AVG8.5 detected Packed.Rolex virus [Solved]

Need a geek? Geeks to Go offers free, quality tech support -- in terms anyone can understand. Volunteers are waiting to help, friendly, technology experts who have knowledge to share, and enjoy helping others. Feel free to browse the site as a guest. However, you must log in to reply to existing topics, or to start a new topic. Other benefits of joining include richer forum features, and removal of all advertising. Learn more in our Welcome Guide Infected? Malware and Spyware Cleaning Guide. What are you waiting for? Click here to join for free today!

> Geeks to Go! » Security » Virus, Spyware and Trojan Removal

2 Pages

1 2 >

AVG8.5 detected Packed.Rolex virus [Solved], Unable to remove Packed.Rolex Virus 17-Jun-09

Options

DUTCH8888 View Member Profile	Jun 17 2009, 12:29 PM Post #1
Member Posts: 14 OS: XP SP3	Hello, my system is infected by Packed.Rolex virus. I used AVG8.5 to scan and remove/delete/heal but it can not do the job it seems. From reading others with this problem, I have the OTL downloaded now and just ran this (from Safe Mode). Here is the OTL.TXT data: OTL logfile created on: 6/17/2009 1:45:31 PM - Run 1 OTL by OldTimer - Version 2.1.1.0 Folder = C:\Documents and Settings\Owner\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 \| Country: United States \| Language: ENU \| Date Format: M/d/yyyy 1022.80 Mb Total Physical Memory \| 795.26 Mb Available Physical Memory \| 77.75% Memory free 2.86 Gb Paging File \| 2.77 Gb Available in Paging File \| 96.75% Paging File free Paging file location(s): C:\pagefile.sys 2000 4096 [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\WINDOWS \| %ProgramFiles% = C:\Program Files Drive C: \| 74.53 Gb Total Space \| 48.49 Gb Free Space \| 65.07% Space Free \| Partition Type: NTFS Drive D: \| 19.07 Gb Total Space \| 8.66 Gb Free Space \| 45.39% Space Free \| Partition Type: FAT32 E: Drive not present or media not loaded F: Drive not present or media not loaded Drive G: \| 1.91 Gb Total Space \| 1.90 Gb Free Space \| 99.33% Space Free \| Partition Type: FAT H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: B-TOP Current User Name: Owner Logged in as Administrator. Current Boot Mode: SafeMode with Networking Scan Mode: Current user Output = Minimal File Age = 30 Days Company Name Whitelist: On ========== Processes (SafeList) ========== PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation) PRC - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools) ========== Win32 Services (SafeList) ========== SRV - (aspnet_state [On_Demand \| Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation) SRV - (avg8wd [Auto \| Stopped]) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (clr_optimization_v2.0.50727_32 [On_Demand \| Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (Creative Service for CDROM Access [Auto \| Stopped]) -- C:\WINDOWS\System32\CTsvcCDA.exe (Creative Technology Ltd) SRV - (FontCache3.0.0.0 [On_Demand \| Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) SRV - (gusvc [On_Demand \| Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google) SRV - (helpsvc [Auto \| Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation) SRV - (IDriverT [On_Demand \| Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (idsvc [Unknown \| Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation) SRV - (InCDsrv [Auto \| Stopped]) -- C:\Program Files\Ahead\InCD\InCDsrv.exe (Ahead Software AG) SRV - (iPodService [On_Demand \| Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Computer, Inc.) SRV - (Iprip [Auto \| Stopped]) -- C:\WINDOWS\System32\iprip.dll (Microsoft Corporation) SRV - (LPDSVC [On_Demand \| Stopped]) -- C:\WINDOWS\System32\tcpsvcs.exe (Microsoft Corporation) SRV - (MDM [On_Demand \| Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation) SRV - (NetSvc [On_Demand \| Stopped]) -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe (Intel® Corporation) SRV - (NetTcpPortSharing [Disabled \| Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation) SRV - (nmservice [Auto \| Stopped]) -- File not found SRV - (NVSvc [Auto \| Stopped]) -- C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation) SRV - (PictureTaker [On_Demand \| Stopped]) -- C:\WINDOWS\System32\PCTKRNT.SYS (LANovation) SRV - (Pml Driver HPZ12 [Unknown \| Stopped]) -- C:\WINDOWS\system32\HPZipm12.exe (HP) SRV - (PrismXL [On_Demand \| Stopped]) -- C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS (Lanovation) SRV - (SimpTcp [Auto \| Stopped]) -- C:\WINDOWS\System32\tcpsvcs.exe (Microsoft Corporation) SRV - (SNMP [Auto \| Stopped]) -- C:\WINDOWS\System32\snmp.exe (Microsoft Corporation) SRV - (WMDM PMSP Service [Auto \| Stopped]) -- C:\WINDOWS\System32\MsPMSPSv.exe (Microsoft Corporation) SRV - (WMPNetworkSvc [On_Demand \| Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (ASAPIW2k [On_Demand \| Running]) -- C:\WINDOWS\system32\drivers\ASAPIW2k.sys (VOB Computersysteme GmbH) DRV - (ASPI32 [System \| Stopped]) -- C:\WINDOWS\System32\drivers\ASPI32.SYS (Adaptec) DRV - (AvgLdx86 [System \| Stopped]) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.) DRV - (AvgMfx86 [System \| Stopped]) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.) DRV - (AvgTdiX [System \| Running]) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.) DRV - (BCMModem [On_Demand \| Stopped]) -- C:\WINDOWS\System32\DRIVERS\BCMDM.sys (BCM) DRV - (COMMONFX.DLL [On_Demand \| Stopped]) -- C:\WINDOWS\system32\COMMONFX.DLL (Creative Technology Ltd) DRV - (CT20XUT.DLL [On_Demand \| Stopped]) -- C:\WINDOWS\system32\CT20XUT.DLL (Creative Technology Ltd.) DRV - (ctac32k [On_Demand \| Stopped]) -- C:\WINDOWS\system32\drivers\ctac32k.sys (Creative Technology Ltd) DRV - (ctaud2k [On_Demand \| Stopped]) -- C:\WINDOWS\system32\drivers\ctaud2k.sys (Creative Technology Ltd) DRV - (CTAUDFX.DLL [On_Demand \| Stopped]) -- C:\WINDOWS\system32\CTAUDFX.DLL (Creative Technology Ltd) DRV - (ctdvda2k [On_Demand \| Stopped]) -- C:\WINDOWS\system32\drivers\ctdvda2k.sys (Creative Technology Ltd) DRV - (CTEAPSFX.DLL [On_Demand \| Stopped]) -- C:\WINDOWS\system32\CTEAPSFX.DLL (Creative Technology Ltd) DRV - (CTEDSPFX.DLL [On_Demand \| Stopped]) -- C:\WINDOWS\system32\CTEDSPFX.DLL (Creative Technology Ltd) DRV - (CTEDSPIO.DLL [On_Demand \| Stopped]) -- C:\WINDOWS\system32\CTEDSPIO.DLL (Creative Technology Ltd) DRV - (CTEDSPSY.DLL [On_Demand \| Stopped]) -- C:\WINDOWS\system32\CTEDSPSY.DLL (Creative Technology Ltd) DRV - (CTERFXFX.DLL [On_Demand \| Stopped]) -- C:\WINDOWS\system32\CTERFXFX.DLL (Creative Technology Ltd) DRV - (CTEXFIFX.DLL [On_Demand \| Stopped]) -- C:\WINDOWS\system32\CTEXFIFX.DLL (Creative Technology Ltd.) DRV - (CTHWIUT.DLL [On_Demand \| Stopped]) -- C:\WINDOWS\system32\CTHWIUT.DLL (Creative Technology Ltd.) DRV - (ctprxy2k [On_Demand \| Stopped]) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys (Creative Technology Ltd) DRV - (CTSBLFX.DLL [On_Demand \| Stopped]) -- C:\WINDOWS\system32\CTSBLFX.DLL (Creative Technology Ltd) DRV - (ctsfm2k [On_Demand \| Stopped]) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd) DRV - (DCamUSBSQTECH [On_Demand \| Stopped]) -- C:\WINDOWS\System32\Drivers\SQcaptur.sys (Service & Quality Technology.) DRV - (E1000 [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\e1000325.sys (Intel Corporation) DRV - (emupia [On_Demand \| Stopped]) -- C:\WINDOWS\system32\drivers\emupia2k.sys (Creative Technology Ltd) DRV - (GEARAspiWDM [On_Demand \| Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.) DRV - (GTWModem [On_Demand \| Stopped]) -- C:\WINDOWS\System32\DRIVERS\GWMDM.sys (GTW) DRV - (ha10kx2k [On_Demand \| Stopped]) -- C:\WINDOWS\system32\drivers\ha10kx2k.sys (Creative Technology Ltd) DRV - (hap16v2k [On_Demand \| Stopped]) -- C:\WINDOWS\system32\drivers\hap16v2k.sys (Creative Technology Ltd) DRV - (hap17v2k [On_Demand \| Stopped]) -- C:\WINDOWS\system32\drivers\hap17v2k.sys (Creative Technology Ltd) DRV - (HekkoVirtualCD [System \| Running]) -- C:\WINDOWS\System32\Drivers\hvcd.sys (Circle of One Software) DRV - (HPZid412 [On_Demand \| Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZid412.sys (HP) DRV - (HPZipr12 [On_Demand \| Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZipr12.sys (HP) DRV - (HPZius12 [On_Demand \| Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZius12.sys (HP) DRV - (InCDfs [Disabled \| Stopped]) -- C:\WINDOWS\System32\drivers\InCDfs.sys (Ahead Software AG) DRV - (InCDPass [System \| Running]) -- C:\WINDOWS\System32\DRIVERS\InCDPass.sys (Ahead Software AG) DRV - (incdrm [System \| Running]) -- C:\WINDOWS\System32\drivers\InCDrm.sys (Ahead Software AG) DRV - (LHidKe [On_Demand \| Stopped]) -- C:\WINDOWS\System32\DRIVERS\LHidKE.Sys (Logitech, Inc.) DRV - (LHidUsbK [On_Demand \| Stopped]) -- C:\WINDOWS\System32\Drivers\LHidUsbK.Sys (Logitech, Inc.) DRV - (LMouKE [On_Demand \| Stopped]) -- C:\WINDOWS\System32\DRIVERS\LMouKE.Sys (Logitech, Inc.) DRV - (lne100v5 [On_Demand \| Stopped]) -- C:\WINDOWS\System32\DRIVERS\lne100v5.sys (LinkSys Group Inc.) DRV - (magicpvt [System \| Stopped]) -- C:\WINDOWS\system32\drivers\magicpvt.sys (Samsung Electronics, Inc.) DRV - (MODEMCSA [On_Demand \| Stopped]) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation) DRV - (MREMPR5 [On_Demand \| Stopped]) -- C:\Program Files\Common Files\Motive\MREMPR5.sys (Motive, Inc.) DRV - (MRENDIS5 [On_Demand \| Stopped]) -- C:\Program Files\Common Files\Motive\MRENDIS5.sys (Motive, Inc.) DRV - (nv [On_Demand \| Stopped]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation) DRV - (ossrv [On_Demand \| Stopped]) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.) DRV - (PcdrNt [On_Demand \| Stopped]) -- C:\WINDOWS\System32\drivers\PcdrNt.sys (PC-Doctor Inc.) DRV - (Pfc [On_Demand \| Running]) -- C:\WINDOWS\System32\drivers\pfc.sys (Padus, Inc.) DRV - (pnarp [Auto \| Stopped]) -- C:\WINDOWS\System32\DRIVERS\pnarp.sys (Pure Networks, Inc.) DRV - (Ptilink [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.) DRV - (purendis [Auto \| Stopped]) -- C:\WINDOWS\System32\DRIVERS\purendis.sys (Pure Networks, Inc.) DRV - (ROOTMODEM [On_Demand \| Stopped]) -- C:\WINDOWS\System32\Drivers\RootMdm.sys (Microsoft Corporation) DRV - (Secdrv [On_Demand \| Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) DRV - (SNXPCARD [On_Demand \| Stopped]) -- C:\WINDOWS\System32\DRIVERS\snxpcard.sys (Sunix) DRV - (SNXPPALX [On_Demand \| Stopped]) -- C:\WINDOWS\System32\DRIVERS\snxppalx.sys (Sunix) DRV - (usbaudio [On_Demand \| Stopped]) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "about:blank" FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.11 FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/03/29 18:34:19 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\PROGRAM FILES\REAL\REALPLAYER\BROWSERRECORD [2009/04/25 15:30:11 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/06/13 15:25:17 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/06/13 15:25:15 \| 00,000,000 \| ---D \| M] [2009/05/09 12:03:36 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Extensions [2009/05/09 12:03:36 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009/05/09 12:03:36 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\fk3012cr.default\extensions [2009/05/09 12:03:14 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions [2009/06/13 15:25:15 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009/06/13 15:25:09 \| 00,023,032 \| ---- \| M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll [2009/06/13 15:25:09 \| 00,134,648 \| ---- \| M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll [2009/04/23 20:39:08 \| 00,001,394 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml [2009/04/23 20:39:08 \| 00,002,193 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml [2009/04/23 20:39:08 \| 00,001,534 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml [2009/04/23 20:39:08 \| 00,002,343 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml [2009/04/23 20:39:08 \| 00,001,706 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml [2009/04/23 20:39:08 \| 00,001,178 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml [2009/04/23 20:39:08 \| 00,000,792 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (AVG Security Toolbar) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.) O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.) O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\FDM\iefdm2.dll () O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG Technologies CZ, s.r.o.) O3 - HKLM\..\Toolbar: (no name) - Locked - Reg Error: Key error. File not found O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [19379374] C:\Documents and Settings\All Users\Application Data\19379374\19379374.exe File not found O4 - HKLM..\Run: [99389366] C:\Documents and Settings\All Users\Application Data\99389366\99389366.exe File not found O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated) O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [CircleVirtualCD] C:\Program Files\VirtualCD\HvcdUI.exe (Circle of One Software) O4 - HKLM..\Run: [GWMDMMSG] GWMDMMSG.exe (GTW) O4 - HKLM..\Run: [GWMDMpi] C:\WINDOWS\GWMDMpi.exe () O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe (HP) O4 - HKLM..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe (Ahead Software AG) O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE (Logitech Inc.) O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation) O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Computer, Inc.) O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.) O4 - HKCU..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" (Ahead Software AG) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = _ [binary data] O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemyfios.verizon.net/sdcCommo...IOS/tgctlcm.cab (Support.com Configuration Class) O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control) O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft.com/fwlink/?linkid=67633 (Office Genuine Advantage Validation Tool) O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://support.gateway.com/support/profiler/PCPitStop.CAB (PCPitstop Utility) O16 - DPF: {0F04992B-E661-4DB9-B223-903AB628225D} file://C:\Program Files\Gateway\Do More\DoMoreRunExe.CAB (DoMoreRunExe.DoMoreRun) O16 - DPF: {156BF4B7-AE3A-4365-BD88-95A75AF8F09D} http://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab (HPSDDX Class) O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} http://static.windupdates.com/cab/ClickYes.../bridge-c18.cab (Reg Error: Key error.) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shock...director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?LinkID=39204 (Windows Genuine Advantage Validation Tool) O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} file://c:\counter.cab (Reg Error: Key error.) O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} http://adserver.sharewareonline.com/adserver/Install.cab (Reg Error: Key error.) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.macromedia.com/pub/shock...director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} https://support.microsoft.com/OAS/ActiveX/odc.cab (Microsoft PID Sniffer) O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine) O16 - DPF: {511073AD-BE56-4D43-AE68-93390514385E} hcp://system/TechTools.CAB (TechToolsActivex.TechTools) O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} http://software-dl.real.com/09c14f2f3a937e...ip/RdxIE601.cab (RdxIE Class) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1229643722093 (WUWebControl Class) O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab (System Requirements Lab Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1231557902937 (MUWebControl Class) O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager) O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} hcp://system/RunExeActiveX.CAB (RunExeActiveX.RunExe) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.4.2/jinstall-...indows-i586.cab (Java Plug-in 1.4.2_15) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {93CEA8A4-6059-4E0B-ADDD-73848153DD5E} http://support.gateway.com/eSupport/static...h/weblaunch.cab (CWebLaunchCtl Object) O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} hcp://system/StartFirstControl.CAB (StartFirstControl.CheckFirst) O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} http://support.gateway.com/support/serialharvest/gwCID.CAB (compid Class) O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx (Get_ActiveX Control) O16 - DPF: {CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_15) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flash...ent/swflash.cab (Shockwave Flash Object) O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe (Virtools WebPlayer Class) O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?326 (QDiagHUpdateObj Class) O16 - DPF: DigiChat Applet http://chat.onemodelplace.com/DigiChat/Dig...s/Client_IE.cab (Reg Error: Key error.) O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O16 - DPF: vzTCPConfig http://www.verizon.net/checkmypc/fios/incl...vzTCPConfig.CAB (Reg Error: Key error.) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\puresp3.dll (Pure Networks, Inc.) O18 - Protocol\Filter: - x-sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) O24 - Desktop Components:0 (My Current Home Page) - About:Home O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (/p) - File not found O34 - HKLM BootExecute: (\??\C:) - C: [2009/06/17 13:41:44 \| 00,000,000 \| ---D \| M] O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: () - [2009/06/17 13:41:44 \| 00,000,000 \| ---D \| M] O34 - HKLM BootExecute: (smrgdf) - File not found O34 - HKLM BootExecute: (C:\Program) - File not found O34 - HKLM BootExecute: (Files\iolo\System) - File not found O34 - HKLM BootExecute: (Mechanic) - File not found O34 - HKLM BootExecute: (Professional) - File not found O34 - HKLM BootExecute: (6\) - File not found ========== Files/Folders - Created Within 30 Days ========== [2009/06/17 13:41:44 \| 03,026,777 \| R--- \| C] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe [2009/06/17 13:41:44 \| 00,501,760 \| R--- \| C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe [2009/06/17 13:41:44 \| 00,187,904 \| R--- \| C] (Soeperman Enterprises Ltd.) -- C:\Documents and Settings\Owner\Desktop\HijackThis.exe [2009/06/17 13:41:44 \| 00,170,711 \| R--- \| C] (Eric_71) -- C:\Documents and Settings\Owner\Desktop\Rooter.exe [2009/06/14 15:06:01 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\Owner\Application Data\Help [2009/06/14 15:05:43 \| 00,000,596 \| ---- \| C] () -- C:\Documents and Settings\Owner\Desktop\Dclock.exe.lnk [2009/06/13 17:18:22 \| 00,058,822 \| ---- \| C] () -- C:\WINDOWS\System32\SKYNETlog.dat [2009/06/13 17:14:27 \| 00,000,276 \| ---- \| C] () -- C:\WINDOWS\System32\MRT.INI [2009/06/13 16:51:24 \| 00,000,000 \| ---- \| C] () -- C:\Documents and Settings\All Users\Application Data\99389366.ini [2009/06/13 14:55:49 \| 00,000,000 \| ---D \| C] -- C:\Program Files\hp deskjet 930c series [2009/06/13 14:52:36 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\Owner\Application Data\Printer Info Cache [2009/06/13 14:52:27 \| 00,001,791 \| ---- \| C] () -- C:\Documents and Settings\All Users\Desktop\HP Photosmart Essential.lnk [2009/06/13 10:52:01 \| 00,246,272 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieproxy.dll [2009/06/13 10:52:01 \| 00,012,800 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpshims.dll [2009/06/03 17:42:13 \| 00,000,649 \| -HS- \| C] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ChkDisk.lnk [2009/05/29 18:44:34 \| 00,035,328 \| ---- \| C] () -- C:\Documents and Settings\Owner\My Documents\ChinaPaint Suppliers.doc [2009/05/27 20:57:57 \| 08,461,312 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\shell32.backup [2009/05/26 22:31:05 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\Owner\My Documents\My Scans [2009/05/26 22:17:52 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\Owner\Application Data\Image Zone Express [2009/05/26 22:04:09 \| 00,000,000 \| ---- \| C] () -- C:\WINDOWS\hpqemlsz.INI [2009/05/26 22:03:14 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Common Files\HP [2009/05/26 22:01:24 \| 00,000,984 \| ---- \| C] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk [2009/05/26 21:57:46 \| 00,000,000 \| ---D \| C] -- C:\Program Files\HP [2009/05/26 21:54:51 \| 00,100,894 \| ---- \| C] () -- C:\WINDOWS\hpgins17.dat.temp [2009/05/26 21:27:05 \| 00,000,284 \| ---- \| C] () -- C:\WINDOWS\hpgmdl17.dat.temp [2009/05/25 14:56:10 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\HP [2009/05/25 14:50:49 \| 00,116,974 \| ---- \| C] () -- C:\WINDOWS\hpoins11.dat.temp [2009/05/25 14:50:49 \| 00,011,634 \| ---- \| C] () -- C:\WINDOWS\hpomdl11.dat.temp [2009/05/25 13:52:19 \| 00,077,824 \| R--- \| C] () -- C:\WINDOWS\System32\HPZIDS01.dll [2009/05/25 13:18:40 \| 00,025,856 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbprint.sys [2009/05/25 13:18:40 \| 00,025,856 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbprint.sys [2009/04/18 16:58:23 \| 00,000,043 \| ---- \| C] () -- C:\WINDOWS\hpfccopy.INI [2008/12/18 20:01:23 \| 00,286,720 \| ---- \| C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2008/12/18 20:01:21 \| 00,581,632 \| ---- \| C] () -- C:\WINDOWS\System32\nvhwvid.dll [2008/12/18 20:01:21 \| 00,212,992 \| ---- \| C] () -- C:\WINDOWS\System32\nvapi.dll [2008/09/19 17:12:01 \| 00,000,000 \| ---- \| C] () -- C:\WINDOWS\iPlayer.INI [2008/09/18 00:55:00 \| 01,724,416 \| ---- \| C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2008/09/18 00:55:00 \| 01,503,232 \| ---- \| C] () -- C:\WINDOWS\System32\nview.dll [2008/09/18 00:55:00 \| 01,101,824 \| ---- \| C] () -- C:\WINDOWS\System32\nvwimg.dll [2008/09/18 00:55:00 \| 00,466,944 \| ---- \| C] () -- C:\WINDOWS\System32\nvshell.dll [2008/03/15 18:39:23 \| 00,363,520 \| ---- \| C] () -- C:\WINDOWS\System32\psisdecd.dll [2007/11/10 13:27:40 \| 00,000,000 \| ---- \| C] () -- C:\WINDOWS\NSREX.INI [2007/10/13 15:08:53 \| 00,003,072 \| ---- \| C] () -- C:\WINDOWS\CTXFIRES.DLL [2007/04/12 08:10:28 \| 00,105,728 \| ---- \| C] () -- C:\WINDOWS\System32\APOMgrH.dll [2007/04/09 12:55:14 \| 00,097,785 \| ---- \| C] () -- C:\WINDOWS\System32\instwdm.ini [2007/04/09 12:55:14 \| 00,000,054 \| ---- \| C] () -- C:\WINDOWS\System32\ctzapxx.ini [2007/04/09 12:33:50 \| 00,043,520 \| ---- \| C] () -- C:\WINDOWS\System32\CTBurst.dll [2007/04/09 12:32:58 \| 00,034,816 \| ---- \| C] ( ) -- C:\WINDOWS\System32\a3d.dll [2007/03/05 13:34:28 \| 00,676,224 \| ---- \| C] () -- C:\WINDOWS\System32\OGACheckControl.DLL [2007/02/12 22:21:28 \| 00,548,864 \| ---- \| C] () -- C:\WINDOWS\System32\hpgtg400.dll [2006/10/02 09:25:18 \| 00,000,307 \| ---- \| C] () -- C:\WINDOWS\System32\kill.ini [2006/08/01 21:40:17 \| 00,000,103 \| ---- \| C] () -- C:\WINDOWS\CTRec.INI [2005/08/20 21:39:06 \| 00,000,116 \| ---- \| C] () -- C:\WINDOWS\NeroDigital.ini [2005/07/16 15:57:06 \| 00,000,296 \| ---- \| C] () -- C:\WINDOWS\3Gsauron.INI [2005/07/16 15:53:30 \| 00,000,526 \| ---- \| C] () -- C:\WINDOWS\qzip.ini [2005/06/16 10:17:16 \| 00,071,680 \| ---- \| C] () -- C:\WINDOWS\System32\ctmmactl.dll [2005/04/13 18:39:08 \| 00,001,793 \| ---- \| C] () -- C:\WINDOWS\System32\fxsperf.ini [2004/12/09 19:50:47 \| 00,000,029 \| ---- \| C] () -- C:\WINDOWS\DEBUGSM.INI [2004/11/26 13:16:55 \| 00,000,173 \| ---- \| C] () -- C:\WINDOWS\KPCMS.INI [2004/11/26 13:16:46 \| 00,210,944 \| ---- \| C] () -- C:\WINDOWS\System32\MSVCRT10.DLL [2004/11/20 19:55:19 \| 00,001,168 \| ---- \| C] () -- C:\WINDOWS\Stars.ini [2004/11/20 18:04:20 \| 00,000,376 \| ---- \| C] () -- C:\WINDOWS\ODBC.INI [2004/11/20 17:19:59 \| 00,098,304 \| R--- \| C] () -- C:\WINDOWS\StiRegstEng.dll [2004/11/20 17:16:40 \| 00,000,111 \| ---- \| C] () -- C:\WINDOWS\EPSON Perfection 1670.ini [2004/11/20 17:00:43 \| 00,002,156 \| ---- \| C] () -- C:\WINDOWS\FONTSMRT.INI [2004/11/20 17:00:27 \| 00,000,415 \| ---- \| C] () -- C:\WINDOWS\prntname.ini [2004/11/20 16:58:53 \| 00,000,076 \| ---- \| C] () -- C:\WINDOWS\tmprn.ini [2004/11/20 15:46:16 \| 00,196,096 \| ---- \| C] () -- C:\WINDOWS\System32\MACD32.DLL [2004/11/20 15:46:16 \| 00,138,752 \| ---- \| C] () -- C:\WINDOWS\System32\MASE32.DLL [2004/11/20 15:46:16 \| 00,136,192 \| ---- \| C] () -- C:\WINDOWS\System32\MAMC32.DLL [2004/11/20 15:46:16 \| 00,057,856 \| ---- \| C] () -- C:\WINDOWS\System32\MASD32.DLL [2004/11/20 15:46:16 \| 00,027,648 \| ---- \| C] () -- C:\WINDOWS\System32\MA32.DLL [2004/11/20 15:12:38 \| 00,000,231 \| ---- \| C] () -- C:\WINDOWS\AC3API.INI [2004/11/20 15:11:49 \| 00,000,092 \| ---- \| C] () -- C:\WINDOWS\System32\editinf.ini [2004/11/20 15:11:27 \| 00,052,992 \| ---- \| C] () -- C:\WINDOWS\System32\UPDDRV9X.DLL [2004/11/20 15:11:24 \| 00,005,519 \| ---- \| C] () -- C:\WINDOWS\System32\ctucom.ini [2004/11/20 15:11:11 \| 00,000,317 \| ---- \| C] () -- C:\WINDOWS\SBWIN.INI [2004/11/20 14:58:14 \| 00,000,020 \| ---- \| C] () -- C:\WINDOWS\InfModM.ini [2004/11/20 14:56:37 \| 00,000,029 \| ---- \| C] () -- C:\WINDOWS\wgedit.ini [2002/09/03 09:00:00 \| 00,001,048 \| ---- \| C] () -- C:\WINDOWS\win.ini [2002/09/03 09:00:00 \| 00,000,231 \| ---- \| C] () -- C:\WINDOWS\system.ini [2001/07/07 03:00:00 \| 00,003,399 \| ---- \| C] () -- C:\WINDOWS\System32\hptcpmon.ini [1998/08/16 06:00:00 \| 00,004,096 \| ---- \| C] () -- C:\WINDOWS\System32\sysres.dll ========== Files - Modified Within 30 Days ========== [4 C:\WINDOWS\System32\.tmp files] [5 C:\WINDOWS\.tmp files] [2009/06/17 13:42:51 \| 00,058,822 \| ---- \| M] () -- C:\WINDOWS\System32\SKYNETlog.dat [2009/06/17 13:39:27 \| 00,000,062 \| -HS- \| M] () -- C:\Documents and Settings\Owner\Local Settings\desktop.ini [2009/06/17 13:36:48 \| 00,002,048 \| --S- \| M] () -- C:\WINDOWS\bootstat.dat [2009/06/17 11:48:06 \| 00,187,904 \| R--- \| M] (Soeperman Enterprises Ltd.) -- C:\Documents and Settings\Owner\Desktop\HijackThis.exe [2009/06/17 11:29:10 \| 03,026,777 \| R--- \| M] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe [2009/06/17 11:16:46 \| 00,170,711 \| R--- \| M] (Eric_71) -- C:\Documents and Settings\Owner\Desktop\Rooter.exe [2009/06/17 11:15:30 \| 00,501,760 \| R--- \| M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe [2009/06/16 20:23:47 \| 00,030,096 \| ---- \| M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000003-00000000-00000003-00001102-00000004-00581102}.rfx [2009/06/16 20:23:47 \| 00,030,096 \| ---- \| M] () -- C:\WINDOWS\System32\BMXState-{00000003-00000000-00000003-00001102-00000004-00581102}.rfx [2009/06/16 20:23:47 \| 00,027,240 \| ---- \| M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000003-00000000-00000003-00001102-00000004-00581102}.rfx [2009/06/16 20:23:47 \| 00,027,240 \| ---- \| M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000003-00000000-00000003-00001102-00000004-00581102}.rfx [2009/06/16 20:23:47 \| 00,011,564 \| ---- \| M] () -- C:\WINDOWS\System32\DVCState-{00000003-00000000-00000003-00001102-00000004-00581102}.rfx [2009/06/16 20:23:35 \| 00,000,006 \| -H-- \| M] () -- C:\WINDOWS\tasks\SA.DAT [2009/06/16 18:46:43 \| 37,160,237 \| ---- \| M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm [2009/06/16 18:46:43 \| 00,078,361 \| ---- \| M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg [2009/06/16 17:57:39 \| 00,000,000 \| ---- \| M] () -- C:\WINDOWS\System32\nvapps.xml [2009/06/16 17:57:22 \| 00,000,016 \| ---- \| M] () -- C:\WINDOWS\System32\magicpvt.dat [2009/06/16 17:56:55 \| 00,000,032 \| ---- \| M] () -- C:\WINDOWS\System32\driver.dat [2009/06/16 14:38:24 \| 00,002,206 \| ---- \| M] () -- C:\WINDOWS\System32\wpa.dbl [2009/06/14 15:59:38 \| 00,001,048 \| ---- \| M] () -- C:\WINDOWS\win.ini [2009/06/14 15:05:43 \| 00,000,596 \| ---- \| M] () -- C:\Documents and Settings\Owner\Desktop\Dclock.exe.lnk [2009/06/13 17:17:55 \| 00,301,232 \| ---- \| M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2009/06/13 17:14:49 \| 00,001,374 \| ---- \| M] () -- C:\WINDOWS\imsins.BAK [2009/06/13 17:14:27 \| 00,000,276 \| ---- \| M] () -- C:\WINDOWS\System32\MRT.INI [2009/06/13 16:51:24 \| 00,000,000 \| ---- \| M] () -- C:\Documents and Settings\All Users\Application Data\99389366.ini [2009/06/13 14:56:35 \| 00,000,800 \| ---- \| M] () -- C:\WINDOWS\hpinfo.lnk [2009/06/13 14:52:27 \| 00,001,791 \| ---- \| M] () -- C:\Documents and Settings\All Users\Desktop\HP Photosmart Essential.lnk [2009/06/07 17:23:12 \| 00,001,080 \| ---- \| M] () -- C:\WINDOWS\System32\settingsbkup.sfm [2009/06/07 17:23:12 \| 00,001,080 \| ---- \| M] () -- C:\WINDOWS\System32\settings.sfm [2009/06/06 16:23:09 \| 00,001,729 \| ---- \| M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk [2009/06/03 17:42:13 \| 00,000,649 \| -HS- \| M] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ChkDisk.lnk [2009/06/01 12:51:12 \| 23,635,392 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe [2009/05/27 20:55:47 \| 00,000,526 \| ---- \| M] () -- C:\WINDOWS\qzip.ini [2009/05/27 20:53:12 \| 08,461,312 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\System32\shell32.dll [2009/05/27 20:53:12 \| 08,461,312 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell32.dll [2009/05/27 13:26:50 \| 00,035,328 \| ---- \| M] () -- C:\Documents and Settings\Owner\My Documents\ChinaPaint Suppliers.doc [2009/05/26 22:20:08 \| 00,000,043 \| ---- \| M] () -- C:\WINDOWS\hpfccopy.INI [2009/05/26 22:17:36 \| 00,100,842 \| ---- \| M] () -- C:\WINDOWS\hpgins17.dat [2009/05/26 22:04:09 \| 00,000,000 \| ---- \| M] () -- C:\WINDOWS\hpqemlsz.INI [2009/05/26 22:03:29 \| 00,100,894 \| ---- \| M] () -- C:\WINDOWS\hpgins17.dat.temp [2009/05/26 22:01:24 \| 00,000,984 \| ---- \| M] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk [2009/05/25 13:51:44 \| 00,116,974 \| ---- \| M] () -- C:\WINDOWS\hpoins11.dat.temp [2009/05/21 22:14:12 \| 00,001,507 \| ---- \| M] () -- C:\Documents and Settings\Owner\Desktop\NOTEPAD.lnk ========== LOP Check ========== [2009/06/13 17:23:03 \| 00,000,000 \| RH-D \| M] -- C:\Documents and Settings\All Users\Application Data [2008/03/15 16:50:36 \| 00,000,000 \| -H-D \| M] -- C:\Documents and Settings\All Users\Application Data\{0E8E33D8-193A-414A-A909-0F101A142D26} [2008/10/20 15:33:56 \| 00,000,000 \| -H-D \| M] -- C:\Documents and Settings\All Users\Application Data\{C8EE221B-B5DA-4C2D-878A-57DAFBB8622E} [2009/04/25 13:26:38 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Adobe [2006/11/04 22:00:51 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer [2009/06/16 18:06:13 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\avg8 [2004/11/20 15:10:23 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Creative [2009/05/15 22:09:03 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\DriverCure [2007/12/12 22:39:03 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp [2009/04/25 15:37:21 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Google [2005/10/28 17:46:17 \| 00,000,000 \| -H-D \| M] -- C:\Documents and Settings\All Users\Application Data\GTek [2009/05/25 14:56:10 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\HP [2008/03/15 16:50:38 \| 00,000,000 \| --SD \| M] -- C:\Documents and Settings\All Users\Application Data\Microsoft [2008/06/17 17:19:02 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Motive [2009/03/17 18:57:53 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies [2007/12/12 22:26:30 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Nikon [2007/04/12 18:41:27 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\NVIDIA [2007/04/12 18:50:22 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\nView_Profiles [2007/03/28 21:43:32 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage [2005/01/09 22:37:46 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\QuickTime [2009/04/13 14:14:02 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Sonic [2006/10/08 13:22:45 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Symantec [2007/06/30 14:02:03 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Trymedia [2007/12/12 22:39:03 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15 [2005/08/19 17:54:27 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage [2009/06/14 15:06:01 \| 00,000,000 \| RH-D \| M] -- C:\Documents and Settings\Owner\Application Data [2009/03/29 19:27:05 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Owner\Application Data\Adobe [2007/03/03 13:38:22 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Owner\Application Data\AdobeUM [2005/08/20 22:42:34 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Owner\Application Data\Ahead [2006/11/04 22:36:03 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Owner\Application Data\Apple Computer [2004/11/20 17:45:10 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Owner\Application Data\ArcSoft [2009/05/09 12:01:35 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Owner\Application Data\AVGTOOLBAR [2007/10/13 15:09:58 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Owner\Application Data\Creative [2007/11/23 13:45:39 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Owner\Application Data\DivX [2009/05/15 21:55:35 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Owner\Application Data\DriverCure [2004/11/21 21:29:36 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Owner\Application Data\EPSON [2005/06/24 23:41:03 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Owner\Application Data\FotoFinish [2009/03/29 22:04:23 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Owner\Application Data\Free Download Manager [2005/12/31 12:49:00 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Owner\Application Data\FUJIFILM [2009/06/14 15:06:01 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Owner\Application Data\Help [2009/05/25 15:11:04 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Owner\Application Data\HP [2004/11/20 13:49:46 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Owner\Application Data\Identities [2009/06/13 14:52:36 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Owner\Application Data\Image Zone Express [2007/12/25 14:40:31 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Owner\Application Data\InstallShield [2004/11/22 00:15:24 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Owner\Application Data\InterVideo [2004/11/20 17:21:29 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Owner\Application Data\Leadertech [2009/05/15 22:33:21 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Owner\Application Data\licenses [2005/05/15 18:40:19 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Owner\Application Data\Logitech [2006/09/02 12:20:40 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Owner\Application Data\Macromedia [2009/03/29 16:55:38 \| 00,000,000 \| --SD \| M] -- C:\Documents and Settings\Owner\Application Data\Microsoft [2008/06/17 17:39:54 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Owner\Application Data\Motive [2009/05/09 12:03:36 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Owner\Application Data\Mozilla [2009/03/17 18:57:58 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Owner\Application Data\muvee Technologies [2007/12/12 22:26:48 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Owner\Application Data\Nikon [2009/05/15 22:33:17 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Owner\Application Data\PCMM2009 [2009/06/13 14:52:36 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Owner\Application Data\Printer Info Cache [2007/03/04 13:01:22 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Owner\Application Data\Real [2004/12/01 22:54:26 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Owner\Application Data\Roxio [2005/08/20 17:09:48 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Owner\Application Data\Simple Star [2004/11/24 23:11:31 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Owner\Application Data\SmartDraw [2008/06/19 23:32:51 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Owner\Application Data\Sun [2008/06/05 17:41:55 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Owner\Application Data\U3 [2002/09/03 09:00:00 \| 00,000,065 \| RH-- \| M] () -- C:\WINDOWS\Tasks\desktop.ini [2009/06/16 20:23:35 \| 00,000,006 \| -H-- \| M] () -- C:\WINDOWS\Tasks\SA.DAT ========== Purity Check ========== < End of report >

DUTCH8888 View Member Profile	Jun 17 2009, 12:37 PM Post #3
Member Posts: 14 OS: XP SP3	And here is the Rooter text: Rooter.exe (v1.0.1) by Eric_71 � Microsoft Windows XP Home Edition (5.1.2600) Service Pack 3 32_bits - x86 Family 15 Model 2 Stepping 7, GenuineIntel � A:\ [Removable] C:\ [Fixed-NTFS] .. ( Total:74 Go - Free:48 Go ) D:\ [Fixed-FAT32] .. ( Total:19 Go - Free:8 Go ) E:\ [CD_Rom] F:\ [CD_Rom] Z:\ [CD_Rom] � Scan : 14:40.19 Path : C:\Documents and Settings\Owner\Desktop\Rooter.exe User : Owner ( Administrator -> YES ) � ----------------------\\ Processes � Locked [System Process] (0) ______ System (4) ______ \SystemRoot\System32\smss.exe (696) ______ \??\C:\WINDOWS\system32\csrss.exe (756) ______ \??\C:\WINDOWS\system32\winlogon.exe (780) ______ C:\WINDOWS\system32\services.exe (828) ______ C:\WINDOWS\system32\lsass.exe (840) ______ C:\WINDOWS\system32\svchost.exe (1000) ______ C:\WINDOWS\system32\svchost.exe (1112) ______ C:\WINDOWS\System32\svchost.exe (1288) ______ C:\WINDOWS\System32\svchost.exe (1416) ______ C:\WINDOWS\System32\svchost.exe (1512) ______ C:\WINDOWS\Explorer.EXE (628) ______ C:\Program Files\Mozilla Firefox\firefox.exe (1776) ______ C:\WINDOWS\system32\wbem\wmiprvse.exe (1036) ______ C:\Documents and Settings\Owner\Desktop\Rooter.exe (1188) � ----------------------\\ Device\Harddisk0\ � \Device\Harddisk0 [Sectors : 63 x 512 Bytes] � \Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:32256 \| Length:80023716864) � ----------------------\\ Scheduled Tasks � C:\WINDOWS\Tasks\desktop.ini C:\WINDOWS\Tasks\SA.DAT � ----------------------\\ Registry � � ----------------------\\ Files & Folders � C:\WINDOWS\system32\SKYNETlog.dat ==> ROOTKIT Tibs <== � ----------------------\\ Scan completed at 14:40.35 � C:\Rooter$\Rooter_1.txt - (17/06/2009 \| 14:40.35)

heir View Member Profile	Jun 21 2009, 02:15 AM Post #4
Trusted Helper Posts: 3,384 From: Sweden OS: Windows XP SP3	Hello DUTCH8888 ! Welcome to the site! My nickname is heir and I'll be helping clean up your computer. Before we proceed to clean your computer from malware, let's go over some points that will help both me and you, and prevent causing damage to your computer: To make sure that you receive an email when I reply to this topic, please click here and check that this topic is listed under Malware Removal and Spyware Removal. Please don't be afraid to ask questions! No question is considered dumb here. It's better to be safe than sorry! When posting logs, please ensure Wordwrap is turned off in Notepad (to check, open Notepad in the menubar click on Format and make sure that Word Wrap is unchecked) Please follow the steps exactly in the same order posted. If you can't perform a certain step, or you're unsure on what to do, please stop and let me know. NEVER fix anything in HijackThis or other programs on your own! This can be very dangerous and cause harm to your system. If you see a certain entry or program you're unsure about, please don't hesitate to ask! Make sure you reply to this thread using the Add Reply button: Please read my posts completely before following the instructions. It may be easier for you if you copy and paste a post to a new text document or print it for reference later. This is required when you won't have access to Internet. To answer your question in the waiting room. Yes the instructions are tailored for every user that gets help removing malware. Let's get started then. Step 1. ComboFix: Download ComboFix from one of these locations: Link 1 Link 2 Link 3 * IMPORTANT !!! Save ComboFix.exe to your Desktop Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools Double click on ComboFix.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes, to continue scanning for malware. When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply. Step 2. Lop S&D: Disable resident protections (Antivirus...); you'll re-enable them after the scan Download Lop S&D < here and save it to the desktop Double-click Lop S&D.exe Choose the language, then choose Option 1** (Search) Wait till the end of the scan Post the log which is created: (%SystemDrive%\lopR.txt) Step 3. OTL: There is a new version of OTL. Please delete OTL.exe from your desktop. Download OTL to your desktop. Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. When the window appears, underneath Output at the top change it to Minimal Output. Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long. When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in. Step 4. Things I would like to see in your reply: The content of C:\ComboFix.txt from step 1. The content of C:\lopR.txt from step 2. The content of OTL.txt and Extras.txt from step 3.

DUTCH8888 View Member Profile	Jun 21 2009, 01:47 PM Post #5
Member Posts: 14 OS: XP SP3	Hello Heir, thank you so much for taking the time to help with my virus problem. I followed the instructions but had a few snags, after running Combofix, it completed over 50 stages and did 3 system restarts, it also deleted 7 files, Kungsfduycwbwi.sys Kungsfxjipjqpx.dll Kungsfmvjhfvme.dat Kungsftlxakiqp.dat Kungsfukjbowld.dll one with "skynet" in it but went to quick to note down one with "srvr" in it but went to quick to note it down After the last time Combofix restarted the system it came up "normal" but no combofix.txt was created, I waited a long time but nothing further seemed to be happening. When I tried to search the system using "SEARCH" each time I directed the search to the root directory it would reset the explorer and repaint the screen and no search was performed. When searching with the explorer I found no Combofix.txt file. I restarted the system to make sure Combofix had completed and then tried search again, this time it did no longer reset the sytem explorer but still found no Combofix.txt. I continued the remaining steps and had another snag when OTL only created OTL.txt but did not leave a Extras.txt anywhere. Here is the LopR.txt --------------------\\ Lop S&D 4.2.5-0 XP/Vista "C:\Lop SD" ( MAJ : 19-12-2008\|23:40 ) Option : [1] ( Sun 06/21/2009\|15:18 ) --------------------\\ Listing folders in APPLIC~1 [08/20/2005\|06:04] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Ahead [08/20/2005\|06:04] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Microsoft [03/29/2009\|05:41] C:\DOCUME~1\ADMINI~1.B-T\APPLIC~1\<DIR> Microsoft [03/15/2008\|04:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> {0E8E33D8-193A-414A-A909-0F101A142D26} [10/20/2008\|03:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> {C8EE221B-B5DA-4C2D-878A-57DAFBB8622E} [04/25/2009\|01:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe [11/04/2006\|10:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer [06/17/2009\|02:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> avg8 [11/20/2004\|03:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Creative [05/15/2009\|10:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> DriverCure [12/12/2007\|10:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> EnterNHelp [04/25/2009\|03:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Google [10/28/2005\|05:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> GTek [05/25/2009\|02:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> HP [06/17/2009\|10:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> McAfee [03/15/2008\|04:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft [06/17/2008\|05:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Motive [03/17/2009\|06:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> muvee Technologies [12/12/2007\|10:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Nikon [04/12/2007\|06:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> NVIDIA [04/12/2007\|06:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> nView_Profiles [03/28/2007\|09:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Office Genuine Advantage [01/09/2005\|10:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> QuickTime [06/17/2009\|10:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SiteAdvisor [04/13/2009\|02:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Sonic [10/08/2006\|01:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Symantec [06/30/2007\|02:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Trymedia [12/12/2007\|10:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Ultima_T15 [08/19/2005\|05:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage [11/20/2004\|01:40] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft [09/02/2006\|12:51] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Adobe [11/03/2007\|01:42] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> DivX [03/28/2008\|08:05] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Google [04/25/2009\|02:55] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft [03/28/2008\|08:05] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Real [06/17/2009\|10:39] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> SACore [03/29/2009\|05:41] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft [03/29/2009\|07:27] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Adobe [03/03/2007\|01:38] C:\DOCUME~1\Owner\APPLIC~1\<DIR> AdobeUM [08/20/2005\|10:42] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Ahead [11/04/2006\|10:36] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Apple Computer [11/20/2004\|05:45] C:\DOCUME~1\Owner\APPLIC~1\<DIR> ArcSoft [05/09/2009\|12:01] C:\DOCUME~1\Owner\APPLIC~1\<DIR> AVGTOOLBAR [10/13/2007\|03:09] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Creative [11/23/2007\|01:45] C:\DOCUME~1\Owner\APPLIC~1\<DIR> DivX [05/15/2009\|09:55] C:\DOCUME~1\Owner\APPLIC~1\<DIR> DriverCure [11/21/2004\|09:29] C:\DOCUME~1\Owner\APPLIC~1\<DIR> EPSON [06/24/2005\|11:41] C:\DOCUME~1\Owner\APPLIC~1\<DIR> FotoFinish [03/29/2009\|10:04] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Free Download Manager [12/31/2005\|12:49] C:\DOCUME~1\Owner\APPLIC~1\<DIR> FUJIFILM [06/14/2009\|03:06] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Help [05/25/2009\|03:11] C:\DOCUME~1\Owner\APPLIC~1\<DIR> HP [11/20/2004\|01:49] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Identities [06/13/2009\|02:52] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Image Zone Express [12/25/2007\|02:40] C:\DOCUME~1\Owner\APPLIC~1\<DIR> InstallShield [11/22/2004\|12:15] C:\DOCUME~1\Owner\APPLIC~1\<DIR> InterVideo [11/20/2004\|05:21] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Leadertech [05/15/2009\|10:33] C:\DOCUME~1\Owner\APPLIC~1\<DIR> licenses [05/15/2005\|06:40] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Logitech [09/02/2006\|12:20] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Macromedia [03/29/2009\|04:55] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Microsoft [06/17/2008\|05:39] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Motive [05/09/2009\|12:03] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Mozilla [03/17/2009\|06:57] C:\DOCUME~1\Owner\APPLIC~1\<DIR> muvee Technologies [12/12/2007\|10:26] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Nikon [05/15/2009\|10:33] C:\DOCUME~1\Owner\APPLIC~1\<DIR> PCMM2009 [06/13/2009\|02:52] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Printer Info Cache [03/04/2007\|01:01] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Real [12/01/2004\|10:54] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Roxio [08/20/2005\|05:09] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Simple Star [11/24/2004\|11:11] C:\DOCUME~1\Owner\APPLIC~1\<DIR> SmartDraw [06/19/2008\|11:32] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Sun [06/05/2008\|05:41] C:\DOCUME~1\Owner\APPLIC~1\<DIR> U3 --------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks [06/21/2009 03:03 PM][--ah-----] C:\WINDOWS\tasks\SA.DAT [09/03/2002 09:00 AM][-r-h-----] C:\WINDOWS\tasks\desktop.ini --------------------\\ Listing Folders in C:\Program Files [11/20/2004\|05:19] C:\Program Files\<DIR> ABBYY FineReader 5.0 Sprint [04/25/2009\|01:26] C:\Program Files\<DIR> Adobe [04/28/2007\|11:45] C:\Program Files\<DIR> Ahead [11/20/2004\|05:20] C:\Program Files\<DIR> ArcSoft [03/29/2009\|05:43] C:\Program Files\<DIR> AVG [08/06/2005\|05:26] C:\Program Files\<DIR> CD-DA X-Tractor [06/14/2009\|03:06] C:\Program Files\<DIR> Clock [06/21/2009\|02:18] C:\Program Files\<DIR> Common Files [10/13/2007\|03:12] C:\Program Files\<DIR> Creative [03/20/2007\|11:37] C:\Program Files\<DIR> DIFX [04/25/2009\|03:03] C:\Program Files\<DIR> DivX [11/20/2004\|03:31] C:\Program Files\<DIR> DVD [09/28/2008\|03:58] C:\Program Files\<DIR> FDM [12/31/2005\|12:45] C:\Program Files\<DIR> FinePixViewer [12/18/2004\|02:18] C:\Program Files\<DIR> FotoFinish [09/18/2007\|08:51] C:\Program Files\<DIR> frhed [01/06/2008\|04:13] C:\Program Files\<DIR> FURY [12/02/2005\|07:20] C:\Program Files\<DIR> Gateway [04/25/2009\|03:37] C:\Program Files\<DIR> Google [04/29/2007\|01:51] C:\Program Files\<DIR> Grisoft [06/13/2009\|02:55] C:\Program Files\<DIR> Hewlett-Packard [05/26/2009\|10:17] C:\Program Files\<DIR> HP [06/13/2009\|02:56] C:\Program Files\<DIR> hp deskjet 930c series [05/26/2009\|09:24] C:\Program Files\<DIR> InstallShield Installation Information [11/20/2004\|02:16] C:\Program Files\<DIR> Intel [06/13/2009\|05:15] C:\Program Files\<DIR> Internet Explorer [01/14/2006\|01:32] C:\Program Files\<DIR> InternetShield [11/26/2004\|03:58] C:\Program Files\<DIR> Interplay [09/30/2006\|10:58] C:\Program Files\<DIR> iolo [11/04/2006\|09:59] C:\Program Files\<DIR> iPod [02/24/2008\|02:04] C:\Program Files\<DIR> IrfanView [04/25/2009\|03:14] C:\Program Files\<DIR> iTunes [06/19/2008\|11:32] C:\Program Files\<DIR> Java [11/21/2004\|10:16] C:\Program Files\<DIR> Jetico [11/20/2004\|07:29] C:\Program Files\<DIR> Lavasoft [05/15/2005\|06:38] C:\Program Files\<DIR> Logitech [05/14/2008\|07:00] C:\Program Files\<DIR> MagicRotation [06/10/2008\|03:32] C:\Program Files\<DIR> MagicTune Premium [06/18/2009\|06:17] C:\Program Files\<DIR> McAfee [11/20/2004\|06:03] C:\Program Files\<DIR> Microsoft ActiveSync [03/29/2009\|06:11] C:\Program Files\<DIR> Microsoft CAPICOM 2.1.0.2 [11/20/2004\|01:41] C:\Program Files\<DIR> microsoft frontpage [11/10/2007\|01:26] C:\Program Files\<DIR> Microsoft Office [05/09/2009\|12:21] C:\Program Files\<DIR> Microsoft Silverlight [11/20/2004\|06:02] C:\Program Files\<DIR> Microsoft Visual Studio [11/20/2004\|02:18] C:\Program Files\<DIR> Microsoft Works [03/29/2009\|05:30] C:\Program Files\<DIR> Movie Maker [06/21/2009\|01:32] C:\Program Files\<DIR> Mozilla Firefox [03/29/2009\|06:33] C:\Program Files\<DIR> MSBuild [03/29/2009\|05:30] C:\Program Files\<DIR> msn [11/20/2004\|01:37] C:\Program Files\<DIR> MSN Gaming Zone [05/15/2005\|07:35] C:\Program Files\<DIR> MUSICMATCH [08/07/2008\|06:39] C:\Program Files\<DIR> NAVIGON [03/29/2009\|05:28] C:\Program Files\<DIR> NetMeeting [11/20/2004\|05:19] C:\Program Files\<DIR> NewSoft [12/12/2007\|10:25] C:\Program Files\<DIR> Nikon [09/17/2006\|12:42] C:\Program Files\<DIR> OfficeUpdate11 [04/25/2009\|03:00] C:\Program Files\<DIR> Orban [09/18/2007\|08:55] C:\Program Files\<DIR> Osborn Software [03/29/2009\|05:28] C:\Program Files\<DIR> Outlook Express [11/20/2004\|02:45] C:\Program Files\<DIR> pc-doctor for windows [04/04/2009\|03:27] C:\Program Files\<DIR> PhoneTools [11/20/2004\|03:47] C:\Program Files\<DIR> Pinnacle [11/04/2006\|10:03] C:\Program Files\<DIR> QuickTime [07/16/2005\|03:56] C:\Program Files\<DIR> QuickZip [01/26/2008\|04:37] C:\Program Files\<DIR> Real [03/29/2009\|06:33] C:\Program Files\<DIR> Reference Assemblies [12/18/2004\|03:00] C:\Program Files\<DIR> RegCleaner [12/31/2005\|12:44] C:\Program Files\<DIR> REGSHAVE [05/09/2008\|03:50] C:\Program Files\<DIR> SEC [11/04/2006\|11:04] C:\Program Files\<DIR> Share2 [05/26/2009\|09:24] C:\Program Files\<DIR> Smart Panel [12/30/2007\|06:57] C:\Program Files\<DIR> SystemRequirementsLab [10/06/2007\|08:29] C:\Program Files\<DIR> The Rosetta Stone [01/15/2005\|02:34] C:\Program Files\<DIR> Uninstall Information [06/17/2008\|05:21] C:\Program Files\<DIR> Verizon [06/09/2007\|02:46] C:\Program Files\<DIR> Virtools [01/02/2006\|03:31] C:\Program Files\<DIR> VirtualCD [12/25/2007\|02:40] C:\Program Files\<DIR> VTech [04/25/2009\|02:50] C:\Program Files\<DIR> Windows Media Connect 2 [04/25/2009\|02:51] C:\Program Files\<DIR> Windows Media Player [03/29/2009\|05:28] C:\Program Files\<DIR> Windows NT [04/28/2007\|11:00] C:\Program Files\<DIR> Windows Resource Kits [11/20/2004\|04:36] C:\Program Files\<DIR> WindowsUpdate [11/20/2004\|01:41] C:\Program Files\<DIR> xerox --------------------\\ Listing Folders in C:\Program Files\Common Files [09/30/2006\|12:51] C:\Program Files\Common Files\<DIR> Adaptec Shared [04/25/2009\|01:26] C:\Program Files\Common Files\<DIR> Adobe [08/20/2005\|08:58] C:\Program Files\Common Files\<DIR> Ahead [11/20/2004\|06:02] C:\Program Files\Common Files\<DIR> Designer [04/25/2009\|03:03] C:\Program Files\Common Files\<DIR> DivX Shared [06/14/2006\|06:20] C:\Program Files\Common Files\<DIR> Download Manager [11/20/2004\|03:47] C:\Program Files\Common Files\<DIR> Fellowes [04/13/2009\|02:10] C:\Program Files\Common Files\<DIR> Hewlett-Packard [06/13/2009\|02:52] C:\Program Files\Common Files\<DIR> HP [01/09/2005\|10:29] C:\Program Files\Common Files\<DIR> InstallShield [06/19/2008\|11:31] C:\Program Files\Common Files\<DIR> Java [11/20/2004\|06:01] C:\Program Files\Common Files\<DIR> L&H [11/20/2004\|02:21] C:\Program Files\Common Files\<DIR> Lanovation [05/15/2005\|06:38] C:\Program Files\Common Files\<DIR> Logitech [06/17/2009\|10:37] C:\Program Files\Common Files\<DIR> McAfee [03/29/2009\|05:43] C:\Program Files\Common Files\<DIR> Microsoft Shared [06/17/2008\|05:19] C:\Program Files\Common Files\<DIR> Motive [11/20/2004\|01:39] C:\Program Files\Common Files\<DIR> MSSoap [12/12/2007\|10:26] C:\Program Files\Common Files\<DIR> muvee Technologies [12/12/2007\|10:26] C:\Program Files\Common Files\<DIR> Nikon [11/20/2004\|07:29] C:\Program Files\Common Files\<DIR> ODBC [08/19/2005\|07:37] C:\Program Files\Common Files\<DIR> OverDrive Shared [03/20/2007\|11:57] C:\Program Files\Common Files\<DIR> Pure Networks Shared [04/25/2009\|03:30] C:\Program Files\Common Files\<DIR> Real [11/20/2004\|01:39] C:\Program Files\Common Files\<DIR> Services [11/20/2004\|07:29] C:\Program Files\Common Files\<DIR> SpeechEngines [03/29/2009\|05:28] C:\Program Files\Common Files\<DIR> System [11/24/2004\|09:52] C:\Program Files\Common Files\<DIR> Vbox [10/15/2006\|10:33] C:\Program Files\Common Files\<DIR> Wise Installation Wizard [04/25/2009\|03:30] C:\Program Files\Common Files\<DIR> xing shared --------------------\\ Process ( 38 Processes ) ... OK ! --------------------\\ Searching with S_Lop No Lop folder found ! --------------------\\ Searching for Lop Files - Folders No Lop folder found ! --------------------\\ Searching within the Registry ..... OK ! --------------------\\ Checking the Hosts file Hosts file CLEAN --------------------\\ Searching for hidden files with Catchme catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-21 15:19:42 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden files: 0 --------------------\\ Searching for other infections No other infections found ! [F:35][D:18]-> C:\DOCUME~1\Owner\LOCALS~1\Temp [F:83][D:0]-> C:\DOCUME~1\Owner\Cookies [F:6][D:4]-> C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\content.IE5 1 - "C:\Lop SD\LopR_1.txt" - Sun 06/21/2009\|15:20 - Option : [1] --------------------\\ Scan completed at 15:20:40 and the OLT.txt OTL logfile created on: 6/21/2009 3:31:38 PM - Run 3 OTL by OldTimer - Version 3.0.2.0 Folder = C:\Documents and Settings\Owner\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 \| Country: United States \| Language: ENU \| Date Format: M/d/yyyy 1022.80 Mb Total Physical Memory \| 562.61 Mb Available Physical Memory \| 55.01% Memory free 2.86 Gb Paging File \| 2.56 Gb Available in Paging File \| 89.44% Paging File free Paging file location(s): C:\pagefile.sys 2000 4096 [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\WINDOWS \| %ProgramFiles% = C:\Program Files Drive C: \| 74.53 Gb Total Space \| 48.51 Gb Free Space \| 65.08% Space Free \| Partition Type: NTFS Drive D: \| 19.07 Gb Total Space \| 8.66 Gb Free Space \| 45.39% Space Free \| Partition Type: FAT32 E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: B-TOP Current User Name: Owner Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Program Files\Ahead\InCD\InCDsrv.exe (Ahead Software AG) PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation) PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\WINDOWS\System32\CTsvcCDA.exe (Creative Technology Ltd) PRC - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe () PRC - C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation) PRC - C:\WINDOWS\System32\HPZipm12.exe (HP) PRC - C:\WINDOWS\System32\tcpsvcs.exe (Microsoft Corporation) PRC - C:\WINDOWS\System32\snmp.exe (Microsoft Corporation) PRC - C:\WINDOWS\System32\MsPMSPSv.exe (Microsoft Corporation) PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\WINDOWS\GWMDMMSG.exe (GTW) PRC - C:\Program Files\VirtualCD\HvcdUI.exe (Circle of One Software) PRC - C:\Program Files\Ahead\InCD\InCD.exe (Ahead Software AG) PRC - C:\WINDOWS\System32\wscntfy.exe (Microsoft Corporation) PRC - C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) PRC - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Development Company, L.P.) PRC - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools) ========== Win32 Services (SafeList) ========== SRV - (aspnet_state [On_Demand \| Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation) SRV - (avg8wd [Auto \| Running]) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (clr_optimization_v2.0.50727_32 [On_Demand \| Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (Creative Service for CDROM Access [Auto \| Running]) -- C:\WINDOWS\System32\CTsvcCDA.exe (Creative Technology Ltd) SRV - (FontCache3.0.0.0 [On_Demand \| Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) SRV - (gusvc [On_Demand \| Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google) SRV - (helpsvc [Auto \| Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation) SRV - (IDriverT [On_Demand \| Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (idsvc [Unknown \| Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation) SRV - (InCDsrv [Auto \| Running]) -- C:\Program Files\Ahead\InCD\InCDsrv.exe (Ahead Software AG) SRV - (iPodService [On_Demand \| Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Computer, Inc.) SRV - (LPDSVC [On_Demand \| Stopped]) -- C:\WINDOWS\System32\tcpsvcs.exe (Microsoft Corporation) SRV - (McAfee SiteAdvisor Service [Auto \| Running]) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe () SRV - (MDM [On_Demand \| Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation) SRV - (NetSvc [On_Demand \| Stopped]) -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe (Intel® Corporation) SRV - (NetTcpPortSharing [Disabled \| Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation) SRV - (nmraapache [On_Demand \| Stopped]) -- File not found SRV - (nmservice [Auto \| Stopped]) -- File not found SRV - (NVSvc [Auto \| Running]) -- C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation) SRV - (PictureTaker [On_Demand \| Stopped]) -- C:\WINDOWS\System32\PCTKRNT.SYS (LANovation) SRV - (Pml Driver HPZ12 [Unknown \| Running]) -- C:\WINDOWS\System32\HPZipm12.exe (HP) SRV - (PrismXL [On_Demand \| Stopped]) -- C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS (Lanovation) SRV - (SimpTcp [Auto \| Running]) -- C:\WINDOWS\System32\tcpsvcs.exe (Microsoft Corporation) SRV - (SNMP [Auto \| Running]) -- C:\WINDOWS\System32\snmp.exe (Microsoft Corporation) SRV - (WMDM PMSP Service [Auto \| Running]) -- C:\WINDOWS\System32\MsPMSPSv.exe (Microsoft Corporation) SRV - (WMPNetworkSvc [On_Demand \| Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (ASAPIW2k [On_Demand \| Running]) -- C:\WINDOWS\System32\drivers\ASAPIW2k.sys (VOB Computersysteme GmbH) DRV - (ASPI32 [System \| Running]) -- C:\WINDOWS\System32\drivers\ASPI32.SYS (Adaptec) DRV - (AvgLdx86 [System \| Running]) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.) DRV - (AvgMfx86 [System \| Running]) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.) DRV - (AvgTdiX [System \| Running]) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.) DRV - (BCMModem [On_Demand \| Stopped]) -- C:\WINDOWS\System32\DRIVERS\BCMDM.sys (BCM) DRV - (COMMONFX.DLL [On_Demand \| Running]) -- C:\WINDOWS\System32\COMMONFX.DLL (Creative Technology Ltd) DRV - (CT20XUT.DLL [On_Demand \| Stopped]) -- C:\WINDOWS\System32\CT20XUT.DLL (Creative Technology Ltd.) DRV - (ctac32k [On_Demand \| Running]) -- C:\WINDOWS\System32\drivers\ctac32k.sys (Creative Technology Ltd) DRV - (ctaud2k [On_Demand \| Running]) -- C:\WINDOWS\System32\drivers\ctaud2k.sys (Creative Technology Ltd) DRV - (CTAUDFX.DLL [On_Demand \| Running]) -- C:\WINDOWS\System32\CTAUDFX.DLL (Creative Technology Ltd) DRV - (ctdvda2k [On_Demand \| Stopped]) -- C:\WINDOWS\System32\drivers\ctdvda2k.sys (Creative Technology Ltd) DRV - (CTEAPSFX.DLL [On_Demand \| Stopped]) -- C:\WINDOWS\System32\CTEAPSFX.DLL (Creative Technology Ltd) DRV - (CTEDSPFX.DLL [On_Demand \| Stopped]) -- C:\WINDOWS\System32\CTEDSPFX.DLL (Creative Technology Ltd) DRV - (CTEDSPIO.DLL [On_Demand \| Stopped]) -- C:\WINDOWS\System32\CTEDSPIO.DLL (Creative Technology Ltd) DRV - (CTEDSPSY.DLL [On_Demand \| Stopped]) -- C:\WINDOWS\System32\CTEDSPSY.DLL (Creative Technology Ltd) DRV - (CTERFXFX.DLL [On_Demand \| Stopped]) -- C:\WINDOWS\System32\CTERFXFX.DLL (Creative Technology Ltd) DRV - (CTEXFIFX.DLL [On_Demand \| Stopped]) -- C:\WINDOWS\System32\CTEXFIFX.DLL (Creative Technology Ltd.) DRV - (CTHWIUT.DLL [On_Demand \| Stopped]) -- C:\WINDOWS\System32\CTHWIUT.DLL (Creative Technology Ltd.) DRV - (ctprxy2k [On_Demand \| Running]) -- C:\WINDOWS\System32\drivers\ctprxy2k.sys (Creative Technology Ltd) DRV - (CTSBLFX.DLL [On_Demand \| Running]) -- C:\WINDOWS\System32\CTSBLFX.DLL (Creative Technology Ltd) DRV - (ctsfm2k [On_Demand \| Running]) -- C:\WINDOWS\System32\drivers\ctsfm2k.sys (Creative Technology Ltd) DRV - (DCamUSBSQTECH [On_Demand \| Stopped]) -- C:\WINDOWS\System32\Drivers\SQcaptur.sys (Service & Quality Technology.) DRV - (E1000 [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\e1000325.sys (Intel Corporation) DRV - (emupia [On_Demand \| Running]) -- C:\WINDOWS\System32\drivers\emupia2k.sys (Creative Technology Ltd) DRV - (GEARAspiWDM [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.) DRV - (GTWModem [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\GWMDM.sys (GTW) DRV - (ha10kx2k [On_Demand \| Running]) -- C:\WINDOWS\System32\drivers\ha10kx2k.sys (Creative Technology Ltd) DRV - (hap16v2k [On_Demand \| Stopped]) -- C:\WINDOWS\System32\drivers\hap16v2k.sys (Creative Technology Ltd) DRV - (hap17v2k [On_Demand \| Stopped]) -- C:\WINDOWS\System32\drivers\hap17v2k.sys (Creative Technology Ltd) DRV - (HekkoVirtualCD [System \| Running]) -- C:\WINDOWS\System32\Drivers\hvcd.sys (Circle of One Software) DRV - (HPZid412 [On_Demand \| Stopped]) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys (HP) DRV - (HPZipr12 [On_Demand \| Stopped]) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys (HP) DRV - (HPZius12 [On_Demand \| Stopped]) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys (HP) DRV - (InCDfs [Disabled \| Running]) -- C:\WINDOWS\System32\drivers\InCDfs.sys (Ahead Software AG) DRV - (InCDPass [System \| Running]) -- C:\WINDOWS\System32\DRIVERS\InCDPass.sys (Ahead Software AG) DRV - (incdrm [System \| Running]) -- C:\WINDOWS\System32\drivers\InCDrm.sys (Ahead Software AG) DRV - (LHidKe [On_Demand \| Stopped]) -- C:\WINDOWS\System32\DRIVERS\LHidKE.Sys (Logitech, Inc.) DRV - (LHidUsbK [On_Demand \| Stopped]) -- C:\WINDOWS\System32\Drivers\LHidUsbK.Sys (Logitech, Inc.) DRV - (LMouKE [On_Demand \| Stopped]) -- C:\WINDOWS\System32\DRIVERS\LMouKE.Sys (Logitech, Inc.) DRV - (lne100v5 [On_Demand \| Stopped]) -- C:\WINDOWS\System32\DRIVERS\lne100v5.sys (LinkSys Group Inc.) DRV - (magicpvt [System \| Running]) -- C:\WINDOWS\System32\drivers\magicpvt.sys (Samsung Electronics, Inc.) DRV - (MODEMCSA [On_Demand \| Running]) -- C:\WINDOWS\System32\drivers\MODEMCSA.sys (Microsoft Corporation) DRV - (MREMPR5 [On_Demand \| Stopped]) -- C:\Program Files\Common Files\Motive\MREMPR5.sys (Motive, Inc.) DRV - (MRENDIS5 [On_Demand \| Stopped]) -- C:\Program Files\Common Files\Motive\MRENDIS5.sys (Motive, Inc.) DRV - (nv [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation) DRV - (ossrv [On_Demand \| Running]) -- C:\WINDOWS\System32\drivers\ctoss2k.sys (Creative Technology Ltd.) DRV - (PcdrNt [On_Demand \| Stopped]) -- C:\WINDOWS\System32\drivers\PcdrNt.sys (PC-Doctor Inc.) DRV - (Pfc [On_Demand \| Running]) -- C:\WINDOWS\System32\drivers\pfc.sys (Padus, Inc.) DRV - (pnarp [Auto \| Running]) -- C:\WINDOWS\System32\DRIVERS\pnarp.sys (Pure Networks, Inc.) DRV - (Ptilink [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.) DRV - (purendis [Auto \| Running]) -- C:\WINDOWS\System32\DRIVERS\purendis.sys (Pure Networks, Inc.) DRV - (ROOTMODEM [On_Demand \| Running]) -- C:\WINDOWS\System32\Drivers\RootMdm.sys (Microsoft Corporation) DRV - (Secdrv [On_Demand \| Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) DRV - (SNXPCARD [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\snxpcard.sys (Sunix) DRV - (SNXPPALX [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\snxppalx.sys (Sunix) DRV - (usbaudio [On_Demand \| Stopped]) -- C:\WINDOWS\System32\drivers\usbaudio.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "about:blank" FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:2.9 FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0 FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.3.3 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.11 FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/03/29 18:34:19 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/04/25 15:30:11 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2009/06/20 13:40:20 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/06/13 15:25:17 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/06/13 15:25:15 \| 00,000,000 \| ---D \| M] [2009/05/09 12:03:36 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Extensions [2009/05/09 12:03:36 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009/06/20 16:30:34 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\fk3012cr.default\extensions [2009/06/17 22:20:32 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\fk3012cr.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} [2009/05/09 12:03:14 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions [2009/06/13 15:25:15 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009/06/13 15:25:09 \| 00,023,032 \| ---- \| M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll [2009/06/13 15:25:09 \| 00,134,648 \| ---- \| M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll [2009/06/13 15:25:10 \| 00,065,528 \| ---- \| M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll [2009/04/23 20:39:08 \| 00,001,394 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml [2009/04/23 20:39:08 \| 00,002,193 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml [2009/04/23 20:39:08 \| 00,001,534 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml [2009/04/23 20:39:08 \| 00,002,343 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml [2009/04/23 20:39:08 \| 00,001,706 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml [2009/04/23 20:39:08 \| 00,001,178 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml [2009/04/23 20:39:08 \| 00,000,792 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (AVG Security Toolbar) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll () O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.) O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\FDM\iefdm2.dll () O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll () O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG Technologies CZ, s.r.o.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [19379374] C:\Documents and Settings\All Users\Application Data\19379374\19379374.exe File not found O4 - HKLM..\Run: [99389366] C:\Documents and Settings\All Users\Application Data\99389366\99389366.exe File not found O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [CircleVirtualCD] C:\Program Files\VirtualCD\HvcdUI.exe (Circle of One Software) O4 - HKLM..\Run: [combofix] C:\WINDOWS\System32\CF6521.exe (Microsoft Corporation) O4 - HKLM..\Run: [GWMDMMSG] C:\WINDOWS\GWMDMMSG.exe (GTW) O4 - HKLM..\Run: [GWMDMpi] C:\WINDOWS\GWMDMpi.exe () O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe (HP) O4 - HKLM..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe (Ahead Software AG) O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.EXE (Logitech Inc.) O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKCU..\Run: [NBJ] C:\Program Files\Ahead\Nero BackItUp\NBJ.exe (Ahead Software AG) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation) O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemyfios.verizon.net/sdcCommo...IOS/tgctlcm.cab (Support.com Configuration Class) O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control) O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft.com/fwlink/?linkid=67633 (Office Genuine Advantage Validation Tool) O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://support.gateway.com/support/profiler/PCPitStop.CAB (PCPitstop Utility) O16 - DPF: {0F04992B-E661-4DB9-B223-903AB628225D} file://C:\Program Files\Gateway\Do More\DoMoreRunExe.CAB (DoMoreRunExe.DoMoreRun) O16 - DPF: {156BF4B7-AE3A-4365-BD88-95A75AF8F09D} http://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab (HPSDDX Class) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shock...director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?LinkID=39204 (Windows Genuine Advantage Validation Tool) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.macromedia.com/pub/shock...director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} https://support.microsoft.com/OAS/ActiveX/odc.cab (Microsoft PID Sniffer) O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine) O16 - DPF: {511073AD-BE56-4D43-AE68-93390514385E} hcp://system/TechTools.CAB (TechToolsActivex.TechTools) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1229643722093 (WUWebControl Class) O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab (System Requirements Lab Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1231557902937 (MUWebControl Class) O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager) O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} hcp://system/RunExeActiveX.CAB (RunExeActiveX.RunExe) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.4.2/jinstall-...indows-i586.cab (Java Plug-in 1.4.2_15) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {93CEA8A4-6059-4E0B-ADDD-73848153DD5E} http://support.gateway.com/eSupport/static...h/weblaunch.cab (CWebLaunchCtl Object) O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} hcp://system/StartFirstControl.CAB (StartFirstControl.CheckFirst) O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} http://support.gateway.com/support/serialharvest/gwCID.CAB (compid Class) O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx (Get_ActiveX Control) O16 - DPF: {CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_15) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flash...ent/swflash.cab (Shockwave Flash Object) O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe (Virtools WebPlayer Class) O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?326 (QDiagHUpdateObj Class) O16 - DPF: DigiChat Applet http://chat.onemodelplace.com/DigiChat/Dig...s/Client_IE.cab (Reg Error: Key error.) O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O16 - DPF: vzTCPConfig http://www.verizon.net/checkmypc/fios/incl...vzTCPConfig.CAB (Reg Error: Key error.) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\puresp3.dll (Pure Networks, Inc.) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll () O18 - Protocol\Filter: - x-sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) O24 - Desktop Components:0 (My Current Home Page) - About:Home O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: () - File not found O34 - HKLM BootExecute: (smrgdf) - File not found O34 - HKLM BootExecute: (C:\Program) - File not found O34 - HKLM BootExecute: (Files\iolo\System) - File not found O34 - HKLM BootExecute: (Mechanic) - File not found O34 - HKLM BootExecute: (Professional) - File not found O34 - HKLM BootExecute: (6") - File not found ========== Files/Folders - Created Within 30 Days ========== [5 C:\WINDOWS\.tmp files] [2009/06/21 15:16:39 \| 00,000,000 \| ---D \| C] -- C:\Lop SD [2009/06/21 14:05:59 \| 00,000,211 \| ---- \| C] () -- C:\Boot.bak [2009/06/21 14:05:53 \| 00,260,272 \| ---- \| C] () -- C:\cmldr [2009/06/21 14:05:52 \| 00,000,000 \| RHSD \| C] -- C:\cmdcons [2009/06/21 14:02:48 \| 00,212,480 \| ---- \| C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2009/06/21 14:02:48 \| 00,161,792 \| ---- \| C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2009/06/21 14:02:48 \| 00,155,136 \| ---- \| C] () -- C:\WINDOWS\PEV.exe [2009/06/21 14:02:48 \| 00,136,704 \| ---- \| C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2009/06/21 14:02:48 \| 00,098,816 \| ---- \| C] () -- C:\WINDOWS\sed.exe [2009/06/21 14:02:48 \| 00,080,412 \| ---- \| C] () -- C:\WINDOWS\grep.exe [2009/06/21 14:02:48 \| 00,068,096 \| ---- \| C] () -- C:\WINDOWS\zip.exe [2009/06/21 14:02:48 \| 00,031,232 \| ---- \| C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2009/06/21 14:02:22 \| 00,000,000 \| --SD \| C] -- C:\ComboFix [2009/06/21 14:02:19 \| 00,389,120 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF6521.exe [2009/06/21 14:01:11 \| 00,000,000 \| ---D \| C] -- C:\WINDOWS\ERDNT [2009/06/21 14:01:05 \| 00,389,120 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF5019.exe [2009/06/21 13:54:27 \| 00,000,000 \| ---D \| C] -- C:\Qoobox [2009/06/21 13:50:15 \| 00,512,512 \| ---- \| C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe [2009/06/21 13:48:30 \| 00,530,106 \| ---- \| C] () -- C:\Documents and Settings\Owner\Desktop\LopSD.exe [2009/06/17 22:39:08 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\SiteAdvisor [2009/06/17 22:37:50 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Common Files\McAfee [2009/06/17 22:37:09 \| 00,000,000 \| ---D \| C] -- C:\Program Files\McAfee [2009/06/17 22:37:09 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\McAfee [2009/06/17 14:49:23 \| 10,725,49888 \| -HS- \| C] () -- C:\hiberfil.sys [2009/06/17 14:40:35 \| 00,000,000 \| ---D \| C] -- C:\Rooter$ [2009/06/17 13:41:44 \| 03,036,691 \| R--- \| C] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe [2009/06/17 13:41:44 \| 00,187,904 \| R--- \| C] (Soeperman Enterprises Ltd.) -- C:\Documents and Settings\Owner\Desktop\HijackThis.exe [2009/06/17 13:41:44 \| 00,170,711 \| R--- \| C] (Eric_71) -- C:\Documents and Settings\Owner\Desktop\Rooter.exe [2009/06/14 15:06:01 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Help [2009/06/14 15:06:01 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\Owner\Application Data\Help [2009/06/14 15:05:43 \| 00,000,596 \| ---- \| C] () -- C:\Documents and Settings\Owner\Desktop\Dclock.exe.lnk [2009/06/13 21:10:52 \| 01,613,690 \| -H-- \| C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db [2009/06/13 17:14:27 \| 00,000,276 \| ---- \| C] () -- C:\WINDOWS\System32\MRT.INI [2009/06/13 16:51:24 \| 00,000,000 \| ---- \| C] () -- C:\Documents and Settings\All Users\Application Data\99389366.ini [2009/06/13 14:55:49 \| 00,000,000 \| ---D \| C] -- C:\Program Files\hp deskjet 930c series [2009/06/13 14:52:36 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\Owner\Application Data\Printer Info Cache [2009/06/13 14:52:27 \| 00,001,791 \| ---- \| C] () -- C:\Documents and Settings\All Users\Desktop\HP Photosmart Essential.lnk [2009/06/13 10:52:01 \| 00,246,272 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieproxy.dll [2009/06/13 10:52:01 \| 00,012,800 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpshims.dll [2009/05/29 18:44:34 \| 00,035,328 \| ---- \| C] () -- C:\Documents and Settings\Owner\My Documents\ChinaPaint Suppliers.doc [2009/05/27 20:57:57 \| 08,461,312 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\shell32.backup [2009/05/26 22:31:05 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\Owner\My Documents\My Scans [2009/05/26 22:17:52 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\Owner\Application Data\Image Zone Express [2009/05/26 22:04:09 \| 00,000,000 \| ---- \| C] () -- C:\WINDOWS\hpqemlsz.INI [2009/05/26 22:03:14 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Common Files\HP [2009/05/26 22:01:24 \| 00,000,984 \| ---- \| C] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk [2009/05/26 21:57:46 \| 00,000,000 \| ---D \| C] -- C:\Program Files\HP [2009/05/26 21:54:51 \| 00,100,894 \| ---- \| C] () -- C:\WINDOWS\hpgins17.dat.temp [2009/05/26 21:27:05 \| 00,000,284 \| ---- \| C] () -- C:\WINDOWS\hpgmdl17.dat.temp [2009/05/25 14:56:10 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\HP [2009/05/25 14:50:49 \| 00,116,974 \| ---- \| C] () -- C:\WINDOWS\hpoins11.dat.temp [2009/05/25 14:50:49 \| 00,011,634 \| ---- \| C] () -- C:\WINDOWS\hpomdl11.dat.temp [2009/05/25 13:52:19 \| 00,077,824 \| R--- \| C] () -- C:\WINDOWS\System32\HPZIDS01.dll [2009/05/25 13:18:40 \| 00,025,856 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbprint.sys [2009/05/25 13:18:40 \| 00,025,856 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbprint.sys [2009/04/18 16:58:23 \| 00,000,043 \| ---- \| C] () -- C:\WINDOWS\hpfccopy.INI [2008/12/18 20:01:23 \| 00,286,720 \| ---- \| C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2008/12/18 20:01:21 \| 00,581,632 \| ---- \| C] () -- C:\WINDOWS\System32\nvhwvid.dll [2008/12/18 20:01:21 \| 00,212,992 \| ---- \| C] () -- C:\WINDOWS\System32\nvapi.dll [2008/09/19 17:12:01 \| 00,000,000 \| ---- \| C] () -- C:\WINDOWS\iPlayer.INI [2008/09/18 00:55:00 \| 01,724,416 \| ---- \| C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2008/09/18 00:55:00 \| 01,503,232 \| ---- \| C] () -- C:\WINDOWS\System32\nview.dll [2008/09/18 00:55:00 \| 01,101,824 \| ---- \| C] () -- C:\WINDOWS\System32\nvwimg.dll [2008/09/18 00:55:00 \| 00,466,944 \| ---- \| C] () -- C:\WINDOWS\System32\nvshell.dll [2008/03/15 18:39:23 \| 00,363,520 \| ---- \| C] () -- C:\WINDOWS\System32\psisdecd.dll [2007/11/10 13:27:40 \| 00,000,000 \| ---- \| C] () -- C:\WINDOWS\NSREX.INI [2007/10/13 15:08:53 \| 00,003,072 \| ---- \| C] () -- C:\WINDOWS\CTXFIRES.DLL [2007/04/12 08:10:28 \| 00,105,728 \| ---- \| C] () -- C:\WINDOWS\System32\APOMgrH.dll [2007/04/09 12:55:14 \| 00,097,785 \| ---- \| C] () -- C:\WINDOWS\System32\instwdm.ini [2007/04/09 12:55:14 \| 00,000,054 \| ---- \| C] () -- C:\WINDOWS\System32\ctzapxx.ini [2007/04/09 12:33:50 \| 00,043,520 \| ---- \| C] () -- C:\WINDOWS\System32\CTBurst.dll [2007/04/09 12:32:58 \| 00,034,816 \| ---- \| C] ( ) -- C:\WINDOWS\System32\a3d.dll [2007/03/05 13:34:28 \| 00,676,224 \| ---- \| C] () -- C:\WINDOWS\System32\OGACheckControl.DLL [2007/02/12 22:21:28 \| 00,548,864 \| ---- \| C] () -- C:\WINDOWS\System32\hpgtg400.dll [2006/10/02 09:25:18 \| 00,000,307 \| ---- \| C] () -- C:\WINDOWS\System32\kill.ini [2006/08/01 21:40:17 \| 00,000,103 \| ---- \| C] () -- C:\WINDOWS\CTRec.INI [2005/08/20 21:39:06 \| 00,000,116 \| ---- \| C] () -- C:\WINDOWS\NeroDigital.ini [2005/07/16 15:57:06 \| 00,000,296 \| ---- \| C] () -- C:\WINDOWS\3Gsauron.INI [2005/07/16 15:53:30 \| 00,000,526 \| ---- \| C] () -- C:\WINDOWS\qzip.ini [2005/06/16 10:17:16 \| 00,071,680 \| ---- \| C] () -- C:\WINDOWS\System32\ctmmactl.dll [2005/04/13 18:39:08 \| 00,001,793 \| ---- \| C] () -- C:\WINDOWS\System32\fxsperf.ini [2004/12/09 19:50:47 \| 00,000,029 \| ---- \| C] () -- C:\WINDOWS\DEBUGSM.INI [2004/11/26 13:16:55 \| 00,000,173 \| ---- \| C] () -- C:\WINDOWS\KPCMS.INI [2004/11/26 13:16:46 \| 00,210,944 \| ---- \| C] () -- C:\WINDOWS\System32\MSVCRT10.DLL [2004/11/20 19:55:19 \| 00,001,168 \| ---- \| C] () -- C:\WINDOWS\Stars.ini [2004/11/20 18:04:20 \| 00,000,376 \| ---- \| C] () -- C:\WINDOWS\ODBC.INI [2004/11/20 17:19:59 \| 00,098,304 \| R--- \| C] () -- C:\WINDOWS\StiRegstEng.dll [2004/11/20 17:16:40 \| 00,000,111 \| ---- \| C] () -- C:\WINDOWS\EPSON Perfection 1670.ini [2004/11/20 17:00:43 \| 00,002,156 \| ---- \| C] () -- C:\WINDOWS\FONTSMRT.INI [2004/11/20 17:00:27 \| 00,000,415 \| ---- \| C] () -- C:\WINDOWS\prntname.ini [2004/11/20 16:58:53 \| 00,000,076 \| ---- \| C] () -- C:\WINDOWS\tmprn.ini [2004/11/20 15:46:16 \| 00,196,096 \| ---- \| C] () -- C:\WINDOWS\System32\MACD32.DLL [2004/11/20 15:46:16 \| 00,138,752 \| ---- \| C] () -- C:\WINDOWS\System32\MASE32.DLL [2004/11/20 15:46:16 \| 00,136,192 \| ---- \| C] () -- C:\WINDOWS\System32\MAMC32.DLL [2004/11/20 15:46:16 \| 00,057,856 \| ---- \| C] () -- C:\WINDOWS\System32\MASD32.DLL [2004/11/20 15:46:16 \| 00,027,648 \| ---- \| C] () -- C:\WINDOWS\System32\MA32.DLL [2004/11/20 15:12:38 \| 00,000,231 \| ---- \| C] () -- C:\WINDOWS\AC3API.INI [2004/11/20 15:11:49 \| 00,000,092 \| ---- \| C] () -- C:\WINDOWS\System32\editinf.ini [2004/11/20 15:11:27 \| 00,052,992 \| ---- \| C] () -- C:\WINDOWS\System32\UPDDRV9X.DLL [2004/11/20 15:11:24 \| 00,005,519 \| ---- \| C] () -- C:\WINDOWS\System32\ctucom.ini [2004/11/20 15:11:11 \| 00,000,317 \| ---- \| C] () -- C:\WINDOWS\SBWIN.INI [2004/11/20 14:58:14 \| 00,000,020 \| ---- \| C] () -- C:\WINDOWS\InfModM.ini [2004/11/20 14:56:37 \| 00,000,029 \| ---- \| C] () -- C:\WINDOWS\wgedit.ini [2002/09/03 09:00:00 \| 00,001,048 \| ---- \| C] () -- C:\WINDOWS\win.ini [2002/09/03 09:00:00 \| 00,000,231 \| ---- \| C] () -- C:\WINDOWS\system.ini [2001/07/07 03:00:00 \| 00,003,399 \| ---- \| C] () -- C:\WINDOWS\System32\hptcpmon.ini [1998/08/16 06:00:00 \| 00,004,096 \| ---- \| C] () -- C:\WINDOWS\System32\sysres.dll ========== Files - Modified Within 30 Days ========== [4 C:\WINDOWS\System32\.tmp files] [5 C:\WINDOWS\.tmp files] [2009/06/21 15:04:04 \| 00,000,000 \| ---- \| M] () -- C:\WINDOWS\System32\nvapps.xml [2009/06/21 15:03:54 \| 00,000,006 \| -H-- \| M] () -- C:\WINDOWS\tasks\SA.DAT [2009/06/21 15:03:51 \| 00,002,048 \| --S- \| M] () -- C:\WINDOWS\bootstat.dat [2009/06/21 15:03:49 \| 10,725,49888 \| -HS- \| M] () -- C:\hiberfil.sys [2009/06/21 15:03:49 \| 00,000,016 \| ---- \| M] () -- C:\WINDOWS\System32\magicpvt.dat [2009/06/21 15:03:27 \| 00,000,032 \| ---- \| M] () -- C:\WINDOWS\System32\driver.dat [2009/06/21 15:02:24 \| 00,030,096 \| ---- \| M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000003-00000000-00000003-00001102-00000004-00581102}.rfx [2009/06/21 15:02:24 \| 00,030,096 \| ---- \| M] () -- C:\WINDOWS\System32\BMXState-{00000003-00000000-00000003-00001102-00000004-00581102}.rfx [2009/06/21 15:02:24 \| 00,027,240 \| ---- \| M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000003-00000000-00000003-00001102-00000004-00581102}.rfx [2009/06/21 15:02:24 \| 00,027,240 \| ---- \| M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000003-00000000-00000003-00001102-00000004-00581102}.rfx [2009/06/21 15:02:24 \| 00,011,564 \| ---- \| M] () -- C:\WINDOWS\System32\DVCState-{00000003-00000000-00000003-00001102-00000004-00581102}.rfx [2009/06/21 14:06:00 \| 00,000,281 \| RHS- \| M] () -- C:\boot.ini [2009/06/21 14:02:01 \| 00,389,120 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF6521.exe [2009/06/21 14:01:46 \| 03,036,691 \| R--- \| M] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe [2009/06/21 13:54:21 \| 00,389,120 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF5019.exe [2009/06/21 13:50:15 \| 00,512,512 \| ---- \| M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe [2009/06/21 13:48:30 \| 00,530,106 \| ---- \| M] () -- C:\Documents and Settings\Owner\Desktop\LopSD.exe [2009/06/21 13:37:33 \| 00,001,512 \| ---- \| M] () -- C:\Documents and Settings\Owner\Desktop\NOTEPAD.lnk [2009/06/21 13:13:28 \| 37,309,041 \| ---- \| M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm [2009/06/21 13:13:28 \| 00,085,931 \| ---- \| M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg [2009/06/20 13:34:35 \| 00,002,206 \| ---- \| M] () -- C:\WINDOWS\System32\wpa.dbl [2009/06/17 11:48:06 \| 00,187,904 \| R--- \| M] (Soeperman Enterprises Ltd.) -- C:\Documents and Settings\Owner\Desktop\HijackThis.exe [2009/06/17 11:16:46 \| 00,170,711 \| R--- \| M] (Eric_71) -- C:\Documents and Settings\Owner\Desktop\Rooter.exe [2009/06/14 15:59:38 \| 00,001,048 \| ---- \| M] () -- C:\WINDOWS\win.ini [2009/06/14 15:05:43 \| 00,000,596 \| ---- \| M] () -- C:\Documents and Settings\Owner\Desktop\Dclock.exe.lnk [2009/06/13 21:10:52 \| 01,613,690 \| -H-- \| M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db [2009/06/13 17:17:55 \| 00,301,232 \| ---- \| M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2009/06/13 17:14:49 \| 00,001,374 \| ---- \| M] () -- C:\WINDOWS\imsins.BAK [2009/06/13 17:14:27 \| 00,000,276 \| ---- \| M] () -- C:\WINDOWS\System32\MRT.INI [2009/06/13 16:51:24 \| 00,000,000 \| ---- \| M] () -- C:\Documents and Settings\All Users\Application Data\99389366.ini [2009/06/13 14:56:35 \| 00,000,800 \| ---- \| M] () -- C:\WINDOWS\hpinfo.lnk [2009/06/13 14:52:27 \| 00,001,791 \| ---- \| M] () -- C:\Documents and Settings\All Users\Desktop\HP Photosmart Essential.lnk [2009/06/08 08:10:10 \| 00,155,136 \| ---- \| M] () -- C:\WINDOWS\PEV.exe [2009/06/07 17:23:12 \| 00,001,080 \| ---- \| M] () -- C:\WINDOWS\System32\settingsbkup.sfm [2009/06/07 17:23:12 \| 00,001,080 \| ---- \| M] () -- C:\WINDOWS\System32\settings.sfm [2009/06/06 16:23:09 \| 00,001,729 \| ---- \| M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk [2009/06/01 12:51:12 \| 23,635,392 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe [2009/05/27 20:55:47 \| 00,000,526 \| ---- \| M] () -- C:\WINDOWS\qzip.ini [2009/05/27 20:53:12 \| 08,461,312 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\System32\shell32.dll [2009/05/27 20:53:12 \| 08,461,312 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell32.dll [2009/05/27 13:26:50 \| 00,035,328 \| ---- \| M] () -- C:\Documents and Settings\Owner\My Documents\ChinaPaint Suppliers.doc [2009/05/26 22:20:08 \| 00,000,043 \| ---- \| M] () -- C:\WINDOWS\hpfccopy.INI [2009/05/26 22:17:36 \| 00,100,842 \| ---- \| M] () -- C:\WINDOWS\hpgins17.dat [2009/05/26 22:04:09 \| 00,000,000 \| ---- \| M] () -- C:\WINDOWS\hpqemlsz.INI [2009/05/26 22:03:29 \| 00,100,894 \| ---- \| M] () -- C:\WINDOWS\hpgins17.dat.temp [2009/05/26 22:01:24 \| 00,000,984 \| ---- \| M] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk [2009/05/25 15:34:30 \| 00,084,480 \| ---- \| M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2009/05/25 13:51:44 \| 00,116,974 \| ---- \| M] () -- C:\WINDOWS\hpoins11.dat.temp < End of report > I did a google search and clicked on a search link result to see if it would take me there or re-direct me again and it seemed to take me to the proper site this time. Thanks again for your help, let me know what else I should be doing. Regards. --- DUTCH

heir View Member Profile	Jun 21 2009, 03:29 PM Post #6
Trusted Helper Posts: 3,384 From: Sweden OS: Windows XP SP3	Hm... looks as we might have a rootkit to take care of that is disturbing ComboFix from running properly. Step 1. Rootrepeal: Download RootRepeal.zip and unzip it to your Desktop. Double click RootRepeal.exe to start the program Click on the Report tab at the bottom of the program window Click the Scan button In the Select Scan dialog, check: Drivers Files Processes SSDT Stealth Objects Hidden Services Click the OK button In the next dialog, select all drives showing Click OK to start the scan Note: The scan can take some time. DO NOT* run any other programs while the scan is running* When the scan is complete, the Save Report button will become available Click this and save the report to your Desktop as RootRepeal.txt Go to File, then Exit to close the program If the report is not too long, post the contents of RootRepeal.txt in your next reply. If the report is very long, it will not be complete if you post it, so please attach it to your reply instead. To attach a file, do the following: Click Add Reply Under the reply panel is the Attachments Panel Browse for the attachment file you want to upload, then click the green Upload button Once it has uploaded, click the Manage Current Attachments drop down box Click on to insert the attachment into your post Step 2. Systemlook: Please download SystemLook from one of the links below and save it to your Desktop. Download Mirror #1 Download Mirror #2 Double-click SystemLook.exe to run it. Copy the content of the following codebox into the main textfield: CODE C:\Qoobox /s Click the Look button to start the scan. When finished, a notepad window will open with the results of the scan. Please post this log in your next reply. Note: The log can also be found on your Desktop entitled SystemLook.txt Step 3. Things I would like to see in your reply: The content of Rootrepeal.txt (attach it if it's too long) from step 1. The content of Systemlook.txt from step 2.

DUTCH8888 View Member Profile	Jun 21 2009, 06:15 PM Post #7
Member Posts: 14 OS: XP SP3	Hello Heir, I started with step 1 but never got passed it. Is the RootRepeal.exe supposed to take a long time to initiate? Since I started it over one hour ago, it has been displaying nothing except a small rectangular box that statese "Initializing". When I checked the processes in Taskmanager it shows that it is using 99% of the CPU all that time and is reported as "not responding". It never displayed a program window that would allow me to click on Report Tab or anything else. I ended the program as it prevented me from loading anything else as it is using all the processor time. Please let me know if I am supposed to leave it running on initializing for hours? Thank you. Regards. --- Dutch.

heir View Member Profile	Jun 22 2009, 11:10 AM Post #8
Trusted Helper Posts: 3,384 From: Sweden OS: Windows XP SP3	Let's use this tool instead of Rootrepeal. Do this as step 1. Download GMER from here: http://www.gmer.net/files.php Unzip it to the desktop. Open the program and click on the Rootkit tab. Make sure all the boxes on the right of the screen are checked, EXCEPT for �Show All�. Click on Scan. When the scan has run click Copy and paste the results (if any) into this thread. Then do step 2 from my previous post, Finally post the results from step 1 and 2.

DUTCH8888 View Member Profile	Jun 22 2009, 03:37 PM Post #9
Member Posts: 14 OS: XP SP3	Here are the results: GMER: GMER 1.0.15.14972 - http://www.gmer.net Rootkit scan 2009-06-22 17:29:22 Windows 5.1.2600 Service Pack 3 ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) AttachedDevice \FileSystem\Fastfat \Fat InCDrec.SYS (InCD File System Recognizer/Ahead Software AG) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000 ---- EOF - GMER 1.0.15 ---- And SYSTEMLOOK: SystemLook v1.0 by jpshortstuff (22.05.09) Log created at 17:33 on 22/06/2009 by Owner (Administrator - Elevation successful) No Context: CODE No Context: C:\Qoobox /s -=End Of File=- Best regards. --- Dutch.

heir View Member Profile	Jun 22 2009, 04:00 PM Post #10
Trusted Helper Posts: 3,384 From: Sweden OS: Windows XP SP3	Hm.. a bit tricky. Let's give Combofix one more chance. Please reboot your computer. Then double-click on ComboFix.exe on your desktop to run it again. Post the content of C:\ComboFix.txt in your reply

DUTCH8888 View Member Profile	Jun 22 2009, 04:23 PM Post #11
Member Posts: 14 OS: XP SP3	Here is the Combofix report: ComboFix 09-06-22.04 - Owner 06/22/2009 18:15.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.630 [GMT -4:00] Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe AV: AVG Anti-Virus Free On-access scanning disabled (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_kungsfxirskdux -------\Legacy_IPRIP -------\Service_Iprip ((((((((((((((((((((((((( Files Created from 2009-05-22 to 2009-06-22 ))))))))))))))))))))))))))))))) . 2009-06-21 19:16 . 2009-06-21 19:20 -------- d-----w- C:\Lop SD 2009-06-18 02:39 . 2009-06-18 02:39 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore 2009-06-18 02:39 . 2009-06-18 02:39 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\SACore 2009-06-18 02:39 . 2009-06-18 02:39 -------- d-----w- c:\documents and settings\All Users\Application Data\SiteAdvisor 2009-06-18 02:37 . 2009-06-18 02:37 -------- d-----w- c:\program files\Common Files\McAfee 2009-06-18 02:37 . 2009-06-18 22:17 -------- d-----w- c:\program files\McAfee 2009-06-18 02:37 . 2009-06-18 02:37 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee 2009-06-17 18:40 . 2009-06-17 18:51 -------- d-----w- C:\Rooter$ 2009-06-14 19:06 . 2009-06-14 19:06 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Help 2009-06-13 21:04 . 2009-06-13 21:04 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE 2009-06-13 21:04 . 2009-06-13 21:11 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\AVGTOOLBAR 2009-06-13 21:04 . 2009-06-13 21:04 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2009-06-13 18:55 . 2009-06-13 18:56 -------- d-----w- c:\program files\hp deskjet 930c series 2009-06-13 18:55 . 2006-01-14 00:36 53248 ----a-w- c:\windows\system32\hpfinsta.exe 2009-06-13 18:55 . 2006-01-14 00:36 274432 ------w- c:\windows\system32\hpfinst.dll 2009-06-13 18:52 . 2009-06-13 18:52 -------- d-----w- c:\documents and settings\Owner\Application Data\Printer Info Cache 2009-06-13 14:52 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2009-06-13 14:52 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2009-06-13 14:47 . 2009-06-13 14:47 390664 ----a-w- c:\documents and settings\Owner\Application Data\Real\RealPlayer\Update\realplayer11gold.exe 2009-05-27 15:17 . 2009-05-27 15:17 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2009-05-27 02:17 . 2009-06-13 18:52 -------- d-----w- c:\documents and settings\Owner\Application Data\Image Zone Express 2009-05-27 02:03 . 2009-06-13 18:52 -------- d-----w- c:\program files\Common Files\HP 2009-05-27 01:57 . 2009-05-27 02:17 -------- d-----w- c:\program files\HP 2009-05-25 18:56 . 2009-05-25 18:56 -------- d-----w- c:\documents and settings\All Users\Application Data\HP 2009-05-25 18:53 . 2006-04-13 01:04 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys 2009-05-25 18:00 . 2006-04-13 01:04 49664 ----a-r- c:\windows\system32\drivers\HPZid412.sys 2009-05-25 17:52 . 2006-01-04 09:12 77824 ----a-r- c:\windows\system32\HPZIDS01.dll 2009-05-25 17:52 . 2006-04-10 18:03 38400 ----a-w- c:\windows\system32\hpz3l054.dll 2009-05-25 17:51 . 2006-03-04 01:03 69632 ----a-w- c:\windows\system32\HPZipm12.exe 2009-05-25 17:51 . 2006-03-04 01:02 94208 ----a-w- c:\windows\system32\HPZipt12.dll 2009-05-25 17:51 . 2006-03-04 01:02 57344 ----a-w- c:\windows\system32\HPZisn12.dll 2009-05-25 17:51 . 2006-03-04 01:03 65536 ----a-w- c:\windows\system32\HPZinw12.exe 2009-05-25 17:18 . 2008-04-13 18:47 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys 2009-05-25 17:18 . 2008-04-13 18:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-22 22:10 . 2008-05-14 23:00 16 ----a-w- c:\windows\system32\magicpvt.dat 2009-06-22 22:10 . 2008-12-19 01:40 32 ----a-w- c:\windows\system32\driver.dat 2009-06-17 18:49 . 2009-03-29 21:43 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8 2009-06-14 19:06 . 2005-10-18 02:32 -------- d-----w- c:\program files\Clock 2009-06-13 18:55 . 2005-10-28 21:47 -------- d-----w- c:\program files\Hewlett-Packard 2009-05-27 02:17 . 2009-04-13 18:02 100842 ----a-w- c:\windows\hpgins17.dat 2009-05-27 01:24 . 2004-11-20 21:17 -------- d-----w- c:\program files\Smart Panel 2009-05-27 01:24 . 2004-11-20 18:13 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-05-25 19:34 . 2004-11-24 22:59 84480 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-05-25 19:11 . 2009-04-18 20:33 -------- d-----w- c:\documents and settings\Owner\Application Data\HP 2009-05-16 02:33 . 2009-05-16 02:33 -------- d-----w- c:\documents and settings\Owner\Application Data\licenses 2009-05-16 02:33 . 2009-05-16 02:33 -------- d-----w- c:\documents and settings\Owner\Application Data\PCMM2009 2009-05-16 02:09 . 2009-05-16 01:54 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverCure 2009-05-16 01:55 . 2009-05-16 01:55 -------- d-----w- c:\documents and settings\Owner\Application Data\DriverCure 2009-05-13 05:15 . 2006-06-23 15:33 915456 ----a-w- c:\windows\system32\wininet.dll 2009-05-09 16:21 . 2009-05-09 16:21 -------- d-----w- c:\program files\Microsoft Silverlight 2009-05-09 16:01 . 2009-03-29 21:44 -------- d-----w- c:\documents and settings\Owner\Application Data\AVGTOOLBAR 2009-05-09 14:10 . 2004-11-20 23:13 4212 ---h--w- c:\windows\system32\zllictbl.dat 2009-05-07 15:32 . 2002-09-03 13:00 345600 ----a-w- c:\windows\system32\localspl.dll 2009-05-06 09:07 . 2009-03-29 21:44 11952 ----a-w- c:\windows\system32\avgrsstx.dll 2009-05-06 09:06 . 2009-03-29 21:44 325896 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-05-06 09:06 . 2007-04-29 17:48 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-05-06 09:06 . 2009-03-29 21:44 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2009-04-25 19:37 . 2007-09-22 15:01 -------- d-----w- c:\program files\Google 2009-04-25 19:30 . 2009-04-25 19:30 -------- d-----w- c:\program files\Common Files\xing shared 2009-04-25 19:30 . 2005-05-15 23:04 -------- d-----w- c:\program files\Common Files\Real 2009-04-25 19:29 . 2007-12-13 02:26 348160 ----a-w- c:\windows\system32\msvcr71.dll 2009-04-25 19:14 . 2006-11-05 02:02 -------- d-----w- c:\program files\iTunes 2009-04-25 19:03 . 2007-11-03 17:31 -------- d-----w- c:\program files\DivX 2009-04-25 19:03 . 2009-04-25 19:03 -------- d-----w- c:\program files\Common Files\DivX Shared 2009-04-25 19:00 . 2009-04-25 19:00 -------- d-----w- c:\program files\Orban 2009-04-25 18:50 . 2009-04-25 18:50 -------- d-----w- c:\program files\Windows Media Connect 2 2009-04-25 17:26 . 2004-11-20 18:32 -------- d-----w- c:\program files\Common Files\Adobe 2009-04-17 12:26 . 2004-11-22 03:24 1847168 ----a-w- c:\windows\system32\win32k.sys 2009-04-15 14:51 . 2006-11-26 16:40 585216 ----a-w- c:\windows\system32\rpcrt4.dll 2009-03-29 23:26 . 2009-03-29 23:26 1915520 -c--a-w- c:\documents and settings\Owner\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe 2009-03-29 21:34 . 2004-11-20 17:40 89879 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat . ------- Sigcheck ------- [7] 2004-08-04 07:56 14336 8F078AE4ED187AAABC0A305146DE6716 c:\windows\$NtServicePackUninstall$\svchost.exe [7] 2008-04-14 00:12 14336 27C6D03BCDB8CFEB96B716F3D8BE3E18 c:\windows\ServicePackFiles\i386\svchost.exe [7] 2008-04-14 00:12 14336 27C6D03BCDB8CFEB96B716F3D8BE3E18 c:\windows\system32\svchost.exe [-] 2005-03-02 18:09 577024 DE2DB164BBB35DB061AF0997E4499054 c:\windows\$hf_mig$\KB890859\SP2GDR\user32.dll [-] 2005-03-02 18:19 577024 1800F293BCCC8EDE8A70E12B88D80036 c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll [-] 2005-03-02 18:09 577024 DE2DB164BBB35DB061AF0997E4499054 c:\windows\$NtServicePackUninstall$\user32.dll [-] 2002-09-03 13:00 560128 DD9269230C21EE8FB7FD3FCCC3B1CFCB c:\windows\$NtUninstallKB840987$\user32.dll [7] 2004-08-04 07:56 577024 C72661F8552ACE7C5C85E16A3CF505C4 c:\windows\$NtUninstallKB890859$\user32.dll [-] 2004-12-29 01:31 574464 0706E1CD6B89800781DB038F4B3F5654 c:\windows\$NtUninstallKB890859_0$\user32.dll [-] 2004-06-17 17:58 560128 31FB2D788A9AA618452C02E8375B6DCD c:\windows\$NtUninstallKB891711$\user32.dll [7] 2008-04-14 00:12 578560 B26B135FF1B9F60C9388B4A7D16F600B c:\windows\ServicePackFiles\i386\user32.dll [7] 2008-04-14 00:12 578560 B26B135FF1B9F60C9388B4A7D16F600B c:\windows\system32\user32.dll [7] 2004-08-04 07:56 82944 2ED0B7F12A60F90092081C50FA0EC2B2 c:\windows\$NtServicePackUninstall$\ws2_32.dll [-] 2002-09-03 13:00 75264 8529C295DF59B564D37A73B5629162B1 c:\windows\$NtUninstallKB817778$\ws2_32.dll [-] 2003-07-10 16:19 70656 06BF1D3C21274F92DDD0E09317C80B35 c:\windows\$NtUninstallKB914388_0$\ws2_32.dll [-] 2002-09-03 13:00 75264 8529C295DF59B564D37A73B5629162B1 c:\windows\$NtUninstallKB922819_0$\ws2_32.dll [7] 2008-04-14 00:12 82432 2CCC474EB85CEAA3E1FA1726580A3E5A c:\windows\ServicePackFiles\i386\ws2_32.dll [7] 2008-04-14 00:12 82432 2CCC474EB85CEAA3E1FA1726580A3E5A c:\windows\system32\ws2_32.dll [7] 2008-08-26 09:08 827904 77C192FE56A70D7FA0247BA0A6201C32 c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll [7] 2008-12-20 23:56 827904 044E0A4E9FE97C0FB9AFE9C89E2A82E6 c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll [7] 2009-03-03 00:17 828416 C8667854873938CA13C986F16B0CD183 c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\wininet.dll [7] 2009-05-13 05:10 915456 C0EB6850C8A02A154281749DC61FAF22 c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\wininet.dll [7] 2004-08-04 07:56 656384 C0823FC5469663BA63E7DB88F9919D70 c:\windows\$NtServicePackUninstall$\wininet.dll [-] 2002-09-03 13:00 599040 F3587750A7481DCCBEA13D473A0700BE c:\windows\$NtUninstallKB834707-IE6SP1-20040929.091901$\wininet.dll [-] 2004-08-24 01:32 589312 01893ED35886AFF539B58A025736F7ED c:\windows\$NtUninstallKB867282-IE6SP1-20050127.163319$\wininet.dll [-] 2004-12-07 21:37 590336 9FFCB74DF9474FD2A4148C355B40FC55 c:\windows\$NtUninstallKB890923-IE6SP1-20050225.103456$\wininet.dll [-] 2005-02-18 20:19 592384 33BDE2B6C11C96969E1CBF894C5980AF c:\windows\$NtUninstallKB896727-IE6SP1-20050719.165959$\wininet.dll [-] 2005-06-18 03:49 574976 ECE5D8E5C4B797F057E6933B539A7982 c:\windows\$NtUninstallKB905915-IE6SP1-20051122.175908$\wininet.dll [-] 2002-09-03 13:00 599040 F3587750A7481DCCBEA13D473A0700BE c:\windows\$NtUninstallKB916281-IE6SP1-20060526.162249$\wininet.dll [-] 2005-10-21 17:51 575488 4D7F35D26E955FCB4A572908D216CF00 c:\windows\$NtUninstallKB918899-IE6SP1-20060725.123917$\wininet.dll [7] 2008-04-14 00:12 666112 7A4F775ABB2F1C97DEF3E73AFA2FAEDD c:\windows\ie7\wininet.dll [7] 2007-08-13 22:54 818688 A4A0FC92358F39538A6494C42EF99FE9 c:\windows\ie7updates\KB956390-IE7\wininet.dll [7] 2008-08-26 07:24 826368 EF8EBA98145BFA44E80D17A3B3453300 c:\windows\ie7updates\KB961260-IE7\wininet.dll [7] 2008-12-20 23:15 826368 A82935D32D0672E8FF4E91AE398E901C c:\windows\ie7updates\KB963027-IE7\wininet.dll [7] 2009-03-03 00:18 826368 28775945CCD53DEE280EF58DEA1A94C4 c:\windows\ie8\wininet.dll [7] 2009-03-08 08:34 914944 6CE32F7778061CCC5814D5E0F282D369 c:\windows\ie8updates\KB969897-IE8\wininet.dll [7] 2008-04-14 00:12 666112 7A4F775ABB2F1C97DEF3E73AFA2FAEDD c:\windows\ServicePackFiles\i386\wininet.dll [7] 2008-12-20 23:15 826368 A82935D32D0672E8FF4E91AE398E901C c:\windows\SoftwareDistribution\Download\2e4e820fa4f0714d84e95e04fd4b348e\SP2GDR\wininet.dll [7] 2008-12-20 23:56 827904 044E0A4E9FE97C0FB9AFE9C89E2A82E6 c:\windows\SoftwareDistribution\Download\2e4e820fa4f0714d84e95e04fd4b348e\SP2QFE\wininet.dll [7] 2008-08-26 07:24 826368 EF8EBA98145BFA44E80D17A3B3453300 c:\windows\SoftwareDistribution\Download\5d9d48823dca01f9929a959c29f5edc4\SP2GDR\wininet.dll [7] 2008-08-26 09:08 827904 77C192FE56A70D7FA0247BA0A6201C32 c:\windows\SoftwareDistribution\Download\5d9d48823dca01f9929a959c29f5edc4\SP2QFE\wininet.dll [-] 2008-10-16 10:37 659456 6F1E4BFD78C4E0D05FF3725D59B72925 c:\windows\SoftwareDistribution\Download\7bc58354ca50aa200544caaef7677c8a\SP2GDR\wininet.dll [-] 2008-10-16 10:20 667648 93C9D0A216498EE14EB9B26119BB95EE c:\windows\SoftwareDistribution\Download\7bc58354ca50aa200544caaef7677c8a\SP2QFE\wininet.dll [-] 2008-10-16 01:00 666112 1576318BF08D28CC61D1278114AD8D5B c:\windows\SoftwareDistribution\Download\7bc58354ca50aa200544caaef7677c8a\SP3GDR\wininet.dll [-] 2008-10-16 01:04 667136 E8FCE58A470999350F64C591557F9E42 c:\windows\SoftwareDistribution\Download\7bc58354ca50aa200544caaef7677c8a\SP3QFE\wininet.dll [7] 2009-05-13 05:15 915456 366C72AF6970DB7BB39AB0142BF09DB5 c:\windows\SoftwareDistribution\Download\acef69c5a8a4846ded0fc4ea93f74166\SP3GDR\wininet.dll [7] 2009-05-13 05:10 915456 C0EB6850C8A02A154281749DC61FAF22 c:\windows\SoftwareDistribution\Download\acef69c5a8a4846ded0fc4ea93f74166\SP3QFE\wininet.dll [7] 2009-05-13 05:15 915456 366C72AF6970DB7BB39AB0142BF09DB5 c:\windows\system32\wininet.dll [7] 2009-05-13 05:15 915456 366C72AF6970DB7BB39AB0142BF09DB5 c:\windows\system32\dllcache\wininet.dll [-] 2005-05-25 19:04 359808 88763A98A4C26C409741B4AA162720C9 c:\windows\$hf_mig$\KB893066\SP2GDR\tcpip.sys [-] 2005-05-25 19:07 359936 63FDFEA54EB53DE2D863EE454937CE1E c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys [-] 2006-01-13 02:28 359808 583E063FDC888CA30D05C2724B0D7EF4 c:\windows\$hf_mig$\KB913446\SP2GDR\tcpip.sys [-] 2006-01-13 17:07 360448 5562CC0A47B2AEF06D3417B733F3C195 c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys [-] 2006-04-20 11:51 359808 1DBF125862891817F374F407626967F4 c:\windows\$hf_mig$\KB917953\SP2GDR\tcpip.sys [-] 2006-04-20 12:18 360576 B2220C618B42A2212A59D91EBD6FC4B4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys [7] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys [-] 2006-04-20 11:51 359808 1DBF125862891817F374F407626967F4 c:\windows\$NtServicePackUninstall$\tcpip.sys [7] 2004-08-04 06:14 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtUninstallKB893066$\tcpip.sys [-] 2002-09-03 13:00 332928 244A2F9816BC9B593957281EF577D976 c:\windows\$NtUninstallKB893066_0$\tcpip.sys [-] 2005-05-25 19:04 359808 88763A98A4C26C409741B4AA162720C9 c:\windows\$NtUninstallKB913446$\tcpip.sys [-] 2005-05-25 19:41 339968 228B0385BBFCA24332FA22DB45A8B684 c:\windows\$NtUninstallKB913446_0$\tcpip.sys [-] 2006-01-13 02:28 359808 583E063FDC888CA30D05C2724B0D7EF4 c:\windows\$NtUninstallKB917953$\tcpip.sys [-] 2006-01-13 01:13 340480 8C101C9C566E2384AF28EF7C1DE4A36E c:\windows\$NtUninstallKB917953_0$\tcpip.sys [7] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\$NtUninstallKB951748$\tcpip.sys [7] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\ServicePackFiles\i386\tcpip.sys [7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\dllcache\tcpip.sys [7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\drivers\tcpip.sys [7] 2004-08-04 07:56 502272 01C3346C241652F43AED8E2149881BFE c:\windows\$NtServicePackUninstall$\winlogon.exe [-] 2002-09-03 13:00 516608 2246D8D8F4714A2CEDB21AB9B1849ABB c:\windows\$NtUninstallKB840987$\winlogon.exe [7] 2008-04-14 00:12 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\ServicePackFiles\i386\winlogon.exe [7] 2008-04-14 00:12 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\system32\winlogon.exe [7] 2004-08-04 06:14 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\$NtServicePackUninstall$\ndis.sys [-] 2002-09-03 13:00 167552 3B350E5A2A5E951453F3993275A4523A c:\windows\$NtUninstallKB826942$\ndis.sys [7] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\ServicePackFiles\i386\ndis.sys [7] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\system32\drivers\ndis.sys [7] 2004-08-04 06:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\$NtServicePackUninstall$\ip6fw.sys [7] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\ServicePackFiles\i386\ip6fw.sys [7] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\system32\drivers\ip6fw.sys [-] 2005-03-02 00:34 2056832 81013F36B21C7F72CF784CC6731E0002 c:\windows\$hf_mig$\KB890859\SP2GDR\ntkrnlpa.exe [-] 2005-03-02 00:36 2056832 D8ABA3EAB509627E707A3B14F00FBB6B c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe [7] 2009-02-06 10:30 2066176 607352B9CB3D708C67F6039097801B5A c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe [7] 2008-08-14 19:39 2066048 A25E9B86EFFB2AF33BF51E676B68BFB0 c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe [-] 2005-03-02 00:34 2056832 81013F36B21C7F72CF784CC6731E0002 c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe [-] 2002-09-03 13:00 1947904 0E8EFB15746878A9B256E75267337233 c:\windows\$NtUninstallKB840987$\ntkrnlpa.exe [-] 2004-06-17 08:03 1954688 ED0D7A5F1138CCFD3ECAF8F6AC691F13 c:\windows\$NtUninstallKB885835_0$\ntkrnlpa.exe [7] 2004-08-04 05:58 2056832 947FB1D86D14AFCFFDB54BF837EC25D0 c:\windows\$NtUninstallKB890859$\ntkrnlpa.exe [-] 2004-10-22 07:29 1955840 EFA7883018F42295D927121808AE6CEE c:\windows\$NtUninstallKB890859_0$\ntkrnlpa.exe [7] 2008-08-14 09:33 2066048 4AC58F03EB94A72809949D757FC39D80 c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe [7] 2008-04-13 18:31 2065792 109F8E3E3C82E337BB71B6BC9B895D61 c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe [7] 2009-02-07 23:02 2066048 5BA7F2141BC6DB06100D0E5A732C617A c:\windows\Driver Cache\i386\ntkrnlpa.exe [7] 2008-04-13 18:31 2065792 109F8E3E3C82E337BB71B6BC9B895D61 c:\windows\ServicePackFiles\i386\ntkrnlpa.exe [7] 2009-02-07 23:02 2066048 5BA7F2141BC6DB06100D0E5A732C617A c:\windows\system32\ntkrnlpa.exe [7] 2009-02-07 23:02 2066048 5BA7F2141BC6DB06100D0E5A732C617A c:\windows\system32\dllcache\ntkrnlpa.exe [-] 2005-03-02 00:59 2179328 4D4CF2C14550A4B7718E94A6E581856E c:\windows\$hf_mig$\KB890859\SP2GDR\ntoskrnl.exe [-] 2005-03-02 01:04 2179456 28187802B7C368C0D3AEF7D4C382AABB c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe [7] 2009-02-07 23:35 2189184 EFE8EACE83EAAD5849A7A548FB75B584 c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe [7] 2008-08-14 20:11 2189184 31914172342BFF330063F343AC6958FE c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe [-] 2005-03-02 00:59 2179328 4D4CF2C14550A4B7718E94A6E581856E c:\windows\$NtServicePackUninstall$\ntoskrnl.exe [-] 2002-09-03 13:00 2042240 B9080D97DBD631AADF9128F7316958D2 c:\windows\$NtUninstallKB840987$\ntoskrnl.exe [-] 2004-06-17 17:22 2051584 F240DC474F8EDB2D95514D831DF069E5 c:\windows\$NtUninstallKB885835_0$\ntoskrnl.exe [7] 2004-08-04 06:19 2180992 CE218BC7088681FAA06633E218596CA7 c:\windows\$NtUninstallKB890859$\ntoskrnl.exe [-] 2004-10-22 08:33 2088448 5A7EB0C9F96917B7ECF5ADF70C4B1BAE c:\windows\$NtUninstallKB890859_0$\ntoskrnl.exe [7] 2008-08-14 10:11 2189184 EEAF32F8E15A24F62BECB1BD403BB5C5 c:\windows\$NtUninstallKB956572$\ntoskrnl.exe [7] 2008-04-13 19:27 2188928 0C89243C7C3EE199B96FCC16990E0679 c:\windows\$NtUninstallKB956841$\ntoskrnl.exe [7] 2009-02-06 11:08 2189056 7A95B10A73737EBF24139AAA63F5212B c:\windows\Driver Cache\i386\ntoskrnl.exe [7] 2008-04-13 19:27 2188928 0C89243C7C3EE199B96FCC16990E0679 c:\windows\ServicePackFiles\i386\ntoskrnl.exe [7] 2009-02-06 11:08 2189056 7A95B10A73737EBF24139AAA63F5212B c:\windows\system32\ntoskrnl.exe [7] 2009-02-06 11:08 2189056 7A95B10A73737EBF24139AAA63F5212B c:\windows\system32\dllcache\ntoskrnl.exe [7] 2008-04-14 00:12 1033728 12896823FB95BFB3DC9B46BCAEDC9923 c:\windows\explorer.exe [7] 2004-08-04 07:56 1032192 A0732187050030AE399B241436565E64 c:\windows\$NtServicePackUninstall$\explorer.exe [-] 2002-09-03 13:00 1004032 A82B28BFC2E4455FE43022A498C0EF0A c:\windows\$NtUninstallKB820291$\explorer.exe [7] 2008-04-14 00:12 1033728 12896823FB95BFB3DC9B46BCAEDC9923 c:\windows\ServicePackFiles\i386\explorer.exe [7] 2009-02-06 11:06 110592 020CEAAEDC8EB655B6506B8C70D53BB6 c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe [7] 2004-08-04 07:56 108032 C6CE6EEC82F187615D1002BB3BB50ED4 c:\windows\$NtServicePackUninstall$\services.exe [7] 2008-04-14 00:12 108544 0E776ED5F7CC9F94299E70461B7B8185 c:\windows\$NtUninstallKB956572$\services.exe [7] 2008-04-14 00:12 108544 0E776ED5F7CC9F94299E70461B7B8185 c:\windows\ServicePackFiles\i386\services.exe [7] 2009-02-06 11:11 110592 65DF52F5B8B6E9BBD183505225C37315 c:\windows\system32\services.exe [7] 2009-02-06 11:11 110592 65DF52F5B8B6E9BBD183505225C37315 c:\windows\system32\dllcache\services.exe [7] 2004-08-04 07:56 13312 84885F9B82F4D55C6146EBF6065D75D2 c:\windows\$NtServicePackUninstall$\lsass.exe [7] 2008-04-14 00:12 13312 BF2466B3E18E970D8A976FB95FC1CA85 c:\windows\ServicePackFiles\i386\lsass.exe [7] 2008-04-14 00:12 13312 BF2466B3E18E970D8A976FB95FC1CA85 c:\windows\system32\lsass.exe [7] 2004-08-04 07:56 15360 24232996A38C0B0CF151C2140AE29FC8 c:\windows\$NtServicePackUninstall$\ctfmon.exe [7] 2008-04-14 00:12 15360 5F1D5F88303D4A4DBC8E5F97BA967CC3 c:\windows\ServicePackFiles\i386\ctfmon.exe [7] 2008-04-14 00:12 15360 5F1D5F88303D4A4DBC8E5F97BA967CC3 c:\windows\system32\ctfmon.exe [-] 2005-06-10 23:53 57856 DA81EC57ACD4CDC3D4C51CF3D409AF9F c:\windows\$hf_mig$\KB896423\SP2GDR\spoolsv.exe [-] 2005-06-11 00:17 57856 AD3D9D191AEA7B5445FE1D82FFBB4788 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe [-] 2005-06-10 23:53 57856 DA81EC57ACD4CDC3D4C51CF3D409AF9F c:\windows\$NtServicePackUninstall$\spoolsv.exe [7] 2004-08-04 07:56 57856 7435B108B935E42EA92CA94F59C8E717 c:\windows\$NtUninstallKB896423$\spoolsv.exe [-] 2002-09-03 13:00 51200 9B4155BA58192D4073082B8FC5D42612 c:\windows\$NtUninstallKB896423_0$\spoolsv.exe [7] 2008-04-14 00:12 57856 D8E14A61ACC1D4A6CD0D38AEBAC7FA3B c:\windows\ServicePackFiles\i386\spoolsv.exe [7] 2008-04-14 00:12 57856 D8E14A61ACC1D4A6CD0D38AEBAC7FA3B c:\windows\system32\spoolsv.exe [7] 2004-08-04 07:56 111104 4126D27CECE4471E00E425411F7306B5 c:\windows\$NtServicePackUninstall$\wuauclt.exe [7] 2008-04-14 00:12 111104 ED7262E52C31CF1625B65039102BC16C c:\windows\ServicePackFiles\i386\wuauclt.exe [7] 2008-10-16 19:09 51224 E654B78D2F1D791B30D0ED9A8195EC22 c:\windows\system32\wuauclt.exe [7] 2008-10-16 19:09 51224 E654B78D2F1D791B30D0ED9A8195EC22 c:\windows\system32\dllcache\wuauclt.exe [7] 2004-08-04 07:56 24576 39B1FFB03C2296323832ACBAE50D2AFF c:\windows\$NtServicePackUninstall$\userinit.exe [7] 2008-04-14 00:12 26112 A93AEE1928A9D7CE3E16D24EC7380F89 c:\windows\ServicePackFiles\i386\userinit.exe [7] 2008-04-14 00:12 26112 A93AEE1928A9D7CE3E16D24EC7380F89 c:\windows\system32\userinit.exe [7] 2004-08-04 07:56 295424 B60C877D16D9C880B952FDA04ADF16E6 c:\windows\$NtServicePackUninstall$\termsrv.dll [7] 2008-04-14 00:12 295424 FF3477C03BE7201C294C35F684B3479F c:\windows\ServicePackFiles\i386\termsrv.dll [7] 2008-04-14 00:12 295424 FF3477C03BE7201C294C35F684B3479F c:\windows\system32\termsrv.dll [-] 2006-07-05 10:55 984064 D8DB5397DE07577C1CB50BA6D23B3AD4 c:\windows\$hf_mig$\KB917422\SP2GDR\kernel32.dll [-] 2006-07-05 10:57 985088 0FDD84928A5DDE2510761B7EC76CCEC9 c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll [7] 2009-03-21 13:59 991744 DA11D9D6ECBDF0F93436A4B7C13F7BEC c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll [-] 2006-07-05 10:55 984064 D8DB5397DE07577C1CB50BA6D23B3AD4 c:\windows\$NtServicePackUninstall$\kernel32.dll [-] 2002-09-03 13:00 930304 8F162DC91D67D87C1A481BF602A9DAC8 c:\windows\$NtUninstallKB840987$\kernel32.dll [7] 2004-08-04 07:56 983552 888190E31455FAD793312F8D087146EB c:\windows\$NtUninstallKB917422$\kernel32.dll [-] 2004-06-17 17:58 930816 FCA73DE7B988A2F7837FFBFFCFBED088 c:\windows\$NtUninstallKB917422_0$\kernel32.dll [7] 2008-04-14 00:11 989696 C24B983D211C34DA8FCC1AC38477971D c:\windows\$NtUninstallKB959426$\kernel32.dll [7] 2008-04-14 00:11 989696 C24B983D211C34DA8FCC1AC38477971D c:\windows\ServicePackFiles\i386\kernel32.dll [7] 2009-03-21 14:06 989696 B921FB870C9AC0D509B2CCABBBBE95F3 c:\windows\system32\kernel32.dll [7] 2009-03-21 14:06 989696 B921FB870C9AC0D509B2CCABBBBE95F3 c:\windows\system32\dllcache\kernel32.dll [7] 2004-08-04 07:56 17408 1B5F6923ABB450692E9FE0672C897AED c:\windows\$NtServicePackUninstall$\powrprof.dll [7] 2008-04-14 00:12 17408 50A166237A0FA771261275A405646CC0 c:\windows\ServicePackFiles\i386\powrprof.dll [7] 2008-04-14 00:12 17408 50A166237A0FA771261275A405646CC0 c:\windows\system32\powrprof.dll [7] 2004-08-04 07:56 110080 87CA7CE6469577F059297B9D6556D66D c:\windows\$NtServicePackUninstall$\imm32.dll [7] 2008-04-14 00:11 110080 0DA85218E92526972A821587E6A8BF8F c:\windows\ServicePackFiles\i386\imm32.dll [7] 2008-04-14 00:11 110080 0DA85218E92526972A821587E6A8BF8F c:\windows\system32\imm32.dll [7] 2004-08-04 07:56 1580544 30A609E00BD1D4FFC49D6B5A432BE7F2 c:\windows\$NtServicePackUninstall$\sfcfiles.dll [7] 2008-04-14 00:12 1614848 9DD07AF82244867CA36681EA2D29CE79 c:\windows\ServicePackFiles\i386\sfcfiles.dll [7] 2008-04-14 00:12 1614848 9DD07AF82244867CA36681EA2D29CE79 c:\windows\system32\sfcfiles.dll [7] 2004-08-04 05:58 24576 EBDEE8A2EE5393890A1ACEE971C4C246 c:\windows\$NtServicePackUninstall$\kbdclass.sys [7] 2008-04-13 18:39 24576 463C1EC80CD17420A542B7F36A36F128 c:\windows\ServicePackFiles\i386\kbdclass.sys [7] 2008-04-13 18:39 24576 463C1EC80CD17420A542B7F36A36F128 c:\windows\system32\drivers\kbdclass.sys [-] 2002-09-03 13:00 23424 1E7F78C2FC393356CD884C6FDE7966F9 c:\windows\system32\ReinstallBackups\0009\DriverFiles\i386\kbdclass.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2004-12-07 1884160] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GWMDMpi"="c:\windows\GWMDMpi.exe" [2004-11-20 53248] "CircleVirtualCD"="c:\program files\VirtualCD\HvcdUI.exe" [2003-07-14 61440] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-12-12 196608] "NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2006-10-22 7700480] "InCD"="c:\program files\Ahead\InCD\InCD.exe" [2004-11-26 1349120] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-11-05 282624] "NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2006-10-22 86016] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-06 1947928] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-25 198160] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152] "GWMDMMSG"="GWMDMMSG.exe" - c:\windows\GWMDMMSG.exe [2004-11-20 90112] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2004-10-21 29696] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\System32\ctfmon.exe" [2008-04-14 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "SetDefaultMidi"="MIDIDEF.EXE" - c:\windows\system32\MIDIDEF.EXE [2007-04-09 28672] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-05-06 09:07 11952 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk \0smrgdf c:\program files\iolo\System Mechanic Professional 6 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal.sys] @="" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\WINDOWS\\system32\\usmt\\migwiz.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015 "1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016 "500:UDP"= 500:UDP:@xpsp2res.dll,-22017 R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [3/29/2009 5:44 PM 325896] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [3/29/2009 5:44 PM 108552] R1 HekkoVirtualCD;Hekko Virtual CD Driver;c:\windows\system32\drivers\hvcd.sys [8/18/2005 5:43 PM 13184] R1 magicpvt;magicpvt;c:\windows\system32\drivers\magicpvt.sys [5/14/2008 7:00 PM 9728] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [3/29/2009 5:43 PM 298776] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [6/17/2009 10:37 PM 210216] R3 SNXPCARD;Sunix PCI Multi I/O Card Driver;c:\windows\system32\drivers\snxpcard.sys [11/20/2004 4:20 PM 20864] R3 SNXPPALX;Sunix PCI Parallel Port Driver;c:\windows\system32\drivers\snxppalx.sys [11/20/2004 4:21 PM 75264] S3 lne100v5;Linksys LNE100TX(v5) Fast Ethernet Adapter;c:\windows\system32\drivers\lne100v5.sys [11/20/2004 6:21 PM 36013] S3 PCDRDRV;Pcdr Helper Driver;\??\c:\progra~1\PC-DOC~1\DIAGNO~1\PCDRDRV.sys --> c:\progra~1\PC-DOC~1\DIAGNO~1\PCDRDRV.sys [?] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . - - - - ORPHANS REMOVED - - - - HKLM-Run-19379374 - c:\documents and settings\All Users\Application Data\19379374\19379374.exe HKLM-Run-99389366 - c:\documents and settings\All Users\Application Data\99389366\99389366.exe . ------- Supplementary Scan ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uStart Page = about:blank uInternet Connection Wizard,ShellNext = iexplore DPF: DigiChat Applet - hxxp://chat.onemodelplace.com/DigiChat/DigiClasses/Client_IE.cab DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab DPF: vzTCPConfig - hxxp://www.verizon.net/checkmypc/fios/includes/vzTCPConfig.CAB DPF: {0F04992B-E661-4DB9-B223-903AB628225D} - file://c:\program files\Gateway\Do More\DoMoreRunExe.CAB DPF: {511073AD-BE56-4D43-AE68-93390514385E} - hcp://system/TechTools.CAB DPF: {93CEA8A4-6059-4E0B-ADDD-73848153DD5E} - hxxp://support.gateway.com/eSupport/static/weblaunch/weblaunch.cab FF - ProfilePath - . . ------- File Associations ------- . JSEFile=NOTEPAD.EXE %1 VBEFile=NOTEPAD.EXE %1 VBSFile=NOTEPAD.EXE %1 . *********************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-22 18:20 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(1216) c:\windows\system32\WININET.dll c:\program files\McAfee\SiteAdvisor\saHook.dll c:\program files\Windows Media Player\wmpband.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2009-06-22 18:24 ComboFix-quarantined-files.txt 2009-06-22 22:24 Pre-Run: 52,039,421,952 bytes free Post-Run: 52,007,809,024 bytes free Current=3 Default=3 Failed=2 LastKnownGood=5 Sets=1,2,3,4,5 373 --- E O F --- 2009-06-13 21:15 Regards.

DUTCH8888 View Member Profile	Jun 22 2009, 04:31 PM Post #12
Member Posts: 14 OS: XP SP3	One more thing, Cobmofix reported in a window while it was running the following: drev_*.datThe filename, directory name, or volume Label Syntax is incorrect. Not sure if that has any bearing on this or not but thought I would share it anyway. Regards. --- Dutch.

heir View Member Profile	Jun 22 2009, 10:53 PM Post #13
Trusted Helper Posts: 3,384 From: Sweden OS: Windows XP SP3	Yes all information regarding what happens when tools a run and the results are always important for us to get. Looks as we are getting some where with this then. I need fresh OTL-logs. Please do this. Download OTL to your desktop. Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. When the window appears, underneath Output at the top change it to Minimal Output. Underneath Extra Registry on the lower left side change the setting to Use SafeList. Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long. When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

DUTCH8888 View Member Profile	Jun 23 2009, 10:41 AM Post #15
Member Posts: 14 OS: XP SP3	heir, I have a question, in the last Combofix report I noticed this particular driver info referred again to the Kungsf does that still need to be removed or did Combofix take care of that now? ((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_kungsfxirskdux -------\Legacy_IPRIP -------\Service_Iprip ((((((((((((((((((((((((( Files Created from 2009-05-22 to 2009-06-22 )))))))))))))))))))))))))))) Cheers. --- Dutch.

« Next Oldest · Virus, Spyware and Trojan Removal · Next Newest »

2 Pages

1 2 >

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Topic Title	Replies / Views	Topic Information
Virus, Spyware and Trojan Removal Can't Remove Packed.Rolex Virus with my AVG 8.5	13 / 569	17th June 2009 - 05:29 PM alwaysoncue started - last by kahdah
Virus, Spyware and Trojan Removal Packed.Rolex virus - cannot remove [Closed]	2 / 564	23rd June 2009 - 01:29 PM Mike0813 started - last by Rorschach112
Virus, Spyware and Trojan Removal Packed rolex virus [Solved]	11 / 576	20th June 2009 - 06:18 AM Brainspiller started - last by Rorschach112
Virus, Spyware and Trojan Removal packed.rolex virus [Closed]	2 / 391	23rd June 2009 - 01:29 PM kikidee started - last by Rorschach112