|
#1
May 8th, 2012, 09:28 PM
|
|||
|
|||
|
Malicious Software - Virus
Good Day,
I have in error opened an email that had a virus attached, even though we have Barracuda Firewall this email still managed to come through and as it was from, or as i thought, UPS I opened the email. My laptop is now infected with a virus. I have used Malewarebytes to scan my laptop and i am attaching the log from this. Is it possible for you to advise me as to what i need to do to get rid of this virus? ' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6504 Windows 6.1.7600 (Safe Mode) Internet Explorer 8.0.7600.16385 5/8/2012 4:05:13 PM mbam-log-2012-05-08 (16-04-42).txt Scan type: Full scan (C:\|D:\|) Objects scanned: 352577 Time elapsed: 21 minute(s), 26 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 2 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\Advanced\Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\Advanced\Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken. Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Kind regards Naomie 
|
|
#2
May 9th, 2012, 12:44 AM
|
||||
|
||||
|
Hello egapan,
Let's take a look. The system is Windows 7, so when running any of the scan files we use, be sure to right click the file, then select "Run as administrator" to start the scan/tool. And To make sure you have an accurate view of files there, make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types" To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs. Here are some antivirus disable tips if needed. ------- Click here and download OldTimer's OTL to your desktop, then click that to open the scan display. At the top click "Scan All Users", then click "Run Scan". Make no other changes at this time. When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are also saved in the same location as OTL.exe. Post the contents of those back here please. ----------- Click here and download the installer for Gmer to your desktop, then click that file to run Gmer. Once the opening scan finishes, click on Scan (again, before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan). When completed, click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please. ----------- Download aswMBR ( 511KB ) to your desktop.
A lot, but comprehensive, and will make sure we get a good view of everything.
|
|
#3
May 9th, 2012, 12:33 PM
|
|||
|
|||
|
Here is the first scan - OldTimer's OTL
OTL logfile created on: 5/9/2012 11:36:03 AM - Run 1 OTL by OldTimer - Version 3.2.42.3 Folder = U:\My Documents\Desktop Professional (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.16 Gb Total Physical Memory | 2.64 Gb Available Physical Memory | 83.47% Memory free 6.33 Gb Paging File | 5.83 Gb Available in Paging File | 92.11% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 220.69 Gb Total Space | 159.86 Gb Free Space | 72.44% Space Free | Partition Type: NTFS Drive E: | 1.87 Gb Total Space | 1.68 Gb Free Space | 89.84% Space Free | Partition Type: FAT Drive U: | 220.69 Gb Total Space | 159.86 Gb Free Space | 72.44% Space Free | Partition Type: CSC-CACHE Computer Name: NAOMIE | User Name: naomie.page | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/05/09 11:35:27 | 000,595,456 | ---- | M] (OldTimer Tools) -- U:\My Documents\Desktop\OTL.exe PRC - [2011/02/26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe ========== Modules (No Company Name) ========== ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\Program Files\Spybot -- (SBSDWSCService) SRV - [2011/05/06 03:01:21 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2011/01/20 17:20:38 | 000,388,464 | ---- | M] (Dell Inc.) [Auto | Stopped] -- c:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe -- (dcpsysmgrsvc) SRV - [2011/01/15 20:00:00 | 000,040,960 | ---- | M] (Dell Inc.) [Auto | Stopped] -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE -- (wltrysvc) SRV - [2010/12/08 04:43:40 | 000,262,226 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Program Files\IDT\WDM\stacsv.exe -- (STacSV) SRV - [2010/12/03 18:19:26 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R) SRV - [2010/12/03 18:19:20 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R) SRV - [2010/11/29 18:10:32 | 000,210,896 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Services\IPT\jhi_service.exe -- (jhi_service) Intel(R) SRV - [2010/11/25 11:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12) SRV - [2010/11/25 11:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM) SRV - [2010/11/03 22:12:58 | 001,477,632 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService) SRV - [2010/10/16 22:10:52 | 002,336,104 | ---- | M] (Wave Systems Corp.) [Auto | Stopped] -- C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe -- (TdmService) SRV - [2010/07/13 20:02:32 | 001,629,696 | ---- | M] () [Auto | Stopped] -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe) SRV - [2010/07/05 19:37:32 | 000,045,056 | -H-- | M] (Trend Micro Inc.) [Auto | Stopped] -- c:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe -- (svcGenericHost) SRV - [2010/06/29 22:11:50 | 000,127,488 | ---- | M] (Broadcom Corporation) [Auto | Stopped] -- C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe -- (BrcmMgmtAgent) SRV - [2010/06/22 19:27:38 | 001,358,160 | -H-- | M] (Trend Micro Inc.) [Auto | Stopped] -- c:\Program Files\Trend Micro\Client Server Security Agent\TmListen.exe -- (tmlisten) SRV - [2010/06/22 19:18:46 | 001,323,912 | -H-- | M] (Trend Micro Inc.) [Auto | Stopped] -- c:\Program Files\Trend Micro\Client Server Security Agent\NTRtScan.exe -- (ntrtscan) SRV - [2010/05/10 21:24:12 | 001,803,584 | ---- | M] (AuthenTec, Inc.) [Auto | Stopped] -- C:\Program Files\Fingerprint Sensor\AtService.exe -- (ATService) SRV - [2010/02/11 18:50:50 | 000,072,296 | ---- | M] (O2Micro International) [Auto | Stopped] -- C:\Windows\System32\drivers\o2flash.exe -- (O2FLASH) SRV - [2009/07/15 23:39:06 | 000,497,008 | -H-- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- c:\Program Files\Trend Micro\Client Server Security Agent\TmPfw.exe -- (TmPfw) SRV - [2009/07/15 23:37:18 | 000,689,416 | -H-- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- c:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exe -- (TmProxy) SRV - [2009/07/14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/07/14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009/03/03 11:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Program Files\IDT\WDM\AEstSrv.exe -- (AESTFilters) SRV - [2003/04/19 03:06:26 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\srvany.exe -- (O2SDIOAssist)
|
|
#4
May 9th, 2012, 12:34 PM
|
|||
|
|||
|
========== Driver Services (SafeList) ==========
DRV - [2011/04/13 16:05:44 | 000,035,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2011/01/15 19:59:48 | 000,018,496 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY) DRV - [2011/01/06 05:42:14 | 000,284,792 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2011/01/04 23:41:58 | 000,062,440 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\O2MDRw7.sys -- (O2MDRRDR) DRV - [2011/01/04 22:44:06 | 000,060,904 | ---- | M] (O2Micro ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\o2mdfw7.sys -- (O2MDFRDR) DRV - [2011/01/04 22:29:06 | 000,063,848 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2sdjw7.sys -- (O2SDJRDR) DRV - [2010/12/13 18:33:36 | 000,043,888 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelern.sys -- (Acceler) DRV - [2010/12/08 04:43:40 | 000,435,200 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA) DRV - [2010/10/19 20:33:40 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (MEI) Intel(R) DRV - [2010/10/15 09:27:18 | 000,269,824 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) Intel(R) DRV - [2010/09/03 16:39:22 | 000,088,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\basp.sys -- (Blfp) DRV - [2010/08/20 19:04:38 | 000,017,648 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\stdcfltn.sys -- (stdcfltn) DRV - [2010/05/11 05:03:32 | 000,230,928 | -H-- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- c:\Program Files\Trend Micro\Client Server Security Agent\TmXPFlt.sys -- (TmFilter) DRV - [2010/05/11 05:02:44 | 000,036,368 | -H-- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- c:\Program Files\Trend Micro\Client Server Security Agent\tmpreflt.sys -- (TmPreFilter) DRV - [2010/05/11 04:41:54 | 001,322,808 | -H-- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- c:\Program Files\Trend Micro\Client Server Security Agent\vsapiNT.sys -- (VSApiNt) DRV - [2009/07/15 23:38:14 | 000,283,152 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\tmwfp.sys -- (tmwfp) DRV - [2009/07/15 23:38:04 | 000,146,448 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmlwf.sys -- (tmlwf) DRV - [2009/07/15 23:37:40 | 000,089,872 | ---- | M] (Trend Micro Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\tmtdi.sys -- (tmtdi) DRV - [2009/07/14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2009/07/14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2009/07/14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2009/07/14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2009/07/14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2009/07/06 20:11:12 | 000,158,224 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\tmcomm.sys -- (tmcomm) DRV - [2008/06/04 19:14:00 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\PBADRV.sys -- (PBADRV) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {22D9081D-F2CF-43BE-8B0D-EED7D708E54B} IE - HKLM\..\SearchScopes\{22D9081D-F2CF-43BE-8B0D-EED7D708E54B}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVer sion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Inter net Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-109903746-2060566131-3148740645-9127\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USREL/1 IE - HKU\S-1-5-21-109903746-2060566131-3148740645-9127\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ IE - HKU\S-1-5-21-109903746-2060566131-3148740645-9127\..\SearchScopes,DefaultScope = {22D9081D-F2CF-43BE-8B0D-EED7D708E54B} IE - HKU\S-1-5-21-109903746-2060566131-3148740645-9127\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\naomie.page\AppData\Local\Google\Update\1 .3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\naomie.page\AppData\Local\Google\Update\1 .3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\6.0.2282.0\Firefox [2011/04/13 13:45:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/04/13 13:45:47 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/04/13 13:46:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension [2011/04/13 13:46:53 | 000,000,000 | -H-D | M]
|
|
#5
May 9th, 2012, 12:35 PM
|
|||
|
|||
|
========== Chrome ==========
CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:accepte dSuggestion}{google:originalQueryForSuggestion}{go ogle:searchFieldtrialParameter}{google:instantFiel dTrialGroupParameter}sourceid=chrome&ie={inputEnco ding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldt rialParameter}{google:instantFieldTrialGroupParame ter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\naomie.page\AppData\Local\Google\Chrome\A pplication\18.0.1025.168\ppGoogleNaClPluginChrome. dll CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\naomie.page\AppData\Local\Google\Chrome\A pplication\18.0.1025.168\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\naomie.page\AppData\Local\Google\Chrome\A pplication\18.0.1025.168\gcswf32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U23 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Bing Bar (Enabled) = C:\Program Files\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Google Update (Enabled) = C:\Users\naomie.page\AppData\Local\Google\Update\1 .3.21.111\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll CHR - Extension: YouTube = C:\Users\naomie.page\AppData\Local\Google\Chrome\U ser Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo\4.2.5_0\ CHR - Extension: Google Search = C:\Users\naomie.page\AppData\Local\Google\Chrome\U ser Data\Default\Extensions\coobgpohoikkiipiblmjeljnie djpjpf\0.0.0.19_0\ CHR - Extension: Gmail = C:\Users\naomie.page\AppData\Local\Google\Chrome\U ser Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia\7_0\ O1 HOSTS File: ([2011/05/04 16:31:23 | 000,433,994 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 123fporn.info O1 - Hosts: 14934 more lines... O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll (Trend Micro Inc.) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.) O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [DBRMTray] C:\dell\DBRM\Reminder\DbrmTrayicon.exe (Microsoft) O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe () O4 - HKLM..\Run: [FreeFallProtection] C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Prote ction.exe () O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [OfficeScanNT Monitor] c:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe (Trend Micro Inc.) O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.) O4 - HKLM..\Run: [RemoteControl9] C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions) O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.) O4 - HKU\S-1-5-21-109903746-2060566131-3148740645-9127..\Run: [EPSON SX430 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIH AE.EXE (SEIKO EPSON CORPORATION) O4 - HKU\S-1-5-21-109903746-2060566131-3148740645-9127..\Run: [NetworkToolHelper] rundll32 C:\Users\NAOMIE~1.PAG\AppData\Local\Temp\NETWOR~1. DLL,Enter File not found O4 - HKU\S-1-5-21-109903746-2060566131-3148740645-9127..\Run: [nMQsPVYoUn.exe] C:\ProgramData\nMQsPVYoUn.exe ( ) O4 - HKU\S-1-5-21-109903746-2060566131-3148740645-9127..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-109903746-2060566131-3148740645-9127..\Run: [urlmon] C:\Users\naomie.page\AppData\Local\urlmon.exe () O4 - HKLM..\RunOnce: [DBRMTray] C:\dell\DBRM\Reminder\TrayApp.exe (Microsoft) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: DisableCAD = 1 O7 - HKU\S-1-5-21-109903746-2060566131-3148740645-9127\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = turbochef.com O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{A08CFEF9-DE52-4F9B-B8BF-9ABDA9ECB5DE}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{AE4E522F-B952-41B0-A4B2-B50105F8A256}: DhcpNameServer = 192.168.25.55 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{FCD65F82-189C-4C81-90A7-4C1884FA5F42}: DhcpNameServer = 192.168.1.254 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll (Trend Micro Inc.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.ex e (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - Winlogon\Notify\spba: DllName - (C:\Program Files\Common Files\SPBA\homefus2.dll) - C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O30 - LSA: Authentication Packages - (wvauth) - C:\Windows\System32\wvauth.dll (Wave Systems Corp.) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/05/08 16:51:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro Client-Server Security Agent [2012/05/03 08:35:12 | 000,000,000 | ---D | C] -- C:\Users\naomie.page\AppData\Local\ElevatedDiagnos tics [2012/05/03 08:23:06 | 000,000,000 | -H-D | C] -- C:\Users\naomie.page\AppData\Roaming\Microsoft\Win dows\Start Menu\Programs\Data Recovery ========== Files - Modified Within 30 Days ========== [2012/05/09 11:12:44 | 000,634,934 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012/05/09 11:12:44 | 000,109,798 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012/05/09 11:08:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/05/09 11:08:27 | 2548,772,864 | -HS- | M] () -- C:\hiberfil.sys [2012/05/08 16:54:32 | 000,014,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/05/08 16:54:32 | 000,014,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/05/08 16:49:35 | 000,000,031 | ---- | M] () -- C:\tmuninst.ini [2012/05/03 13:14:56 | 000,000,410 | ---- | M] () -- C:\Windows\tasks\{A694391C-97A0-4024-AE14-F79D79221538}.job [2012/05/03 08:23:07 | 000,000,184 | -H-- | M] () -- C:\ProgramData\-Durm03sLBPFVcbr [2012/05/03 08:23:07 | 000,000,000 | -H-- | M] () -- C:\ProgramData\-Durm03sLBPFVcb [2012/05/03 08:23:06 | 000,000,681 | -H-- | M] () -- C:\Users\naomie.page\Application Data\Microsoft\Internet Explorer\Quick Launch\Data_Recovery.lnk [2012/05/03 08:23:06 | 000,000,657 | -H-- | M] () -- C:\Users\naomie.page\Desktop\Data_Recovery.lnk [2012/05/03 08:23:04 | 000,000,256 | -H-- | M] () -- C:\ProgramData\Durm03sLBPFVcb [2012/05/03 08:22:57 | 000,244,224 | -H-- | M] ( ) -- C:\ProgramData\Durm03sLBPFVcb.exe [2012/05/03 08:20:21 | 000,003,288 | -H-- | M] () -- C:\bootsqm.dat [2012/05/03 08:15:58 | 000,000,932 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-109903746-2060566131-3148740645-9127UA.job [2012/05/02 18:05:05 | 000,328,704 | -H-- | M] ( ) -- C:\Users\naomie.page\AppData\Local\060e0efd.exe [2012/05/02 18:02:59 | 000,328,704 | -H-- | M] ( ) -- C:\ProgramData\nMQsPVYoUn.exe [2012/05/02 18:02:53 | 000,237,056 | -H-- | M] () -- C:\Users\naomie.page\AppData\Local\060bfc96.exe [2012/05/02 18:00:51 | 000,328,704 | -H-- | M] ( ) -- C:\Users\naomie.page\AppData\Local\060a2fc6.exe [2012/05/02 15:39:12 | 000,030,208 | -H-- | M] () -- C:\Users\naomie.page\AppData\Local\urlmon.exe [2012/05/02 10:39:00 | 000,000,880 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-109903746-2060566131-3148740645-9127Core.job [2012/05/02 07:39:44 | 000,002,391 | -H-- | M] () -- C:\Users\naomie.page\Desktop\Google Chrome.lnk [2012/04/13 11:23:28 | 000,107,845 | -H-- | M] () -- C:\Users\naomie.page\Desktop\New layout.layout ========== Files Created - No Company Name ========== [2012/05/03 13:14:56 | 000,000,410 | ---- | C] () -- C:\Windows\tasks\{A694391C-97A0-4024-AE14-F79D79221538}.job [2012/05/03 08:23:07 | 000,000,184 | -H-- | C] () -- C:\ProgramData\-Durm03sLBPFVcbr [2012/05/03 08:23:07 | 000,000,000 | -H-- | C] () -- C:\ProgramData\-Durm03sLBPFVcb [2012/05/03 08:23:06 | 000,000,681 | -H-- | C] () -- C:\Users\naomie.page\Application Data\Microsoft\Internet Explorer\Quick Launch\Data_Recovery.lnk [2012/05/03 08:23:06 | 000,000,657 | -H-- | C] () -- C:\Users\naomie.page\Desktop\Data_Recovery.lnk [2012/05/03 08:23:03 | 000,000,256 | -H-- | C] () -- C:\ProgramData\Durm03sLBPFVcb [2012/05/03 08:22:57 | 000,244,224 | -H-- | C] ( ) -- C:\ProgramData\Durm03sLBPFVcb.exe [2012/05/03 08:20:21 | 000,003,288 | -H-- | C] () -- C:\bootsqm.dat [2012/05/02 18:39:31 | 000,328,704 | -H-- | C] ( ) -- C:\ProgramData\nMQsPVYoUn.exe [2012/05/02 18:05:00 | 000,328,704 | -H-- | C] ( ) -- C:\Users\naomie.page\AppData\Local\060e0efd.exe [2012/05/02 18:02:45 | 000,237,056 | -H-- | C] () -- C:\Users\naomie.page\AppData\Local\060bfc96.exe [2012/05/02 18:00:46 | 000,328,704 | -H-- | C] ( ) -- C:\Users\naomie.page\AppData\Local\060a2fc6.exe [2012/05/02 17:54:41 | 000,030,208 | -H-- | C] () -- C:\Users\naomie.page\AppData\Local\urlmon.exe [2012/04/13 11:23:28 | 000,107,845 | -H-- | C] () -- C:\Users\naomie.page\Desktop\New layout.layout [2011/05/20 13:55:58 | 000,000,835 | -H-- | C] () -- C:\Windows\Brpfx04a.ini [2011/05/20 13:55:58 | 000,000,167 | -H-- | C] () -- C:\Windows\brpcfx.ini [2011/05/20 13:55:30 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf08a.dat [2011/05/20 13:55:29 | 000,000,419 | -H-- | C] () -- C:\Windows\BRWMARK.INI [2011/05/20 13:55:29 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2011/05/20 13:54:21 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll [2011/05/20 13:54:21 | 000,000,066 | -H-- | C] () -- C:\Windows\Brfaxrx.ini [2011/05/20 13:54:21 | 000,000,000 | -H-- | C] () -- C:\Windows\brdfxspd.dat [2011/05/20 13:51:22 | 000,031,767 | ---- | C] () -- C:\Windows\maxlink.ini [2011/05/19 14:53:05 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011/05/04 16:12:24 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI [2011/04/13 15:51:30 | 000,960,940 | ---- | C] () -- C:\Windows\System32\igkrng600.bin [2011/04/13 15:51:28 | 000,207,376 | ---- | C] () -- C:\Windows\System32\igfcg600m.bin [2011/04/13 15:51:28 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll [2011/04/13 15:51:26 | 000,145,804 | ---- | C] () -- C:\Windows\System32\igcompkrng600.bin [2011/04/13 15:51:24 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll [2011/04/13 15:51:24 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config [2011/04/13 13:31:11 | 000,080,368 | ---- | C] () -- C:\Windows\System32\pbadrvdll.dll [2011/04/13 13:30:28 | 000,008,698 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2011/04/13 13:30:06 | 000,000,206 | ---- | C] () -- C:\Windows\hbcikrnl.ini [2011/04/13 13:27:07 | 000,008,192 | ---- | C] () -- C:\Windows\System32\drivers\IntelMEFWVer.dll [2011/04/13 13:26:58 | 000,032,256 | ---- | C] () -- C:\Windows\System32\instsrv.exe [2011/04/13 13:26:58 | 000,008,192 | ---- | C] () -- C:\Windows\System32\srvany.exe [2011/04/13 13:24:34 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll [2010/10/01 21:56:28 | 000,087,040 | ---- | C] () -- C:\Windows\System32\Internationalization_th.dll [2010/10/01 21:56:28 | 000,074,752 | ---- | C] () -- C:\Windows\System32\Internationalization_zh-HK.dll [2010/10/01 21:56:26 | 000,089,088 | ---- | C] () -- C:\Windows\System32\Internationalization_sl.dll [2010/10/01 21:56:24 | 000,089,088 | ---- | C] () -- C:\Windows\System32\Internationalization_sk.dll [2010/10/01 21:56:22 | 000,090,112 | ---- | C] () -- C:\Windows\System32\Internationalization_hr.dll [2010/10/01 21:56:20 | 000,088,064 | ---- | C] () -- C:\Windows\System32\Internationalization_tr.dll [2010/10/01 21:56:18 | 000,091,648 | ---- | C] () -- C:\Windows\System32\Internationalization_ro.dll [2010/10/01 21:56:18 | 000,091,648 | ---- | C] () -- C:\Windows\System32\Internationalization_pt-BR.dll [2010/10/01 21:56:16 | 000,091,136 | ---- | C] () -- C:\Windows\System32\Internationalization_hu.dll [2010/10/01 21:56:14 | 000,084,480 | ---- | C] () -- C:\Windows\System32\Internationalization_he.dll [2010/10/01 21:56:12 | 000,089,088 | ---- | C] () -- C:\Windows\System32\Internationalization_fi.dll [2010/10/01 21:56:10 | 000,095,744 | ---- | C] () -- C:\Windows\System32\Internationalization_el.dll [2010/10/01 21:56:10 | 000,090,112 | ---- | C] () -- C:\Windows\System32\Internationalization_cs.dll [2010/10/01 21:56:08 | 000,086,016 | ---- | C] () -- C:\Windows\System32\Internationalization_ar.dll [2010/10/01 21:56:06 | 000,074,752 | ---- | C] () -- C:\Windows\System32\Internationalization_zh-CHT.dll [2010/10/01 21:56:06 | 000,074,240 | ---- | C] () -- C:\Windows\System32\Internationalization_zh-CHS.dll [2010/10/01 21:56:04 | 000,090,624 | ---- | C] () -- C:\Windows\System32\Internationalization_sv.dll [2010/10/01 21:56:02 | 000,090,112 | ---- | C] () -- C:\Windows\System32\Internationalization_ru.dll [2010/10/01 21:56:00 | 000,093,184 | ---- | C] () -- C:\Windows\System32\Internationalization_pt.dll [2010/10/01 21:56:00 | 000,092,160 | ---- | C] () -- C:\Windows\System32\Internationalization_pl.dll [2010/10/01 21:55:58 | 000,088,576 | ---- | C] () -- C:\Windows\System32\Internationalization_no.dll [2010/10/01 21:55:56 | 000,096,256 | ---- | C] () -- C:\Windows\System32\Internationalization_nl.dll [2010/10/01 21:55:56 | 000,078,848 | ---- | C] () -- C:\Windows\System32\Internationalization_ko.dll [2010/10/01 21:55:54 | 000,080,384 | ---- | C] () -- C:\Windows\System32\Internationalization_ja.dll [2010/10/01 21:55:52 | 000,093,696 | ---- | C] () -- C:\Windows\System32\Internationalization_it.dll [2010/10/01 21:55:50 | 000,093,696 | ---- | C] () -- C:\Windows\System32\Internationalization_fr.dll [2010/10/01 21:55:50 | 000,093,184 | ---- | C] () -- C:\Windows\System32\Internationalization_es.dll [2010/10/01 21:55:46 | 000,094,720 | ---- | C] () -- C:\Windows\System32\Internationalization_de.dll [2010/10/01 21:55:44 | 000,091,648 | ---- | C] () -- C:\Windows\System32\Internationalization_da.dll [2010/09/30 14:49:10 | 000,012,800 | ---- | C] () -- C:\Windows\System32\Wavx_ESC_Logging.dll [2010/08/19 23:18:20 | 001,008,640 | ---- | C] () -- C:\Windows\System32\DemoLicense.dll < End of report >
|
|
#6
May 9th, 2012, 12:36 PM
|
|||
|
|||
|
Extras - Txt
OTL Extras logfile created on: 5/9/2012 11:36:03 AM - Run 1 OTL by OldTimer - Version 3.2.42.3 Folder = U:\My Documents\Desktop Professional (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.16 Gb Total Physical Memory | 2.64 Gb Available Physical Memory | 83.47% Memory free 6.33 Gb Paging File | 5.83 Gb Available in Paging File | 92.11% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 220.69 Gb Total Space | 159.86 Gb Free Space | 72.44% Space Free | Partition Type: NTFS Drive E: | 1.87 Gb Total Space | 1.68 Gb Free Space | 89.84% Space Free | Partition Type: FAT Drive U: | 220.69 Gb Total Space | 159.86 Gb Free Space | 72.44% Space Free | Partition Type: CSC-CACHE Computer Name: NAOMIE | User Name: naomie.page | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall\DomainProfile\RemoteAdminSettings] "Enabled" = 1 "RemoteAddresses" = 192.168.25.51,192.168.25.7,192.168.25.8 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\PublicPr ofile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Firewall Rules] "{0915D6BA-EBEE-46BA-A4ED-E7541963CDDE}" = lport=138 | protocol=17 | dir=in | app=system | "{0BE84617-03F4-4C03-A2AF-7D6075C4FBE9}" = rport=137 | protocol=17 | dir=out | app=system | "{12BBB691-64D8-4328-A72B-242A7D0BA039}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{30CAE9F6-B25B-4CDD-9A3F-953AA29C4446}" = rport=139 | protocol=6 | dir=out | app=system | "{3BCFF933-C7D5-4A15-A02A-BEC23AAAD21B}" = rport=445 | protocol=6 | dir=out | app=system | "{44C82D8A-1CBD-45E5-AC63-737085BC44BC}" = rport=138 | protocol=17 | dir=out | app=system | "{47D2876E-A50F-4365-9E5E-A534D0860D8E}" = lport=445 | protocol=6 | dir=in | app=system | "{63AA1D11-CC1F-4A2A-A8AD-AA1E15815A7C}" = lport=139 | protocol=6 | dir=in | app=system | "{73391D3D-DEF5-4583-B1F2-C8ECB10D0FD0}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{86DB7B83-7BD5-4F61-99AE-3E968C317B66}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{8D436722-D344-4A80-B334-D482025A5972}" = lport=21112 | protocol=6 | dir=in | name=trend micro client/server security agent listener | "{96D31EDB-A4C7-4AFD-B07F-DA827F4F4789}" = lport=137 | protocol=17 | dir=in | app=system | "{A862F118-AB17-4F89-9B4E-EAEC01C88223}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{AF4C1644-6527-4FC6-B76E-872ACCC95B6D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{C6D8CCB7-8A2A-4BBC-834E-70AD48241115}" = lport=21112 | protocol=6 | dir=in | name=trend micro client/server security agent listener | "{E03204FF-7628-4F12-AD32-A096D4C53583}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Firewall Rules] "{1CD1C145-925A-4541-AB36-25C8B131DE68}" = dir=in | app=c:\program files\windows live\mesh\moe.exe | "{250C4786-0F03-4C6D-9BBB-01893B1FFD50}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{2CCCBCAD-E315-43A0-8FCC-85C2539E52B8}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | "{3F26FFC8-2395-448D-A327-95C928526213}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{45140403-0807-4A4E-ABA5-F09A3442C19F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{7FC099B7-BB09-4AE6-8B2D-CD1CEECC0FB4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{AEBA5069-8859-4C3A-8BA7-09156403A9EF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{BE4AB7E8-6226-4C82-9B5B-0855FC40B928}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe | "{DEC5CF8F-67D5-41F9-AD9D-999A56871CA8}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{E3EE5F37-6E0F-4286-B8CC-5526AFF474BC}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd9.exe | "{F25453B1-F90F-4971-85E5-75585BF2B5A7}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | "TCP Query User{A5DD3BA0-496C-43BC-9A5C-A9EC1D34C3AA}C:\program files\microsoft office\office12\outlook.exe" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | "UDP Query User{2A0D4E7F-48C9-4D83-B0CC-AA5F4418C687}C:\program files\microsoft office\office12\outlook.exe" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ==========
|
|
#7
May 9th, 2012, 12:36 PM
|
|||
|
|||
|
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}" = ScanSoft PaperPort 11 "{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software Installer "{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar "{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0CCAF47C-E428-48C2-82B2-5F25CE1D67DA}" = Gemalto "{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources "{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1B7D35ED-B68B-479F-94D7-0D8DF2BBC90E}" = O2Micro Flash Memory Card Windows Driver "{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{20E970DF-A7B2-4345-9DEB-72213A29645E}" = Brother MFL-Pro Suite MFC-6490CW "{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service "{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23 "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{294EAADF-E50F-4DD8-AD8D-19587EA10512}" = Modem Diagnostic Tool "{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer "{2C43790E-8470-1027-82D3-DF319F3C410F}" = Intel(R) Identity Protection Technology 1.0.71.0 "{2EECD5EF-5095-467C-B80C-4AB3096EFD60}" = SPBA 5.9 "{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer "{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Netwaiting "{43CFE88C-A97B-4875-9BCC-E93EC0EEEEA4}" = Dell System Manager "{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources "{4688EB75-28E2-4731-9BCB-55E624F7CD45}" = Dell Backup and Recovery Manager "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4E4E65EE-C456-45AC-B5AD-C62C3A325BD0}" = Dell Data Protection | Access | Drivers "{4E60E212-3177-4B16-BCB3-616CCC52357D}" = Upek Touchchip Fingerprint Reader "{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion "{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module "{560DCF39-61D1-43B0-86DA-5EFF8F7A5144}" = AuthenTec Fingerprint Software "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack "{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup "{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant "{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer "{64973F6A-8754-43D1-BDD0-FC6F0546347B}" = Broadcom NetXtreme-I Netlink Driver and Management Installer "{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3 "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6AC87FB3-ACFC-4416-890C-8976D5A9B371}" = Trusted Drive Manager "{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter "{7206B668-FEE0-455B-BB1F-9B5A2E0EC94A}" = Custom "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{75E0B85A-085F-4BA3-B2BF-1995AFD8024D}" = NTRU TCG Software Stack "{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn "{77C4850C-3592-4A2F-B652-ACB77A1EF77C}" = Bing Bar Platform "{77FDE44F-3564-4E90-B054-68D1A00FEB6D}" = O2Micro OZ776 SCR Driver "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{841CBDD5-4BB5-403E-AEE3-2FADC3890BE8}" = Dell Data Protection | Access | Middleware "{87434D51-51DB-4109-B68F-A829ECDCF380}" = AccelerometerP11 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007 "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{903B0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Project Professional 2003 "{90510409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003 "{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9DAED4FC-2B0E-4F3F-8141-F2ABF02CCFCB}" = BioAPI Framework "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module "{A32F592F-AA0E-49AF-8E85-A0A25AF83314}" = Wave Infrastructure Installer "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A7D91856-258D-4C87-8041-B170851CE432}" = Dell Data Protection | Access "{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5 "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Data Protection | Access "{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1 "{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter "{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{BD3068DE-D53B-4CE8-B2BC-32E1323441CD}" = PC-CCID "{BED0B8A2-2986-49F8-90D6-FA008D37A3D2}" = Trend Micro Client/Server Security Agent "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{C82185E8-C27B-4EF4-2008-4444BC2C2B6D}" = Microsoft Streets & Trips 2008 "{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1 "{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module "{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center "{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter "{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics "{F839C6BD-E92E-48FA-9CE6-7BFAF94F7096}" = DellAccess "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "9512AA21B791B05A54E27065C45BBC417AB282DF" = Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6) "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "D3F88C3864C8C031A7C5D5E63A76571EC1B047DF" = Windows Driver Package - AuthenTec Inc. (ATSwpWDF) Biometric (05/13/2009 8.4.2.0) "DW WLAN Card Utility" = DW WLAN Card Utility "EPSON SX430 Series" = EPSON SX430 Series Printer Uninstall "InstallShield_{1B7D35ED-B68B-479F-94D7-0D8DF2BBC90E}" = O2Micro Flash Memory Card Windows Driver "InstallShield_{77FDE44F-3564-4E90-B054-68D1A00FEB6D}" = O2Micro OZ776 SCR Driver "InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "PROPLUS" = Microsoft Office Professional Plus 2007 "WinLiveSuite" = Windows Live Essentials "WinRAR archiver" = WinRAR archiver ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-109903746-2060566131-3148740645-9127\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall] "Google Chrome" = Google Chrome "GoToMeeting" = GoToMeeting 5.1.0.880 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 5/2/2012 5:40:06 PM | Computer Name = NAOMIE.turbochef.com | Source = Brother BrLog | ID = 1001 Description = STI BrtSTI: [2012/05/02 22:40:06.630]: [00002144]: CUsbScnDev: DeviceIoControl() failed. ErrorCode = 5 Error - 5/2/2012 5:40:36 PM | Computer Name = NAOMIE.turbochef.com | Source = Brother BrLog | ID = 1001 Description = STI BrtSTI: [2012/05/02 22:40:36.984]: [00002144]: CUsbScnDev: DeviceIoControl() failed. ErrorCode = 5 Error - 5/3/2012 3:15:36 AM | Computer Name = NAOMIE.turbochef.com | Source = Brother BrLog | ID = 1001 Description = STI BrtSTI: [2012/05/03 08:15:36.640]: [00002144]: CUsbScnDev: DeviceIoControl() failed. ErrorCode = 5 Error - 5/3/2012 3:15:37 AM | Computer Name = NAOMIE.turbochef.com | Source = Brother BrLog | ID = 1001 Description = STI BrtSTI: [2012/05/03 08:15:37.654]: [00002144]: CUsbScnDev: DeviceIoControl() failed. ErrorCode = 5 Error - 5/3/2012 3:15:38 AM | Computer Name = NAOMIE.turbochef.com | Source = Brother BrLog | ID = 1001 Description = STI BrtSTI: [2012/05/03 08:15:38.685]: [00002144]: CUsbScnDev: DeviceIoControl() failed. ErrorCode = 5 Error - 5/3/2012 3:15:39 AM | Computer Name = NAOMIE.turbochef.com | Source = Brother BrLog | ID = 1001 Description = STI BrtSTI: [2012/05/03 08:15:39.730]: [00002144]: CUsbScnDev: DeviceIoControl() failed. ErrorCode = 5 Error - 5/3/2012 3:16:26 AM | Computer Name = NAOMIE.turbochef.com | Source = EventSystem | ID = 4621 Description = Error - 5/3/2012 4:43:14 AM | Computer Name = NAOMIE.turbochef.com | Source = EventSystem | ID = 4621 Description = Error - 5/8/2012 11:21:01 AM | Computer Name = NAOMIE.turbochef.com | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Error - 5/8/2012 11:49:27 AM | Computer Name = NAOMIE.turbochef.com | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . [ Media Center Events ] Error - 2/29/2012 12:29:20 PM | Computer Name = NAOMIE.turbochef.com | Source = MCUpdate | ID = 0 Description = 4:29:19 PM - Error connecting to the internet. 4:29:19 PM - Unable to contact server.. Error - 2/29/2012 1:29:41 PM | Computer Name = NAOMIE.turbochef.com | Source = MCUpdate | ID = 0 Description = 5:29:41 PM - Error connecting to the internet. 5:29:41 PM - Unable to contact server.. Error - 2/29/2012 11:22:36 PM | Computer Name = NAOMIE.turbochef.com | Source = MCUpdate | ID = 0 Description = 3:22:36 AM - Error connecting to the internet. 3:22:36 AM - Unable to contact server.. Error - 2/29/2012 11:22:45 PM | Computer Name = NAOMIE.turbochef.com | Source = MCUpdate | ID = 0 Description = 3:22:42 AM - Error connecting to the internet. 3:22:42 AM - Unable to contact server.. Error - 3/1/2012 12:23:04 AM | Computer Name = NAOMIE.turbochef.com | Source = MCUpdate | ID = 0 Description = 4:23:04 AM - Error connecting to the internet. 4:23:04 AM - Unable to contact server.. Error - 3/1/2012 12:23:10 AM | Computer Name = NAOMIE.turbochef.com | Source = MCUpdate | ID = 0 Description = 4:23:09 AM - Error connecting to the internet. 4:23:09 AM - Unable to contact server.. Error - 3/1/2012 1:23:29 AM | Computer Name = NAOMIE.turbochef.com | Source = MCUpdate | ID = 0 Description = 5:23:29 AM - Error connecting to the internet. 5:23:29 AM - Unable to contact server.. Error - 3/1/2012 1:23:35 AM | Computer Name = NAOMIE.turbochef.com | Source = MCUpdate | ID = 0 Description = 5:23:35 AM - Error connecting to the internet. 5:23:35 AM - Unable to contact server.. Error - 3/1/2012 2:23:54 AM | Computer Name = NAOMIE.turbochef.com | Source = MCUpdate | ID = 0 Description = 6:23:54 AM - Error connecting to the internet. 6:23:54 AM - Unable to contact server.. Error - 3/1/2012 2:24:00 AM | Computer Name = NAOMIE.turbochef.com | Source = MCUpdate | ID = 0 Description = 6:24:00 AM - Error connecting to the internet. 6:24:00 AM - Unable to contact server.. [ OSession Events ] Error - 7/27/2011 2:58:20 AM | Computer Name = NAOMIE.turbochef.com | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 171106 seconds with 12240 seconds of active time. This session ended with a crash. Error - 8/8/2011 4:07:49 AM | Computer Name = NAOMIE.turbochef.com | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 195 seconds with 0 seconds of active time. This session ended with a crash. Error - 2/10/2012 6:48:24 AM | Computer Name = NAOMIE.turbochef.com | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 803 seconds with 60 seconds of active time. This session ended with a crash. Error - 2/10/2012 6:49:13 AM | Computer Name = NAOMIE.turbochef.com | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 25 seconds with 0 seconds of active time. This session ended with a crash. Error - 3/28/2012 5:20:07 AM | Computer Name = NAOMIE.turbochef.com | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6316.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 155860 seconds with 11940 seconds of active time. This session ended with a crash. [ System Events ] Error - 2/23/2012 6:14:14 AM | Computer Name = NAOMIE.turbochef.com | Source = Microsoft-Windows-GroupPolicy | ID = 1054 Description = The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly. Error - 2/23/2012 6:15:20 AM | Computer Name = NAOMIE.turbochef.com | Source = RasSstp | ID = 1 Description = Error - 2/23/2012 6:53:42 PM | Computer Name = NAOMIE.turbochef.com | Source = Microsoft-Windows-GroupPolicy | ID = 1129 Description = The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator. Error - 2/23/2012 11:03:04 PM | Computer Name = NAOMIE.turbochef.com | Source = Microsoft-Windows-GroupPolicy | ID = 1129 Description = The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator. Error - 2/24/2012 12:55:13 AM | Computer Name = NAOMIE.turbochef.com | Source = NETLOGON | ID = 5719 Description = This computer was not able to set up a secure session with a domain controller in domain TURBOCHEF_TECH due to the following: %%1311 This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain. Error - 2/24/2012 2:27:56 AM | Computer Name = NAOMIE.turbochef.com | Source = Service Control Manager | ID = 7001 Description = The NTRU TSS v1.2.1.34 TCS service depends on the TPM Base Services service which failed to start because of the following error: %%0 Error - 2/24/2012 2:28:11 AM | Computer Name = NAOMIE.turbochef.com | Source = NETLOGON | ID = 5719 Description = This computer was not able to set up a secure session with a domain controller in domain TURBOCHEF_TECH due to the following: %%1311 This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain. Error - 2/24/2012 2:28:21 AM | Computer Name = NAOMIE.turbochef.com | Source = Microsoft-Windows-GroupPolicy | ID = 1129 Description = The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator. Error - 2/24/2012 2:30:07 AM | Computer Name = NAOMIE.turbochef.com | Source = Microsoft-Windows-GroupPolicy | ID = 1129 Description = The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator. Error - 2/24/2012 2:30:43 AM | Computer Name = NAOMIE.turbochef.com | Source = Server | ID = 2505 Description = The server could not bind to the transport \Device\NetBT_Tcpip_{AE4E522F-B952-41B0-A4B2-B50105F8A256} because another computer on the network has the same name. The server could not start. < End of report >
|
|
#8
May 9th, 2012, 12:38 PM
|
|||
|
|||
|
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-05-09 11:42:02 Windows 6.1.7600 Running: hno1b4yi.exe; Driver: C:\Users\NAOMIE~1.PAG\AppData\Local\Temp\pwldqpoc. sys ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82096A19 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 820D0352 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Internet Explorer\iexplore.exe[936] USER32.dll!CreateWindowExW 75B00E51 5 Bytes JMP 6FCE811F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[936] USER32.dll!DialogBoxIndirectParamW 75B24AA7 5 Bytes JMP 6FE101E0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[936] USER32.dll!DialogBoxParamW 75B2564A 5 Bytes JMP 6FC04B87 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[936] USER32.dll!DialogBoxParamA 75B3CF6A 5 Bytes JMP 6FE1017D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[936] USER32.dll!DialogBoxIndirectParamA 75B3D29C 5 Bytes JMP 6FE10243 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[936] USER32.dll!MessageBoxIndirectA 75B4E8C9 5 Bytes JMP 6FE10112 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[936] USER32.dll!MessageBoxIndirectW 75B4E9C3 5 Bytes JMP 6FE100A7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[936] USER32.dll!MessageBoxExA 75B4EA29 5 Bytes JMP 6FE10045 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[936] USER32.dll!MessageBoxExW 75B4EA4D 5 Bytes JMP 6FE0FFE3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1376] USER32.dll!UnhookWindowsHookEx 75AFCC7B 5 Bytes JMP 6FCF8352 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1376] USER32.dll!CallNextHookEx 75AFCC8F 5 Bytes JMP 6FCD9D30 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1376] USER32.dll!CreateWindowExW 75B00E51 5 Bytes JMP 6FCE811F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1376] USER32.dll!SetWindowsHookExW 75B0210A 5 Bytes JMP 6FC9460B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1376] USER32.dll!DialogBoxIndirectParamW 75B24AA7 5 Bytes JMP 6FE101E0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1376] USER32.dll!DialogBoxParamW 75B2564A 5 Bytes JMP 6FC04B87 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1376] USER32.dll!DialogBoxParamA 75B3CF6A 5 Bytes JMP 6FE1017D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1376] USER32.dll!DialogBoxIndirectParamA 75B3D29C 5 Bytes JMP 6FE10243 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1376] USER32.dll!MessageBoxIndirectA 75B4E8C9 5 Bytes JMP 6FE10112 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1376] USER32.dll!MessageBoxIndirectW 75B4E9C3 5 Bytes JMP 6FE100A7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1376] USER32.dll!MessageBoxExA 75B4EA29 5 Bytes JMP 6FE10045 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1376] USER32.dll!MessageBoxExW 75B4EA4D 5 Bytes JMP 6FE0FFE3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1376] ole32.dll!OleLoadFromStream 77545BF6 5 Bytes JMP 6FE10533 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1376] ole32.dll!CoCreateInstance 7759590C 5 Bytes JMP 6FCE8C0D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1692] USER32.dll!UnhookWindowsHookEx 75AFCC7B 5 Bytes JMP 6FCF8352 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1692] USER32.dll!CallNextHookEx 75AFCC8F 5 Bytes JMP 6FCD9D30 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1692] USER32.dll!CreateWindowExW 75B00E51 5 Bytes JMP 6FCE811F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1692] USER32.dll!SetWindowsHookExW 75B0210A 5 Bytes JMP 6FC9460B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1692] USER32.dll!DialogBoxIndirectParamW 75B24AA7 5 Bytes JMP 6FE101E0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1692] USER32.dll!DialogBoxParamW 75B2564A 5 Bytes JMP 6FC04B87 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1692] USER32.dll!DialogBoxParamA 75B3CF6A 5 Bytes JMP 6FE1017D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1692] USER32.dll!DialogBoxIndirectParamA 75B3D29C 5 Bytes JMP 6FE10243 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1692] USER32.dll!MessageBoxIndirectA 75B4E8C9 5 Bytes JMP 6FE10112 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1692] USER32.dll!MessageBoxIndirectW 75B4E9C3 5 Bytes JMP 6FE100A7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1692] USER32.dll!MessageBoxExA 75B4EA29 5 Bytes JMP 6FE10045 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1692] USER32.dll!MessageBoxExW 75B4EA4D 5 Bytes JMP 6FE0FFE3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1692] ole32.dll!OleLoadFromStream 77545BF6 5 Bytes JMP 6FE10533 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1692] ole32.dll!CoCreateInstance 7759590C 5 Bytes JMP 6FCE8C0D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) Device \Driver\ACPI_HAL \Device\0000004e halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
|
|
#9
May 9th, 2012, 12:47 PM
|
|||
|
|||
|
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-05-09 11:59:51 ----------------------------- 11:59:51.200 OS Version: Windows 6.1.7600 11:59:51.200 Number of processors: 4 586 0x2A07 11:59:51.200 ComputerName: NAOMIE UserName: 11:59:51.871 Initialize success 12:03:52.704 AVAST engine defs: 12050900 12:06:48.423 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 12:06:48.423 Disk 0 Vendor: WDC_WD25 01.0 Size: 238475MB BusType: 3 12:06:48.563 Disk 0 MBR read successfully 12:06:48.563 Disk 0 MBR scan 12:06:48.563 Disk 0 Windows VISTA default MBR code 12:06:48.563 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63 12:06:48.610 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 12444 MB offset 81920 12:06:48.657 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 225988 MB offset 25567232 12:06:48.704 Disk 0 scanning sectors +488390656 12:06:49.031 Disk 0 scanning C:\Windows\system32\drivers 12:07:00.357 Service scanning 12:07:14.022 Modules scanning 12:07:21.869 Disk 0 trace - called modules: 12:07:21.885 ntkrnlpa.exe CLASSPNP.SYS disk.sys stdcfltn.sys ACPI.sys halmacpi.dll iaStor.sys 12:07:21.916 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85f82030] 12:07:21.916 3 CLASSPNP.SYS[8b3ca59e] -> nt!IofCallDriver -> [0x85f81728] 12:07:21.916 5 stdcfltn.sys[8b5e0896] -> nt!IofCallDriver -> [0x85849848] 12:07:21.916 7 ACPI.sys[8acb43b2] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85435028] 12:07:22.665 AVAST engine scan C:\Windows 12:07:24.740 AVAST engine scan C:\Windows\system32 12:24:39.926 AVAST engine scan C:\Windows\system32\drivers 12:24:47.898 AVAST engine scan C:\Users\naomie.page 12:24:48.179 File: C:\Users\naomie.page\AppData\Local\060a2fc6.exe **INFECTED** Win32:FakeSysdefs-C [Trj] 12:24:48.272 File: C:\Users\naomie.page\AppData\Local\060bfc96.exe **INFECTED** Win32  ropper-gen [Drp]12:24:48.382 File: C:\Users\naomie.page\AppData\Local\060e0efd.exe **INFECTED** Win32:FakeSysdefs-C [Trj] 12:27:10.264 File: C:\Users\naomie.page\AppData\Local\Temp\2893ghd14h .tmp **INFECTED** Win32 ropper-gen [Drp]12:27:46.955 File: C:\Users\naomie.page\AppData\Local\Temp\networkToo lHelper.dll **INFECTED** Win32:Agent-GPS [Trj] 12:27:48.375 File: C:\Users\naomie.page\AppData\Local\Temp\TGgCDWf4Vn Gy1p.exe.tmp **INFECTED** Win32:FakeSysdefs-C [Trj] 12:27:57.516 File: C:\Users\naomie.page\AppData\Local\urlmon.exe **INFECTED** Win32 ownloader-OGA [Trj]12:28:48.700 AVAST engine scan C:\ProgramData 12:28:49.106 File: C:\ProgramData\Durm03sLBPFVcb.exe **INFECTED** Win32:FakeSysdefs-C [Trj] 12:29:14.487 File: C:\ProgramData\nMQsPVYoUn.exe **INFECTED** Win32:FakeSysdefs-C [Trj] 12:29:20.415 Scan finished successfully 12:34:22.166 Disk 0 MBR has been saved successfully to "U:\My Documents\Desktop\MBR.dat" 12:34:22.166 The log file has been saved successfully to "U:\My Documents\Desktop\aswMBR.txt" 12:34:29.202 Disk 0 MBR has been saved successfully to "E:\MBR.dat" 12:34:29.217 The log file has been saved successfully to "E:\aswMBR.txt"
|
|
#10
May 10th, 2012, 12:28 AM
|
||||
|
||||
|
Be sure to continue to temporarily disable any protective software when running the scan tools we use here.
Download ComboFix.exe from here to your desktop, then click that to run that scan. Agree to any warnings you might receive. A caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Allow the scan to run. When completed a text window will appear - please copy/paste the contents back here. This log can also be found at C:\ComboFix.txt.
|
|
#11
May 10th, 2012, 08:36 AM
|
|||
|
|||
|
ComboFix 12-05-09.01 - naomie.page 05/10/2012 8:21.1.4 - x86 NETWORK
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3241.2627 [GMT 1:00] Running from: u:\my documents\Desktop\ComboFix.exe AV: Trend Micro Client/Server Security Agent Antivirus *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902} FW: Trend Micro Personal Firewall *Disabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B} SP: Trend Micro Client/Server Security Agent Anti-spyware *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\Install.exe c:\programdata\Durm03sLBPFVcb c:\users\naomie.page\AppData\Local\060a2fc6.exe c:\users\naomie.page\AppData\Local\060bfc96.exe c:\users\naomie.page\AppData\Local\060e0efd.exe c:\users\naomie.page\AppData\Local\urlmon.exe c:\users\naomie.page\g2mdlhlpx.exe c:\windows\system32\drivers\npf.sys c:\windows\system32\instsrv.exe . . ((((((((((((((((((((((((( Files Created from 2012-04-10 to 2012-05-10 ))))))))))))))))))))))))))))))) . . 2012-05-10 07:26 . 2012-05-10 07:26 -------- d-----w- c:\users\naomie.page\AppData\Local\temp 2012-05-10 07:26 . 2012-05-10 07:26 -------- d-----w- c:\users\seckag\AppData\Local\temp 2012-05-10 07:26 . 2012-05-10 07:26 -------- d-----w- c:\users\itdallas\AppData\Local\temp 2012-05-10 07:26 . 2012-05-10 07:26 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-05-10 07:13 . 2012-05-10 07:13 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3DADAC94-1485-485B-B768-3EEA1613BA95}\offreg.dll 2012-05-03 07:35 . 2012-05-03 07:35 -------- d-----w- c:\users\naomie.page\AppData\Local\ElevatedDiagnos tics 2012-05-03 07:22 . 2012-05-03 07:22 244224 ---ha-w- c:\programdata\Durm03sLBPFVcb.exe 2012-05-02 17:39 . 2012-05-02 17:02 328704 ---ha-w- c:\programdata\nMQsPVYoUn.exe 2012-04-30 07:36 . 2012-04-13 07:36 6734704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3DADAC94-1485-485B-B768-3EEA1613BA95}\mpengine.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2012-03-02 15:32 . 2012-01-08 13:44 737072 ---ha-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\S portsTemplateCore\Microsoft.MediaCenter.Sports.UI. dll 2012-03-02 15:32 . 2012-01-08 13:44 4283672 ---ha-w- c:\programdata\Microsoft\eHome\Packages\MCEClientU X\UpdateableMarkup\markup.dll 2012-03-02 15:31 . 2012-01-08 13:44 42776 ---ha-w- c:\programdata\Microsoft\eHome\Packages\MCEClientU X\dSM\StartResources.dll 2012-03-02 15:31 . 2012-03-02 15:31 539984 ---ha-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlig ht\MCESpotlight-2\SpotlightResources.dll 2012-02-24 21:58 . 2012-02-24 21:58 162664 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm1 0140.bin 2012-02-23 09:18 . 2011-05-04 15:12 237072 ------w- c:\windows\system32\MpSigStub.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\En abledUnlockedFDEIconOverlay] @="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}" [HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}] 2010-10-16 21:10 119664 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Un initializedFdeIconOverlay] @="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}" [HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}] 2010-10-16 21:10 119664 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe " [2009-07-14 51712] "nMQsPVYoUn.exe"="c:\programdata\nMQsPVYoUn.ex e" [2012-05-02 328704] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-01-05 488816] "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-12-08 536668] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-14 143384] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-01-14 177176] "Persistence"="c:\windows\system32\igfxpers.ex e" [2011-01-14 178200] "Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2011-01-15 5955072] "FreeFallProtection"="c:\program files\STMicroelectronics\AccelerometerP11\FF_Prote ction.exe" [2010-12-15 686704] "RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336] "PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2010-04-29 50472] "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112] "Desktop Disc Tool"="c:\program files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544] "Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568] "OfficeScanNT Monitor"="c:\program files\Trend Micro\Client Server Security Agent\pccntmon.exe" [2010-06-25 1099088] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "DBRMTray"="c:\dell\DBRM\Reminder\DbrmTrayIcon.exe " [2010-05-20 206336] "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472] "PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-09 29984] "IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-09 46368] "PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992] "BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168] "ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688] "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnce] "DBRMTray"="c:\dell\DBRM\Reminder\TrayApp.exe" [2010-02-04 7168] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Dell System Manager.lnk - c:\program files\Dell\Dell System Manager\DCPSysMgr.exe [2011-1-20 1459056] Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2011-4-13 50688] PDFCreator.lnk - c:\program files\PDFCreator\PDFCreator.exe [2011-5-4 2641920] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "DisableCAD"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\spba] 2010-09-15 16:11 1971536 ----a-w- c:\program files\Common Files\SPBA\homefus2.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp Authentication Packages REG_MULTI_SZ msv1_0 wvauth . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . R2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [2009-03-03 81920] R2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [2010-05-10 1803584] R2 BrcmMgmtAgent;Broadcom Management Agent;c:\program files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [2010-06-29 127488] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 dcpsysmgrsvc;Dell System Manager Service;c:\program files\Dell\Dell System Manager\DCPSysMgrSvc.exe [2011-01-20 388464] R2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files\Intel\Services\IPT\jhi_service.exe [2010-11-29 210896] R2 O2SDIOAssist;O2SDIOAssist;c:\windows\system32\srva ny.exe [2003-04-19 8192] R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632] R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368] R2 svcGenericHost;Trend Micro Client/Server Security Agent;c:\program files\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [2010-07-05 45056] R2 TmFilter;Trend Micro Filter;c:\program files\Trend Micro\Client Server Security Agent\TmXPFlt.sys [2010-05-11 230928] R2 TmPreFilter;Trend Micro PreFilter;c:\program files\Trend Micro\Client Server Security Agent\TmPreFlt.sys [2010-05-11 36368] R2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\DRIVERS\tmwfp.sys [2009-07-15 283152] R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-03 2656280] R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 269824] R3 O2MDFRDR;O2MDFRDR;c:\windows\system32\DRIVERS\O2MD Fw7.sys [2011-01-04 60904] R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656] R3 TmPfw;Trend Micro Client/Server Security Agent Personal Firewall;c:\program files\Trend Micro\Client Server Security Agent\TmPfw.exe [2009-07-15 497008] R3 TmProxy;Trend Micro Client/Server Security Agent Proxy Service;c:\program files\Trend Micro\Client Server Security Agent\TmProxy.exe [2009-07-15 689416] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-06 1343400] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040] S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn .sys [2010-08-20 17648] S1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\DRIVERS\tmlwf.sys [2009-07-15 146448] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2010-12-13 43888] S3 MEI;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECI.sys [2010-10-19 41088] S3 O2MDRRDR;O2MDRRDR;c:\windows\system32\DRIVERS\O2MD Rw7.sys [2011-01-04 62440] S3 O2SDJRDR;O2SDJRDR;c:\windows\system32\DRIVERS\o2sd jw7.sys [2011-01-04 63848] . . Contents of the 'Scheduled Tasks' folder . 2012-05-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-109903746-2060566131-3148740645-9127Core.job - c:\users\naomie.page\AppData\Local\Google\Update\G oogleUpdate.exe [2012-03-26 09:34] . 2012-05-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-109903746-2060566131-3148740645-9127UA.job - c:\users\naomie.page\AppData\Local\Google\Update\G oogleUpdate.exe [2012-03-26 09:34] . 2012-05-03 c:\windows\Tasks\{A694391C-97A0-4024-AE14-F79D79221538}.job - c:\users\naomie.page\appdata\local\google\chrome\a pplication\chrome.exe [2012-03-26 02:07] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.co.uk/ IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.0.1 . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) HKCU-Run-urlmon - c:\users\naomie.page\AppData\Local\urlmon.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PC W\Security] @Denied: (Full) (Everyone) . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'lsass.exe'(588) c:\windows\system32\wvauth.DLL . Completion time: 2012-05-10 08:28:22 ComboFix-quarantined-files.txt 2012-05-10 07:28 . Pre-Run: 171,394,179,072 bytes free Post-Run: 172,054,331,392 bytes free . - - End Of File - - 16491873569B1421F7FB0D6716BA1675
|
|
#13
May 14th, 2012, 12:28 PM
|
|||
|
|||
|
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-05-14 09:38:35 ----------------------------- 09:38:35.653 OS Version: Windows 6.1.7600 09:38:35.653 Number of processors: 4 586 0x2A07 09:38:35.654 ComputerName: NAOMIE UserName: 09:38:36.488 Initialize success 09:42:50.098 AVAST engine defs: 12051400 09:45:50.403 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 09:45:50.403 Disk 0 Vendor: WDC_WD25 01.0 Size: 238475MB BusType: 3 09:45:50.419 Disk 0 MBR read successfully 09:45:50.435 Disk 0 MBR scan 09:45:50.435 Disk 0 Windows VISTA default MBR code 09:45:50.450 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63 09:45:50.466 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 12444 MB offset 81920 09:45:50.497 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 225988 MB offset 25567232 09:45:50.497 Disk 0 scanning sectors +488390656 09:45:50.591 Disk 0 scanning C:\Windows\system32\drivers 09:45:57.408 Service scanning 09:46:12.602 Modules scanning 09:46:18.780 Disk 0 trace - called modules: 09:46:18.811 ntkrnlpa.exe CLASSPNP.SYS disk.sys stdcfltn.sys ACPI.sys halmacpi.dll iaStor.sys 09:46:18.811 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87bb3030] 09:46:18.811 3 CLASSPNP.SYS[8bfb959e] -> nt!IofCallDriver -> [0x87bb2740] 09:46:18.811 5 stdcfltn.sys[8c1f8896] -> nt!IofCallDriver -> [0x860b53d0] 09:46:18.827 7 ACPI.sys[8b84f3b2] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8606c028] 09:46:19.700 AVAST engine scan C:\Windows 09:46:21.993 AVAST engine scan C:\Windows\system32 09:48:06.404 AVAST engine scan C:\Windows\system32\drivers 09:48:14.719 AVAST engine scan C:\Users\naomie.page 09:49:47.118 Disk 0 MBR has been saved successfully to "U:\My Documents\Desktop\MBR.dat" 09:49:47.430 The log file has been saved successfully to "U:\My Documents\Desktop\14.05.12 - aswMBR.txt"
|
|
#14
May 14th, 2012, 12:30 PM
|
|||
|
|||
|
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-05-14 12:29:58 Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD25 rev.01.0 Running: tkfxxf34.exe; Driver: C:\Users\NAOMIE~1.PAG\AppData\Local\Temp\pwldqpoc. sys ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82C8CA19 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82CC6352 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} ? C:\Users\NAOMIE~1.PAG\AppData\Local\Temp\aswMBR.sy s The system cannot find the file specified. ! ---- User code sections - GMER 1.0.15 ---- .text C:\Users\naomie.page\AppData\Local\Google\Chrome\A pplication\chrome.exe[1672] ntdll.dll!NtCreateFile + 6 778A47F6 4 Bytes [28, 00, 36, 00] .text C:\Users\naomie.page\AppData\Local\Google\Chrome\A pplication\chrome.exe[1672] ntdll.dll!NtCreateFile + B 778A47FB 1 Byte [E2] .text C:\Users\naomie.page\AppData\Local\Google\Chrome\A pplication\chrome.exe[1672] ntdll.dll!NtMapViewOfSection + 6 778A4E56 1 Byte [28] .text C:\Users\naomie.page\AppData\Local\Google\Chrome\A pplication\chrome.exe[1672] ntdll.dll!NtMapViewOfSection + 6 778A4E56 4 Bytes [28, 03, 36, 00] .text C:\Users\naomie.page\AppData\Local\Google\Chrome\A pplication\chrome.exe[1672] ntdll.dll!NtMapViewOfSection + B 778A4E5B 1 Byte [E2] .text C:\Users\naomie.page\AppData\Local\Google\Chrome\A pplication\chrome.exe[1672] ntdll.dll!NtOpenFile + 6 778A4F06 4 Bytes [68, 00, 36, 00] .text C:\Users\naomie.page\AppData\Local\Google\Chrome\A pplication\chrome.exe[1672] ntdll.dll!NtOpenFile + B 778A4F0B 1 Byte [E2] .text C:\Users\naomie.page\AppData\Local\Google\Chrome\A pplication\chrome.exe[1672] ntdll.dll!NtOpenProcess + 6 778A4FB6 4 Bytes [A8, 01, 36, 00] .text C:\Users\naomie.page\AppData\Local\Google\Chrome\A pplication\chrome.exe[1672] ntdll.dll!NtOpenProcess + B 778A4FBB 1 Byte [E2] .text C:\Users\naomie.page\AppData\Local\Google\Chrome\A pplication\chrome.exe[1672] ntdll.dll!NtOpenProcessToken + 6 778A4FC6 4 Bytes CALL 768A85CC .text C:\Users\naomie.page\AppData\Local\Google\Chrome\A pplication\chrome.exe[1672] ntdll.dll!NtOpenProcessToken + B 778A4FCB 1 Byte [E2] .text C:\Users\naomie.page\AppData\Local\Google\Chrome\A pplication\chrome.exe[1672] ntdll.dll!NtOpenProcessTokenEx + 6 778A4FD6 4 Bytes [A8, 02, 36, 00] .text C:\Users\naomie.page\AppData\Local\Google\Chrome\A pplication\chrome.exe[1672] ntdll.dll!NtOpenProcessTokenEx + B 778A4FDB 1 Byte [E2] .text C:\Users\naomie.page\AppData\Local\Google\Chrome\A pplication\chrome.exe[1672] ntdll.dll!NtOpenThread + 6 778A5036 4 Bytes [68, 01, 36, 00] .text C:\Users\naomie.page\AppData\Local\Google\Chrome\A pplication\chrome.exe[1672] ntdll.dll!NtOpenThread + B 778A503B 1 Byte [E2] .text C:\Users\naomie.page\AppData\Local\Google\Chrome\A pplication\chrome.exe[1672] ntdll.dll!NtOpenThreadToken + 6 778A5046 4 Bytes [68, 02, 36, 00] .text C:\Users\naomie.page\AppData\Local\Google\Chrome\A pplication\chrome.exe[1672] ntdll.dll!NtOpenThreadToken + B 778A504B 1 Byte [E2] .text C:\Users\naomie.page\AppData\Local\Google\Chrome\A pplication\chrome.exe[1672] ntdll.dll!NtOpenThreadTokenEx + 6 778A5056 4 Bytes CALL 768A865D .text C:\Users\naomie.page\AppData\Local\Google\Chrome\A pplication\chrome.exe[1672] ntdll.dll!NtOpenThreadTokenEx + B 778A505B 1 Byte [E2] .text C:\Users\naomie.page\AppData\Local\Google\Chrome\A pplication\chrome.exe[1672] ntdll.dll!NtQueryAttributesFile + 6 778A5166 4 Bytes [A8, 00, 36, 00] .text C:\Users\naomie.page\AppData\Local\Google\Chrome\A pplication\chrome.exe[1672] ntdll.dll!NtQueryAttributesFile + B 778A516B 1 Byte [E2] .text C:\Users\naomie.page\AppData\Local\Google\Chrome\A pplication\chrome.exe[1672] ntdll.dll!NtQueryFullAttributesFile + 6 778A5216 4 Bytes CALL 768A881B .text C:\Users\naomie.page\AppData\Local\Google\Chrome\A pplication\chrome.exe[1672] ntdll.dll!NtQueryFullAttributesFile + B 778A521B 1 Byte [E2] .text C:\Users\naomie.page\AppData\Local\Google\Chrome\A pplication\chrome.exe[1672] ntdll.dll!NtSetInformationFile + 6 778A5866 4 Bytes [28, 01, 36, 00] .text C:\Users\naomie.page\AppData\Local\Google\Chrome\A pplication\chrome.exe[1672] ntdll.dll!NtSetInformationFile + B 778A586B 1 Byte [E2] .text C:\Users\naomie.page\AppData\Local\Google\Chrome\A pplication\chrome.exe[1672] ntdll.dll!NtSetInformationThread + 6 778A58C6 4 Bytes [28, 02, 36, 00] .text C:\Users\naomie.page\AppData\Local\Google\Chrome\A pplication\chrome.exe[1672] ntdll.dll!NtSetInformationThread + B 778A58CB 1 Byte [E2] .text C:\Users\naomie.page\AppData\Local\Google\Chrome\A pplication\chrome.exe[1672] ntdll.dll!NtUnmapViewOfSection + 6 778A5BE6 1 Byte [68] .text C:\Users\naomie.page\AppData\Local\Google\Chrome\A pplication\chrome.exe[1672] ntdll.dll!NtUnmapViewOfSection + 6 778A5BE6 4 Bytes [68, 03, 36, 00] .text C:\Users\naomie.page\AppData\Local\Google\Chrome\A pplication\chrome.exe[1672] ntdll.dll!NtUnmapViewOfSection + B 778A5BEB 1 Byte [E2] ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe[4908] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75905E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation) IAT C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe[4908] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75905E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation) IAT C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe[4908] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75905E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation) IAT C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe[4908] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75905E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation) IAT C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe[4908] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75905E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation) IAT C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe[4908] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75905E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\tdx \Device\Tcp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) Device \Driver\ACPI_HAL \Device\0000004f halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Udp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.) AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- EOF - GMER 1.0.15 ----
|
|
#15
May 14th, 2012, 11:48 PM
|
||||
|
||||
|
Looking good, though just don't know what those Chrome items are that now shows in the Gmer scan log.
Be sure to continue to temporarily disable any protective software when running the scan tools we use here. Open and update Malwarebytes. * If an update is found, it will download and install the latest version. * Once the program has loaded, select "Perform quick scan", then click Scan. * The scan may take some time to finish,so please be patient. * When the scan is complete, click OK, then Show Results to view the results. * Make sure that everything is checked, and click Remove Selected. * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. * The log is automatically saved by Malwarebytes and can be viewed by clicking the Logs tab in Malwarebytes. * Copy and Paste the entire report in your next reply. If it calls for a reboot to complete the repairs do that as well then. --------------- Disable your antivirus program and click here and download the esetsmartinstaller_enu.exe Eset installer. Then click that file to run the scanner. If you accept the Terms of Use, check the box and click Start. It will take a couple minutes for the scanner to get ready. When the Computer scan settings display shows, check the following boxes: Remove found threats Scan unwanted applications Next to "Current scan targets: Operating memory, Local drives", click the "Change" word. Make sure you place a check next to all disk drives, including any external drives that are attached (no need to check off the floppy or DVD/CD-Rom drives). Then click the Advanced option, the place a check next to the following (if it is not already checked): Enable Anti-Stealth technology Click Start. This scan may take a while, so please be patient. If infection is found, at the end of the scan click "List of found threats". In that display, at the bottom, select the option to save the results as a text file, and save that to your desktop. Post that back here please. Post that log and the Malwarebytes log please.
|
 |
| Bookmarks |
«
Previous Topic
|
Next Topic
»
| Topic Tools | |
|
|
All times are GMT +1. The time now is 08:44 PM.
