[Virus] PS2 Keyboard / mouse doesn't work after virus attack.

Author	All Replies
ccwtech Premium join:2002-02-26 South Jordan, UT	[Virus] PS2 Keyboard / mouse doesn't work after virus attack. PS2 Keyboard and mouse don't work in Windows now, works in bios and in Windows Pre-installation Environment). USB Keyboard works fine. Think I'm still infected. Logs: Malwarebytes Anti-Malware 1.60.0.1800 www.malwarebytes.org Database version: v2012.01.01.02 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Sue Wilson :: SUEWILSON-PC [administrator] 1/1/2012 10:32:50 AM mbam-log-2012-01-01 (10-32-50).txt Scan type: Full scan Scan options enabled: Memory \| Startup \| Registry \| File System \| Heuristics/Extra \| Heuristics/Shuriken \| PUP \| PUM Scan options disabled: P2P Objects scanned: 372974 Time elapsed: 2 hour(s), 26 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) OTL Extras logfile created on: 1/1/2012 7:53:26 PM - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Sue Wilson\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 \| Country: United States \| Language: ENU \| Date Format: M/d/yyyy 2.87 Gb Total Physical Memory \| 1.53 Gb Available Physical Memory \| 53.34% Memory free 5.97 Gb Paging File \| 4.65 Gb Available in Paging File \| 77.92% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\Windows \| %ProgramFiles% = C:\Program Files Drive C: \| 454.83 Gb Total Space \| 324.30 Gb Free Space \| 71.30% Space Free \| Partition Type: NTFS Drive D: \| 10.93 Gb Total Space \| 6.24 Gb Free Space \| 57.12% Space Free \| Partition Type: NTFS Computer Name: SUEWILSON-PC \| User Name: Sue Wilson \| Logged in as Administrator. Boot Mode: Normal \| Scan Mode: Current user Company Name Whitelist: Off \| Skip Microsoft Files: Off \| No Company Name Whitelist: On \| File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [color=#E56717]========== System Restore Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{2D57CD92-BEDC-49C3-8A10-BE2911A3FE5B}" = lport=2869 \| protocol=6 \| dir=in \| name=windows live communications platform (upnp) \| "{38705F03-49D5-42C2-9091-03D6DB684221}" = lport=2869 \| protocol=6 \| dir=in \| app=system \| "{8C410386-00C9-465E-8109-BA9CE720E411}" = lport=1900 \| protocol=17 \| dir=in \| name=windows live communications platform (ssdp) \| "{9851C154-F774-4955-9F8A-D40F764CFBA9}" = lport=1900 \| protocol=17 \| dir=in \| svc=ssdpsrv \| app=svchost.exe \| [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01711D1B-FEC2-4262-9D1D-2AD3500E8C7D}" = protocol=17 \| dir=in \| app=c:\program files\microsoft office\office12\onenote.exe \| "{09EC9BC8-BF46-4118-9D9B-215A27AEAE97}" = dir=in \| app=c:\program files\windows live\messenger\msnmsgr.exe \| "{3BC6CFBE-15F9-4851-9D23-383576D4BE64}" = protocol=17 \| dir=in \| app=c:\program files\bonjour\mdnsresponder.exe \| "{45EAF9C3-734F-401C-9AD4-4833EE0E2E07}" = protocol=17 \| dir=in \| app=c:\program files\microsoft office\office12\onenote.exe \| "{5825276C-EC5A-41AA-8573-43C67680B43E}" = dir=in \| app=c:\program files\windows live\sync\windowslivesync.exe \| "{5C174F17-6700-4493-9A2D-2A0331CC9752}" = dir=in \| app=c:\program files\windows live\contacts\wlcomm.exe \| "{698F4BE3-EACF-426B-B4C0-F9711D703D5B}" = protocol=6 \| dir=in \| app=c:\program files\microsoft office\office12\onenote.exe \| "{6CEF424F-D477-4E5D-887F-68FE0083432B}" = protocol=6 \| dir=in \| app=c:\program files\microsoft office\office12\onenote.exe \| "{730EBFC2-6ED6-4A44-AEC2-B84ADED7E8D1}" = dir=in \| app=c:\program files\windows live\mesh\moe.exe \| "{8C782E44-E367-40F8-A0FA-17136047875D}" = protocol=6 \| dir=in \| app=c:\program files\bonjour\mdnsresponder.exe \| "{BE3D4793-8F15-487A-A9D1-F60BA5E122A3}" = dir=in \| app=c:\program files\itunes\itunes.exe \| [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{02EE107B-8D95-4949-8935-4DEBE8F08BE3}" = Bing Bar Platform "{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works "{17068829-10EE-4581-BDC8-C53C483694A3}" = Smart Copy "{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan "{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources "{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 21 "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger "{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes "{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour "{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update "{31B27B28-5E06-4483-A363-8D1F2A97D38D}" = HP Officejet J3600 Series "{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4 "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll "{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0 "{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources "{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4D04C9A1-F28C-4F6F-9D66-81BB000693D9}" = BPDSoftware_Ini "{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service "{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI "{5F00DF7E-418B-4CD9-8EC5-781156BCC49E}" = Microsoft Money Shared Libraries "{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder "{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{693EF7BC-C5CA-43E6-AFA8-1F3FB63A8D92}" = Qwest Windows Live Toolbar Buttons "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{746FB02B-1D03-43B7-917A-E1341AB69A00}" = Qwest Personal Digital Vault™ "{747A6A10-DA58-48C2-A1F0-C15514419C8A}" = Hallmark Card Studio 2008 "{759142E8-25B0-42AE-B408-4215065D3F4B}" = Windows Live Family Safety "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core "{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax "{7F3BCF8A-8E02-4659-AF25-F9AB66BD6718}" = Gateway Recovery Center Installer "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{84031A18-BA9A-4156-A74F-E05B52DDFCE2}" = DING! "{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync "{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8CE4CB34-8187-42A1-B597-517760BEE8EC}" = BPD_Scan "{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8ECB8220-F422-4BEB-9596-97033C533702}" = QuickBooks Pro 2008 "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch "{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter "{A63E18AC-B504-4045-AFE6-A279BBABB988}" = Qwest QuickAssist Desktop Tools "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1) "{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter "{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster "{BCF16F16-AC0E-4ABE-A9EF-412CF484BA51}" = Windows Live Family Safety "{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{C716522C-3731-4667-8579-40B098294500}" = Toolbox "{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support "{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply "{EBD9A954-6C1A-4E9F-A098-C98653035381}" = PrintMaster Platinum 18 "{ECAD4F6A-0BF3-4028-9C81-E5D9F9606CBA}" = BPDSoftware "{EE5EEDAF-F932-462B-A2CB-EEBDF819D5F5}" = Gateway Connect "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Agere Systems Soft Modem" = Agere Systems PCI-SV92PP Soft Modem "Buzz Lightyear Astro Blasters" = Buzz Lightyear Astro Blasters "Google Chrome" = Google Chrome "Google Desktop" = Google Desktop "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "HP Imaging Device Functions" = HP Imaging Device Functions 8.0 "HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0 "HPExtendedCapabilities" = HP Customer Participation Program 8.0 "HPOCR" = HP OCR Software 8.0 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800 "McAfee Security Scan" = McAfee Security Scan Plus "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Money2007b" = Microsoft Money Essentials "NortonPCCheckup" = Norton PC Checkup "NVIDIA Drivers" = NVIDIA Drivers "QwestQuickCare_is1" = Qwest Quickcare 2.7 "RideMax Disneyland" = RideMax for Disneyland 5.1 "SCRABBLE" = SCRABBLE "WebPost" = Microsoft Web Publishing Wizard 1.52 "WildTangent gateway Master Uninstall" = Gateway Games "WinLiveSuite" = Windows Live Essentials [color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{373B1718-8CC5-4567-8EE2-9033AD08A680}" = Roblox for Sue Wilson "Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player [color=#E56717]========== Last 10 Event Log Errors ==========[/color] Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! Results of screen317's Security Check version 0.99.30 Windows Vista Service Pack 2 x86 (UAC is enabled) Internet Explorer 9 `````````````````````````````` [u]Antivirus/Firewall Check:[/u] McAfee Security Scan Plus [size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size] ``````````````````````````````` [u]Anti-malware/Other Utilities Check:[/u] SUPERAntiSpyware Java(TM) 6 Update 21 Java(TM) 6 Update 4 [color=red]Java version out of date![/color] Adobe Reader X (10.1.1) ```````````````````````````````` Process Check: [u]objlist.exe by Laurent[/u] Norton ccSvcHst.exe ``````````End of Log```````````` ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=75847fef3432334db46e318d6bee09bf # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-01-02 04:05:38 # local_time=2012-01-01 09:05:38 (-0700, Mountain Standard Time) # country="United States" # lang=1033 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=1024 16777215 100 0 0 0 0 0 # compatibility_mode=3584 16777215 100 0 0 0 0 0 # compatibility_mode=5892 16776574 66 95 57739000 162080823 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=181824 # found=0 # cleaned=0 # scan_time=3843 -- Allen Crist CCW Technology Computer Repair, South Jordan, Utah »www.ccwtech.com
	to forum · permalink · 2012-01-01 23:28:42 ·
lilhurricane Crunchin' For Cures Premium,Mod join:2003-01-11 Purple Zone kudos:51	Re: [Virus] PS2 Keyboard / mouse doesn't work after virus attack Just missing the OTL log
	to forum · permalink · 2012-01-01 23:36:32 ·
ccwtech Premium join:2002-02-26 South Jordan, UT	Sorry about that! Here goes: OTL logfile created on: 1/1/2012 7:53:26 PM - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Sue Wilson\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 \| Country: United States \| Language: ENU \| Date Format: M/d/yyyy 2.87 Gb Total Physical Memory \| 1.53 Gb Available Physical Memory \| 53.34% Memory free 5.97 Gb Paging File \| 4.65 Gb Available in Paging File \| 77.92% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\Windows \| %ProgramFiles% = C:\Program Files Drive C: \| 454.83 Gb Total Space \| 324.30 Gb Free Space \| 71.30% Space Free \| Partition Type: NTFS Drive D: \| 10.93 Gb Total Space \| 6.24 Gb Free Space \| 57.12% Space Free \| Partition Type: NTFS Computer Name: SUEWILSON-PC \| User Name: Sue Wilson \| Logged in as Administrator. Boot Mode: Normal \| Scan Mode: Current user Company Name Whitelist: Off \| Skip Microsoft Files: Off \| No Company Name Whitelist: On \| File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2012/01/01 19:37:22 \| 000,584,192 \| ---- \| M] (OldTimer Tools) -- C:\Users\Sue Wilson\Desktop\OTL.exe PRC - [2011/12/15 14:19:31 \| 000,177,080 \| ---- \| M] (Symantec Corporation) -- C:\Program Files\Norton PC Checkup\Engine\2.0.2.547\SymcPCCULaunchSvc.exe PRC - [2011/12/08 17:44:22 \| 004,616,064 \| ---- \| M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe PRC - [2011/11/21 15:57:53 \| 000,307,376 \| ---- \| M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe PRC - [2011/08/11 16:38:07 \| 000,116,608 \| ---- \| M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe PRC - [2011/06/06 11:55:28 \| 000,064,952 \| ---- \| M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2010/01/16 12:30:16 \| 000,185,640 \| ---- \| M] (SupportSoft, Inc.) -- C:\Program Files\Qwest\Quickcare\bin\tgsrvc.exe PRC - [2010/01/16 12:30:10 \| 000,206,120 \| ---- \| M] (SupportSoft, Inc.) -- C:\Program Files\Qwest\Quickcare\bin\sprtsvc.exe PRC - [2010/01/16 12:30:02 \| 000,206,120 \| ---- \| M] (SupportSoft, Inc.) -- C:\Program Files\Qwest\Quickcare\bin\sprtcmd.exe PRC - [2010/01/15 05:49:20 \| 000,255,536 \| ---- \| M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe PRC - [2009/12/18 13:58:34 \| 001,064,808 \| ---- \| M] () -- C:\Program Files\Qwest Personal Digital Vault\QwestPersonalDigitalVault.exe PRC - [2009/09/16 17:33:46 \| 000,972,064 \| ---- \| M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe PRC - [2009/09/16 16:22:08 \| 000,020,480 \| ---- \| M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe PRC - [2009/08/24 15:49:41 \| 000,126,392 \| R--- \| M] (Symantec Corporation) -- C:\Program Files\Norton PC Checkup\Engine\2.0.2.547\ccSvcHst.exe PRC - [2009/04/10 23:27:36 \| 002,926,592 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008/01/08 12:02:16 \| 001,213,728 \| ---- \| M] (SupportSoft, Inc.) -- C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe PRC - [2007/10/31 13:35:58 \| 004,702,208 \| ---- \| M] (Realtek Semiconductor) -- C:\WINDOWS\RtHDVCpl.exe PRC - [2007/08/29 12:50:00 \| 000,110,936 \| ---- \| M] (TODO: ) -- C:\Program Files\Creative Home\Hallmark Card Studio 2008\Planner\PLNRnote.exe PRC - [2007/05/11 13:55:50 \| 000,053,248 \| ---- \| M] () -- C:\Program Files\IOI\ButtonMonitor.exe PRC - [2006/10/05 14:10:12 \| 000,009,216 \| ---- \| M] (Agere Systems) -- C:\WINDOWS\System32\agrsmsvc.exe PRC - [2006/09/06 13:12:46 \| 000,323,216 \| ---- \| M] (Napster) -- C:\Program Files\Napster\napster.exe PRC - [2006/06/22 14:15:48 \| 000,462,848 \| ---- \| M] (Southwest Airlines) -- C:\Program Files\Southwest Airlines\Ding\Ding.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2012/01/01 19:52:40 \| 000,052,736 \| ---- \| M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll MOD - [2012/01/01 19:52:39 \| 000,063,488 \| ---- \| M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll MOD - [2012/01/01 00:32:40 \| 000,117,760 \| ---- \| M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL MOD - [2012/01/01 00:32:39 \| 000,052,224 \| ---- \| M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll MOD - [2011/10/13 02:32:59 \| 000,971,264 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll MOD - [2011/10/13 02:29:34 \| 005,450,752 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll MOD - [2011/10/13 02:29:18 \| 012,430,848 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll MOD - [2011/10/13 02:29:09 \| 001,587,200 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll MOD - [2011/10/13 02:28:07 \| 007,950,848 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll MOD - [2011/10/13 02:28:00 \| 011,490,816 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll MOD - [2010/03/15 15:57:20 \| 000,067,872 \| ---- \| M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2009/12/18 13:58:34 \| 001,064,808 \| ---- \| M] () -- C:\Program Files\Qwest Personal Digital Vault\QwestPersonalDigitalVault.exe MOD - [2009/12/18 13:58:32 \| 000,275,784 \| ---- \| M] () -- C:\Program Files\Qwest Personal Digital Vault\SdbShared.dll MOD - [2007/05/11 13:55:50 \| 000,053,248 \| ---- \| M] () -- C:\Program Files\IOI\ButtonMonitor.exe [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2011/12/15 14:19:31 \| 000,177,080 \| ---- \| M] (Symantec Corporation) [Auto \| Running] -- C:\Program Files\Norton PC Checkup\Engine\2.0.2.547\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher) SRV - [2011/08/11 16:38:07 \| 000,116,608 \| ---- \| M] (SUPERAntiSpyware.com) [Auto \| Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE) SRV - [2011/06/06 11:55:28 \| 000,064,952 \| ---- \| M] (Adobe Systems Incorporated) [Auto \| Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2010/01/16 12:31:40 \| 000,382,320 \| ---- \| M] (SupportSoft, Inc.) [On_Demand \| Stopped] -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist) SRV - [2010/01/16 12:30:16 \| 000,185,640 \| ---- \| M] (SupportSoft, Inc.) [Auto \| Running] -- C:\Program Files\Qwest\Quickcare\bin\tgsrvc.exe -- (tgsrvc_quickcare) SupportSoft Repair Service (quickcare) SRV - [2010/01/16 12:30:10 \| 000,206,120 \| ---- \| M] (SupportSoft, Inc.) [Auto \| Running] -- C:\Program Files\Qwest\Quickcare\bin\sprtsvc.exe -- (sprtsvc_quickcare) SupportSoft Sprocket Service (quickcare) SRV - [2010/01/15 05:49:20 \| 000,227,232 \| ---- \| M] (McAfee, Inc.) [On_Demand \| Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2009/09/16 16:22:08 \| 000,020,480 \| ---- \| M] (Intuit) [Auto \| Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService) SRV - [2009/08/24 15:49:41 \| 000,126,392 \| R--- \| M] (Symantec Corporation) [Unknown \| Running] -- C:\Program Files\Norton PC Checkup\Engine\2.0.2.547\ccSvcHst.exe -- (PCCUJobMgr) SRV - [2008/01/08 12:02:16 \| 001,213,728 \| ---- \| M] (SupportSoft, Inc.) [Auto \| Running] -- C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe -- (sprtlisten) SRV - [2007/08/29 14:58:47 \| 000,181,800 \| ---- \| M] (WildTangent, Inc.) [On_Demand \| Stopped] -- C:\Program Files\Gateway Games\Gateway Game Console\GameConsoleService.exe -- (GameConsoleService) SRV - [2007/05/24 07:08:44 \| 000,061,440 \| ---- \| M] (Intuit Inc.) [On_Demand \| Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService) SRV - [2006/10/05 14:10:12 \| 000,009,216 \| ---- \| M] (Agere Systems) [Auto \| Running] -- C:\WINDOWS\System32\agrsmsvc.exe -- (AgereModemAudio) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2011/12/19 11:56:02 \| 000,026,872 \| ---- \| M] (Symantec Corporation) [Kernel \| Boot \| Running] -- C:\Windows\system32\drivers\FixTDSS.sys -- (FixTDSS) DRV - [2011/07/22 09:27:02 \| 000,012,880 \| ---- \| M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel \| System \| Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV) DRV - [2011/07/12 14:55:22 \| 000,067,664 \| ---- \| M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel \| System \| Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL) DRV - [2010/11/09 13:56:12 \| 000,098,392 \| ---- \| M] (Sunbelt Software) [Kernel \| System \| Running] -- C:\WINDOWS\System32\drivers\SBREDrv.sys -- (SBRE) DRV - [2010/08/12 11:07:50 \| 000,292,712 \| ---- \| M] (NVIDIA Corporation) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\System32\drivers\nvmfdx32.sys -- (NVNET) DRV - [2009/09/27 22:12:22 \| 009,509,832 \| ---- \| M] (NVIDIA Corporation) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2009/08/13 14:07:12 \| 001,163,328 \| ---- \| M] (LSI Corporation) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2007/07/02 17:37:08 \| 000,110,112 \| ---- \| M] (NVIDIA Corporation) [Kernel \| Boot \| Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32) DRV - [2006/11/02 00:30:56 \| 002,589,184 \| ---- \| M] (Intel® Corporation) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\System32\drivers\NETw2v32.sys -- (NETw2v32) Intel(R) DRV - [2006/11/02 00:30:56 \| 000,429,056 \| ---- \| M] (NVIDIA Corporation) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\System32\drivers\nvm60x32.sys -- (NVENETFD) DRV - [2005/09/07 14:32:58 \| 000,024,960 \| ---- \| M] (Sonic Solutions) [Kernel \| System \| Running] -- C:\Windows\System32\drivers\cdralw2k.sys -- (Cdralw2k) DRV - [2005/09/07 14:29:44 \| 000,044,288 \| ---- \| M] (Sonic Solutions) [Kernel \| System \| Running] -- C:\Windows\System32\drivers\cdr4_xp.sys -- (Cdr4_xp) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = »www.gateway.com/g/startpage.html···M=GT5674 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = »ksl.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C0 1D 20 55 35 CD CB 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = ;.local FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/10/22 12:37:38 \| 000,000,000 \| ---D \| M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/10/22 12:37:50 \| 000,000,000 \| ---D \| M] [color=#E56717]========== Chrome ==========[/color] CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.121\gcswf32.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Java Deployment Toolkit 6.0.210.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U21 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.121\pdf.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin O1 HOSTS File: ([2012/01/01 09:58:54 \| 000,000,027 \| ---- \| M]) - C:\WINDOWS\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll (Google Inc.) O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\WINDOWS\System32\BAE.dll (Gateway Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O4 - HKLM..\Run: [ButtonMonitor] C:\Program Files\IOI\ButtonMonitor.exe () O4 - HKLM..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe (Napster) O4 - HKLM..\Run: [QuickCare] C:\Program Files\Qwest\Quickcare\bin\sprtcmd.exe (SupportSoft, Inc.) O4 - HKLM..\Run: [Qwest Personal Digital Vault] C:\Program Files\Qwest Personal Digital Vault\QwestPersonalDigitalVault.exe () O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - Startup: C:\Users\Sue Wilson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe (Southwest Airlines) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0 O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} »office.microsoft.com/sites/produ···dc32.cab (Microsoft Office Template and Media Control) O16 - DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} »www-secure.symantec.com/techsupp···tlcm.cab (Symantec Configuration Class) O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} »h20270.www2.hp.com/ediags/gmn2/i···ion2.cab (GMNRev Class) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} »upload.facebook.com/controls/200···er55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} »images3.pnimedia.com/ProductAsse···trol.cab (Photo Upload Plugin Class) O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} »images3.pnimedia.com/ProductAsse···trol.cab (Photo Upload Plugin Class) O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} »tools.ebayimg.com/eps/wl/activex···31-0.cab (EPUImageControl Class) O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_04) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} »platformdl.adobe.com/NOS/getPlus···6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.11 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0FA7BD6F-0FC9-4108-AB9A-F3F8728EE3CC}: DhcpNameServer = 192.168.1.11 O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (TODO: ) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\WINDOWS\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com) O24 - Desktop WallPaper: C:\Users\Sue Wilson\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O24 - Desktop BackupWallPaper: C:\Users\Sue Wilson\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 14:43:36 \| 000,000,024 \| ---- \| M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk ) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012/01/01 19:40:42 \| 000,000,000 \| --SD \| C] -- C:\32788R22FWJFW [2012/01/01 19:37:14 \| 000,584,192 \| ---- \| C] (OldTimer Tools) -- C:\Users\Sue Wilson\Desktop\OTL.exe [2012/01/01 19:36:41 \| 000,446,464 \| ---- \| C] (OldTimer Tools) -- C:\Users\Sue Wilson\Desktop\TFC.exe [2012/01/01 11:13:17 \| 000,000,000 \| -H-D \| C] -- C:\$AVG [2012/01/01 10:32:11 \| 000,000,000 \| ---D \| C] -- C:\Users\Sue Wilson\AppData\Roaming\AVG2012 [2012/01/01 10:30:20 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\AVG2012 [2012/01/01 10:24:45 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\MFAData [2012/01/01 10:00:31 \| 000,000,000 \| -HSD \| C] -- C:\$RECYCLE.BIN [2012/01/01 10:00:29 \| 000,000,000 \| ---D \| C] -- C:\Windows\temp [2012/01/01 10:00:29 \| 000,000,000 \| ---D \| C] -- C:\Users\Sue Wilson\AppData\Local\temp [2012/01/01 09:36:18 \| 000,518,144 \| ---- \| C] (SteelWerX) -- C:\Windows\SWREG.exe [2012/01/01 09:36:18 \| 000,406,528 \| ---- \| C] (SteelWerX) -- C:\Windows\SWSC.exe [2012/01/01 09:36:18 \| 000,060,416 \| ---- \| C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012/01/01 09:34:57 \| 000,000,000 \| ---D \| C] -- C:\Users\Sue Wilson\AppData\Local\{426B5380-3147-45BD-9CDA-942C939AF8D5} [2012/01/01 09:34:56 \| 000,000,000 \| ---D \| C] -- C:\Users\Sue Wilson\AppData\Local\{E6BDD7D7-7171-431F-9B1C-74CE2E5751DB} [2012/01/01 09:30:59 \| 000,000,000 \| ---D \| C] -- C:\Windows\ERDNT [2012/01/01 09:30:40 \| 000,000,000 \| ---D \| C] -- C:\Qoobox [2012/01/01 09:28:45 \| 000,000,000 \| ---D \| C] -- C:\Users\Sue Wilson\AppData\Roaming\Malwarebytes [2012/01/01 09:28:34 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/01/01 09:28:33 \| 000,020,464 \| ---- \| C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012/01/01 09:28:33 \| 000,000,000 \| ---D \| C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012/01/01 09:28:33 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Malwarebytes [2012/01/01 09:27:57 \| 004,358,797 \| R--- \| C] (Swearware) -- C:\Users\Sue Wilson\Desktop\ComboFix.exe [2012/01/01 09:25:44 \| 000,000,000 \| ---D \| C] -- C:\Users\Sue Wilson\AppData\Local\{EF9EF15C-D47F-44FE-8C55-26795306FACE} [2012/01/01 09:25:36 \| 000,000,000 \| ---D \| C] -- C:\Users\Sue Wilson\AppData\Local\{2EDBB76D-4C5F-471B-94B1-1AF8D148437E} [2012/01/01 00:39:02 \| 000,027,984 \| ---- \| C] (Sunbelt Software) -- C:\Windows\System32\sbbd.exe [2012/01/01 00:38:58 \| 000,098,392 \| ---- \| C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys [2012/01/01 00:37:56 \| 000,000,000 \| ---D \| C] -- C:\VIPRERESCUE [2012/01/01 00:32:26 \| 000,000,000 \| ---D \| C] -- C:\Users\Sue Wilson\AppData\Roaming\SUPERAntiSpyware.com [2012/01/01 00:32:21 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware [2012/01/01 00:32:18 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\SUPERAntiSpyware.com [2012/01/01 00:32:18 \| 000,000,000 \| ---D \| C] -- C:\Program Files\SUPERAntiSpyware [2011/12/31 23:46:43 \| 000,176,640 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011/12/31 23:46:43 \| 000,162,304 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2011/12/31 23:46:43 \| 000,161,792 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2011/12/31 23:46:43 \| 000,086,528 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2011/12/31 23:46:43 \| 000,076,800 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2011/12/31 23:46:43 \| 000,074,752 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2011/12/31 23:46:43 \| 000,065,024 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011/12/31 23:46:43 \| 000,048,640 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2011/12/31 23:46:42 \| 003,695,416 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2011/12/31 23:46:42 \| 001,427,456 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2011/12/31 23:46:42 \| 000,434,176 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2011/12/31 23:46:42 \| 000,367,104 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011/12/31 23:46:42 \| 000,353,792 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2011/12/31 23:46:42 \| 000,353,584 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011/12/31 23:46:42 \| 000,231,936 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2011/12/31 23:46:42 \| 000,223,232 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2011/12/31 23:46:42 \| 000,078,848 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2011/12/31 23:46:42 \| 000,074,752 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2011/12/31 23:46:42 \| 000,074,240 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2011/12/31 23:46:42 \| 000,031,744 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2011/12/31 23:46:42 \| 000,023,552 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2011/12/31 23:46:41 \| 002,382,848 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011/12/31 23:46:41 \| 001,798,144 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2011/12/31 23:46:41 \| 000,580,608 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011/12/31 23:46:41 \| 000,227,840 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2011/12/31 23:46:41 \| 000,163,840 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll [2011/12/31 23:46:41 \| 000,152,064 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2011/12/31 23:46:41 \| 000,150,528 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2011/12/31 23:46:41 \| 000,142,848 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2011/12/31 23:46:41 \| 000,118,784 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011/12/31 23:46:41 \| 000,101,888 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll [2011/12/31 23:46:41 \| 000,054,272 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2011/12/31 23:46:41 \| 000,035,840 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2011/12/31 23:46:40 \| 000,130,560 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll [2011/12/31 23:46:40 \| 000,110,592 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll [2011/12/31 23:46:40 \| 000,041,472 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2011/12/31 23:46:40 \| 000,010,752 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2011/12/30 16:11:05 \| 000,000,000 \| ---D \| C] -- C:\Users\Sue Wilson\AppData\Local\Proxure [2011/12/30 16:11:04 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\ClubSanDisk [2011/12/28 14:27:09 \| 000,000,000 \| ---D \| C] -- C:\{186AC42C-4EFB-4867-ADFD-282C54AD6D33} [2011/12/23 11:43:27 \| 000,000,000 \| ---D \| C] -- C:\Users\Sue Wilson\AppData\Local\NPE [2011/12/23 11:39:53 \| 002,775,112 \| ---- \| C] (Symantec Corporation) -- C:\Users\Sue Wilson\Desktop\NPE-Beta.exe [2011/12/19 11:50:57 \| 000,026,872 \| ---- \| C] (Symantec Corporation) -- C:\Windows\System32\drivers\FixTDSS.sys [2011/12/19 11:50:57 \| 000,000,000 \| ---D \| C] -- C:\Users\Sue Wilson\AppData\Roaming\FixTDSS [2011/12/16 13:53:35 \| 000,000,000 \| ---D \| C] -- C:\Users\Sue Wilson\AppData\Local\{A854B8D2-6149-4050-88B9-8AA9710D58BD} [2011/12/16 13:53:33 \| 000,000,000 \| ---D \| C] -- C:\Users\Sue Wilson\AppData\Local\{1EA92C07-BCEF-415A-B4CF-8FC44272C12D} [2011/12/16 01:53:17 \| 000,000,000 \| ---D \| C] -- C:\Users\Sue Wilson\AppData\Local\{8E0991D8-2CFC-4F45-BDD0-62F96A7ABC86} [2011/12/15 13:59:10 \| 003,602,816 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2011/12/15 13:59:10 \| 003,550,080 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2011/12/15 13:59:09 \| 002,043,904 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011/12/15 13:59:09 \| 000,429,056 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll [2011/12/15 13:59:08 \| 000,049,152 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll [2011/12/15 13:59:05 \| 000,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2011/12/15 13:53:12 \| 000,000,000 \| ---D \| C] -- C:\Users\Sue Wilson\AppData\Local\{59AACF39-553D-4E2F-9495-D8BD7DD69CA2} [2011/12/15 13:53:11 \| 000,000,000 \| ---D \| C] -- C:\Users\Sue Wilson\AppData\Local\{91FFEB2D-542D-497D-B473-F27D34B58BEE} [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012/01/01 19:52:17 \| 000,099,016 \| ---- \| M] () -- C:\ProgramData\nvModes.001 [2012/01/01 19:52:10 \| 000,642,668 \| ---- \| M] () -- C:\Windows\System32\perfh009.dat [2012/01/01 19:52:10 \| 000,119,858 \| ---- \| M] () -- C:\Windows\System32\perfc009.dat [2012/01/01 19:52:09 \| 000,000,882 \| ---- \| M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/01/01 19:51:55 \| 000,099,016 \| ---- \| M] () -- C:\ProgramData\nvModes.dat [2012/01/01 19:47:00 \| 000,000,886 \| ---- \| M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/01/01 19:45:00 \| 000,003,216 \| -H-- \| M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012/01/01 19:45:00 \| 000,003,216 \| -H-- \| M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012/01/01 19:44:55 \| 000,067,584 \| --S- \| M] () -- C:\Windows\bootstat.dat [2012/01/01 19:44:43 \| 3085,426,688 \| -HS- \| M] () -- C:\hiberfil.sys [2012/01/01 19:37:58 \| 000,879,683 \| ---- \| M] () -- C:\Users\Sue Wilson\Desktop\SecurityCheck.exe [2012/01/01 19:37:22 \| 000,584,192 \| ---- \| M] (OldTimer Tools) -- C:\Users\Sue Wilson\Desktop\OTL.exe [2012/01/01 19:36:41 \| 000,446,464 \| ---- \| M] (OldTimer Tools) -- C:\Users\Sue Wilson\Desktop\TFC.exe [2012/01/01 19:21:01 \| 000,000,520 \| ---- \| M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task f80da92e-4c14-43c7-848d-c4855c4003ec.job [2012/01/01 10:00:31 \| 000,002,635 \| ---- \| M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Event Planner Reminder 2008.lnk [2012/01/01 09:58:54 \| 000,000,027 \| ---- \| M] () -- C:\Windows\System32\drivers\etc\hosts [2012/01/01 09:31:48 \| 000,000,105 \| ---- \| M] () -- C:\Users\Public\Desktop\SafeWeb.url [2012/01/01 09:29:15 \| 004,358,797 \| R--- \| M] (Swearware) -- C:\Users\Sue Wilson\Desktop\ComboFix.exe [2012/01/01 09:28:35 \| 000,000,917 \| ---- \| M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/01/01 02:00:00 \| 000,000,520 \| ---- \| M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task c9ac0e47-cb59-419d-9291-57c927210080.job [2012/01/01 00:32:21 \| 000,001,811 \| ---- \| M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk [2012/01/01 00:08:52 \| 000,001,356 \| ---- \| M] () -- C:\Users\Sue Wilson\AppData\Local\d3d9caps.dat [2011/12/31 23:46:51 \| 000,008,798 \| ---- \| M] () -- C:\Windows\System32\icrav03.rat [2011/12/31 23:46:51 \| 000,001,988 \| ---- \| M] () -- C:\Windows\System32\ticrf.rat [2011/12/31 23:46:43 \| 000,176,640 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011/12/31 23:46:43 \| 000,162,304 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2011/12/31 23:46:43 \| 000,161,792 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2011/12/31 23:46:43 \| 000,086,528 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2011/12/31 23:46:43 \| 000,076,800 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2011/12/31 23:46:43 \| 000,074,752 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2011/12/31 23:46:43 \| 000,065,024 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011/12/31 23:46:43 \| 000,048,640 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2011/12/31 23:46:42 \| 003,695,416 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2011/12/31 23:46:42 \| 001,427,456 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2011/12/31 23:46:42 \| 000,434,176 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2011/12/31 23:46:42 \| 000,367,104 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011/12/31 23:46:42 \| 000,353,792 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2011/12/31 23:46:42 \| 000,353,584 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011/12/31 23:46:42 \| 000,231,936 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2011/12/31 23:46:42 \| 000,223,232 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2011/12/31 23:46:42 \| 000,078,848 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2011/12/31 23:46:42 \| 000,074,752 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2011/12/31 23:46:42 \| 000,074,240 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2011/12/31 23:46:42 \| 000,072,822 \| ---- \| M] () -- C:\Windows\System32\ieuinit.inf [2011/12/31 23:46:42 \| 000,031,744 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2011/12/31 23:46:42 \| 000,023,552 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2011/12/31 23:46:41 \| 002,382,848 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011/12/31 23:46:41 \| 001,798,144 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2011/12/31 23:46:41 \| 000,580,608 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011/12/31 23:46:41 \| 000,227,840 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2011/12/31 23:46:41 \| 000,163,840 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll [2011/12/31 23:46:41 \| 000,152,064 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2011/12/31 23:46:41 \| 000,150,528 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2011/12/31 23:46:41 \| 000,142,848 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2011/12/31 23:46:41 \| 000,118,784 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011/12/31 23:46:41 \| 000,101,888 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll [2011/12/31 23:46:41 \| 000,054,272 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2011/12/31 23:46:41 \| 000,035,840 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2011/12/31 23:46:40 \| 000,130,560 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll [2011/12/31 23:46:40 \| 000,110,592 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll [2011/12/31 23:46:40 \| 000,041,472 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2011/12/31 23:46:40 \| 000,010,752 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2011/12/30 16:11:40 \| 000,000,288 \| ---- \| M] () -- C:\Users\Sue Wilson\AppData\Roaming\.backup.dm [2011/12/28 14:29:10 \| 000,002,585 \| ---- \| M] () -- C:\Users\Sue Wilson\Desktop\Microsoft Office Excel 2007.lnk [2011/12/28 13:32:12 \| 000,002,627 \| ---- \| M] () -- C:\Users\Sue Wilson\Desktop\Microsoft Office Word 2007.lnk [2011/12/26 03:58:58 \| 379,322,052 \| ---- \| M] () -- C:\Windows\MEMORY.DMP [2011/12/23 11:47:14 \| 002,775,112 \| ---- \| M] (Symantec Corporation) -- C:\Users\Sue Wilson\Desktop\NPE-Beta.exe [2011/12/23 11:44:18 \| 014,786,899 \| ---- \| M] () -- C:\Users\Sue Wilson\AppData\Roaming\SMRBackup250.dat [2011/12/23 10:43:40 \| 000,103,733 \| ---- \| M] () -- C:\Windows\System32\itusbcore.dat [2011/12/23 10:43:40 \| 000,000,196 \| ---- \| M] () -- C:\Windows\System32\itlsvc.dat [2011/12/19 11:56:02 \| 000,026,872 \| ---- \| M] (Symantec Corporation) -- C:\Windows\System32\drivers\FixTDSS.sys [2011/12/16 19:40:29 \| 000,002,697 \| ---- \| M] () -- C:\Users\Public\Desktop\Hallmark Card Studio 2008.lnk [2011/12/16 19:26:49 \| 000,008,822 \| -HS- \| M] () -- C:\ProgramData\ksqdqu3d8ims6rcl1meg5k246i7n [2011/12/16 19:26:47 \| 000,008,822 \| -HS- \| M] () -- C:\Users\Sue Wilson\AppData\Local\ksqdqu3d8ims6rcl1meg5k246i7n [2011/12/16 16:33:28 \| 000,000,000 \| ---- \| M] () -- C:\ProgramData\u6v3mW71.dat [2011/12/16 03:22:52 \| 000,966,688 \| ---- \| M] () -- C:\Windows\System32\FNTCACHE.DAT [2011/12/16 00:01:52 \| 000,001,982 \| ---- \| M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2011/12/10 15:24:06 \| 000,020,464 \| ---- \| M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012/01/01 19:37:54 \| 000,879,683 \| ---- \| C] () -- C:\Users\Sue Wilson\Desktop\SecurityCheck.exe [2012/01/01 09:36:18 \| 000,256,000 \| ---- \| C] () -- C:\Windows\PEV.exe [2012/01/01 09:36:18 \| 000,208,896 \| ---- \| C] () -- C:\Windows\MBR.exe [2012/01/01 09:36:18 \| 000,098,816 \| ---- \| C] () -- C:\Windows\sed.exe [2012/01/01 09:36:18 \| 000,080,412 \| ---- \| C] () -- C:\Windows\grep.exe [2012/01/01 09:36:18 \| 000,068,096 \| ---- \| C] () -- C:\Windows\zip.exe [2012/01/01 09:31:48 \| 000,000,105 \| ---- \| C] () -- C:\Users\Public\Desktop\SafeWeb.url [2012/01/01 09:28:35 \| 000,000,917 \| ---- \| C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/01/01 00:32:28 \| 000,000,520 \| ---- \| C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task f80da92e-4c14-43c7-848d-c4855c4003ec.job [2012/01/01 00:32:28 \| 000,000,520 \| ---- \| C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task c9ac0e47-cb59-419d-9291-57c927210080.job [2012/01/01 00:32:21 \| 000,001,811 \| ---- \| C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk [2012/01/01 00:11:59 \| 3085,426,688 \| -HS- \| C] () -- C:\hiberfil.sys [2011/12/31 23:46:42 \| 000,072,822 \| ---- \| C] () -- C:\Windows\System32\ieuinit.inf [2011/12/30 16:11:40 \| 000,000,288 \| ---- \| C] () -- C:\Users\Sue Wilson\AppData\Roaming\.backup.dm [2011/12/23 11:44:10 \| 014,786,899 \| ---- \| C] () -- C:\Users\Sue Wilson\AppData\Roaming\SMRBackup250.dat [2011/12/19 11:29:38 \| 000,103,733 \| ---- \| C] () -- C:\Windows\System32\itusbcore.dat [2011/12/19 11:29:38 \| 000,000,196 \| ---- \| C] () -- C:\Windows\System32\itlsvc.dat [2011/12/16 16:33:28 \| 000,000,000 \| ---- \| C] () -- C:\ProgramData\u6v3mW71.dat [2011/12/16 16:22:49 \| 000,008,822 \| -HS- \| C] () -- C:\Users\Sue Wilson\AppData\Local\ksqdqu3d8ims6rcl1meg5k246i7n [2011/12/16 16:22:49 \| 000,008,822 \| -HS- \| C] () -- C:\ProgramData\ksqdqu3d8ims6rcl1meg5k246i7n [2011/09/16 15:38:32 \| 000,011,164 \| ---- \| C] () -- C:\Windows\System32\drivers\nvphy.bin [2011/05/12 11:40:36 \| 000,001,940 \| ---- \| C] () -- C:\Users\Sue Wilson\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini [2010/10/19 14:05:54 \| 000,099,016 \| ---- \| C] () -- C:\ProgramData\nvModes.dat [2010/10/19 14:05:54 \| 000,099,016 \| ---- \| C] () -- C:\ProgramData\nvModes.001 [2010/08/12 14:35:34 \| 000,144,572 \| ---- \| C] () -- C:\Windows\hpwins16.dat [2010/05/21 10:57:33 \| 000,000,000 \| ---- \| C] () -- C:\Users\Sue Wilson\AppData\Roaming\wklnhst.dat [2010/05/04 16:08:30 \| 003,888,054 \| ---- \| C] () -- C:\Users\Sue Wilson\AppData\Local\ssprep.bmp [2010/04/26 14:24:29 \| 000,763,832 \| ---- \| C] () -- C:\Windows\BDTSupport.dll.old [2010/04/22 04:28:04 \| 000,001,356 \| ---- \| C] () -- C:\Users\Sue Wilson\AppData\Local\d3d9caps.dat [2010/03/04 10:50:15 \| 005,760,054 \| ---- \| C] () -- C:\Users\Sue Wilson\AppData\Local\sswpprep.bmp [2010/03/04 10:50:15 \| 002,160,054 \| ---- \| C] () -- C:\Users\Sue Wilson\AppData\Local\AzureBay.bmp [2010/03/04 10:50:15 \| 000,083,646 \| ---- \| C] () -- C:\Users\Sue Wilson\AppData\Local\cal.bmp [2010/03/04 10:47:58 \| 000,001,199 \| ---- \| C] () -- C:\Users\Sue Wilson\AppData\Local\AzureBay.ini [2010/02/24 16:20:18 \| 000,024,064 \| ---- \| C] () -- C:\Users\Sue Wilson\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/02/21 10:23:11 \| 000,107,612 \| ---- \| C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2010/02/21 10:23:10 \| 000,117,248 \| ---- \| C] () -- C:\Windows\System32\EhStorAuthn.dll [2010/02/20 03:29:49 \| 000,018,904 \| ---- \| C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2009/08/03 15:07:42 \| 000,403,816 \| ---- \| C] () -- C:\Windows\System32\OGACheckControl.dll [2009/08/03 15:07:42 \| 000,230,768 \| ---- \| C] () -- C:\Windows\System32\OGAEXEC.exe [2008/02/04 22:33:35 \| 000,360,448 \| ---- \| C] () -- C:\Windows\System32\HotlineClient.exe [2007/10/24 20:02:45 \| 000,011,248 \| ---- \| C] () -- C:\Windows\hpwscr16.dat [2007/10/24 20:00:40 \| 000,001,162 \| ---- \| C] () -- C:\Windows\hpwmdl16.dat [2006/11/02 05:57:28 \| 000,067,584 \| --S- \| C] () -- C:\Windows\bootstat.dat [2006/11/02 05:47:37 \| 000,966,688 \| ---- \| C] () -- C:\Windows\System32\FNTCACHE.DAT [2006/11/02 05:35:32 \| 000,005,632 \| ---- \| C] () -- C:\Windows\System32\sysprepMCE.dll [2006/11/02 03:33:01 \| 000,642,668 \| ---- \| C] () -- C:\Windows\System32\perfh009.dat [2006/11/02 03:33:01 \| 000,287,440 \| ---- \| C] () -- C:\Windows\System32\perfi009.dat [2006/11/02 03:33:01 \| 000,119,858 \| ---- \| C] () -- C:\Windows\System32\perfc009.dat [2006/11/02 03:33:01 \| 000,030,674 \| ---- \| C] () -- C:\Windows\System32\perfd009.dat [2006/11/02 03:23:21 \| 000,215,943 \| ---- \| C] () -- C:\Windows\System32\dssec.dat [2006/11/02 01:58:30 \| 000,043,131 \| ---- \| C] () -- C:\Windows\mib.bin [2006/11/02 01:19:00 \| 000,000,741 \| ---- \| C] () -- C:\Windows\System32\NOISE.DAT [2006/11/02 00:40:29 \| 000,013,750 \| ---- \| C] () -- C:\Windows\System32\pacerprf.ini [2006/11/02 00:25:31 \| 000,673,088 \| ---- \| C] () -- C:\Windows\System32\mlang.dat [2003/07/17 12:23:28 \| 000,000,612 \| ---- \| C] () -- C:\Users\Sue Wilson\AppData\Local\ScreenSaver.ini [color=#E56717]========== LOP Check ==========[/color] [2012/01/01 10:32:11 \| 000,000,000 \| ---D \| M] -- C:\Users\Sue Wilson\AppData\Roaming\AVG2012 [2011/11/30 13:11:31 \| 000,000,000 \| ---D \| M] -- C:\Users\Sue Wilson\AppData\Roaming\Catalina Marketing Corp [2010/12/16 11:54:01 \| 000,000,000 \| ---D \| M] -- C:\Users\Sue Wilson\AppData\Roaming\Costco Photo Viewer [2011/12/19 11:50:57 \| 000,000,000 \| ---D \| M] -- C:\Users\Sue Wilson\AppData\Roaming\FixTDSS [2010/02/18 17:23:58 \| 000,000,000 \| ---D \| M] -- C:\Users\Sue Wilson\AppData\Roaming\SampleView [2010/02/18 21:45:08 \| 000,000,000 \| ---D \| M] -- C:\Users\Sue Wilson\AppData\Roaming\Southwest Airlines [2011/12/19 10:52:16 \| 000,000,000 \| ---D \| M] -- C:\Users\Sue Wilson\AppData\Roaming\Tific [2012/01/01 19:43:47 \| 000,032,604 \| ---- \| M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012/01/01 02:00:00 \| 000,000,520 \| ---- \| M] () -- C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task c9ac0e47-cb59-419d-9291-57c927210080.job [2012/01/01 19:21:01 \| 000,000,520 \| ---- \| M] () -- C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task f80da92e-4c14-43c7-848d-c4855c4003ec.job [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:A8ADE5D8 @Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:430C6D84 @Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:DFC5A2B2 -- Allen Crist CCW Technology Computer Repair, South Jordan, Utah »www.ccwtech.com
	to forum · permalink · 2012-01-01 23:42:07 ·

LoPhatPhuud Premium,VIP,MVM join:2002-01-06 Albuquerque, NM kudos:23 Reviews: ·Comcast	reply to ccwtech Download and run Sophos AntiRootkit. Post the log in this thread, even if nothing is found. You find link(s) and instructions here: »Security Cleanup FAQ »Rootkit Detection Applications Also, if the Combofix log is still available, please post it. It's normally located at C:\Combofix.txt. -- When angry count four; when very angry, swear. Microsoft MVP/Consumer Security 2005-2011 Gladiator Security Forum
	to forum · permalink · 2012-01-02 11:42:25 ·
ccwtech Premium join:2002-02-26 South Jordan, UT 1 edit	Sophos Anti-Rootkit Version 1.5.20 (c) 2009 Sophos Plc Started logging on 1/2/2012 at 11:38:04 AM User "Sue Wilson" on computer "SUEWILSON-PC" Windows version 6.0 SP 2.0 Service Pack 2 build 6002 SM=0x300 PT=0x1 Win32 Info: Starting process scan. Info: Starting registry scan. Info: Starting disk scan of C: (NTFS). Hidden: file C:\Users\Sue Wilson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VXR5OUVS\aaa980c0f,noc,ax.;;sec=article;fold=above;tile=1;sz=300x250;net=idgt;env=ifr;ord1=948066;cmw=nurl;contx=noc;an=;bu=;br=;dc=d;btg=;ord=1511880357897066[1].js Hidden: file C:\Users\Sue Wilson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GHDXU2N7\daaa980c0f,noc,ax.-idgt.hardware_l;;sec=article;fold=above;tile=2;sz=300x250;net=idgt;env=ifr;ord1=467857;cmw=nurl;contx=noc;an=;bu=;br=;dc=d;btg=idgt[1].js Hidden: file C:\Users\Sue Wilson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VXR5OUVS\8dbfe4;kvexpandable=1;kvdim=300x600;kvbw=0;kvpid=2019603;kva2544=100;kva1824=100;kva1834=100;kva2534=100;kvagt35=100;kvagt18=100;kvagt25=100;kvgf=100[1].htm Hidden: file C:\Users\Sue Wilson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U3TXGJIW\8a0875;kvexpandable=1;kvdim=300x600;kvbw=0;kvpid=2019603;kva1824=100;kva2534=100;kva2544=100;kva1834=100;kvagt18=100;kvagt35=100;kvagt25=100;kvgm=100[1].htm Hidden: file C:\Users\Sue Wilson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U3TXGJIW\IqoV36jlOJdTxeJIcJyZGU_XgeRd2M-T4de4TKo27QpFsQUnq7N0PaZ-FQaW0vzRjyEyBiIxWqTqiYLtadI5fviDkTm2r1GZLNv5U2AMb RjBPLdIzcgwjCyr2YofnjvbVNDkDQu5sEsbGOGQPCOr6[1].gif Info: Starting disk scan of D: (NTFS). Stopped logging on 1/2/2012 at 12:26:08 PM ComboFix 11-12-31.03 - Sue Wilson 01/01/2012 9:51.1.4 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2942.1836 [GMT -7:00] Running from: c:\users\Sue Wilson\Desktop\ComboFix.exe AV: Norton 360 Enabled/Updated {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton 360 Enabled {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton 360 Enabled/Updated {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender Disabled/Updated {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Sue Wilson\Documents\iexplore.exe c:\windows\$NtUninstallKB47537$ c:\windows\$NtUninstallKB47537$\2546871935\@ c:\windows\$NtUninstallKB47537$\2546871935\bckfg.tmp c:\windows\$NtUninstallKB47537$\2546871935\cfg.ini c:\windows\$NtUninstallKB47537$\2546871935\Desktop.ini c:\windows\$NtUninstallKB47537$\2546871935\keywords c:\windows\$NtUninstallKB47537$\2546871935\kwrd.dll c:\windows\$NtUninstallKB47537$\2546871935\L\qnbwvoto c:\windows\$NtUninstallKB47537$\2546871935\lsflt7.ver c:\windows\$NtUninstallKB47537$\2546871935\U\00000001.@ c:\windows\$NtUninstallKB47537$\2546871935\U\00000002.@ c:\windows\$NtUninstallKB47537$\2546871935\U\00000004.@ c:\windows\$NtUninstallKB47537$\2546871935\U\80000000.@ c:\windows\$NtUninstallKB47537$\2546871935\U\80000004.@ c:\windows\$NtUninstallKB47537$\2546871935\U\80000032.@ c:\windows\$NtUninstallKB47537$\3607959586 c:\windows\XSxS . . ((((((((((((((((((((((((( Files Created from 2011-12-01 to 2012-01-01 ))))))))))))))))))))))))))))))) . . 2012-01-01 16:28 . 2012-01-01 16:28 -------- d-----w- c:\users\Sue Wilson\AppData\Roaming\Malwarebytes 2012-01-01 16:28 . 2012-01-01 16:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-01-01 16:28 . 2012-01-01 16:28 -------- d-----w- c:\programdata\Malwarebytes 2012-01-01 16:28 . 2011-12-10 22:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-01-01 07:39 . 2010-11-09 20:56 27984 ----a-w- c:\windows\system32\sbbd.exe 2012-01-01 07:38 . 2010-11-09 20:56 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2012-01-01 07:37 . 2012-01-01 10:45 -------- d-----w- C:\VIPRERESCUE 2012-01-01 07:32 . 2012-01-01 07:32 -------- d-----w- c:\users\Sue Wilson\AppData\Roaming\SUPERAntiSpyware.com 2012-01-01 07:32 . 2012-01-01 07:32 -------- d-----w- c:\program files\SUPERAntiSpyware 2012-01-01 07:32 . 2012-01-01 07:32 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2011-12-30 23:21 . 2011-12-30 23:21 -------- d-----w- c:\users\Larry Wilson\AppData\Local\Intuit 2011-12-30 23:11 . 2011-12-30 23:11 -------- d-----w- c:\users\Sue Wilson\AppData\Local\Proxure 2011-12-30 23:11 . 2011-12-30 23:11 -------- d-----w- c:\programdata\ClubSanDisk 2011-12-28 21:27 . 2011-12-28 21:29 -------- d-----w- C:\{186AC42C-4EFB-4867-ADFD-282C54AD6D33} 2011-12-23 18:43 . 2011-12-30 23:17 -------- d-----w- c:\users\Sue Wilson\AppData\Local\NPE 2011-12-19 18:50 . 2011-12-19 18:56 26872 ----a-w- c:\windows\system32\drivers\FixTDSS.sys 2011-12-19 18:50 . 2011-12-19 18:50 -------- d-----w- c:\users\Sue Wilson\AppData\Roaming\FixTDSS 2011-12-15 20:59 . 2011-10-27 08:01 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-12-15 20:59 . 2011-10-27 08:01 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-12-15 20:59 . 2011-11-23 13:37 2043904 ----a-w- c:\windows\system32\win32k.sys 2011-12-15 20:59 . 2011-10-14 16:02 429056 ----a-w- c:\windows\system32\EncDec.dll 2011-12-15 20:59 . 2011-11-08 12:10 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat 2011-12-15 20:59 . 2011-10-25 15:56 49152 ----a-w- c:\windows\system32\csrsrv.dll 2011-12-15 20:59 . 2011-11-08 14:42 2048 ----a-w- c:\windows\system32\tzres.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-30 20:12 . 2011-11-30 20:11 485576 ----a-w- c:\users\Sue Wilson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalina Marketing Corp\UninstallCouponActivator.exe 2011-11-03 21:23 . 2010-09-17 22:57 14744 ----a-w- c:\users\Sue Wilson\AppData\Roaming\Microsoft\IdentityCRL\ppcrlconfig.dll 2011-11-02 22:59 . 2011-07-24 20:02 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-02-19 39408] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-12-09 4616064] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="RtHDVCpl.exe" [2007-10-31 4702208] "ButtonMonitor"="c:\program files\IOI\ButtonMonitor.exe" [2007-05-11 53248] "QwestTouchPointAgent"="c:\program files\Qwest\Desktop\QwestTouchPointAgent.exe" [2010-02-12 45992] "Qwest Personal Digital Vault"="c:\program files\Qwest Personal Digital Vault\QwestPersonalDigitalVault.exe" [2009-12-18 1064808] "Skytel"="Skytel.exe" [2007-10-11 1826816] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152] "QuickCare"="c:\program files\Qwest\Quickcare\bin\sprtcmd.exe" [2010-01-16 206120] "Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] "Bing Bar"="c:\program files\MSN Toolbar\Platform\6.3.2348.0\mswinext.exe" [2010-10-11 273672] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160] "NapsterShell"="c:\program files\Napster\napster.exe" [2006-09-06 323216] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-06-11 30192] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2011-05-13 4283256] . c:\users\Sue Wilson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ DING!.lnk - c:\program files\Southwest Airlines\Ding\Ding.exe [2006-6-22 462848] OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Event Planner Reminder 2008.lnk - c:\windows\Installer\{747A6A10-DA58-48C2-A1F0-C15514419C8A}\Shortcut_EventPlan_5D0DF1BBD82E4FB2B98E4FDE42EF7EBB.exe [2010-3-3 1718] Event Reminder.lnk - c:\program files\PrintMaster Platinum 18\Remind.exe [2007-9-9 344064] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520] McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536] QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-9-16 972064] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-19 135664] R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-06-11 30192] R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-19 135664] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232] R3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 2589184] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040] S0 FixTDSS;TDSS Fixtool driver;c:\windows\system32\drivers\FixTDSS.sys [2011-12-19 26872] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664] S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2010-11-09 98392] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\Norton PC Checkup\Engine\2.0.2.547\SymcPCCULaunchSvc.exe [2011-12-15 177080] S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\Norton PC Checkup\Engine\2.0.2.547\ccSvcHst.exe [2009-08-24 126392] S2 sprtlisten;SupportSoft Listener Service;c:\program files\Common Files\supportsoft\bin\sprtlisten.exe [2008-01-08 1213728] S2 sprtsvc_quickcare;SupportSoft Sprocket Service (quickcare);c:\program files\Qwest\Quickcare\bin\sprtsvc.exe [2010-01-16 206120] S2 tgsrvc_quickcare;SupportSoft Repair Service (quickcare);c:\program files\Qwest\Quickcare\bin\tgsrvc.exe [2010-01-16 185640] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc NecUsbSevice REG_MULTI_SZ NecUsb . Contents of the 'Scheduled Tasks' folder . 2012-01-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-19 01:51] . 2012-01-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-19 01:51] . 2012-01-01 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task c9ac0e47-cb59-419d-9291-57c927210080.job - c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52] . 2012-01-01 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task f80da92e-4c14-43c7-848d-c4855c4003ec.job - c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52] . . ------- Supplementary Scan ------- . uStart Page = hxxp://ksl.com/ mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5674 uInternet Settings,ProxyOverride = ;.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.11 . - - - - ORPHANS REMOVED - - - - . AddRemove-LSI Soft Modem - c:\windows\agrsmdel . . . *********************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, »www.gmer.net Rootkit scan 2012-01-01 09:59 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\PCCUJobMgr] "ImagePath"="\"c:\program files\Norton PC Checkup\Engine\2.0.2.547\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files\Norton PC Checkup\Engine\2.0.2.547\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . Completion time: 2012-01-01 10:00:27 ComboFix-quarantined-files.txt 2012-01-01 17:00 . Pre-Run: 346,701,611,008 bytes free Post-Run: 346,806,652,928 bytes free . - - End Of File - - A08C0C3F055FCBFE271D11B1D647C8A1 -- Allen Crist CCW Technology Computer Repair, South Jordan, Utah »www.ccwtech.com
	to forum · permalink · 2012-01-02 14:31:12 ·
LoPhatPhuud Premium,VIP,MVM join:2002-01-06 Albuquerque, NM kudos:23 Reviews: ·Comcast 1 edit	reply to ccwtech Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop. http://download.bleepingcomputer.com/rootrepeal/MBRCheck.exe http://ad13.geekstogo.com/MBRCheck.exe http://www.kernelmode.info/MBRCheck.exe Double-click on MBRCheck.exe to run it. Vista/Windows 7 users right-click and select Run As Administrator. It will open a black screen with some data on it...please do not fix anything (if it gives you an option). When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard. A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will be created on the desktop. Copy and paste the contents of that log in your next reply. -- When angry count four; when very angry, swear. Microsoft MVP/Consumer Security 2005-2011 Gladiator Security Forum
	to forum · permalink · 2012-01-02 19:26:52 ·
ccwtech Premium join:2002-02-26 South Jordan, UT	MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows Vista Home Premium Edition Windows Information: Service Pack 2 (build 6002), 32-bit Base Board Manufacturer: ECS BIOS Manufacturer: Phoenix Technologies, LTD System Manufacturer: Gateway System Product Name: GT5674 Logical Drives Mask: 0x000003dc Kernel Drivers (total 143): 0x8363A000 \SystemRoot\system32\ntkrnlpa.exe 0x83607000 \SystemRoot\system32\hal.dll 0x8040A000 \SystemRoot\system32\kdcom.dll 0x80411000 \SystemRoot\system32\PSHED.dll 0x80422000 \SystemRoot\system32\BOOTVID.dll 0x8042A000 \SystemRoot\system32\CLFS.SYS 0x8046B000 \SystemRoot\system32\CI.dll 0x8054B000 \SystemRoot\system32\drivers\FixTDSS.sys 0x80550000 \SystemRoot\system32\drivers\Wdf01000.sys 0x805CC000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x8060A000 \SystemRoot\system32\drivers\acpi.sys 0x80650000 \SystemRoot\system32\drivers\WMILIB.SYS 0x80659000 \SystemRoot\system32\drivers\msisadrv.sys 0x80661000 \SystemRoot\system32\drivers\pci.sys 0x80688000 \SystemRoot\System32\drivers\partmgr.sys 0x80697000 \SystemRoot\system32\DRIVERS\compbatt.sys 0x8069A000 \SystemRoot\system32\DRIVERS\BATTC.SYS 0x806A4000 \SystemRoot\system32\drivers\volmgr.sys 0x806B3000 \SystemRoot\System32\drivers\volmgrx.sys 0x806FD000 \SystemRoot\system32\drivers\pciide.sys 0x80704000 \SystemRoot\system32\drivers\PCIIDEX.SYS 0x80712000 \SystemRoot\System32\drivers\mountmgr.sys 0x80722000 \SystemRoot\system32\drivers\atapi.sys 0x8072A000 \SystemRoot\system32\drivers\ataport.SYS 0x80748000 \SystemRoot\system32\drivers\nvstor.sys 0x80755000 \SystemRoot\system32\drivers\storport.sys 0x80796000 \SystemRoot\system32\DRIVERS\nvstor32.sys 0x807B3000 \SystemRoot\system32\drivers\fltmgr.sys 0x807E5000 \SystemRoot\system32\drivers\fileinfo.sys 0x8B007000 \SystemRoot\System32\Drivers\ksecdd.sys 0x8B078000 \SystemRoot\system32\drivers\ndis.sys 0x8B183000 \SystemRoot\system32\drivers\msrpc.sys 0x8B1AE000 \SystemRoot\system32\drivers\NETIO.SYS 0x8B208000 \SystemRoot\System32\drivers\tcpip.sys 0x8B2F2000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x8B408000 \SystemRoot\System32\Drivers\Ntfs.sys 0x8B518000 \SystemRoot\system32\drivers\volsnap.sys 0x8B551000 \SystemRoot\System32\Drivers\spldr.sys 0x8B559000 \SystemRoot\System32\Drivers\mup.sys 0x8B568000 \SystemRoot\System32\drivers\ecache.sys 0x8B58F000 \SystemRoot\system32\DRIVERS\gagp30kx.sys 0x8B5A0000 \SystemRoot\system32\drivers\disk.sys 0x8B5B1000 \SystemRoot\system32\drivers\CLASSPNP.SYS 0x8B5D2000 \SystemRoot\system32\drivers\crcdisk.sys 0x8B5F2000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x8B32A000 \SystemRoot\system32\DRIVERS\tunmp.sys 0x8B333000 \SystemRoot\system32\DRIVERS\processr.sys 0x8B342000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0x8B355000 \SystemRoot\system32\DRIVERS\usbohci.sys 0x8B35F000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x8B39D000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x8EA0A000 \SystemRoot\system32\DRIVERS\AGRSM.sys 0x8EB27000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x8EB29000 \SystemRoot\system32\drivers\modem.sys 0x8EB36000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x8EBC3000 \SystemRoot\System32\Drivers\Cdr4_xp.SYS 0x8EBCE000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x8EBE6000 \SystemRoot\System32\Drivers\Cdralw2k.SYS 0x8EBED000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys 0x8B3AC000 \SystemRoot\system32\DRIVERS\nvmfdx32.sys 0x8F200000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys 0x8FB11000 \SystemRoot\system32\DRIVERS\nvBridge.kmd 0x8FB13000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x8FBB3000 \SystemRoot\System32\drivers\watchdog.sys 0x8FBBF000 \SystemRoot\system32\DRIVERS\msiscsi.sys 0x8FBEE000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x8B1E9000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x8EBF3000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x805D9000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x8FE0E000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x8FE1D000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x8FE31000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x8FE46000 \SystemRoot\system32\DRIVERS\termdd.sys 0x8FE56000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x8FE61000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x8FE6C000 \SystemRoot\system32\DRIVERS\swenum.sys 0x8FE6E000 \SystemRoot\system32\DRIVERS\ks.sys 0x8FE98000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x8FEA2000 \SystemRoot\system32\DRIVERS\umbus.sys 0x8FEAF000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x8FEE4000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x90004000 \SystemRoot\system32\drivers\RTKVHDA.sys 0x8FEF5000 \SystemRoot\system32\drivers\portcls.sys 0x8FF22000 \SystemRoot\system32\drivers\drmk.sys 0x901EE000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0x901F7000 \SystemRoot\System32\Drivers\Null.SYS 0x8FF47000 \SystemRoot\System32\Drivers\Beep.SYS 0x8FF4E000 \??\C:\Windows\system32\drivers\SBREdrv.sys 0x8FF6E000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0x8FF75000 \SystemRoot\System32\drivers\vga.sys 0x8FF81000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x8FFA2000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x8FFAA000 \SystemRoot\system32\drivers\rdpencdd.sys 0x8FFB2000 \SystemRoot\System32\Drivers\Msfs.SYS 0x8FFBD000 \SystemRoot\System32\Drivers\Npfs.SYS 0x8FFCB000 \SystemRoot\System32\DRIVERS\rasacd.sys 0x8FFD4000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0x9020E000 \SystemRoot\system32\DRIVERS\tdx.sys 0x90224000 \SystemRoot\system32\DRIVERS\hidusb.sys 0x9022D000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0x9023D000 \SystemRoot\system32\DRIVERS\smb.sys 0x90251000 \SystemRoot\system32\DRIVERS\mouhid.sys 0x90259000 \SystemRoot\System32\DRIVERS\netbt.sys 0x9028B000 \SystemRoot\system32\drivers\afd.sys 0x902D3000 \SystemRoot\system32\DRIVERS\pacer.sys 0x902E9000 \SystemRoot\system32\drivers\RTSTOR.SYS 0x902F8000 \SystemRoot\system32\DRIVERS\netbios.sys 0x90306000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x90319000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 0x9033B000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 0x90341000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x9037D000 \SystemRoot\system32\drivers\nsiproxy.sys 0x90387000 \SystemRoot\System32\Drivers\dfsc.sys 0x9039E000 \SystemRoot\System32\Drivers\crashdmp.sys 0x903AB000 \SystemRoot\System32\Drivers\dump_diskdump.sys 0x903B5000 \SystemRoot\System32\Drivers\dump_nvstor32.sys 0x99E90000 \SystemRoot\System32\win32k.sys 0x903D2000 \SystemRoot\System32\drivers\Dxapi.sys 0x903DC000 \SystemRoot\system32\DRIVERS\monitor.sys 0x9A0B0000 \SystemRoot\System32\TSDDD.dll 0x9A0D0000 \SystemRoot\System32\cdd.dll 0x8B30D000 \SystemRoot\system32\drivers\luafv.sys 0x80E02000 \SystemRoot\system32\drivers\spsys.sys 0x80EB2000 \SystemRoot\system32\DRIVERS\lltdio.sys 0x80EC2000 \SystemRoot\system32\DRIVERS\nwifi.sys 0x80EEC000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0x80EF6000 \SystemRoot\system32\DRIVERS\rspndr.sys 0x80F09000 \SystemRoot\system32\drivers\HTTP.sys 0x80F76000 \SystemRoot\System32\DRIVERS\srvnet.sys 0x80F93000 \SystemRoot\system32\DRIVERS\bowser.sys 0x80FAC000 \SystemRoot\system32\drivers\mrxdav.sys 0x80FCD000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0x81E0B000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0x81E44000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0x81E5C000 \SystemRoot\System32\DRIVERS\srv2.sys 0x81E84000 \SystemRoot\System32\DRIVERS\srv.sys 0x81ED3000 \SystemRoot\system32\drivers\peauth.sys 0x81FB1000 \SystemRoot\System32\Drivers\secdrv.SYS 0x81FBB000 \SystemRoot\System32\drivers\tcpipreg.sys 0x81FC7000 \SystemRoot\system32\DRIVERS\WUDFRd.sys 0x81FDC000 \SystemRoot\system32\DRIVERS\WUDFPf.sys 0x8B5DB000 \SystemRoot\system32\DRIVERS\cdfs.sys 0x775B0000 \WINDOWS\System32\ntdll.dll Processes (total 87): 0 System Idle Process 4 System 1192 C:\WINDOWS\System32\smss.exe 548 csrss.exe 828 C:\WINDOWS\System32\wininit.exe 968 csrss.exe 1040 C:\WINDOWS\System32\services.exe 1380 C:\WINDOWS\System32\lsass.exe 1196 C:\WINDOWS\System32\lsm.exe 1284 C:\WINDOWS\System32\winlogon.exe 1504 C:\WINDOWS\System32\svchost.exe 1548 C:\WINDOWS\System32\nvvsvc.exe 1520 C:\WINDOWS\System32\svchost.exe 1644 C:\WINDOWS\System32\svchost.exe 1696 C:\WINDOWS\System32\svchost.exe 1712 C:\WINDOWS\System32\svchost.exe 1776 C:\WINDOWS\System32\audiodg.exe 1280 C:\WINDOWS\System32\svchost.exe 1928 C:\WINDOWS\System32\SLsvc.exe 1972 C:\WINDOWS\System32\svchost.exe 132 C:\WINDOWS\System32\nvvsvc.exe 2008 C:\WINDOWS\System32\svchost.exe 764 C:\WINDOWS\System32\spoolsv.exe 372 C:\Program Files\SUPERAntiSpyware\SASCore.exe 464 C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe 716 C:\WINDOWS\System32\agrsmsvc.exe 780 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 724 C:\Program Files\Bonjour\mDNSResponder.exe 456 C:\WINDOWS\System32\svchost.exe 908 C:\WINDOWS\System32\svchost.exe 824 C:\WINDOWS\System32\svchost.exe 340 C:\Program Files\Norton PC Checkup\Engine\2.0.2.547\ccSvcHst.exe 328 C:\WINDOWS\System32\svchost.exe 1596 C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe 784 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 2092 C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe 2132 C:\Program Files\Qwest\Quickcare\bin\sprtsvc.exe 2152 C:\WINDOWS\System32\svchost.exe 2180 C:\Program Files\Qwest\Quickcare\bin\tgsrvc.exe 2324 C:\WINDOWS\System32\svchost.exe 2348 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE 2396 C:\WINDOWS\System32\SearchIndexer.exe 2504 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE 2596 WUDFHost.exe 2864 C:\WINDOWS\System32\taskeng.exe 3080 C:\Program Files\Norton PC Checkup\Engine\2.0.2.547\ccSvcHst.exe 3144 C:\WINDOWS\System32\dwm.exe 3188 C:\WINDOWS\System32\taskeng.exe 3304 C:\WINDOWS\explorer.exe 3520 C:\WINDOWS\RtHDVCpl.exe 3528 C:\Program Files\IOI\ButtonMonitor.exe 3548 C:\Program Files\Qwest Personal Digital Vault\QwestPersonalDigitalVault.exe 3572 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe 3580 C:\Program Files\Qwest\Quickcare\bin\sprtcmd.exe 3604 C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\mswinext.exe 3616 C:\Program Files\iTunes\iTunesHelper.exe 3628 C:\Program Files\Napster\napster.exe 3636 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe 3652 C:\WINDOWS\ehome\ehtray.exe 3668 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe 3692 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe 3732 C:\Program Files\Creative Home\Hallmark Card Studio 2008\Planner\PLNRnote.exe 3756 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe 3764 C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe 3772 C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe 3780 C:\Program Files\Southwest Airlines\Ding\Ding.exe 3788 C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE 3888 C:\Program Files\Windows Media Player\wmpnscfg.exe 4084 C:\Program Files\Windows Media Player\wmpnetwk.exe 1752 C:\WINDOWS\ehome\ehmsas.exe 4000 C:\Program Files\Internet Explorer\iexplore.exe 3440 C:\Program Files\Internet Explorer\iexplore.exe 3680 C:\WINDOWS\System32\svchost.exe 3600 C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe 3432 C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe 1156 C:\Program Files\iPod\bin\iPodService.exe 4508 C:\WINDOWS\System32\Macromed\Flash\FlashUtil11c_ActiveX.exe 5136 C:\Program Files\Norton PC Checkup\Engine\2.0.2.547\SymcPCCULaunchSvc.exe 5524 WmiPrvSE.exe 5392 C:\Program Files\Internet Explorer\iexplore.exe 4880 C:\WINDOWS\System32\SearchProtocolHost.exe 4436 C:\WINDOWS\System32\SearchFilterHost.exe 5488 C:\WINDOWS\System32\wbem\WMIADAP.exe 4808 WmiPrvSE.exe 4688 dllhost.exe 5536 dllhost.exe 5316 C:\Users\Sue Wilson\Desktop\MBRCheck.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`bba00000 (NTFS) \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS) PhysicalDrive0 Model Number: ST3500418AS, Rev: CC38 Size Device Name MBR Status -------------------------------------------- 465 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979 Done! -- Allen Crist CCW Technology Computer Repair, South Jordan, Utah »www.ccwtech.com
	to forum · permalink · 2012-01-02 19:42:35 ·
LoPhatPhuud Premium,VIP,MVM join:2002-01-06 Albuquerque, NM kudos:23 Reviews: ·Comcast	reply to ccwtech Thanks. Nothing shows in any of the logs. I notices TDSS fix so had you run MBR Check which is a more definitive check. OTL also, shows that the Event Logging service is not running. A portion of Windows may have been corrupted or damaged by the exploit you had. That is the next logical step in diagnosis. Unfortunately, it is beyond the scope of this forum. Your best choice is Microsoft Answers: »answers.microsoft.com/en-us Post the link to this thread so they can review the logs if needed. Cleanup instructions are in the following post... -- When angry count four; when very angry, swear. Microsoft MVP/Consumer Security 2005-2011 Gladiator Security Forum
	to forum · permalink · 2012-01-02 20:56:29 ·
LoPhatPhuud Premium,VIP,MVM join:2002-01-06 Albuquerque, NM kudos:23 Reviews: ·Comcast	reply to ccwtech Cleaning Up: Delete TFC: Delete the TFC icon on your Desktop Delete OTL: Double click the OTL icon on your Desktop Press the 'Cleanup' button Delete Security Check: Delete the SecurityCheck icon on your Desktop Delete Malware Bytes: We recommend that you keep MalwareBytes (MBAM) and run it every week. There is no charge to keep the program however the real time protection will stop after the trial period. Be sure to update the definitions before each use. If you decide not to keep MBAM, use Add/Remove Programs to uninstall it. Delete Sophos AntiRootkit If we asked you to run Sophos AntiRootkit program, uninstall it thru Add/Remove Programs. Other Programs: If we asked you to install any other programs that are not removed by the OTL cleanup procedure, we will provide separate removal instructions. -- When angry count four; when very angry, swear. Microsoft MVP/Consumer Security 2005-2011 Gladiator Security Forum
	to forum · permalink · 2012-01-02 20:56:49 ·
ccwtech Premium join:2002-02-26 South Jordan, UT	Thank you for your help!
	to forum · permalink · 2012-01-02 21:03:44 ·

Broadband Tech > Security > Security Cleanup > [Virus] PS2 Keyboard / mouse doesn't work after virus attack.

Re: [Virus] PS2 Keyboard / mouse doesn't work after virus attack