System unstable, I got a phone call from "Microsoft" (yeah!) to help me Part 1/2

View previous topic View next topic Go down

System unstable, I got a phone call from "Microsoft" (yeah!) to help me Part 1/2

Post by yfournier on 25th August 2011, 2:02 pm

This is part 1/2 since the logs are to long and I am not able to enter all in one post.

Hi,

A friend of mine got great help from you guys, it's why I am trying my luck!

Here's my problem. Usually, I don't have any trouble protecting myself since I am very aware of what not to do to get infected. But this computer is used mainly by my wife and my 4 kids. Maybe they done something...! My system hangs randomly since 2-3 weeks. It started as trouble to reach our file server (ip conflict). Reparing of the network connection usually does the job. If not, reboting the router would be the answer. But now, the computer is acting weird. Time to time, I ear the inside speaker giving a beep like when the old antivirus was warning ourselves that there was somethings wrong. After that, I can't open anything. The system is running, but any program I try to open just doesn't work. I am also redirected to "[You must be registered and logged in to see this link.] time to time. If I try to open the run command, the keyboard seam very very slow. I can restart the computer in safe mode with networking and everythings work fine for a long period.

I tried to restore to many older points, but none of them worked.

I passed many tools (avira, antimalwarebyte, spybot, combofix, housecall) and cleaned a little bit with hijackthis. I did remove a lot of trojan/virus, but I seem to get the same problems (system working for a while, but as soon as nobody is using it, we can't start anything.

During those last weeks, someone called many times with the phone number "unavailable". It was always haging before I could talked to someone. But on aug 22, I got the call again and the guy told me he was calling from microsoft to help me fix my computer. I laughed and I asked many questions about my personnal info (wich computer was under problem (I have 5), wich version of windows, my validation key, my activation date). Anyway, of course he did not have any of those info, but he had my ip and adress and telephone. I asked a number where I can call back, and he gave me 315-636-0916 (wich is bad) and he passed me his supervisor. He told me the compagny was working in conjunction with microsoft and it's why he did not have any more info about my system. The compagny is [You must be registered and logged in to see this link.] He wanted me click run and enter some commands. I laughed and he cut the line! What a scam... Good things my wife did not got the call! Since then , I am more worried about fixing this computer.

I was to reformat and reinstall windows, but maybe you can help me? Thanks so much in advance, here are my logs. Note that I was able to get everything except extras.txt. But I got only this one while running in safemode, it's still fine?

OTL logfile created on: 2011-08-25 09:55:53 - Run 3
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Documents and Settings\Yanick\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000C0C | Country: Canada | Language: FRC | Date Format: yyyy-MM-dd

3,25 Gb Total Physical Memory | 2,35 Gb Available Physical Memory | 72,47% Memory free
5,09 Gb Paging File | 4,17 Gb Available in Paging File | 81,93% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465,75 Gb Total Space | 399,00 Gb Free Space | 85,67% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive E: | 4,06 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: CUISINE | User Name: Yanick | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011-08-25 08:38:45 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Yanick\Desktop\OTL.com
PRC - [2011-06-28 13:59:17 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011-04-27 12:24:07 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010-11-02 09:16:41 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010-05-21 00:58:48 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010-05-21 00:58:46 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2010-01-14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009-03-25 18:07:10 | 000,926,720 | ---- | M] (LX London) -- C:\BandwidthMeter\BandwidthMeter.exe
PRC - [2009-03-05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2006-07-12 05:58:02 | 001,397,760 | ---- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCD.exe
PRC - [2005-07-08 18:24:46 | 000,871,424 | ---- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCDsrv.exe
PRC - [2004-11-02 21:24:46 | 000,032,768 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
PRC - [2004-08-03 18:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2011-03-21 17:30:06 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010-10-14 11:38:39 | 011,797,504 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\d987cf1de4ba688da92e212a374232c2\System.Web.ni.dll
MOD - [2010-10-14 11:37:50 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\631b3eba1ba5bd3c3f027f34011cadeb\System.Configuration.ni.dll
MOD - [2010-10-14 11:37:46 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\e63d6d26b8a664cfdfbd4ad75e03c14d\Accessibility.ni.dll
MOD - [2010-10-14 09:16:08 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\563a54b98adb70fae862974042298348\System.Xml.ni.dll
MOD - [2010-10-14 09:16:04 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\2dfe045e4b1577fdea9a2f456db0afc2\System.Windows.Forms.ni.dll
MOD - [2010-10-14 09:15:56 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\f3440ea00eb3c40dc073b2fe03843638\System.Drawing.ni.dll
MOD - [2010-10-14 09:15:07 | 007,949,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\37217abe2c5164e59aba251860f4c79e\System.ni.dll
MOD - [2010-10-14 09:15:03 | 011,486,720 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\7124a40b9998f7b63c86bd1a2125ce26\mscorlib.ni.dll
MOD - [2010-10-14 09:12:52 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2010-08-25 21:44:50 | 000,270,336 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2010-08-10 00:01:06 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010-08-04 15:58:06 | 000,016,384 | R--- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
MOD - [2010-05-04 15:36:28 | 000,970,752 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2010-03-16 12:22:12 | 000,014,848 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AxInterop.WBOCXLib.dll
MOD - [2010-01-28 13:57:58 | 000,355,688 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll


========== Win32 Services (SafeList) ==========

SRV - [2011-06-28 13:59:17 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011-04-27 12:24:07 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010-07-01 11:38:26 | 000,083,512 | ---- | M] (ArcSoft, Inc.) [Disabled | Stopped] -- C:\Documents and Settings\Yanick\Application Data\HP SimpleSave Application\uUACTokenSvc.exe -- (BackupService)
SRV - [2010-03-04 23:38:00 | 000,071,096 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2005-07-08 18:24:46 | 000,871,424 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrv)


========== Driver Services (SafeList) ==========

DRV - [2011-06-28 13:59:17 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011-06-28 13:59:17 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011-04-28 22:16:24 | 000,580,096 | ---- | M] (Line 6) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L6PODHD5.sys -- (L6PODHD5)
DRV - [2011-02-15 23:29:39 | 000,094,208 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ezplay.sys -- (ezplay)
DRV - [2010-08-25 23:33:38 | 005,386,752 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2010-01-11 18:00:10 | 002,106,880 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2009-11-12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009-07-28 16:55:00 | 000,143,360 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009-05-11 12:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009-05-11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008-06-01 03:13:10 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (npf)
DRV - [2007-07-20 18:40:10 | 000,084,992 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2007-05-09 22:51:34 | 000,041,888 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007-05-09 22:47:00 | 001,276,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2007-02-06 09:27:02 | 000,185,728 | ---- | M] (Hauppauge Computer Works, Inc.) [23|25|26]xxx) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hcwPP2.sys -- (hcwPP2)
DRV - [2006-07-12 05:58:02 | 000,028,672 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\InCDrm.sys -- (incdrm)
DRV - [2005-12-18 20:42:12 | 000,008,801 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\DScaler\DSDrv4.sys -- (DSDrv4)
DRV - [2005-07-08 18:17:54 | 000,099,584 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2005-07-08 18:17:36 | 000,029,696 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDpass.sys -- (InCDPass)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2166.3772\npCIDetect14.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Yanick\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Yanick\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Yanick\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Yanick\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-06-23 08:05:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-05-03 21:08:41 | 000,000,000 | ---D | M]

[2011-08-23 16:23:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Yanick\Application Data\Mozilla\Extensions
[2011-05-03 08:40:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010-10-11 08:07:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
File not found (No name found) --
[2010-10-11 08:07:49 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011-03-02 04:01:05 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011-06-23 08:05:06 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010-10-11 08:07:49 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011-06-23 08:05:04 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
[2011-06-23 08:05:04 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011-06-23 08:05:04 | 000,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
[2011-06-23 08:05:04 | 000,001,154 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
[2011-06-23 08:05:04 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
[2011-06-23 08:05:04 | 000,000,956 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

Hosts file not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [ShaPlus Bandwidth Meter] File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bandwidth Meter.lnk = C:\WINDOWS\Installer\{297849A8-EEC6-4ABA-AAE5-C66A093FEDE3}\_4AFD87D2B7DF2077867725.exe ()
O4 - Startup: C:\Documents and Settings\Yanick\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {13149882-F480-4F6B-8C6A-0764F75B99ED} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} [You must be registered and logged in to see this link.] (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.200.241.37 24.200.243.189 24.201.245.77
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Yanick\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010-10-10 22:51:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011-08-25 08:59:16 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Yanick\Desktop\aswMBR.exe
[2011-08-25 08:38:45 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Yanick\Desktop\OTL.com
[2011-08-25 08:34:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011-08-23 16:23:59 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2011-08-23 16:06:31 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011-08-23 08:01:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2011-08-23 07:59:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011-08-11 13:10:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Yanick\Application Data\Mozilla
[2011-08-11 09:16:44 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011-08-11 09:05:44 | 000,000,000 | ---D | C] -- C:\VundoFix Backups
[2011-08-11 09:01:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011-08-11 08:51:56 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011-08-11 08:44:46 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011-08-11 08:44:46 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011-08-11 08:44:46 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011-08-11 08:44:46 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011-08-11 08:44:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011-08-11 08:44:12 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011-08-11 08:44:10 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Yanick\Start Menu\Programs\Administrative Tools
[2011-08-11 08:43:43 | 004,170,012 | R--- | C] (Swearware) -- C:\Documents and Settings\Yanick\Desktop\ComboFix.exe
[2011-08-11 00:42:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011-08-11 00:37:29 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011-08-11 00:37:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Yanick\Start Menu\Programs\HiJackThis
[2011-08-08 14:01:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011-08-08 14:01:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011-08-08 14:01:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Yanick\Application Data\Tysu
[2011-08-08 14:01:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Yanick\Application Data\Agdak
[2011-08-06 07:38:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2011-07-28 08:05:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Yanick\My Documents\Dropbox
[2011-07-28 08:03:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Yanick\Start Menu\Programs\Dropbox
[2011-07-28 08:02:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Yanick\Application Data\Dropbox
[2011-02-15 23:29:39 | 000,094,208 | ---- | C] (VSO Software) -- C:\Documents and Settings\Yanick\Application Data\ezplay.sys
[2010-10-10 23:30:03 | 000,254,000 | ---- | C] ( ) -- C:\WINDOWS\System32\Audio3D.dll
[2010-10-10 23:30:03 | 000,254,000 | ---- | C] ( ) -- C:\WINDOWS\System32\A3D.dll
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011-08-25 09:11:13 | 000,001,152 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-73586283-412668190-725345543-1003UA.job
[2011-08-25 09:09:44 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011-08-25 09:02:48 | 000,879,225 | ---- | M] () -- C:\Documents and Settings\Yanick\Desktop\SecurityCheck.exe
[2011-08-25 09:01:42 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Yanick\Desktop\MBR.dat
[2011-08-25 08:59:23 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Yanick\Desktop\aswMBR.exe
[2011-08-25 08:54:19 | 000,440,684 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011-08-25 08:54:19 | 000,071,002 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011-08-25 08:50:26 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011-08-25 08:50:05 | 000,002,181 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bandwidth Meter.lnk
[2011-08-25 08:49:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011-08-25 08:38:45 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Yanick\Desktop\OTL.com
[2011-08-25 07:37:54 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011-08-23 19:11:00 | 000,001,100 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-73586283-412668190-725345543-1003Core.job
[2011-08-23 17:59:10 | 000,415,161 | ---- | M] () -- C:\Documents and Settings\Yanick\Local Settings\Application Data\census.cache
[2011-08-23 17:59:09 | 000,193,845 | ---- | M] () -- C:\Documents and Settings\Yanick\Local Settings\Application Data\ars.cache
[2011-08-11 17:33:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011-08-11 11:50:30 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Yanick\Local Settings\Application Data\housecall.guid.cache
[2011-08-11 09:18:45 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011-08-11 08:52:00 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011-08-11 08:43:47 | 004,170,012 | R--- | M] (Swearware) -- C:\Documents and Settings\Yanick\Desktop\ComboFix.exe
[2011-08-11 07:53:25 | 000,000,137 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2011-08-11 00:37:29 | 000,001,986 | ---- | M] () -- C:\Documents and Settings\Yanick\Desktop\HiJackThis.lnk
[2011-08-11 00:27:43 | 000,000,294 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2011-08-11 00:24:12 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Akejupodo.bin
[2011-08-11 00:24:11 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Wwoqurixuqu.dat
[2011-08-11 00:23:38 | 000,022,572 | ---- | M] () -- C:\Documents and Settings\Yanick\Application Data\EF76.7AC
[2011-08-06 07:38:08 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2011-08-06 07:37:05 | 021,073,936 | ---- | M] () -- C:\Documents and Settings\Yanick\My Documents\vlc-1.1.11-win32.exe
[2011-08-02 10:39:09 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\switchDowngrade.job
[2011-07-30 22:33:52 | 000,059,347 | ---- | M] () -- C:\Documents and Settings\Yanick\My Documents\yanreg.pdf
[2011-07-30 22:32:35 | 000,059,293 | ---- | M] () -- C:\Documents and Settings\Yanick\My Documents\yanick2000.pdf
[2011-07-28 08:05:12 | 000,000,999 | ---- | M] () -- C:\Documents and Settings\Yanick\Desktop\Dropbox.lnk
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011-08-25 09:02:47 | 000,879,225 | ---- | C] () -- C:\Documents and Settings\Yanick\Desktop\SecurityCheck.exe
[2011-08-25 09:01:42 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Yanick\Desktop\MBR.dat
[2011-08-11 11:55:56 | 000,415,161 | ---- | C] () -- C:\Documents and Settings\Yanick\Local Settings\Application Data\census.cache
[2011-08-11 11:55:42 | 000,193,845 | ---- | C] () -- C:\Documents and Settings\Yanick\Local Settings\Application Data\ars.cache
[2011-08-11 11:50:30 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Yanick\Local Settings\Application Data\housecall.guid.cache
[2011-08-11 08:52:00 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011-08-11 08:51:57 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011-08-11 08:44:46 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011-08-11 08:44:46 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011-08-11 08:44:46 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011-08-11 08:44:46 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011-08-11 08:44:46 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011-08-11 00:37:29 | 000,001,986 | ---- | C] () -- C:\Documents and Settings\Yanick\Desktop\HiJackThis.lnk
[2011-08-11 00:27:43 | 000,000,294 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2011-08-08 13:51:01 | 000,022,572 | ---- | C] () -- C:\Documents and Settings\Yanick\Application Data\EF76.7AC
[2011-08-06 07:38:08 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2011-08-06 07:36:25 | 021,073,936 | ---- | C] () -- C:\Documents and Settings\Yanick\My Documents\vlc-1.1.11-win32.exe
[2011-07-30 22:33:52 | 000,059,347 | ---- | C] () -- C:\Documents and Settings\Yanick\My Documents\yanreg.pdf
[2011-07-30 22:32:35 | 000,059,293 | ---- | C] () -- C:\Documents and Settings\Yanick\My Documents\yanick2000.pdf
[2011-07-28 08:05:12 | 000,000,999 | ---- | C] () -- C:\Documents and Settings\Yanick\Desktop\Dropbox.lnk
[2011-07-01 12:59:43 | 000,000,358 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2011-05-24 20:57:02 | 000,000,137 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011-05-22 16:21:48 | 000,015,958 | -HS- | C] () -- C:\Documents and Settings\Yanick\Local Settings\Application Data\mssfsi1vlq8g1bx8lmkcbl8
[2011-05-22 16:21:48 | 000,015,958 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\mssfsi1vlq8g1bx8lmkcbl8
[2011-04-14 16:59:26 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Wwoqurixuqu.dat
[2011-04-14 16:59:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Akejupodo.bin
[2011-02-15 23:29:39 | 000,007,861 | ---- | C] () -- C:\Documents and Settings\Yanick\Application Data\ezplay.cat
[2011-02-15 23:29:39 | 000,001,103 | ---- | C] () -- C:\Documents and Settings\Yanick\Application Data\ezplay.inf
[2011-02-15 23:29:39 | 000,000,125 | ---- | C] () -- C:\Documents and Settings\Yanick\Application Data\ezplay.ini
[2011-01-07 00:20:16 | 000,019,528 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011-01-03 14:56:18 | 000,000,109 | ---- | C] () -- C:\WINDOWS\TLCAPPS.INI
[2010-11-16 22:21:49 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010-11-16 22:00:39 | 000,040,960 | ---- | C] () -- C:\Program Files\Uninstall_CDS.exe
[2010-11-12 21:40:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2010-11-06 16:17:37 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010-11-02 20:51:03 | 000,029,696 | ---- | C] () -- C:\Documents and Settings\Yanick\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-10-30 09:10:02 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Yanick\Local Settings\Application Data\fusioncache.dat
[2010-10-28 16:32:26 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2010-10-11 00:13:39 | 000,007,342 | ---- | C] () -- C:\WINDOWS\HCWPNP.INI
[2010-10-11 00:12:33 | 000,066,048 | ---- | C] () -- C:\WINDOWS\System32\hcwXDS.dll
[2010-10-10 23:34:46 | 000,001,769 | ---- | C] () -- C:\WINDOWS\Language_trs.ini
[2010-10-10 23:26:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2010-10-10 23:26:22 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2010-10-10 23:26:22 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
[2010-10-10 23:26:22 | 000,219,348 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010-10-10 23:26:22 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe
[2010-10-10 23:26:22 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010-10-10 23:18:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010-10-10 23:14:39 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2010-10-10 22:53:39 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010-10-10 22:48:55 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010-10-10 18:42:23 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010-10-10 18:37:08 | 000,123,728 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008-06-01 03:13:10 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2007-05-09 21:35:54 | 000,057,126 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2004-08-03 19:07:22 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004-08-02 08:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004-07-17 05:36:38 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2001-08-23 12:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001-08-23 12:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001-08-23 11:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001-08-23 11:00:00 | 000,440,684 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001-08-23 11:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001-08-23 11:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001-08-23 11:00:00 | 000,071,002 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001-08-23 11:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001-08-23 11:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001-08-23 11:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== Custom Scans ==========


< %APPDATA%\Microsoft\*.* >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %USERPROFILE%\Desktop\*.exe >
[2011-08-25 08:59:23 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Yanick\Desktop\aswMBR.exe
[2011-08-11 08:43:47 | 004,170,012 | R--- | M] (Swearware) -- C:\Documents and Settings\Yanick\Desktop\ComboFix.exe
[2011-08-25 09:02:48 | 000,879,225 | ---- | M] () -- C:\Documents and Settings\Yanick\Desktop\SecurityCheck.exe
[2011-06-16 21:13:25 | 021,022,914 | ---- | M] () -- C:\Documents and Settings\Yanick\Desktop\vlc-1.1.10-win32.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >
[2011-08-06 07:37:05 | 021,073,936 | ---- | M] () -- C:\Documents and Settings\Yanick\My Documents\vlc-1.1.11-win32.exe

< %USERPROFILE%\*.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2011-06-23 08:05:06 | 000,125,912 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\crashreporter.exe
[2011-06-23 08:05:06 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2011-06-23 08:05:04 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
[2011-06-23 08:05:04 | 000,265,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\updater.exe

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >
[5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >

< %PROGRAMFILES%\*. >
[2010-10-12 07:28:56 | 000,000,000 | ---D | M] -- C:\Program Files\7-Zip
[2010-12-02 10:09:30 | 000,000,000 | ---D | M] -- C:\Program Files\Activision
[2010-10-12 09:40:10 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2010-11-16 22:03:00 | 000,000,000 | ---D | M] -- C:\Program Files\Ahead
[2011-07-05 10:07:51 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2010-10-10 23:26:48 | 000,000,000 | ---D | M] -- C:\Program Files\ATI
[2010-10-10 23:26:40 | 000,000,000 | ---D | M] -- C:\Program Files\ATI Technologies
[2010-11-02 09:44:37 | 000,000,000 | ---D | M] -- C:\Program Files\Avery Dennison
[2010-10-10 23:33:25 | 000,000,000 | ---D | M] -- C:\Program Files\Avira
[2011-04-28 08:53:20 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2010-10-28 16:32:27 | 000,000,000 | ---D | M] -- C:\Program Files\CDBurnerXP
[2011-08-11 08:56:12 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2010-10-10 22:48:42 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2010-11-16 22:01:09 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2010-11-16 22:01:59 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink DVD Solution
[2010-10-11 00:24:39 | 000,000,000 | ---D | M] -- C:\Program Files\Devnz
[2011-08-25 07:47:32 | 000,000,000 | ---D | M] -- C:\Program Files\DScaler
[2011-02-15 23:27:01 | 000,000,000 | ---D | M] -- C:\Program Files\DVD Shrink
[2010-10-14 09:26:57 | 000,000,000 | ---D | M] -- C:\Program Files\EASEUS
[2010-11-30 22:11:08 | 000,000,000 | ---D | M] -- C:\Program Files\Elaborate Bytes
[2011-01-04 19:31:29 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2011-02-01 23:24:38 | 000,000,000 | ---D | M] -- C:\Program Files\HP
[2011-02-15 23:25:48 | 000,000,000 | ---D | M] -- C:\Program Files\ImgBurn
[2011-04-05 08:44:56 | 000,000,000 | ---D | M] -- C:\Program Files\ImpotExpert 2010
[2010-11-16 22:01:59 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2010-10-14 03:01:57 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2011-06-30 21:28:46 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2011-06-30 21:29:23 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2010-10-11 08:07:47 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2010-10-11 08:08:09 | 000,000,000 | ---D | M] -- C:\Program Files\JRE
[2011-06-11 18:56:17 | 000,000,000 | ---D | M] -- C:\Program Files\Kutoka
[2011-05-24 10:40:36 | 000,000,000 | ---D | M] -- C:\Program Files\Line6
[2011-08-11 09:18:45 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010-10-11 00:42:28 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2010-10-10 22:52:13 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2010-10-11 00:33:28 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2011-08-25 09:12:23 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2010-10-14 03:03:12 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2010-10-10 22:47:31 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2010-10-10 22:48:16 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2011-03-24 03:00:16 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2010-10-14 03:01:12 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 6.0
[2010-10-28 08:32:06 | 000,000,000 | ---D | M] -- C:\Program Files\NCH Swift Sound
[2010-10-10 22:50:03 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2010-10-19 08:23:25 | 000,000,000 | ---D | M] -- C:\Program Files\OneSwarm
[2010-10-10 22:48:27 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2010-10-11 08:08:08 | 000,000,000 | ---D | M] -- C:\Program Files\OpenOffice.org 3
[2010-10-11 01:01:24 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2010-10-16 17:46:03 | 000,000,000 | ---D | M] -- C:\Program Files\PlayPianoTODAY
[2010-12-25 12:47:03 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2010-10-10 23:14:38 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek
[2010-10-14 03:03:08 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2011-06-30 21:24:06 | 000,000,000 | ---D | M] -- C:\Program Files\Safari
[2011-05-24 20:40:04 | 000,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
[2011-01-06 22:53:26 | 000,000,000 | ---D | M] -- C:\Program Files\Tansee iPhone Transfer Contact
[2011-08-11 00:37:29 | 000,000,000 | ---D | M] -- C:\Program Files\Trend Micro
[2010-10-30 08:45:13 | 000,000,000 | ---D | M] -- C:\Program Files\Turbine
[2010-10-10 22:55:27 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2010-10-10 23:35:19 | 000,000,000 | ---D | M] -- C:\Program Files\VIA
[2010-11-02 20:52:37 | 000,000,000 | ---D | M] -- C:\Program Files\VideoLAN
[2011-02-15 23:29:30 | 000,000,000 | ---D | M] -- C:\Program Files\VSO
[2010-10-10 23:47:45 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2010-10-11 00:07:17 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2010-10-10 22:48:06 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2010-10-10 22:51:01 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2010-11-16 09:46:51 | 000,000,000 | ---D | M] -- C:\Program Files\WinPcap
[2010-10-11 00:14:14 | 000,000,000 | ---D | M] -- C:\Program Files\WinTV
[2010-10-10 22:52:13 | 000,000,000 | ---D | M] -- C:\Program Files\xerox


< MD5 for: AGP440.SYS >
[2004-08-03 19:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008-04-13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\agp440.sys

< MD5 for: ATAPI.SYS >
[2004-08-03 19:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008-04-13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\atapi.sys
[2004-08-03 16:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2004-08-03 16:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: DISK.SYS >
[2004-08-03 19:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2004-08-03 16:59:56 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\system32\drivers\disk.sys
[2008-04-13 14:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\disk.sys

< MD5 for: NETLOGON.DLL >
[2008-04-13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\netlogon.dll
[2009-02-06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009-02-06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004-08-03 18:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2004-08-03 18:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2004-08-03 18:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-08-11 04:27:44

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011-06-23 08:05:04 | 000,715,104 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011-06-23 08:05:04 | 000,715,104 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011-06-23 08:05:04 | 000,715,104 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011-06-23 08:05:06 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011-06-23 08:05:06 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011-06-23 08:05:06 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: %systemroot%\system32\shmgrate.exe OCInstallReinstallIE [2004-08-03 18:56:58 | 000,042,496 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallHideIE [2004-08-03 18:56:58 | 000,042,496 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallShowIE [2004-08-03 18:56:58 | 000,042,496 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2004-08-03 18:56:52 | 000,093,184 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2011-03-21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2011-03-21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2011-03-21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2011-03-21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011-06-23 08:05:04 | 000,715,104 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011-06-23 08:05:04 | 000,715,104 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011-06-23 08:05:04 | 000,715,104 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011-06-23 08:05:06 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011-06-23 08:05:06 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011-06-23 08:05:06 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: %systemroot%\system32\shmgrate.exe OCInstallReinstallIE [2004-08-03 18:56:58 | 000,042,496 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallHideIE [2004-08-03 18:56:58 | 000,042,496 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallShowIE [2004-08-03 18:56:58 | 000,042,496 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2004-08-03 18:56:52 | 000,093,184 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2011-03-21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2011-03-21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2011-03-21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2011-03-21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)

< End of report >

Rest of logs in part 2/2 on anothe message

yfournier
Novice
Novice

Posts Posts : 9
Joined Joined : 2011-08-25
OS OS : Windows XP SP2
Points Points : 19421
# Likes # Likes : 0

View user profile

Back to top Go down

System unstable, I got a phone call from "Microsoft" (yeah!) to help me Part 2/2

Post by yfournier on 25th August 2011, 2:04 pm

This is the rest of my logs

OTL Extras logfile created on: 2011-08-25 08:40:27 - Run 1
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Documents and Settings\Yanick\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000C0C | Country: Canada | Language: FRC | Date Format: yyyy-MM-dd

3,25 Gb Total Physical Memory | 2,97 Gb Available Physical Memory | 91,37% Memory free
5,09 Gb Paging File | 5,01 Gb Available in Paging File | 98,37% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465,75 Gb Total Space | 399,24 Gb Free Space | 85,72% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive E: | 4,06 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: CUISINE | User Name: Yanick | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Documents and Settings\Yanick\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Yanick\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Program Files\OneSwarm\OneSwarm.exe" = C:\Program Files\OneSwarm\OneSwarm.exe:*:Enabled:OneSwarm -- ()
"C:\Program Files\Turbine\DDO Unlimited\dndclient.exe" = C:\Program Files\Turbine\DDO Unlimited\dndclient.exe:*:Enabled:dndclient -- (Turbine, Inc.)
"C:\Program Files\Activision\Call of Duty - Black Ops\BlackOps.exe" = C:\Program Files\Activision\Call of Duty - Black Ops\BlackOps.exe:*:Enabled:BlackOps -- ()
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\DeviceSetup.exe" = C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\DeviceSetup.exe:LocalSubNet:Enabled:HP Device Setup -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPNetworkCommunicator.exe" = C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPNetworkCommunicator.exe:LocalSubNet:Enabled:HP Network Communicator -- (Hewlett-Packard Co.)
"C:\Documents and Settings\Yanick\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Yanick\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{005E738B-5A0A-4483-A900-877D183A8F45}_is1" = BlindWrite 6
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{130E5108-547F-4482-91EE-F45C784E08C7}" = HP Officejet 6500 E710n-z Help
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Multimedia Launcher
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{22A647A1-E442-7302-3905-DA8C5FDFCAFB}" = Catalyst Control Center Graphics Previews Common
"{23768150-5EFE-14A4-CECE-914D03FF18B4}" = CCC Help English
"{266517E6-D866-439D-919C-B8B1A52E6080}" = OpenOffice.org 3.2
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{292899E7-6B8F-8099-0ACD-71D5F448106D}" = ccc-utility
"{297849A8-EEC6-4ABA-AAE5-C66A093FEDE3}" = BandwidthMeter
"{2C464EC1-2B0C-4490-9CAC-D4562DD8377A}" = Soap 3.0 Toolkit
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3D51664C-293A-4621-926E-0436DE7553A6}" = DesignPro 5
"{41B8A39C-E97D-FDE5-3A4A-8E6FA961E94E}" = ccc-core-static
"{451BB54C-8B23-4455-8BDC-14FC7D43E056}" = MSXML4SP2
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5CA1C102-CFB3-9C8E-2DEF-E98A4B57C8CF}" = Catalyst Control Center InstallProxy
"{600AB648-F79B-41EC-B426-A49A7DB121EA}" = HP Officejet 6500 E710n-z Basic Device Software
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7E6066E6-8B5B-4100-B0FA-1D9E9B663CBA}" = iTunes
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{859FE21B-F622-4347-B8A0-4478D7971937}" = ImpotExpert 2010
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{96F549E9-85D0-4F12-8747-259F6C224E61}" = ImpotExpert Updater 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A89DEBCA-F743-3412-97F6-B2E489194551}" = Google Talk Plugin
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B700113B-24A8-4D4C-8484-0CC944F764C8}" = Google SketchUp 8
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B97CF5C3-0487-11D8-A36E-0050BAE317E1}" = DVD Solution
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{C9EAEE6B-741F-421D-B9CE-9FA300DA92AD}_is1" = Super Mario Bros. X version 1.3
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DDA34038-89BD-4804-B0B8-DC48D5DFB463}" = Catalyst Control Center - Branding
"15b35190-c6f9-11d9-9669-0800200c9a66_is1" = Dungeons & Dragons Online : Eberron Unlimited v01.12.00.803
"2849-8758-5167-8645" = OneSwarm 0.7
"7-Zip" = 7-Zip 9.17 beta
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Call of Duty: Black Ops_is1" = Call of Duty: Black Ops
"Chord Reference eBookv. 1" = Chord Reference eBook
"DScaler 4.1.15_is1" = DScaler 4.1.15
"DVD Shrink_is1" = DVD Shrink 3.2
"Google Updater" = Google Updater
"ImgBurn" = ImgBurn
"InCD!UninstallKey" = InCD
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InstallShield_{3D51664C-293A-4621-926E-0436DE7553A6}" = DesignPro 5
"Lapin Malin Maternelle 2" = Lapin Malin Maternelle 2
"Line 6 Uninstaller" = Line 6 Uninstaller
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Mia langues secondes" = Mia langues secondes
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 5.0 (x86 fr)" = Mozilla Firefox 5.0 (x86 fr)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero OEM
"Picasa 3" = Picasa 3
"Switch" = Switch Sound File Converter
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.1.11
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"winpcap-nmap" = winpcap-nmap 4.02
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2011-05-23 12:23:20 | Computer Name = CUISINE | Source = VSS | ID = 12289
Description = Volume Shadow Copy Service error: Unexpected error CreateFileW(\\?\Volume{6e1339c2-d4bf-11df-9f44-806d6172696f},0xc0000000,0x00000003,...).
hr = 0x80070020.

Error - 2011-05-23 12:23:20 | Computer Name = CUISINE | Source = VSS | ID = 12289
Description = Volume Shadow Copy Service error: Unexpected error CreateFileW(\\?\Volume{6e1339c3-d4bf-11df-9f44-806d6172696f},0xc0000000,0x00000003,...).
hr = 0x80070020.

Error - 2011-05-23 12:38:39 | Computer Name = CUISINE | Source = VSS | ID = 12289
Description = Volume Shadow Copy Service error: Unexpected error CreateFileW(\\?\Volume{6e1339c2-d4bf-11df-9f44-806d6172696f},0xc0000000,0x00000003,...).
hr = 0x80070020.

Error - 2011-05-26 20:21:53 | Computer Name = CUISINE | Source = Application Error | ID = 1000
Description = Faulting application itunes.exe, version 10.2.2.12, faulting module
quicktime.qts, version 7.69.80.9, fault address 0x00104124.

Error - 2011-05-28 10:50:26 | Computer Name = CUISINE | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

Error - 2011-06-02 20:26:46 | Computer Name = CUISINE | Source = Application Error | ID = 1000
Description = Faulting application javaw.exe, version 6.0.200.2, faulting module
java.dll, version 6.0.200.2, fault address 0x00004e46.

Error - 2011-06-09 20:26:52 | Computer Name = CUISINE | Source = Application Error | ID = 1000
Description = Faulting application javaw.exe, version 6.0.200.2, faulting module
java.dll, version 6.0.200.2, fault address 0x00005875.

Error - 2011-06-12 07:30:15 | Computer Name = CUISINE | Source = Application Error | ID = 1000
Description = Faulting application mials.exe, version 0.0.0.0, faulting module mials.exe,
version 0.0.0.0, fault address 0x000b5029.

Error - 2011-06-12 08:57:42 | Computer Name = CUISINE | Source = Application Error | ID = 1000
Description = Faulting application mials.exe, version 0.0.0.0, faulting module mials.exe,
version 0.0.0.0, fault address 0x000b5029.

Error - 2011-06-12 08:57:50 | Computer Name = CUISINE | Source = Application Error | ID = 1001
Description = Fault bucket 151355118.

[ System Events ]
Error - 2011-08-25 08:20:16 | Computer Name = CUISINE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 2011-08-25 08:21:12 | Computer Name = CUISINE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
avgio avipbb ElbyCDIO Fips Processor ssmdrv


< End of report >

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-08-25 09:00:14
-----------------------------
09:00:14.015 OS Version: Windows 5.1.2600 Service Pack 2
09:00:14.031 Number of processors: 2 586 0x402
09:00:14.031 ComputerName: CUISINE UserName: Yanick
09:00:15.859 Initialize success
09:00:46.859 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
09:00:46.859 Disk 0 Vendor: WDC_WD5000AADS-00M2B0 01.00A01 Size: 476940MB BusType: 3
09:00:46.859 Device \Driver\atapi -> DriverStartIo 8a5f331b
09:00:48.859 Disk 0 MBR read successfully
09:00:48.859 Disk 0 MBR scan
09:00:48.859 Disk 0 TDL4@MBR code has been found
09:00:48.859 Disk 0 Windows XP default MBR code found via API
09:00:48.859 Disk 0 MBR hidden
09:00:48.859 Disk 0 MBR [TDL4] **ROOTKIT**
09:00:48.859 Disk 0 trace - called modules:
09:00:48.859 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8a5f34d0]<<
09:00:48.859 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a652ab8]
09:00:48.859 3 CLASSPNP.SYS[ba10905b] -> nt!IofCallDriver -> \Device\0000006f[0x8a66af18]
09:00:48.859 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> [0x8a665d98]
09:00:48.906 \Driver\atapi[0x8a655930] -> IRP_MJ_CREATE -> 0x8a5f34d0
09:00:48.906 Scan finished successfully
09:01:42.609 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Yanick\Desktop\MBR.dat"
09:01:42.609 The log file has been saved successfully to "C:\Documents and Settings\Yanick\Desktop\aswMBR.txt"


Results of screen317's Security Check version 0.99.18
Windows XP Service Pack 2
[You must be registered and logged in to see this link.]
Internet Explorer 6 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
Avira AntiVir Personal - Free Antivirus
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java(TM) 6 Update 20
Out of date Java installed!
Adobe Flash Player 10.3.181.34
Mozilla Firefox (x86 fr..)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Avira Antivir avgnt.exe
Avira Antivir avguard.exe
``````````End of Log````````````

yfournier
Novice
Novice

Posts Posts : 9
Joined Joined : 2011-08-25
OS OS : Windows XP SP2
Points Points : 19421
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System unstable, I got a phone call from "Microsoft" (yeah!) to help me Part 1/2

Post by Belahzur on 7th September 2011, 11:34 pm

Sorry about the wait.

Please download TDSSKiller from [You must be registered and logged in to see this link.] and save it to your Desktop.

  • Doubleclick TDSSKiller.exe to run the tool
  • Click the Start Scan button
  • After the scan has finished, click the Close button
  • Click the Report button and copy/paste the contents of it into your next reply
Note:It will also create a log in the C:\ directory.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: System unstable, I got a phone call from "Microsoft" (yeah!) to help me Part 1/2

Post by yfournier on 8th September 2011, 11:32 am

No trouble for the wait. Thanks for your time!

Here is the log:

2011/09/08 07:29:41.0203 3196 TDSS rootkit removing tool 2.5.20.0 Sep 7 2011 16:44:34
2011/09/08 07:29:41.0484 3196 ================================================================================
2011/09/08 07:29:41.0484 3196 SystemInfo:
2011/09/08 07:29:41.0484 3196
2011/09/08 07:29:41.0484 3196 OS Version: 5.1.2600 ServicePack: 2.0
2011/09/08 07:29:41.0484 3196 Product type: Workstation
2011/09/08 07:29:41.0484 3196 ComputerName: CUISINE
2011/09/08 07:29:41.0484 3196 UserName: Yanick
2011/09/08 07:29:41.0484 3196 Windows directory: C:\WINDOWS
2011/09/08 07:29:41.0484 3196 System windows directory: C:\WINDOWS
2011/09/08 07:29:41.0484 3196 Processor architecture: Intel x86
2011/09/08 07:29:41.0484 3196 Number of processors: 2
2011/09/08 07:29:41.0484 3196 Page size: 0x1000
2011/09/08 07:29:41.0484 3196 Boot type: Normal boot
2011/09/08 07:29:41.0484 3196 ================================================================================
2011/09/08 07:29:43.0375 3196 Initialize success
2011/09/08 07:29:47.0421 3224 ================================================================================
2011/09/08 07:29:47.0421 3224 Scan started
2011/09/08 07:29:47.0421 3224 Mode: Manual;
2011/09/08 07:29:47.0421 3224 ================================================================================
2011/09/08 07:29:48.0765 3224 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/09/08 07:29:48.0906 3224 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/09/08 07:29:48.0968 3224 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
2011/09/08 07:29:49.0000 3224 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
2011/09/08 07:29:49.0109 3224 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/09/08 07:29:49.0156 3224 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/09/08 07:29:49.0171 3224 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/09/08 07:29:49.0296 3224 ati2mtag (bde0f5d73c04b3f16672a7e6ea9d2392) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/09/08 07:29:49.0484 3224 AtiHdmiService (dc6957811ff95f2dd3004361b20d8d3f) C:\WINDOWS\system32\drivers\AtiHdmi.sys
2011/09/08 07:29:49.0515 3224 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/09/08 07:29:49.0625 3224 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/09/08 07:29:49.0781 3224 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2011/09/08 07:29:49.0859 3224 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
2011/09/08 07:29:49.0921 3224 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2011/09/08 07:29:50.0046 3224 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/09/08 07:29:50.0312 3224 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/09/08 07:29:50.0421 3224 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/09/08 07:29:50.0546 3224 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/09/08 07:29:50.0656 3224 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/09/08 07:29:50.0765 3224 Cdrom (7b53584d94e9d8716b2de91d5f1cb42d) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/09/08 07:29:51.0203 3224 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/09/08 07:29:51.0343 3224 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2011/09/08 07:29:51.0500 3224 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
2011/09/08 07:29:51.0625 3224 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/09/08 07:29:51.0703 3224 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/09/08 07:29:51.0875 3224 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/09/08 07:29:52.0015 3224 DSDrv4 (8462304cbd54857a5943bda8a6ede5ed) C:\PROGRA~1\DScaler\DSDrv4.sys
2011/09/08 07:29:52.0140 3224 ElbyCDIO (44996a2addd2db7454f2ca40b67d8941) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
2011/09/08 07:29:52.0296 3224 ezplay (73e701e0fa4d2fc7d22efceff276c50a) C:\WINDOWS\system32\Drivers\ezplay.sys
2011/09/08 07:29:52.0453 3224 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/09/08 07:29:52.0640 3224 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
2011/09/08 07:29:52.0718 3224 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2011/09/08 07:29:52.0781 3224 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/09/08 07:29:52.0859 3224 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/09/08 07:29:52.0921 3224 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/09/08 07:29:53.0093 3224 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/09/08 07:29:53.0265 3224 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/09/08 07:29:53.0375 3224 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/09/08 07:29:53.0578 3224 hcwPP2 (9436fbf3ca45a0fb726856b409734d7a) C:\WINDOWS\system32\DRIVERS\hcwPP2.sys
2011/09/08 07:29:53.0859 3224 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/09/08 07:29:54.0000 3224 hidusb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/09/08 07:29:54.0250 3224 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/09/08 07:29:55.0703 3224 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/09/08 07:29:55.0984 3224 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/09/08 07:29:56.0265 3224 InCDfs (b87fc7c71632240dac8f4d20e9ce8377) C:\WINDOWS\system32\drivers\InCDfs.sys
2011/09/08 07:29:56.0359 3224 InCDPass (2e878405128ec98886eb9c2216ac7bd6) C:\WINDOWS\system32\DRIVERS\InCDPass.sys
2011/09/08 07:29:56.0484 3224 InCDrec (ddf078917a42f105385d7eb6debb3433) C:\WINDOWS\system32\drivers\InCDrec.sys
2011/09/08 07:29:56.0578 3224 incdrm (7f352360e947ad2cd4ba60de27b1a299) C:\WINDOWS\system32\drivers\incdrm.sys
2011/09/08 07:29:56.0734 3224 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/09/08 07:29:56.0843 3224 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/09/08 07:29:56.0906 3224 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/09/08 07:29:57.0015 3224 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/09/08 07:29:57.0109 3224 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/09/08 07:29:57.0203 3224 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/09/08 07:29:57.0281 3224 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/09/08 07:29:57.0421 3224 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/09/08 07:29:57.0562 3224 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
2011/09/08 07:29:57.0843 3224 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/09/08 07:29:58.0250 3224 L6PODHD5 (27207f289cbf01d46e4f5f7a261aa4ac) C:\WINDOWS\system32\Drivers\L6PODHD5.sys
2011/09/08 07:29:59.0265 3224 LVUSBSta (9e9306063ecd8aa91b3fb76678d3cee2) C:\WINDOWS\system32\DRIVERS\LVUSBSta.sys
2011/09/08 07:29:59.0765 3224 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/09/08 07:29:59.0937 3224 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2011/09/08 07:30:00.0125 3224 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/09/08 07:30:00.0218 3224 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/09/08 07:30:00.0343 3224 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/09/08 07:30:00.0859 3224 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/09/08 07:30:01.0500 3224 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/09/08 07:30:02.0187 3224 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/09/08 07:30:02.0578 3224 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/09/08 07:30:02.0765 3224 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/09/08 07:30:02.0890 3224 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/09/08 07:30:02.0968 3224 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/09/08 07:30:03.0125 3224 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/09/08 07:30:03.0265 3224 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2011/09/08 07:30:03.0406 3224 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/09/08 07:30:03.0906 3224 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/09/08 07:30:04.0078 3224 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/09/08 07:30:04.0187 3224 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/09/08 07:30:04.0359 3224 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/09/08 07:30:04.0468 3224 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/09/08 07:30:04.0625 3224 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/09/08 07:30:04.0843 3224 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/09/08 07:30:05.0390 3224 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/09/08 07:30:05.0703 3224 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/09/08 07:30:05.0937 3224 npf (6623e51595c0076755c29c00846c4eb2) C:\WINDOWS\system32\drivers\npf.sys
2011/09/08 07:30:06.0187 3224 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/09/08 07:30:06.0687 3224 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/09/08 07:30:07.0203 3224 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/09/08 07:30:07.0406 3224 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/09/08 07:30:07.0515 3224 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/09/08 07:30:07.0656 3224 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/09/08 07:30:07.0750 3224 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/09/08 07:30:08.0046 3224 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/09/08 07:30:08.0156 3224 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/09/08 07:30:08.0421 3224 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/09/08 07:30:08.0812 3224 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/09/08 07:30:08.0875 3224 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/09/08 07:30:09.0500 3224 PID_PEPI (0da6c5e0c8da6cebe52daacfe7ae9de6) C:\WINDOWS\system32\DRIVERS\LV302V32.SYS
2011/09/08 07:30:10.0390 3224 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/09/08 07:30:10.0828 3224 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/09/08 07:30:11.0156 3224 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/09/08 07:30:11.0296 3224 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/09/08 07:30:11.0906 3224 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/09/08 07:30:12.0187 3224 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/09/08 07:30:12.0250 3224 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/09/08 07:30:12.0468 3224 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/09/08 07:30:12.0921 3224 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/09/08 07:30:13.0109 3224 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/09/08 07:30:13.0171 3224 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/09/08 07:30:13.0296 3224 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/09/08 07:30:13.0390 3224 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/09/08 07:30:13.0671 3224 RTLE8023xp (cb9310a5a910648d359c99a857e22a54) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
2011/09/08 07:30:14.0156 3224 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/09/08 07:30:14.0437 3224 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/09/08 07:30:14.0796 3224 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/09/08 07:30:15.0343 3224 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/09/08 07:30:15.0812 3224 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/09/08 07:30:16.0437 3224 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
2011/09/08 07:30:16.0578 3224 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/09/08 07:30:16.0921 3224 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/09/08 07:30:17.0453 3224 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2011/09/08 07:30:17.0656 3224 StarOpen (f92254b0bcfcd10caac7bccc7cb7f467) C:\WINDOWS\system32\drivers\StarOpen.sys
2011/09/08 07:30:17.0750 3224 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
2011/09/08 07:30:17.0828 3224 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/09/08 07:30:17.0921 3224 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/09/08 07:30:18.0156 3224 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/09/08 07:30:19.0171 3224 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/09/08 07:30:19.0359 3224 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/09/08 07:30:19.0500 3224 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/09/08 07:30:19.0593 3224 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/09/08 07:30:19.0718 3224 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/09/08 07:30:19.0984 3224 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/09/08 07:30:20.0765 3224 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
2011/09/08 07:30:20.0921 3224 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/09/08 07:30:21.0109 3224 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/09/08 07:30:21.0390 3224 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/09/08 07:30:21.0781 3224 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/09/08 07:30:22.0218 3224 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/09/08 07:30:22.0515 3224 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/09/08 07:30:22.0906 3224 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/09/08 07:30:23.0125 3224 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/09/08 07:30:23.0250 3224 VClone (94d73b62e458fb56c9ce60aa96d914f9) C:\WINDOWS\system32\DRIVERS\VClone.sys
2011/09/08 07:30:23.0328 3224 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/09/08 07:30:24.0296 3224 VIAHdAudAddService (80952920d6fdd8d65d37f488de340b5d) C:\WINDOWS\system32\drivers\viahduaa.sys
2011/09/08 07:30:25.0500 3224 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/09/08 07:30:25.0796 3224 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/09/08 07:30:26.0390 3224 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/09/08 07:30:26.0750 3224 WmiAcpi (ae2c8544e747c20062db27456ea2d67a) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/09/08 07:30:26.0859 3224 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/09/08 07:30:26.0953 3224 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/09/08 07:30:27.0125 3224 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/09/08 07:30:27.0187 3224 MBR (0x1B8) (2839639fa37b8353e792a2a30a12ced3) \Device\Harddisk0\DR0
2011/09/08 07:30:27.0203 3224 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/09/08 07:30:27.0203 3224 Boot (0x1200) (3ec717b882c0e6551072d3852d79e494) \Device\Harddisk0\DR0\Partition0
2011/09/08 07:30:27.0218 3224 ================================================================================
2011/09/08 07:30:27.0218 3224 Scan finished
2011/09/08 07:30:27.0218 3224 ================================================================================
2011/09/08 07:30:27.0234 3260 Detected object count: 1
2011/09/08 07:30:27.0234 3260 Actual detected object count: 1
2011/09/08 07:30:35.0468 3260 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/09/08 07:30:35.0468 3260 \Device\Harddisk0\DR0 - ok
2011/09/08 07:30:35.0468 3260 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure

yfournier
Novice
Novice

Posts Posts : 9
Joined Joined : 2011-08-25
OS OS : Windows XP SP2
Points Points : 19421
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System unstable, I got a phone call from "Microsoft" (yeah!) to help me Part 1/2

Post by yfournier on 8th September 2011, 3:46 pm

I don't know if it was the right thing to do, but I cured the infection with the program suggested. Anyway, my computer looks to work fine. Some programs that were not starting at all (like DScaler) are now working again. Thanks so much. Is there anything that I need to do next or it's done?

Let me know, Yanick Fournier

yfournier
Novice
Novice

Posts Posts : 9
Joined Joined : 2011-08-25
OS OS : Windows XP SP2
Points Points : 19421
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System unstable, I got a phone call from "Microsoft" (yeah!) to help me Part 1/2

Post by Belahzur on 8th September 2011, 4:36 pm

Hi,


Download Combofix from any of the links below, and save it to your desktop.

[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

When saving ComboFix rename it to PCHelpForum.exe to prevent it from being blocked by malware.


Refer to this image:

To prevent your anti-virus application interfering with ComboFix we need to disable it. See [You must be registered and logged in to see this link.] for a tutorial regarding how to do so if you are unsure.

  • Close any open windows and double click PCHelpForum.exe to run it.

    You will see the following image:


Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:



As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.



Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may call it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: System unstable, I got a phone call from "Microsoft" (yeah!) to help me Part 1/2

Post by yfournier on 8th September 2011, 9:19 pm

Hi again, here is the logfile for combofix:

ComboFix 11-09-08.03 - Yanick 2011-09-08 17:10:19.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3327.2793 [GMT -4:00]
Running from: c:\documents and settings\Yanick\Desktop\pchelpforum.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Yanick\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\Yanick\Local Settings\Application Data\ApplicationHistory\dndlauncher.exe.49f1997f.ini
c:\documents and settings\Yanick\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini
c:\documents and settings\Yanick\Local Settings\Application Data\ApplicationHistory\TurbineInvoker.exe.e40d002e.ini
c:\documents and settings\Yanick\Local Settings\Application Data\ApplicationHistory\TurbineLauncher.exe.d8bd62d4.ini
.
.
((((((((((((((((((((((((( Files Created from 2011-08-08 to 2011-09-08 )))))))))))))))))))))))))))))))
.
.
2011-08-25 12:34 . 2011-08-25 12:34 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-08-23 20:23 . 2011-08-23 20:23 -------- d--h--w- c:\windows\system32\GroupPolicy
2011-08-11 13:05 . 2011-08-11 13:05 -------- d-----w- C:\VundoFix Backups
2011-08-11 04:37 . 2011-08-11 04:37 388096 ----a-r- c:\documents and settings\Yanick\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-08-11 04:37 . 2011-08-11 04:37 -------- d-----w- c:\program files\Trend Micro
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-09 15:43 . 2011-07-09 15:43 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-06 23:52 . 2010-10-11 03:37 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 23:52 . 2010-10-11 03:37 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-28 17:59 . 2010-10-11 03:33 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-06-28 17:59 . 2010-10-11 03:33 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys
2004-10-01 20:00 . 2010-11-17 02:00 40960 ----a-w- c:\program files\Uninstall_CDS.exe
2011-08-26 12:22 . 2011-05-04 01:08 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-09-08 11:34 . 2011-09-08 11:34 16384 c:\windows\temp\Perflib_Perfdata_7fc.dat
+ 2001-08-23 15:00 . 2011-09-08 12:01 71002 c:\windows\system32\perfc009.dat
- 2001-08-23 15:00 . 2011-08-11 12:52 71002 c:\windows\system32\perfc009.dat
+ 2001-08-23 15:00 . 2011-09-08 12:01 440684 c:\windows\system32\perfh009.dat
- 2001-08-23 15:00 . 2011-08-11 12:52 440684 c:\windows\system32\perfh009.dat
+ 2011-08-22 21:11 . 2011-08-22 21:11 332288 c:\windows\Installer\88729.msi
+ 2011-05-23 13:28 . 2011-08-23 20:24 1067100 c:\windows\system32\Restore\rstrlog.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Yanick\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Yanick\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Yanick\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Yanick\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShaPlus Bandwidth Meter"="c:\program files\ShaPlus Bandwidth Meter\ShaPlus Bandwidth Meter" [X]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-26 98304]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-02 281768]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2010-01-18 33714176]
"RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-03 32768]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2006-07-12 1397760]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]
.
c:\documents and settings\Yanick\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bandwidth Meter.lnk - c:\windows\Installer\{297849A8-EEC6-4ABA-AAE5-C66A093FEDE3}\_4AFD87D2B7DF2077867725.exe [2010-11-16 1150]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\Yanick\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\OneSwarm\\OneSwarm.exe"=
"c:\\Program Files\\Turbine\\DDO Unlimited\\dndclient.exe"=
"c:\\Program Files\\Activision\\Call of Duty - Black Ops\\BlackOps.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\Yanick\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
.
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-10-10 136360]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2008-06-01 34064]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-10-10 2106880]
S3 L6PODHD5;Service - Line 6 POD HD500;c:\windows\system32\drivers\L6PODHD5.sys [2011-05-24 580096]
S4 BackupService;BackupService;c:\documents and settings\Yanick\Application Data\HP SimpleSave Application\uUACTokenSvc.exe [2011-04-28 83512]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 38734167
*Deregistered* - 38734167
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 21:57]
.
2011-09-08 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-01-04 23:31]
.
2011-08-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-73586283-412668190-725345543-1003Core.job
- c:\documents and settings\Yanick\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-14 13:51]
.
2011-09-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-73586283-412668190-725345543-1003UA.job
- c:\documents and settings\Yanick\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-14 13:51]
.
2011-08-02 c:\windows\Tasks\switchDowngrade.job
- c:\program files\NCH Swift Sound\Switch\switch.exe [2010-10-28 12:32]
.
2011-01-09 c:\windows\Tasks\switchShakeIcon.job
- c:\program files\NCH Swift Sound\Switch\switch.exe [2010-10-28 12:32]
.
.
------- Supplementary Scan -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 24.200.241.37 24.200.243.189 24.201.245.77
DPF: {13149882-F480-4F6B-8C6A-0764F75B99ED}
FF - ProfilePath - c:\documents and settings\Yanick\Application Data\Mozilla\Firefox\Profiles\3ibk19br.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2011-09-08 17:14
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(796)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Completion time: 2011-09-08 17:16:24
ComboFix-quarantined-files.txt 2011-09-08 21:16
ComboFix2.txt 2011-08-11 13:01
.
Pre-Run: 428460175360 bytes free
Post-Run: 428677963776 bytes free
.
- - End Of File - - 444ACC58311162E7E1B648C5F3A6D295

yfournier
Novice
Novice

Posts Posts : 9
Joined Joined : 2011-08-25
OS OS : Windows XP SP2
Points Points : 19421
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System unstable, I got a phone call from "Microsoft" (yeah!) to help me Part 1/2

Post by Belahzur on 9th September 2011, 9:25 pm

Hello.

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:
    Code:

    Driver::
    38734167
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: System unstable, I got a phone call from "Microsoft" (yeah!) to help me Part 1/2

Post by yfournier on 10th September 2011, 5:02 am

Hello again, here's the log file:

ComboFix 11-09-08.03 - Yanick 2011-09-10 0:54.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3327.2617 [GMT -4:00]
Running from: c:\documents and settings\Yanick\Desktop\pchelpforum.exe
Command switches used :: c:\documents and settings\Yanick\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_38734167
.
.
((((((((((((((((((((((((( Files Created from 2011-08-10 to 2011-09-10 )))))))))))))))))))))))))))))))
.
.
2011-08-25 12:34 . 2011-08-25 12:34 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-08-23 20:23 . 2011-08-23 20:23 -------- d--h--w- c:\windows\system32\GroupPolicy
2011-08-11 13:05 . 2011-08-11 13:05 -------- d-----w- C:\VundoFix Backups
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-11 04:37 . 2011-08-11 04:37 388096 ----a-r- c:\documents and settings\Yanick\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-07-09 15:43 . 2011-07-09 15:43 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-06 23:52 . 2010-10-11 03:37 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 23:52 . 2010-10-11 03:37 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-28 17:59 . 2010-10-11 03:33 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-06-28 17:59 . 2010-10-11 03:33 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys
2004-10-01 20:00 . 2010-11-17 02:00 40960 ----a-w- c:\program files\Uninstall_CDS.exe
2011-09-09 15:02 . 2011-05-04 01:08 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-09-10 04:57 . 2011-09-10 04:57 16384 c:\windows\temp\Perflib_Perfdata_114.dat
+ 2001-08-23 15:00 . 2011-09-08 12:01 71002 c:\windows\system32\perfc009.dat
- 2001-08-23 15:00 . 2011-08-11 12:52 71002 c:\windows\system32\perfc009.dat
+ 2001-08-23 15:00 . 2011-09-08 12:01 440684 c:\windows\system32\perfh009.dat
- 2001-08-23 15:00 . 2011-08-11 12:52 440684 c:\windows\system32\perfh009.dat
+ 2011-08-22 21:11 . 2011-08-22 21:11 332288 c:\windows\Installer\88729.msi
+ 2011-05-23 13:28 . 2011-08-23 20:24 1067100 c:\windows\system32\Restore\rstrlog.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Yanick\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Yanick\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Yanick\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Yanick\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShaPlus Bandwidth Meter"="c:\program files\ShaPlus Bandwidth Meter\ShaPlus Bandwidth Meter" [X]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-26 98304]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-02 281768]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2010-01-18 33714176]
"RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-03 32768]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2006-07-12 1397760]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]
.
c:\documents and settings\Yanick\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bandwidth Meter.lnk - c:\windows\Installer\{297849A8-EEC6-4ABA-AAE5-C66A093FEDE3}\_4AFD87D2B7DF2077867725.exe [2010-11-16 1150]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\Yanick\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\OneSwarm\\OneSwarm.exe"=
"c:\\Program Files\\Turbine\\DDO Unlimited\\dndclient.exe"=
"c:\\Program Files\\Activision\\Call of Duty - Black Ops\\BlackOps.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\Yanick\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
.
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-10-10 136360]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2008-06-01 34064]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-10-10 2106880]
S3 L6PODHD5;Service - Line 6 POD HD500;c:\windows\system32\drivers\L6PODHD5.sys [2011-05-24 580096]
S4 BackupService;BackupService;c:\documents and settings\Yanick\Application Data\HP SimpleSave Application\uUACTokenSvc.exe [2011-04-28 83512]
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 21:57]
.
2011-09-09 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-01-04 12:28]
.
2011-09-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-73586283-412668190-725345543-1003Core.job
- c:\documents and settings\Yanick\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-14 13:51]
.
2011-09-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-73586283-412668190-725345543-1003UA.job
- c:\documents and settings\Yanick\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-14 13:51]
.
2011-08-02 c:\windows\Tasks\switchDowngrade.job
- c:\program files\NCH Swift Sound\Switch\switch.exe [2010-10-28 12:32]
.
2011-01-09 c:\windows\Tasks\switchShakeIcon.job
- c:\program files\NCH Swift Sound\Switch\switch.exe [2010-10-28 12:32]
.
.
------- Supplementary Scan -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 24.200.241.37 24.200.243.189 24.201.245.77
DPF: {13149882-F480-4F6B-8C6A-0764F75B99ED}
FF - ProfilePath - c:\documents and settings\Yanick\Application Data\Mozilla\Firefox\Profiles\3ibk19br.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2011-09-10 00:58
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(792)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(2992)
c:\documents and settings\Yanick\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Ahead\InCD\InCDsrv.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\bandwidthmeter\BandwidthMeter.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\Common Files\Apple\Apple Application Support\distnoted.exe
c:\program files\Common Files\Apple\Mobile Device Support\SyncServer.exe
.
**************************************************************************
.
Completion time: 2011-09-10 01:01:07 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-10 05:01
ComboFix2.txt 2011-09-08 21:16
ComboFix3.txt 2011-08-11 13:01
.
Pre-Run: 428538441728 bytes free
Post-Run: 428472606720 bytes free
.
- - End Of File - - C0873F8BB177FE1679CB882678ADDE66

yfournier
Novice
Novice

Posts Posts : 9
Joined Joined : 2011-08-25
OS OS : Windows XP SP2
Points Points : 19421
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System unstable, I got a phone call from "Microsoft" (yeah!) to help me Part 1/2

Post by Belahzur on 11th September 2011, 12:28 am

Run ESET Online Scan
Please do an online scan with [You must be registered and logged in to see this link.]. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: System unstable, I got a phone call from "Microsoft" (yeah!) to help me Part 1/2

Post by yfournier on 11th September 2011, 3:33 am

Hi again! Here's the log:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# IEXPLORE.EXE=6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=9e1648558603bf48b724136789c85dae
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=false
# utc_time=2011-09-11 03:31:29
# local_time=2011-09-10 11:31:29 (-0500, Eastern Daylight Time)
# country="Canada"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 1751335 1751335 0 0
# compatibility_mode=1797 16775141 100 93 0 52113884 70202 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=71095
# found=1
# cleaned=1
# scan_time=1505
C:\System Volume Information\_restore{EC988FA4-B5D4-4591-947B-912958AD92E7}\RP330\A0025604.dll a variant of Win32/Kryptik.RQQ trojan (cleaned by deleting - quarantined) 6C9DA596011946204891612A37E9A2A6 C

yfournier
Novice
Novice

Posts Posts : 9
Joined Joined : 2011-08-25
OS OS : Windows XP SP2
Points Points : 19421
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System unstable, I got a phone call from "Microsoft" (yeah!) to help me Part 1/2

Post by Belahzur on 11th September 2011, 11:29 pm

Hello.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :commands
    [clearallrestorepoints]
    [emptytemp]
    [reboot]



  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: System unstable, I got a phone call from "Microsoft" (yeah!) to help me Part 1/2

Post by yfournier on 12th September 2011, 1:11 am

Hello again, here's the log:

All processes killed
========== COMMANDS ==========
Restore points cleared and new OTL Restore Point set!

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56504 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 2424966 bytes
->Java cache emptied: 11791 bytes
->Flash cache emptied: 10837 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 39500 bytes
->Flash cache emptied: 15751 bytes

User: Yanick
->Temp folder emptied: 709768 bytes
->Temporary Internet Files folder emptied: 7353523 bytes
->Java cache emptied: 612800 bytes
->FireFox cache emptied: 265042024 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 136917 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 4285428 bytes
%systemroot%\System32 .tmp files removed: 3770897 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 271,00 mb


OTL by OldTimer - Version 3.2.26.5 log created on 09112011_204428

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

yfournier
Novice
Novice

Posts Posts : 9
Joined Joined : 2011-08-25
OS OS : Windows XP SP2
Points Points : 19421
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System unstable, I got a phone call from "Microsoft" (yeah!) to help me Part 1/2

Post by Belahzur on 16th September 2011, 1:12 am

Hello.
Just some old programs to update now.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    Adobe Reader 9.4.0
    Java(TM) 6 Update 20

Updating Java:

  • Download the latest version of [You must be registered and logged in to see this link.].
  • Click the "Download JRE" button to the right.
  • In the Window that opens, select your platform, check the "agree" box, and click Continue.
  • Click on the link to download Windows Offline Installation and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Then from your desktop double-click on jre-7-windows-i586.exe that you downloaded to install the newest version.

Please download [You must be registered and logged in to see this link.] and install it. It will install over version 5.0 you currently have installed, so you won't lose any bookmarked websites.

Then download and install [You must be registered and logged in to see this link.]

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: System unstable, I got a phone call from "Microsoft" (yeah!) to help me Part 1/2

Post by yfournier on 20th September 2011, 5:46 pm

I have done everything you told me and my computer is back to live again! Thanks so much for your time, it is much appreciated. What is the best way I can contribute? I think your donation system with paypal doesn't work anymore? Let me know. Yanick Fournier

yfournier
Novice
Novice

Posts Posts : 9
Joined Joined : 2011-08-25
OS OS : Windows XP SP2
Points Points : 19421
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum