Jump to content


Photo
- - - - -

Helped by Forum to Delete Rootkit.0Access.H - now what?


  • This topic is locked This topic is locked
50 replies to this topic

#1 longbeachlouise

longbeachlouise

    Advanced Member

  • Honorary Members
  • PipPipPip
  • 224 posts

Posted 13 April 2012 - 07:50 PM

After running MalwareBytes several times, the sticky Rootkit.0Access.H trojan stuck on my Dad's Windows XP computer.

In safety mode, MalwareBytes came up clean, after running and deleting four trojans. I have all the Logs, and screenshots.

Following instructions here for the Rootkit.0Access.H trojan, first, I ran MalwareBytes with everything checked: A drive, C drive, D drive. I took out the usb part for the keyboard/mouse, but need it to click on things.

The virus was still there.

Also, I tried RogueKiller. It brought up a page in French, with Rootkit Max++ on the page.

I tried TDSSKiller, and ComboFix, as per these instructions:

http://forums.malwar...howtopic=106088

ComboFix took over 20 minutes, including 2 boot ups where the resolution came up 600 X 480 and kept going . . .

Then I did a quick scan of Malware bytes, which took 3 minutes, and it came up 0 infected files - yay! But the D drive disappeared from the choices, so it appears to have been disconnected.

But I can still access the internet.

When I did Combofix, I followed the instructions to create the Windows restore feature.

Now, on my Dad's desktop is a file folder of RK_Quarantine, TDSSKiller, and ComboFix.

Should I run anything a 2nd time?

Should I delete the above, before running Malwarebytes?

Should I run anything in Safety mode?

In all the online advice about Rootkit.0Access.H, it never mentioned, Safety mode.

Thanx! :)

#2 longbeachlouise

longbeachlouise

    Advanced Member

  • Honorary Members
  • PipPipPip
  • 224 posts

Posted 13 April 2012 - 07:54 PM

How about,

ESET Online Scanner?

Flash Drive Disinfector?

All this time, the usb device that operates the wireless mouse and keyboard is connected.

Thanx! :)

#3 Elise

Elise

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 8,721 posts
  • Gender:Female
  • Location:Romania

Posted 14 April 2012 - 03:38 AM

Hello and :welcome:

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

regards, Elise

If I am helping you and I haven't replied within 24 hours, please feel free to send me a PM.

Posted Image


#4 longbeachlouise

longbeachlouise

    Advanced Member

  • Honorary Members
  • PipPipPip
  • 224 posts

Posted 14 April 2012 - 07:30 PM

Hi Elise,

Thanx so much for quick response! This is my father's computer - I am concerned to do it right!

Here follows the dds text report, with the attach zipped attached.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by William Timmons at 17:13:14 on 2012-04-14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.1116 [GMT -7:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\astsrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nlssrv32.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\iPod\bin\iPodService.exe
svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [TClockEx] c:\program files\tclockex\TCLOCKEX.EXE
uRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NVMCTRAY.DLL,NvTaskbarInit
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [Acronis True Image Monitor] "c:\program files\acronis\trueimage\TrueImageMonitor.exe"
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/w...&"ver=10.0.1415
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\willia~1\startm~1\programs\startup\pictur~1.lnk - c:\program files\sony\sony picture utility\volumewatcher\SPUVolumeWatcher.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ecco32.lnk - c:\documents and settings\william timmons\my documents\computer\ecco installation\ecco pro\ecco\ecco32.exe
uPolicies-explorer: NoInstrumentation = 1
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1266928257656
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: intelUsb3Sevices - usbniw32.dll
Notify: usbniw32 - usbniw32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
============= SERVICES / DRIVERS ===============
.
R2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\nlssrv32.exe [2010-11-16 66560]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2011-12-4 793048]
S1 vxstwucp;vxstwucp;\??\c:\windows\system32\drivers\vxstwucp.sys --> c:\windows\system32\drivers\vxstwucp.sys [?]
S1 xcvtdxyv;xcvtdxyv;\??\c:\windows\system32\drivers\xcvtdxyv.sys --> c:\windows\system32\drivers\xcvtdxyv.sys [?]
S2 DivisCTS;CoachAud;c:\windows\system32\svchost.exe -k netsvcs [2003-3-31 14336]
S2 GV600_4;Tfsnudf;c:\windows\system32\svchost.exe -k netsvcs [2003-3-31 14336]
S2 mferkdk;Mbr;c:\windows\system32\svchost.exe -k netsvcs [2003-3-31 14336]
S2 NEC Usb3;NEC USB3 Service;c:\windows\system32\svchost.exe -k NECUsb3s [2003-3-31 14336]
S2 pctfw1;Symantecantibotwatcher;c:\windows\system32\svchost.exe -k netsvcs [2003-3-31 14336]
S2 regdefend;SE2Bobex;c:\windows\system32\svchost.exe -k netsvcs [2003-3-31 14336]
S2 savrtpel;Dlbt_device;c:\windows\system32\svchost.exe -k netsvcs [2003-3-31 14336]
S2 Slpsvdr;Diskperf;c:\windows\system32\svchost.exe -k netsvcs [2003-3-31 14336]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-7 253600]
S3 maa950c;maa950c;c:\windows\system32\drivers\maa950c.sys [2010-2-23 24784]
S3 maa950m;maa950m;c:\windows\system32\drivers\maa950m.sys [2010-2-23 25044]
S3 maa950u;maa950u;c:\windows\system32\drivers\maa950u.sys [2010-2-23 49237]
.
=============== Created Last 30 ================
.
2012-04-13 23:17:31 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-04-13 23:15:42 -------- d-sha-r- C:\cmdcons
2012-04-13 23:14:08 98816 ----a-w- c:\windows\sed.exe
2012-04-13 23:14:08 518144 ----a-w- c:\windows\SWREG.exe
2012-04-13 23:14:08 256000 ----a-w- c:\windows\PEV.exe
2012-04-13 23:14:08 208896 ----a-w- c:\windows\MBR.exe
2012-04-13 22:11:51 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-11 13:27:22 38400 ----a-w- c:\windows\system32\usbniw32.dll
2012-04-10 18:18:35 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-10 18:18:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-07 09:10:13 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-04 05:53:56 182160 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2012-03-19 20:07:19 -------- d-sh--w- c:\documents and settings\william timmons\IECompatCache
.
==================== Find3M ====================
.
2012-04-13 22:13:09 64512 ----a-w- c:\windows\system32\drivers\serial.sys
2012-04-07 09:10:13 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-10 00:29:33 544256 ----a-w- c:\windows\system32\AutoPartNt.exe
2012-03-01 11:01:32 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01:32 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01:32 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10:16 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17:40 385024 ----a-w- c:\windows\system32\html.iec
2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-31 12:44:05 237072 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 17:13:48.70 ===============


Thank you again! :D

Attached Files



#5 Elise

Elise

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 8,721 posts
  • Gender:Female
  • Location:Romania

Posted 15 April 2012 - 04:36 AM

Looks like you ran combofix as well. Can you please post me the log at c:\combofix.txt?
regards, Elise

If I am helping you and I haven't replied within 24 hours, please feel free to send me a PM.

Posted Image


#6 longbeachlouise

longbeachlouise

    Advanced Member

  • Honorary Members
  • PipPipPip
  • 224 posts

Posted 15 April 2012 - 02:57 PM

Hi, It has to be an attachment, right? Here it is, attached.

Thank you.
- L

Attached Files

  • Attached File  log.txt   13.14KB   17 downloads


#7 Elise

Elise

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 8,721 posts
  • Gender:Female
  • Location:Romania

Posted 16 April 2012 - 10:30 AM

My apologies, for some reason this topic did not show up in my notifications. Can you please rerun combofix (update if asked to) and post me the new log?
regards, Elise

If I am helping you and I haven't replied within 24 hours, please feel free to send me a PM.

Posted Image


#8 Elise

Elise

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 8,721 posts
  • Gender:Female
  • Location:Romania

Posted 16 April 2012 - 10:31 AM

Sorry, duplicate, please see my previous post.
regards, Elise

If I am helping you and I haven't replied within 24 hours, please feel free to send me a PM.

Posted Image


#9 longbeachlouise

longbeachlouise

    Advanced Member

  • Honorary Members
  • PipPipPip
  • 224 posts

Posted 16 April 2012 - 12:35 PM

OK. When I run it, I am still linked to the internet.

#10 longbeachlouise

longbeachlouise

    Advanced Member

  • Honorary Members
  • PipPipPip
  • 224 posts

Posted 16 April 2012 - 01:16 PM

Thanx - here it is!

BTW, the computer is buggy. The screen is slowmo on the refresh, as I scroll down. The browser window refreshes in segments.

The D drive is disconnected, too.

The Standby on the left option on Shutting Down is not clickable.

Attached Files



#11 Elise

Elise

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 8,721 posts
  • Gender:Female
  • Location:Romania

Posted 16 April 2012 - 02:24 PM

Hi again, lets do also an additional scan here.

OTL
-----
Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Copy and Paste the following code into the Posted Image textbox.
    netsvcs
  • Push Posted Image
  • A report will open. Copy and Paste that report in your next reply.

regards, Elise

If I am helping you and I haven't replied within 24 hours, please feel free to send me a PM.

Posted Image


#12 longbeachlouise

longbeachlouise

    Advanced Member

  • Honorary Members
  • PipPipPip
  • 224 posts

Posted 16 April 2012 - 02:41 PM

Hi, Thanx. Here is the report:

OTL logfile created on: 4/16/2012 12:30:35 PM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\William Timmons\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 1.01 Gb Available Physical Memory | 67.57% Memory free
3.35 Gb Paging File | 2.99 Gb Available in Paging File | 89.20% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 211.93 Gb Free Space | 91.00% Space Free | Partition Type: NTFS

Computer Name: BILL_DESKTOP | User Name: William Timmons | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/16 12:29:28 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\William Timmons\Desktop\OTL.exe
PRC - [2011/10/25 11:44:42 | 000,793,048 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2010/11/22 15:50:26 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) -- C:\WINDOWS\system32\nlssrv32.exe
PRC - [2010/02/24 00:00:13 | 000,069,632 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2010/02/24 00:00:12 | 000,419,408 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
PRC - [2010/02/24 00:00:12 | 000,151,552 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/07 11:04:10 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) -- C:\WINDOWS\system32\ASTSRV.EXE
PRC - [2007/12/16 20:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
PRC - [2007/01/19 20:13:32 | 000,344,064 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
PRC - [2007/01/10 20:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
PRC - [2004/09/16 05:39:44 | 000,069,632 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE


========== Modules (No Company Name) ==========

MOD - [2012/04/11 06:27:22 | 000,038,400 | ---- | M] () -- C:\WINDOWS\system32\usbniw32.dll
MOD - [2009/11/03 16:51:42 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/11/03 16:51:26 | 000,039,712 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ss_mdm.dll -- (winpowermonitor)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\btaudio.dll -- (vxsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\eeyeevnt.dll -- (vds)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\OEM02Afx.dll -- (tversitymediaserver)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pdscheduler.dll -- (tabletservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\alcxwdm.dll -- (StickyMesger)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Epiusb.dll -- (spcsutilityservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\iSMBIOS.dll -- (Slpsvdr)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\wltrysvc.dll -- (Sk99202k)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mspqm.dll -- (sffp_sd)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ctljystk.dll -- (sbpci)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Amsmpu4p.dll -- (savrtpel)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ctxhttp.dll -- (s117unic)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\rtl8023.dll -- (ROB_V)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pdlndldl.dll -- (regdefend)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\upperdev.dll -- (QWAVE)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\AmdLLD.dll -- (prohlp02)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SE2Cmdfl.dll -- (prism_a02)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SecureStorageService.dll -- (pdiddcci)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cpqfws2e.dll -- (pctfw1)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\bc_filter.dll -- (pcidrv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\qbreminderflash.dll -- (ntrtscan)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dot4scan.dll -- (nmwcdc)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\usbnaw32.dll -- (NEC Usb3)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\padfsvr.dll -- (mxssvr)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\lxcd_device.dll -- (mferkdk)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\WUSB54GCSVC.dll -- (M2500)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\amdk7.dll -- (issvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\winvnc4.dll -- (iPassPeriodicUpdateService)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\symc810.dll -- (incdpass)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ZuneWlanCfgSvc.dll -- (GV600_4)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pdlnsv25.dll -- (DivisCTS)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\s616unic.dll -- (digirefresh)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ichaud.dll -- (cfosspeeds)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ibmfilter.dll -- (cebdaldr)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mlkkbdntdriver.dll -- (carboniteservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cwafadmincontroller.dll -- (bmwebcfg)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tfsncofs.dll -- (bc_ngn)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\MegaSR.dll -- (AVerBDA)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mxserver.dll -- (ar5211)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2012/04/07 02:10:13 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011/10/25 11:44:42 | 000,793,048 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2010/11/22 15:50:26 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\WINDOWS\system32\nlssrv32.exe -- (nlsX86cc)
SRV - [2010/02/24 00:00:12 | 000,151,552 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2008/01/07 11:04:10 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\WINDOWS\system32\ASTSRV.EXE -- (astcc)
SRV - [2007/12/16 20:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE -- (EPSON_EB_RPCV4_01) EPSON V5 Service4(01)
SRV - [2007/01/10 20:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\xcvtdxyv.sys -- (xcvtdxyv)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\vxstwucp.sys -- (vxstwucp)
DRV - File not found [Kernel | Boot | Stopped] -- System32\DRIVERS\viamraid.sys -- (viamraid)
DRV - File not found [Kernel | Boot | Stopped] -- system32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\DRIVERS\nv4_mini.sys -- (nv)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\DRIVERS\fetnd5.sys -- (FETNDIS)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\cmuda.sys -- (cmuda)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\WILLIA~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/02/24 00:00:11 | 000,211,520 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\timntr.sys -- (timounter)
DRV - [2010/02/24 00:00:11 | 000,082,464 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\snapman.sys -- (snapman)
DRV - [2010/02/24 00:00:11 | 000,028,896 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2009/05/03 20:32:16 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2007/04/16 22:46:00 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2007/01/17 20:03:18 | 000,049,237 | R--- | M] (Mobile Action Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\maa950u.sys -- (maa950u)
DRV - [2007/01/15 20:44:46 | 000,011,986 | R--- | M] (Mobile Action Technology Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\MaVc2K.sys -- (MaVctrl)
DRV - [2005/08/17 20:44:50 | 000,049,867 | R--- | M] (Mobile Action Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mardp2k.sys -- (MaRdPnp)
DRV - [2005/06/16 03:13:12 | 000,025,044 | R--- | M] (Mobile Action Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\maa950m.sys -- (maa950m)
DRV - [2005/06/16 03:11:58 | 000,024,784 | R--- | M] (Mobile Action Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\maa950c.sys -- (maa950c)
DRV - [2004/09/21 04:53:18 | 002,278,784 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2003/07/02 05:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\VIAAGP1.SYS -- (viaagp1)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...referrer:source?}


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-796845957-1275210071-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-796845957-1275210071-839522115-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-796845957-1275210071-839522115-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKU\S-1-5-21-796845957-1275210071-839522115-1003\..\SearchScopes\{C475A1DF-29EE-4CBC-8E82-1314365DC409}: "URL" = http://search.avg.co...}&ychte=us&nt=1
IE - HKU\S-1-5-21-796845957-1275210071-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-796845957-1275210071-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



O1 HOSTS File: ([2012/04/13 16:33:58 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKU\S-1-5-21-796845957-1275210071-839522115-1003\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKU\S-1-5-21-796845957-1275210071-839522115-1003\..\Toolbar\WebBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - No CLSID value found.
O3 - HKU\S-1-5-21-796845957-1275210071-839522115-1003\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [Acronis True Image Monitor] C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKU\S-1-5-21-796845957-1275210071-839522115-1003..\Run: [NvMediaCenter] C:\WINDOWS\System32\NVMCTRAY.DLL (NVIDIA Corporation)
O4 - HKU\S-1-5-21-796845957-1275210071-839522115-1003..\Run: [TClockEx] C:\Program Files\TClockEx\TCLOCKEX.EXE (Dale Nurden)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ecco32.lnk = C:\Documents and Settings\William Timmons\My Documents\Computer\ECCO Installation\Ecco Pro\ECCO\ecco32.exe (NetManage, Inc.)
O4 - Startup: C:\Documents and Settings\William Timmons\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon: DisableCAD = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-796845957-1275210071-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-796845957-1275210071-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-796845957-1275210071-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O7 - HKU\S-1-5-21-796845957-1275210071-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-796845957-1275210071-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1266928257656 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5090652B-9888-4256-BA59-CA694EEC5FC9}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\intelUsb3Sevices: DllName - (usbniw32.dll) - C:\WINDOWS\System32\usbniw32.dll ()
O20 - Winlogon\Notify\usbniw32: DllName - (usbniw32.dll) - C:\WINDOWS\System32\usbniw32.dll ()
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/02/21 08:35:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: cfosspeeds - %systemroot%\system32\ichaud.dll File not found
NetSvcs: spcsutilityservice - %systemroot%\system32\Epiusb.dll File not found
NetSvcs: sbpci - %systemroot%\system32\ctljystk.dll File not found
NetSvcs: pdiddcci - %systemroot%\system32\SecureStorageService.dll File not found
NetSvcs: ar5211 - %systemroot%\system32\mxserver.dll File not found
NetSvcs: Slpsvdr - %systemroot%\system32\iSMBIOS.dll File not found
NetSvcs: StickyMesger - %systemroot%\system32\alcxwdm.dll File not found
NetSvcs: ntrtscan - %systemroot%\system32\qbreminderflash.dll File not found
NetSvcs: bc_ngn - %systemroot%\system32\tfsncofs.dll File not found
NetSvcs: s117unic - %systemroot%\system32\ctxhttp.dll File not found
NetSvcs: AVerBDA - %systemroot%\system32\MegaSR.dll File not found
NetSvcs: tabletservice - %systemroot%\system32\pdscheduler.dll File not found
NetSvcs: nmwcdc - %systemroot%\system32\dot4scan.dll File not found
NetSvcs: ROB_V - %systemroot%\system32\rtl8023.dll File not found
NetSvcs: sffp_sd - %systemroot%\system32\mspqm.dll File not found
NetSvcs: prohlp02 - %systemroot%\system32\AmdLLD.dll File not found
NetSvcs: iPassPeriodicUpdateService - %systemroot%\system32\winvnc4.dll File not found
NetSvcs: cebdaldr - %systemroot%\system32\ibmfilter.dll File not found
NetSvcs: prism_a02 - %systemroot%\system32\SE2Cmdfl.dll File not found
NetSvcs: M2500 - %systemroot%\system32\WUSB54GCSVC.dll File not found
NetSvcs: incdpass - %systemroot%\system32\symc810.dll File not found
NetSvcs: pcidrv - %systemroot%\system32\bc_filter.dll File not found
NetSvcs: DivisCTS - %systemroot%\system32\pdlnsv25.dll File not found
NetSvcs: vds - %systemroot%\system32\eeyeevnt.dll File not found
NetSvcs: carboniteservice - %systemroot%\system32\mlkkbdntdriver.dll File not found
NetSvcs: savrtpel - %systemroot%\system32\Amsmpu4p.dll File not found
NetSvcs: mxssvr - %systemroot%\system32\padfsvr.dll File not found
NetSvcs: issvc - %systemroot%\system32\amdk7.dll File not found
NetSvcs: mferkdk - %systemroot%\system32\lxcd_device.dll File not found
NetSvcs: regdefend - %systemroot%\system32\pdlndldl.dll File not found
NetSvcs: vxsvc - %systemroot%\system32\btaudio.dll File not found
NetSvcs: tversitymediaserver - %systemroot%\system32\OEM02Afx.dll File not found
NetSvcs: bmwebcfg - %systemroot%\system32\cwafadmincontroller.dll File not found
NetSvcs: pctfw1 - %systemroot%\system32\cpqfws2e.dll File not found
NetSvcs: digirefresh - %systemroot%\system32\s616unic.dll File not found
NetSvcs: Sk99202k - %systemroot%\system32\wltrysvc.dll File not found
NetSvcs: QWAVE - %systemroot%\system32\upperdev.dll File not found
NetSvcs: GV600_4 - %systemroot%\system32\ZuneWlanCfgSvc.dll File not found
NetSvcs: winpowermonitor - %systemroot%\system32\ss_mdm.dll File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/04/16 12:29:26 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\William Timmons\Desktop\OTL.exe
[2012/04/13 16:15:42 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/04/13 16:14:08 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/04/13 16:14:08 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/04/13 16:14:08 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/04/13 16:14:08 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/04/13 16:14:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/04/13 16:13:58 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/13 16:13:54 | 000,000,000 | R--D | C] -- C:\Documents and Settings\William Timmons\Start Menu\Programs\Administrative Tools
[2012/04/13 16:11:41 | 004,461,135 | R--- | C] (Swearware) -- C:\Documents and Settings\William Timmons\Desktop\ComboFix.exe
[2012/04/13 15:11:51 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/04/13 14:54:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\William Timmons\Desktop\MalwareBytesReports
[2012/04/13 14:52:10 | 002,071,600 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\William Timmons\Desktop\tdsskiller.exe
[2012/04/13 14:47:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\William Timmons\Desktop\RK_Quarantine
[2012/04/11 01:45:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
[2012/04/10 23:55:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2012/04/10 12:29:51 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\William Timmons\Recent
[2012/04/10 11:18:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/04/10 11:18:35 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/04/10 11:18:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/04/09 23:23:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/04/09 23:23:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2012/04/07 02:10:13 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/04/02 16:19:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\William Timmons\Application Data\FileZilla
[2012/03/31 17:47:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2012/03/25 07:31:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\William Timmons\My Documents\Forum
[2012/03/19 13:07:19 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\William Timmons\IECompatCache

========== Files - Modified Within 30 Days ==========

[2012/04/16 12:29:28 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\William Timmons\Desktop\OTL.exe
[2012/04/16 12:28:52 | 000,001,516 | ---- | M] () -- C:\WINDOWS\ECCO.CFX
[2012/04/16 12:28:52 | 000,001,356 | ---- | M] () -- C:\WINDOWS\ecco.fdb
[2012/04/16 12:28:45 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/16 12:27:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/16 11:06:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/04/15 12:53:48 | 000,571,060 | ---- | M] () -- C:\WINDOWS\ecco.alm
[2012/04/14 17:26:28 | 000,004,265 | ---- | M] () -- C:\Documents and Settings\William Timmons\Desktop\attach.zip
[2012/04/14 17:08:36 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/04/13 16:33:58 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/04/13 16:15:46 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/04/13 16:11:41 | 004,461,135 | R--- | M] (Swearware) -- C:\Documents and Settings\William Timmons\Desktop\ComboFix.exe
[2012/04/13 15:27:02 | 000,000,536 | ---- | M] () -- C:\WINDOWS\tasks\RMSmartUpdate.job
[2012/04/13 14:52:10 | 002,071,600 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\William Timmons\Desktop\tdsskiller.exe
[2012/04/11 06:31:57 | 000,115,686 | ---- | M] () -- C:\WINDOWS\System32\itldvupd.dat
[2012/04/11 06:31:57 | 000,000,198 | ---- | M] () -- C:\WINDOWS\System32\itlsvc.dat
[2012/04/11 06:27:22 | 000,038,400 | ---- | M] () -- C:\WINDOWS\System32\usbniw32.dll
[2012/04/10 22:37:43 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\William Timmons\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk
[2012/04/10 22:01:42 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/04/10 16:58:01 | 000,462,156 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/04/10 16:58:01 | 000,078,484 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/04/10 12:05:31 | 000,000,300 | ---- | M] () -- C:\Documents and Settings\William Timmons\Desktop\FNB.url
[2012/04/10 11:43:10 | 000,000,195 | ---- | M] () -- C:\Documents and Settings\William Timmons\Desktop\Juniper.url
[2012/04/10 11:18:42 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/10 11:15:51 | 000,000,211 | ---- | M] () -- C:\Documents and Settings\William Timmons\Application Data\Microsoft\Internet Explorer\Quick Launch\Google.url
[2012/04/09 23:39:16 | 000,000,206 | ---- | M] () -- C:\Documents and Settings\William Timmons\Desktop\CNN.url
[2012/04/09 21:14:59 | 000,000,731 | ---- | M] () -- C:\Documents and Settings\William Timmons\Desktop\Jetnet.url
[2012/04/09 21:13:54 | 000,000,183 | ---- | M] () -- C:\Documents and Settings\William Timmons\Desktop\NOAA's Weather.url
[2012/04/09 16:20:20 | 000,000,244 | ---- | M] () -- C:\Documents and Settings\William Timmons\Desktop\UAL Reservation.url
[2012/04/09 15:36:16 | 000,000,193 | ---- | M] () -- C:\Documents and Settings\William Timmons\Desktop\UAL Interline Listing.url
[2012/04/09 12:05:24 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/04/07 02:10:13 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/04/07 02:10:13 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/04/06 19:20:29 | 000,000,200 | ---- | M] () -- C:\Documents and Settings\William Timmons\Desktop\Netflix.url
[2012/04/06 00:21:11 | 000,000,158 | ---- | M] () -- C:\Documents and Settings\William Timmons\Desktop\CME Group Holiday Calendar.url
[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/04/04 14:59:02 | 000,000,194 | ---- | M] () -- C:\Documents and Settings\William Timmons\Desktop\Science News - The New York Times.url
[2012/04/04 14:11:29 | 000,000,322 | ---- | M] () -- C:\Documents and Settings\William Timmons\Desktop\U.S. Surface Weather.url
[2012/04/02 17:17:50 | 000,000,151 | ---- | M] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2012/03/31 19:02:40 | 001,179,233 | ---- | M] () -- C:\Documents and Settings\William Timmons\My Documents\Gmail - Inbox - espressocloud@gmail_com.mht
[2012/03/31 17:47:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/03/27 11:10:01 | 000,000,285 | ---- | M] () -- C:\Documents and Settings\William Timmons\Desktop\Sigalert.com Los Angeles Traffic Map.url
[2012/03/21 22:28:50 | 000,000,210 | ---- | M] () -- C:\Documents and Settings\William Timmons\Desktop\Powerball Wed Sat.url
[2012/03/20 16:30:05 | 000,000,264 | ---- | M] () -- C:\Documents and Settings\William Timmons\Desktop\Chase.url
[2012/03/20 09:34:19 | 000,000,379 | ---- | M] () -- C:\Documents and Settings\William Timmons\Desktop\switch box.url
[2012/03/19 21:31:11 | 000,000,282 | ---- | M] () -- C:\Documents and Settings\William Timmons\Desktop\Current night sky LA.url
[2012/03/19 17:52:45 | 000,008,192 | ---- | M] () -- C:\Documents and Settings\William Timmons\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Files Created - No Company Name ==========

[2012/04/14 17:26:28 | 000,004,265 | ---- | C] () -- C:\Documents and Settings\William Timmons\Desktop\attach.zip
[2012/04/13 16:15:46 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/04/13 16:15:42 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/04/13 16:14:08 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/04/13 16:14:08 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/04/13 16:14:08 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/04/13 16:14:08 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/04/13 16:14:08 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/04/11 06:31:57 | 000,115,686 | ---- | C] () -- C:\WINDOWS\System32\itldvupd.dat
[2012/04/11 06:31:57 | 000,000,198 | ---- | C] () -- C:\WINDOWS\System32\itlsvc.dat
[2012/04/11 06:27:22 | 000,038,400 | ---- | C] () -- C:\WINDOWS\System32\usbniw32.dll
[2012/04/10 11:18:42 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/09 23:37:09 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/04/07 02:10:14 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/04/06 00:21:11 | 000,000,158 | ---- | C] () -- C:\Documents and Settings\William Timmons\Desktop\CME Group Holiday Calendar.url
[2012/04/04 14:51:31 | 000,000,194 | ---- | C] () -- C:\Documents and Settings\William Timmons\Desktop\Science News - The New York Times.url
[2012/03/31 19:02:35 | 001,179,233 | ---- | C] () -- C:\Documents and Settings\William Timmons\My Documents\Gmail - Inbox - espressocloud@gmail_com.mht
[2012/03/22 20:09:55 | 000,000,200 | ---- | C] () -- C:\Documents and Settings\William Timmons\Desktop\Netflix.url
[2012/03/21 22:28:30 | 000,000,210 | ---- | C] () -- C:\Documents and Settings\William Timmons\Desktop\Powerball Wed Sat.url
[2012/03/20 14:32:13 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/03/20 09:34:19 | 000,000,379 | ---- | C] () -- C:\Documents and Settings\William Timmons\Desktop\switch box.url
[2012/02/14 14:44:36 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/12/04 08:26:54 | 000,037,336 | ---- | C] () -- C:\WINDOWS\System32\CleanMFT32.exe
[2011/11/14 19:28:12 | 000,119,384 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/11/14 18:53:07 | 000,000,272 | ---- | C] () -- C:\Documents and Settings\William Timmons\Application Data\.backup.dm
[2010/09/13 06:44:36 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/07/20 11:39:58 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\William Timmons\Local Settings\Application Data\prvlcl.dat
[2010/07/02 15:10:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\FileMgrExe.INI
< End of report >

#13 longbeachlouise

longbeachlouise

    Advanced Member

  • Honorary Members
  • PipPipPip
  • 224 posts

Posted 16 April 2012 - 02:42 PM

Here is a 2nd text file which opened, called: Extras.Txt:

OTL Extras logfile created on: 4/16/2012 12:30:35 PM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\William Timmons\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 1.01 Gb Available Physical Memory | 67.57% Memory free
3.35 Gb Paging File | 2.99 Gb Available in Paging File | 89.20% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 211.93 Gb Free Space | 91.00% Space Free | Partition Type: NTFS

Computer Name: BILL_DESKTOP | User Name: William Timmons | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\TeamViewer\Version7\TeamViewer.exe" = C:\Program Files\TeamViewer\Version7\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe" = C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java™ 6 Update 29
"{30BB4D60-81DB-11D5-BB77-00400536ABAC}" = OLYMPUS CAMEDIA Master 4.1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A918DE8A-98C8-0920-0001-000000000000}" = Multimedia Samples
"{A918DE8A-98C8-0950-0000-000000320129}" = Samsung R500 Hue USB - Handset Manager V9.5
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Picture Package Music Transfer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{E9AE9A91-AB45-4321-87BD-AD34855D944F}" = Chessmaster 10th Edition
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"ATCTrader Demo_is1" = ATCTrader Demo 3.5
"ATCTrader_is1" = ATCTrader 3.5
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"ECCO Pro" = NetManage ECCO Pro
"ECCO Pro Documentation" = NetManage ECCO Pro Documentation
"EPSON Scanner" = EPSON Scan
"EPSON Stylus NX400 Series" = EPSON Stylus NX400 Series Printer Uninstall
"Icon Restore_is1" = Icon Restore 1.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{E9AE9A91-AB45-4321-87BD-AD34855D944F}" = Chessmaster 10th Edition
"Logitech Unifying" = Logitech Unifying Software 2.00
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"OEC Chart Package Demo_is1" = OEC Chart Package Demo 3.5
"OEC Chart Package_is1" = OEC Chart Package 3.5
"OEC Excel Add-In_is1" = OEC Excel Add-In 3.3
"OEC Market Replay Demo_is1" = OEC Market Replay Demo 3.5
"OEC Market Replay_is1" = OEC Market Replay 3.5
"OEC RSS News Feed Demo_is1" = OEC RSS News Feed Demo 3.5
"OEC RSS News Feed_is1" = OEC RSS News Feed 3.5
"Registry Mechanic_is1" = PC Tools Registry Mechanic 11.0
"TClockEx_is1" = TClockEx
"TeamViewer 7" = TeamViewer 7
"TrueImage" = Acronis True Image
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast-Ethernet Adapter
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/16/2012 1:43:44 PM | Computer Name = BILL_DESKTOP | Source = Service Control Manager | ID = 7023
Description =

Error - 4/16/2012 1:43:54 PM | Computer Name = BILL_DESKTOP | Source = Service Control Manager | ID = 7023
Description =

Error - 4/16/2012 1:44:04 PM | Computer Name = BILL_DESKTOP | Source = Service Control Manager | ID = 7023
Description =

Error - 4/16/2012 1:44:14 PM | Computer Name = BILL_DESKTOP | Source = Service Control Manager | ID = 7023
Description =

Error - 4/16/2012 1:44:24 PM | Computer Name = BILL_DESKTOP | Source = Service Control Manager | ID = 7023
Description =

Error - 4/16/2012 1:44:34 PM | Computer Name = BILL_DESKTOP | Source = Service Control Manager | ID = 7023
Description =

Error - 4/16/2012 1:44:45 PM | Computer Name = BILL_DESKTOP | Source = Service Control Manager | ID = 7023
Description =

Error - 4/16/2012 1:44:54 PM | Computer Name = BILL_DESKTOP | Source = Service Control Manager | ID = 7023
Description =

Error - 4/16/2012 1:45:05 PM | Computer Name = BILL_DESKTOP | Source = Service Control Manager | ID = 7023
Description =

Error - 4/16/2012 2:06:23 PM | Computer Name = BILL_DESKTOP | Source = Service Control Manager | ID = 7023
Description =

[ Application Events ]
Error - 4/16/2012 1:43:44 PM | Computer Name = BILL_DESKTOP | Source = Service Control Manager | ID = 7023
Description =

Error - 4/16/2012 1:43:54 PM | Computer Name = BILL_DESKTOP | Source = Service Control Manager | ID = 7023
Description =

Error - 4/16/2012 1:44:04 PM | Computer Name = BILL_DESKTOP | Source = Service Control Manager | ID = 7023
Description =

Error - 4/16/2012 1:44:14 PM | Computer Name = BILL_DESKTOP | Source = Service Control Manager | ID = 7023
Description =

Error - 4/16/2012 1:44:24 PM | Computer Name = BILL_DESKTOP | Source = Service Control Manager | ID = 7023
Description =

Error - 4/16/2012 1:44:34 PM | Computer Name = BILL_DESKTOP | Source = Service Control Manager | ID = 7023
Description =

Error - 4/16/2012 1:44:45 PM | Computer Name = BILL_DESKTOP | Source = Service Control Manager | ID = 7023
Description =

Error - 4/16/2012 1:44:54 PM | Computer Name = BILL_DESKTOP | Source = Service Control Manager | ID = 7023
Description =

Error - 4/16/2012 1:45:05 PM | Computer Name = BILL_DESKTOP | Source = Service Control Manager | ID = 7023
Description =

Error - 4/16/2012 2:06:23 PM | Computer Name = BILL_DESKTOP | Source = Service Control Manager | ID = 7023
Description =

[ System Events ]
Error - 4/16/2012 1:43:44 PM | Computer Name = BILL_DESKTOP | Source = Service Control Manager | ID = 7023
Description = The NEC USB3 Service service terminated with the following error:
%%126

Error - 4/16/2012 1:43:54 PM | Computer Name = BILL_DESKTOP | Source = Service Control Manager | ID = 7023
Description = The NEC USB3 Service service terminated with the following error:
%%126

Error - 4/16/2012 1:44:04 PM | Computer Name = BILL_DESKTOP | Source = Service Control Manager | ID = 7023
Description = The NEC USB3 Service service terminated with the following error:
%%126

Error - 4/16/2012 1:44:14 PM | Computer Name = BILL_DESKTOP | Source = Service Control Manager | ID = 7023
Description = The NEC USB3 Service service terminated with the following error:
%%126

Error - 4/16/2012 1:44:24 PM | Computer Name = BILL_DESKTOP | Source = Service Control Manager | ID = 7023
Description = The NEC USB3 Service service terminated with the following error:
%%126

Error - 4/16/2012 1:44:34 PM | Computer Name = BILL_DESKTOP | Source = Service Control Manager | ID = 7023
Description = The NEC USB3 Service service terminated with the following error:
%%126

Error - 4/16/2012 1:44:45 PM | Computer Name = BILL_DESKTOP | Source = Service Control Manager | ID = 7023
Description = The NEC USB3 Service service terminated with the following error:
%%126

Error - 4/16/2012 1:44:54 PM | Computer Name = BILL_DESKTOP | Source = Service Control Manager | ID = 7023
Description = The NEC USB3 Service service terminated with the following error:
%%126

Error - 4/16/2012 1:45:05 PM | Computer Name = BILL_DESKTOP | Source = Service Control Manager | ID = 7023
Description = The NEC USB3 Service service terminated with the following error:
%%126

Error - 4/16/2012 2:06:23 PM | Computer Name = BILL_DESKTOP | Source = Service Control Manager | ID = 7023
Description = The NEC USB3 Service service terminated with the following error:
%%126

[ System Events ]
Error - 4/16/2012 1:43:44 PM | Computer Name = BILL_DESKTOP | Source = Service Control Manager | ID = 7023
Description = The NEC USB3 Service service terminated with the following error:
%%126

Error - 4/16/2012 1:43:54 PM | Computer Name = BILL_DESKTOP | Source = Service Control Manager | ID = 7023
Description = The NEC USB3 Service service terminated with the following error:
%%126

Error - 4/16/2012 1:44:04 PM | Computer Name = BILL_DESKTOP | Source = Service Control Manager | ID = 7023
Description = The NEC USB3 Service service terminated with the following error:
%%126

Error - 4/16/2012 1:44:14 PM | Computer Name = BILL_DESKTOP | Source = Service Control Manager | ID = 7023
Description = The NEC USB3 Service service terminated with the following error:
%%126

Error - 4/16/2012 1:44:24 PM | Computer Name = BILL_DESKTOP | Source = Service Control Manager | ID = 7023
Description = The NEC USB3 Service service terminated with the following error:
%%126

Error - 4/16/2012 1:44:34 PM | Computer Name = BILL_DESKTOP | Source = Service Control Manager | ID = 7023
Description = The NEC USB3 Service service terminated with the following error:
%%126

Error - 4/16/2012 1:44:45 PM | Computer Name = BILL_DESKTOP | Source = Service Control Manager | ID = 7023
Description = The NEC USB3 Service service terminated with the following error:
%%126

Error - 4/16/2012 1:44:54 PM | Computer Name = BILL_DESKTOP | Source = Service Control Manager | ID = 7023
Description = The NEC USB3 Service service terminated with the following error:
%%126

Error - 4/16/2012 1:45:05 PM | Computer Name = BILL_DESKTOP | Source = Service Control Manager | ID = 7023
Description = The NEC USB3 Service service terminated with the following error:
%%126

Error - 4/16/2012 2:06:23 PM | Computer Name = BILL_DESKTOP | Source = Service Control Manager | ID = 7023
Description = The NEC USB3 Service service terminated with the following error:
%%126


< End of report >

#14 Elise

Elise

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 8,721 posts
  • Gender:Female
  • Location:Romania

Posted 16 April 2012 - 03:14 PM

Hi again, lets do some additional cleanup. :)

OTL FIX
------------
We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :otl
    DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\xcvtdxyv.sys -- (xcvtdxyv)
    DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\vxstwucp.sys -- (vxstwucp)
    SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\usbnaw32.dll -- (NEC Usb3)
    O20 - Winlogon\Notify\intelUsb3Sevices: DllName - (usbniw32.dll) - C:\WINDOWS\System32\usbniw32.dll ()
    O20 - Winlogon\Notify\usbniw32: DllName - (usbniw32.dll) - C:\WINDOWS\System32\usbniw32.dll ()
    
    :commands
    [emptytemp]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.

Let me know how things are running afterwards (its late here, so I'll reply back to you tomorrow morning my time zone :)).
regards, Elise

If I am helping you and I haven't replied within 24 hours, please feel free to send me a PM.

Posted Image


#15 longbeachlouise

longbeachlouise

    Advanced Member

  • Honorary Members
  • PipPipPip
  • 224 posts

Posted 16 April 2012 - 03:37 PM

OK. I'll expect to hear from you in the middle of my night! LOL. Here is the report:

All processes killed
========== OTL ==========
Service xcvtdxyv stopped successfully!
Service xcvtdxyv deleted successfully!
File C:\WINDOWS\system32\drivers\xcvtdxyv.sys not found.
Service vxstwucp stopped successfully!
Service vxstwucp deleted successfully!
File C:\WINDOWS\system32\drivers\vxstwucp.sys not found.
Service NEC Usb3 stopped successfully!
Service NEC Usb3 deleted successfully!
File C:\WINDOWS\system32\usbnaw32.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\intelUsb3Sevices\ deleted successfully.
C:\WINDOWS\system32\usbniw32.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\usbniw32\ deleted successfully.
File C:\WINDOWS\System32\usbniw32.dll not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 49286 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Java cache emptied: 13309 bytes
->Flash cache emptied: 47052 bytes

User: William Timmons
->Temp folder emptied: 1396 bytes
->Temporary Internet Files folder emptied: 3178322 bytes
->Java cache emptied: 2319948 bytes
->Flash cache emptied: 42761 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 246831 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 6.00 mb


OTL by OldTimer - Version 3.2.39.2 log created on 04162012_132141
Files\Folders moved on Reboot...
C:\Documents and Settings\William Timmons\Local Settings\Temporary Internet Files\Content.IE5\QAG9C02N\fastbutton[1].htm moved successfully.
C:\Documents and Settings\William Timmons\Local Settings\Temporary Internet Files\Content.IE5\E1N0GAM8\index[1].php moved successfully.
C:\Documents and Settings\William Timmons\Local Settings\Temporary Internet Files\Content.IE5\1JGXA6BY\s-BiyweUPV0v-yRb-cjciFQlYEbsez9cZjKsNMjLOwM[1].eot moved successfully.
Registry entries deleted on Reboot...

#16 Elise

Elise

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 8,721 posts
  • Gender:Female
  • Location:Romania

Posted 17 April 2012 - 01:07 AM

How are things running now? Is the choppy scroll/refresh the only problem left?
regards, Elise

If I am helping you and I haven't replied within 24 hours, please feel free to send me a PM.

Posted Image


#17 longbeachlouise

longbeachlouise

    Advanced Member

  • Honorary Members
  • PipPipPip
  • 224 posts

Posted 17 April 2012 - 07:34 AM

Hi, Yes. I did a Windows system restore with one of the softwares starting out. Is it possible to go backwards, now that the malware is gone, and restore the computer back without the malware?

#18 longbeachlouise

longbeachlouise

    Advanced Member

  • Honorary Members
  • PipPipPip
  • 224 posts

Posted 17 April 2012 - 07:43 AM

Sorry! I was mistaken! Yesterday before logging off, it seemed slow. This morning as I turn it on, it seems back to normal, refresh-wise! :D

#19 longbeachlouise

longbeachlouise

    Advanced Member

  • Honorary Members
  • PipPipPip
  • 224 posts

Posted 17 April 2012 - 07:55 AM

Hi, Thanx so much!

Good News: the "D" drive is back.

Bad News: when I scroll on the browser window, a ripple floats from the direction of scroll all the way down, just like water. It is distracting. You can't read like that, that a wave works its way, distorting the page like a wave, every time you scroll up or down.

#20 Elise

Elise

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 8,721 posts
  • Gender:Female
  • Location:Romania

Posted 17 April 2012 - 08:42 AM

Glad to hear things have improved! Which browser is giving you this problem?

Please launch MBAM, update it and run a full scan. Post the resulting log.
regards, Elise

If I am helping you and I haven't replied within 24 hours, please feel free to send me a PM.

Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users