1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Fake anti-virus scan and cant start applications

Discussion in 'Malware and Virus Removal Archive' started by ldaoust, 2012/01/11.

Page 1 of 2
  1. 2012/01/11
    ldaoust

    ldaoust Inactive Thread Starter

    Joined:
    2011/04/11
    Messages:
    42
    Likes Received:
    0
    [Resolved] Fake anti-virus scan and cant start applications

    Hi (again),

    This is my 2nd thread for an infection on my computer. This time it's on my 'work' PC which is pretty much the same setup as my home PC on which I had the first infection. The symptoms seems to be the same that I had the first time. A fake virus-scan popups, firewall is replaced by some other fake one and when I try to start an application it just starts the fake scan.

    I managed to get control back for starting applications and did the initial steps. Logs follow.

    Step 1: MBAM
    ==========

    Malwarebytes Anti-Malware 1.60.0.1800
    www.malwarebytes.org

    Database version: v2012.01.10.04

    Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
    Internet Explorer 8.0.6001.18702
    Louis Daoust :: INFO01-A [administrator]

    10/01/2012 9:39:11
    mbam-log-2012-01-10 (09-39-11).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 294255
    Time elapsed: 10 minute(s), 17 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 2
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Adware.ISTBar) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (Adware.180Solutions) -> Quarantined and deleted successfully.

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 6
    HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command| (Hijack.StartMenuInternet) -> Bad: ( "C:\Documents and Settings\Louis Daoust\Local Settings\Application Data\suh.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe ") Good: (firefox.exe) -> Quarantined and repaired successfully.
    HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command| (Hijack.StartMenuInternet) -> Bad: ( "C:\Documents and Settings\Louis Daoust\Local Settings\Application Data\suh.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and repaired successfully.
    HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command| (Hijack.StartMenuInternet) -> Bad: ( "C:\Documents and Settings\Louis Daoust\Local Settings\Application Data\suh.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe ") Good: (iexplore.exe) -> Quarantined and repaired successfully.
    HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
    HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
    HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Documents and Settings\Louis Daoust\Local Settings\Application Data\suh.exe (Spyware.Agent) -> Quarantined and deleted successfully.

    (end)


    Step 2: GMER
    ==========

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-01-11 08:18:51
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17 WDC_WD1600AAJS-22PSA0 rev.05.06H05
    Running: dd1ssm6t.exe; Driver: C:\DOCUME~1\LOUISD~1\LOCALS~1\Temp\fwldrpog.sys


    ---- Kernel code sections - GMER 1.0.15 ----

    ? hcivi.sys The system cannot find the file specified. !
    .text mrxsmb.sys B81BB000 6 Bytes [00, C0, E9, 08, 0C, 00]
    .text mrxsmb.sys B81BB007 46 Bytes [90, 90, 90, 90, 90, FF, 25, ...]
    .text mrxsmb.sys B81BB036 24 Bytes [90, 90, 90, 90, 8B, FF, 55, ...]
    .text mrxsmb.sys B81BB04F 31 Bytes [68, F0, 6B, 1D, B8, 56, E8, ...]
    .text mrxsmb.sys B81BB070 246 Bytes [53, 68, 9A, B0, 1B, B8, 57, ...]
    .text ...
    ? C:\WINDOWS\System32\DRIVERS\mrxsmb.sys suspicious PE modification

    ---- User code sections - GMER 1.0.15 ----

    .text C:\WINDOWS\System32\svchost.exe[1548] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 016D000A
    .text C:\WINDOWS\System32\svchost.exe[1548] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 016E000A
    .text C:\WINDOWS\System32\svchost.exe[1548] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00FF000C

    ---- Kernel IAT/EAT - GMER 1.0.15 ----

    IAT \SystemRoot\System32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!RtlCopyLuid] C25D5E00
    IAT \SystemRoot\System32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!RtlHashUnicodeString] 0D8B000C
    IAT \SystemRoot\System32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!RtlInitString] [B81D9CF4] \SystemRoot\System32\DRIVERS\mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
    IAT \SystemRoot\System32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!ObReferenceObjectByPointer] 0F02C1F6
    IAT \SystemRoot\System32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!RtlInitUnicodeString] 00A59085
    IAT \SystemRoot\System32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!KeRemoveDeviceQueue] 5B046A00
    IAT \SystemRoot\System32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!FsRtlLookupLastLargeMcbEntry] 91441D39
    IAT \SystemRoot\System32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!IoCancelIrp] 820FB81D
    IAT \SystemRoot\System32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!KeInsertDeviceQueue] FFFFB766
    IAT \SystemRoot\System32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!RtlEqualUnicodeString] 00A5A3E9
    IAT \SystemRoot\System32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!RtlEqualString] 90909000
    IAT \SystemRoot\System32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!SeDeleteObjectAuditAlarm] FF8B9090
    IAT \SystemRoot\System32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!RtlxUnicodeStringToAnsiSize] 8BEC8B55
    IAT \SystemRoot\System32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!ExRegisterCallback] 488B0845
    IAT \SystemRoot\System32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!IoMakeAssociatedIrp] 04518B14
    IAT \SystemRoot\System32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!IoCheckEaBufferValidity] 420C4D8B
    IAT \SystemRoot\System32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!KeInitializeEvent] 04518942

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[1364] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [0200C85C] C:\Program Files\TortoiseSVN\bin\CrashRpt.dll
    IAT C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[1364] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [0200CBD3] C:\Program Files\TortoiseSVN\bin\CrashRpt.dll
    IAT C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[1364] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [0200AD41] C:\Program Files\TortoiseSVN\bin\CrashRpt.dll
    IAT C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[1364] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [0200CB6B] C:\Program Files\TortoiseSVN\bin\CrashRpt.dll
    IAT C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[1364] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [0200AD41] C:\Program Files\TortoiseSVN\bin\CrashRpt.dll
    IAT C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[1364] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [0200CBB5] C:\Program Files\TortoiseSVN\bin\CrashRpt.dll
    IAT C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[1364] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [0200CBD3] C:\Program Files\TortoiseSVN\bin\CrashRpt.dll
    IAT C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[1364] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [0200C85C] C:\Program Files\TortoiseSVN\bin\CrashRpt.dll
    IAT C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[1364] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [0200CBD3] C:\Program Files\TortoiseSVN\bin\CrashRpt.dll
    IAT C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[1364] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [0200CBB5] C:\Program Files\TortoiseSVN\bin\CrashRpt.dll
    IAT C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[1364] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [0200C85C] C:\Program Files\TortoiseSVN\bin\CrashRpt.dll
    IAT C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[1364] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [0200AD41] C:\Program Files\TortoiseSVN\bin\CrashRpt.dll
    IAT C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[1364] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [0200AD41] C:\Program Files\TortoiseSVN\bin\CrashRpt.dll
    IAT C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[1364] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [0200CBD3] C:\Program Files\TortoiseSVN\bin\CrashRpt.dll
    IAT C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[1364] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [0200CBB5] C:\Program Files\TortoiseSVN\bin\CrashRpt.dll
    IAT C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[1364] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [0200C85C] C:\Program Files\TortoiseSVN\bin\CrashRpt.dll
    IAT C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[1364] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [0200AD41] C:\Program Files\TortoiseSVN\bin\CrashRpt.dll
    IAT C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[1364] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [0200C85C] C:\Program Files\TortoiseSVN\bin\CrashRpt.dll
    IAT C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[1364] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [0200CBD3] C:\Program Files\TortoiseSVN\bin\CrashRpt.dll
    IAT C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[1364] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [0200AD41] C:\Program Files\TortoiseSVN\bin\CrashRpt.dll
    IAT C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[1364] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [0200CBD3] C:\Program Files\TortoiseSVN\bin\CrashRpt.dll
    IAT C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[1364] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [0200C85C] C:\Program Files\TortoiseSVN\bin\CrashRpt.dll
    IAT C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[1364] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [0200AD41] C:\Program Files\TortoiseSVN\bin\CrashRpt.dll
    IAT C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[1364] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [0200CBD3] C:\Program Files\TortoiseSVN\bin\CrashRpt.dll
    IAT C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[1364] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [0200CBB5] C:\Program Files\TortoiseSVN\bin\CrashRpt.dll
    IAT C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[1364] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [0200C85C] C:\Program Files\TortoiseSVN\bin\CrashRpt.dll
    IAT C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[1364] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [0200CB6B] C:\Program Files\TortoiseSVN\bin\CrashRpt.dll
    IAT C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[1364] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [0200CB90] C:\Program Files\TortoiseSVN\bin\CrashRpt.dll
    IAT C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[1364] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [0200AD41] C:\Program Files\TortoiseSVN\bin\CrashRpt.dll
    IAT C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[1364] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [0200CB6B] C:\Program Files\TortoiseSVN\bin\CrashRpt.dll
    IAT C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[1364] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [0200CBD3] C:\Program Files\TortoiseSVN\bin\CrashRpt.dll
    IAT C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[1364] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [0200C85C] C:\Program Files\TortoiseSVN\bin\CrashRpt.dll
    IAT C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[1364] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [0200CBB5] C:\Program Files\TortoiseSVN\bin\CrashRpt.dll
    IAT C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[1364] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [0200CB6B] C:\Program Files\TortoiseSVN\bin\CrashRpt.dll
    IAT C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[1364] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [0200CBD3] C:\Program Files\TortoiseSVN\bin\CrashRpt.dll
    IAT C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[1364] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [0200AD41] C:\Program Files\TortoiseSVN\bin\CrashRpt.dll
    IAT C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[1364] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [0200C85C] C:\Program Files\TortoiseSVN\bin\CrashRpt.dll
    IAT C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[1364] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [0200CBB5] C:\Program Files\TortoiseSVN\bin\CrashRpt.dll
    IAT C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[1364] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [0200AD41] C:\Program Files\TortoiseSVN\bin\CrashRpt.dll
    IAT C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[1364] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [0200CB90] C:\Program Files\TortoiseSVN\bin\CrashRpt.dll
    IAT C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[1364] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [0200CB6B] C:\Program Files\TortoiseSVN\bin\CrashRpt.dll
    IAT C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[1364] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [0200CBB5] C:\Program Files\TortoiseSVN\bin\CrashRpt.dll
    IAT C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[1364] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [0200CBD3] C:\Program Files\TortoiseSVN\bin\CrashRpt.dll
    IAT C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[1364] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [0200C85C] C:\Program Files\TortoiseSVN\bin\CrashRpt.dll
    IAT C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[1364] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [0200C85C] C:\Program Files\TortoiseSVN\bin\CrashRpt.dll
    IAT C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[1364] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [0200CBD3] C:\Program Files\TortoiseSVN\bin\CrashRpt.dll
    IAT C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[1364] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [0200CBB5] C:\Program Files\TortoiseSVN\bin\CrashRpt.dll
    IAT C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[1364] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [0200CB6B] C:\Program Files\TortoiseSVN\bin\CrashRpt.dll
    IAT C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[1364] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [0200CB90] C:\Program Files\TortoiseSVN\bin\CrashRpt.dll
    IAT C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[1364] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [0200AD41] C:\Program Files\TortoiseSVN\bin\CrashRpt.dll
    IAT C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[1364] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [0200C85C] C:\Program Files\TortoiseSVN\bin\CrashRpt.dll
    IAT C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[1364] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [0200CBD3] C:\Program Files\TortoiseSVN\bin\CrashRpt.dll
    IAT C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[1364] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [0200AD41] C:\Program Files\TortoiseSVN\bin\CrashRpt.dll
    IAT C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[1364] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [0200CB90] C:\Program Files\TortoiseSVN\bin\CrashRpt.dll
    IAT C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[1364] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [0200CB6B] C:\Program Files\TortoiseSVN\bin\CrashRpt.dll

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    Device \FileSystem\Cdfs \Cdfs B7B5D400

    ---- Modules - GMER 1.0.15 ----

    Module (noname) (*** hidden *** ) B822A000-B8246000 (114688 bytes)

    ---- Registry - GMER 1.0.15 ----

    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F62DF5CF-D3A2-4A92-331F-F12F1F986316}
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F62DF5CF-D3A2-4A92-331F-F12F1F986316}@hangkpafcmkkmdbj 0x61 0x61 0x00 0x00
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F62DF5CF-D3A2-4A92-331F-F12F1F986316}@hangkpafjmdlchnb 0x61 0x61 0x00 0x00

    ---- Files - GMER 1.0.15 ----

    File C:\WINDOWS\$NtUninstallKB48082$\1959251733 0 bytes
    File C:\WINDOWS\$NtUninstallKB48082$\1959251733\@ 2048 bytes
    File C:\WINDOWS\$NtUninstallKB48082$\1959251733\bckfg.tmp 862 bytes
    File C:\WINDOWS\$NtUninstallKB48082$\1959251733\cfg.ini 176 bytes
    File C:\WINDOWS\$NtUninstallKB48082$\1959251733\Desktop.ini 4608 bytes
    File C:\WINDOWS\$NtUninstallKB48082$\1959251733\keywords 0 bytes
    File C:\WINDOWS\$NtUninstallKB48082$\1959251733\kwrd.dll 223744 bytes
    File C:\WINDOWS\$NtUninstallKB48082$\1959251733\L 0 bytes
    File C:\WINDOWS\$NtUninstallKB48082$\1959251733\L\rnmncxam 456320 bytes
    File C:\WINDOWS\$NtUninstallKB48082$\1959251733\U 0 bytes
    File C:\WINDOWS\$NtUninstallKB48082$\1959251733\U\00000001.@ 2048 bytes
    File C:\WINDOWS\$NtUninstallKB48082$\1959251733\U\00000002.@ 224768 bytes
    File C:\WINDOWS\$NtUninstallKB48082$\1959251733\U\00000004.@ 1024 bytes
    File C:\WINDOWS\$NtUninstallKB48082$\1959251733\U\80000000.@ 11264 bytes
    File C:\WINDOWS\$NtUninstallKB48082$\1959251733\U\80000004.@ 12800 bytes
    File C:\WINDOWS\$NtUninstallKB48082$\1959251733\U\80000032.@ 77312 bytes
    File C:\WINDOWS\$NtUninstallKB48082$\3415717038 0 bytes

    ---- EOF - GMER 1.0.15 ----
     
    ldaoust,
    #1
  2. 2012/01/11
    ldaoust

    ldaoust Inactive Thread Starter

    Joined:
    2011/04/11
    Messages:
    42
    Likes Received:
    0
    Step 3: aswMBR
    ============

    Note: I was running in safe mode and this tool would not start properly. There was a message box about a problem with a DLL. After restarting WIndows in normal mode I could run the tool.

    Also, the UI has 2 differences than what is shown on this site for step 3. There is a FixMBR button and there is a scan select box which has the quick scan option selected by default.

    (Edit): After starting the tool it asks to update the virus definition file. On the first run, my internet conenction was not active so there was a scan without a db update. I did a second run and updated the virus db. Maybe that is why there is a double log ?

    Here's the log:

    aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software
    Run date: 2012-01-11 08:28:09
    -----------------------------
    08:28:09.312 OS Version: Windows 5.1.2600 Service Pack 3
    08:28:09.312 Number of processors: 2 586 0x209
    08:28:09.375 ComputerName: INFO01-A UserName:
    08:28:15.171 Initialize success
    08:28:37.078 AVAST engine download error: 0
    08:28:43.812 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17
    08:28:43.812 Disk 0 Vendor: WDC_WD1600AAJS-22PSA0 05.06H05 Size: 152627MB BusType: 3
    08:28:43.812 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-22
    08:28:43.812 Disk 1 Vendor: ST3160815AS 4.AAB Size: 152627MB BusType: 3
    08:28:43.812 Disk 0 MBR read successfully
    08:28:43.843 Disk 0 MBR scan
    08:28:43.843 Disk 0 Windows XP default MBR code
    08:28:43.843 Disk 0 Partition 1 00 DE Dell Utility Dell 4.1 39 MB offset 63
    08:28:43.843 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 152586 MB offset 80325
    08:28:43.843 Disk 0 scanning sectors +312576705
    08:28:43.890 Disk 0 scanning C:\WINDOWS\system32\drivers
    08:28:56.515 File: C:\WINDOWS\system32\drivers\mrxsmb.sys **SUSPICIOUS**
    08:29:05.312 Disk 0 trace - called modules:
    08:29:05.328 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8a86bff0]<<
    08:29:05.328 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8af1bab8]
    08:29:05.328 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> [0x8ad96030]
    08:29:05.328 \Driver\00001045[0x8acffda0] -> IRP_MJ_CREATE -> 0x8a86bff0
    08:29:05.328 Scan finished successfully
    08:29:47.906 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Louis Daoust\Desktop\Virus & Spyware Tools\Scan Tools\Logs\MBR.dat "
    08:29:47.953 The log file has been saved successfully to "C:\Documents and Settings\Louis Daoust\Desktop\Virus & Spyware Tools\Scan Tools\Logs\aswMBR.txt "


    aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software
    Run date: 2012-01-11 08:35:23
    -----------------------------
    08:35:23.778 OS Version: Windows 5.1.2600 Service Pack 3
    08:35:23.778 Number of processors: 2 586 0x209
    08:35:23.778 ComputerName: INFO01-A UserName:
    08:35:25.949 Initialize success
    08:38:56.324 AVAST engine defs: 12011100
    08:39:09.059 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17
    08:39:09.371 Disk 0 Vendor: WDC_WD1600AAJS-22PSA0 05.06H05 Size: 152627MB BusType: 3
    08:39:09.465 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-22
    08:39:09.465 Disk 1 Vendor: ST3160815AS 4.AAB Size: 152627MB BusType: 3
    08:39:09.637 Disk 0 MBR read successfully
    08:39:09.934 Disk 0 MBR scan
    08:39:10.199 Disk 0 Windows XP default MBR code
    08:39:10.434 Disk 0 Partition 1 00 DE Dell Utility Dell 4.1 39 MB offset 63
    08:39:10.621 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 152586 MB offset 80325
    08:39:10.684 Disk 0 scanning sectors +312576705
    08:39:10.762 Disk 0 scanning C:\WINDOWS\system32\drivers
    08:39:42.262 File: C:\WINDOWS\system32\drivers\mrxsmb.sys **INFECTED** Win32:Aluroot-B [Rtk]
    08:40:06.309 Disk 0 trace - called modules:
    08:40:06.949 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8a86bff0]<<
    08:40:07.215 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8af1bab8]
    08:40:07.309 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> [0x8ad96030]
    08:40:07.418 \Driver\00001045[0x8acffda0] -> IRP_MJ_CREATE -> 0x8a86bff0
    08:40:10.199 AVAST engine scan C:\WINDOWS
    08:40:59.903 AVAST engine scan C:\WINDOWS\system32
    08:47:57.481 AVAST engine scan C:\WINDOWS\system32\drivers
    08:48:22.293 File: C:\WINDOWS\system32\drivers\mrxsmb.sys **INFECTED** Win32:Aluroot-B [Rtk]
    08:48:49.434 AVAST engine scan C:\Documents and Settings\Louis Daoust
    09:22:45.231 File: C:\Documents and Settings\Louis Daoust\My Documents\23yiT0mQF.exe **INFECTED** Win32:FakeAV-CUM [Trj]
    09:24:55.215 AVAST engine scan C:\Documents and Settings\All Users
    09:27:44.684 Scan finished successfully
    09:30:36.496 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Louis Daoust\Desktop\Virus & Spyware Tools\Scan Tools\Logs\MBR.dat "
    09:30:36.496 The log file has been saved successfully to "C:\Documents and Settings\Louis Daoust\Desktop\Virus & Spyware Tools\Scan Tools\Logs\aswMBR.txt "
     
    Last edited: 2012/01/11
    ldaoust,
    #2


  3. to hide this advert.

  4. 2012/01/11
    ldaoust

    ldaoust Inactive Thread Starter

    Joined:
    2011/04/11
    Messages:
    42
    Likes Received:
    0
    Step 4: dds.txt
    ===========

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
    Run by Louis Daoust at 9:31:54 on 2012-01-11
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2559.1552 [GMT -5:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
    C:\WINDOWS\System32\inetsrv\inetinfo.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\MySQL\MySQL Server 4.1\bin\mysqld-nt.exe
    C:\Program Files\Persits Software\AspEmail\BIN\EmailAgent.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\WINDOWS\System32\svchost.exe -k imgsvc
    C:\Program Files\RealVNC\VNC4\WinVNC4.exe
    C:\tools\zabbixw32.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
    C:\WINDOWS\BCMSMMSG.exe
    C:\WINDOWS\System32\taskswitch.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\POP Peeper\POPPeeper.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\MySQL\MySQL Administrator 1.0\MySQLSystemTrayMonitor.exe
    C:\Documents and Settings\Louis Daoust\Local Settings\Application Data\Pandion\Application\Pandion.exe
    C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://radio-canada.ca/
    uSearch Page = hxxp://www.google.com
    uDefault_Page_URL = hxxp://www.dell.com
    uSearch Bar = hxxp://www.google.com/ie
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Connection Wizard,ShellNext = iexplore
    uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
    mSearchAssistant = hxxp://www.google.com/ie
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7018.1622\swg.dll
    BHO: IE Developer Toolbar BHO: {cc7e636d-39aa-49b6-b511-65413da137a1} - c:\program files\microsoft\internet explorer developer toolbar\IEDevToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - No File
    EB: IE Developer Toolbar: {a202b231-ef71-4a08-bdb9-4ce5ae8bde0a} - c:\program files\microsoft\internet explorer developer toolbar\IEDevToolbar.dll
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    EB: {6F480F82-C3A6-4D35-96F7-B297AD49FBE8} - No File
    EB: &Research: {ff059e31-cc5a-4e2e-bf3b-96e929d65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [POP Peeper] "c:\program files\pop peeper\POPPeeper.exe" -min
    uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe "
    uRun: [Codejock Update] "c:\program files\codejock software\mfc\xtreme toolkitpro v13.3.1\CodejockAlert.exe" /Autostart
    mRun: [BCMSMMSG] BCMSMMSG.exe
    mRun: [CoolSwitch] c:\windows\system32\taskswitch.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -startup
    mRun: [Firebird]
    mRun: [nwiz] nwiz.exe /install
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    StartupFolder: c:\docume~1\louisd~1\startm~1\programs\startup\mysqls~1.lnk - c:\program files\mysql\mysql administrator 1.0\MySQLSystemTrayMonitor.exe
    StartupFolder: c:\docume~1\louisd~1\startm~1\programs\startup\pandion.lnk - c:\documents and settings\louis daoust\local settings\application data\pandion\application\Pandion.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\apcups~1.lnk - c:\program files\apc\apc powerchute personal edition\Display.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\servic~1.lnk - c:\program files\microsoft sql server\80\tools\binn\sqlmangr.exe
    uPolicies-explorer: NoRecentDocsNetHood = 1 (0x1)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
    IE: Validate XML - c:\windows\web\msxmlval.htm
    IE: View XSL Output - c:\windows\web\msxmlvw.htm
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
    IE: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "c:\program files\fiddler2\Fiddler.exe "
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - {1FBA04EE-3024-11D2-8F1F-0000F87ABD16} c:\program files\irfanview\ebay\ebay.htm - c:\program files\irfanview\ebay\ebay.htm\inprocserver32 does not exist!
    IE: {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - {CC962137-2E78-4F94-975E-FC0C07DBD78F} - c:\program files\microsoft\internet explorer developer toolbar\IEDevToolbar.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    LSP: mswsock.dll
    DPF: {00000075-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/voxacm.CAB
    DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
    DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
    DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} - hxxp://www.windowsvistatestdrive.com/ActiveX/VMRCActiveXClient1.cab
    DPF: {66D393D5-4D80-497C-9F4F-F3839E090202} - hxxp://www.pysoft.com/Downloads/WebCamPlayerOCX.cab
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1178915773131
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {91C9290A-C659-4C68-BD00-9D3E94F40090} - hxxp://www.gigasoft.com/PE5DEMO.CAB
    DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37991.4499652778
    DPF: {A8658086-E6AC-4957-BC8E-8D54A7E8A790} - hxxp://www.microsoft.com/security/controls/GDI/0/GDIChk.CAB
    DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {F2A84794-EE6D-447B-8C21-3BA1DC77C5B4} - hxxp://activex.microsoft.com/activex/controls/sdkupdate/sdkinst.cab
    TCP: DhcpNameServer = 192.168.5.24 192.168.5.23
    TCP: Interfaces\{CB491783-B338-448A-A0CB-CBE26E88DB07} : DhcpNameServer = 192.168.5.24 192.168.5.23
    Handler: asp - {8D32BA61-D15B-11d4-894B-000000000000} - c:\program files\common files\eztools\hsppp.dll
    Handler: ezstor - {8D32BA61-D15B-11d4-894B-000000000000} - c:\program files\common files\eztools\hsppp.dll
    Handler: hsp - {8D32BA61-D15B-11d4-894B-000000000000} - c:\program files\common files\eztools\hsppp.dll
    Handler: x-asp - {8D32BA61-D15B-11d4-894B-000000000000} - c:\program files\common files\eztools\hsppp.dll
    Handler: x-cnote - {8D32BA61-D15B-11d4-894B-000000000000} - c:\program files\common files\eztools\hsppp.dll
    Handler: x-hsp - {8D32BA61-D15B-11d4-894B-000000000000} - c:\program files\common files\eztools\hsppp.dll
    Handler: x-mem1 - {C3719F83-7EF8-4BA0-89B0-3360C7AFB7CC} - c:\program files\common files\eztools\wowctl2.dll
    Handler: x-zip - {8D32BA61-D15B-11d4-894B-000000000000} - c:\program files\common files\eztools\hsppp.dll
    Handler: zip - {8D32BA61-D15B-11d4-894B-000000000000} - c:\program files\common files\eztools\hsppp.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
    SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll credssp.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\louis daoust\application data\mozilla\firefox\profiles\2n5cbcqy.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FF - prefs.js: browser.startup.homepage - hxxp://radio-canada.ca/
    FF - component: c:\documents and settings\louis daoust\application data\mozilla\firefox\profiles\2n5cbcqy.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
    FF - component: c:\documents and settings\louis daoust\application data\mozilla\firefox\profiles\2n5cbcqy.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
    FF - component: c:\documents and settings\louis daoust\application data\mozilla\firefox\profiles\2n5cbcqy.default\extensions\{eecba28f-b68b-4b3a-b501-6ce12e6b8696}\platform\winnt_x86-msvc\components\winprocess.dll
    FF - plugin: c:\documents and settings\all users\application data\id software\quakelive\npquakezero.dll
    FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
    FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
    FF - plugin: c:\program files\nos\bin\np_gp.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165648]
    R1 MpKsl5ebf179d;MpKsl5ebf179d;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ec61ee5c-0a19-446c-82d4-87cf6626e32f}\MpKsl5ebf179d.sys [2012-1-11 29904]
    R2 UltraMonUtility;UltraMon Utility Driver;c:\program files\common files\realtime soft\ultramonmirrordrv\x32\UltraMonUtility.sys [2006-9-24 11776]
    R2 ZabbixAgentdW32;Zabbix Win32 Agent;c:\tools\ZabbixW32.exe [2006-1-31 106496]
    R3 UltraMonMirror;UltraMonMirror;c:\windows\system32\drivers\UltraMonMirror.sys [2006-9-24 3584]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-10 135664]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-10 135664]
    S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]
    S3 NxCoreAccessService;NxCoreAccessService;c:\program files\nanex\nxcoreaccess\NxCoreAccessService.exe [2006-5-1 17408]
    S3 postgresql-8.3;PostgreSQL Server 8.3;C:/Program Files/PostgreSQL/8.3/bin/pg_ctl.exe runservice -N "postgresql-8.3" -D "F:/PostgreSQL/8.3/data" -w --> C:/Program Files/PostgreSQL/8.3/bin/pg_ctl.exe runservice -N postgresql-8.3 [?]
    S3 svnrepos;Subversion Repository 1;c:\program files\subversion\bin\svnserve.exe [2007-6-13 561238]
    S3 ultradfg;ultradfg;c:\windows\system32\drivers\ultradfg.sys [2009-5-13 33792]
    .
    =============== File Associations ===============
    .
    VBSFile=%WINDIR%\System32\CScript.exe //nologo "%1" %*
    .
    =============== Created Last 30 ================
    .
    2012-01-11 13:25:44 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ec61ee5c-0a19-446c-82d4-87cf6626e32f}\MpKsl5ebf179d.sys
    2012-01-11 13:25:36 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ec61ee5c-0a19-446c-82d4-87cf6626e32f}\offreg.dll
    2012-01-10 14:30:27 -------- d-----w- c:\documents and settings\louis daoust\application data\Malwarebytes
    2012-01-10 14:30:18 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
    2012-01-10 14:30:17 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-01-10 14:30:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-01-10 14:11:34 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ec61ee5c-0a19-446c-82d4-87cf6626e32f}\MpKsl7f85c03a.sys
    2012-01-09 21:38:57 -------- d-----w- c:\windows\Microsoft Antimalware
    2012-01-09 21:38:32 -------- d-----w- c:\windows\Windows Defender Offline
    2012-01-09 15:38:15 6823496 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ec61ee5c-0a19-446c-82d4-87cf6626e32f}\mpengine.dll
    2012-01-09 13:49:09 626688 ----a-w- c:\program files\mozilla firefox\msvcr80.dll
    2012-01-09 13:49:09 548864 ----a-w- c:\program files\mozilla firefox\msvcp80.dll
    2012-01-09 13:49:09 479232 ----a-w- c:\program files\mozilla firefox\msvcm80.dll
    2012-01-09 13:49:09 43992 ----a-w- c:\program files\mozilla firefox\mozutils.dll
    .
    ==================== Find3M ====================
    .
    2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
    2011-11-11 14:00:27 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll
    2011-11-04 19:20:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-11-04 19:20:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2011-11-04 11:23:59 385024 ----a-w- c:\windows\system32\html.iec
    2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
    2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll
    2011-10-25 13:37:08 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-10-25 12:52:02 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-10-18 11:13:22 186880 ----a-w- c:\windows\system32\encdec.dll
    .
    ============= FINISH: 9:34:35.02 ===============
     
    ldaoust,
    #3
  5. 2012/01/11
    ldaoust

    ldaoust Inactive Thread Starter

    Joined:
    2011/04/11
    Messages:
    42
    Likes Received:
    0
    Step 4: attach.txt
    =============

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 05/01/2004 11:48:30
    System Uptime: 11/01/2012 8:24:05 (1 hours ago)
    .
    Motherboard: Dell Computer Corp. | | 0M2035
    Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | Microprocessor | 2793/800mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 149 GiB total, 46.954 GiB free.
    D: is CDROM (UDF)
    E: is CDROM ()
    F: is FIXED (NTFS) - 149 GiB total, 80.769 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    7-Zip 4.42
    Abakt 0.9.5
    ActivePerl 5.8.8 Build 817
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Photoshop 7.0
    Adobe Shockwave Player 11
    Advanced Office Password Recovery (remove only)
    Alt-Tab Task Switcher Powertoy for Windows XP
    APC PowerChute Personal Edition
    ASP to ASP.NET Migration Assistant
    ASP XML
    AspEmail
    AttachmentOptions
    AutoUpdate
    AWStats
    axLDAPInstaller
    Banctec Service Agreement
    BCM V.92 56K Modem
    Bullzip MS Access to MySQL 3.0.0.117
    CCleaner (remove only)
    CDBurnerXP Pro 3
    Chilkat XML
    ChilkatDotNet
    CmdHere Powertoy For Windows XP
    Codejock Software® Help 2.0
    ColorPic
    Compatibility Pack for the 2007 Office system
    Critical Update for Windows Media Player 11 (KB959772)
    Crystal Reports Basic for Visual Studio 2008
    DbaMgr2k
    Dell Networking Guide
    Dell Solution Center
    Demo Browser for The Ultimate Toolbox
    Dia (remove only)
    DiagramStudio 5.5
    DiagramStudio 5.7
    Dimension 4 v5.0
    DirectX for Managed Code Update (December 2004)
    DivX Codec
    DivX Converter
    DivX Player
    DivX Web Player
    dpaddinSetup
    DS21Patch
    Fiddler2
    FileZilla (remove only)
    Firebird 2.1.1.17910 (Win32)
    Firebird ODBC Driver 1.2.0.69
    FlameRobin 0.9.0
    Foxit Reader
    GanttProject
    Google Toolbar for Internet Explorer
    Google Update Helper
    GTK+ Runtime 2.12.1 rev a (remove only)
    HeidiSQL 3.2
    Help and Support Customization
    HelpMaker (Remove Only)
    HelpNDoc Version 1.11 Personal Edition
    HighMAT Extension to Microsoft Windows XP CD Writing Wizard
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB971092)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB2633952)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    HTML Help Workshop
    IE XML/XSL Viewer Tools
    IIS 6.0 Resource Kit Tools
    Inkscape 0.45.1
    InstallShield 11 Express Edition
    Intel(R) PRO Network Adapters and Drivers
    Intel(R) PROSet
    Internet Explorer Developer Toolbar
    IrfanView (remove only)
    J2SE Runtime Environment 5.0 Update 6
    JabberD (remove only)
    Java 2 Runtime Environment, SE v1.4.2
    Java(TM) 6 Update 24
    Java(TM) 6 Update 7
    JXplorer
    KingsTools
    Ldap Admin Tool
    LogMeIn Rescue AVI Codec
    Macromedia Shockwave Player
    Malwarebytes Anti-Malware version 1.60.0.1800
    MdbToMySQL XP
    Microsoft .NET Compact Framework 2.0 SP2
    Microsoft .NET Compact Framework 3.5
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2572067)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Antimalware
    Microsoft Application Error Reporting
    Microsoft ASP.NET 2.0 AJAX Extensions 1.0
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Data Access Components KB870669
    Microsoft Device Emulator version 3.0 - ENU
    Microsoft Document Explorer 2005
    Microsoft Document Explorer 2008
    Microsoft FrontPage Client - English
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 2003 Web Components
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Basic Edition 2003
    Microsoft Office File Validation Add-In
    Microsoft Office PowerPoint Viewer 2003
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
    Microsoft Office Visual Web Developer 2007
    Microsoft Office Visual Web Developer MUI (English) 2007
    Microsoft Office XP Professional with FrontPage
    Microsoft Platform SDK (3790.1830)
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft Speech SDK 5.1
    Microsoft SQL Server 2005
    Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
    Microsoft SQL Server 2005 Tools Express Edition
    Microsoft SQL Server 2008 Management Objects
    Microsoft SQL Server Compact 3.5 for Devices ENU
    Microsoft SQL Server Compact 3.5 SP1 Design Tools English
    Microsoft SQL Server Compact 3.5 SP1 English
    Microsoft SQL Server Database Publishing Wizard 1.3
    Microsoft SQL Server Desktop Engine
    Microsoft SQL Server Management Studio Express
    Microsoft SQL Server Native Client
    Microsoft SQL Server Setup Support Files (English)
    Microsoft SQL Server VSS Writer
    Microsoft SQL Web Data Administrator
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft VC Redist 2008 (6001.18000.367)
    Microsoft Virtual PC 2007
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual J# .NET Redistributable Package 1.1
    Microsoft Visual SourceSafe 2005 - ENU
    Microsoft Visual SourceSafe NetSetup
    Microsoft Visual Studio .NET Enterprise Developer 2003 - English
    Microsoft Visual Studio 2005 Tools for Office Runtime
    Microsoft Visual Studio 2008 Professional Edition - ENU
    Microsoft Visual Studio 2008 Professional Edition - ENU Service Pack 1 (KB945140)
    Microsoft Visual Studio Web Authoring Component
    Microsoft Windows Journal Viewer
    Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools - enu
    Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
    Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
    Microsoft Windows SDK for Visual Studio 2008 SP1 Tools
    Microsoft Windows SDK for Visual Studio 2008 SP1 Win32 Tools
    Microsoft Windows SDK for Windows Server 2008 (6001.18000.367)
    Microsoft Windows SDK for Windows Server 2008 Common Utilities (6001.18000.367)
    Microsoft Windows SDK for Windows Server 2008 Headers and Libraries (6001.18000.367)
    Microsoft Windows SDK for Windows Server 2008 Utilities for Win32 Development (6001.18000.367)
    Microsoft Windows SDK Intellisense and Reference Assemblies (6001.18000.367)
    Microsoft Windows SDK MDAC Headers and Libraries (6001.18000.367)
    Microsoft Windows SDK Net Fx Interop Headers And Libraries (6001.18000.367)
    Modem Helper
    Mozilla Firefox 9.0.1 (x86 en-US)
    Mozilla Sunbird (0.9)
    Mozilla Thunderbird (2.0.0.24)
    MSDN Library for Visual Studio .NET 2003
    MSDN Library for Visual Studio 2008 - ENU
    MSI to redistribute MS VS2005 CRT libraries
    MSXML - XML Validation IE Extention
    MSXML - XSL Output IE Extention
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6.0 Parser (KB933579)
    Music Visualizer Library 1.4.00
    MyOleDB
    MySQL Administrator 1.0
    MySQL Connector Net 6.0.5
    MySQL Connector/ODBC 3.51
    MySQL Connector/ODBC 5.1
    MySQL Migration Toolkit 1.0
    MySQL Server 4.1
    MySQL Tools for 5.0
    NDoc
    Netquote Charts
    Network Notepad 4.6.2
    Notepad++
    NVIDIA Drivers
    Octoshape add-in for Adobe Flash Player
    Open Connector Groupware
    OpenProj
    Oxygen XML Editor
    Paint.NET v3.5.8
    Pandion
    Password Safe 3.14 for Windows
    PDFCreator
    PHP 5.0.5
    PHP 5.2.3
    PHP 5.2.8
    PHP to ASP.NET Migration Assistant
    POP Peeper
    PostgreSQL 8.3
    PostgreSQL OLE DB Provider
    PowerDVD
    ProxyDesigner
    PSPad editor
    psqlODBC
    Qtracker
    Quake 3 Arena Demo
    Quake Live Mozilla Plugin
    Quest Software Toad for MySQL Freeware 2.0
    QuickTime
    RapidSVN-0.9.4
    RC4DemoProject
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2584063)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Visual Studio 2008 Professional Edition - ENU (KB2251487)
    Security Update for Microsoft Visual Studio 2008 Professional Edition - ENU (KB972222)
    Security Update for Microsoft Visual Studio 2008 Professional Edition - ENU (KB973675)
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Step By Step Interactive Training (KB898458)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 7 (KB928090)
    Security Update for Windows Internet Explorer 7 (KB929969)
    Security Update for Windows Internet Explorer 7 (KB931768)
    Security Update for Windows Internet Explorer 7 (KB933566)
    Security Update for Windows Internet Explorer 7 (KB937143)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB2497640)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2530548)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2559049)
    Security Update for Windows Internet Explorer 8 (KB2586448)
    Security Update for Windows Internet Explorer 8 (KB2618444)
    Security Update for Windows Internet Explorer 8 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 10 (KB911565)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2124261)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2290570)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2491683)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567053)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB2618451)
    Security Update for Windows XP (KB2619339)
    Security Update for Windows XP (KB2620712)
    Security Update for Windows XP (KB2624667)
    Security Update for Windows XP (KB2633171)
    Security Update for Windows XP (KB2639417)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953155)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB970483)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    SmartSVN 2.1.8
    SonicStage
    Spybot - Search & Destroy
    SQL Admin Studio
    SQL Server System CLR Types
    SQLite Expert Personal 1.5.21
    SQLite ODBC Driver (remove only)
    Sqliteman 1.0.1
    SQLyog Community 8.61
    Stellarium 0.9.0
    Subversion 1.4.3-r23084
    The Dude
    TortoiseSVN 1.7.2.22327 (32 bit)
    TraderPlus
    Tweak UI
    Ultra Defragmenter
    UltraMon
    UltraVNC 1.0.5.6
    Update for 2007 Microsoft Office System (KB2284654)
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Visual Studio Web Authoring Component (KB945140)
    Update for Windows Internet Explorer 8 (KB972636)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB976749)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2607712)
    Update for Windows XP (KB2616676)
    Update for Windows XP (KB2641690)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Updater Tool
    Visual C++ 2008 IA64 Runtime - (v9.0.30729)
    Visual C++ 2008 IA64 Runtime - v9.0.30729.01
    Visual C++ 2008 x64 Runtime - (v9.0.30729)
    Visual C++ 2008 x64 Runtime - v9.0.30729.01
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - (v9.0.30729.4148)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    Visual C++ 2008 x86 Runtime - v9.0.30729.4148
    Visual Leak Detector 1.9h
    Visual Studio .NET Enterprise Developer 2003 - English
    Visual Studio 2005 Tools for Office Second Edition Runtime
    Visual Studio Tools for the Office system 3.0 Runtime
    Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258)
    Visual Studio.NET Baseline - English
    VNC Free Edition 4.1.2
    WAPT
    WCAT
    WebFldrs XP
    Windows Defender
    Windows Defender Signatures
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool
    Windows Imaging Component
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    Windows Media Format SDK Hotfix - KB891122
    Windows Media Player 11
    Windows Mobile 5.0 SDK R2 for Pocket PC
    Windows Mobile 5.0 SDK R2 for Smartphone
    Windows SDK Intellidocs
    Windows Support Tools
    Windows Vista Upgrade Advisor
    Windows XP Service Pack 3
    WinMerge 2.12.4
    WinPcap 4.0.2
    WinSCP 4.2.4 beta
    Wireshark 1.0.7
    XML Notepad 2007
    XML Paper Specification Shared Components Pack 1.0
    Xtreme ToolkitPro v13.3.1
    ZipStudio
    .
    ==== Event Viewer Messages From Past Week ========
    .
    11/01/2012 8:35:03, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.2524.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    10/01/2012 9:19:55, error: Service Control Manager [7023] - The World Wide Web Publishing service terminated with the following error: TCP/IP network protocol not installed.
    10/01/2012 9:19:55, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
    10/01/2012 8:57:24, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments " " in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
    10/01/2012 8:28:18, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MpFilter MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip vmm
    10/01/2012 8:28:18, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.
    10/01/2012 8:28:18, error: Service Control Manager [7001] - The Messenger service depends on the NetBIOS Interface service which failed to start because of the following error: A device attached to the system is not functioning.
    10/01/2012 8:28:18, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
    10/01/2012 8:28:18, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    10/01/2012 8:28:18, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
    10/01/2012 16:20:46, error: atapi [9] - The device, \Device\Ide\IdePort1, did not respond within the timeout period.
    09/01/2012 13:23:48, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MDM with arguments " " in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
    09/01/2012 13:14:59, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm MpFilter vmm
    09/01/2012 13:14:59, error: Service Control Manager [7001] - The World Wide Web Publishing service depends on the IIS Admin service which failed to start because of the following error: The dependency service or group failed to start.
    09/01/2012 13:14:15, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    .
    ==== End Of File ===========================
     
    ldaoust,
    #4
  6. 2012/01/11
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =============================================================

    See if you can update and run MBAM from normal mode.
    If so, post new log.

    Then...

    Download TDSSKiller and save it to your desktop.
    • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
    broni,
    #5
  7. 2012/01/11
    ldaoust

    ldaoust Inactive Thread Starter

    Joined:
    2011/04/11
    Messages:
    42
    Likes Received:
    0
    MBAM log (Windows normal mode)
    =========================

    Malwarebytes Anti-Malware 1.60.0.1800
    www.malwarebytes.org

    Database version: v2012.01.10.04

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Louis Daoust :: INFO01-A [administrator]

    11/01/2012 12:23:14
    mbam-log-2012-01-11 (12-23-14).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 292159
    Time elapsed: 14 minute(s), 58 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)


    TDSSkiller log
    ==========

    12:39:44.0075 4076 TDSS rootkit removing tool 2.7.0.0 Jan 10 2012 09:14:26
    12:39:44.0435 4076 ============================================================
    12:39:44.0435 4076 Current date / time: 2012/01/11 12:39:44.0435
    12:39:44.0435 4076 SystemInfo:
    12:39:44.0435 4076
    12:39:44.0435 4076 OS Version: 5.1.2600 ServicePack: 3.0
    12:39:44.0435 4076 Product type: Workstation
    12:39:44.0435 4076 ComputerName: INFO01-A
    12:39:44.0435 4076 UserName: Louis Daoust
    12:39:44.0435 4076 Windows directory: C:\WINDOWS
    12:39:44.0435 4076 System windows directory: C:\WINDOWS
    12:39:44.0435 4076 Processor architecture: Intel x86
    12:39:44.0435 4076 Number of processors: 2
    12:39:44.0435 4076 Page size: 0x1000
    12:39:44.0435 4076 Boot type: Normal boot
    12:39:44.0435 4076 ============================================================
    12:39:49.0372 4076 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000, SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K', Flags 0x00000054
    12:39:49.0387 4076 Drive \Device\Harddisk1\DR1 - Size: 0x25433D6000, SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K', Flags 0x00000054
    12:39:49.0418 4076 Drive \Device\Harddisk2\DR7 - Size: 0x1F6B00000, SectorSize: 0x200, Cylinders: 0x401, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    12:39:49.0497 4076 Initialize success
    12:40:07.0088 2180 ============================================================
    12:40:07.0088 2180 Scan started
    12:40:07.0088 2180 Mode: Manual;
    12:40:07.0088 2180 ============================================================
    12:40:08.0057 2180 Abiosdsk - ok
    12:40:08.0103 2180 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS
    12:40:08.0103 2180 abp480n5 - ok
    12:40:08.0150 2180 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    12:40:08.0166 2180 ACPI - ok
    12:40:08.0213 2180 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    12:40:08.0213 2180 ACPIEC - ok
    12:40:08.0244 2180 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\System32\DRIVERS\adpu160m.sys
    12:40:08.0244 2180 adpu160m - ok
    12:40:08.0291 2180 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
    12:40:08.0291 2180 aeaudio - ok
    12:40:08.0338 2180 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    12:40:08.0353 2180 aec - ok
    12:40:08.0385 2180 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
    12:40:08.0400 2180 AFD - ok
    12:40:08.0431 2180 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\System32\DRIVERS\agp440.sys
    12:40:08.0431 2180 agp440 - ok
    12:40:08.0463 2180 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\System32\DRIVERS\agpCPQ.sys
    12:40:08.0463 2180 agpCPQ - ok
    12:40:08.0494 2180 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\System32\DRIVERS\aha154x.sys
    12:40:08.0494 2180 Aha154x - ok
    12:40:08.0510 2180 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\System32\DRIVERS\aic78u2.sys
    12:40:08.0510 2180 aic78u2 - ok
    12:40:08.0556 2180 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\System32\DRIVERS\aic78xx.sys
    12:40:08.0556 2180 aic78xx - ok
    12:40:08.0588 2180 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\System32\DRIVERS\aliide.sys
    12:40:08.0588 2180 AliIde - ok
    12:40:08.0635 2180 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\System32\DRIVERS\alim1541.sys
    12:40:08.0635 2180 alim1541 - ok
    12:40:08.0650 2180 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\System32\DRIVERS\amdagp.sys
    12:40:08.0650 2180 amdagp - ok
    12:40:08.0697 2180 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\System32\DRIVERS\amsint.sys
    12:40:08.0697 2180 amsint - ok
    12:40:08.0728 2180 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\System32\DRIVERS\asc.sys
    12:40:08.0728 2180 asc - ok
    12:40:08.0760 2180 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\System32\DRIVERS\asc3350p.sys
    12:40:08.0760 2180 asc3350p - ok
    12:40:08.0775 2180 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\System32\DRIVERS\asc3550.sys
    12:40:08.0791 2180 asc3550 - ok
    12:40:08.0838 2180 Aspi32 (ed8cee58c1e4c5893f5b2fd686a272bf) C:\WINDOWS\system32\drivers\Aspi32.sys
    12:40:08.0838 2180 Aspi32 - ok
    12:40:08.0885 2180 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    12:40:08.0885 2180 AsyncMac - ok
    12:40:08.0916 2180 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    12:40:08.0916 2180 atapi - ok
    12:40:08.0916 2180 Atdisk - ok
    12:40:08.0947 2180 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    12:40:08.0947 2180 Atmarpc - ok
    12:40:08.0978 2180 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    12:40:08.0978 2180 audstub - ok
    12:40:09.0056 2180 BCMModem (41347688046d49cde0f6d138a534f73d) C:\WINDOWS\system32\DRIVERS\BCMSM.sys
    12:40:09.0119 2180 BCMModem - ok
    12:40:09.0150 2180 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    12:40:09.0150 2180 Beep - ok
    12:40:09.0181 2180 bvrp_pci - ok
    12:40:09.0197 2180 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\System32\DRIVERS\cbidf2k.sys
    12:40:09.0197 2180 cbidf - ok
    12:40:09.0213 2180 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    12:40:09.0213 2180 cbidf2k - ok
    12:40:09.0244 2180 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys
    12:40:09.0244 2180 cd20xrnt - ok
    12:40:09.0275 2180 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    12:40:09.0275 2180 Cdaudio - ok
    12:40:09.0322 2180 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    12:40:09.0322 2180 Cdfs - ok
    12:40:09.0353 2180 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    12:40:09.0353 2180 Cdrom - ok
    12:40:09.0369 2180 Changer - ok
    12:40:09.0416 2180 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\System32\DRIVERS\cmdide.sys
    12:40:09.0416 2180 CmdIde - ok
    12:40:09.0431 2180 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
    12:40:09.0431 2180 Compbatt - ok
    12:40:09.0463 2180 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\System32\DRIVERS\cpqarray.sys
    12:40:09.0463 2180 Cpqarray - ok
    12:40:09.0494 2180 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\System32\DRIVERS\dac2w2k.sys
    12:40:09.0494 2180 dac2w2k - ok
    12:40:09.0525 2180 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\System32\DRIVERS\dac960nt.sys
    12:40:09.0525 2180 dac960nt - ok
    12:40:09.0572 2180 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    12:40:09.0572 2180 Disk - ok
    12:40:09.0619 2180 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    12:40:09.0650 2180 dmboot - ok
    12:40:09.0666 2180 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    12:40:09.0666 2180 dmio - ok
    12:40:09.0681 2180 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    12:40:09.0681 2180 dmload - ok
    12:40:09.0713 2180 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    12:40:09.0713 2180 DMusic - ok
    12:40:09.0744 2180 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\System32\DRIVERS\dpti2o.sys
    12:40:09.0744 2180 dpti2o - ok
    12:40:09.0759 2180 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    12:40:09.0759 2180 drmkaud - ok
    12:40:09.0838 2180 E100B (443157a61ee37bca4dc2866d44e2c697) C:\WINDOWS\system32\DRIVERS\e100b325.sys
    12:40:09.0838 2180 E100B - ok
    12:40:09.0869 2180 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
    12:40:09.0869 2180 EL90XBC - ok
    12:40:09.0900 2180 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    12:40:09.0900 2180 Fastfat - ok
    12:40:09.0931 2180 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    12:40:09.0931 2180 Fdc - ok
    12:40:09.0978 2180 FETNDIS (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys
    12:40:09.0978 2180 FETNDIS - ok
    12:40:09.0994 2180 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    12:40:09.0994 2180 Fips - ok
    12:40:10.0041 2180 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    12:40:10.0041 2180 Flpydisk - ok
    12:40:10.0072 2180 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    12:40:10.0088 2180 FltMgr - ok
    12:40:10.0103 2180 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    12:40:10.0103 2180 Fs_Rec - ok
    12:40:10.0134 2180 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    12:40:10.0150 2180 Ftdisk - ok
    12:40:10.0197 2180 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    12:40:10.0197 2180 Gpc - ok
    12:40:10.0228 2180 HidBatt (748031ff4fe45ccc47546294905feab8) C:\WINDOWS\system32\DRIVERS\HidBatt.sys
    12:40:10.0228 2180 HidBatt - ok
    12:40:10.0244 2180 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    12:40:10.0244 2180 HidUsb - ok
    12:40:10.0275 2180 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\System32\DRIVERS\hpn.sys
    12:40:10.0275 2180 hpn - ok
    12:40:10.0322 2180 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    12:40:10.0322 2180 HTTP - ok
    12:40:10.0337 2180 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
    12:40:10.0337 2180 i2omgmt - ok
    12:40:10.0369 2180 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\System32\DRIVERS\i2omp.sys
    12:40:10.0369 2180 i2omp - ok
    12:40:10.0384 2180 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    12:40:10.0400 2180 i8042prt - ok
    12:40:10.0431 2180 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
    12:40:10.0431 2180 i81x - ok
    12:40:10.0462 2180 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
    12:40:10.0462 2180 iAimFP0 - ok
    12:40:10.0478 2180 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
    12:40:10.0494 2180 iAimFP1 - ok
    12:40:10.0494 2180 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
    12:40:10.0509 2180 iAimFP2 - ok
    12:40:10.0541 2180 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
    12:40:10.0541 2180 iAimFP3 - ok
    12:40:10.0587 2180 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
    12:40:10.0587 2180 iAimFP4 - ok
    12:40:10.0619 2180 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
    12:40:10.0619 2180 iAimTV0 - ok
    12:40:10.0634 2180 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
    12:40:10.0634 2180 iAimTV1 - ok
    12:40:10.0650 2180 iAimTV2 - ok
    12:40:10.0681 2180 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
    12:40:10.0681 2180 iAimTV3 - ok
    12:40:10.0712 2180 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
    12:40:10.0728 2180 iAimTV4 - ok
    12:40:10.0759 2180 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    12:40:10.0759 2180 Imapi - ok
    12:40:10.0806 2180 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\System32\DRIVERS\ini910u.sys
    12:40:10.0806 2180 ini910u - ok
    12:40:10.0837 2180 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\System32\DRIVERS\intelide.sys
    12:40:10.0837 2180 IntelIde - ok
    12:40:10.0853 2180 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    12:40:10.0869 2180 intelppm - ok
    12:40:10.0884 2180 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    12:40:10.0884 2180 Ip6Fw - ok
    12:40:10.0916 2180 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    12:40:10.0916 2180 IpFilterDriver - ok
    12:40:10.0931 2180 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    12:40:10.0931 2180 IpInIp - ok
    12:40:10.0962 2180 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    12:40:10.0962 2180 IpNat - ok
    12:40:10.0994 2180 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    12:40:10.0994 2180 IPSec - ok
    12:40:11.0025 2180 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    12:40:11.0025 2180 IRENUM - ok
    12:40:11.0056 2180 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    12:40:11.0056 2180 isapnp - ok
    12:40:11.0072 2180 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    12:40:11.0072 2180 Kbdclass - ok
    12:40:11.0103 2180 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    12:40:11.0103 2180 kmixer - ok
    12:40:11.0134 2180 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    12:40:11.0134 2180 KSecDD - ok
    12:40:11.0150 2180 lbrtfdc - ok
    12:40:11.0212 2180 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    12:40:11.0212 2180 mnmdd - ok
    12:40:11.0228 2180 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    12:40:11.0228 2180 Modem - ok
    12:40:11.0259 2180 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
    12:40:11.0259 2180 MODEMCSA - ok
    12:40:11.0290 2180 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    12:40:11.0290 2180 Mouclass - ok
    12:40:11.0337 2180 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    12:40:11.0337 2180 mouhid - ok
    12:40:11.0353 2180 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    12:40:11.0353 2180 MountMgr - ok
    12:40:11.0400 2180 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
    12:40:11.0415 2180 MpFilter - ok
    12:40:11.0572 2180 MpKsl5ebf179d (a69630d039c38018689190234f866d77) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EC61EE5C-0A19-446C-82D4-87CF6626E32F}\MpKsl5ebf179d.sys
    12:40:11.0572 2180 MpKsl5ebf179d - ok
    12:40:11.0603 2180 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\System32\DRIVERS\mraid35x.sys
    12:40:11.0603 2180 mraid35x - ok
    12:40:11.0619 2180 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    12:40:11.0634 2180 MRxDAV - ok
    12:40:11.0665 2180 MRxSmb (223a6c7b8803e46f621e8945aaf8f013) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    12:40:11.0665 2180 MRxSmb - ok
    12:40:11.0712 2180 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    12:40:11.0712 2180 Msfs - ok
    12:40:11.0744 2180 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    12:40:11.0744 2180 MSKSSRV - ok
    12:40:11.0759 2180 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    12:40:11.0775 2180 MSPCLOCK - ok
    12:40:11.0806 2180 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    12:40:11.0806 2180 MSPQM - ok
    12:40:11.0853 2180 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    12:40:11.0853 2180 mssmbios - ok
    12:40:11.0900 2180 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
    12:40:11.0900 2180 Mup - ok
    12:40:11.0947 2180 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    12:40:11.0947 2180 NDIS - ok
    12:40:11.0994 2180 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    12:40:11.0994 2180 NdisTapi - ok
    12:40:12.0025 2180 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    12:40:12.0025 2180 Ndisuio - ok
    12:40:12.0040 2180 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    12:40:12.0040 2180 NdisWan - ok
    12:40:12.0072 2180 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    12:40:12.0072 2180 NDProxy - ok
    12:40:12.0087 2180 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    12:40:12.0087 2180 NetBIOS - ok
    12:40:12.0103 2180 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    12:40:12.0119 2180 NetBT - ok
    12:40:12.0181 2180 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
    12:40:12.0181 2180 nm - ok
    12:40:12.0243 2180 NPF (6623e51595c0076755c29c00846c4eb2) C:\WINDOWS\system32\drivers\npf.sys
    12:40:12.0243 2180 NPF - ok
    12:40:12.0259 2180 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    12:40:12.0259 2180 Npfs - ok
    12:40:12.0306 2180 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    12:40:12.0322 2180 Ntfs - ok
    12:40:12.0337 2180 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    12:40:12.0337 2180 Null - ok
    12:40:12.0603 2180 nv (bf506d232c5e6f2dae80f5c11b45c60e) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    12:40:12.0790 2180 nv - ok
    12:40:12.0837 2180 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    12:40:12.0837 2180 NwlnkFlt - ok
    12:40:12.0853 2180 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    12:40:12.0853 2180 NwlnkFwd - ok
    12:40:12.0900 2180 omci (53d5f1278d9edb21689bbbcecc09108d) C:\WINDOWS\system32\DRIVERS\omci.sys
    12:40:12.0915 2180 omci - ok
    12:40:12.0931 2180 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
    12:40:12.0947 2180 P3 - ok
    12:40:12.0962 2180 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
    12:40:12.0962 2180 Parport - ok
    12:40:12.0978 2180 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    12:40:12.0978 2180 PartMgr - ok
    12:40:13.0025 2180 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    12:40:13.0025 2180 ParVdm - ok
    12:40:13.0040 2180 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    12:40:13.0040 2180 PCI - ok
    12:40:13.0056 2180 PCIDump - ok
    12:40:13.0087 2180 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    12:40:13.0087 2180 PCIIde - ok
    12:40:13.0134 2180 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    12:40:13.0134 2180 Pcmcia - ok
    12:40:13.0150 2180 PDCOMP - ok
    12:40:13.0181 2180 PDFRAME - ok
    12:40:13.0196 2180 PDRELI - ok
    12:40:13.0212 2180 PDRFRAME - ok
    12:40:13.0243 2180 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\System32\DRIVERS\perc2.sys
    12:40:13.0259 2180 perc2 - ok
    12:40:13.0275 2180 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\System32\DRIVERS\perc2hib.sys
    12:40:13.0275 2180 perc2hib - ok
    12:40:13.0353 2180 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    12:40:13.0353 2180 PptpMiniport - ok
    12:40:13.0384 2180 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
    12:40:13.0384 2180 Processor - ok
    12:40:13.0415 2180 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    12:40:13.0415 2180 Ptilink - ok
    12:40:13.0462 2180 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    12:40:13.0462 2180 PxHelp20 - ok
    12:40:13.0478 2180 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\System32\DRIVERS\ql1080.sys
    12:40:13.0478 2180 ql1080 - ok
    12:40:13.0509 2180 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\System32\DRIVERS\ql10wnt.sys
    12:40:13.0509 2180 Ql10wnt - ok
    12:40:13.0525 2180 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\System32\DRIVERS\ql12160.sys
    12:40:13.0525 2180 ql12160 - ok
    12:40:13.0540 2180 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\System32\DRIVERS\ql1240.sys
    12:40:13.0556 2180 ql1240 - ok
    12:40:13.0603 2180 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\System32\DRIVERS\ql1280.sys
    12:40:13.0603 2180 ql1280 - ok
    12:40:13.0650 2180 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    12:40:13.0650 2180 RasAcd - ok
    12:40:13.0681 2180 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    12:40:13.0696 2180 Rasl2tp - ok
    12:40:13.0712 2180 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    12:40:13.0728 2180 RasPppoe - ok
    12:40:13.0743 2180 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    12:40:13.0743 2180 Raspti - ok
    12:40:13.0759 2180 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    12:40:13.0759 2180 Rdbss - ok
    12:40:13.0790 2180 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    12:40:13.0790 2180 RDPCDD - ok
    12:40:13.0853 2180 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    12:40:13.0853 2180 rdpdr - ok
    12:40:13.0915 2180 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
    12:40:13.0931 2180 RDPWD - ok
    12:40:13.0962 2180 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    12:40:13.0962 2180 redbook - ok
    12:40:14.0056 2180 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    12:40:14.0056 2180 Secdrv - ok
    12:40:14.0087 2180 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    12:40:14.0087 2180 serenum - ok
    12:40:14.0118 2180 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
    12:40:14.0118 2180 Serial - ok
    12:40:14.0181 2180 sfdrv01 (0b179a959ff6b6ca5927d4f255ab9f90) C:\WINDOWS\system32\drivers\sfdrv01.sys
    12:40:14.0181 2180 sfdrv01 - ok
    12:40:14.0212 2180 sfhlp02 (15be2b5e4dc5b8623cf167720682abc9) C:\WINDOWS\system32\drivers\sfhlp02.sys
    12:40:14.0212 2180 sfhlp02 - ok
    12:40:14.0228 2180 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    12:40:14.0228 2180 Sfloppy - ok
    12:40:14.0274 2180 sfvfs02 (d7ae22c19b19916c011dd82db343539f) C:\WINDOWS\system32\drivers\sfvfs02.sys
    12:40:14.0290 2180 sfvfs02 - ok
    12:40:14.0306 2180 Simbad - ok
    12:40:14.0353 2180 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\System32\DRIVERS\sisagp.sys
    12:40:14.0368 2180 sisagp - ok
    12:40:14.0415 2180 smwdm (39f9595d2f6f7eb93f45a466789a6f49) C:\WINDOWS\system32\drivers\smwdm.sys
    12:40:14.0431 2180 smwdm - ok
    12:40:14.0462 2180 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\System32\DRIVERS\sparrow.sys
    12:40:14.0462 2180 Sparrow - ok
    12:40:14.0493 2180 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    12:40:14.0493 2180 splitter - ok
    12:40:14.0540 2180 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\System32\DRIVERS\sr.sys
    12:40:14.0540 2180 sr - ok
    12:40:14.0587 2180 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
    12:40:14.0587 2180 Srv - ok
    12:40:14.0634 2180 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    12:40:14.0634 2180 swenum - ok
    12:40:14.0681 2180 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    12:40:14.0681 2180 swmidi - ok
    12:40:14.0712 2180 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\System32\DRIVERS\symc810.sys
    12:40:14.0712 2180 symc810 - ok
    12:40:14.0743 2180 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\System32\DRIVERS\symc8xx.sys
    12:40:14.0743 2180 symc8xx - ok
    12:40:14.0759 2180 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\System32\DRIVERS\sym_hi.sys
    12:40:14.0759 2180 sym_hi - ok
    12:40:14.0774 2180 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\System32\DRIVERS\sym_u3.sys
    12:40:14.0774 2180 sym_u3 - ok
    12:40:14.0837 2180 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    12:40:14.0837 2180 sysaudio - ok
    12:40:14.0899 2180 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    12:40:14.0915 2180 Tcpip - ok
    12:40:14.0962 2180 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    12:40:14.0962 2180 TDPIPE - ok
    12:40:15.0024 2180 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    12:40:15.0024 2180 TDTCP - ok
    12:40:15.0071 2180 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    12:40:15.0071 2180 TermDD - ok
    12:40:15.0118 2180 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\System32\DRIVERS\toside.sys
    12:40:15.0118 2180 TosIde - ok
    12:40:15.0196 2180 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    12:40:15.0196 2180 Udfs - ok
    12:40:15.0227 2180 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\System32\DRIVERS\ultra.sys
    12:40:15.0227 2180 ultra - ok
    12:40:15.0274 2180 ultradfg (b0edec95310e259238cbc9319efba3fc) C:\WINDOWS\system32\DRIVERS\ultradfg.sys
    12:40:15.0290 2180 ultradfg - ok
    12:40:15.0352 2180 UltraMonMirror (26401a2c5e5466857077eadaaec7cdd0) C:\WINDOWS\system32\DRIVERS\UltraMonMirror.sys
    12:40:15.0352 2180 UltraMonMirror - ok
    12:40:15.0446 2180 UltraMonUtility (6fc85b4505eefbfdfc817787e4b3e26f) C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys
    12:40:15.0462 2180 UltraMonUtility - ok
    12:40:15.0540 2180 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    12:40:15.0540 2180 Update - ok
    12:40:15.0571 2180 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    12:40:15.0571 2180 usbehci - ok
    12:40:15.0618 2180 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    12:40:15.0618 2180 usbhub - ok
    12:40:15.0665 2180 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    12:40:15.0665 2180 usbscan - ok
    12:40:15.0696 2180 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    12:40:15.0696 2180 USBSTOR - ok
    12:40:15.0743 2180 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    12:40:15.0743 2180 usbuhci - ok
    12:40:15.0774 2180 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    12:40:15.0774 2180 VgaSave - ok
    12:40:15.0821 2180 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\System32\DRIVERS\viaagp.sys
    12:40:15.0821 2180 viaagp - ok
    12:40:15.0852 2180 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\System32\DRIVERS\viaide.sys
    12:40:15.0852 2180 ViaIde - ok
    12:40:15.0899 2180 vmm (e41fef9e3056fe88c71e411f705be41e) C:\WINDOWS\system32\Drivers\vmm.sys
    12:40:15.0915 2180 vmm - ok
    12:40:15.0962 2180 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    12:40:15.0962 2180 VolSnap - ok
    12:40:16.0009 2180 VPCNetS2 (f96a678debdccb0b4bb7f38cb2580589) C:\WINDOWS\system32\DRIVERS\VMNetSrv.sys
    12:40:16.0009 2180 VPCNetS2 - ok
    12:40:16.0071 2180 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    12:40:16.0087 2180 Wanarp - ok
    12:40:16.0102 2180 wanatw - ok
    12:40:16.0118 2180 WDICA - ok
    12:40:16.0180 2180 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    12:40:16.0180 2180 wdmaud - ok
    12:40:16.0290 2180 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    12:40:16.0290 2180 WudfPf - ok
    12:40:16.0305 2180 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    12:40:16.0321 2180 WudfRd - ok
    12:40:16.0368 2180 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
    12:40:16.0524 2180 \Device\Harddisk0\DR0 - ok
    12:40:16.0555 2180 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
    12:40:16.0555 2180 \Device\Harddisk1\DR1 - ok
    12:40:16.0571 2180 MBR (0x1B8) (0347ac93d563ecafee20ac71bcd9e1d2) \Device\Harddisk2\DR7
    12:40:19.0274 2180 \Device\Harddisk2\DR7 - ok
    12:40:19.0274 2180 Boot (0x1200) (b7522c802460b11c5161e9ca9de72eaa) \Device\Harddisk0\DR0\Partition0
    12:40:19.0274 2180 \Device\Harddisk0\DR0\Partition0 - ok
    12:40:19.0274 2180 Boot (0x1200) (89ef1a6f29e20da4ea54013b72cf2ccc) \Device\Harddisk1\DR1\Partition0
    12:40:19.0289 2180 \Device\Harddisk1\DR1\Partition0 - ok
    12:40:19.0289 2180 ============================================================
    12:40:19.0289 2180 Scan finished
    12:40:19.0289 2180 ============================================================
    12:40:19.0305 2708 Detected object count: 0
    12:40:19.0305 2708 Actual detected object count: 0
     
    ldaoust,
    #6
  8. 2012/01/11
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

    [color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
      • Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • [color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.

    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode (How to...)

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #7
  9. 2012/01/11
    ldaoust

    ldaoust Inactive Thread Starter

    Joined:
    2011/04/11
    Messages:
    42
    Likes Received:
    0
    I ran ComboFix. it installed the Recovery Console, did a scan, detected infection in tcp/ip stack, asked to reboot, i let it do so. It's been at least 25 minutes now that it started the shutdown and it's just sitting there with nothing happening. I only see the desktop with nothing on it.

    Should I just be patient some more or should I reset and try again ?
     
    ldaoust,
    #8
  10. 2012/01/11
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Give it another 30 minutes.
     
    broni,
    #9
  11. 2012/01/11
    ldaoust

    ldaoust Inactive Thread Starter

    Joined:
    2011/04/11
    Messages:
    42
    Likes Received:
    0
    45 minutes later...PC still showing empty desktop (wallpaper)...
     
    ldaoust,
    #10
  12. 2012/01/11
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Shut it down manually.
    Restart in safe mode and try from there.
    Run rKill first.
     
    broni,
    #11
  13. 2012/01/11
    ldaoust

    ldaoust Inactive Thread Starter

    Joined:
    2011/04/11
    Messages:
    42
    Likes Received:
    0
    I ended up rebooting in normal mode (forgot the F8 key). Combofix started automatically, only thing showing up. It ran through all 50 stages, rebooted the machine. On reboot, Combofix ran again 'Preparing Log Report', while everything else loaded normally.

    Should I still go on and run the rKill tool and ComboFix from safe mode ?

    Here's Combofix current log:
    ==============


    ComboFix 12-01-10.02 - Louis Daoust 11/01/2012 15:46:54.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2559.2068 [GMT -5:00]
    Running from: g:\scan tools\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\Microsoft\corecon\1.0\1033\NonSDKAddonLangVer.dll
    c:\documents and settings\All Users\Application Data\Microsoft\corecon\1.0\1033\SDKAddonLangVer.dll
    c:\documents and settings\All Users\Application Data\Microsoft\corecon\1.0\addons\NonSDKAddonVer.dll
    c:\documents and settings\All Users\Application Data\Microsoft\corecon\1.0\addons\SDKAddonVer.dll
    c:\documents and settings\All Users\Application Data\Microsoft\corecon\1.0\SDKFilesVer.dll
    c:\documents and settings\All Users\Application Data\TEMP
    c:\documents and settings\Louis Daoust\Local Settings\Application Data\assembly\tmp
    c:\documents and settings\Louis Daoust\System
    c:\documents and settings\Louis Daoust\System\win_qs7.jqx
    c:\documents and settings\Louis Daoust\WINDOWS
    c:\download\tv.Exe
    C:\install.exe
    c:\windows\$NtUninstallKB48082$
    c:\windows\$NtUninstallKB48082$\1959251733\@
    c:\windows\$NtUninstallKB48082$\1959251733\bckfg.tmp
    c:\windows\$NtUninstallKB48082$\1959251733\cfg.ini
    c:\windows\$NtUninstallKB48082$\1959251733\Desktop.ini
    c:\windows\$NtUninstallKB48082$\1959251733\keywords
    c:\windows\$NtUninstallKB48082$\1959251733\kwrd.dll
    c:\windows\$NtUninstallKB48082$\1959251733\L\rnmncxam
    c:\windows\$NtUninstallKB48082$\1959251733\U\00000001.@
    c:\windows\$NtUninstallKB48082$\1959251733\U\00000002.@
    c:\windows\$NtUninstallKB48082$\1959251733\U\00000004.@
    c:\windows\$NtUninstallKB48082$\1959251733\U\80000000.@
    c:\windows\$NtUninstallKB48082$\1959251733\U\80000004.@
    c:\windows\$NtUninstallKB48082$\1959251733\U\80000032.@
    c:\windows\$NtUninstallKB48082$\3415717038
    c:\windows\system32\Cache
    c:\windows\system32\PowerToyReadme.htm
    c:\windows\system32\SET51C.tmp
    c:\windows\system32\SET521.tmp
    .
    Infected copy of c:\windows\system32\drivers\mrxsmb.sys was found and disinfected
    Restored copy from - The cat found it :)
    .
    ((((((((((((((((((((((((( Files Created from 2011-12-11 to 2012-01-11 )))))))))))))))))))))))))))))))
    .
    .
    2012-01-11 21:07 . 2012-01-11 21:07 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EC61EE5C-0A19-446C-82D4-87CF6626E32F}\offreg.dll
    2012-01-11 19:13 . 2011-07-15 13:29 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2012-01-10 14:30 . 2012-01-10 14:30 -------- d-----w- c:\documents and settings\Louis Daoust\Application Data\Malwarebytes
    2012-01-10 14:30 . 2012-01-10 14:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2012-01-10 14:30 . 2012-01-10 14:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-01-10 14:30 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-01-10 14:11 . 2012-01-10 14:11 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EC61EE5C-0A19-446C-82D4-87CF6626E32F}\MpKsl7f85c03a.sys
    2012-01-09 21:38 . 2012-01-09 21:39 -------- d-----w- c:\windows\Microsoft Antimalware
    2012-01-09 21:38 . 2012-01-09 21:38 -------- d-----w- c:\windows\Windows Defender Offline
    2012-01-09 18:23 . 2012-01-09 18:23 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
    2012-01-09 15:38 . 2011-11-21 10:47 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EC61EE5C-0A19-446C-82D4-87CF6626E32F}\mpengine.dll
    2012-01-09 13:49 . 2012-01-09 13:49 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
    2012-01-09 13:49 . 2012-01-09 13:49 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
    2012-01-09 13:49 . 2012-01-09 13:49 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
    2012-01-09 13:49 . 2012-01-09 13:49 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-11-23 16:55 . 2011-11-22 20:54 51816 ----a-r- c:\documents and settings\Louis Daoust\Application Data\Microsoft\Installer\{D123F6A3-F744-4940-AC17-C4FFCE32E6AC}\TraderPlusAppShort_96D5DBFB36E54DB2A835745657B95339.exe
    2011-11-23 16:55 . 2011-11-22 20:54 51816 ----a-r- c:\documents and settings\Louis Daoust\Application Data\Microsoft\Installer\{D123F6A3-F744-4940-AC17-C4FFCE32E6AC}\NewShortcut1_09F82C2D151B4016ACEF14DDD1269EB5.exe
    2011-11-23 16:55 . 2011-11-22 20:54 51816 ----a-r- c:\documents and settings\Louis Daoust\Application Data\Microsoft\Installer\{D123F6A3-F744-4940-AC17-C4FFCE32E6AC}\ARPPRODUCTICON.exe
    2011-11-23 13:25 . 2002-08-29 11:00 1859584 ----a-w- c:\windows\system32\win32k.sys
    2011-11-21 10:47 . 2011-03-21 12:53 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2011-11-17 15:03 . 2007-07-25 16:26 165232 ---ha-w- c:\documents and settings\Louis Daoust\Application Data\Microsoft\Virtual PC\VPCKeyboard.dll
    2011-11-11 14:00 . 2011-05-27 14:26 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-11-04 19:20 . 2004-02-06 22:05 916992 ----a-w- c:\windows\system32\wininet.dll
    2011-11-04 19:20 . 2002-08-29 11:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-11-04 19:20 . 2002-08-29 11:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2011-11-04 11:23 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
    2011-11-01 16:07 . 2004-04-14 12:48 1288704 ----a-w- c:\windows\system32\ole32.dll
    2011-10-28 05:31 . 2002-08-29 11:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
    2011-10-25 13:37 . 1980-01-01 06:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-10-25 12:52 . 1980-01-01 06:00 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-10-18 11:13 . 2002-11-26 20:15 186880 ----a-w- c:\windows\system32\encdec.dll
    2012-01-09 13:49 . 2011-05-09 12:48 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
    @= "{C5994560-53D9-4125-87C9-F193FC689CB2} "
    [HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 15:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
    @= "{C5994561-53D9-4125-87C9-F193FC689CB2} "
    [HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 15:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
    @= "{C5994562-53D9-4125-87C9-F193FC689CB2} "
    [HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 15:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
    @= "{C5994563-53D9-4125-87C9-F193FC689CB2} "
    [HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 15:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
    @= "{C5994564-53D9-4125-87C9-F193FC689CB2} "
    [HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 15:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
    @= "{C5994565-53D9-4125-87C9-F193FC689CB2} "
    [HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 15:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
    @= "{C5994566-53D9-4125-87C9-F193FC689CB2} "
    [HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 15:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
    @= "{C5994567-53D9-4125-87C9-F193FC689CB2} "
    [HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 15:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
    @= "{C5994568-53D9-4125-87C9-F193FC689CB2} "
    [HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 15:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "POP Peeper "= "c:\program files\POP Peeper\POPPeeper.exe" [2009-01-22 1470464]
    "ISUSPM "= "c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2007-08-30 205480]
    "swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-22 39408]
    "Codejock Update "= "c:\program files\Codejock Software\MFC\Xtreme ToolkitPro v13.3.1\CodejockAlert.exe" [2009-12-17 194480]
    "ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BCMSMMSG "= "BCMSMMSG.exe" [2003-08-29 122880]
    "CoolSwitch "= "c:\windows\System32\taskswitch.exe" [2002-03-19 45632]
    "QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2005-11-07 155648]
    "ISUSPM Startup "= "c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2007-08-30 205480]
    "nwiz "= "nwiz.exe" [2009-06-10 1657376]
    "NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2009-06-10 86016]
    "NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2009-06-10 13758464]
    "MSC "= "c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
    .
    c:\documents and settings\Louis Daoust\Start Menu\Programs\Startup\
    MySQL System Tray Monitor.lnk - c:\program files\MySQL\MySQL Administrator 1.0\MySQLSystemTrayMonitor.exe [2005-1-8 983552]
    Pandion.lnk - c:\documents and settings\Louis Daoust\Local Settings\Application Data\Pandion\Application\Pandion.exe [2010-5-25 549888]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2008-1-18 221247]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled
    Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308]
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoRecentDocsNetHood "= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dllcredssp.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @= "Service "
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride "=dword:00000001
    "FirewallOverride "=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "DisableNotifications "= 1 (0x1)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe "=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe "=
    "c:\\Program Files\\UltraVNC\\vncviewer.exe "=
    "c:\\Q3Ademo\\quake3.exe "=
    "c:\\Program Files\\Microsoft Visual SourceSafe\\ssexp.exe "=
    "c:\\tools\\ph_shell\\ph_shell.exe "=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP "= 3389:TCP:mad:xpsp2res.dll,-22009
    .
    R2 UltraMonUtility;UltraMon Utility Driver;c:\program files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [24/09/2006 21:22 11776]
    R2 ZabbixAgentdW32;Zabbix Win32 Agent;c:\tools\ZabbixW32.exe [31/01/2006 13:20 106496]
    R3 UltraMonMirror;UltraMonMirror;c:\windows\SYSTEM32\DRIVERS\UltraMonMirror.sys [24/09/2006 21:23 3584]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/02/2010 17:09 135664]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10/02/2010 17:09 135664]
    S3 NPF;NetGroup Packet Filter Driver;c:\windows\SYSTEM32\DRIVERS\npf.sys [06/11/2007 15:22 34064]
    S3 NxCoreAccessService;NxCoreAccessService;c:\program files\Nanex\NxCoreAccess\NxCoreAccessService.exe [01/05/2006 0:16 17408]
    S3 postgresql-8.3;PostgreSQL Server 8.3;C:/Program Files/PostgreSQL/8.3/bin/pg_ctl.exe runservice -N "postgresql-8.3" -D "F:/PostgreSQL/8.3/data" -w --> C:/Program Files/PostgreSQL/8.3/bin/pg_ctl.exe runservice -N postgresql-8.3 [?]
    S3 svnrepos;Subversion Repository 1;c:\program files\Subversion\bin\svnserve.exe [13/06/2007 10:36 561238]
    S3 ultradfg;ultradfg;c:\windows\SYSTEM32\DRIVERS\ultradfg.sys [13/05/2009 9:37 33792]
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-01-07 c:\windows\Tasks\Backup Full.job
    - c:\0a_backup\Backup_PreRun.cmd [2007-11-09 05:14]
    .
    2012-01-09 c:\windows\Tasks\Backup Incremental.job
    - c:\0a_backup\Backup_PreRun.cmd [2007-11-09 05:14]
    .
    2008-01-08 c:\windows\Tasks\GetRcvStats.job
    - c:\source\windows\dpdtn\run\scripts\GetRcvStats.cmd [2007-11-21 14:27]
    .
    2012-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-10 22:08]
    .
    2012-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-10 22:08]
    .
    2012-01-11 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 19:39]
    .
    2012-01-11 c:\windows\Tasks\Projman Notifier.job
    - c:\php\php-win.exe [2007-05-31 13:42]
    .
    2006-10-06 c:\windows\Tasks\Retrieve EOD files (Phantom and DTN).job
    - c:\netshare\eod2dta\getfiles.bat [2006-08-09 23:51]
    .
    2012-01-11 c:\windows\Tasks\User_Feed_Synchronization-{8700581E-EFD1-4C9E-A898-95B9B742F09A}.job
    - c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://radio-canada.ca/
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Connection Wizard,ShellNext = iexplore
    uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
    IE: Validate XML - c:\windows\web\msxmlval.htm
    IE: View XSL Output - c:\windows\web\msxmlvw.htm
    TCP: DhcpNameServer = 192.168.5.24 192.168.5.23
    DPF: {91C9290A-C659-4C68-BD00-9D3E94F40090} - hxxp://www.gigasoft.com/PE5DEMO.CAB
    FF - ProfilePath - c:\documents and settings\Louis Daoust\Application Data\Mozilla\Firefox\Profiles\2n5cbcqy.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FF - prefs.js: browser.startup.homepage - hxxp://radio-canada.ca/
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKLM-Run-Firebird - (no file)
    SafeBoot-WinDefend
    AddRemove-Example2 - c:\program files\JabberD\uninstall.exe
    AddRemove-FileZilla - c:\program files\FileZilla\uninstall.exe
    AddRemove-Visual SourceSafe NetSetup - c:\program files\Microsoft Visual Studio\VSS\setup\win32\1033\Setup.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-01-11 16:08
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\postgresql-8.3]
    "ImagePath "= "C:/Program Files/PostgreSQL/8.3/bin/pg_ctl.exe runservice -N \ "postgresql-8.3\" -D \ "F:/PostgreSQL/8.3/data\" -w "
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MySQL]
    "ImagePath "= "\ "c:\program files\MySQL\MySQL Server 4.1\bin\mysqld-nt\" --defaults-file=\ "c:\program files\MySQL\MySQL Server 4.1\my.ini\" MySQL "
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\postgresql-8.3]
    "ImagePath "= "C:/Program Files/PostgreSQL/8.3/bin/pg_ctl.exe runservice -N \ "postgresql-8.3\" -D \ "F:/PostgreSQL/8.3/data\" -w "
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-249062950-2638048696-2906977768-1007\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F62DF5CF-D3A2-4A92-331F-F12F1F986316}*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)
    "hangkpafcmkkmdbj "=hex:61,61,00,00
    "hangkpafjmdlchnb "=hex:61,61,00,00
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'explorer.exe'(2188)
    c:\windows\system32\WININET.dll
    c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    c:\program files\TortoiseSVN\bin\TortoiseStub32.dll
    c:\program files\TortoiseSVN\bin\TortoiseSVN32.dll
    c:\program files\TortoiseSVN\bin\libsvn_tsvn32.dll
    c:\program files\TortoiseSVN\bin\intl3_tsvn32.dll
    c:\program files\TortoiseSVN\bin\libsasl32.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\program files\Microsoft Virtual PC\VPCShExH.DLL
    c:\program files\WinSCP\DragExt.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\nvsvc32.exe
    c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
    c:\program files\APC\APC PowerChute Personal Edition\mainserv.exe
    c:\windows\System32\inetsrv\inetinfo.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\program files\MySQL\MySQL Server 4.1\bin\mysqld-nt.exe
    c:\program files\Persits Software\AspEmail\BIN\EmailAgent.exe
    c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    c:\program files\RealVNC\VNC4\WinVNC4.exe
    c:\program files\TortoiseSVN\bin\TSVNCache.exe
    c:\windows\BCMSMMSG.exe
    c:\windows\system32\RUNDLL32.EXE
    c:\program files\APC\APC PowerChute Personal Edition\apcsystray.exe
    .
    **************************************************************************
    .
    Completion time: 2012-01-11 16:21:06 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-01-11 21:20
    .
    Pre-Run: 51,422,773,248 bytes free
    Post-Run: 52,508,057,600 bytes free
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug= "do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS= "Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
    .
    - - End Of File - - A1390A5095FEE1D13D563162822204B6
     
    ldaoust,
    #12
  14. 2012/01/11
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    You did just fine.

    How is computer doing?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
    broni,
    #13
  15. 2012/01/11
    ldaoust

    ldaoust Inactive Thread Starter

    Joined:
    2011/04/11
    Messages:
    42
    Likes Received:
    0
    OTL (part 1)
    =========

    OTL logfile created on: 11/01/2012 16:41:56 - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Louis Daoust\Desktop\Virus & Spyware Tools\Scan Tools
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

    2.50 Gb Total Physical Memory | 1.96 Gb Available Physical Memory | 78.53% Memory free
    3.13 Gb Paging File | 2.70 Gb Available in Paging File | 86.11% Paging File free
    Paging file location(s): C:\pagefile.sys 800 800 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 149.01 Gb Total Space | 48.87 Gb Free Space | 32.80% Space Free | Partition Type: NTFS
    Drive D: | 227.32 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
    Drive F: | 149.05 Gb Total Space | 79.31 Gb Free Space | 53.21% Space Free | Partition Type: NTFS
    Drive G: | 7.84 Gb Total Space | 7.79 Gb Free Space | 99.41% Space Free | Partition Type: FAT32
    Drive I: | 16.95 Gb Total Space | 1.63 Gb Free Space | 9.61% Space Free | Partition Type: NTFS
    Drive N: | 74.45 Gb Total Space | 67.00 Gb Free Space | 89.99% Space Free | Partition Type: NTFS
    Drive S: | 54.99 Gb Total Space | 43.41 Gb Free Space | 78.93% Space Free | Partition Type: NTFS
    Drive X: | 45.20 Gb Total Space | 28.33 Gb Free Space | 62.67% Space Free | Partition Type: NTFS
    Drive Y: | 16.94 Gb Total Space | 5.02 Gb Free Space | 29.64% Space Free | Partition Type: NTFS

    Computer Name: INFO01-A | User Name: Louis Daoust | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/01/11 16:35:52 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Louis Daoust\Desktop\Virus & Spyware Tools\Scan Tools\OTL.exe
    PRC - [2011/11/30 20:07:34 | 000,274,712 | ---- | M] (http://tortoisesvn.net) -- C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
    PRC - [2011/06/15 14:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
    PRC - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    PRC - [2010/05/25 17:15:34 | 000,549,888 | ---- | M] (Pandion) -- C:\Documents and Settings\Louis Daoust\Local Settings\Application Data\Pandion\Application\pandion.exe
    PRC - [2009/01/21 20:43:44 | 001,470,464 | ---- | M] (Mortal Universe) -- C:\Program Files\POP Peeper\POPPeeper.exe
    PRC - [2008/04/13 19:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\INETSRV\inetinfo.exe
    PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2006/05/12 14:04:08 | 000,439,248 | ---- | M] (RealVNC Ltd.) -- C:\Program Files\RealVNC\VNC4\winvnc4.exe
    PRC - [2005/12/12 15:03:54 | 000,417,855 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
    PRC - [2005/12/12 15:02:24 | 000,176,193 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
    PRC - [2005/08/09 14:03:26 | 000,167,936 | ---- | M] (Persits Software, Inc.) -- C:\Program Files\Persits Software\AspEmail\Bin\EmailAgent.exe
    PRC - [2005/05/25 10:20:04 | 003,592,192 | ---- | M] () -- C:\Program Files\MySQL\MySQL Server 4.1\bin\mysqld-nt.exe
    PRC - [2005/01/08 00:53:52 | 000,983,552 | ---- | M] () -- C:\Program Files\MySQL\MySQL Administrator 1.0\MySQLSystemTrayMonitor.exe
    PRC - [2004/03/23 04:43:14 | 000,106,496 | ---- | M] () -- C:\tools\ZabbixW32.exe
    PRC - [2002/03/19 17:30:00 | 000,045,632 | ---- | M] () -- C:\WINDOWS\SYSTEM32\TaskSwitch.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/11/30 20:07:16 | 000,070,424 | ---- | M] () -- C:\Program Files\TortoiseSVN\bin\libsasl32.dll
    MOD - [2011/11/30 20:07:14 | 000,099,096 | ---- | M] () -- C:\Program Files\TortoiseSVN\bin\CrashRpt.dll
    MOD - [2009/06/10 08:29:34 | 000,466,944 | ---- | M] () -- C:\WINDOWS\SYSTEM32\nvshell.dll
    MOD - [2006/05/13 23:23:40 | 000,138,752 | ---- | M] () -- C:\Program Files\7-Zip\7-zip.dll
    MOD - [2005/05/25 10:20:04 | 003,592,192 | ---- | M] () -- C:\Program Files\MySQL\MySQL Server 4.1\bin\mysqld-nt.exe
    MOD - [2005/01/08 00:53:52 | 000,983,552 | ---- | M] () -- C:\Program Files\MySQL\MySQL Administrator 1.0\MySQLSystemTrayMonitor.exe
    MOD - [2004/03/23 04:43:14 | 000,106,496 | ---- | M] () -- C:\tools\ZabbixW32.exe
    MOD - [2002/03/19 17:30:00 | 000,045,632 | ---- | M] () -- C:\WINDOWS\SYSTEM32\TaskSwitch.exe
    MOD - [2001/10/28 16:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\SYSTEM32\pdfcmnnt.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Disabled | Stopped] -- -- (winvnc)
    SRV - File not found [On_Demand | Stopped] -- -- (iPodService)
    SRV - File not found [Disabled | Stopped] -- -- (HidServ)
    SRV - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
    SRV - [2008/11/20 23:24:35 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) [On_Demand | Stopped] -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe -- (postgresql-8.3)
    SRV - [2008/07/29 13:10:46 | 003,201,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon90)
    SRV - [2008/04/13 19:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\INETSRV\inetinfo.exe -- (W3SVC)
    SRV - [2008/04/13 19:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\INETSRV\inetinfo.exe -- (IISADMIN)
    SRV - [2007/11/06 15:22:26 | 000,092,792 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
    SRV - [2007/01/18 07:10:10 | 000,561,238 | ---- | M] (http://subversion.tigris.org/) [On_Demand | Stopped] -- c:\program files\subversion\bin\svnserve.exe -- (svnrepos)
    SRV - [2006/05/12 14:04:08 | 000,439,248 | ---- | M] (RealVNC Ltd.) [Auto | Running] -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- (WinVNC4)
    SRV - [2005/12/12 15:02:24 | 000,176,193 | ---- | M] (American Power Conversion Corporation) [Auto | Running] -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)
    SRV - [2005/10/31 14:43:11 | 000,072,704 | ---- | M] (Macrovision ) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe -- (InstallShield Licensing Service)
    SRV - [2005/08/19 10:41:17 | 000,017,408 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Nanex\NxCoreAccess\NxCoreAccessService.exe -- (NxCoreAccessService)
    SRV - [2005/08/09 14:03:26 | 000,167,936 | ---- | M] (Persits Software, Inc.) [Auto | Running] -- C:\Program Files\Persits Software\AspEmail\BIN\EmailAgent.exe -- (Persits Software EmailAgent)
    SRV - [2005/05/25 10:20:04 | 003,592,192 | ---- | M] () [Auto | Running] -- C:\Program Files\MySQL\MySQL Server 4.1\bin\mysqld-nt.exe -- (MySQL)
    SRV - [2004/03/23 04:43:14 | 000,106,496 | ---- | M] () [Auto | Running] -- C:\tools\zabbixw32.exe -- (ZabbixAgentdW32)
    SRV - [2003/03/03 14:33:40 | 000,143,360 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)


    ========== Driver Services (SafeList) ==========

    DRV - [2009/07/23 16:29:29 | 000,229,208 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\VMM.sys -- (vmm)
    DRV - [2009/05/13 09:37:10 | 000,033,792 | ---- | M] (UltraDefrag Development Team) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ultradfg.sys -- (ultradfg)
    DRV - [2008/04/13 13:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\nmnt.sys -- (nm)
    DRV - [2007/11/06 15:22:06 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\npf.sys -- (NPF)
    DRV - [2007/01/29 05:20:34 | 000,059,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\VMNetSrv.sys -- (VPCNetS2)
    DRV - [2006/09/24 21:23:14 | 000,003,584 | ---- | M] (Realtime Soft) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\UltraMonMirror.sys -- (UltraMonMirror)
    DRV - [2006/09/24 21:22:52 | 000,011,776 | ---- | M] (Realtime Soft) [Kernel | Auto | Running] -- C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys -- (UltraMonUtility)
    DRV - [2005/06/27 02:14:35 | 000,066,560 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)
    DRV - [2005/05/17 07:48:21 | 000,050,176 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
    DRV - [2005/05/16 08:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
    DRV - [2004/08/04 00:29:49 | 000,019,455 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4)
    DRV - [2004/08/04 00:29:47 | 000,012,063 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3)
    DRV - [2004/08/04 00:29:45 | 000,023,615 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4)
    DRV - [2004/08/04 00:29:43 | 000,033,599 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3)
    DRV - [2004/08/04 00:29:42 | 000,019,551 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1)
    DRV - [2004/08/04 00:29:41 | 000,029,311 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0)
    DRV - [2004/08/04 00:29:37 | 000,012,415 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0)
    DRV - [2004/08/04 00:29:37 | 000,012,127 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1)
    DRV - [2004/08/04 00:29:37 | 000,011,775 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2)
    DRV - [2004/08/04 00:29:36 | 000,161,020 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)
    DRV - [2003/08/29 03:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\BCMSM.sys -- (BCMModem)
    DRV - [2002/11/08 14:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
    DRV - [2002/05/06 11:01:08 | 000,017,005 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (Aspi32)
    DRV - [2001/08/17 13:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========



    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-249062950-2638048696-2906977768-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
    IE - HKU\S-1-5-21-249062950-2638048696-2906977768-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    IE - HKU\S-1-5-21-249062950-2638048696-2906977768-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://radio-canada.ca/
    IE - HKU\S-1-5-21-249062950-2638048696-2906977768-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Google "
    FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= "
    FF - prefs.js..browser.startup.homepage: "http://radio-canada.ca/ "
    FF - prefs.js..extensions.enabledItems: {861c8868-e3dc-4dcb-ba2e-866901fc2be8}:1.4
    FF - prefs.js..extensions.enabledItems: {eecba28f-b68b-4b3a-b501-6ce12e6b8696}:0.7.3
    FF - prefs.js..extensions.enabledItems: fr-classique-reforme1990@dictionaries.addons.mozilla.org:4.0.3
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {75CEEE46-9B64-46f8-94BF-54012DE155F0}:0.4.8
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    FF - prefs.js..network.proxy.http: "127.0.0.1 "
    FF - prefs.js..network.proxy.http_port: 8888

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
    FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
    FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\Documents and Settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/09 08:49:09 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/13 07:53:13 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 0.9\extensions\\Components: C:\Program Files\Mozilla Sunbird\components [2009/10/07 10:50:47 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 0.9\extensions\\Plugins: C:\Program Files\Mozilla Sunbird\plugins
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/10/13 07:53:09 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011/10/13 07:53:13 | 000,000,000 | ---D | M]

    [2008/09/02 08:18:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Louis Daoust\Application Data\Mozilla\Extensions
    [2012/01/09 08:56:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Louis Daoust\Application Data\Mozilla\Firefox\Profiles\2n5cbcqy.default\extensions
    [2010/09/07 08:57:14 | 000,000,000 | ---D | M] (File Title) -- C:\Documents and Settings\Louis Daoust\Application Data\Mozilla\Firefox\Profiles\2n5cbcqy.default\extensions\{861c8868-e3dc-4dcb-ba2e-866901fc2be8}
    [2012/01/04 10:52:44 | 000,000,000 | ---D | M] (ViewSourceWith) -- C:\Documents and Settings\Louis Daoust\Application Data\Mozilla\Firefox\Profiles\2n5cbcqy.default\extensions\{eecba28f-b68b-4b3a-b501-6ce12e6b8696}
    [2011/10/11 07:43:27 | 000,000,000 | ---D | M] (Dictionnaire français «Classique &amp;amp; Réforme 1990») -- C:\Documents and Settings\Louis Daoust\Application Data\Mozilla\Firefox\Profiles\2n5cbcqy.default\extensions\fr-classique-reforme1990@dictionaries.addons.mozilla.org
    [2012/01/09 08:56:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Louis Daoust\Application Data\Mozilla\Firefox\Profiles\2n5cbcqy.default\extensions\staged
    [2009/10/07 10:57:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Louis Daoust\Application Data\Mozilla\Sunbird\Profiles\i44y1qlt.default\extensions
    [2011/11/10 08:20:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    () (No name found) -- C:\DOCUMENTS AND SETTINGS\LOUIS DAOUST\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\2N5CBCQY.DEFAULT\EXTENSIONS\{75CEEE46-9B64-46F8-94BF-54012DE155F0}.XPI
    () (No name found) -- C:\DOCUMENTS AND SETTINGS\LOUIS DAOUST\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\2N5CBCQY.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI
    [2012/01/09 08:49:09 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2005/12/05 21:31:00 | 000,114,688 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npmozax.dll
    [2011/10/03 07:20:06 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2011/11/10 08:20:51 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - default_search_provider: Google ()
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&output=chrome&hl={language}&q={searchTerms}

    O1 HOSTS File: ([2012/01/11 16:08:32 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll (Google Inc.)
    O2 - BHO: (IE Developer Toolbar BHO) - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
    O3 - HKU\S-1-5-21-249062950-2638048696-2906977768-1007\..\Toolbar\WebBrowser: (no name) - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - No CLSID value found.
    O4 - HKLM..\Run: [CoolSwitch] C:\WINDOWS\SYSTEM32\TaskSwitch.exe ()
    O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
    O4 - HKU\S-1-5-21-249062950-2638048696-2906977768-1007..\Run: [Codejock Update] C:\Program Files\Codejock Software\MFC\Xtreme ToolkitPro v13.3.1\CodejockAlert.exe ()
    O4 - HKU\S-1-5-21-249062950-2638048696-2906977768-1007..\Run: [POP Peeper] C:\Program Files\POP Peeper\POPPeeper.exe (Mortal Universe)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe (American Power Conversion Corporation)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled [2005/12/07 10:08:12 | 000,000,000 | -H-D | M]
    O4 - Startup: C:\Documents and Settings\Louis Daoust\Start Menu\Programs\Startup\MySQL System Tray Monitor.lnk = C:\Program Files\MySQL\MySQL Administrator 1.0\MySQLSystemTrayMonitor.exe ()
    O4 - Startup: C:\Documents and Settings\Louis Daoust\Start Menu\Programs\Startup\Pandion.lnk = C:\Documents and Settings\Louis Daoust\Local Settings\Application Data\Pandion\Application\pandion.exe (Pandion)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-249062950-2638048696-2906977768-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-249062950-2638048696-2906977768-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-249062950-2638048696-2906977768-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
    O7 - HKU\S-1-5-21-249062950-2638048696-2906977768-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-249062950-2638048696-2906977768-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
    O8 - Extra context menu item: Validate XML - C:\WINDOWS\Web\msxmlval.htm ()
    O8 - Extra context menu item: View XSL Output - C:\WINDOWS\Web\msxmlvw.htm ()
    O9 - Extra Button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll (Microsoft Corporation)
    O9 - Extra Button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files\Fiddler2\Fiddler.exe (Eric Lawrence)
    O9 - Extra 'Tools' menuitem : Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files\Fiddler2\Fiddler.exe (Eric Lawrence)
    O16 - DPF: {00000075-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/voxacm.CAB (Reg Error: Key error.)
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)
    O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} http://www.windowsvistatestdrive.com/ActiveX/VMRCActiveXClient1.cab (Microsoft Virtual Server VMRC Advanced Control)
    O16 - DPF: {66D393D5-4D80-497C-9F4F-F3839E090202} http://www.pysoft.com/Downloads/WebCamPlayerOCX.cab (PlayerOCX Control)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1178915773131 (MUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {91C9290A-C659-4C68-BD00-9D3E94F40090} http://www.gigasoft.com/PE5DEMO.CAB ({91C9290A-C659-4C68-BD00-9D3E94F40090})
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37991.4499652778 (Reg Error: Key error.)
    O16 - DPF: {A8658086-E6AC-4957-BC8E-8D54A7E8A790} http://www.microsoft.com/security/controls/GDI/0/GDIChk.CAB (GDIChk Object)
    O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: {F2A84794-EE6D-447B-8C21-3BA1DC77C5B4} http://activex.microsoft.com/activex/controls/sdkupdate/sdkinst.cab (SDKInstall Class)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.5.24 192.168.5.23
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CB491783-B338-448A-A0CB-CBE26E88DB07}: DhcpNameServer = 192.168.5.24 192.168.5.23
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CB491783-B338-448A-A0CB-CBE26E88DB07}: Domain = decisionplus.lan
    O18 - Protocol\Handler\asp {8D32BA61-D15B-11d4-894B-000000000000} - C:\Program Files\Common Files\EzTools\hsppp.dll (EzTools Software)
    O18 - Protocol\Handler\ezstor {8D32BA61-D15B-11d4-894B-000000000000} - C:\Program Files\Common Files\EzTools\hsppp.dll (EzTools Software)
    O18 - Protocol\Handler\hsp {8D32BA61-D15B-11d4-894B-000000000000} - C:\Program Files\Common Files\EzTools\hsppp.dll (EzTools Software)
    O18 - Protocol\Handler\x-asp {8D32BA61-D15B-11d4-894B-000000000000} - C:\Program Files\Common Files\EzTools\hsppp.dll (EzTools Software)
    O18 - Protocol\Handler\x-cnote {8D32BA61-D15B-11d4-894B-000000000000} - C:\Program Files\Common Files\EzTools\hsppp.dll (EzTools Software)
    O18 - Protocol\Handler\x-hsp {8D32BA61-D15B-11d4-894B-000000000000} - C:\Program Files\Common Files\EzTools\hsppp.dll (EzTools Software)
    O18 - Protocol\Handler\x-mem1 {C3719F83-7EF8-4BA0-89B0-3360C7AFB7CC} - C:\Program Files\Common Files\EzTools\wowctl2.dll (EzTools Software)
    O18 - Protocol\Handler\x-zip {8D32BA61-D15B-11d4-894B-000000000000} - C:\Program Files\Common Files\EzTools\hsppp.dll (EzTools Software)
    O18 - Protocol\Handler\zip {8D32BA61-D15B-11d4-894B-000000000000} - C:\Program Files\Common Files\EzTools\hsppp.dll (EzTools Software)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\SYSTEM32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\Louis Daoust\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Louis Daoust\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
    O29 - HKLM SecurityProviders - (msnsspc.dllcredssp.dll) - File not found
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2002/09/03 14:36:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2008/04/23 14:05:10 | 000,000,000 | ---- | M] () - N:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2006/06/20 16:52:27 | 000,000,000 | ---- | M] () - Y:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: HidServ - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: Ip6FwHlp - File not found

    Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\SYSTEM32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\TSSOFT32.ACM (DSP GROUP, INC.)
    Drivers32: msacm.voxacm160 - C:\WINDOWS\System32\vct3216.acm (Voxware, Inc.)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\IR32_32.DLL ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\IR32_32.DLL ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
    Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
     
    ldaoust,
    #14
  16. 2012/01/11
    ldaoust

    ldaoust Inactive Thread Starter

    Joined:
    2011/04/11
    Messages:
    42
    Likes Received:
    0
    OTL (part 2)
    =========

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/01/11 16:38:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Louis Daoust\Local Settings\Application Data\PCHealth
    [2012/01/11 14:04:17 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2012/01/11 14:00:55 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2012/01/11 14:00:55 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2012/01/11 14:00:55 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2012/01/11 14:00:55 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2012/01/11 14:00:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2012/01/11 14:00:25 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/01/11 08:36:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
    [2012/01/10 09:30:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Louis Daoust\Application Data\Malwarebytes
    [2012/01/10 09:30:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/01/10 09:30:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2012/01/10 09:30:17 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2012/01/10 09:30:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2012/01/09 16:38:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft Antimalware
    [2012/01/09 16:38:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\Windows Defender Offline
    [2012/01/09 13:24:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
    [2012/01/09 13:23:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
    [2012/01/09 13:13:19 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
    [2012/01/09 12:47:36 | 010,847,608 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Louis Daoust\Desktop\mbam-setup-1.60.0.1800.exe
    [2011/12/14 09:13:30 | 032,088,038 | ---- | C] (DECISION-PLUS ) -- C:\Documents and Settings\Louis Daoust\Desktop\setupmvp7000013en.exe
    [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/01/11 16:39:07 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{8700581E-EFD1-4C9E-A898-95B9B742F09A}.job
    [2012/01/11 16:38:10 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
    [2012/01/11 16:37:43 | 000,557,722 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
    [2012/01/11 16:37:43 | 000,112,942 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
    [2012/01/11 16:34:34 | 000,235,289 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
    [2012/01/11 16:33:49 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
    [2012/01/11 16:33:48 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2012/01/11 16:32:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
    [2012/01/11 16:32:51 | 2683,375,616 | -HS- | M] () -- C:\hiberfil.sys
    [2012/01/11 16:08:32 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
    [2012/01/11 14:04:25 | 000,000,327 | RHS- | M] () -- C:\BOOT.INI
    [2012/01/11 14:04:18 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2012/01/11 14:00:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2012/01/11 09:00:05 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\Projman Notifier.job
    [2012/01/10 15:43:47 | 000,029,184 | ---- | M] () -- C:\Documents and Settings\Louis Daoust\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/01/10 11:27:03 | 000,005,016 | ---- | M] () -- C:\Documents and Settings\Louis Daoust\My Documents\pwsafe.psafe3
    [2012/01/10 11:21:02 | 000,002,161 | ---- | M] () -- C:\Documents and Settings\Louis Daoust\Desktop\Password Safe 3.14.lnk
    [2012/01/10 09:28:14 | 000,008,248 | -HS- | M] () -- C:\Documents and Settings\Louis Daoust\Local Settings\Application Data\62qxl60drq5187wqujy01qpmxo2kw50aor3m77e0s38tqf
    [2012/01/10 09:28:14 | 000,008,248 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\62qxl60drq5187wqujy01qpmxo2kw50aor3m77e0s38tqf
    [2012/01/09 12:46:35 | 010,847,608 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Louis Daoust\Desktop\mbam-setup-1.60.0.1800.exe
    [2012/01/09 02:04:02 | 000,000,266 | ---- | M] () -- C:\WINDOWS\tasks\Backup Incremental.job
    [2012/01/07 02:03:57 | 000,000,268 | ---- | M] () -- C:\WINDOWS\tasks\Backup Full.job
    [2011/12/21 11:54:46 | 000,000,288 | ---- | M] () -- C:\WINDOWS\dpmvp.INI
    [2011/12/21 11:46:56 | 000,001,960 | -H-- | M] () -- C:\Documents and Settings\Louis Daoust\My Documents\Default.rdp
    [2011/12/21 11:24:56 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\Louis Daoust\Desktop\dpmvp ADO.lnk
    [2011/12/15 10:32:15 | 000,165,912 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2011/12/15 10:18:30 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2011/12/15 10:14:28 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Louis Daoust\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
    [2011/12/14 09:13:34 | 032,088,038 | ---- | M] (DECISION-PLUS ) -- C:\Documents and Settings\Louis Daoust\Desktop\setupmvp7000013en.exe
    [2011/12/14 08:38:05 | 032,108,894 | ---- | M] () -- C:\Documents and Settings\Louis Daoust\Desktop\setupmvpfr.exe
    [2011/12/13 16:26:53 | 032,087,526 | ---- | M] (DECISION-PLUS ) -- C:\Documents and Settings\Louis Daoust\Desktop\setupmvpen.exe
    [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/01/11 14:04:25 | 000,000,211 | ---- | C] () -- C:\Boot.bak
    [2012/01/11 14:04:20 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2012/01/11 14:00:55 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2012/01/11 14:00:55 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2012/01/11 14:00:55 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2012/01/11 14:00:55 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2012/01/11 14:00:55 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2012/01/11 08:25:13 | 2683,375,616 | -HS- | C] () -- C:\hiberfil.sys
    [2012/01/09 12:37:52 | 000,008,248 | -HS- | C] () -- C:\Documents and Settings\Louis Daoust\Local Settings\Application Data\62qxl60drq5187wqujy01qpmxo2kw50aor3m77e0s38tqf
    [2012/01/09 12:37:52 | 000,008,248 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\62qxl60drq5187wqujy01qpmxo2kw50aor3m77e0s38tqf
    [2011/12/14 08:38:00 | 032,108,894 | ---- | C] () -- C:\Documents and Settings\Louis Daoust\Desktop\setupmvpfr.exe
    [2011/11/25 08:36:46 | 000,095,344 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    [2011/01/24 12:05:47 | 000,006,776 | ---- | C] () -- C:\Documents and Settings\Louis Daoust\Application Data\Microsoft Excel.EML
    [2010/02/14 03:41:27 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2009/12/08 10:03:24 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
    [2009/11/20 16:50:03 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Louis Daoust\Application Data\winscp.rnd
    [2009/07/20 10:58:39 | 001,580,550 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
    [2009/06/10 08:29:34 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
    [2009/06/10 08:29:34 | 001,657,376 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
    [2009/06/10 08:29:34 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
    [2009/06/10 08:29:34 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
    [2009/06/10 08:29:34 | 000,449,056 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
    [2009/06/10 08:29:34 | 000,436,768 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
    [2009/06/10 08:29:32 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
    [2009/05/13 09:37:24 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\lua5.1a_gui.exe
    [2009/05/13 09:37:24 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\lua5.1a.exe
    [2009/05/13 09:37:22 | 000,091,648 | ---- | C] () -- C:\WINDOWS\System32\lua5.1a.dll
    [2009/01/26 10:13:43 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
    [2008/07/08 01:29:26 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\myodbc3i.exe
    [2008/07/08 01:29:26 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\myodbc3m.exe
    [2008/04/29 09:59:06 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\eSTsnmp.dll
    [2008/03/31 16:25:46 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\divx_xx0a.dll
    [2008/03/21 15:30:08 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
    [2008/03/21 15:28:20 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
    [2008/02/15 11:36:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\editegb.INI
    [2008/02/13 14:07:17 | 000,000,084 | ---- | C] () -- C:\WINDOWS\guidemgr.INI
    [2007/11/06 15:19:28 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
    [2007/11/01 15:23:30 | 000,000,288 | ---- | C] () -- C:\WINDOWS\dpmvp.INI
    [2007/10/23 09:33:32 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
    [2007/10/17 12:43:46 | 000,000,449 | ---- | C] () -- C:\Documents and Settings\Louis Daoust\Application Data\spell.cfg
    [2007/09/24 15:10:20 | 000,001,361 | ---- | C] () -- C:\WINDOWS\aopr.ini
    [2007/03/19 08:25:02 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sqlite3_mod_fts2.dll
    [2007/03/19 08:25:02 | 000,039,936 | ---- | C] () -- C:\WINDOWS\System32\sqlite3_mod_fts1.dll
    [2007/03/19 08:25:02 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\sqlite3_mod_impexp.dll
    [2007/02/20 15:58:37 | 000,000,241 | ---- | C] () -- C:\WINDOWS\Trellian.ini
    [2007/01/29 14:09:12 | 000,000,004 | ---- | C] () -- C:\WINDOWS\UserWin_32.dat
    [2007/01/29 14:09:12 | 000,000,003 | ---- | C] () -- C:\WINDOWS\UserWin32.dat
    [2006/11/29 16:02:16 | 000,000,010 | ---- | C] () -- C:\WINDOWS\galaxy.ini
    [2006/10/26 08:49:59 | 000,005,568 | ---- | C] () -- C:\Documents and Settings\Louis Daoust\Application Data\mainhst.zgh
    [2006/08/03 11:03:39 | 000,004,096 | ---- | C] () -- C:\WINDOWS\aspSmartUploadUtil.dll
    [2006/02/08 15:50:31 | 000,134,136 | ---- | C] () -- C:\WINDOWS\ColorPic Uninstaller.exe
    [2006/01/16 15:24:32 | 000,107,132 | ---- | C] () -- C:\WINDOWS\UninstallThunderbird.exe
    [2005/11/17 16:26:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DynaMenu.INI
    [2005/11/07 16:58:54 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\UNWISE.INI
    [2005/11/07 16:05:59 | 000,149,504 | ---- | C] () -- C:\WINDOWS\System32\UNWISE.EXE
    [2005/11/07 16:05:59 | 000,043,001 | ---- | C] () -- C:\WINDOWS\php.ini
    [2005/11/07 08:55:10 | 000,003,758 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
    [2005/10/13 12:38:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SS_Log_Server.INI
    [2005/09/28 09:32:42 | 000,000,180 | ---- | C] () -- C:\WINDOWS\Mapedit.ini
    [2005/08/16 11:15:55 | 000,107,132 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
    [2005/08/16 11:15:48 | 000,008,609 | ---- | C] () -- C:\WINDOWS\mozver.dat
    [2005/04/14 10:25:46 | 001,073,152 | ---- | C] () -- C:\WINDOWS\System32\libmysql_c.dll
    [2005/03/02 09:13:46 | 000,000,073 | ---- | C] () -- C:\WINDOWS\md_dte.dll
    [2005/02/25 10:40:26 | 000,000,049 | ---- | C] () -- C:\WINDOWS\iltwain.ini
    [2004/09/26 01:23:45 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2004/03/10 10:44:49 | 000,262,416 | ---- | C] () -- C:\WINDOWS\System32\ASFV2.DLL
    [2004/02/26 10:00:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\frontpg.ini
    [2004/02/26 09:59:11 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
    [2004/02/26 09:59:11 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
    [2004/02/26 09:59:10 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
    [2004/01/06 15:19:15 | 000,029,184 | ---- | C] () -- C:\Documents and Settings\Louis Daoust\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2004/01/05 17:59:08 | 000,000,174 | ---- | C] () -- C:\WINDOWS\System32\mcini.ini
    [2004/01/05 16:57:18 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
    [2004/01/05 15:10:35 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Louis Daoust\Local Settings\Application Data\fusioncache.dat
    [2003/12/06 00:57:09 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2003/12/06 00:55:28 | 000,001,028 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2003/12/06 00:51:12 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
    [2003/12/06 00:49:58 | 000,000,166 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2003/12/06 00:46:29 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
    [2003/12/06 00:34:38 | 000,002,048 | --S- | C] () -- C:\WINDOWS\BOOTSTAT.DAT
    [2003/12/06 00:33:00 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
    [2003/12/06 00:32:54 | 000,557,722 | ---- | C] () -- C:\WINDOWS\System32\PERFH009.DAT
    [2003/12/06 00:32:54 | 000,112,942 | ---- | C] () -- C:\WINDOWS\System32\PERFC009.DAT
    [2003/12/06 00:32:44 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
    [2003/12/06 00:21:44 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
    [2003/09/15 03:55:53 | 000,014,843 | ---- | C] () -- C:\WINDOWS\System32\mingwm10.dll
    [2003/02/03 05:26:18 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
    [2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
    [2002/12/18 06:54:00 | 000,378,880 | ---- | C] () -- C:\WINDOWS\System32\KXauth.dll
    [2002/09/03 14:42:36 | 000,165,912 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2002/09/03 14:35:18 | 000,005,236 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2002/09/03 14:31:48 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2002/09/03 09:31:46 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
    [2002/09/03 09:31:44 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT
    [2002/08/29 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\MLANG.DAT
    [2002/08/29 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\PERFI009.DAT
    [2002/08/29 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\DSSEC.DAT
    [2002/08/29 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\MIB.BIN
    [2002/08/29 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\PERFD009.DAT
    [2002/08/29 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
    [2002/08/29 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
    [2002/03/19 17:30:00 | 000,045,632 | ---- | C] () -- C:\WINDOWS\System32\TaskSwitch.exe

    ========== LOP Check ==========

    [2008/02/21 11:17:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG7
    [2007/11/19 11:19:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameServerBrowser
    [2008/08/01 10:47:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HeidiSQL
    [2011/11/16 12:44:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\id Software
    [2006/10/10 10:58:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nanex
    [2010/03/11 10:02:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PreEmptive Solutions
    [2005/12/05 15:20:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Simego
    [2004/04/08 09:17:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
    [2004/11/17 08:31:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\AVG7
    [2007/09/17 08:08:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Louis Daoust\Application Data\.gaim
    [2008/05/22 07:31:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Louis Daoust\Application Data\.purple
    [2007/11/09 08:50:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Louis Daoust\Application Data\Abakt
    [2011/04/21 16:00:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Louis Daoust\Application Data\AJabber
    [2006/01/24 15:25:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Louis Daoust\Application Data\AlertPing
    [2008/02/21 11:17:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Louis Daoust\Application Data\AVG7
    [2009/04/30 11:33:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Louis Daoust\Application Data\backup
    [2009/06/25 09:14:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Louis Daoust\Application Data\Bullzip
    [2005/08/22 20:41:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Louis Daoust\Application Data\Codejock Custom Themes Sample
    [2007/11/22 12:40:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Louis Daoust\Application Data\com.oxygenxml
    [2011/12/15 12:18:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Louis Daoust\Application Data\DECISION-PLUS
    [2005/12/01 13:06:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Louis Daoust\Application Data\Echo Software
    [2011/03/14 07:15:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Louis Daoust\Application Data\Exodus
    [2011/05/06 09:43:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Louis Daoust\Application Data\Foxit Software
    [2007/11/21 15:31:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Louis Daoust\Application Data\GameServerBrowser
    [2009/04/27 08:38:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Louis Daoust\Application Data\gtk-2.0
    [2008/12/04 10:40:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Louis Daoust\Application Data\hm
    [2007/10/17 12:26:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Louis Daoust\Application Data\hmdmsdoc
    [2007/10/17 12:26:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Louis Daoust\Application Data\hmtpl
    [2011/10/12 12:38:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Louis Daoust\Application Data\id Software
    [2007/10/01 07:56:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Louis Daoust\Application Data\Inkscape
    [2007/12/20 10:45:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Louis Daoust\Application Data\IrfanView
    [2004/02/11 08:47:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Louis Daoust\Application Data\Leadertech
    [2009/08/13 16:16:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Louis Daoust\Application Data\MySQL
    [2005/06/22 07:46:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Louis Daoust\Application Data\NASA
    [2004/08/10 11:10:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Louis Daoust\Application Data\NDoc
    [2011/01/04 11:47:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Louis Daoust\Application Data\Notepad++
    [2009/08/12 13:34:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Louis Daoust\Application Data\Open Connector Groupware
    [2009/09/29 07:10:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Louis Daoust\Application Data\Pandion
    [2008/12/04 09:03:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Louis Daoust\Application Data\Password Solutions
    [2012/01/04 10:35:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Louis Daoust\Application Data\POP Peeper
    [2008/12/05 10:02:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Louis Daoust\Application Data\postgresql
    [2006/01/26 14:05:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Louis Daoust\Application Data\SmartDraw
    [2007/02/27 13:49:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Louis Daoust\Application Data\Software
    [2007/06/11 09:25:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Louis Daoust\Application Data\SQLite Administrator
    [2012/01/11 10:29:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Louis Daoust\Application Data\SQLyog
    [2007/06/13 10:44:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Louis Daoust\Application Data\Subversion
    [2008/07/22 08:33:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Louis Daoust\Application Data\The Blocks Company, LLC
    [2006/01/16 15:24:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Louis Daoust\Application Data\Thunderbird
    [2007/02/20 15:58:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Louis Daoust\Application Data\Trellian
    [2006/05/16 13:01:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Louis Daoust\Application Data\WebCompiler3
    [2011/12/02 12:47:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Louis Daoust\Application Data\Wireshark
    [2004/11/17 08:29:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\AVG7
    [2012/01/07 02:03:57 | 000,000,268 | ---- | M] () -- C:\WINDOWS\Tasks\Backup Full.job
    [2012/01/09 02:04:02 | 000,000,266 | ---- | M] () -- C:\WINDOWS\Tasks\Backup Incremental.job
    [2008/01/08 10:11:16 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\GetRcvStats.job
    [2012/01/11 16:38:10 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
    [2012/01/11 09:00:05 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\Projman Notifier.job
    [2006/10/06 15:45:28 | 000,000,370 | ---- | M] () -- C:\WINDOWS\Tasks\Retrieve EOD files (Phantom and DTN).job
    [2012/01/11 16:39:07 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{8700581E-EFD1-4C9E-A898-95B9B742F09A}.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2002/09/03 14:36:02 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2004/11/16 07:25:56 | 006,910,040 | RHS- | M] () -- C:\AVG6DB_F.DAT
    [2005/10/22 06:04:09 | 017,697,342 | RHS- | M] () -- C:\AVG7DB_F.DAT
    [2004/11/18 06:00:02 | 012,186,609 | ---- | M] () -- C:\AVG7QT.DAT
    [2004/09/29 07:43:01 | 000,000,211 | ---- | M] () -- C:\Boot.bak
    [2012/01/11 14:04:25 | 000,000,327 | RHS- | M] () -- C:\BOOT.INI
    [2002/09/03 14:13:28 | 000,000,512 | -HS- | M] () -- C:\BOOTSECT.DOS
    [2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
    [2012/01/11 16:21:07 | 000,020,155 | ---- | M] () -- C:\ComboFix.txt
    [2002/09/03 14:36:02 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2007/03/22 14:18:37 | 000,003,738 | ---- | M] () -- C:\Copy of mktdata.xml
    [2003/12/06 00:25:12 | 000,005,395 | RH-- | M] () -- C:\DELL.SDR
    [2010/11/01 08:57:09 | 000,001,118 | ---- | M] () -- C:\dpmvp_ver.txt
    [2007/05/04 13:57:22 | 000,000,107 | ---- | M] () -- C:\dpnetout.tct
    [2007/02/09 16:15:42 | 000,056,181 | ---- | M] () -- C:\dpqasmx.bin
    [2007/02/09 15:53:54 | 000,057,048 | ---- | M] () -- C:\dpqasmx.txt
    [2007/02/09 15:41:00 | 000,088,660 | ---- | M] () -- C:\dpqasmx_xml.txt
    [2007/02/08 17:11:49 | 000,000,257 | ---- | M] () -- C:\dpqt.txt
    [2007/02/09 15:55:25 | 000,054,714 | ---- | M] () -- C:\dpqtasmx_xml.txt.bin
    [2009/03/05 12:13:22 | 000,002,132 | ---- | M] () -- C:\dp_softwares_versions.xml
    [2008/05/05 13:03:06 | 000,000,316 | ---- | M] () -- C:\drmHeader.bin
    [2008/09/29 07:52:30 | 000,000,634 | ---- | M] () -- C:\dude.conf
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
    [2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
    [2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
    [2009/04/03 15:48:53 | 002,936,277 | ---- | M] () -- C:\fping.log
    [2010/10/01 13:00:24 | 000,000,076 | ---- | M] () -- C:\fraglist.luar
    [2008/08/12 15:07:46 | 000,004,237 | ---- | M] () -- C:\ftp01_mktdata.xml
    [2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
    [2012/01/11 16:32:51 | 2683,375,616 | -HS- | M] () -- C:\hiberfil.sys
    [2009/02/26 12:25:28 | 000,051,472 | ---- | M] (Microsoft Corporation) -- C:\imagecfg.exe
    [2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
    [2007/11/07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
    [2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
    [2007/11/07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
    [2007/11/07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
    [2007/11/07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
    [2007/11/07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
    [2007/11/07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
    [2007/11/07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
    [2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
    [2002/09/03 14:36:02 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
    [2003/12/06 00:51:44 | 000,000,453 | -H-- | M] () -- C:\IPH.PH
    [2007/03/22 12:10:54 | 000,000,477 | ---- | M] () -- C:\mktdata.lst
    [2008/08/12 15:09:43 | 000,004,235 | ---- | M] () -- C:\mktdata.xml
    [2002/09/03 14:36:02 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
    [2007/02/16 15:26:36 | 000,000,010 | ---- | M] () -- C:\multi.xml
    [2006/12/04 15:56:13 | 000,000,636 | ---- | M] () -- C:\mykey.pvk
    [2007/01/30 13:36:14 | 000,083,667 | ---- | M] () -- C:\netstat.txt
    [2008/04/09 08:33:55 | 000,000,002 | ---- | M] () -- C:\NonDell.ddb
    [2004/09/29 07:36:25 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2008/09/03 07:26:17 | 000,250,048 | RHS- | M] () -- C:\NTLDR
    [2006/01/26 13:13:52 | 000,000,458 | -H-- | M] () -- C:\os480081.bin
    [2007/01/23 09:00:25 | 000,000,630 | ---- | M] () -- C:\out.html
    [2012/01/11 16:32:48 | 838,860,800 | -HS- | M] () -- C:\pagefile.sys
    [2005/05/03 11:11:56 | 000,019,657 | ---- | M] () -- C:\qt.bin
    [2007/01/23 08:30:33 | 000,013,067 | ---- | M] () -- C:\rc.html
    [2012/01/11 12:43:54 | 000,061,414 | ---- | M] () -- C:\TDSSKiller.2.7.0.0_11.01.2012_12.39.44_log.txt
    [2007/01/29 19:57:55 | 000,000,056 | ---- | M] () -- C:\test.bin
    [2007/06/22 10:51:29 | 000,000,093 | ---- | M] () -- C:\test.xml
    [2008/06/11 11:42:07 | 000,001,099 | ---- | M] () -- C:\testmail.php
    [2009/02/27 14:26:08 | 007,926,611 | ---- | M] (DECISION-PLUS ) -- C:\tp2407en.exe
    [2009/02/26 13:34:28 | 007,850,054 | ---- | M] () -- C:\tp2407fr.exe
    [2008/06/13 08:42:28 | 009,077,793 | ---- | M] () -- C:\tse.zip
    [2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
    [2007/11/07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
    [2007/11/07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI
    [2009/03/02 13:31:12 | 000,011,934 | ---- | M] () -- C:\website_logo.bmp
    [2006/01/31 13:24:47 | 000,001,943 | ---- | M] () -- C:\zabbix_agentd.conf

    < %systemroot%\Fonts\*.com >
    [2006/06/29 13:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
    [2006/04/18 14:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
    [2006/06/29 13:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
    [2006/04/18 14:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2002/09/03 14:35:02 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\DESKTOP.INI

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    [2007/04/09 12:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
    [2008/07/06 05:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >
    [2007/05/02 08:32:03 | 000,031,361 | ---- | M] () -- C:\WINDOWS\3DSTATE_logo.jpg
    [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2007/02/27 13:47:20 | 000,000,182 | ---- | M] () -- C:\Program Files\INSTALL.LOG

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2002/09/03 14:22:52 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\DEFAULT.SAV
    [2002/09/03 14:22:52 | 000,626,688 | ---- | M] () -- C:\WINDOWS\System32\config\SOFTWARE.SAV
    [2002/09/03 14:22:52 | 000,397,312 | ---- | M] () -- C:\WINDOWS\System32\config\SYSTEM.SAV

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
    [2008/09/03 07:29:38 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\DESKTOP.INI

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2004/09/29 07:50:55 | 000,000,177 | -HS- | M] () -- C:\Documents and Settings\Louis Daoust\Application Data\Microsoft\Internet Explorer\Quick Launch\DESKTOP.INI
    [2004/01/05 11:49:22 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Louis Daoust\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

    < %USERPROFILE%\Desktop\*.exe >
    [2011/01/24 11:24:14 | 000,666,624 | ---- | M] (CubicDesign) -- C:\Documents and Settings\Louis Daoust\Desktop\Hardware_IDExtractor.exe
    [2011/01/04 14:38:23 | 000,222,872 | ---- | M] () -- C:\Documents and Settings\Louis Daoust\Desktop\iexmltls.exe
    [2010/11/24 10:54:29 | 004,818,162 | ---- | M] (Name of your company) -- C:\Documents and Settings\Louis Daoust\Desktop\jxplorer-3.2.1-windows-installer.exe
    [2012/01/09 12:46:35 | 010,847,608 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Louis Daoust\Desktop\mbam-setup-1.60.0.1800.exe
    [2011/12/14 09:13:34 | 032,088,038 | ---- | M] (DECISION-PLUS ) -- C:\Documents and Settings\Louis Daoust\Desktop\setupmvp7000013en.exe
    [2011/12/13 16:26:53 | 032,087,526 | ---- | M] (DECISION-PLUS ) -- C:\Documents and Settings\Louis Daoust\Desktop\setupmvpen.exe
    [2011/12/14 08:38:05 | 032,108,894 | ---- | M] () -- C:\Documents and Settings\Louis Daoust\Desktop\setupmvpfr.exe
    [2010/08/05 14:40:26 | 031,498,093 | ---- | M] () -- C:\Documents and Settings\Louis Daoust\Desktop\setupmvpfr_6110000.exe
    [2009/12/11 15:19:13 | 000,168,192 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Louis Daoust\Desktop\StressTestingTool.exe
    [2009/03/10 00:00:53 | 007,295,607 | ---- | M] () -- C:\Documents and Settings\Louis Daoust\Desktop\tp2407en.exe
    [2009/11/20 16:41:58 | 002,571,674 | ---- | M] (Martin Prikryl ) -- C:\Documents and Settings\Louis Daoust\Desktop\winscp424setup.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >
    [2012/01/09 12:37:55 | 000,301,056 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Louis Daoust\My Documents\23yiT0mQF.exe

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2002/08/29 06:00:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\ADDINS\fxsext.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2004/09/29 07:50:55 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Louis Daoust\Favorites\Desktop.ini
    [2005/02/08 14:59:16 | 000,000,584 | ---- | M] () -- C:\Documents and Settings\Louis Daoust\Favorites\e-book.lnk

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >
    ColorPic Uninstaller.exe

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2012/01/11 16:44:55 | 000,114,688 | ---- | M] () -- C:\Documents and Settings\Louis Daoust\Cookies\index.dat

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2007/06/26 21:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >
    [2008/04/13 19:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
    [2002/08/20 13:32:18 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\LOGOWIN.GIF
    [2002/08/20 13:32:18 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\LVBACK.GIF
    [2002/08/20 13:32:22 | 000,000,807 | ---- | M] () -- C:\Program Files\Messenger\MAILTMPL.TXT
    [2008/05/02 09:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
    [2008/04/13 12:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
    [2008/04/13 19:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
    [2002/08/20 16:08:38 | 000,069,663 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\MSMSGSIN.EXE
    [2002/08/29 06:00:00 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\NEWALERT.WAV
    [2002/08/29 06:00:00 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\NEWEMAIL.WAV
    [2002/08/29 06:00:00 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\ONLINE.WAV
    [2002/08/20 13:32:20 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\TYPE.WAV
    [2004/07/17 13:41:04 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >
    [2001/04/19 17:34:50 | 000,004,672 | ---- | M] (Adaptec) -- C:\WINDOWS\system\WOWPOST.EXE

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < End of report >
     
    ldaoust,
    #15
  17. 2012/01/11
    ldaoust

    ldaoust Inactive Thread Starter

    Joined:
    2011/04/11
    Messages:
    42
    Likes Received:
    0
    Extras
    =====

    OTL Extras logfile created on: 11/01/2012 16:41:56 - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Louis Daoust\Desktop\Virus & Spyware Tools\Scan Tools
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

    2.50 Gb Total Physical Memory | 1.96 Gb Available Physical Memory | 78.53% Memory free
    3.13 Gb Paging File | 2.70 Gb Available in Paging File | 86.11% Paging File free
    Paging file location(s): C:\pagefile.sys 800 800 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 149.01 Gb Total Space | 48.87 Gb Free Space | 32.80% Space Free | Partition Type: NTFS
    Drive D: | 227.32 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
    Drive F: | 149.05 Gb Total Space | 79.31 Gb Free Space | 53.21% Space Free | Partition Type: NTFS
    Drive G: | 7.84 Gb Total Space | 7.79 Gb Free Space | 99.41% Space Free | Partition Type: FAT32
    Drive I: | 16.95 Gb Total Space | 1.63 Gb Free Space | 9.61% Space Free | Partition Type: NTFS
    Drive N: | 74.45 Gb Total Space | 67.00 Gb Free Space | 89.99% Space Free | Partition Type: NTFS
    Drive S: | 54.99 Gb Total Space | 43.41 Gb Free Space | 78.93% Space Free | Partition Type: NTFS
    Drive X: | 45.20 Gb Total Space | 28.33 Gb Free Space | 62.67% Space Free | Partition Type: NTFS
    Drive Y: | 16.94 Gb Total Space | 5.02 Gb Free Space | 29.64% Space Free | Partition Type: NTFS

    Computer Name: INFO01-A | User Name: Louis Daoust | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    [HKEY_USERS\S-1-5-21-249062950-2638048696-2906977768-1007\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
    exefile [open] -- "%1" %*
    https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1 "
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 1
    "FirewallOverride" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 0
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002
    "3389:TCP" = 3389:TCP:*:Enabled:mad:xpsp2res.dll,-22009

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 1
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002
    "3389:TCP" = 3389:TCP:*:Enabled:mad:xpsp2res.dll,-22009
    "5900:TCP" = 5900:TCP:LocalSubNet:Enabled:VNC Server

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\UltraVNC\vncviewer.exe" = C:\Program Files\UltraVNC\vncviewer.exe:*:Enabled:vncviewer.exe -- (UltraVNC)
    "C:\Q3Ademo\quake3.exe" = C:\Q3Ademo\quake3.exe:*:Enabled:quake3 -- ()
    "C:\Program Files\Microsoft Visual SourceSafe\ssexp.exe" = C:\Program Files\Microsoft Visual SourceSafe\ssexp.exe:*:Enabled:Microsoft(R) Visual SourceSafe Explorer -- (Microsoft Corporation)
    "C:\tools\ph_shell\ph_shell.exe" = C:\tools\ph_shell\ph_shell.exe:*:Enabled:ph_shell -- ()


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
    "{05EC21B8-4593-3037-A781-A6B5AFFCB19D}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools - enu
    "{0672DC0C-B90E-4466-BF6F-BC0DAC456777}" = AttachmentOptions
    "{082BDF7B-4810-4599-BF0D-E3AC44EC8524}" = Microsoft ASP.NET 2.0 AJAX Extensions 1.0
    "{0C19D563-5F25-4621-BF10-01F741BD283F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools English
    "{0DF3AE91-E533-3960-8516-B23737F8B7A2}" = Visual C++ 2008 x64 Runtime - (v9.0.30729)
    "{0DF3AE91-E533-3960-8516-B23737F8B7A2}.vc_x64runtime_30729_01" = Visual C++ 2008 x64 Runtime - v9.0.30729.01
    "{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center
    "{13702021-43FB-480C-912F-D9B74A538288}" = OpenProj
    "{1546789C-9E17-4CFD-8DD0-EFAE2B336623}_is1" = HelpMaker (Remove Only)
    "{15FC7F05-3B2E-42FE-8A14-ACD36D0806AA}" = Pandion
    "{17B66E83-1BC9-11D5-A54A-0090278A1BB8}" = Microsoft FrontPage Client - English
    "{183261F8-780B-4506-BE91-434C01DD010A}" = LogMeIn Rescue AVI Codec
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
    "{1966D45C-A7F7-4107-AC98-8ADEEB2EADB2}" = ASP to ASP.NET Migration Assistant
    "{19AFC1C2-B11B-3FFF-9C9F-05761BC244D9}" = Windows SDK Intellidocs
    "{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
    "{20608BFA-6068-48FE-A410-400F2A124C27}" = Microsoft SQL Server Management Studio Express
    "{22E23C71-C27A-3F30-8849-BB6129E50679}" = Visual C++ 2008 IA64 Runtime - (v9.0.30729)
    "{22E23C71-C27A-3F30-8849-BB6129E50679}.vc_i64runtime_30729_01" = Visual C++ 2008 IA64 Runtime - v9.0.30729.01
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{241F2BF7-69EB-42A4-9156-96B2426C7504}" = Microsoft SQL Server Compact 3.5 for Devices ENU
    "{259B9457-855A-4FA1-8AFE-3613ADF11973}" = XML Notepad 2007
    "{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java(TM) 6 Update 24
    "{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
    "{2884A021-6C29-4AFE-A1CE-7A1668017D53}" = MySQL Migration Toolkit 1.0
    "{29042B1C-0713-4575-B7CA-5C8E7B0899D4}" = MySQL Connector/ODBC 5.1
    "{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5
    "{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
    "{2F9CECED-9BF4-4586-926F-70EED0635805}" = RC4DemoProject
    "{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
    "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
    "{339E14FF-8FDC-4809-AAF2-87BA22905C7F}" = DirectX for Managed Code Update (December 2004)
    "{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{35846BA4-5A5A-433B-B65E-41C324AEFFA4}" = Pandion
    "{3868A8EE-5051-4DB0-8DF6-4F4B8A98D083}" = QuickTime
    "{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
    "{3A762A82-618D-3CAA-B847-D074ABFA0B2E}" = MSDN Library for Visual Studio 2008 - ENU
    "{3B24B725-D81F-442D-8CE5-2AF05A4A4CC9}" = Music Visualizer Library 1.4.00
    "{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows Journal Viewer
    "{441141DA-BBBD-45e2-A535-CCBEF694571D}" = WAPT
    "{44D4AF75-6870-41F5-9181-662EA05507E1}" = Microsoft Document Explorer 2005
    "{49241A83-2FCC-4C6D-9A79-EA35DB474D62}" = axLDAPInstaller
    "{537A9973-4BD1-404F-A89F-A92E03DD9CC9}" = PHP 5.2.8
    "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
    "{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
    "{5757AE1A-1DB4-4898-9806-09F77FBD5E57}" = MSDN Library for Visual Studio .NET 2003
    "{5A0C892E-FD1C-4203-941E-0956AED20A6A}" = APC PowerChute Personal Edition
    "{5CBD9E11-07B5-4AF7-9A6F-421A7E33D3A2}" = InstallShield 11 Express Edition
    "{5FD88490-011C-4DF1-B886-F298D955171B}" = MySQL Connector Net 6.0.5
    "{60600409-EA9B-45E9-A468-2C68C8DE70DF}" = Visual Studio .NET Enterprise Developer 2003 - English
    "{64c5b887-b5ee-42b8-8596-78905a6b5f1f}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
    "{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
    "{6855CCDD-BDF9-48E4-B80A-80DFB96FE36C}" = CmdHere Powertoy For Windows XP
    "{68D60342-7686-45C9-B8EB-40EF843D0460}" = Dell Networking Guide
    "{6C518CC0-5CF1-481B-AB35-9BE5024DC106}" = Microsoft Windows SDK MDAC Headers and Libraries (6001.18000.367)
    "{6C9F6D23-E9AD-43C9-B43A-011562AAF876}" = Windows Mobile 5.0 SDK R2 for Pocket PC
    "{6ED32BB5-56B6-4317-A2D1-98A8313C3BAF}" = Microsoft Windows SDK for Windows Server 2008 (6001.18000.367)
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7148F0A8-6813-11D6-A77B-00B0D0142000}" = Java 2 Runtime Environment, SE v1.4.2
    "{71D6CE84-B7DC-4166-8E0D-56C1C37BFB5A}" = SonicStage
    "{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7B33F480-496D-334A-BAC2-205DEC0CBC2D}" = Visual C++ 2008 x86 Runtime - (v9.0.30729.4148)
    "{7B33F480-496D-334A-BAC2-205DEC0CBC2D}.vc_x86runtime_30729_4148" = Visual C++ 2008 x86 Runtime - v9.0.30729.4148
    "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
    "{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
    "{815EEBE8-41E9-4166-8B7F-904785D67C81}" = Demo Browser for The Ultimate Toolbox
    "{81D70F95-062C-4D0D-B5C6-7A96CB23D452}" = Open Connector Groupware
    "{838E187D-8B7A-473D-B93C-C8E970B15D2B}" = psqlODBC
    "{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
    "{86BB059D-1231-457B-B88F-F9B315A18F90}" = Windows Vista Upgrade Advisor
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{8898FE62-395C-4C93-8A48-0E4BE605BCF1}" = Ldap Admin Tool
    "{896D642C-7125-44F0-AC49-A23ABF82209C}" = CDBurnerXP Pro 3
    "{89B078C4-50B0-453E-BF53-3A7E6A0D85FA}" = Windows Support Tools
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A7CAA24-7B23-410B-A7C3-F994B0944160}" = Microsoft Virtual PC 2007
    "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
    "{8BB235BF-8740-48CF-9843-F502F5F07EC1}" = PostgreSQL OLE DB Provider
    "{8DC6D103-ACBB-4313-84F6-C49C11152439}" = WCAT
    "{8E5B3FDE-62E1-4391-BBA0-0E4242AD9577}" = Microsoft Windows SDK Net Fx Interop Headers And Libraries (6001.18000.367)
    "{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
    "{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007
    "{90120000-0021-0409-0000-0000000FF1CE}_VisualWebDeveloper_{E1044ED2-E4AD-4B39-B500-31109750F6B4}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
    "{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
    "{90AF0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003
    "{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
    "{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
    "{935FF092-EEBA-4E97-8C1B-CD2364F392A4}" = Dimension 4 v5.0
    "{9468CEA1-C82E-4703-B716-48D7B2D79C3D}" = NDoc
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}" = Windows Mobile 5.0 SDK R2 for Smartphone
    "{9701C478-7465-45F2-8D8E-FC7B48671E90}" = Quest Software Toad for MySQL Freeware 2.0
    "{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.3
    "{9A527766-AF63-46B4-AC86-6C32C756C620}" = MySQL Server 4.1
    "{9B79DCB0-AAD7-456B-8D07-433C936FA24B}" = DS21Patch
    "{9BAED673-5D51-481E-B1E0-FB2E5039260B}" = Microsoft Windows SDK Intellisense and Reference Assemblies (6001.18000.367)
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9CA4F077-EFC3-4B44-A182-229A60740402}" = GanttProject
    "{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB2}" = Paint.NET v3.5.8
    "{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A403D88E-ED7D-48E3-91FD-B8C8A720EDA1}" = Microsoft Speech SDK 5.1
    "{A431744A-553F-4FC0-AF91-BCA47C7E0949}" = Microsoft Windows SDK for Windows Server 2008 Headers and Libraries (6001.18000.367)
    "{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
    "{A7050037-F0EA-4BAB-BCD5-FC05507D6147}" = Alt-Tab Task Switcher Powertoy for Windows XP
    "{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}" = Intel(R) PROSet
    "{A8D93648-9F7F-407D-915C-62044644C3DA}" = MSI to redistribute MS VS2005 CRT libraries
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AA467959-A1D6-4F45-90CD-11DC57733F32}" = Crystal Reports Basic for Visual Studio 2008
    "{ADD17E50-1DC6-4FFE-B811-EE9D7C6894B5}" = MySQL Administrator 1.0
    "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
    "{B268E9A1-04A9-40D0-9866-846BE2B74BA7}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Win32 Tools
    "{B32E7732-B2FB-3FD0-81AC-6025B1104C66}" = Microsoft Device Emulator version 3.0 - ENU
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B42A6552-1A83-4D79-9137-AB0C9036249A}" = Quake Live Mozilla Plugin
    "{B46C272F-8B7A-402A-9915-8B0463F035DC}" = Microsoft Windows SDK for Windows Server 2008 Utilities for Win32 Development (6001.18000.367)
    "{B53D7D6B-9BB0-4EA8-82B9-9293CB41FCE1}" = MySQL Connector/ODBC 3.51
    "{B61D85B8-3C5A-4875-B20A-5CCDE3AADE3D}" = ChilkatDotNet
    "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
    "{B7EC89B3-2B8C-44A9-815C-135F391068B0}" = Microsoft Windows SDK for Windows Server 2008 Common Utilities (6001.18000.367)
    "{BA96A695-E9CE-4B2A-919A-540B73E7A78E}" = Microsoft Platform SDK (3790.1830)
    "{BBCBA2A0-F0E5-4EA8-AAC0-CF1DC592221E}" = Microsoft VC Redist 2008 (6001.18000.367)
    "{BFCC5FD0-3DF9-4191-813D-377042F746D3}" = SQL Admin Studio
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C241AD59-CBFB-4ECC-B3F9-CBD645A3FDD0}" = Microsoft SQL Web Data Administrator
    "{C2A02857-D138-446B-B181-442DEE20C8E6}" = Password Safe 3.14 for Windows
    "{C35D17CD-BA79-417F-B10C-1FA095FF5B4B}" = TortoiseSVN 1.7.2.22327 (32 bit)
    "{C55243C9-F058-4FD8-9693-E9C75BD7A84F}" = PHP to ASP.NET Migration Assistant
    "{C7EA29FC-78F2-4680-9D9B-22CA8191E63C}" = Microsoft Visual SourceSafe 2005 - ENU
    "{C9E855CA-0870-4EE5-861D-17A7156E7442}" = MdbToMySQL XP
    "{CA67F0FA-BAD0-4092-BB0A-3F2F6F37A333}" = KingsTools
    "{CAA376AF-0DE8-4FCA-942E-C6AC579B94B3}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Tools
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D123F6A3-F744-4940-AC17-C4FFCE32E6AC}" = TraderPlus
    "{D406F819-C4E6-4578-B1C7-8C34602D6FB0}" = ActivePerl 5.8.8 Build 817
    "{D4D24FE5-FAB3-4FE2-AFFC-623955F4DF3A}" = Visual Studio.NET Baseline - English
    "{D7DAD1E4-45F4-3B2B-899A-EA728167EC4F}" = Microsoft Visual Studio 2008 Professional Edition - ENU
    "{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine
    "{E170C29B-5F08-4759-8538-2B685F7CFC39}" = MyOleDB
    "{E4F454B3-4CE9-4F03-B07C-1D0D7D1BF458}" = ZipStudio
    "{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
    "{E67FF1A2-23C1-4102-84E9-42115F77AD32}" = UltraMon
    "{E7081891-BC7F-43F9-9CE6-B5DD2F497156}" = Internet Explorer Developer Toolbar
    "{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
    "{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}" = Microsoft .NET Compact Framework 2.0 SP2
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
    "{F5CCFF35-9ECC-4FAF-89E0-6F0DBFDCF952}" = dpaddinSetup
    "{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
    "{F66C0680-EBE5-4A01-BC13-D5F360CFA0EF}" = PHP 5.2.3
    "{F8FBDC28-C265-4F0D-8B91-6E92913E19F6}" = IIS 6.0 Resource Kit Tools
    "{FC4ED75D-916C-4A8C-BB67-3C6F6E06D62B}" = Banctec Service Agreement
    "{FCB10DE3-E190-4A7E-B06A-FAC61567ABFC}" = MySQL Tools for 5.0
    "{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "7-Zip" = 7-Zip 4.42
    "Abakt" = Abakt 0.9.5
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Photoshop 7.0" = Adobe Photoshop 7.0
    "Adobe Shockwave Player" = Adobe Shockwave Player 11
    "Advanced Office Password Recovery" = Advanced Office Password Recovery (remove only)
    "APP-Codejock.ToolkitPro.MFC.v13.3.1_is1" = Xtreme ToolkitPro v13.3.1
    "ASP XML" = ASP XML
    "AspEmail" = AspEmail
    "AWStats" = AWStats
    "BCM V.92 56K Modem" = BCM V.92 56K Modem
    "Bullzip MS Access to MySQL_is1" = Bullzip MS Access to MySQL 3.0.0.117
    "CCleaner" = CCleaner (remove only)
    "Chilkat XML" = Chilkat XML
    "ColorPic" = ColorPic
    "DbaMGR2k_is1" = DbaMgr2k
    "Dia" = Dia (remove only)
    "DiagramStudio 5.5" = DiagramStudio 5.5
    "DiagramStudio 5.7" = DiagramStudio 5.7
    "Dude" = The Dude
    "FBDBServer_2_1_is1" = Firebird 2.1.1.17910 (Win32)
    "Fiddler2" = Fiddler2
    "Firebird ODBC Driver_is1" = Firebird ODBC Driver 1.2.0.69
    "FlameRobin_is1" = FlameRobin 0.9.0
    "Foxit Reader" = Foxit Reader
    "GTK 2.0" = GTK+ Runtime 2.12.1 rev a (remove only)
    "HeidiSQL_is1" = HeidiSQL 3.2
    "HelpNDoc_is1" = HelpNDoc Version 1.11 Personal Edition
    "HTML Help Workshop" = HTML Help Workshop
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "IE XML/XSL Viewer Tools" = IE XML/XSL Viewer Tools
    "ie7" = Windows Internet Explorer 7
    "ie8" = Windows Internet Explorer 8
    "Inkscape" = Inkscape 0.45.1
    "InstallShield_{3868A8EE-5051-4DB0-8DF6-4F4B8A98D083}" = QuickTime
    "InstallShield_{F8FBDC28-C265-4F0D-8B91-6E92913E19F6}" = IIS 6.0 Resource Kit Tools
    "IrfanView" = IrfanView (remove only)
    "JXplorer 3.2.1" = JXplorer
    "Macromedia Shockwave Player" = Macromedia Shockwave Player
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft Document Explorer 2005" = Microsoft Document Explorer 2005
    "Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
    "Microsoft Security Client" = Microsoft Security Essentials
    "Microsoft SQL Server 2005" = Microsoft SQL Server 2005
    "Microsoft Visual SourceSafe 2005 - ENU" = Microsoft Visual SourceSafe 2005 - ENU
    "Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
    "Microsoft Visual Studio 2008 Professional Edition - ENU" = Microsoft Visual Studio 2008 Professional Edition - ENU
    "Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
    "Mozilla Sunbird (0.9)" = Mozilla Sunbird (0.9)
    "Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24)
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "MSDN Library for Visual Studio 2008 - ENU" = MSDN Library for Visual Studio 2008 - ENU
    "msxml_valid" = MSXML - XML Validation IE Extention
    "msxml_view" = MSXML - XSL Output IE Extention
    "Netnotep_is1" = Network Notepad 4.6.2
    "Netquote Charts" = Netquote Charts
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "Notepad++" = Notepad++
    "NVIDIA Drivers" = NVIDIA Drivers
    "Oxygen XML Editor" = Oxygen XML Editor
    "PHP 5.0.5" = PHP 5.0.5
    "POP Peeper" = POP Peeper
    "PostgreSQL 8.3" = PostgreSQL 8.3
    "PROSet" = Intel(R) PRO Network Adapters and Drivers
    "ProxyDesigner" = ProxyDesigner
    "PSPad editor_is1" = PSPad editor
    "Qtracker" = Qtracker
    "Quake 3 Arena Demo" = Quake 3 Arena Demo
    "RapidSVN-0.9.4_is1" = RapidSVN-0.9.4
    "RealVNC_is1" = VNC Free Edition 4.1.2
    "SDKSetup_6.0.6001.18000" = Microsoft Windows SDK for Windows Server 2008 (6001.18000.367)
    "SmartSVN - 2.1_is1" = SmartSVN 2.1.8
    "SQLite Expert Personal_is1" = SQLite Expert Personal 1.5.21
    "SQLite ODBC Driver" = SQLite ODBC Driver (remove only)
    "Sqliteman" = Sqliteman 1.0.1
    "SQLyog Community" = SQLyog Community 8.61
    "Stellarium_is1" = Stellarium 0.9.0
    "Subversion_is1" = Subversion 1.4.3-r23084
    "Tweak UI 2.10" = Tweak UI
    "UltraDefrag" = Ultra Defragmenter
    "Ultravnc2_is1" = UltraVNC 1.0.5.6
    "Updater Tool_is1" = Updater Tool
    "Visual Leak Detector" = Visual Leak Detector 1.9h
    "Visual Studio .NET Enterprise Developer 2003 - English" = Microsoft Visual Studio .NET Enterprise Developer 2003 - English
    "Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
    "VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
    "WGA" = Windows Genuine Advantage Validation Tool
    "WIC" = Windows Imaging Component
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinMerge_is1" = WinMerge 2.12.4
    "WinPcapInst" = WinPcap 4.0.2
    "winscp3_is1" = WinSCP 4.2.4 beta
    "Wireshark" = Wireshark 1.0.7
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
    "XTKP-HELP-MFC-9601_is1" = Codejock Software® Help 2.0

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-249062950-2638048696-2906977768-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 11/01/2012 14:19:42 | Computer Name = INFO01-A | Source = crypt32 | ID = 131077
    Description = Failed auto update retrieval of third-party root certificate from:
    <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25.crt>
    with error: The connection with the server was terminated abnormally

    Error - 11/01/2012 14:19:42 | Computer Name = INFO01-A | Source = crypt32 | ID = 131077
    Description = Failed auto update retrieval of third-party root certificate from:
    <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25.crt>
    with error: This network connection does not exist.

    Error - 11/01/2012 15:12:45 | Computer Name = INFO01-A | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: The server name or address could not be resolved

    Error - 11/01/2012 15:12:45 | Computer Name = INFO01-A | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This network connection does not exist.

    Error - 11/01/2012 15:12:45 | Computer Name = INFO01-A | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This network connection does not exist.

    Error - 11/01/2012 16:55:11 | Computer Name = INFO01-A | Source = MPSampleSubmission | ID = 5000
    Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 3.0.8402.0,
    P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
    P8 NIL, P9 NIL, P10 NIL.

    Error - 11/01/2012 17:18:03 | Computer Name = INFO01-A | Source = MPSampleSubmission | ID = 5000
    Description = EventType mptelemetry, P1 80072efd, P2 endsearch, P3 search, P4 3.0.8402.0,
    P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
    P8 NIL, P9 NIL, P10 NIL.

    Error - 11/01/2012 17:30:43 | Computer Name = INFO01-A | Source = MsiInstaller | ID = 10005
    Description = Product: Microsoft .NET Framework 1.1 -- Internal Error 2705. Directory

    Error - 11/01/2012 17:30:44 | Computer Name = INFO01-A | Source = MsiInstaller | ID = 1023
    Description = Product: Microsoft .NET Framework 1.1 - Update '{0213C6AF-5562-4D09-884C-2ADCFC8C2F35}'
    could not be installed. Error code 1603. Additional information is available in
    the log file C:\WINDOWS\TEMP\NDP1.1sp1-KB2656353-X86\NDP1.1sp1-KB2656353-X86-msi.0.log.

    Error - 11/01/2012 17:30:44 | Computer Name = INFO01-A | Source = NativeWrapper | ID = 5000
    Description =

    [ System Events ]
    Error - 11/01/2012 14:59:05 | Computer Name = INFO01-A | Source = Service Control Manager | ID = 7023
    Description = The Network Location Awareness (NLA) service terminated with the following
    error: %%127

    Error - 11/01/2012 15:08:42 | Computer Name = INFO01-A | Source = Service Control Manager | ID = 7023
    Description = The Network Location Awareness (NLA) service terminated with the following
    error: %%127

    Error - 11/01/2012 15:10:31 | Computer Name = INFO01-A | Source = Service Control Manager | ID = 7023
    Description = The Network Location Awareness (NLA) service terminated with the following
    error: %%127

    Error - 11/01/2012 15:12:47 | Computer Name = INFO01-A | Source = Service Control Manager | ID = 7034
    Description = The Zabbix Win32 Agent service terminated unexpectedly. It has done
    this 1 time(s).

    Error - 11/01/2012 15:12:47 | Computer Name = INFO01-A | Source = Service Control Manager | ID = 7034
    Description = The MySQL service terminated unexpectedly. It has done this 1 time(s).

    Error - 11/01/2012 16:46:52 | Computer Name = INFO01-A | Source = Service Control Manager | ID = 7034
    Description = The Zabbix Win32 Agent service terminated unexpectedly. It has done
    this 1 time(s).

    Error - 11/01/2012 16:46:52 | Computer Name = INFO01-A | Source = Service Control Manager | ID = 7034
    Description = The MySQL service terminated unexpectedly. It has done this 1 time(s).

    Error - 11/01/2012 16:55:10 | Computer Name = INFO01-A | Source = Microsoft Antimalware | ID = 2001
    Description = %%860 has encountered an error trying to update signatures. New Signature
    Version: Previous Signature Version: 1.117.2524.0 Update Source: %%859 Update Stage:
    %%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

    User:
    NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error
    code: 0x8024402c Error description: An unexpected problem occurred while checking
    for updates. For information on installing or troubleshooting updates, see Help
    and Support.

    Error - 11/01/2012 17:18:02 | Computer Name = INFO01-A | Source = Microsoft Antimalware | ID = 2001
    Description = %%860 has encountered an error trying to update signatures. New Signature
    Version: Previous Signature Version: 1.117.2524.0 Update Source: %%859 Update Stage:
    %%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

    User:
    NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error
    code: 0x80072efd Error description: A connection with the server could not be established


    Error - 11/01/2012 17:30:44 | Computer Name = INFO01-A | Source = Windows Update Agent | ID = 20
    Description = Installation Failure: Windows failed to install the following update
    with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on
    Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2656353).


    < End of report >
     
    ldaoust,
    #16
  18. 2012/01/11
    ldaoust

    ldaoust Inactive Thread Starter

    Joined:
    2011/04/11
    Messages:
    42
    Likes Received:
    0
    Computer seems to be doing ok. Not seeing any symptoms right now.

    There was a 'Windows Crash Report' window that appeared telling about application crashes that occured and asking if I wanted to send report. Should I be concerned ?
     
    ldaoust,
    #17
  19. 2012/01/11
    ldaoust

    ldaoust Inactive Thread Starter

    Joined:
    2011/04/11
    Messages:
    42
    Likes Received:
    0
    Leaving office right now. Will check back when I get home and try to connect/continue from there if I can, else tomorrow.

    thanks.
    Louis.
     
    ldaoust,
    #18
  20. 2012/01/11
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    No, not about one time program crash.

    Run OTL
    • Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following

      Code:
      :OTL
SRV - File not found [Disabled | Stopped] -- -- (winvnc)
SRV - File not found [On_Demand | Stopped] -- -- (iPodService)
O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
O3 - HKU\S-1-5-21-249062950-2638048696-2906977768-1007\..\Toolbar\WebBrowser: (no name) - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - No CLSID value found.
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Validate XML - C:\WINDOWS\Web\msxmlval.htm ()
O8 - Extra context menu item: View XSL Output - C:\WINDOWS\Web\msxmlvw.htm ()
O16 - DPF: {00000075-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/voxacm.CAB (Reg Error: Key error.)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37991.4499652778 (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
[2012/01/10 09:28:14 | 000,008,248 | -HS- | M] () -- C:\Documents and Settings\Louis Daoust\Local Settings\Application Data\62qxl60drq5187wqujy01qpmxo2kw50aor3m77e0s38tqf
[2012/01/10 09:28:14 | 000,008,248 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\62qxl60drq5187wqujy01qpmxo2kw50aor3m77e0s38tqf
[2008/02/21 11:17:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG7
[2004/04/08 09:17:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2004/11/17 08:31:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\AVG7
[2008/02/21 11:17:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Louis Daoust\Application Data\AVG7
[2004/11/17 08:29:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\AVG7

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
    • Then click the [color= "#FF0000"]Run Fix[/color] button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ===========================================================

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.

    ==============================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
    • Press "Scan ".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
    broni,
    #19
  21. 2012/01/12
    ldaoust

    ldaoust Inactive Thread Starter

    Joined:
    2011/04/11
    Messages:
    42
    Likes Received:
    0
    Good morning.

    OTL
    ===

    All processes killed
    ========== OTL ==========
    Service winvnc stopped successfully!
    Service winvnc deleted successfully!
    Service iPodService stopped successfully!
    Service iPodService deleted successfully!
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{BA52B914-B692-46c4-B683-905236F6F655} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA52B914-B692-46c4-B683-905236F6F655}\ not found.
    Registry value HKEY_USERS\S-1-5-21-249062950-2638048696-2906977768-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{F2E259E8-0FC8-438C-A6E0-342DD80FA53E} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F2E259E8-0FC8-438C-A6E0-342DD80FA53E}\ not found.
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ deleted successfully.
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Validate XML\ deleted successfully.
    C:\WINDOWS\Web\msxmlval.htm moved successfully.
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\View XSL Output\ deleted successfully.
    C:\WINDOWS\Web\msxmlvw.htm moved successfully.
    Starting removal of ActiveX control {00000075-9980-0010-8000-00AA00389B71}
    C:\WINDOWS\Downloaded Program Files\voxacm.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{00000075-9980-0010-8000-00AA00389B71}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000075-9980-0010-8000-00AA00389B71}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{00000075-9980-0010-8000-00AA00389B71}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000075-9980-0010-8000-00AA00389B71}\ not found.
    Starting removal of ActiveX control {9F1C11AA-197B-4942-BA54-47A8489BB47F}
    C:\WINDOWS\Downloaded Program Files\iuctl.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9F1C11AA-197B-4942-BA54-47A8489BB47F}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9F1C11AA-197B-4942-BA54-47A8489BB47F}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9F1C11AA-197B-4942-BA54-47A8489BB47F}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9F1C11AA-197B-4942-BA54-47A8489BB47F}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    C:\WINDOWS\Downloaded Program Files\gp.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    C:\Documents and Settings\Louis Daoust\Local Settings\Application Data\62qxl60drq5187wqujy01qpmxo2kw50aor3m77e0s38tqf moved successfully.
    C:\Documents and Settings\All Users\Application Data\62qxl60drq5187wqujy01qpmxo2kw50aor3m77e0s38tqf moved successfully.
    C:\Documents and Settings\All Users\Application Data\AVG7 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\UserShell\AOL9 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\UserShell folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint folder moved successfully.
    C:\Documents and Settings\LocalService\Application Data\AVG7 folder moved successfully.
    C:\Documents and Settings\Louis Daoust\Application Data\AVG7 folder moved successfully.
    C:\Documents and Settings\NetworkService\Application Data\AVG7 folder moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes

    User: dhebert
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: INFO01-A

    User: ldaoust
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes

    User: Louis Daoust
    ->Temp folder emptied: 16449 bytes
    ->Temporary Internet Files folder emptied: 20671693 bytes
    ->Java cache emptied: 93281185 bytes
    ->FireFox cache emptied: 452451953 bytes
    ->Google Chrome cache emptied: 13192787 bytes
    ->Flash cache emptied: 3167107 bytes

    User: NetworkService
    ->Temp folder emptied: 5192 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Java cache emptied: 25498 bytes
    ->Flash cache emptied: 9665 bytes

    User: postgres
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 39097 bytes
    %systemroot%\System32 .tmp files removed: 2577 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 398924 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 15224202 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 206741 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 571.00 mb


    [EMPTYJAVA]

    User: Administrator

    User: All Users

    User: Default User

    User: dhebert

    User: INFO01-A

    User: ldaoust

    User: LocalService

    User: Louis Daoust
    ->Java cache emptied: 0 bytes

    User: NetworkService
    ->Java cache emptied: 0 bytes

    User: postgres

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: Administrator

    User: All Users

    User: Default User

    User: dhebert

    User: INFO01-A

    User: ldaoust

    User: LocalService

    User: Louis Daoust
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Flash cache emptied: 0 bytes

    User: postgres

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.31.0 log created on 01112012_193058

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...
     
    ldaoust,
    #20
Page 1 of 2

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...