Program Files\McAfee\VirusScan\2057\ashldres.dll

by C:\WINDOWS\Explorer.EXE 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0)

5006(0)(0) 5004(0)(0)

Error - 24/03/2011 17:33:51 | Computer Name = MARTHA | Source = McLogEvent | ID = 5051
Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 500 (0x1f4) Thread address : 0x121123F6 Thread message : Build VSCORE.14.0.0.435
/ 5400.1158 Object being scanned = \Device\HarddiskVolume1\Program Files\Google\Common\Google
Updater\GoogleUpdaterService.exe by C:\WINDOWS\System32\svchost.exe 4(0)(0) 4(0)(0)

7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 25/03/2011 04:53:35 | Computer Name = MARTHA | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

Error - 25/03/2011 05:03:41 | Computer Name = MARTHA | Source = McLogEvent | ID = 5051
Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 2856 (0xb28) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.0.0.435
/ 5400.1158 Object being scanned = \Device\HarddiskVolume1\Program Files\FileZilla
FTP Client\filezilla.exe by C:\WINDOWS\Explorer.EXE 4(0)(0) 4(0)(0) 7200(0)(0)
7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 25/03/2011 10:25:38 | Computer Name = MARTHA | Source = Application Hang | ID = 1002
Description = Hanging application AcroRd32.exe, version 9.4.2.220, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 24/03/2011 18:11:04 | Computer Name = MARTHA | Source = Service Control Manager | ID = 7031
Description = The Windows Management Instrumentation service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
60000 milliseconds: Restart the service.

Error - 24/03/2011 18:11:04 | Computer Name = MARTHA | Source = Service Control Manager | ID = 7034
Description = The Security Center service terminated unexpectedly. It has done
this 1 time(s).

Error - 24/03/2011 18:11:04 | Computer Name = MARTHA | Source = Service Control Manager | ID = 7034
Description = The Wireless Zero Configuration service terminated unexpectedly.
It has done this 1 time(s).

Error - 25/03/2011 04:59:56 | Computer Name = MARTHA | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the mcmscsvc service.

Error - 25/03/2011 05:09:30 | Computer Name = MARTHA | Source = Service Control Manager | ID = 7031
Description = The McAfee Real-time Scanner service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Restart the service.

Error - 25/03/2011 05:09:46 | Computer Name = MARTHA | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the McAfee Real-time Scanner
service to connect.

Error - 25/03/2011 05:09:46 | Computer Name = MARTHA | Source = Service Control Manager | ID = 7000
Description = The McAfee Real-time Scanner service failed to start due to the following
error: %%1053

Error - 25/03/2011 05:11:43 | Computer Name = MARTHA | Source = Service Control Manager | ID = 7034
Description = The McAfee Scanner service terminated unexpectedly. It has done this
1 time(s).

Error - 25/03/2011 05:20:53 | Computer Name = MARTHA | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 25/03/2011 05:22:22 | Computer Name = MARTHA | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.


< End of report >
 
Thanks for the logs :)


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.


Please continue as follows:

  1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.

  2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New OTL.txt log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
 
Hi Blade, thanks for the email notification.


I read through the Combo fix instructions, printed them out.

Saved it to the desktop, disabled my AV and double clicked the icon.

My computer is now asking what program it should use to open it!

Id appreciate some advice!
 
Hi,

Rename ComboFix.exe file to Something.com and try to run it.
 
It didnt work. :(

I renamed it, double clicked and got the same 'choose the programme you wish to open it with message.'

I tried again a few minutes later and got the message below saying I had a corrupt copy of combofix.

Im assuming its more dastardly trickery.
What kind of evil mastermind of an infection is this?!

Time to kill it with fire!
 
Hi,

1. Download TDSSKiller and extract its contents into a folder in desired location (i.e. c:\tdsskiller).
2. Execute the file TDSSKiller.exe.
3. Click Start Scan. If threats are found, select cure and click Continue (tool may prompt for a reboot).
4. Post back contents of log file in c: drive root (name should be in UtilityName.Version_Date_Time_log.txt format)
 
Im concerned Ive lost the relevant report log.

I ran TDS killer, it found something (I didnt note it down, sorry :( It was rootkit something...) and prompted for a reboot- which it did.

Im anxious that I should have got the report at that stage?


Below is the report I got after the computer rebooted.

(Should I wait to re-enable McAfee - its still disabled from preparing to run the Combofix tool.)

---

2011/03/26 16:13:55.0984 2868 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/03/26 16:14:01.0359 2868 ================================================================================
2011/03/26 16:14:01.0359 2868 SystemInfo:
2011/03/26 16:14:01.0359 2868
2011/03/26 16:14:01.0453 2868 OS Version: 5.1.2600 ServicePack: 2.0
2011/03/26 16:14:01.0453 2868 Product type: Workstation
2011/03/26 16:14:01.0453 2868 ComputerName: MARTHA
2011/03/26 16:14:01.0515 2868 UserName: Martha
2011/03/26 16:14:01.0515 2868 Windows directory: C:\WINDOWS
2011/03/26 16:14:01.0515 2868 System windows directory: C:\WINDOWS
2011/03/26 16:14:01.0609 2868 Processor architecture: Intel x86
2011/03/26 16:14:01.0609 2868 Number of processors: 1
2011/03/26 16:14:01.0609 2868 Page size: 0x1000
2011/03/26 16:14:01.0609 2868 Boot type: Normal boot
2011/03/26 16:14:01.0609 2868 ================================================================================
2011/03/26 16:15:51.0937 2868 Initialize success
2011/03/26 16:15:59.0765 3372 ================================================================================
2011/03/26 16:15:59.0765 3372 Scan started
2011/03/26 16:15:59.0765 3372 Mode: Manual;
2011/03/26 16:15:59.0765 3372 ================================================================================
2011/03/26 16:16:29.0890 3372 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/03/26 16:16:33.0843 3372 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/03/26 16:16:35.0984 3372 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/03/26 16:16:39.0500 3372 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/03/26 16:16:42.0734 3372 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
2011/03/26 16:16:46.0421 3372 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
2011/03/26 16:16:48.0375 3372 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/03/26 16:16:50.0187 3372 agpCPQ (67288b07d6aba6c1267b626e67bc56fd) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/03/26 16:16:52.0640 3372 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/03/26 16:16:54.0203 3372 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/03/26 16:16:55.0500 3372 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/03/26 16:16:57.0656 3372 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/03/26 16:16:59.0015 3372 alim1541 (f312b7cef21eff52fa23056b9d815fad) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/03/26 16:17:00.0593 3372 amdagp (675c16a3c1f8482f85ee4a97fc0dde3d) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/03/26 16:17:03.0031 3372 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/03/26 16:17:04.0796 3372 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/03/26 16:17:06.0703 3372 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/03/26 16:17:07.0671 3372 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/03/26 16:17:08.0984 3372 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/03/26 16:17:11.0265 3372 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/03/26 16:17:13.0953 3372 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/03/26 16:17:16.0687 3372 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/03/26 16:17:19.0531 3372 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/03/26 16:17:21.0953 3372 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/03/26 16:17:22.0781 3372 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/03/26 16:17:23.0484 3372 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/03/26 16:17:24.0140 3372 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/03/26 16:17:24.0500 3372 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/03/26 16:17:25.0453 3372 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/03/26 16:17:26.0781 3372 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/03/26 16:17:29.0718 3372 cmuda (53f4cc55f3c255439c5973e31f0adce7) C:\WINDOWS\system32\drivers\cmuda.sys
2011/03/26 16:17:33.0250 3372 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/03/26 16:17:35.0000 3372 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/03/26 16:17:36.0421 3372 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/03/26 16:17:37.0765 3372 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/03/26 16:17:40.0156 3372 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2011/03/26 16:17:43.0062 3372 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
2011/03/26 16:17:44.0421 3372 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/03/26 16:17:45.0609 3372 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/03/26 16:17:46.0937 3372 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/03/26 16:17:47.0984 3372 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/03/26 16:17:49.0078 3372 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/03/26 16:17:50.0359 3372 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/03/26 16:17:51.0640 3372 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2011/03/26 16:17:52.0609 3372 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/03/26 16:17:54.0609 3372 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/03/26 16:17:55.0812 3372 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/03/26 16:17:56.0500 3372 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/03/26 16:17:57.0468 3372 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/03/26 16:17:58.0421 3372 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/03/26 16:17:59.0359 3372 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/03/26 16:18:00.0093 3372 HSFHWBS2 (970178e8e003eb1481293830069624b9) C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys
2011/03/26 16:18:00.0921 3372 HSF_DP (ebb354438a4c5a3327fb97306260714a) C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys
2011/03/26 16:18:01.0546 3372 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/03/26 16:18:02.0484 3372 i2omgmt (8f09f91b5c91363b77bcd15599570f2c) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/03/26 16:18:03.0328 3372 i2omp (ed6bf9e441fdea13292a6d30a64a24c3) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/03/26 16:18:04.0000 3372 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/03/26 16:18:05.0093 3372 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/03/26 16:18:05.0703 3372 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/03/26 16:18:06.0234 3372 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/03/26 16:18:06.0593 3372 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/03/26 16:18:07.0015 3372 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/03/26 16:18:07.0515 3372 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/03/26 16:18:08.0093 3372 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/03/26 16:18:08.0796 3372 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/03/26 16:18:09.0625 3372 irda (86c204836feec22510d434982d4221b8) C:\WINDOWS\system32\DRIVERS\irda.sys
2011/03/26 16:18:10.0468 3372 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/03/26 16:18:11.0859 3372 irsir (0501f0b9ab08425f8c0eacbdcc04aa32) C:\WINDOWS\system32\DRIVERS\irsir.sys
2011/03/26 16:18:13.0062 3372 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/03/26 16:18:14.0187 3372 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/03/26 16:18:14.0953 3372 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
2011/03/26 16:18:16.0062 3372 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/03/26 16:18:19.0578 3372 mdmxsdk (195741aee20369980796b557358cd774) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/03/26 16:18:20.0250 3372 mfeavfk (bafdd5e28baea99d7f4772af2f5ec7ee) C:\WINDOWS\system32\drivers\mfeavfk.sys
2011/03/26 16:18:21.0062 3372 mfebopk (1d003e3056a43d881597d6763e83b943) C:\WINDOWS\system32\drivers\mfebopk.sys
2011/03/26 16:18:21.0921 3372 mfehidk (317997eb32fe039e7881704e596a2ed1) C:\WINDOWS\system32\drivers\mfehidk.sys
2011/03/26 16:18:22.0812 3372 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\WINDOWS\system32\drivers\mferkdk.sys
2011/03/26 16:18:23.0328 3372 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\WINDOWS\system32\drivers\mfesmfk.sys
2011/03/26 16:18:23.0828 3372 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/03/26 16:18:24.0406 3372 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2011/03/26 16:18:24.0750 3372 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/03/26 16:18:25.0718 3372 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/03/26 16:18:26.0718 3372 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/03/26 16:18:27.0359 3372 MPFP (bc2a92cff784555ed622f861cb34f2e6) C:\WINDOWS\system32\Drivers\Mpfp.sys
2011/03/26 16:18:28.0203 3372 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/03/26 16:18:29.0140 3372 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/03/26 16:18:30.0343 3372 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/03/26 16:18:31.0390 3372 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/03/26 16:18:32.0187 3372 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/03/26 16:18:32.0734 3372 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/03/26 16:18:33.0437 3372 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/03/26 16:18:34.0187 3372 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/03/26 16:18:35.0062 3372 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2011/03/26 16:18:36.0078 3372 mxnic (e1cdf20697d992cf83ff86dd04df1285) C:\WINDOWS\system32\DRIVERS\mxnic.sys
2011/03/26 16:18:36.0875 3372 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/03/26 16:18:37.0921 3372 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/03/26 16:18:39.0062 3372 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/03/26 16:18:40.0421 3372 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/03/26 16:18:41.0156 3372 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/03/26 16:18:42.0265 3372 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/03/26 16:18:43.0218 3372 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/03/26 16:18:44.0656 3372 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/03/26 16:18:45.0859 3372 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/03/26 16:18:47.0828 3372 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/03/26 16:18:49.0859 3372 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/03/26 16:18:52.0093 3372 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/03/26 16:18:52.0921 3372 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/03/26 16:18:54.0187 3372 NwlnkIpx (79ea3fcda7067977625b3363a2657c80) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
2011/03/26 16:18:54.0953 3372 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
2011/03/26 16:18:55.0828 3372 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
2011/03/26 16:18:56.0968 3372 P3 (3e16eff2a6fed2d8d7f5a66dfe65d183) C:\WINDOWS\system32\DRIVERS\p3.sys
2011/03/26 16:18:57.0875 3372 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/03/26 16:18:58.0625 3372 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/03/26 16:18:59.0609 3372 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/03/26 16:19:00.0453 3372 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/03/26 16:19:02.0078 3372 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/03/26 16:19:02.0921 3372 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/03/26 16:19:06.0406 3372 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/03/26 16:19:07.0234 3372 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/03/26 16:19:08.0625 3372 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/03/26 16:19:09.0328 3372 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/03/26 16:19:10.0281 3372 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/03/26 16:19:11.0484 3372 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/03/26 16:19:12.0328 3372 PxHelp20 (1962166e0ceb740704f30fa55ad3d509) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/03/26 16:19:13.0218 3372 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/03/26 16:19:14.0234 3372 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/03/26 16:19:15.0078 3372 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/03/26 16:19:15.0875 3372 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/03/26 16:19:16.0859 3372 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/03/26 16:19:17.0640 3372 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/03/26 16:19:18.0421 3372 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
2011/03/26 16:19:19.0390 3372 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/03/26 16:19:20.0312 3372 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/03/26 16:19:21.0031 3372 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/03/26 16:19:21.0781 3372 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/03/26 16:19:22.0703 3372 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/03/26 16:19:23.0515 3372 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/03/26 16:19:24.0531 3372 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/03/26 16:19:25.0984 3372 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/03/26 16:19:27.0109 3372 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2011/03/26 16:19:27.0765 3372 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/03/26 16:19:28.0796 3372 Serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/03/26 16:19:29.0578 3372 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/03/26 16:19:30.0531 3372 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/03/26 16:19:32.0156 3372 sisagp (732d859b286da692119f286b21a2a114) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/03/26 16:19:33.0109 3372 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/03/26 16:19:34.0125 3372 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
2011/03/26 16:19:35.0078 3372 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/03/26 16:19:36.0218 3372 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/03/26 16:19:37.0718 3372 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/03/26 16:19:38.0515 3372 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/03/26 16:19:39.0500 3372 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/03/26 16:19:40.0515 3372 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/03/26 16:19:41.0328 3372 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/03/26 16:19:42.0218 3372 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/03/26 16:19:43.0078 3372 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/03/26 16:19:44.0296 3372 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/03/26 16:19:45.0562 3372 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/03/26 16:19:46.0359 3372 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/03/26 16:19:47.0218 3372 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/03/26 16:19:48.0265 3372 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/03/26 16:19:49.0343 3372 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/03/26 16:19:50.0359 3372 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/03/26 16:19:51.0531 3372 Update (7b2170ee3d858ce8fbe503904cc9b663) C:\WINDOWS\system32\DRIVERS\update.sys
2011/03/26 16:19:53.0484 3372 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/03/26 16:19:54.0500 3372 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/03/26 16:19:55.0531 3372 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/03/26 16:19:56.0312 3372 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/03/26 16:19:57.0609 3372 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/03/26 16:19:58.0796 3372 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/03/26 16:20:00.0078 3372 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/03/26 16:20:01.0250 3372 viaagp (d92e7c8a30cfd14d8e15b5f7f032151b) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/03/26 16:20:02.0546 3372 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/03/26 16:20:04.0015 3372 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/03/26 16:20:05.0171 3372 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/03/26 16:20:07.0156 3372 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/03/26 16:20:08.0640 3372 winachsf (1225ebea76aac3c84df6c54fe5e5d8be) C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys
2011/03/26 16:20:47.0718 3372 ================================================================================
2011/03/26 16:20:47.0765 3372 Scan finished
2011/03/26 16:20:47.0765 3372 ================================================================================
 
You must log in or register to reply here.
Back
Top