Solved Infection by XP Security 2012 leads to .exe problems

maternag · 2011/08/17

[Resolved] Infection by XP Security 2012 leads to .exe problems

Hello,

I have recently been infected with the "XP Security 2012" malware. At the same time, my Zone alarm asked me if a process "kvr.exe" could access the internet. Thanks to this, I could quickly identify the process, kill it and remove it from my computer manually.

After that, I wasn't able to start any program (.exe file extension was gone). I managed to open a browser, update malwarebytes and run a fullscan, update spybot and run a scan, update superantispyware and run a ful scan. Spybot found files and registry entries and fixed them.

My computer seems now clean but the .exe file extension association still disappears at each reboot. When I run exeHelper.com, I can run .exe file again normally and it stays ok when I log-off then log-in. But when I shutdown and restart, it is gone. I have made a comparison of my registry before and after the restart and I see that these keys are gone after the reboot:
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.exe]
@= "exefile "
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
@= "\ "%1\" %* "

I have followed some posts on the web with the same kind of trouble and I have used ComboFix, but it was not clear to me if it has found something, though it reports having deleted some files (see logs here bellow)

I ran an ESET free online scan and it found nothing except 2 false positive on kantaris and dexpot installers. I ran again a full scan malwarebyte and AVG anti-virus and they found no infections.

The only remaining problem is this .exe file extension that does not work anymore at each reboot. Am I still infected? What does modify my registry at each reboot?

By the way, I use the occasion to express my deep respect and gratitude for volunteer people like you helping others with their time and knowledge.

Here are the logs:

==================
ComboFix-quarantined-files.txt
==================
2011-08-16 19:25:53 . 2011-08-16 19:25:53 10,791 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2011-08-16 19:16:55 . 2011-08-16 19:16:55 51 ----a-w- C:\Qoobox\Quarantine\catchme.log
2011-08-12 22:25:58 . 2008-04-14 00:12:32 146,432 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\regedit.com.vir
2011-06-21 08:18:08 . 2011-06-21 08:09:14 161 ----a-w- C:\Qoobox\Quarantine\C\Program Files\INSTALL.LOG.vir
2010-11-02 21:08:22 . 1999-12-09 20:19:48 147,456 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\zip32.dll.vir
2010-08-04 19:05:57 . 2010-09-01 08:09:23 5 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\1028_DELL_XPS_Vostro 1000 .MRK.vir
2010-08-04 19:05:57 . 2010-09-01 08:09:23 5 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\DELL_XPS_Vostro 1000 .MRK.vir
2006-12-13 15:03:14 . 2006-12-13 15:03:14 74,240 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\zlibwapi.dll.vir

==================
MBAM
==================
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7481

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

17/08/2011 3:57:31
mbam-log-2011-08-17 (03-57-31).txt

Scan type: Full scan (C:\|)
Objects scanned: 344454
Time elapsed: 5 hour(s), 27 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

==================
GMER
==================
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-08-17 17:10:39
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD800BEVT-75ZCT1 rev.11.01A11
Running: y3ti46y8.exe; Driver: C:\DOCUME~1\VOSTRO~1\LOCALS~1\Temp\kxlyypow.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateFile [0xB1053782]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateKey [0xB10726DC]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateProcess [0xB106CEB4]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0xB106D2A2]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateSection [0xB1076916]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xB1054398]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteKey [0xB1073FE4]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteValueKey [0xB107393C]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0xB106BDF0]
SSDT spcy.sys ZwEnumerateKey [0xB9ECDDA4]
SSDT spcy.sys ZwEnumerateValueKey [0xB9ECE132]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey [0xB107493C]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xB1074B44]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenFile [0xB1053FAA]
SSDT spcy.sys ZwOpenKey [0xB9EB50C0]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xBA4A1738]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenThread [0xB106EDF8]
SSDT spcy.sys ZwQueryKey [0xB9ECE20A]
SSDT spcy.sys ZwQueryValueKey [0xB9ECE08A]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRenameKey [0xB10758D2]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwReplaceKey [0xB1075208]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRestoreKey [0xB10762A4]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0xB10597DC]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xB105475C]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetSecurityObject [0xB1075E12]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetValueKey [0xB10730C4]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0xB106DF0A]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xBA4A17DC]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xBA4A1878]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xBA4A1914]

INT 0x62 ? 8A589BF8
INT 0x63 ? 8A336BF8
INT 0x73 ? 8A336BF8
INT 0x73 ? 8A336BF8
INT 0x83 ? 8A589BF8
INT 0x84 ? 8A336BF8
INT 0xB4 ? 8A336BF8

Code BA7C1C9C ZwRequestPort
Code BA7C1D3C ZwRequestWaitReplyPort
Code BA7C1BFC ZwTraceEvent
Code BA7C1C9B NtRequestPort
Code BA7C1D3B NtRequestWaitReplyPort
Code BA7C1BFB NtTraceEvent

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!NtTraceEvent 805318C6 5 Bytes JMP BA7C1C00
PAGE ntkrnlpa.exe!NtRequestPort 80597E8E 5 Bytes JMP BA7C1CA0
PAGE ntkrnlpa.exe!NtRequestWaitReplyPort 805981BA 5 Bytes JMP BA7C1D40
? spcy.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload B97ED8AC 5 Bytes JMP 8A3361D8
.text aiiy4c11.SYS B9708386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text aiiy4c11.SYS B97083AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text aiiy4c11.SYS B97083C4 3 Bytes [00, 80, 02]
.text aiiy4c11.SYS B97083C9 1 Byte [30]
.text aiiy4c11.SYS B97083C9 11 Bytes [30, 00, 00, 00, 5E, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESI; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text ...
.text win32k.sys!EngAcquireSemaphore + 20F0 BF808339 5 Bytes JMP BA7C1480
.text win32k.sys!EngFreeUserMem + 5BD7 BF80EEC5 5 Bytes JMP BA7C13E0
.text win32k.sys!EngSetLastError + 79AA BF82430B 5 Bytes JMP BA7C15C0
.text win32k.sys!FONTOBJ_pxoGetXform + 84ED BF8519C5 5 Bytes JMP BA7C1A20
.text win32k.sys!XLATEOBJ_iXlate + 2EDD BF85DEB0 5 Bytes JMP BA7C1520
.text win32k.sys!EngCreatePalette + 8A BF85F854 5 Bytes JMP BA7C18E0
.text win32k.sys!EngCopyBits + 1409 BF89A1F5 5 Bytes JMP BA7C1700
.text win32k.sys!EngCopyBits + 4DEE BF89DBDA 5 Bytes JMP BA7C1660
.text win32k.sys!EngEraseSurface + A9E0 BF8C2150 5 Bytes JMP BA7C17A0
.text win32k.sys!EngDeleteSemaphore + 3B40 BF8EC2A9 5 Bytes JMP BA7C1980
.text win32k.sys!EngCreateClip + 19DF BF9133E5 5 Bytes JMP BA7C1AC0
.text win32k.sys!EngCreateClip + 1F6F BF913975 5 Bytes JMP BA7C1B60
.text win32k.sys!EngCreateClip + 25B5 BF913FBB 5 Bytes JMP BA7C1840

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[1704] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 30F281EC C:\Program Files\Common Files\Microsoft Shared\office11\mso.dll (Microsoft Office 2003 component/Microsoft Corporation)
.text C:\WINDOWS\system32\SearchIndexer.exe[2144] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B9EB6042] spcy.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B9EB613E] spcy.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B9EB60C0] spcy.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B9EB6800] spcy.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B9EB66D6] spcy.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B9EC5B90] spcy.sys
IAT \SystemRoot\System32\Drivers\aiiy4c11.SYS[HAL.dll!KfAcquireSpinLock] 18C4830E
IAT \SystemRoot\System32\Drivers\aiiy4c11.SYS[HAL.dll!READ_PORT_UCHAR] 1C959E88
IAT \SystemRoot\System32\Drivers\aiiy4c11.SYS[HAL.dll!KeGetCurrentIrql] 9E880000
IAT \SystemRoot\System32\Drivers\aiiy4c11.SYS[HAL.dll!KfRaiseIrql] 00001CB1
IAT \SystemRoot\System32\Drivers\aiiy4c11.SYS[HAL.dll!KfLowerIrql] 0E798366
IAT \SystemRoot\System32\Drivers\aiiy4c11.SYS[HAL.dll!HalGetInterruptVector] 74AAB000
IAT \SystemRoot\System32\Drivers\aiiy4c11.SYS[HAL.dll!HalTranslateBusAddress] 8986C636
IAT \SystemRoot\System32\Drivers\aiiy4c11.SYS[HAL.dll!KeStallExecutionProcessor] 1A00001C
IAT \SystemRoot\System32\Drivers\aiiy4c11.SYS[HAL.dll!KfReleaseSpinLock] 1C8B86C6
IAT \SystemRoot\System32\Drivers\aiiy4c11.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] C6020000
IAT \SystemRoot\System32\Drivers\aiiy4c11.SYS[HAL.dll!READ_PORT_USHORT] 001C9686
IAT \SystemRoot\System32\Drivers\aiiy4c11.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 86C60200
IAT \SystemRoot\System32\Drivers\aiiy4c11.SYS[HAL.dll!WRITE_PORT_UCHAR] 00001CB2
IAT \SystemRoot\System32\Drivers\aiiy4c11.SYS[WMILIB.SYS!WmiSystemControl] 8800001C
IAT \SystemRoot\System32\Drivers\aiiy4c11.SYS[WMILIB.SYS!WmiCompleteRequest] 001CB99E
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [B105E672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [B105E4C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [B105ECBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [B105CC2A] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [B105CC2A] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [B105E672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [B105E4C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [B105ECBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [B105E672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [B105CC2A] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [B105ECBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [B105E4C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [B105ECBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [B105E4C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [B105E672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [B105CC2A] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [B105E672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [B105E4C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [B105ECBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [B105E672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [B105CC2A] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [B105ECBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [B105E4C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8A5881F8

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

Device \FileSystem\Fastfat \FatCdrom 89D7C500
Device \Driver\Tcpip \Device\Ip vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device \Driver\usbohci \Device\USBPDO-0 8A3DE1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{A2DC9E66-2C08-42D2-A33C-BC14B2E6B9D3} 89D7F500
Device \Driver\usbohci \Device\USBPDO-1 8A3DE1F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A5F61F8
Device \Driver\dmio \Device\DmControl\DmConfig 8A5F61F8
Device \Driver\dmio \Device\DmControl\DmPnP 8A5F61F8
Device \Driver\dmio \Device\DmControl\DmInfo 8A5F61F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{CFA88D73-7BCA-4A85-ABC0-EC3C3489CD8C} 89D7F500
Device \Driver\usbohci \Device\USBPDO-2 8A3DE1F8
Device \Driver\usbohci \Device\USBPDO-3 8A3DE1F8
Device \Driver\usbohci \Device\USBPDO-4 8A3DE1F8
Device \Driver\Tcpip \Device\Tcp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\usbehci \Device\USBPDO-5 8A31C1F8
Device \Driver\PCI_PNP9008 \Device\00000056 spcy.sys
Device \Driver\Ftdisk \Device\HarddiskVolume1 8A58A1F8

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)

Device \Driver\Ftdisk \Device\HarddiskVolume2 8A58A1F8

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)

Device \Driver\Cdrom \Device\CdRom0 8A3131F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [B9E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 [B9E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [B9E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort2 [B9E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort3 [B9E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-12 [B9E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\Cdrom \Device\CdRom1 8A3131F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 89D7F500
Device \Driver\NetBT \Device\NetbiosSmb 89D7F500
Device \Driver\sptd \Device\3710301508 spcy.sys
Device \Driver\Tcpip \Device\Udp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\Tcpip \Device\RawIp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\usbohci \Device\USBFDO-0 8A3DE1F8
Device \Driver\usbohci \Device\USBFDO-1 8A3DE1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A2921F8
Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\usbohci \Device\USBFDO-2 8A3DE1F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A2921F8
Device \Driver\usbohci \Device\USBFDO-3 8A3DE1F8
Device \Driver\usbohci \Device\USBFDO-4 8A3DE1F8
Device \Driver\Ftdisk \Device\FtControl 8A58A1F8
Device \Driver\usbehci \Device\USBFDO-5 8A31C1F8
Device \Driver\aiiy4c11 \Device\Scsi\aiiy4c111 8A37A1F8
Device \Driver\aiiy4c11 \Device\Scsi\aiiy4c111Port4Path0Target0Lun0 8A37A1F8
Device \FileSystem\Fastfat \Fat 89D7C500

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

Device \FileSystem\Cdfs \Cdfs 89BAA500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD7 0x3D 0xC1 0xC4 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xED 0x52 0xA1 0x75 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x61 0xB4 0xDC 0xCA ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD7 0x3D 0xC1 0xC4 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xED 0x52 0xA1 0x75 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x61 0xB4 0xDC 0xCA ...

---- EOF - GMER 1.0.15 ----

==================
MBRCheck
==================
aswMBR version 0.9.8.978 Copyright(c) 2011 AVAST Software
Run date: 2011-08-17 17:12:12
-----------------------------
17:12:12.968 OS Version: Windows 5.1.2600 Service Pack 3
17:12:12.968 Number of processors: 1 586 0x7C02
17:12:12.968 ComputerName: VOSTRO-PC4 UserName: vostropc4
17:12:14.781 Initialize success
17:12:46.906 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
17:12:46.906 Disk 0 Vendor: WDC_WD800BEVT-75ZCT1 11.01A11 Size: 76319MB BusType: 3
17:12:49.218 Disk 0 MBR read successfully
17:12:49.218 Disk 0 MBR scan
17:12:49.218 Disk 0 Windows XP default MBR code
17:12:49.296 Disk 0 scanning sectors +156280320
17:12:49.687 Disk 0 scanning C:\WINDOWS\system32\drivers
17:13:54.046 Service scanning
17:13:54.718 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
17:13:54.765 Service vsdatant C:\WINDOWS\System32\vsdatant.sys **LOCKED** 32
17:13:55.296 Modules scanning
17:14:54.593 Disk 0 trace - called modules:
17:14:54.625 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys spcy.sys hal.dll >>UNKNOWN [0x8a5a9938]<<
17:14:54.625 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a4e4ab8]
17:14:54.953 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a4f6d98]
17:14:54.968 Scan finished successfully
17:15:45.812 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\vostropc4\Desktop\MBR.dat "
17:15:45.828 The log file has been saved successfully to "C:\Documents and Settings\vostropc4\Desktop\aswMBR.txt "

==================
DDS logs follow in next post
==================

maternag · 2011/08/17

DDS logs:

==================
DDS.txt
==================

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by vostropc4 at 20:27:53 on 2011-08-17
Microsoft Windows XP Professional 5.1.2600.3.1252.32.1033.18.1918.994 [GMT 2:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *Enabled*
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\Program Files\RealVNC\VNC4\winvnc4.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\TeamViewer\Version5\TeamViewer.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\OpenVPN\bin\openvpn-gui.exe
C:\Program Files\FreePDF_XP\fpassist.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\PowerMenu\PowerMenu.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\vostropc4\My Documents\TÃ©lÃ©chargements\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.be/
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Programme d'aide de l'Assistant de connexion Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [SandboxieControl] "c:\program files\sandboxie\SbieCtrl.exe "
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimagehome\TimounterMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe "
mRun: [openvpn-gui] c:\program files\openvpn\bin\openvpn-gui.exe
mRun: [FreePDF Assistant] c:\program files\freepdf_xp\fpassist.exe
mRun: [beid] "c:\program files\belgium identity card\beid35gui.exe" /startup
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe "
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe "
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe "
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe "
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\documents and settings\vostropc4\start menu\programs\startup\exeHelper.com
StartupFolder: c:\docume~1\vostro~1\startm~1\programs\startup\google~1.lnk - c:\program files\google\google talk\googletalk.exe
StartupFolder: c:\docume~1\vostro~1\startm~1\programs\startup\powerm~1.lnk - c:\program files\powermenu\PowerMenu.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1281011098437
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.10.254
TCP: Interfaces\{66617496-7D74-49D9-B3E1-F3064C2E2846} : DhcpNameServer = 192.168.10.254
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\vostropc4\application data\mozilla\firefox\profiles\fmiyteqx.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.be
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff5.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - Ext: Belgium eID: belgiumeid@eid.belgium.be - c:\program files\mozilla firefox\extensions\belgiumeid@eid.belgium.be
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Pencil: pencil@evolus.vn - %profile%\extensions\pencil@evolus.vn
FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
FF - Ext: Belgium eID: belgiumeid@eid.belgium.be - %profile%\extensions\belgiumeid@eid.belgium.be
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\avg\avg10\Firefox4
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-5 297168]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-2-17 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67664]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2010-8-31 532224]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-6-29 116608]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-4-18 7398752]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-6-25 35088]
R2 TeamViewer5;TeamViewer 5;c:\program files\teamviewer\version5\TeamViewer_Service.exe [2010-11-17 2011944]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-4-14 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 27216]
R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2010-7-4 119016]
R3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [2004-6-24 23552]
S2 gupdate;Service Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-5-3 136176]
S2 PICOPP;Pico Technology Ltd USB Driver (picopp.sys);c:\windows\system32\drivers\picopp.sys [2010-9-14 86488]
S3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\drivers\a38usb.sys [2011-3-31 37632]
S3 FNETTHJM;Freecom Turbo USB 2.0;c:\windows\system32\drivers\fnetthjm.sys [2010-9-5 24448]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2011-5-10 30192]
S3 gupdatem;Service Google Update (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-5-3 136176]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [2010-11-26 102656]
S3 jlink;J-Link driver;c:\windows\system32\drivers\jlink.sys [2010-8-5 14208]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]
S3 NCBULK;MPLAB HS USB client driver;c:\windows\system32\drivers\RealICEBulk.SYS [2007-4-5 12160]
S3 silabenm;Fastrax GPS Evaluation Kit Port Serial Port Enumerator Driver;c:\windows\system32\drivers\silabenm.sys [2011-7-29 47176]
S3 silabser;Fastrax GPS Evaluation Kit Port Driver;c:\windows\system32\drivers\silabser.sys [2011-7-29 60744]
S3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\drivers\tapoas.sys [2010-7-21 26112]
S3 ubloxusb;ubloxusb;c:\windows\system32\drivers\ubloxusb.sys [2009-11-27 75264]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2005-9-23 2799808]
.
=============== Created Last 30 ================
.
2011-08-16 20:24:30 -------- d-----w- c:\program files\ESET
2011-08-16 20:19:52 -------- d-----w- c:\documents and settings\vostropc4\application data\AVG10
2011-08-16 20:07:05 -------- d-----w- c:\documents and settings\all users\application data\MFAData
2011-08-16 19:17:17 98816 ----a-w- c:\windows\sed.exe
2011-08-16 19:17:17 518144 ----a-w- c:\windows\SWREG.exe
2011-08-16 19:17:17 256000 ----a-w- c:\windows\PEV.exe
2011-08-16 19:17:17 208896 ----a-w- c:\windows\MBR.exe
2011-08-12 22:49:26 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-08-12 22:49:26 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2011-08-12 22:18:12 709968 ----a-w- c:\windows\is-36B32.exe
2011-08-12 22:17:10 9466208 ----a-w- C:\mbam-setup-1.51.1.1800.com
2011-08-11 03:15:31 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-11 03:15:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2011-08-05 08:08:19 -------- d-----w- c:\documents and settings\vostropc4\.MOOS
2011-08-05 08:06:51 -------- d-----w- c:\program files\MOOS Project Viewer
2011-08-03 14:03:28 -------- d-----w- c:\program files\u-blox
2011-07-29 08:54:23 60744 ----a-w- c:\windows\system32\drivers\silabser.sys
2011-07-29 08:54:23 47176 ----a-w- c:\windows\system32\drivers\silabenm.sys
2011-07-29 08:54:23 1461992 ----a-w- c:\windows\system32\WdfCoinstaller01009.dll
.
==================== Find3M ====================
.
2011-08-12 06:46:14 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-06 17:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 17:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36:30 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36:30 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:36:30 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05:13 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44:52 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 20:30:55,15 ===============

==================
DDS – attach.txt
==================

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 3/08/2010 18:20:13
System Uptime: 17/08/2011 20:15:15 (0 hours ago)
.
Motherboard: Dell Inc. | | 0WY383
Processor: Mobile AMD Sempron(tm) Processor 3600+ | Socket M2/S1G1 | 1994/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 74 GiB total, 17,949 GiB free.
D: is CDROM (CDFS)
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP260: 26/06/2011 10:13:12 - System Checkpoint
RP261: 28/06/2011 12:57:16 - System Checkpoint
RP262: 19/07/2011 12:50:34 - System Checkpoint
RP263: 20/07/2011 12:27:18 - Unsigned driver install
RP264: 20/07/2011 14:49:32 - Software Distribution Service 3.0
RP265: 22/07/2011 11:41:28 - System Checkpoint
RP266: 25/07/2011 18:59:04 - System Checkpoint
RP267: 27/07/2011 13:14:35 - System Checkpoint
RP268: 28/07/2011 13:39:01 - Unsigned driver install
RP269: 29/07/2011 10:55:10 - Unsigned driver install
RP270: 29/07/2011 10:56:55 - Installed Fastrax GPS WorkBench 4
RP271: 29/07/2011 11:53:46 - Unsigned driver install
RP272: 2/08/2011 16:27:58 - System Checkpoint
RP273: 4/08/2011 16:25:05 - System Checkpoint
RP274: 5/08/2011 22:22:31 - Software Distribution Service 3.0
RP275: 11/08/2011 15:05:47 - Software Distribution Service 3.0
RP276: 16/08/2011 18:22:11 - System Checkpoint
RP277: 16/08/2011 22:00:27 - InstallÃ© Java(TM) 6 Update 26
RP278: 16/08/2011 22:13:06 - InstallÃ© AVG 2011
RP279: 16/08/2011 22:13:57 - InstallÃ© AVG 2011
.
==== Installed Programs ======================
.
Acronis True Image Home
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.2 - FranÃ§ais
AMD Processor Driver
Assistant de connexion Windows Live
AT91-ISP v1.12 --- ATMEL AT91 ISP Solution
ATI - Utilitaire de dÃ©sinstallation du logiciel
ATI Display Driver
AVG 2011
Belgium e-ID middleware 3.5.3 (build 6193)
BinEditor 2.0 Personal
Broadcom 440x 10/100 Integrated Controller
calibre
Camtasia Studio 2
Chinese Simplified Fonts Support For Adobe Reader 9
Compatibility Pack for the 2007 Office system
Conexant HDA D330 MDC V.92 Modem
Cryptophane 0.7.0
Dell Driver Download Manager
Dell Touchpad
Dell Wireless WLAN Card Utility
Devart dbForge Schema Compare for MySQL, v2.30 Trial Edition
Dexpot
eCosPro 3.0.9.1
EQATEC Profiler
ESET Online Scanner v3
EVK-5
ExamDiff Pro 3.3
Fastrax GPS WorkBench 4
FileAlyzer
FreePDF (Remove only)
GIMP 2.6.11
Git version 1.7.3.1-preview20101002
GNU Privacy Guard
Google Desktop
Google Talk (remove only)
Google Update Helper
Google Earth
GPL Ghostscript 8.71
gputils
HI-TECH C Compiler for the PIC10/12/16 MCUs V9.71aPL1
HI-TECH C Compiler for the PIC10/12/16 MCUs V9.81PL0
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB981793)
IAR Embedded Workbench Evaluation for ARM 4.41A
InfoRapid Search & Replace
Installation Windows Live
J-Link ARM V4.14g
Japanese Fonts Support For Adobe Reader 9
Java(TM) 6 Update 18
Kantaris Media Player 0.6.6
Lapin Malin Ã‰veil
Logic
Malwarebytes' Anti-Malware version 1.51.1.1800
Microsoft .NET Compact Framework 1.0 SP3 Developer
Microsoft .NET Compact Framework 2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Device Emulator version 1.0 - ENU
Microsoft Document Explorer 2005
Microsoft FrontPage Client - English
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office Professional Edition 2003
Microsoft Office Visio Professional 2003
Microsoft Silverlight
Microsoft SQL Server 2005 Mobile [ENU] Developer Tools
Microsoft User-Mode Driver Framework Feature Pack 1.7
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Visual J# .NET Redistributable Package 1.1
Microsoft Visual Studio .NET Enterprise Architect 2003 - English
Microsoft Visual Studio 2005 Team Edition for Software Developers - ENU
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft WinUsb 1.0
Mobistar Internet Everywhere
MOOS Project Viewer
Mozilla Firefox (3.6.18)
MPLAB ICD 3 Firmware Patch for MPLAB IDE v8.33
MPLAB Tools v8.36
MPLAB Tools v8.53
MPLAB Tools v8.63
MSVCRT
MSXML 6.0 Parser (KB933579)
MySQL Connector/ODBC 5.1
MySQL Tools for 5.0
MySQL Workbench 5.2 CE
NETCommOCX
OKI Color Swatch Utility
OKI Network Extension
OpenVPN 2.0.7-gui-1.0.3
Outil de tÃ©lÃ©chargement Windows Live
PicoScope 6
PowerMenu 1.51
Quest Software Toad for MySQL Freeware 5.0
RedMon - Redirection Port Monitor
Sandboxie 3.46
SDCC
sdcc-mplab
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2124261)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2290570)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB970483)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
SigmaTel Audio
Skype Toolbars
Skype™ 5.3
SUPERAntiSpyware
SyncBack
Tail for Win32
TeamViewer 5
TortoiseGit 1.5.8.0 (32 bit)
TortoiseSVN 1.6.10.19898 (32 bit)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB982632)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Virtual Desktop Manager Powertoy for Windows XP
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual Studio .NET Enterprise Architect 2003 - English
Visual Studio.NET Baseline - English
VLC media player 1.1.5
VNC Free Edition 4.1.3
WebFldrs XP
WinDirStat 1.1.2
Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04)
Windows Driver Package - Saleae LLC (WinUSB) USB (11/02/2006 6.0.6000.16387)
Windows Driver Package - Segger (jlink) USB (01/09/2007 2.6.5.0)
Windows Driver Package - u-blox AG (ubloxusb) Ports (09/12/2008 1.2.0.1)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
Windows XP Service Pack 3
WinPcap 4.1.2
WinRAR archiver
Wireshark 1.4.3
YAGARTO 4.3.3
ZoneAlarm
.
==== Event Viewer Messages From Past Week ========
.
17/08/2011 8:19:50, error: Service Control Manager [7034] - The VNC Server Version 4 service terminated unexpectedly. It has done this 1 time(s).
17/08/2011 8:19:50, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
17/08/2011 8:19:50, error: Service Control Manager [7034] - The Acronis Try And Decide Service service terminated unexpectedly. It has done this 1 time(s).
17/08/2011 8:19:50, error: Service Control Manager [7031] - The TeamViewer 5 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
17/08/2011 8:19:49, error: Service Control Manager [7034] - The Sandboxie Service service terminated unexpectedly. It has done this 1 time(s).
17/08/2011 8:19:49, error: Service Control Manager [7034] - The Acronis Scheduler2 Service service terminated unexpectedly. It has done this 1 time(s).
17/08/2011 14:06:18, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
16/08/2011 21:20:13, error: Service Control Manager [7034] - The Dell Wireless WLAN Tray Service service terminated unexpectedly. It has done this 1 time(s).
16/08/2011 21:10:06, error: Service Control Manager [7034] - The AVG WatchDog service terminated unexpectedly. It has done this 2 time(s).
16/08/2011 21:10:05, error: Service Control Manager [7031] - The AVG WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
16/08/2011 21:00:13, error: Service Control Manager [7031] - The SAS Core Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
16/08/2011 19:15:18, error: Dhcp [1002] - The IP address lease 10.8.0.30 for the Network Card with network address 00FFA2DC9E66 has been denied by the DHCP server 10.8.0.70 (The DHCP Server sent a DHCPNACK message).
16/08/2011 16:33:23, error: Dhcp [1002] - The IP address lease 10.8.0.30 for the Network Card with network address 00FFA2DC9E66 has been denied by the DHCP server 10.8.0.29 (The DHCP Server sent a DHCPNACK message).
16/08/2011 16:21:34, error: Dhcp [1002] - The IP address lease 10.8.0.69 for the Network Card with network address 00FFA2DC9E66 has been denied by the DHCP server 10.8.0.29 (The DHCP Server sent a DHCPNACK message).
12/08/2011 8:41:12, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service IISADMIN with arguments " " in order to run the server: {A9E69610-B80D-11D0-B9B9-00A0C922E750}
12/08/2011 8:40:23, error: Service Control Manager [7000] - The Pico Technology Ltd USB Driver (picopp.sys) service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
12/08/2011 23:28:08, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AmdK8 Avgldx86 Avgmfx86 Fips SASKUTIL sptd
12/08/2011 23:27:33, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/08/2011 23:26:40, error: sptd [4] - Driver detected an internal error in its data structures for .
12/08/2011 21:43:13, error: Service Control Manager [7000] - The SASDIFSV service failed to start due to the following error: Cannot create a file when that file already exists.
12/08/2011 20:13:34, error: Dhcp [1002] - The IP address lease 10.8.0.69 for the Network Card with network address 00FFA2DC9E66 has been denied by the DHCP server 10.8.0.70 (The DHCP Server sent a DHCPNACK message).
12/08/2011 18:04:04, error: Dhcp [1002] - The IP address lease 192.168.10.64 for the Network Card with network address 00225F18625B has been denied by the DHCP server 192.168.10.254 (The DHCP Server sent a DHCPNACK message).
12/08/2011 17:52:03, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
12/08/2011 17:51:42, error: Dhcp [1002] - The IP address lease 192.168.1.227 for the Network Card with network address 00225F18625B has been denied by the DHCP server 192.168.1.254 (The DHCP Server sent a DHCPNACK message).
.
==== End Of File ===========================

broni · 2011/08/17

Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running tools or applying updates other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

====================================================

Please download Rootkit Unhooker from one of the following links and save it to your desktop.

Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)

In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can download, install and use the free 7-zip utility.

Double-click on RKUnhookerLE.exe to start the program.
Vista/Windows 7 users right-click and select Run As Administrator.

Click the Report tab, then click Scan.

Check Drivers, Stealth, and uncheck the rest.

Click OK.

Wait until it's finished and then go to File > Save Report.

Save the report to your Desktop.

Copy and paste the contents of the report into your next reply.

-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay? ".

maternag · 2011/08/18

Hello,

Here is th log from RKUnhookerLE.EXE:

RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>Drivers
==============================================
0xBF0E3000 C:\WINDOWS\System32\ati3duag.dll 2519040 bytes (ATI Technologies Inc. , ati3duag.dll)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2069376 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2069376 bytes
0x804D7000 RAW 2069376 bytes
0x804D7000 WMIxWDM 2069376 bytes
0xBF800000 Win32k 1859584 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1859584 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xB9948000 C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 1847296 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Miniport Driver)
0xAD161000 C:\WINDOWS\system32\DRIVERS\bcmwl5.sys 1290240 bytes (Broadcom Corporation, Broadcom 802.11 Network Adapter wireless driver)
0xB1384000 C:\WINDOWS\system32\drivers\sthda.sys 1171456 bytes (SigmaTel, Inc., NDRC)
0xBF34A000 C:\WINDOWS\System32\ativvaxx.dll 1093632 bytes (ATI Technologies Inc. , Radeon Video Acceleration Universal Driver)
0xB9EB4000 PCI_PNP9408 995328 bytes
0xB9EB4000 sptd 995328 bytes
0xB9EB4000 spwy.sys 995328 bytes
0xB1555000 C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys 991232 bytes (Conexant Systems, Inc., HSF_DP driver)
0xB14A2000 C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 733184 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xB9D17000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xB11BC000 C:\WINDOWS\System32\vsdatant.sys 528384 bytes (Check Point Software Technologies LTD, ZoneAlarm Firewalling Driver)
0xB10DD000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB9C7F000 timntr.sys 438272 bytes (Acronis, Acronis True Image Backup Archive Explorer)
0xB9765000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xB12AC000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xB9C26000 tdrpman.sys 364544 bytes (Acronis, Acronis Try&Decide and Restore Points Volume Filter Driver)
0xAE52F000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xBF055000 C:\WINDOWS\System32\ati2cqag.dll 294912 bytes (ATI Technologies Inc., Central Memory Manager / Queue Server Module)
0xBF455000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xB1265000 C:\WINDOWS\system32\DRIVERS\avgtdix.sys 290816 bytes (AVG Technologies CZ, s.r.o., AVG Network connection watcher)
0xBF09D000 C:\WINDOWS\System32\atikvmag.dll 286720 bytes (ATI Technologies Inc., Virtual Command And Memory Manager)
0xBF012000 C:\WINDOWS\System32\ati2dvag.dll 274432 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Display Driver)
0xADC53000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xB1053000 C:\WINDOWS\system32\DRIVERS\avgldx86.sys 245760 bytes (AVG Technologies CZ, s.r.o., AVG AVI Loader Driver)
0xB9843000 C:\WINDOWS\System32\Drivers\acbx1jzn.SYS 233472 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xB9890000 C:\WINDOWS\system32\DRIVERS\SynTP.sys 217088 bytes (Synaptics, Inc., Synaptics Touchpad Driver)
0xB1647000 C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys 212992 bytes (Conexant Systems, Inc., HSF_HWAZL WDM driver)
0xB97C3000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xB9E6E000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xAE777000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xB9CEA000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xA4C8A000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xB114D000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB98C5000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows (R) Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xB123D000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xB9E18000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xB10B7000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xAD8DC000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xB1360000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB9910000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB98ED000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xB119A000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xB1178000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0x806D1000 ACPI_HAL 131840 bytes
0x806D1000 C:\WINDOWS\system32\hal.dll 131840 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xAE054000 C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys 131072 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Driver.)
0xB9DE0000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xB9E3E000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xAEA74000 C:\Program Files\Sandboxie\SbieDrv.sys 126976 bytes (tzuk, Sandboxie Kernel Mode Driver)
0xB9C07000 snapman.sys 126976 bytes (Acronis, Acronis Snapshot API)
0xB9BED000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xB9E00000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xB0FC3000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xB9E9C000 C:\WINDOWS\System32\Drivers\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xB9DB7000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB982C000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xAE672000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB987C000 C:\WINDOWS\system32\DRIVERS\sdbus.sys 81920 bytes (Microsoft Corporation, SecureDigital Bus Driver)
0xB9934000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xB1305000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xB9DA4000 WudfPf.sys 77824 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xB9DCE000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xB9E5D000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB981B000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xBA288000 C:\WINDOWS\system32\DRIVERS\AmdK8.sys 65536 bytes (Advanced Micro Devices, AMD Processor Driver)
0xBA2E8000 C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys 65536 bytes (Broadcom Corporation, Broadcom Corporation NDIS 5.1 ethernet driver)
0xBA248000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xBA2B8000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xBA178000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xBA2C8000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xAEB0B000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xBA168000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xBA2F8000 C:\WINDOWS\system32\DRIVERS\rimmptsk.sys 57344 bytes (REDC, RICOH MMC Driver)
0xBA0E8000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xBA2D8000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xBA308000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xBA0C8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xBA188000 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys 49152 bytes (AVG Technologies CZ, s.r.o., AVG Resident Shield Minifilter Driver)
0xBA0F8000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xBA1C8000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xBA2A8000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xBA0B8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xBA318000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xBA0A8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xBA138000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xBA118000 C:\WINDOWS\system32\DRIVERS\tap0801.sys 40960 bytes (The OpenVPN Project, TAP-Win32 Virtual Network Driver)
0xBA128000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xBA1E8000 C:\WINDOWS\system32\DRIVERS\tifsfilt.sys 40960 bytes (Acronis, Acronis True Image File System Filter)
0xAD0F6000 C:\WINDOWS\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0xBA0D8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xBA268000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xBA108000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xBA1A8000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xBA1D8000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xBA490000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xBA380000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xBA3F8000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xBA338000 avgrkx86.sys 28672 bytes (AVG Technologies CZ, s.r.o., AVG Anti-Rootkit Driver)
0xBA438000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xBA3E0000 C:\DOCUME~1\VOSTRO~1\LOCALS~1\Temp\mbr.sys 28672 bytes
0xBA440000 C:\WINDOWS\system32\drivers\npf.sys 28672 bytes (CACE Technologies, Inc., npf.sys (NT5/6 x86) Kernel Driver)
0xBA328000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xBA400000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xBA408000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xBA388000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0xBA370000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xBA4B0000 C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys 20480 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Filter Driver.)
0xBA3E8000 C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys 20480 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Loader Driver.)
0xBA378000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xBA330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xBA478000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xBA480000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xBA470000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xBA3F0000 C:\WINDOWS\system32\DRIVERS\usbohci.sys 20480 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0xBA430000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xBA4C8000 AVGIDSEH.Sys 16384 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Helper Driver.)
0xBA4C0000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xB9B57000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xAE7B4000 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver)
0xB9B37000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xAEBAF000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xBA4C4000 ACPIEC.sys 12288 bytes (Microsoft Corporation, ACPI Embedded Controller Driver)
0xBA4B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xBA4BC000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xB0FEF000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xB0FEB000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xB0FDF000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xB9B53000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xB9BA9000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xB9B6F000 C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 12288 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0xBA5E8000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xBA5AC000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xBA630000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xBA5E6000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xBA5A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xBA5EA000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xBA5EC000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xBA5D8000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xBA5D2000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xBA5AA000 C:\WINDOWS\System32\Drivers\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xBA7A5000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xBA787000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xBA74D000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xBA671000 C:\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS 4096 bytes (Microsoft Corporation, ACPI Operation Registration Driver)
0xBA670000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x8A5881F8 unknown_irp_handler 3592 bytes
0x8A2951F8 unknown_irp_handler 3592 bytes
0x8A2D01F8 unknown_irp_handler 3592 bytes
0x8A5F61F8 unknown_irp_handler 3592 bytes
0x8A2EF1F8 unknown_irp_handler 3592 bytes
0x8A58A1F8 unknown_irp_handler 3592 bytes
0x8A3BB1F8 unknown_irp_handler 3592 bytes
0x8A0CC500 unknown_irp_handler 2816 bytes
0x89FDD500 unknown_irp_handler 2816 bytes
0x89FF1500 unknown_irp_handler 2816 bytes
0x89C84500 unknown_irp_handler 2816 bytes
==============================================
>Stealth
==============================================
WARNING: File locked for read access [C:\WINDOWS\system32\drivers\sptd.sys]

broni · 2011/08/18

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

[color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

[color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

maternag · 2011/08/19

Here is the ComboFix log:

ComboFix 11-08-18.03 - vostropc4 19/08/2011 9:39.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.32.1033.18.1918.1349 [GMT 2:00]
LancÃ© depuis: c:\documents and settings\vostropc4\Desktop\ComboFix.exe
FW: ZoneAlarm Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((((((( Fichiers crÃ©Ã©s du 2011-07-19 au 2011-08-19 ))))))))))))))))))))))))))))))))))))
.
.
2011-08-16 20:24 . 2011-08-16 20:24 -------- d-----w- c:\program files\ESET
2011-08-16 20:01 . 2011-08-16 20:01 -------- d-----w- c:\program files\Common Files\Java
2011-08-12 22:49 . 2011-08-16 19:11 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-08-12 22:49 . 2011-08-16 19:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-08-12 22:18 . 2011-08-12 22:18 709968 ----a-w- c:\windows\is-36B32.exe
2011-08-12 22:17 . 2011-08-12 22:17 9466208 ----a-w- C:\mbam-setup-1.51.1.1800.com
2011-08-11 03:15 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-11 03:15 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2011-08-05 08:08 . 2011-08-05 08:33 -------- d-----w- c:\documents and settings\vostropc4\.MOOS
2011-08-05 08:06 . 2011-08-05 08:06 -------- d-----w- c:\program files\MOOS Project Viewer
2011-08-03 14:03 . 2011-08-03 14:03 -------- d-----w- c:\program files\u-blox
2011-07-29 08:54 . 2010-07-07 09:23 60744 ----a-w- c:\windows\system32\drivers\silabser.sys
2011-07-29 08:54 . 2010-07-07 09:23 47176 ----a-w- c:\windows\system32\drivers\silabenm.sys
2011-07-29 08:54 . 2010-07-07 09:23 1461992 ----a-w- c:\windows\system32\WdfCoinstaller01009.dll
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-12 06:46 . 2011-05-21 09:21 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-15 13:29 . 2004-08-04 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2004-08-04 12:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-06 17:52 . 2010-08-05 08:46 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 17:52 . 2010-08-05 08:46 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-24 14:10 . 2010-08-03 16:12 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:36 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2004-08-04 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-06-02 14:02 . 2004-08-04 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-10 15:43 . 2011-05-10 15:43 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-08-16_19.34.22 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-08-19 07:21 . 2011-08-19 07:21 16384 c:\windows\Temp\Perflib_Perfdata_438.dat
+ 2010-09-20 21:07 . 2010-09-20 21:07 70584 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA76301B7449A0400000010\9.4.0\adobeextractfiles.dll
+ 2011-08-19 07:07 . 2011-08-19 07:07 247272 c:\windows\system32\ZoneLabs\Updates\unpacked==FFUPDATE=ffupdate_10_tcwlist_x86.zip\UpdZAEX.exe
+ 2011-08-16 20:00 . 2011-05-04 02:52 157472 c:\windows\system32\javaws.exe
+ 2011-08-16 20:00 . 2011-05-04 02:52 145184 c:\windows\system32\javaw.exe
- 2010-08-04 20:45 . 2010-08-04 20:45 145184 c:\windows\system32\javaw.exe
+ 2011-08-16 20:00 . 2011-05-04 02:52 145184 c:\windows\system32\java.exe
- 2010-08-04 20:45 . 2010-08-04 20:45 145184 c:\windows\system32\java.exe
+ 2010-08-04 20:45 . 2011-05-04 02:52 472808 c:\windows\system32\deployJava1.dll
+ 2011-08-16 20:01 . 2011-08-16 20:01 203776 c:\windows\Installer\1a5ccd.msi
+ 2010-09-20 21:07 . 2010-09-20 21:07 338856 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA76301B7449A0400000010\9.4.0\readerupdater.exe
+ 2010-09-20 21:07 . 2010-09-20 21:07 932288 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA76301B7449A0400000010\9.4.0\adobearm.exe
+ 2010-09-20 21:07 . 2010-09-20 21:07 338856 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA76301B7449A0400000010\9.4.0\acrobatupdater.exe
+ 2011-08-16 20:16 . 2011-08-16 20:16 3489280 c:\windows\Installer\1a5cd9.msi
+ 2011-08-16 20:13 . 2011-08-16 20:13 1611776 c:\windows\Installer\1a5cd2.msi
+ 2011-06-08 04:39 . 2011-06-08 04:39 19798016 c:\windows\Installer\4e418a.msp
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les Ã©lÃ©ments vides & les Ã©lÃ©ments initiaux lÃ©gitimes ne sont pas listÃ©s
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@= "{C5994560-53D9-4125-87C9-F193FC689CB2} "
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@= "{C5994561-53D9-4125-87C9-F193FC689CB2} "
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@= "{C5994562-53D9-4125-87C9-F193FC689CB2} "
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@= "{C5994563-53D9-4125-87C9-F193FC689CB2} "
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@= "{C5994564-53D9-4125-87C9-F193FC689CB2} "
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@= "{C5994565-53D9-4125-87C9-F193FC689CB2} "
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@= "{C5994566-53D9-4125-87C9-F193FC689CB2} "
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@= "{C5994567-53D9-4125-87C9-F193FC689CB2} "
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@= "{C5994568-53D9-4125-87C9-F193FC689CB2} "
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SandboxieControl "= "c:\program files\Sandboxie\SbieCtrl.exe" [2010-07-04 398568]
"msnmsgr "= "c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"Skype "= "c:\program files\Skype\Phone\Skype.exe" [2011-05-26 15147400]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp "= "c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"Broadcom Wireless Manager UI "= "c:\windows\system32\WLTRAY.exe" [2008-10-24 2220032]
"TrueImageMonitor.exe "= "c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2008-04-09 2595792]
"AcronisTimounterMonitor "= "c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2008-04-09 909208]
"Acronis Scheduler2 Service "= "c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2008-04-09 136472]
"openvpn-gui "= "c:\program files\OpenVPN\bin\openvpn-gui.exe" [2005-08-18 99328]
"FreePDF Assistant "= "c:\program files\FreePDF_XP\fpassist.exe" [2009-09-05 385024]
"beid "= "c:\program files\Belgium Identity Card\beid35gui.exe" [2010-02-05 2056192]
"ZoneAlarm Client "= "c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-06-23 1043968]
"SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 1024000]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Google Desktop Search "= "c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2011-05-10 30192]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE "= "c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\vostropc4\Start Menu\Programs\Startup\
exeHelper.com [2011-8-16 294400]
Google Talk.lnk - c:\program files\Google\Google Talk\googletalk.exe [2007-11-21 3297280]
PowerMenu.lnk - c:\program files\PowerMenu\PowerMenu.exe [2002-12-20 57344]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-12 113024]
"{56F9679E-7826-4C84-81F3-532071A8BCC5} "= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=" "
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@= "Driver "
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring "=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications "= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\Program Files\\SEGGER\\JLinkARM_V414g\\JLinkGDBServer.exe "=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe "=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe "=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe "=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe "=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer_Service.exe "=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe "=
"c:\\Program Files\\Skype\\Phone\\Skype.exe "=
"c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe "=
"c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe "=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [5/08/2010 13:46 691696]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [17/02/2010 20:25 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 20:41 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [29/06/2010 19:48 116608]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [25/06/2010 19:07 35088]
R2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [17/11/2010 22:54 2011944]
R3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [24/06/2004 3:54 23552]
S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/05/2011 15:23 136176]
S2 PICOPP;Pico Technology Ltd USB Driver (picopp.sys);c:\windows\system32\drivers\picopp.sys [14/09/2010 15:13 86488]
S3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\drivers\a38usb.sys [31/03/2011 7:45 37632]
S3 FNETTHJM;Freecom Turbo USB 2.0;c:\windows\system32\drivers\fnetthjm.sys [5/09/2010 20:59 24448]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [10/05/2011 17:43 30192]
S3 gupdatem;Service Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/05/2011 15:23 136176]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [26/11/2010 12:21 102656]
S3 jlink;J-Link driver;c:\windows\system32\drivers\jlink.sys [5/08/2010 12:25 14208]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 NCBULK;MPLAB HS USB client driver;c:\windows\system32\drivers\RealICEBulk.SYS [5/04/2007 11:08 12160]
S3 silabenm;Fastrax GPS Evaluation Kit Port Serial Port Enumerator Driver;c:\windows\system32\drivers\silabenm.sys [29/07/2011 10:54 47176]
S3 silabser;Fastrax GPS Evaluation Kit Port Driver;c:\windows\system32\drivers\silabser.sys [29/07/2011 10:54 60744]
S3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\drivers\tapoas.sys [21/07/2010 3:30 26112]
S3 ubloxusb;ubloxusb;c:\windows\system32\drivers\ubloxusb.sys [27/11/2009 8:40 75264]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [23/09/2005 8:01 2799808]
.
Contenu du dossier 'TÃ¢ches planifiÃ©es'
.
2011-08-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-03 13:23]
.
2011-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-03 13:23]
.
.
------- Examen supplÃ©mentaire -------
.
uStart Page = hxxp://www.google.be/
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.2
FF - ProfilePath - c:\documents and settings\vostropc4\Application Data\Mozilla\Firefox\Profiles\fmiyteqx.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.be
FF - Ext: Belgium eID: belgiumeid@eid.belgium.be - c:\program files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Pencil: pencil@evolus.vn - %profile%\extensions\pencil@evolus.vn
FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
FF - Ext: Belgium eID: belgiumeid@eid.belgium.be - %profile%\extensions\belgiumeid@eid.belgium.be
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\AVG\AVG10\Firefox4
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-19 09:45
Windows 5.1.2600 Service Pack 3 NTFS
.
Recherche de processus cachÃ©s ...
.
Recherche d'Ã©lÃ©ments en dÃ©marrage automatique cachÃ©s ...
.
Recherche de fichiers cachÃ©s ...
.
Scan terminÃ© avec succÃ¨s
Fichiers cachÃ©s: 0
.
**************************************************************************
.
--------------------- DLLs chargÃ©es dans les processus actifs ---------------------
.
- - - - - - - > 'winlogon.exe'(1152)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3416)
c:\windows\system32\WININET.dll
c:\program files\PowerMenu\PowerMenuHook.dll
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseSVN\bin\TortoiseStub.dll
c:\program files\TortoiseSVN\bin\TortoiseSVN.dll
c:\program files\TortoiseSVN\bin\intl3_tsvn.dll
c:\program files\TortoiseGit\bin\TortoiseGit.dll
c:\program files\TortoiseGit\bin\gitdll.dll
c:\program files\TortoiseGit\bin\zlib1.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Heure de fin: 2011-08-19 09:47:34
ComboFix-quarantined-files.txt 2011-08-19 07:47
ComboFix2.txt 2011-08-16 19:43
.
Avant-CF: 19.544.498.176 bytes free
AprÃ¨s-CF: 19.565.809.664 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug= "do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS= "Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 9082BC60F3CD3CE2E00DD45C1415B411

broni · 2011/08/19

Looks clean.

How is computer doing?

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Click the Scan All Users checkbox.

Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

maternag · 2011/08/22

Hello,

It is still the same. On each computer start, I cannot start any ".exe" and these registry entries systematically disappear from the registry:
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.exe]
@= "exefile "
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
@= "\ "%1\" %* "

Any clue on how to determine "what" modifies these registry keys between shutdown and start?

Here are the OTL logs:

=========
OTL.txt
=========
OTL logfile created on: 22/08/2011 12:03:00 - Run 1
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Documents and Settings\vostropc4\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000080C | Country: Belgium | Language: FRB | Date Format: d/MM/yyyy

1,87 Gb Total Physical Memory | 1,14 Gb Available Physical Memory | 61,05% Memory free
3,72 Gb Paging File | 3,15 Gb Available in Paging File | 84,72% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,40 Gb Total Space | 18,26 Gb Free Space | 24,55% Space Free | Partition Type: NTFS
Drive D: | 25,95 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive K: | 74,40 Gb Total Space | 18,26 Gb Free Space | 24,55% Space Free | Partition Type: NTFS

Computer Name: VOSTRO-PC4 | User Name: vostropc4 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/22 12:01:38 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\vostropc4\Desktop\OTL.exe
PRC - [2011/08/12 21:44:17 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2010/10/19 14:29:03 | 006,917,416 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version5\TeamViewer.exe
PRC - [2010/10/19 14:29:03 | 002,011,944 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2010/07/16 17:32:34 | 000,619,800 | ---- | M] (http://tortoisesvn.net) -- C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
PRC - [2010/07/04 11:49:16 | 000,398,568 | ---- | M] (tzuk) -- C:\Program Files\Sandboxie\SbieCtrl.exe
PRC - [2010/07/04 11:49:14 | 000,075,496 | ---- | M] (tzuk) -- C:\Program Files\Sandboxie\SbieSvc.exe
PRC - [2010/06/23 13:52:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2010/06/23 13:51:30 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2009/09/05 17:29:06 | 000,385,024 | ---- | M] (shbox.de) -- C:\Program Files\FreePDF_XP\fpassist.exe
PRC - [2008/10/15 18:13:58 | 000,439,632 | ---- | M] (RealVNC Ltd.) -- C:\Program Files\RealVNC\VNC4\winvnc4.exe
PRC - [2008/04/14 02:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/09 21:42:00 | 000,492,896 | ---- | M] () -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
PRC - [2008/04/09 20:23:22 | 000,909,208 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
PRC - [2008/04/09 20:14:28 | 000,136,472 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2008/04/09 20:14:18 | 000,431,384 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2008/04/09 20:11:24 | 002,595,792 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2007/11/21 04:12:27 | 003,297,280 | ---- | M] (Google) -- C:\Program Files\Google\Google Talk\googletalk.exe
PRC - [2007/05/10 10:22:32 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
PRC - [2005/08/18 10:55:00 | 000,099,328 | ---- | M] () -- C:\Program Files\OpenVPN\bin\openvpn-gui.exe
PRC - [2002/12/20 01:17:56 | 000,057,344 | ---- | M] (Thong Nguyen) -- C:\Program Files\PowerMenu\PowerMenu.exe

========== Modules (No Company Name) ==========

MOD - [2010/10/02 14:45:20 | 000,060,416 | ---- | M] () -- C:\Program Files\TortoiseGit\bin\zlib1.dll
MOD - [2010/02/05 20:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2009/02/27 17:37:16 | 000,311,296 | ---- | M] () -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\pdfshell.FRA
MOD - [2008/10/24 18:00:32 | 000,143,360 | ---- | M] () -- C:\WINDOWS\system32\preflib.dll
MOD - [2008/10/24 18:00:12 | 000,753,664 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll
MOD - [2008/04/14 02:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 02:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/04/09 21:42:00 | 000,492,896 | ---- | M] () -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
MOD - [2008/04/09 18:46:56 | 001,328,408 | ---- | M] () -- C:\Program Files\Acronis\TrueImageHome\fox.dll
MOD - [2006/04/05 10:13:26 | 000,948,224 | ---- | M] () -- C:\Program Files\OpenVPN\bin\libeay32.dll
MOD - [2005/08/18 10:55:00 | 000,099,328 | ---- | M] () -- C:\Program Files\OpenVPN\bin\openvpn-gui.exe
MOD - [2005/01/06 18:33:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\redmonnt.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/08/12 21:44:17 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2010/10/19 14:29:03 | 002,011,944 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2010/07/04 11:49:14 | 000,075,496 | ---- | M] (tzuk) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2010/06/25 19:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2010/06/23 13:52:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2008/10/15 18:13:58 | 000,439,632 | ---- | M] (RealVNC Ltd.) [Auto | Running] -- C:\Program Files\RealVNC\VNC4\winvnc4.exe -- (WinVNC4)
SRV - [2008/04/14 02:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2008/04/14 02:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2008/04/09 21:42:00 | 000,492,896 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe -- (TryAndDecideService)
SRV - [2008/04/09 20:14:18 | 000,431,384 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2006/04/05 10:14:04 | 000,016,384 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2005/09/23 08:01:16 | 002,799,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80)

========== Driver Services (SafeList) ==========

DRV - [2011/08/12 21:44:01 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/08/12 21:44:01 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/11/16 09:53:48 | 000,073,096 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2010/09/14 15:13:28 | 000,086,488 | ---- | M] (Pico Technology) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\picopp.sys -- (PICOPP) Pico Technology Ltd USB Driver (picopp.sys)
DRV - [2010/09/05 20:59:35 | 000,024,448 | ---- | M] (FNet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fnetthjm.sys -- (FNETTHJM)
DRV - [2010/08/05 13:46:07 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/08/04 22:37:25 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2010/08/04 22:37:25 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2010/08/04 22:37:13 | 000,132,224 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2010/08/04 22:36:56 | 000,368,480 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpman.sys -- (tdrpman)
DRV - [2010/07/21 03:30:20 | 000,026,112 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tapoas.sys -- (tapoas)
DRV - [2010/07/07 11:23:22 | 000,060,744 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\silabser.sys -- (silabser)
DRV - [2010/07/07 11:23:22 | 000,047,176 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\silabenm.sys -- (silabenm)
DRV - [2010/07/04 11:49:10 | 000,119,016 | ---- | M] (tzuk) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2010/06/25 19:07:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2010/05/13 10:02:32 | 000,532,224 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2009/12/15 02:18:46 | 000,037,632 | ---- | M] (Advanced Card Systems Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\a38usb.sys -- (ACSSCR)
DRV - [2009/11/27 08:40:02 | 000,075,264 | ---- | M] (u-blox AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ubloxusb.sys -- (ubloxusb)
DRV - [2009/10/22 15:11:14 | 000,057,800 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2008/12/30 12:55:20 | 000,102,656 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbfake.sys -- (hwusbfake)
DRV - [2008/12/13 12:26:38 | 000,102,400 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008/12/01 11:48:52 | 000,014,208 | ---- | M] (SEGGER Microcontroller Systeme GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\jlink.sys -- (jlink)
DRV - [2008/10/24 18:00:30 | 001,287,552 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2007/08/02 17:35:12 | 000,989,952 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/08/02 17:34:30 | 000,211,200 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007/08/02 17:34:26 | 000,731,136 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/05/10 10:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/04/05 12:08:16 | 000,012,160 | ---- | M] (PLX Technology, Inc. (visit www.PlxTech.com)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RealICEBulk.SYS -- (NCBULK)
DRV - [2006/11/21 04:25:44 | 000,045,568 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/11/15 00:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/02 08:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006/10/11 21:43:56 | 001,777,152 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/07/01 22:42:58 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/06/24 03:54:12 | 000,023,552 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tap0801.sys -- (tap0801)
DRV - [2003/07/16 14:27:40 | 000,043,264 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1614895754-1659004503-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
IE - HKU\S-1-5-21-1614895754-1659004503-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.be "
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: belgiumeid@eid.belgium.be:1.0.12
FF - prefs.js..extensions.enabledItems: pencil@evolus.vn:1.2.0
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.7.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1390

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/08/16 22:16:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/23 20:54:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/18 11:53:21 | 000,000,000 | ---D | M]

[2010/08/05 13:19:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\vostropc4\Application Data\Mozilla\Extensions
[2010/08/05 13:19:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\vostropc4\Application Data\Mozilla\Extensions\net.openvpn.client
[2011/08/18 23:54:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\vostropc4\Application Data\Mozilla\Firefox\Profiles\fmiyteqx.default\extensions
[2011/05/10 09:19:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\vostropc4\Application Data\Mozilla\Firefox\Profiles\fmiyteqx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/07/31 21:25:12 | 000,000,000 | ---D | M] (eID BelgiÃƒ«) -- C:\Documents and Settings\vostropc4\Application Data\Mozilla\Firefox\Profiles\fmiyteqx.default\extensions\belgiumeid@eid.belgium.be
[2011/06/21 09:30:43 | 000,000,000 | ---D | M] (Firebug) -- C:\Documents and Settings\vostropc4\Application Data\Mozilla\Firefox\Profiles\fmiyteqx.default\extensions\firebug@software.joehewitt.com
[2011/01/07 23:47:15 | 000,000,000 | ---D | M] ( "Pencil ") -- C:\Documents and Settings\vostropc4\Application Data\Mozilla\Firefox\Profiles\fmiyteqx.default\extensions\pencil@evolus.vn
[2011/08/18 23:54:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/06/07 11:50:39 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/08/04 22:45:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/08/16 22:01:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2010/08/05 16:46:56 | 000,000,000 | ---D | M] (eID BelgiÃƒ«) -- C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be
[2011/08/16 22:16:05 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4
[2010/08/04 22:45:20 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/03/17 14:46:15 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
[2011/03/17 14:46:15 | 000,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
[2011/03/17 14:46:15 | 000,000,757 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
[2011/03/17 14:46:15 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
[2011/03/17 14:46:15 | 000,000,956 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2011/08/16 21:33:04 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [beid] C:\Program Files\Belgium Identity Card\beid35gui.exe (Belgian Government)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [openvpn-gui] C:\Program Files\OpenVPN\bin\openvpn-gui.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-21-1614895754-1659004503-725345543-1003..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (tzuk)
O4 - Startup: C:\Documents and Settings\vostropc4\Start Menu\Programs\Startup\exeHelper.com ()
O4 - Startup: C:\Documents and Settings\vostropc4\Start Menu\Programs\Startup\Google Talk.lnk = C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - Startup: C:\Documents and Settings\vostropc4\Start Menu\Programs\Startup\PowerMenu.lnk = C:\Program Files\PowerMenu\PowerMenu.exe (Thong Nguyen)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1614895754-1659004503-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1614895754-1659004503-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1614895754-1659004503-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1614895754-1659004503-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O15 - HKU\S-1-5-21-1614895754-1659004503-725345543-1003\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-1614895754-1659004503-725345543-1003\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1281011098437 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/08/03 18:17:51 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/12/23 16:49:11 | 000,000,081 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.tscc - C:\WINDOWS\System32\tsccvid.dll (TechSmith Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/08/22 12:01:35 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\vostropc4\Desktop\OTL.exe
[2011/08/19 09:34:00 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/08/19 09:31:25 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/08/19 09:30:42 | 004,177,927 | R--- | C] (Swearware) -- C:\Documents and Settings\vostropc4\Desktop\ComboFix.exe
[2011/08/18 11:52:49 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/08/17 08:29:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\vostropc4\Application Data\Acronis
[2011/08/16 22:24:30 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/08/16 22:07:52 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\vostropc4\Desktop\TFC.exe
[2011/08/16 22:01:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/08/16 21:17:17 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/08/16 21:17:17 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/08/16 21:17:17 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/08/16 21:17:17 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/08/16 21:16:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/08/16 21:16:39 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/08/16 21:16:34 | 000,000,000 | R--D | C] -- C:\Documents and Settings\vostropc4\Start Menu\Programs\Administrative Tools
[2011/08/16 21:06:29 | 006,640,296 | ---- | C] (OPSWAT, Inc.) -- C:\Documents and Settings\vostropc4\Desktop\AppRemover.exe
[2011/08/16 20:57:48 | 004,174,902 | R--- | C] (Swearware) -- C:\Documents and Settings\vostropc4\Desktop\ComboFix_.exe
[2011/08/13 00:49:26 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/08/13 00:49:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/08/13 00:17:10 | 009,466,208 | ---- | C] (Malwarebytes Corporation ) -- C:\mbam-setup-1.51.1.1800.com
[2011/08/12 23:26:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2011/08/05 10:08:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\vostropc4\.MOOS
[2011/08/05 10:06:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\vostropc4\Start Menu\Programs\MOOS Project Viewer
[2011/08/05 10:06:51 | 000,000,000 | ---D | C] -- C:\Program Files\MOOS Project Viewer
[2011/08/03 16:03:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\vostropc4\Start Menu\Programs\u-blox
[2011/08/03 16:03:28 | 000,000,000 | ---D | C] -- C:\Program Files\u-blox
[2011/07/29 11:02:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\vostropc4\My Documents\Fastrax GPSWB Archive
[2011/07/29 10:54:23 | 000,060,744 | ---- | C] (Silicon Laboratories) -- C:\WINDOWS\System32\drivers\silabser.sys
[2011/07/29 10:54:23 | 000,047,176 | ---- | C] (Silicon Laboratories) -- C:\WINDOWS\System32\drivers\silabenm.sys
[2011/07/26 11:39:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth

========== Files - Modified Within 30 Days ==========

[2011/08/22 12:01:38 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\vostropc4\Desktop\OTL.exe
[2011/08/22 11:57:15 | 000,001,058 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/22 11:57:10 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/22 11:55:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/19 15:53:56 | 000,001,774 | -H-- | M] () -- C:\Documents and Settings\vostropc4\My Documents\Default.rdp
[2011/08/19 15:43:00 | 000,001,062 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/19 09:34:05 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/08/19 09:30:45 | 004,177,927 | R--- | M] (Swearware) -- C:\Documents and Settings\vostropc4\Desktop\ComboFix.exe
[2011/08/18 11:53:21 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/08/18 08:04:04 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\vostropc4\Desktop\RKUnhookerLE.EXE
[2011/08/17 21:14:18 | 000,094,785 | ---- | M] () -- C:\Documents and Settings\vostropc4\Desktop\Post.rtf
[2011/08/17 17:15:45 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\vostropc4\Desktop\MBR.dat
[2011/08/16 22:07:53 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\vostropc4\Desktop\TFC.exe
[2011/08/16 22:07:43 | 000,879,028 | ---- | M] () -- C:\Documents and Settings\vostropc4\Desktop\SecurityCheck.exe
[2011/08/16 21:33:04 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/08/16 21:06:33 | 006,640,296 | ---- | M] (OPSWAT, Inc.) -- C:\Documents and Settings\vostropc4\Desktop\AppRemover.exe
[2011/08/16 20:57:51 | 004,174,902 | R--- | M] (Swearware) -- C:\Documents and Settings\vostropc4\Desktop\ComboFix_.exe
[2011/08/16 20:57:19 | 000,294,400 | ---- | M] () -- C:\Documents and Settings\vostropc4\Start Menu\Programs\Startup\exeHelper.com
[2011/08/16 20:57:19 | 000,294,400 | ---- | M] () -- C:\Documents and Settings\vostropc4\Desktop\exeHelper.com
[2011/08/16 19:46:12 | 105,484,276 | ---- | M] () -- C:\Documents and Settings\vostropc4\Desktop\fullregistry_2.reg
[2011/08/16 18:03:41 | 105,520,902 | ---- | M] () -- C:\Documents and Settings\vostropc4\Desktop\fullregistry.reg
[2011/08/16 17:31:43 | 000,277,948 | ---- | M] () -- C:\Documents and Settings\vostropc4\Desktop\example-tcp.bin
[2011/08/13 01:17:03 | 000,001,134 | ---- | M] () -- C:\Documents and Settings\vostropc4\Desktop\FixNCR.reg
[2011/08/13 00:18:12 | 000,709,968 | ---- | M] () -- C:\WINDOWS\is-36B32.exe
[2011/08/13 00:18:12 | 000,010,498 | ---- | M] () -- C:\WINDOWS\is-36B32.msg
[2011/08/13 00:18:12 | 000,000,341 | ---- | M] () -- C:\WINDOWS\is-36B32.lst
[2011/08/13 00:17:10 | 009,466,208 | ---- | M] (Malwarebytes Corporation ) -- C:\mbam-setup-1.51.1.1800.com
[2011/08/12 23:24:18 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\vostropc4\Local Settings\Application Data\PUTTY.RND
[2011/08/12 21:47:34 | 000,004,769 | ---- | M] () -- C:\WINDOWS\seRapid.INI
[2011/08/12 21:44:13 | 000,004,064 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\x7j510s5ec5g1gsbv
[2011/08/12 21:44:12 | 000,004,064 | -HS- | M] () -- C:\Documents and Settings\vostropc4\Local Settings\Application Data\x7j510s5ec5g1gsbv
[2011/08/12 21:34:43 | 000,001,988 | ---- | M] () -- C:\Documents and Settings\vostropc4\Desktop\slve state.html
[2011/08/11 15:17:51 | 000,495,514 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/08/11 15:17:51 | 000,087,090 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/08/11 15:13:29 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/08/05 16:29:02 | 000,170,273 | ---- | M] () -- C:\Documents and Settings\vostropc4\Desktop\cfl.JPG
[2011/08/03 16:03:43 | 000,001,660 | ---- | M] () -- C:\Documents and Settings\vostropc4\Application Data\Microsoft\Internet Explorer\Quick Launch\u-center.lnk
[2011/07/29 10:57:01 | 000,000,879 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Fastrax GPS WorkBench 4.lnk
[2011/07/29 10:55:55 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_silabser_01009.Wdf
[2011/07/29 10:55:51 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2011/07/26 11:39:49 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google*Earth.lnk

========== Files Created - No Company Name ==========

[2011/08/19 09:34:05 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/08/19 09:34:02 | 000,263,488 | RHS- | C] () -- C:\cmldr
[2011/08/18 11:53:21 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/08/18 08:03:59 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\vostropc4\Desktop\RKUnhookerLE.EXE
[2011/08/17 17:15:45 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\vostropc4\Desktop\MBR.dat
[2011/08/17 10:42:05 | 000,094,785 | ---- | C] () -- C:\Documents and Settings\vostropc4\Desktop\Post.rtf
[2011/08/17 08:13:46 | 000,294,400 | ---- | C] () -- C:\Documents and Settings\vostropc4\Start Menu\Programs\Startup\exeHelper.com
[2011/08/16 22:07:42 | 000,879,028 | ---- | C] () -- C:\Documents and Settings\vostropc4\Desktop\SecurityCheck.exe
[2011/08/16 21:17:17 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/08/16 21:17:17 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/08/16 21:17:17 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/08/16 21:17:17 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/08/16 21:17:17 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/08/16 20:57:19 | 000,294,400 | ---- | C] () -- C:\Documents and Settings\vostropc4\Desktop\exeHelper.com
[2011/08/16 19:45:53 | 105,484,276 | ---- | C] () -- C:\Documents and Settings\vostropc4\Desktop\fullregistry_2.reg
[2011/08/16 18:02:55 | 105,520,902 | ---- | C] () -- C:\Documents and Settings\vostropc4\Desktop\fullregistry.reg
[2011/08/16 17:31:39 | 000,277,948 | ---- | C] () -- C:\Documents and Settings\vostropc4\Desktop\example-tcp.bin
[2011/08/13 01:17:03 | 000,001,134 | ---- | C] () -- C:\Documents and Settings\vostropc4\Desktop\FixNCR.reg
[2011/08/13 00:18:12 | 000,709,968 | ---- | C] () -- C:\WINDOWS\is-36B32.exe
[2011/08/13 00:18:12 | 000,010,498 | ---- | C] () -- C:\WINDOWS\is-36B32.msg
[2011/08/13 00:18:12 | 000,000,341 | ---- | C] () -- C:\WINDOWS\is-36B32.lst
[2011/08/12 21:36:35 | 000,004,064 | -HS- | C] () -- C:\Documents and Settings\vostropc4\Local Settings\Application Data\x7j510s5ec5g1gsbv
[2011/08/12 21:36:35 | 000,004,064 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\x7j510s5ec5g1gsbv
[2011/08/12 21:34:43 | 000,001,988 | ---- | C] () -- C:\Documents and Settings\vostropc4\Desktop\slve state.html
[2011/08/05 16:29:01 | 000,170,273 | ---- | C] () -- C:\Documents and Settings\vostropc4\Desktop\cfl.JPG
[2011/08/03 16:03:43 | 000,001,660 | ---- | C] () -- C:\Documents and Settings\vostropc4\Application Data\Microsoft\Internet Explorer\Quick Launch\u-center.lnk
[2011/07/29 10:57:01 | 000,000,879 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Fastrax GPS WorkBench 4.lnk
[2011/07/29 10:55:55 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_silabser_01009.Wdf
[2011/07/29 10:55:51 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2011/07/26 11:39:49 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google*Earth.lnk
[2011/03/31 07:45:46 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\usbr38.dll
[2011/02/16 12:47:38 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2011/02/07 16:36:34 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2011/02/07 16:36:34 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2011/02/07 16:08:11 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2011/02/07 16:08:11 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2011/02/07 16:08:11 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2011/02/07 16:08:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\serauth2.dll
[2011/02/07 16:08:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\serauth1.dll
[2011/02/07 16:08:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nsprs.dll
[2011/01/14 14:18:52 | 000,009,216 | ---- | C] () -- C:\Documents and Settings\vostropc4\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/06 14:29:06 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\MPMapTrace.dll
[2010/12/06 13:51:18 | 000,364,544 | ---- | C] () -- C:\WINDOWS\System32\mpPathan.dll
[2010/11/20 10:51:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2010/11/15 11:28:54 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/09/01 22:19:55 | 000,012,280 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/08/31 15:12:14 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/08/24 11:54:54 | 000,004,769 | ---- | C] () -- C:\WINDOWS\seRapid.INI
[2010/08/11 12:12:43 | 000,000,148 | ---- | C] () -- C:\WINDOWS\OPHN.INI
[2010/08/09 17:00:24 | 000,000,624 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/08/05 16:06:17 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2010/08/05 16:06:17 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\unredmon.exe
[2010/08/05 14:16:00 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\vostropc4\Local Settings\Application Data\fusioncache.dat
[2010/08/05 14:03:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\frontpg.ini
[2010/08/05 14:02:19 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2010/08/05 14:02:18 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2010/08/05 14:02:15 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2010/08/05 13:35:21 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\vostropc4\Local Settings\Application Data\PUTTY.RND
[2010/08/05 10:51:15 | 000,001,468 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
[2010/08/05 09:05:34 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/04 21:18:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/08/04 21:08:48 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2010/08/04 21:08:46 | 000,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2010/08/04 21:08:46 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2010/08/04 20:59:58 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2010/08/04 20:59:57 | 000,136,650 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010/08/03 19:44:06 | 000,004,370 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/08/03 19:42:48 | 000,142,032 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/03 18:20:17 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/08/03 18:14:22 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/06/25 19:03:12 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2009/08/28 11:07:52 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\belpicppgui.dll
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/11/14 11:38:12 | 004,014,080 | ---- | C] () -- C:\WINDOWS\System32\qt-mt334.dll
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2004/08/04 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 14:00:00 | 000,495,514 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 14:00:00 | 000,087,090 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 14:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 14:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 14:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/03/19 18:30:00 | 000,141,824 | ---- | C] () -- C:\WINDOWS\System32\msvdm.dll

========== LOP Check ==========

[2010/08/05 18:44:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2011/08/19 09:17:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/12/03 10:55:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/12/03 10:58:35 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/08/05 13:45:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2011/06/21 11:01:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Devart
[2010/08/05 16:06:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreePDF
[2010/08/11 12:12:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OPFH
[2010/08/11 12:12:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OPPU
[2011/06/21 10:17:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Quest Software
[2010/08/04 23:57:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Acronis
[2011/08/17 08:29:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vostropc4\Application Data\Acronis
[2010/08/31 09:24:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vostropc4\Application Data\AVG9
[2011/04/26 15:00:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vostropc4\Application Data\calibre
[2010/08/05 11:38:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vostropc4\Application Data\Christofer Persson
[2010/08/05 14:00:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vostropc4\Application Data\DAEMON Tools Lite
[2011/06/21 11:02:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vostropc4\Application Data\Devart
[2011/03/01 18:33:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vostropc4\Application Data\Dexpot
[2010/11/15 12:37:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vostropc4\Application Data\gnupg
[2011/04/19 13:12:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vostropc4\Application Data\gtk-2.0
[2011/02/07 16:08:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vostropc4\Application Data\IAR Embedded Workbench
[2011/08/05 12:19:02 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\vostropc4\Application Data\Microchip
[2011/08/13 01:31:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vostropc4\Application Data\MySQL
[2010/08/05 13:19:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vostropc4\Application Data\OpenVPN Technologies
[2011/06/21 10:17:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vostropc4\Application Data\Quest Software
[2010/12/01 12:45:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vostropc4\Application Data\Saleae LLC
[2010/08/05 13:16:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vostropc4\Application Data\Subversion
[2010/11/17 23:40:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vostropc4\Application Data\TeamViewer
[2010/08/05 14:46:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vostropc4\Application Data\Windows Desktop Search
[2010/08/05 15:27:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vostropc4\Application Data\Windows Search
[2011/02/25 02:08:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vostropc4\Application Data\Wireshark

========== Purity Check ==========

The rest follows in next post...

maternag · 2011/08/22

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2010/08/03 18:17:51 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/08/03 18:11:42 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/08/19 09:34:05 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:08 | 000,263,488 | RHS- | M] () -- C:\cmldr
[2011/08/19 09:47:35 | 000,019,086 | ---- | M] () -- C:\ComboFix.txt
[2010/08/03 18:17:51 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2011/07/11 12:19:44 | 000,002,340 | ---- | M] () -- C:\fpRedmon.log
[2010/08/03 18:17:51 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/08/16 22:16:05 | 000,025,279 | ---- | M] () -- C:\JavaRa.log
[2011/08/03 16:12:29 | 000,872,769 | ---- | M] () -- C:\JLink.log
[2011/08/13 00:17:10 | 009,466,208 | ---- | M] (Malwarebytes Corporation ) -- C:\mbam-setup-1.51.1.1800.com
[2011/01/26 22:48:08 | 000,006,323 | ---- | M] () -- C:\MPUsbSIn.log
[2010/08/03 18:17:51 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 14:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/08/05 10:36:58 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/08/22 11:55:29 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2010/08/03 18:17:22 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 14:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2009/05/12 11:41:50 | 000,056,320 | R--- | M] (Oki Data Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\OPHNPP3.DLL
[2008/03/27 20:24:58 | 000,031,232 | R--- | M] (Oki Data Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\OPPUPP3.DLL
[2008/07/06 12:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2010/08/03 19:41:47 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2010/08/03 19:41:47 | 000,659,456 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2010/08/03 19:41:47 | 000,901,120 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2010/08/05 10:42:08 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/08/03 18:23:22 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\vostropc4\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2010/08/05 13:16:08 | 000,454,656 | ---- | M] (Simon Tatham) -- C:\Documents and Settings\vostropc4\Application Data\Microsoft\Internet Explorer\Quick Launch\putty.exe
[2010/08/03 18:23:22 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\vostropc4\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2011/08/16 21:06:33 | 006,640,296 | ---- | M] (OPSWAT, Inc.) -- C:\Documents and Settings\vostropc4\Desktop\AppRemover.exe
[2011/08/19 09:30:45 | 004,177,927 | R--- | M] (Swearware) -- C:\Documents and Settings\vostropc4\Desktop\ComboFix.exe
[2011/08/16 20:57:51 | 004,174,902 | R--- | M] (Swearware) -- C:\Documents and Settings\vostropc4\Desktop\ComboFix_.exe
[2011/08/13 00:03:18 | 000,347,920 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\vostropc4\Desktop\MicrosoftFixit.WinFileFolder.Run.exe
[2011/05/31 11:51:47 | 035,728,320 | ---- | M] () -- C:\Documents and Settings\vostropc4\Desktop\Nokia_PC_Suite_eng_web.exe
[2011/08/22 12:01:38 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\vostropc4\Desktop\OTL.exe
[2011/06/21 10:07:42 | 046,930,240 | ---- | M] () -- C:\Documents and Settings\vostropc4\Desktop\Quest_ToadforMySQLFreeware_500345.exe
[2011/08/18 08:04:04 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\vostropc4\Desktop\RKUnhookerLE.EXE
[2011/06/21 10:53:04 | 013,695,981 | ---- | M] (Devart ) -- C:\Documents and Settings\vostropc4\Desktop\schemacomparemysql.exe
[2011/08/16 22:07:43 | 000,879,028 | ---- | M] () -- C:\Documents and Settings\vostropc4\Desktop\SecurityCheck.exe
[2011/08/16 22:07:53 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\vostropc4\Desktop\TFC.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >
[2010/08/05 11:42:36 | 001,063,320 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Documents and Settings\vostropc4\gotomypc_533.exe
[2011/02/16 17:24:04 | 001,062,984 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Documents and Settings\vostropc4\gotomypc_540.exe

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/08/03 18:23:22 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\vostropc4\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2011/08/22 11:57:20 | 000,311,296 | ---- | M] () -- C:\Documents and Settings\vostropc4\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007/06/26 22:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >
[2010/08/05 10:51:02 | 000,735,984 | ---- | M] (tzuk) -- C:\WINDOWS\Installer\SandboxieInstall32.exe
[40 C:\WINDOWS\Installer\*.tmp files -> C:\WINDOWS\Installer\*.tmp -> ]

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/14 02:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2004/08/04 01:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2004/08/04 01:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/02 16:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 19:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/14 02:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2007/04/02 20:07:23 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2007/04/02 20:07:23 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2007/04/02 20:07:24 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2004/08/04 01:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/08/04 01:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

< >

< End of report >

==========
Extras.txt
==========
OTL Extras logfile created on: 22/08/2011 12:03:00 - Run 1
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Documents and Settings\vostropc4\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000080C | Country: Belgium | Language: FRB | Date Format: d/MM/yyyy

1,87 Gb Total Physical Memory | 1,14 Gb Available Physical Memory | 61,05% Memory free
3,72 Gb Paging File | 3,15 Gb Available in Paging File | 84,72% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,40 Gb Total Space | 18,26 Gb Free Space | 24,55% Space Free | Partition Type: NTFS
Drive D: | 25,95 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive K: | 74,40 Gb Total Space | 18,26 Gb Free Space | 24,55% Space Free | Partition Type: NTFS

Computer Name: VOSTRO-PC4 | User Name: vostropc4 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1614895754-1659004503-725345543-1003\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"ANTIVIRUSDISABLENOTIFY" = 0
"FIREWALLDISABLENOTIFY" = 0
"UPDATESDISABLENOTIFY" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabledxpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabledxpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\SEGGER\JLinkARM_V414g\JLinkGDBServer.exe" = C:\Program Files\SEGGER\JLinkARM_V414g\JLinkGDBServer.exe:*:Enabled:JLinkGDBServer -- ()
"C:\Program Files\MySQL\MySQL Workbench 5.2 CE\MySQLWorkbench.exe" = C:\Program Files\MySQL\MySQL Workbench 5.2 CE\MySQLWorkbench.exe:LocalSubNet:Enabled:MySQL Workbench -- (Oracle Corporation)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\WINDOWS\system32\ZoneLabs\vsmon.exe" = C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:vsmon -- (Check Point Software Technologies LTD)
"C:\Program Files\TeamViewer\Version5\TeamViewer.exe" = C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe" = C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
"C:\Program Files\EQATEC\EQATECProfiler\EQATECProfiler.exe" = C:\Program Files\EQATEC\EQATECProfiler\EQATECProfiler.exe:LocalSubNet:Enabled:EQATEC Profiler -- (EQATEC A/S)
"C:\Program Files\AVG\AVG10\avgdiagex.exe" = C:\Program Files\AVG\AVG10\avgdiagex.exe:*:Enabled:AVG Diagnostics 2011 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00D4F864-105B-4527-B273-966189C30664}" = EQATEC Profiler
"{133742BA-6F46-4D3E-85AF-78631D9AD8B8}" = Installation Windows Live
"{1389C6A4-4965-4AEC-9175-08B54A10FA48}" = Microsoft SQL Server 2005 Mobile [ENU] Developer Tools
"{17B66E83-1BC9-11D5-A54A-0090278A1BB8}" = Microsoft FrontPage Client - English
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1B041548-33BC-4174-8B97-ADC9B7948488}" = Microsoft Visual Studio 2005 Team Edition for Software Developers - ENU
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de tÃ©lÃ©chargement Windows Live
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216018F0}" = Java(TM) 6 Update 18
"{29D3773E-54F4-23C2-D523-236A4453B844}_is1" = FileAlyzer
"{2DBF3586-04D2-4158-B72E-0A637CB8D423}" = PicoScope 6
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{38ADB9A6-798C-11D6-A855-00105A80791C}" = OKI Network Extension
"{3D573D70-56A9-471C-B56C-EE39C4271EEB}" = MySQL Workbench 5.2 CE
"{3EC80F7E-7B5B-4CB7-9ED2-ABB30FEFC682}" = calibre
"{445B183D-F4F1-45C8-B9DB-F11355CA657B}" = Windows Live Messenger
"{44D4AF75-6870-41F5-9181-662EA05507E1}" = Microsoft Document Explorer 2005
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{612B9183-67A9-4B44-9877-2F059E35B86A}" = Broadcom 440x 10/100 Integrated Controller
"{625386A4-B6B6-4911-A6E8-23189C3F2D15}" = Microsoft .NET Compact Framework 2.0
"{633A06C3-B709-479A-AAB3-5EE94AD9EE4B}" = Acronis True Image Home
"{6C531060-84FB-4F96-8F33-29DF020632EB}" = Microsoft .NET Compact Framework 1.0 SP3 Developer
"{6F206B58-E2F7-4A70-ACAC-8E0ABFBC62F6}" = MySQL Connector/ODBC 5.1
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{78B75C6D-E53C-424C-BF83-4B63BD4A6682}" = Microsoft Device Emulator version 1.0 - ENU
"{7FD28A81-81C0-4CB0-8901-0C897B3E8B32}" = MPLAB Tools v8.63
"{824563DE-75AD-4166-9DC0-B6482F206193}" = Belgium e-ID middleware 3.5.3 (build 6193)
"{85F0749D-59F0-42D7-A934-E79498A3C76E}" = IAR Embedded Workbench Evaluation for ARM 4.41A
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87E9E897-546D-4CD6-BAC3-AF3B38FA03B4}" = Tail for Win32
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90510409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{91FE9A2C-2FBD-4B48-B835-89BC0E943DBB}" = MPLAB Tools v8.36
"{92A06DCC-3091-4D1D-B192-2AC9E4E0A353}" = Logic
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A344F95E-E51A-450C-8F84-C940BF61903E}" = OKI Color Swatch Utility
"{A4089B20-34E1-4331-BB0F-2FC76D0F3EB4}" = Quest Software Toad for MySQL Freeware 5.0
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1036-7B44-A94000000001}" = Adobe Reader 9.4.5 - FranÃ§ais
"{AC76BA86-7AD7-2447-0000-900000000003}" = Chinese Simplified Fonts Support For Adobe Reader 9
"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
"{AE7E1CA4-0876-41BF-8B94-29A6D2D7F6D2}" = Fastrax GPS WorkBench 4
"{B3B487E7-6171-4376-9074-B28082CEB504}" = Windows Live Call
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{BE4475BC-7E91-4756-A430-969774755F14}" = TortoiseGit 1.5.8.0 (32 bit)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD8C83B3-E600-4574-9F4F-9FFDA5B7F565}" = MPLAB ICD 3 Firmware Patch for MPLAB IDE v8.33
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D4D24FE5-FAB3-4FE2-AFFC-623955F4DF3A}" = Visual Studio.NET Baseline - English
"{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}" = Assistant de connexion Windows Live
"{DEC2C123-3CE0-4669-B119-61519130CACD}" = TortoiseSVN 1.6.10.19898 (32 bit)
"{E05F0409-0E9A-48A1-AC04-E35E3033604A}" = Visual Studio .NET Enterprise Architect 2003 - English
"{EA2F25DC-552B-4C83-B577-C0417CD8DD5E}" = MPLAB Tools v8.53
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F251B999-08A9-4704-999C-9962F0DFD88E}" = Virtual Desktop Manager Powertoy for Windows XP
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F8DA329C-D90A-4918-BC71-53E5461616F1}" = BinEditor 2.0 Personal
"{FCB10DE3-E190-4A7E-B06A-FAC61567ABFC}" = MySQL Tools for 5.0
"38C9A50B4FB83FBC3B6B66EAC2E4A7B2930F8D10" = Windows Driver Package - u-blox AG (ubloxusb) Ports (09/12/2008 1.2.0.1)
"4569969E1360D2854474C661EF9B4D54F143EB16" = Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04)
"51EF03BD5097985E1F88F031E3375AADB78060A6" = Windows Driver Package - Saleae LLC (WinUSB) USB (11/02/2006 6.0.6000.16387)
"ABA711DD50380EF91CB183F7CCDF6FFF13A3A738" = Windows Driver Package - Segger (jlink) USB (01/09/2007 2.6.5.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = ATI - Utilitaire de dÃ©sinstallation du logiciel
"AT91-ISP" = AT91-ISP v1.12 --- ATMEL AT91 ISP Solution
"ATI Display Driver" = ATI Display Driver
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card Utility
"Camtasia Studio 2" = Camtasia Studio 2
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"Cryptophane_is1" = Cryptophane 0.7.0
"DevartSchemaCompareMySql_is1" = Devart dbForge Schema Compare for MySQL, v2.30 Trial Edition
"eCosPro_is1" = eCosPro 3.0.9.1
"ESET Online Scanner" = ESET Online Scanner v3
"EVK-5" = EVK-5
"ExamDiff Pro_is1" = ExamDiff Pro 3.3
"FreePDF_XP" = FreePDF (Remove only)
"Git_is1" = Git version 1.7.3.1-preview20101002
"GnuPG" = GNU Privacy Guard
"Google Desktop" = Google Desktop
"GPL Ghostscript 8.71" = GPL Ghostscript 8.71
"gputils" = gputils
"ie8" = Windows Internet Explorer 8
"InfoRapid Search & Replace" = InfoRapid Search & Replace
"InstallShield_{7FD28A81-81C0-4CB0-8901-0C897B3E8B32}" = MPLAB Tools v8.63
"InstallShield_{91FE9A2C-2FBD-4B48-B835-89BC0E943DBB}" = MPLAB Tools v8.36
"InstallShield_{EA2F25DC-552B-4C83-B577-C0417CD8DD5E}" = MPLAB Tools v8.53
"J-Link ARM V4.14g" = J-Link ARM V4.14g
"Kantaris_is1" = Kantaris Media Player 0.6.6
"Lapin Malin Ã‰veil" = Lapin Malin Ã‰veil
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Document Explorer 2005" = Microsoft Document Explorer 2005
"Microsoft Visual Studio 2005 Team Edition for Software Developers - ENU" = Microsoft Visual Studio 2005 Team Edition for Software Developers - ENU
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Microsoft Visual Studio 2005 Tools for Office Runtime
"Mobistar Internet Everywhere" = Mobistar Internet Everywhere
"MOOS Project Viewer" = MOOS Project Viewer
"Mozilla Firefox (3.6.18)" = Mozilla Firefox (3.6.18)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NETCommOCX" = NETCommOCX
"OpenVPN" = OpenVPN 2.0.7-gui-1.0.3
"PICC 9.71PL1" = HI-TECH C Compiler for the PIC10/12/16 MCUs V9.71aPL1
"PICC 9.81" = HI-TECH C Compiler for the PIC10/12/16 MCUs V9.81PL0
"PowerMenu" = PowerMenu 1.51
"RealVNC_is1" = VNC Free Edition 4.1.3
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Sandboxie" = Sandboxie 3.46
"SDCC" = SDCC
"sdcc-mplab" = sdcc-mplab
"SyncBack_is1" = SyncBack
"SynTPDeinstKey" = Dell Touchpad
"TeamViewer 5" = TeamViewer 5
"Visual Studio .NET Enterprise Architect 2003 - English" = Microsoft Visual Studio .NET Enterprise Architect 2003 - English
"VLC media player" = VLC media player 1.1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite_Wave3" = Installation Windows Live
"WinPcapInst" = WinPcap 4.1.2
"WinRAR archiver" = WinRAR archiver
"winusb0100" = Microsoft WinUsb 1.0
"Wireshark" = Wireshark 1.4.3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7
"YAGARTO" = YAGARTO 4.3.3
"ZoneAlarm" = ZoneAlarm

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1614895754-1659004503-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dexpot" = Dexpot
"f031ef6ac137efc5" = Dell Driver Download Manager
"WinDirStat" = WinDirStat 1.1.2

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 16/08/2011 16:18:39 | Computer Name = VOSTRO-PC4 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 16/08/2011 16:19:00 | Computer Name = VOSTRO-PC4 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 16/08/2011 16:19:00 | Computer Name = VOSTRO-PC4 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 16/08/2011 16:19:01 | Computer Name = VOSTRO-PC4 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 18/08/2011 12:42:02 | Computer Name = VOSTRO-PC4 | Source = Application Error | ID = 1000
Description = Faulting application jusched.exe, version 2.0.5.1, faulting module
user32.dll, version 5.1.2600.5512, fault address 0x000187f1.

Error - 19/08/2011 2:55:37 | Computer Name = VOSTRO-PC4 | Source = Application Error | ID = 1000
Description = Faulting application jusched.exe, version 2.0.5.1, faulting module
user32.dll, version 5.1.2600.5512, fault address 0x000187f1.

Error - 19/08/2011 3:15:50 | Computer Name = VOSTRO-PC4 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 19/08/2011 3:15:50 | Computer Name = VOSTRO-PC4 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 19/08/2011 3:32:37 | Computer Name = VOSTRO-PC4 | Source = Application Error | ID = 1000
Description = Faulting application jusched.exe, version 2.0.5.1, faulting module
user32.dll, version 5.1.2600.5512, fault address 0x000187f1.

Error - 22/08/2011 6:02:55 | Computer Name = VOSTRO-PC4 | Source = Application Error | ID = 1000
Description = Faulting application jusched.exe, version 2.0.5.1, faulting module
user32.dll, version 5.1.2600.5512, fault address 0x000187f1.

[ System Events ]
Error - 19/08/2011 2:36:47 | Computer Name = VOSTRO-PC4 | Source = Service Control Manager | ID = 7000
Description = The Pico Technology Ltd USB Driver (picopp.sys) service failed to
start due to the following error: %%1058

Error - 19/08/2011 2:37:15 | Computer Name = VOSTRO-PC4 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service IISADMIN with
arguments " " in order to run the server: {A9E69610-B80D-11D0-B9B9-00A0C922E750}

Error - 19/08/2011 2:43:45 | Computer Name = VOSTRO-PC4 | Source = Service Control Manager | ID = 7000
Description = The Pico Technology Ltd USB Driver (picopp.sys) service failed to
start due to the following error: %%1058

Error - 19/08/2011 2:44:12 | Computer Name = VOSTRO-PC4 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service IISADMIN with
arguments " " in order to run the server: {A9E69610-B80D-11D0-B9B9-00A0C922E750}

Error - 19/08/2011 3:21:45 | Computer Name = VOSTRO-PC4 | Source = Service Control Manager | ID = 7000
Description = The Pico Technology Ltd USB Driver (picopp.sys) service failed to
start due to the following error: %%1058

Error - 19/08/2011 3:21:58 | Computer Name = VOSTRO-PC4 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service IISADMIN with
arguments " " in order to run the server: {A9E69610-B80D-11D0-B9B9-00A0C922E750}

Error - 19/08/2011 3:38:50 | Computer Name = VOSTRO-PC4 | Source = Service Control Manager | ID = 7034
Description = The Dell Wireless WLAN Tray Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 22/08/2011 5:55:57 | Computer Name = VOSTRO-PC4 | Source = Service Control Manager | ID = 7000
Description = The Pico Technology Ltd USB Driver (picopp.sys) service failed to
start due to the following error: %%1058

Error - 22/08/2011 5:56:32 | Computer Name = VOSTRO-PC4 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service IISADMIN with
arguments " " in order to run the server: {A9E69610-B80D-11D0-B9B9-00A0C922E750}

Error - 22/08/2011 6:05:46 | Computer Name = VOSTRO-PC4 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service IISADMIN with
arguments " " in order to run the server: {A9E69610-B80D-11D0-B9B9-00A0C922E750}

< End of report >

broni · 2011/08/22

Download TDSSKiller and save it to your desktop.

Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

If an infected file is detected, the default action will be Cure, click on Continue.

If a suspicious file is detected, the default action will be Skip, click on Continue.

It may ask you to reboot the computer to complete the process. Click on Reboot Now.

If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

maternag · 2011/08/23

Here is the log (only one locked file detected "sptd "):

2011/08/23 16:11:03.0328 3876 TDSS rootkit removing tool 2.5.17.0 Aug 22 2011 15:46:57
2011/08/23 16:11:05.0328 3876 ================================================================================
2011/08/23 16:11:05.0328 3876 SystemInfo:
2011/08/23 16:11:05.0328 3876
2011/08/23 16:11:05.0328 3876 OS Version: 5.1.2600 ServicePack: 3.0
2011/08/23 16:11:05.0328 3876 Product type: Workstation
2011/08/23 16:11:05.0328 3876 ComputerName: VOSTRO-PC4
2011/08/23 16:11:05.0328 3876 UserName: vostropc4
2011/08/23 16:11:05.0328 3876 Windows directory: C:\WINDOWS
2011/08/23 16:11:05.0328 3876 System windows directory: C:\WINDOWS
2011/08/23 16:11:05.0328 3876 Processor architecture: Intel x86
2011/08/23 16:11:05.0328 3876 Number of processors: 1
2011/08/23 16:11:05.0328 3876 Page size: 0x1000
2011/08/23 16:11:05.0328 3876 Boot type: Normal boot
2011/08/23 16:11:05.0328 3876 ================================================================================
2011/08/23 16:11:07.0203 3876 Initialize success
2011/08/23 16:11:23.0484 1672 ================================================================================
2011/08/23 16:11:23.0484 1672 Scan started
2011/08/23 16:11:23.0484 1672 Mode: Manual;
2011/08/23 16:11:23.0484 1672 ================================================================================
2011/08/23 16:11:25.0093 1672 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/08/23 16:11:25.0140 1672 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/08/23 16:11:25.0203 1672 ACSSCR (0ab32085b453d12991462a035bb92e92) C:\WINDOWS\system32\DRIVERS\a38usb.sys
2011/08/23 16:11:25.0281 1672 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/08/23 16:11:25.0343 1672 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/08/23 16:11:25.0515 1672 AmdK8 (31ffde1be912d7cbd3f189feb61f86b6) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
2011/08/23 16:11:25.0687 1672 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/08/23 16:11:25.0734 1672 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/08/23 16:11:25.0906 1672 ati2mtag (e78b73eb84c257d0d940e041742d2699) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/08/23 16:11:26.0000 1672 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/08/23 16:11:26.0062 1672 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/08/23 16:11:26.0187 1672 BCM43XX (9208c78bd9283f79a30252ad954c77a2) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2011/08/23 16:11:26.0296 1672 bcm4sbxp (cd4646067cc7dcba1907fa0acf7e3966) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
2011/08/23 16:11:26.0375 1672 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/08/23 16:11:26.0609 1672 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/08/23 16:11:26.0656 1672 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/08/23 16:11:26.0734 1672 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/08/23 16:11:26.0781 1672 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/08/23 16:11:26.0796 1672 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/08/23 16:11:26.0828 1672 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/08/23 16:11:26.0875 1672 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/08/23 16:11:26.0906 1672 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/08/23 16:11:26.0968 1672 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/08/23 16:11:27.0000 1672 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/08/23 16:11:27.0031 1672 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/08/23 16:11:27.0078 1672 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/08/23 16:11:27.0093 1672 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/08/23 16:11:27.0125 1672 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/08/23 16:11:27.0140 1672 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/08/23 16:11:27.0156 1672 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/08/23 16:11:27.0171 1672 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/08/23 16:11:27.0234 1672 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/08/23 16:11:27.0328 1672 FNETTHJM (9339335cfaf1ebd80734098ff938b32a) C:\WINDOWS\system32\drivers\fnetthjm.sys
2011/08/23 16:11:27.0421 1672 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/08/23 16:11:27.0484 1672 FTDIBUS (b7aa8283ec551d3a3b924e520e0621a7) C:\WINDOWS\system32\drivers\ftdibus.sys
2011/08/23 16:11:27.0515 1672 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/08/23 16:11:27.0562 1672 FTSER2K (ee0e2c0bd0e9611aea1c929fd74b4d16) C:\WINDOWS\system32\drivers\ftser2k.sys
2011/08/23 16:11:27.0625 1672 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/08/23 16:11:27.0718 1672 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/08/23 16:11:27.0796 1672 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/08/23 16:11:27.0906 1672 HSFHWAZL (290cdbb05903742ea06b7203c5a662f5) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
2011/08/23 16:11:27.0968 1672 HSF_DPV (7ab812355f98858b9ecdd46e6fcc221f) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
2011/08/23 16:11:28.0109 1672 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/08/23 16:11:28.0187 1672 hwdatacard (8adf5ef39e896a65beded878494ee2b6) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
2011/08/23 16:11:28.0218 1672 hwusbfake (9be5caeabc6b2eb98b3a4839a55d47a0) C:\WINDOWS\system32\DRIVERS\ewusbfake.sys
2011/08/23 16:11:28.0328 1672 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/08/23 16:11:28.0375 1672 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/08/23 16:11:28.0484 1672 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/08/23 16:11:28.0531 1672 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/08/23 16:11:28.0562 1672 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/08/23 16:11:28.0625 1672 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/08/23 16:11:28.0687 1672 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/08/23 16:11:28.0734 1672 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/08/23 16:11:28.0781 1672 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/08/23 16:11:28.0859 1672 jlink (2a2b575b66e9843c55a7e63218b4ef9f) C:\WINDOWS\system32\Drivers\jlink.sys
2011/08/23 16:11:28.0906 1672 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/08/23 16:11:28.0984 1672 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/08/23 16:11:29.0015 1672 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/08/23 16:11:29.0171 1672 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/08/23 16:11:29.0234 1672 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/08/23 16:11:29.0312 1672 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/08/23 16:11:29.0328 1672 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/08/23 16:11:29.0390 1672 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/08/23 16:11:29.0406 1672 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/08/23 16:11:29.0453 1672 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/08/23 16:11:29.0531 1672 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/08/23 16:11:29.0578 1672 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/08/23 16:11:29.0625 1672 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/08/23 16:11:29.0671 1672 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/08/23 16:11:29.0703 1672 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/08/23 16:11:29.0750 1672 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/08/23 16:11:29.0812 1672 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/08/23 16:11:29.0859 1672 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/08/23 16:11:29.0890 1672 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/08/23 16:11:29.0968 1672 NCBULK (2c737e8cd61bafbc122e28f89d1cc71c) C:\WINDOWS\system32\drivers\RealICEBulk.sys
2011/08/23 16:11:30.0015 1672 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/08/23 16:11:30.0046 1672 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/08/23 16:11:30.0109 1672 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/08/23 16:11:30.0140 1672 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/08/23 16:11:30.0156 1672 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/08/23 16:11:30.0218 1672 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/08/23 16:11:30.0250 1672 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/08/23 16:11:30.0281 1672 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/08/23 16:11:30.0375 1672 NPF (b48dc6abcd3aeff8618350ccbdc6b09a) C:\WINDOWS\system32\drivers\npf.sys
2011/08/23 16:11:30.0390 1672 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/08/23 16:11:30.0437 1672 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/08/23 16:11:30.0531 1672 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/08/23 16:11:30.0578 1672 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/08/23 16:11:30.0609 1672 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/08/23 16:11:30.0656 1672 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2011/08/23 16:11:30.0687 1672 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/08/23 16:11:30.0734 1672 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/08/23 16:11:30.0750 1672 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/08/23 16:11:30.0812 1672 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/08/23 16:11:30.0859 1672 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/08/23 16:11:31.0062 1672 PICOPP (16f56bdd856391ac9694dee6222e33e8) C:\WINDOWS\system32\Drivers\picopp.sys
2011/08/23 16:11:31.0109 1672 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/08/23 16:11:31.0125 1672 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/08/23 16:11:31.0156 1672 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/08/23 16:11:31.0203 1672 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/08/23 16:11:31.0328 1672 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/08/23 16:11:31.0359 1672 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/08/23 16:11:31.0375 1672 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/08/23 16:11:31.0406 1672 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/08/23 16:11:31.0437 1672 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/08/23 16:11:31.0453 1672 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/08/23 16:11:31.0484 1672 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/08/23 16:11:31.0609 1672 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/08/23 16:11:31.0687 1672 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/08/23 16:11:31.0796 1672 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
2011/08/23 16:11:32.0046 1672 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/08/23 16:11:32.0296 1672 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/08/23 16:11:32.0625 1672 SbieDrv (2cdab8553e703c7754be9ce1c4454eb5) C:\Program Files\Sandboxie\SbieDrv.sys
2011/08/23 16:11:32.0812 1672 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2011/08/23 16:11:32.0875 1672 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/08/23 16:11:32.0968 1672 Ser2pl (b490ad520257dda26c1d587a71e527b5) C:\WINDOWS\system32\DRIVERS\ser2pl.sys
2011/08/23 16:11:33.0031 1672 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/08/23 16:11:33.0078 1672 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2011/08/23 16:11:33.0125 1672 sermouse (1f16931c722c69e4a7866244796c66a0) C:\WINDOWS\system32\DRIVERS\sermouse.sys
2011/08/23 16:11:33.0171 1672 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
2011/08/23 16:11:33.0218 1672 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
2011/08/23 16:11:33.0250 1672 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/08/23 16:11:33.0312 1672 silabenm (3ead8e1668ce42a0afe41d56e7157bcf) C:\WINDOWS\system32\DRIVERS\silabenm.sys
2011/08/23 16:11:33.0375 1672 silabser (d1bfdde85a350f65daeb91e0b189af16) C:\WINDOWS\system32\DRIVERS\silabser.sys
2011/08/23 16:11:33.0437 1672 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/08/23 16:11:33.0500 1672 snapman (c3bf55189aa92b8f919108ef9e4accae) C:\WINDOWS\system32\DRIVERS\snapman.sys
2011/08/23 16:11:33.0546 1672 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/08/23 16:11:33.0625 1672 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
2011/08/23 16:11:33.0625 1672 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2011/08/23 16:11:33.0640 1672 sptd - detected LockedFile.Multi.Generic (1)
2011/08/23 16:11:33.0656 1672 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/08/23 16:11:33.0750 1672 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/08/23 16:11:33.0859 1672 STHDA (951801dfb54d86f611f0af47825476f9) C:\WINDOWS\system32\drivers\sthda.sys
2011/08/23 16:11:33.0906 1672 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/08/23 16:11:33.0953 1672 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/08/23 16:11:34.0000 1672 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/08/23 16:11:34.0250 1672 SynTP (dc1e7ee0a6494cd79d624bd8d5da8bfb) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/08/23 16:11:34.0296 1672 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/08/23 16:11:34.0359 1672 tap0801 (846b7c0e3f6370cdcce157a5b36e70cd) C:\WINDOWS\system32\DRIVERS\tap0801.sys
2011/08/23 16:11:34.0421 1672 tapoas (827c8058c284ff0013e4462efe2591a3) C:\WINDOWS\system32\DRIVERS\tapoas.sys
2011/08/23 16:11:34.0500 1672 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/08/23 16:11:34.0531 1672 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/08/23 16:11:34.0609 1672 tdrpman (3b7b6779eb231f731bba8f9fe67aadfc) C:\WINDOWS\system32\DRIVERS\tdrpman.sys
2011/08/23 16:11:34.0671 1672 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/08/23 16:11:34.0718 1672 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/08/23 16:11:34.0750 1672 tifsfilter (b0b3122bff3910e0ba97014045467778) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
2011/08/23 16:11:34.0781 1672 timounter (13bfe330880ac0ce8672d00aa5aff738) C:\WINDOWS\system32\DRIVERS\timntr.sys
2011/08/23 16:11:34.0890 1672 ubloxusb (d363d7083263704287609b607fa9ba8a) C:\WINDOWS\system32\DRIVERS\ubloxusb.sys
2011/08/23 16:11:34.0921 1672 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/08/23 16:11:35.0000 1672 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/08/23 16:11:35.0078 1672 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/08/23 16:11:35.0156 1672 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/08/23 16:11:35.0218 1672 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/08/23 16:11:35.0250 1672 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/08/23 16:11:35.0281 1672 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/08/23 16:11:35.0312 1672 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/08/23 16:11:35.0359 1672 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/08/23 16:11:35.0406 1672 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/08/23 16:11:35.0515 1672 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/08/23 16:11:35.0593 1672 vsdatant (050c38ebb22512122e54b47dc278bccd) C:\WINDOWS\system32\vsdatant.sys
2011/08/23 16:11:35.0687 1672 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/08/23 16:11:35.0828 1672 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
2011/08/23 16:11:35.0953 1672 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/08/23 16:11:36.0078 1672 winachsf (a8596cf86d445269a42ecc08b7066a4c) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/08/23 16:11:36.0187 1672 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
2011/08/23 16:11:36.0265 1672 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/08/23 16:11:36.0343 1672 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/08/23 16:11:36.0406 1672 WudfPf (6ff66513d372d479ef1810223c8d20ce) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/08/23 16:11:36.0453 1672 WudfRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/08/23 16:11:36.0515 1672 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/08/23 16:11:36.0656 1672 Boot (0x1200) (09d4d19d940cf180c3f0d223313f5f53) \Device\Harddisk0\DR0\Partition0
2011/08/23 16:11:36.0671 1672 ================================================================================
2011/08/23 16:11:36.0671 1672 Scan finished
2011/08/23 16:11:36.0671 1672 ================================================================================
2011/08/23 16:11:36.0687 4044 Detected object count: 1
2011/08/23 16:11:36.0687 4044 Actual detected object count: 1
2011/08/23 16:11:50.0218 4044 LockedFile.Multi.Generic(sptd) - User select action: Skip

broni · 2011/08/23

Don't forget to reinstall AVG.

I don't really see much there...

Run OTL
Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
Code:
:OTL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O15 - HKU\S-1-5-21-1614895754-1659004503-725345543-1003\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-1614895754-1659004503-725345543-1003\..Trusted Ranges: GD ([http] in Local intranet)
[2011/08/12 21:44:13 | 000,004,064 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\x7j510s5ec5g1gsbv
[2011/08/12 21:44:12 | 000,004,064 | -HS- | M] () -- C:\Documents and Settings\vostropc4\Local Settings\Application Data\x7j510s5ec5g1gsbv

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
Then click the [color= "#FF0000"]Run Fix[/color] button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.
===============================================

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program

Tick the box next to YES, I accept the Terms of Use

Click Start

Accept any security warnings from your browser.

Check Scan archives

Click Start

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, push List of found threats

Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

NOTE. If Eset won't find any threats, it won't produce any log.

maternag · 2011/08/24

Hello,

The computer has still the same behaviour.

Thanks for reminding me about AVG, I will reinstall it.

Here are the logs:

=======
OTL logs:
=======
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_USERS\S-1-5-21-1614895754-1659004503-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\localhost\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1614895754-1659004503-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\GD\\http deleted successfully.
C:\Documents and Settings\All Users\Application Data\x7j510s5ec5g1gsbv moved successfully.
C:\Documents and Settings\vostropc4\Local Settings\Application Data\x7j510s5ec5g1gsbv moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: vostropc4
->Temp folder emptied: 426587 bytes
->Temporary Internet Files folder emptied: 22267539 bytes
->Java cache emptied: 1161288 bytes
->FireFox cache emptied: 43712571 bytes
->Flash cache emptied: 928 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 761 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 65,00 mb

[EMPTYFLASH]

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: vostropc4
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb

OTL by OldTimer - Version 3.2.26.5 log created on 08242011_152103

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\vostropc4\Local Settings\Temp\~DFA800.tmp not found!
File\Folder C:\Documents and Settings\vostropc4\Local Settings\Temp\~DFD5CC.tmp not found!
File\Folder C:\Documents and Settings\vostropc4\Local Settings\Temp\~DFD844.tmp not found!
File\Folder C:\Documents and Settings\vostropc4\Local Settings\Temp\~DFD9F9.tmp not found!
File\Folder C:\Documents and Settings\vostropc4\Local Settings\Temp\~DFDA2D.tmp not found!
File\Folder C:\Documents and Settings\vostropc4\Local Settings\Temp\~DFDB5E.tmp not found!
File\Folder C:\Documents and Settings\vostropc4\Local Settings\Temp\~DFDCD7.tmp not found!
C:\Documents and Settings\vostropc4\Local Settings\Temporary Internet Files\Content.IE5\SL9FY30I\p-01-0VIaSjnOLg[1].gif moved successfully.
C:\Documents and Settings\vostropc4\Local Settings\Temporary Internet Files\Content.IE5\SL9FY30I\p-01-0VIaSjnOLg[2].gif moved successfully.
C:\Documents and Settings\vostropc4\Local Settings\Temporary Internet Files\Content.IE5\SL9FY30I\visitormatch[1].htm moved successfully.
C:\Documents and Settings\vostropc4\Local Settings\Temporary Internet Files\Content.IE5\5S1KAUZU\00b42e3a-b809-49b2-b433-cc45b2bc89d33rd_party_BBS[1].htm moved successfully.
C:\Documents and Settings\vostropc4\Local Settings\Temporary Internet Files\Content.IE5\5QYBCBSI\100006-active-infection-xp-security-2012-leads-exe-problems[1].html moved successfully.
C:\Documents and Settings\vostropc4\Local Settings\Temporary Internet Files\Content.IE5\5QYBCBSI\ads[3].htm moved successfully.
C:\Documents and Settings\vostropc4\Local Settings\Temporary Internet Files\Content.IE5\5QYBCBSI\frame[1].htm moved successfully.
C:\Documents and Settings\vostropc4\Local Settings\Temporary Internet Files\Content.IE5\5QYBCBSI\frame[2].htm moved successfully.
C:\Documents and Settings\vostropc4\Local Settings\Temporary Internet Files\Content.IE5\58R2TBBY\ads[8].htm moved successfully.
C:\Documents and Settings\vostropc4\Local Settings\Temporary Internet Files\Content.IE5\58R2TBBY\fastbutton[1].htm moved successfully.
C:\Documents and Settings\vostropc4\Local Settings\Temporary Internet Files\Content.IE5\58R2TBBY\like[3].htm moved successfully.
C:\Documents and Settings\vostropc4\Local Settings\Temporary Internet Files\Content.IE5\58R2TBBY\login_status[1].htm moved successfully.
C:\Documents and Settings\vostropc4\Local Settings\Temporary Internet Files\Content.IE5\58R2TBBY\visitormatch[1].htm moved successfully.
File\Folder C:\WINDOWS\temp\ZLT00f94.TMP not found!

Registry entries deleted on Reboot...

=====================
SecurityCheck
==============
Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
ESET Online Scanner v3
ZoneAlarm
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 18
Out of date Java installed!
Adobe Flash Player 10.2.153.1
Adobe Reader 9.4.5 - FranÃ§ais
Chinese Simplified Fonts Support For Adobe Reader 9
Japanese Fonts Support For Adobe Reader 9
Out of date Adobe Reader installed!
Mozilla Firefox (3.6.18)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Zone Labs ZoneAlarm zlclient.exe
``````````End of Log````````````

=============
ESET online scanner
=============

I have already run this some days ago:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=28c1df1ca56ffa46a88e23f6201d4f65
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-08-17 04:19:22
# local_time=2011-08-17 06:19:22 (+0100, Romance Daylight Time)
# country= "Belgium "
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1032 16777173 100 95 321 56820407 0 0
# compatibility_mode=8192 67108863 100 0 145 145 0 0
# compatibility_mode=9217 16777214 75 70 30266015 36234093 0 0
# scanned=190201
# found=2
# cleaned=2
# scan_time=28347
C:\_Work\Downloads\dexpot_158_r1434.exe Win32/OpenCandy application (deleted - quarantined) 00000000000000000000000000000000 C
C:\_Work\Softwares\Kantaris_0.6.6_setup.exe Win32/OpenCandy application (deleted - quarantined) 00000000000000000000000000000000 C

broni · 2011/08/24

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.

Accept any prompts.

================================================

Update Adobe Reader

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

==================================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following:
Code:
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]
Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

Double-click OTL.exe to start the program.

Close all other programs apart from OTL as this step will require a reboot

On the OTL main screen, press the CLEANUP button

Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.

maternag · 2011/08/29

Hello,

Thanks, I'm happy to know that my computer is now clean. Though, I still experience exactly the same problem : on each computer start, I cannot start any ".exe" and these registry entries systematically disappear from the registry:
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.exe]
@= "exefile "
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
@= "\ "%1\" %* "

There must somewhere some peace of software removing these entries from the registry, they cannot just disappear, right?

If you are 100% sure that my computer is clean, I suppose that my windows is somehow broken and I just have to reinstall it, right?

Thank you, best regards,
GÃ©rard

broni · 2011/08/29

Restart computer in Safe Mode and see if the setting will hold there.

maternag · 2011/08/29

No, it doesn't hold in safe mode. Is it possible that the settings are suppressed at shutdown?

broni · 2011/08/29

Re-run exehelper in safe mode. Make sure the settings are correct and restart again in Safe Mode.
See if it holds.

maternag · 2011/08/30

No, it doesn't hold. This is very strange.

broni · 2011/08/30

In this forum, we make sure, your computer is free of malware and your computer is clean
Because the access to malware forum is very limited, your best option is to create new topic about your current issue, at Windows section.
You'll get more attention.

Log in or Sign up

Solved Infection by XP Security 2012 leads to .exe problems

maternag Inactive Thread Starter

maternag Inactive Thread Starter

broni Moderator Malware Analyst

maternag Inactive Thread Starter

broni Moderator Malware Analyst

maternag Inactive Thread Starter

broni Moderator Malware Analyst

maternag Inactive Thread Starter

maternag Inactive Thread Starter

broni Moderator Malware Analyst

maternag Inactive Thread Starter

broni Moderator Malware Analyst

maternag Inactive Thread Starter

broni Moderator Malware Analyst

maternag Inactive Thread Starter

broni Moderator Malware Analyst

maternag Inactive Thread Starter

broni Moderator Malware Analyst

maternag Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Solved Infection by XP Security 2012 leads to .exe problems

maternag Inactive Thread Starter

maternag Inactive Thread Starter

broni Moderator Malware Analyst

maternag Inactive Thread Starter

broni Moderator Malware Analyst

maternag Inactive Thread Starter

broni Moderator Malware Analyst

maternag Inactive Thread Starter

maternag Inactive Thread Starter

broni Moderator Malware Analyst

maternag Inactive Thread Starter

broni Moderator Malware Analyst

maternag Inactive Thread Starter

broni Moderator Malware Analyst

maternag Inactive Thread Starter

broni Moderator Malware Analyst

maternag Inactive Thread Starter

broni Moderator Malware Analyst

maternag Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches