Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

hidden files, rootkit found with avg [Solved]

Started by cuda67 , Sep 09 2009 04:01 PM

  • This topic is locked This topic is locked

#1
cuda67
Posted 09 September 2009 - 04:01 PM

cuda67

    Member

  • Member
  • PipPip
  • 37 posts
avg has found alot of hidden files which it says are rootkits and cannot be healed. i tried the cleaning guide but tfc will run for hours but nothing happens, also avg will run a scan and not stop running, at the moment it's up to 10 hours. please help
  • 0

Advertisements

#2
fenzodahl512
Posted 10 September 2009 - 10:02 AM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello, my name is fenzodahl512 and welcome to the forum.. Please do the following....


Please download The Comedian.exe by Rorschach112 to your desktop
  • Please disable all of your antivirus/firewall before doing this step. Please visit HERE if you don't know how..
  • Double click the program to run it. It will only take around several minutes to run.
  • It will do a series of tasks and tell you when each one is finished.
  • You will be prompted to press any key after each step
  • When it is done it will close and exit itself automatically.
  • You can delete The_Comedian.exe once it is finished
STOP! if you can't complete this step.. Tell me more about it..



NEXT


Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.



NEXT


Please download RSIT by random/random and save it to your Desktop.
  • Double click on RSIT.exe to run RSIT
  • Before you click "Continue", make sure you change the List files/folders created or modified in the last 3 months
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.



NEXT


Please download GMER and unzip it to your Desktop. <<mirror>>
Please rename the random filename or GMER into GAMERS
  • Open the renamed program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.

IMPORTANT: Do NOT run any program while you are doing these scans as it may interfere with the output results



Post me these logs in your next reply.. Post each log in separate post..

1. Malwarebytes'
2. RSIT log.txt
3. RSIT info.txt
4. Attach GAMERS result..
  • 0

#3
cuda67
Posted 10 September 2009 - 04:18 PM

cuda67

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
hi, and thanks in advance for your time.
comedien ran ok but malware bytes only ran for about 4mins then the blue screen appeared, and the computer restarted.
  • 0

#4
fenzodahl512
Posted 10 September 2009 - 10:08 PM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Please save this file to your Desktop. Double-click on it to run a scan. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.
  • 0

#5
cuda67
Posted 11 September 2009 - 02:26 AM

cuda67

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Log file is located at: C:\Users\brian\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\Windows'...



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl

[1] 2009-09-11 08:18:31 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl ()
  • 0

#6
fenzodahl512
Posted 11 September 2009 - 04:50 AM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Ok, can you complete RSIT and GMER steps as shown in Post #2? Then post the logs here :)
  • 0

#7
cuda67
Posted 11 September 2009 - 05:17 PM

cuda67

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
rsit log:
Logfile of random's system information tool 1.06 (written by random/random)
Run by brian at 2009-09-12 00:14:57
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 182 GB (62%) free of 295 GB
Total RAM: 3006 MB (63% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:15:07, on 12/09/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\mobsync.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\TalkTalk\bin\sprtcmd.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\brian\Desktop\RSIT.exe
C:\Program Files\trend micro\brian.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AddTask Class - {24F06550-65E3-4D1C-8CFE-839C296B5530} - C:\Program Files\real\IEeREAD.dll (file missing)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: AddTask Class - {6A19C29D-ED45-4483-8999-9F939C8161F2} - C:\Program Files\real\WebHook.dll (file missing)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Solid State Networks IE Browser Plugin - {BD08A9D5-0E5C-4f42-99A3-C0CB5E860557} - C:\Windows\system32\SolidStateNetworks\SolidStateION\solidax.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [TalkTalk] "C:\Program Files\TalkTalk\bin\sprtcmd.exe" /P TalkTalk
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [kdx] C:\Program Files\KHost.exe -all
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://www.playwhat....lidstateion.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Windows\system32\AERTSrv.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
O23 - Service: Dell AIO Center Service (deMntrService) - Dell - C:\Program Files\Dell\MFP_DELL\deMntrService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\Cheetah Burner\Cheetah DVD Burner\NMSAccess.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor1\pctsAuxs.exe (file missing)
O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor1\pctsSvc.exe (file missing)
O23 - Service: SupportSoft Sprocket Service (TalkTalk) (sprtsvc_TalkTalk) - SupportSoft, Inc. - C:\Program Files\TalkTalk\bin\sprtsvc.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe
O23 - Service: SupportSoft Repair Service (TalkTalk) (tgsrvc_TalkTalk) - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9313 bytes

======Scheduled tasks folder======

C:\Windows\tasks\EasyShare Registration Task.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\Spybot - Search & Destroy - Scheduled Task.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{24F06550-65E3-4D1C-8CFE-839C296B5530}]
AddTask Class - C:\Program Files\real\IEeREAD.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-07-31 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6A19C29D-ED45-4483-8999-9F939C8161F2}]
AddTask Class - C:\Program Files\real\WebHook.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-14 92504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30 403824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll [2009-06-25 669168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BD08A9D5-0E5C-4f42-99A3-C0CB5E860557}]
CSolidBrowserObj Object - C:\Windows\system32\SolidStateNetworks\SolidStateION\solidax.dll [2008-07-08 132400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"VolPanel"=C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe [2006-11-27 180224]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-01-17 4907008]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-05-03 13535776]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-08-13 2007832]
"TalkTalk"=C:\Program Files\TalkTalk\bin\sprtcmd.exe [2007-10-12 202016]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"kdx"=C:\Program Files\KHost.exe -all []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANT Agent]
C:\Garmin\ANT Agent\ANT Agent.exe [2008-09-02 8203352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative MediaSource Go]
C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe [2006-11-09 204800]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
C:\Program Files\Dell Support Center\bin\sprtcmd.exe /P DellSupportCenter []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeStatusMon]
C:\Program Files\Dell\MFP_DELL\deDvcStatus.exe [2007-06-28 286720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy SystemCleaner]
C:\Program Files\Easy SystemCleaner\EasySystemCleaner.exe /auto []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
C:\Dell\E-Center\EULALauncher.exe [2008-01-18 17920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-09-11 218032]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2009-07-13 292128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe /background []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\Windows\system32\NvMcTray.dll [2008-05-03 92704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25 210472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-02-09 39408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Window Washer]
C:\Program Files\Webroot\Washer\wwDisp.exe [2007-11-26 1206600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
C:\PROGRA~1\Kodak\KODAKE~1\bin\EASYSH~1.EXE [2008-10-30 282624]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe

C:\Users\brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 3 months======

2009-09-12 00:02:34 ----SHD---- C:\found.000
2009-09-11 23:37:16 ----D---- C:\Program Files\trend micro
2009-09-11 23:37:15 ----D---- C:\rsit
2009-09-10 23:18:10 ----A---- C:\Windows\system32\rotscxbatpqbbj.dll
2009-09-10 23:02:07 ----D---- C:\Windows\ERDNT
2009-09-10 23:00:31 ----D---- C:\Program Files\ERUNT
2009-09-10 22:57:40 ----D---- C:\Program Files\Microsoft Office Outlook Connector
2009-09-10 22:57:04 ----D---- C:\Program Files\Microsoft Sync Framework
2009-09-10 22:55:41 ----D---- C:\Program Files\Windows Live SkyDrive
2009-09-10 22:55:24 ----D---- C:\Program Files\Windows Live
2009-09-10 19:39:52 ----D---- C:\Program Files\Common Files\AVSMedia
2009-09-10 19:39:49 ----D---- C:\Program Files\AVS4YOU
2009-09-10 19:39:49 ----A---- C:\Windows\system32\msxml3a.dll
2009-09-10 19:31:52 ----D---- C:\Program Files\Xilisoft
2009-09-10 11:43:49 ----A---- C:\Windows\system32\WdfCoInstaller01007.dll
2009-09-09 10:40:14 ----A---- C:\Windows\system32\TCPSVCS.EXE
2009-09-09 10:40:14 ----A---- C:\Windows\system32\NETSTAT.EXE
2009-09-09 10:40:14 ----A---- C:\Windows\system32\netiohlp.dll
2009-09-09 10:40:14 ----A---- C:\Windows\system32\ARP.EXE
2009-09-09 10:40:13 ----A---- C:\Windows\system32\ROUTE.EXE
2009-09-09 10:40:13 ----A---- C:\Windows\system32\netevent.dll
2009-09-09 10:40:13 ----A---- C:\Windows\system32\MRINFO.EXE
2009-09-09 10:40:13 ----A---- C:\Windows\system32\HOSTNAME.EXE
2009-09-09 10:40:13 ----A---- C:\Windows\system32\finger.exe
2009-09-09 10:40:00 ----A---- C:\Windows\system32\wlansec.dll
2009-09-09 10:40:00 ----A---- C:\Windows\system32\wlanmsm.dll
2009-09-09 10:40:00 ----A---- C:\Windows\system32\L2SecHC.dll
2009-09-09 10:40:00 ----A---- C:\Windows\system32\jscript.dll
2009-09-09 10:39:59 ----A---- C:\Windows\system32\wlansvc.dll
2009-09-09 10:39:59 ----A---- C:\Windows\system32\wlanapi.dll
2009-09-09 10:39:57 ----A---- C:\Windows\system32\WMVCORE.DLL
2009-09-09 10:39:57 ----A---- C:\Windows\system32\mf.dll
2009-09-08 00:01:45 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-09-04 19:19:02 ----D---- C:\Program Files\Common Files\PC Tools
2009-09-03 20:02:10 ----A---- C:\Windows\system32\7EE983E52D57964A.exe
2009-09-03 16:44:48 ----A---- C:\Windows\system32\avgrep.txt
2009-09-03 10:30:15 ----A---- C:\Windows\system32\rotscxqiwrpoiv.dll
2009-09-03 10:05:12 ----A---- C:\Windows\system32\rotscxpaixxtof.dll
2009-09-03 10:03:52 ----A---- C:\Windows\system32\rotscxxnmrfdtv.dll
2009-09-03 10:03:52 ----A---- C:\Windows\system32\rotscxwovfilbh.dll
2009-09-02 22:15:51 ----A---- C:\Windows\system32\Apphlpdm.dll
2009-09-02 22:15:47 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2009-08-31 12:18:12 ----A---- C:\Login.txt.txt
2009-08-26 22:29:05 ----A---- C:\Windows\system32\tzres.dll
2009-08-19 07:32:09 ----D---- C:\Windows\system32\eu-ES
2009-08-19 07:32:09 ----D---- C:\Windows\system32\ca-ES
2009-08-19 07:32:07 ----D---- C:\Windows\system32\vi-VN
2009-08-19 05:34:19 ----D---- C:\Windows\system32\EventProviders
2009-08-18 21:26:55 ----A---- C:\Windows\system32\NlsLexicons0007.dll
2009-08-18 21:26:53 ----A---- C:\Windows\system32\SLsvc.exe
2009-08-18 21:26:53 ----A---- C:\Windows\system32\SLCExt.dll
2009-08-18 21:26:51 ----A---- C:\Windows\system32\FunctionDiscoveryFolder.dll
2009-08-18 21:26:51 ----A---- C:\Windows\system32\DevicePairingWizard.exe
2009-08-18 21:26:50 ----A---- C:\Windows\system32\NlsLexicons0009.dll
2009-08-18 21:26:48 ----A---- C:\Windows\system32\mssrch.dll
2009-08-18 21:26:47 ----A---- C:\Windows\system32\tquery.dll
2009-08-18 21:26:46 ----A---- C:\Windows\system32\RMActivate_isv.exe
2009-08-18 21:26:46 ----A---- C:\Windows\system32\PresentationNative_v0300.dll
2009-08-18 21:26:45 ----A---- C:\Windows\system32\scavenge.dll
2009-08-18 21:26:45 ----A---- C:\Windows\system32\RMActivate.exe
2009-08-18 21:26:45 ----A---- C:\Windows\system32\msi.dll
2009-08-18 21:26:44 ----A---- C:\Windows\system32\WscEapPr.dll
2009-08-18 21:26:44 ----A---- C:\Windows\system32\wcnwiz2.dll
2009-08-18 21:26:44 ----A---- C:\Windows\system32\secproc_isv.dll
2009-08-18 21:26:44 ----A---- C:\Windows\system32\imapi2fs.dll
2009-08-18 21:26:43 ----A---- C:\Windows\system32\sysmain.dll
2009-08-18 21:26:43 ----A---- C:\Windows\system32\icardagt.exe
2009-08-18 21:26:42 ----A---- C:\Windows\system32\EhStorShell.dll
2009-08-18 21:26:42 ----A---- C:\Windows\system32\AuxiliaryDisplayCpl.dll
2009-08-18 21:26:41 ----A---- C:\Windows\system32\spwizui.dll
2009-08-18 21:26:41 ----A---- C:\Windows\system32\spreview.exe
2009-08-18 21:26:41 ----A---- C:\Windows\system32\spinstall.exe
2009-08-18 21:26:41 ----A---- C:\Windows\system32\drmv2clt.dll
2009-08-18 21:26:40 ----A---- C:\Windows\system32\secproc.dll
2009-08-18 21:26:40 ----A---- C:\Windows\system32\mcupdate_GenuineIntel.dll
2009-08-18 21:26:39 ----A---- C:\Windows\system32\shell32.dll
2009-08-18 21:26:38 ----A---- C:\Windows\system32\SearchIndexer.exe
2009-08-18 21:26:38 ----A---- C:\Windows\system32\p2psvc.dll
2009-08-18 21:26:38 ----A---- C:\Windows\system32\mssvp.dll
2009-08-18 21:26:38 ----A---- C:\Windows\system32\mscoree.dll
2009-08-18 21:26:37 ----A---- C:\Windows\system32\sdohlp.dll
2009-08-18 21:26:37 ----A---- C:\Windows\system32\ntkrnlpa.exe
2009-08-18 21:26:37 ----A---- C:\Windows\system32\mssphtb.dll
2009-08-18 21:26:37 ----A---- C:\Windows\system32\mssph.dll
2009-08-18 21:26:37 ----A---- C:\Windows\system32\MSMPEG2VDEC.DLL
2009-08-18 21:26:37 ----A---- C:\Windows\system32\imapi2.dll
2009-08-18 21:26:36 ----A---- C:\Windows\system32\IMJP10K.DLL
2009-08-18 21:26:36 ----A---- C:\Windows\system32\esent.dll
2009-08-18 21:26:36 ----A---- C:\Windows\system32\DevicePairing.dll
2009-08-18 21:26:35 ----A---- C:\Windows\system32\sperror.dll
2009-08-18 21:26:35 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2009-08-18 21:26:35 ----A---- C:\Windows\system32\korwbrkr.dll
2009-08-18 21:26:34 ----A---- C:\Windows\system32\wevtsvc.dll
2009-08-18 21:26:34 ----A---- C:\Windows\system32\SLC.dll
2009-08-18 21:26:34 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2009-08-18 21:26:34 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2009-08-18 21:26:34 ----A---- C:\Windows\system32\IasMigReader.exe
2009-08-18 21:26:33 ----A---- C:\Windows\system32\msshsq.dll
2009-08-18 21:26:32 ----A---- C:\Windows\system32\ntoskrnl.exe
2009-08-18 21:26:32 ----A---- C:\Windows\system32\msxml6.dll
2009-08-18 21:26:32 ----A---- C:\Windows\system32\msjet40.dll
2009-08-18 21:26:32 ----A---- C:\Windows\system32\MPSSVC.dll
2009-08-18 21:26:31 ----A---- C:\Windows\system32\Query.dll
2009-08-18 21:26:31 ----A---- C:\Windows\system32\qmgr.dll
2009-08-18 21:26:31 ----A---- C:\Windows\system32\msexch40.dll
2009-08-18 21:26:31 ----A---- C:\Windows\system32\diagperf.dll
2009-08-18 21:26:30 ----A---- C:\Windows\system32\winload.exe
2009-08-18 21:26:30 ----A---- C:\Windows\system32\uDWM.dll
2009-08-18 21:26:30 ----A---- C:\Windows\system32\srchadmin.dll
2009-08-18 21:26:30 ----A---- C:\Windows\system32\P2PGraph.dll
2009-08-18 21:26:30 ----A---- C:\Windows\system32\ole32.dll
2009-08-18 21:26:30 ----A---- C:\Windows\system32\ntdll.dll
2009-08-18 21:26:30 ----A---- C:\Windows\system32\msxml3.dll
2009-08-18 21:26:30 ----A---- C:\Windows\system32\mmc.exe
2009-08-18 21:26:30 ----A---- C:\Windows\system32\mblctr.exe
2009-08-18 21:26:30 ----A---- C:\Windows\system32\EncDec.dll
2009-08-18 21:26:29 ----A---- C:\Windows\system32\riched20.dll
2009-08-18 21:26:29 ----A---- C:\Windows\system32\RacEngn.dll
2009-08-18 21:26:29 ----A---- C:\Windows\system32\IasMigPlugin.dll
2009-08-18 21:26:29 ----A---- C:\Windows\system32\fdBth.dll
2009-08-18 21:26:29 ----A---- C:\Windows\system32\dfsr.exe
2009-08-18 21:26:28 ----A---- C:\Windows\system32\spoolss.dll
2009-08-18 21:26:28 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2009-08-18 21:26:28 ----A---- C:\Windows\system32\SearchFilterHost.exe
2009-08-18 21:26:28 ----A---- C:\Windows\system32\schedsvc.dll
2009-08-18 21:26:28 ----A---- C:\Windows\system32\NaturalLanguage6.dll
2009-08-18 21:26:28 ----A---- C:\Windows\system32\milcore.dll
2009-08-18 21:26:28 ----A---- C:\Windows\system32\kernel32.dll
2009-08-18 21:26:28 ----A---- C:\Windows\system32\EhStorAPI.dll
2009-08-18 21:26:28 ----A---- C:\Windows\system32\CertEnroll.dll
2009-08-18 21:26:27 ----A---- C:\Windows\system32\WinSAT.exe
2009-08-18 21:26:27 ----A---- C:\Windows\system32\msvcp60.dll
2009-08-18 21:26:27 ----A---- C:\Windows\system32\msjtes40.dll
2009-08-18 21:26:27 ----A---- C:\Windows\system32\infocardapi.dll
2009-08-18 21:26:27 ----A---- C:\Windows\system32\gpedit.dll
2009-08-18 21:26:27 ----A---- C:\Windows\system32\AuxiliaryDisplayDriverLib.dll
2009-08-18 21:26:26 ----A---- C:\Windows\system32\PresentationSettings.exe
2009-08-18 21:26:26 ----A---- C:\Windows\system32\mstext40.dll
2009-08-18 21:26:26 ----A---- C:\Windows\system32\Magnify.exe
2009-08-18 21:26:26 ----A---- C:\Windows\system32\es.dll
2009-08-18 21:26:26 ----A---- C:\Windows\system32\AuxiliaryDisplayServices.dll
2009-08-18 21:26:26 ----A---- C:\Windows\system32\advapi32.dll
2009-08-18 21:26:25 ----A---- C:\Windows\system32\WMPhoto.dll
2009-08-18 21:26:25 ----A---- C:\Windows\system32\WindowsAnytimeUpgradeCPL.dll
2009-08-18 21:26:25 ----A---- C:\Windows\system32\WebClnt.dll
2009-08-18 21:26:25 ----A---- C:\Windows\system32\vssapi.dll
2009-08-18 21:26:25 ----A---- C:\Windows\system32\slwmi.dll
2009-08-18 21:26:25 ----A---- C:\Windows\system32\msxbde40.dll
2009-08-18 21:26:25 ----A---- C:\Windows\system32\msexcl40.dll
2009-08-18 21:26:25 ----A---- C:\Windows\system32\comsvcs.dll
2009-08-18 21:26:24 ----A---- C:\Windows\system32\propsys.dll
2009-08-18 21:26:24 ----A---- C:\Windows\system32\PresentationHost.exe
2009-08-18 21:26:24 ----A---- C:\Windows\system32\newdev.dll
2009-08-18 21:26:24 ----A---- C:\Windows\system32\NetProjW.dll
2009-08-18 21:26:24 ----A---- C:\Windows\system32\msrepl40.dll
2009-08-18 21:26:24 ----A---- C:\Windows\system32\authui.dll
2009-08-18 21:26:23 ----A---- C:\Windows\system32\setupapi.dll
2009-08-18 21:26:23 ----A---- C:\Windows\system32\rpcss.dll
2009-08-18 21:26:23 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-08-18 21:26:23 ----A---- C:\Windows\system32\mspbde40.dll
2009-08-18 21:26:23 ----A---- C:\Windows\system32\iasrecst.dll
2009-08-18 21:26:23 ----A---- C:\Windows\system32\gpsvc.dll
2009-08-18 21:26:23 ----A---- C:\Windows\system32\eudcedit.exe
2009-08-18 21:26:23 ----A---- C:\Windows\system32\d3d9.dll
2009-08-18 21:26:23 ----A---- C:\Windows\system32\crypt32.dll
2009-08-18 21:26:23 ----A---- C:\Windows\explorer.exe
2009-08-18 21:26:22 ----A---- C:\Windows\system32\shlwapi.dll
2009-08-18 21:26:22 ----A---- C:\Windows\system32\msrd3x40.dll
2009-08-18 21:26:22 ----A---- C:\Windows\system32\msltus40.dll
2009-08-18 21:26:22 ----A---- C:\Windows\system32\msdtctm.dll
2009-08-18 21:26:22 ----A---- C:\Windows\system32\mfc42.dll
2009-08-18 21:26:22 ----A---- C:\Windows\system32\EhStorPwdMgr.dll
2009-08-18 21:26:22 ----A---- C:\Windows\system32\EhStorAuthn.dll
2009-08-18 21:26:22 ----A---- C:\Windows\system32\davclnt.dll
2009-08-18 21:26:21 ----A---- C:\Windows\system32\wevtapi.dll
2009-08-18 21:26:21 ----A---- C:\Windows\system32\user32.dll
2009-08-18 21:26:21 ----A---- C:\Windows\system32\samsrv.dll
2009-08-18 21:26:21 ----A---- C:\Windows\system32\photowiz.dll
2009-08-18 21:26:21 ----A---- C:\Windows\system32\nlhtml.dll
2009-08-18 21:26:21 ----A---- C:\Windows\system32\browseui.dll
2009-08-18 21:26:20 ----A---- C:\Windows\system32\win32spl.dll
2009-08-18 21:26:20 ----A---- C:\Windows\system32\WcnNetsh.dll
2009-08-18 21:26:20 ----A---- C:\Windows\system32\SLCommDlg.dll
2009-08-18 21:26:20 ----A---- C:\Windows\system32\quartz.dll
2009-08-18 21:26:20 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2009-08-18 21:26:20 ----A---- C:\Windows\system32\oleaut32.dll
2009-08-18 21:26:20 ----A---- C:\Windows\system32\IKEEXT.DLL
2009-08-18 21:26:20 ----A---- C:\Windows\system32\ci.dll
2009-08-18 21:26:19 ----A---- C:\Windows\system32\netshell.dll
2009-08-18 21:26:19 ----A---- C:\Windows\system32\compcln.exe
2009-08-18 21:26:18 ----A---- C:\Windows\system32\winhttp.dll
2009-08-18 21:26:18 ----A---- C:\Windows\system32\mswstr10.dll
2009-08-18 21:26:18 ----A---- C:\Windows\system32\apds.dll
2009-08-18 21:26:17 ----A---- C:\Windows\system32\xmlfilter.dll
2009-08-18 21:26:17 ----A---- C:\Windows\system32\VSSVC.exe
2009-08-18 21:26:17 ----A---- C:\Windows\system32\QAGENTRT.DLL
2009-08-18 21:26:17 ----A---- C:\Windows\system32\msvcrt.dll
2009-08-18 21:26:17 ----A---- C:\Windows\system32\msctf.dll
2009-08-18 21:26:17 ----A---- C:\Windows\system32\gdi32.dll
2009-08-18 21:26:17 ----A---- C:\Windows\system32\emdmgmt.dll
2009-08-18 21:26:17 ----A---- C:\Windows\system32\audiosrv.dll
2009-08-18 21:26:16 ----A---- C:\Windows\system32\sqlsrv32.dll
2009-08-18 21:26:16 ----A---- C:\Windows\system32\SLUI.exe
2009-08-18 21:26:16 ----A---- C:\Windows\system32\msrd2x40.dll
2009-08-18 21:26:16 ----A---- C:\Windows\system32\mfc42u.dll
2009-08-18 21:26:16 ----A---- C:\Windows\system32\iphlpsvc.dll
2009-08-18 21:26:16 ----A---- C:\Windows\system32\eapphost.dll
2009-08-18 21:26:15 ----A---- C:\Windows\system32\winresume.exe
2009-08-18 21:26:15 ----A---- C:\Windows\system32\shdocvw.dll
2009-08-18 21:26:15 ----A---- C:\Windows\system32\propdefs.dll
2009-08-18 21:26:15 ----A---- C:\Windows\system32\odbc32.dll
2009-08-18 21:26:14 ----A---- C:\Windows\system32\WsmSvc.dll
2009-08-18 21:26:14 ----A---- C:\Windows\system32\wevtutil.exe
2009-08-18 21:26:14 ----A---- C:\Windows\system32\mssitlb.dll
2009-08-18 21:26:14 ----A---- C:\Windows\system32\dbgeng.dll
2009-08-18 21:26:13 ----A---- C:\Windows\system32\vds.exe
2009-08-18 21:26:13 ----A---- C:\Windows\system32\usp10.dll
2009-08-18 21:26:13 ----A---- C:\Windows\system32\swprv.dll
2009-08-18 21:26:13 ----A---- C:\Windows\system32\msctfp.dll
2009-08-18 21:26:13 ----A---- C:\Windows\system32\mmcndmgr.dll
2009-08-18 21:26:13 ----A---- C:\Windows\system32\fdBthProxy.dll
2009-08-18 21:26:13 ----A---- C:\Windows\system32\drvinst.exe
2009-08-18 21:26:13 ----A---- C:\Windows\system32\devmgr.dll
2009-08-18 21:26:12 ----A---- C:\Windows\system32\Wldap32.dll
2009-08-18 21:26:12 ----A---- C:\Windows\system32\wcnwiz.dll
2009-08-18 21:26:12 ----A---- C:\Windows\system32\netlogon.dll
2009-08-18 21:26:12 ----A---- C:\Windows\system32\msscb.dll
2009-08-18 21:26:12 ----A---- C:\Windows\system32\evr.dll
2009-08-18 21:26:12 ----A---- C:\Windows\system32\DevicePairingProxy.dll
2009-08-18 21:26:12 ----A---- C:\Windows\system32\BFE.DLL
2009-08-18 21:26:12 ----A---- C:\Windows\system32\adsldpc.dll
2009-08-18 21:26:11 ----A---- C:\Windows\system32\WSDApi.dll
2009-08-18 21:26:11 ----A---- C:\Windows\system32\WMVSDECD.DLL
2009-08-18 21:26:11 ----A---- C:\Windows\system32\WindowsCodecs.dll
2009-08-18 21:26:11 ----A---- C:\Windows\system32\wercon.exe
2009-08-18 21:26:11 ----A---- C:\Windows\system32\services.exe
2009-08-18 21:26:11 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2009-08-18 21:26:11 ----A---- C:\Windows\system32\comdlg32.dll
2009-08-18 21:26:11 ----A---- C:\Windows\system32\adtschema.dll
2009-08-18 21:26:10 ----A---- C:\Windows\system32\wcncsvc.dll
2009-08-18 21:26:10 ----A---- C:\Windows\system32\umpnpmgr.dll
2009-08-18 21:26:10 ----A---- C:\Windows\system32\taskeng.exe
2009-08-18 21:26:10 ----A---- C:\Windows\system32\rtffilt.dll
2009-08-18 21:26:10 ----A---- C:\Windows\system32\reg.exe
2009-08-18 21:26:10 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2009-08-18 21:26:10 ----A---- C:\Windows\system32\mswdat10.dll
2009-08-18 21:26:10 ----A---- C:\Windows\system32\msjter40.dll
2009-08-18 21:26:10 ----A---- C:\Windows\system32\msdtcprx.dll
2009-08-18 21:26:10 ----A---- C:\Windows\system32\msdrm.dll
2009-08-18 21:26:10 ----A---- C:\Windows\system32\mimefilt.dll
2009-08-18 21:26:10 ----A---- C:\Windows\system32\ipsmsnap.dll
2009-08-18 21:26:10 ----A---- C:\Windows\system32\dnsapi.dll
2009-08-18 21:26:10 ----A---- C:\Windows\system32\certutil.exe
2009-08-18 21:26:10 ----A---- C:\Windows\system32\certcli.dll
2009-08-18 21:26:09 ----A---- C:\Windows\system32\WMNetMgr.dll
2009-08-18 21:26:09 ----A---- C:\Windows\system32\w32time.dll
2009-08-18 21:26:09 ----A---- C:\Windows\system32\rsaenh.dll
2009-08-18 21:26:09 ----A---- C:\Windows\system32\msshooks.dll
2009-08-18 21:26:09 ----A---- C:\Windows\system32\msscntrs.dll
2009-08-18 21:26:09 ----A---- C:\Windows\system32\msihnd.dll
2009-08-18 21:26:09 ----A---- C:\Windows\system32\MMDevAPI.dll
2009-08-18 21:26:09 ----A---- C:\Windows\system32\IPSECSVC.DLL
2009-08-18 21:26:09 ----A---- C:\Windows\system32\bthserv.dll
2009-08-18 21:26:09 ----A---- C:\Windows\system32\bcrypt.dll
2009-08-18 21:26:08 ----A---- C:\Windows\system32\wmicmiplugin.dll
2009-08-18 21:26:08 ----A---- C:\Windows\system32\TsWpfWrp.exe
2009-08-18 21:26:08 ----A---- C:\Windows\system32\netapi32.dll
2009-08-18 21:26:08 ----A---- C:\Windows\system32\mtxclu.dll
2009-08-18 21:26:08 ----A---- C:\Windows\system32\msstrc.dll
2009-08-18 21:26:08 ----A---- C:\Windows\system32\mscories.dll
2009-08-18 21:26:08 ----A---- C:\Windows\system32\inetpp.dll
2009-08-18 21:26:08 ----A---- C:\Windows\system32\inetcomm.dll
2009-08-18 21:26:08 ----A---- C:\Windows\system32\hidserv.dll
2009-08-18 21:26:08 ----A---- C:\Windows\system32\fundisc.dll
2009-08-18 21:26:08 ----A---- C:\Windows\system32\dhcpcsvc6.dll
2009-08-18 21:26:08 ----A---- C:\Windows\system32\dfshim.dll
2009-08-18 21:26:08 ----A---- C:\Windows\system32\cryptsvc.dll
2009-08-18 21:26:07 ----A---- C:\Windows\system32\termsrv.dll
2009-08-18 21:26:07 ----A---- C:\Windows\system32\profsvc.dll
2009-08-18 21:26:07 ----A---- C:\Windows\system32\gameux.dll
2009-08-18 21:26:06 ----A---- C:\Windows\system32\wdc.dll
2009-08-18 21:26:06 ----A---- C:\Windows\system32\shsvcs.dll
2009-08-18 21:26:06 ----A---- C:\Windows\system32\rasmans.dll
2009-08-18 21:26:06 ----A---- C:\Windows\system32\msiexec.exe
2009-08-18 21:26:06 ----A---- C:\Windows\system32\imapi.dll
2009-08-18 21:26:06 ----A---- C:\Windows\system32\iassdo.dll
2009-08-18 21:26:06 ----A---- C:\Windows\system32\chsbrkr.dll
2009-08-18 21:26:05 ----A---- C:\Windows\system32\spoolsv.exe
2009-08-18 21:26:05 ----A---- C:\Windows\system32\scrrun.dll
2009-08-18 21:26:05 ----A---- C:\Windows\system32\pnidui.dll
2009-08-18 21:26:05 ----A---- C:\Windows\system32\icardres.dll
2009-08-18 21:26:05 ----A---- C:\Windows\system32\autofmt.exe
2009-08-18 21:26:04 ----A---- C:\Windows\system32\wersvc.dll
2009-08-18 21:26:04 ----A---- C:\Windows\system32\slmgr.vbs
2009-08-18 21:26:04 ----A---- C:\Windows\system32\PSHED.DLL
2009-08-18 21:26:04 ----A---- C:\Windows\system32\pdh.dll
2009-08-18 21:26:03 ----A---- C:\Windows\system32\dhcpcsvc.dll
2009-08-18 21:26:03 ----A---- C:\Windows\system32\CertEnrollUI.dll
2009-08-18 21:26:03 ----A---- C:\Windows\system32\azroles.dll
2009-08-18 21:26:02 ----A---- C:\Windows\system32\pidgenx.dll
2009-08-18 21:26:01 ----A---- C:\Windows\system32\wmpmde.dll
2009-08-18 21:26:00 ----A---- C:\Windows\system32\winlogon.exe
2009-08-18 21:26:00 ----A---- C:\Windows\system32\SyncCenter.dll
2009-08-18 21:25:59 ----A---- C:\Windows\system32\SLUINotify.dll
2009-08-18 21:25:59 ----A---- C:\Windows\system32\sethc.exe
2009-08-18 21:25:59 ----A---- C:\Windows\system32\ncrypt.dll
2009-08-18 21:25:59 ----A---- C:\Windows\system32\msjetoledb40.dll
2009-08-18 21:25:59 ----A---- C:\Windows\system32\kd1394.dll
2009-08-18 21:25:59 ----A---- C:\Windows\system32\comuid.dll
2009-08-18 21:25:59 ----A---- C:\Windows\system32\certmgr.dll
2009-08-18 21:25:58 ----A---- C:\Windows\system32\wisptis.exe
2009-08-18 21:25:58 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2009-08-18 21:25:58 ----A---- C:\Windows\system32\untfs.dll
2009-08-18 21:25:58 ----A---- C:\Windows\system32\taskcomp.dll
2009-08-18 21:25:58 ----A---- C:\Windows\system32\spp.dll
2009-08-18 21:25:58 ----A---- C:\Windows\system32\scrobj.dll
2009-08-18 21:25:58 ----A---- C:\Windows\system32\rtutils.dll
2009-08-18 21:25:58 ----A---- C:\Windows\system32\iassam.dll
2009-08-18 21:25:58 ----A---- C:\Windows\system32\dwm.exe
2009-08-18 21:25:58 ----A---- C:\Windows\system32\autochk.exe
2009-08-18 21:25:57 ----A---- C:\Windows\system32\winsrv.dll
2009-08-18 21:25:57 ----A---- C:\Windows\system32\printui.dll
2009-08-18 21:25:57 ----A---- C:\Windows\system32\iasnap.dll
2009-08-18 21:25:57 ----A---- C:\Windows\system32\autoconv.exe
2009-08-18 21:25:56 ----A---- C:\Windows\system32\wow32.dll
2009-08-18 21:25:56 ----A---- C:\Windows\system32\userenv.dll
2009-08-18 21:25:56 ----A---- C:\Windows\system32\osk.exe
2009-08-18 21:25:56 ----A---- C:\Windows\system32\onex.dll
2009-08-18 21:25:56 ----A---- C:\Windows\system32\mswsock.dll
2009-08-18 21:25:56 ----A---- C:\Windows\system32\kdcom.dll
2009-08-18 21:25:56 ----A---- C:\Windows\system32\cscript.exe
2009-08-18 21:25:56 ----A---- C:\Windows\system32\basecsp.dll
2009-08-18 21:25:56 ----A---- C:\Windows\system32\audiodg.exe
2009-08-18 21:25:55 ----A---- C:\Windows\system32\WinSCard.dll
2009-08-18 21:25:55 ----A---- C:\Windows\system32\winmm.dll
2009-08-18 21:25:55 ----A---- C:\Windows\system32\WerFaultSecure.exe
2009-08-18 21:25:55 ----A---- C:\Windows\system32\spcmsg.dll
2009-08-18 21:25:55 ----A---- C:\Windows\system32\RelMon.dll
2009-08-18 21:25:55 ----A---- C:\Windows\system32\rdpencom.dll
2009-08-18 21:25:55 ----A---- C:\Windows\system32\offfilt.dll
2009-08-18 21:25:55 ----A---- C:\Windows\system32\msftedit.dll
2009-08-18 21:25:55 ----A---- C:\Windows\system32\kdusb.dll
2009-08-18 21:25:55 ----A---- C:\Windows\system32\dnsrslvr.dll
2009-08-18 21:25:54 ----A---- C:\Windows\system32\wsepno.dll
2009-08-18 21:25:54 ----A---- C:\Windows\system32\WerFault.exe
2009-08-18 21:25:54 ----A---- C:\Windows\system32\Utilman.exe
2009-08-18 21:25:54 ----A---- C:\Windows\system32\stobject.dll
2009-08-18 21:25:54 ----A---- C:\Windows\system32\SndVol.exe
2009-08-18 21:25:54 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2009-08-18 21:25:54 ----A---- C:\Windows\system32\secproc_ssp.dll
2009-08-18 21:25:54 ----A---- C:\Windows\system32\prnntfy.dll
2009-08-18 21:25:54 ----A---- C:\Windows\system32\msnetobj.dll
2009-08-18 21:25:54 ----A---- C:\Windows\system32\mscms.dll
2009-08-18 21:25:54 ----A---- C:\Windows\system32\mfplat.dll
2009-08-18 21:25:54 ----A---- C:\Windows\system32\mcmde.dll
2009-08-18 21:25:54 ----A---- C:\Windows\system32\diskraid.exe
2009-08-18 21:25:54 ----A---- C:\Windows\system32\apphelp.dll
2009-08-18 21:25:54 ----A---- C:\Windows\system32\adsmsext.dll
2009-08-18 21:25:53 ----A---- C:\Windows\system32\wscript.exe
2009-08-18 21:25:53 ----A---- C:\Windows\system32\wscntfy.dll
2009-08-18 21:25:53 ----A---- C:\Windows\system32\wiaservc.dll
2009-08-18 21:25:53 ----A---- C:\Windows\system32\ulib.dll
2009-08-18 21:25:53 ----A---- C:\Windows\system32\sysclass.dll
2009-08-18 21:25:53 ----A---- C:\Windows\system32\rastapi.dll
2009-08-18 21:25:53 ----A---- C:\Windows\system32\pnpsetup.dll
2009-08-18 21:25:53 ----A---- C:\Windows\system32\odbccp32.dll
2009-08-18 21:25:53 ----A---- C:\Windows\system32\ipsecsnp.dll
2009-08-18 21:25:53 ----A---- C:\Windows\system32\IPHLPAPI.DLL
2009-08-18 21:25:53 ----A---- C:\Windows\system32\iasdatastore.dll
2009-08-18 21:25:53 ----A---- C:\Windows\system32\fdProxy.dll
2009-08-18 21:25:53 ----A---- C:\Windows\system32\dsound.dll
2009-08-18 21:25:53 ----A---- C:\Windows\system32\cryptui.dll
2009-08-18 21:25:52 ----A---- C:\Windows\system32\wscsvc.dll
2009-08-18 21:25:52 ----A---- C:\Windows\system32\WMVENCOD.DLL
2009-08-18 21:25:52 ----A---- C:\Windows\system32\wlangpui.dll
2009-08-18 21:25:52 ----A---- C:\Windows\system32\vdsdyn.dll
2009-08-18 21:25:52 ----A---- C:\Windows\system32\regsvc.dll
2009-08-18 21:25:52 ----A---- C:\Windows\system32\rastls.dll
2009-08-18 21:25:52 ----A---- C:\Windows\system32\rasapi32.dll
2009-08-18 21:25:52 ----A---- C:\Windows\system32\ntprint.dll
2009-08-18 21:25:52 ----A---- C:\Windows\system32\logman.exe
2009-08-18 21:25:52 ----A---- C:\Windows\system32\iashlpr.dll
2009-08-18 21:25:52 ----A---- C:\Windows\system32\gpapi.dll
2009-08-18 21:25:52 ----A---- C:\Windows\system32\diskpart.exe
2009-08-18 21:25:52 ----A---- C:\Windows\system32\brcpl.dll
2009-08-18 21:25:51 ----A---- C:\Windows\system32\zipfldr.dll
2009-08-18 21:25:51 ----A---- C:\Windows\system32\wusa.exe
2009-08-18 21:25:51 ----A---- C:\Windows\system32\wshext.dll
2009-08-18 21:25:51 ----A---- C:\Windows\system32\wpccpl.dll
2009-08-18 21:25:51 ----A---- C:\Windows\system32\netcenter.dll
2009-08-18 21:25:51 ----A---- C:\Windows\system32\mscorier.dll
2009-08-18 21:25:51 ----A---- C:\Windows\system32\iasrad.dll
2009-08-18 21:25:51 ----A---- C:\Windows\system32\findstr.exe
2009-08-18 21:25:50 ----A---- C:\Windows\system32\wsnmp32.dll
2009-08-18 21:25:50 ----A---- C:\Windows\system32\wer.dll
2009-08-18 21:25:50 ----A---- C:\Windows\system32\themecpl.dll
2009-08-18 21:25:50 ----A---- C:\Windows\system32\rasdlg.dll
2009-08-18 21:25:50 ----A---- C:\Windows\system32\iassvcs.dll
2009-08-18 21:25:48 ----A---- C:\Windows\system32\uxsms.dll
2009-08-18 21:25:48 ----A---- C:\Windows\system32\tsbyuv.dll
2009-08-18 21:25:48 ----A---- C:\Windows\system32\srvsvc.dll
2009-08-18 21:25:48 ----A---- C:\Windows\system32\scansetting.dll
2009-08-18 21:25:48 ----A---- C:\Windows\system32\ntmarta.dll
2009-08-18 21:25:48 ----A---- C:\Windows\system32\mssprxy.dll
2009-08-18 21:25:47 ----A---- C:\Windows\system32\slcc.dll
2009-08-18 21:25:47 ----A---- C:\Windows\system32\powrprof.dll
2009-08-18 21:25:47 ----A---- C:\Windows\system32\powercpl.dll
2009-08-18 21:25:47 ----A---- C:\Windows\system32\PerfCenterCPL.dll
2009-08-18 21:25:47 ----A---- C:\Windows\system32\networkmap.dll
2009-08-18 21:25:47 ----A---- C:\Windows\system32\msutb.dll
2009-08-18 21:25:47 ----A---- C:\Windows\system32\mstsc.exe
2009-08-18 21:25:47 ----A---- C:\Windows\system32\mstlsapi.dll
2009-08-18 21:25:47 ----A---- C:\Windows\system32\iasads.dll
2009-08-18 21:25:47 ----A---- C:\Windows\system32\iasacct.dll
2009-08-18 21:25:46 ----A---- C:\Windows\system32\wlanhlp.dll
2009-08-18 21:25:46 ----A---- C:\Windows\system32\themeui.dll
2009-08-18 21:25:46 ----A---- C:\Windows\system32\systemcpl.dll
2009-08-18 21:25:46 ----A---- C:\Windows\system32\sud.dll
2009-08-18 21:25:46 ----A---- C:\Windows\system32\pcaui.dll
2009-08-18 21:25:46 ----A---- C:\Windows\system32\newdev.exe
2009-08-18 21:25:46 ----A---- C:\Windows\system32\dot3svc.dll
2009-08-18 21:25:46 ----A---- C:\Windows\system32\connect.dll
2009-08-18 21:25:46 ----A---- C:\Windows\system32\authz.dll
2009-08-18 21:25:45 ----A---- C:\Windows\system32\wlanpref.dll
2009-08-18 21:25:45 ----A---- C:\Windows\system32\usercpl.dll
2009-08-18 21:25:45 ----A---- C:\Windows\system32\samlib.dll
2009-08-18 21:25:45 ----A---- C:\Windows\system32\rpchttp.dll
2009-08-18 21:25:45 ----A---- C:\Windows\system32\qdvd.dll
2009-08-18 21:25:45 ----A---- C:\Windows\system32\mmci.dll
2009-08-18 21:25:45 ----A---- C:\Windows\system32\autoplay.dll
2009-08-18 21:25:45 ----A---- C:\Windows\system32\accessibilitycpl.dll
2009-08-18 21:25:44 ----A---- C:\Windows\system32\wpcao.dll
2009-08-18 21:25:44 ----A---- C:\Windows\system32\vdsutil.dll
2009-08-18 21:25:44 ----A---- C:\Windows\system32\tapisrv.dll
2009-08-18 21:25:44 ----A---- C:\Windows\system32\scksp.dll
2009-08-18 21:25:44 ----A---- C:\Windows\system32\scesrv.dll
2009-08-18 21:25:44 ----A---- C:\Windows\system32\regapi.dll
2009-08-18 21:25:44 ----A---- C:\Windows\system32\psisdecd.dll
2009-08-18 21:25:44 ----A---- C:\Windows\system32\oleprn.dll
2009-08-18 21:25:44 ----A---- C:\Windows\system32\msinfo32.exe
2009-08-18 21:25:44 ----A---- C:\Windows\system32\mpr.dll
2009-08-18 21:25:44 ----A---- C:\Windows\system32\imm32.dll
2009-08-18 21:25:44 ----A---- C:\Windows\system32\feclient.dll
2009-08-18 21:25:44 ----A---- C:\Windows\system32\AudioSes.dll
2009-08-18 21:25:43 ----A---- C:\Windows\system32\wscisvif.dll
2009-08-18 21:25:43 ----A---- C:\Windows\system32\sdclt.exe
2009-08-18 21:25:43 ----A---- C:\Windows\system32\scecli.dll
2009-08-18 21:25:43 ----A---- C:\Windows\system32\rekeywiz.exe
2009-08-18 21:25:43 ----A---- C:\Windows\system32\rasgcw.dll
2009-08-18 21:25:43 ----A---- C:\Windows\system32\qedit.dll
2009-08-18 21:25:43 ----A---- C:\Windows\system32\pnpui.dll
2009-08-18 21:25:43 ----A---- C:\Windows\system32\perfdisk.dll
2009-08-18 21:25:43 ----A---- C:\Windows\system32\ncryptui.dll
2009-08-18 21:25:43 ----A---- C:\Windows\system32\iaspolcy.dll
2009-08-18 21:25:43 ----A---- C:\Windows\system32\hdwwiz.exe
2009-08-18 21:25:43 ----A---- C:\Windows\system32\Faultrep.dll
2009-08-18 21:25:43 ----A---- C:\Windows\system32\dpapimig.exe
2009-08-18 21:25:43 ----A---- C:\Windows\system32\dot3msm.dll
2009-08-18 21:25:43 ----A---- C:\Windows\system32\DeviceEject.exe
2009-08-18 21:25:43 ----A---- C:\Windows\system32\certreq.exe
2009-08-18 21:25:42 ----A---- C:\Windows\system32\whealogr.dll
2009-08-18 21:25:42 ----A---- C:\Windows\system32\TSTheme.exe
2009-08-18 21:25:42 ----A---- C:\Windows\system32\tcpmon.dll
2009-08-18 21:25:42 ----A---- C:\Windows\system32\tcpipcfg.dll
2009-08-18 21:25:42 ----A---- C:\Windows\system32\srcore.dll
2009-08-18 21:25:42 ----A---- C:\Windows\system32\spwinsat.dll
2009-08-18 21:25:42 ----A---- C:\Windows\system32\SmartcardCredentialProvider.dll
2009-08-18 21:25:42 ----A---- C:\Windows\system32\rasplap.dll
2009-08-18 21:25:42 ----A---- C:\Windows\system32\PnPUnattend.exe
2009-08-18 21:25:42 ----A---- C:\Windows\system32\FWPUCLNT.DLL
2009-08-18 21:25:42 ----A---- C:\Windows\system32\fdWSD.dll
2009-08-18 21:25:42 ----A---- C:\Windows\system32\cmmon32.exe
2009-08-18 21:25:41 ----A---- C:\Windows\system32\WMVXENCD.DLL
2009-08-18 21:25:41 ----A---- C:\Windows\system32\wlanui.dll
2009-08-18 21:25:41 ----A---- C:\Windows\system32\wiaaut.dll
2009-08-18 21:25:41 ----A---- C:\Windows\system32\SnippingTool.exe
2009-08-18 21:25:41 ----A---- C:\Windows\system32\SCardSvr.dll
2009-08-18 21:25:41 ----A---- C:\Windows\system32\raschap.dll
2009-08-18 21:25:41 ----A---- C:\Windows\system32\MSVidCtl.dll
2009-08-18 21:25:41 ----A---- C:\Windows\system32\fontext.dll
2009-08-18 21:25:41 ----A---- C:\Windows\system32\conime.exe
2009-08-18 21:25:41 ----A---- C:\Windows\system32\cmdial32.dll
2009-08-18 21:25:40 ----A---- C:\Windows\system32\shwebsvc.dll
2009-08-18 21:25:40 ----A---- C:\Windows\system32\shsetup.dll
2009-08-18 21:25:40 ----A---- C:\Windows\system32\rasppp.dll
2009-08-18 21:25:40 ----A---- C:\Windows\system32\rasmontr.dll
2009-08-18 21:25:40 ----A---- C:\Windows\system32\PnPutil.exe
2009-08-18 21:25:40 ----A---- C:\Windows\system32\oobefldr.dll
2009-08-18 21:25:40 ----A---- C:\Windows\system32\modemui.dll
2009-08-18 21:25:40 ----A---- C:\Windows\system32\dsprop.dll
2009-08-18 21:25:40 ----A---- C:\Windows\system32\dimsroam.dll
2009-08-18 21:25:39 ----A---- C:\Windows\system32\wmdrmsdk.dll
2009-08-18 21:25:39 ----A---- C:\Windows\system32\wlgpclnt.dll
2009-08-18 21:25:39 ----A---- C:\Windows\system32\rdpwsx.dll
2009-08-18 21:25:39 ----A---- C:\Windows\system32\mscandui.dll
2009-08-18 21:25:39 ----A---- C:\Windows\system32\dataclen.dll
2009-08-18 21:25:39 ----A---- C:\Windows\system32\chtbrkr.dll
2009-08-18 21:25:39 ----A---- C:\Windows\system32\blackbox.dll
2009-08-18 21:25:38 ----A---- C:\Windows\system32\WSDMon.dll
2009-08-18 21:25:38 ----A---- C:\Windows\system32\wmpeffects.dll
2009-08-18 21:25:38 ----A---- C:\Windows\system32\smss.exe
2009-08-18 21:25:38 ----A---- C:\Windows\system32\netplwiz.dll
2009-08-18 21:25:38 ----A---- C:\Windows\system32\credui.dll
2009-08-18 21:25:38 ----A---- C:\Windows\system32\certprop.dll
2009-08-18 21:25:37 ----A---- C:\Windows\system32\wscapi.dll
2009-08-18 21:25:37 ----A---- C:\Windows\system32\wpcsvc.dll
2009-08-18 21:25:37 ----A---- C:\Windows\system32\thawbrkr.dll
2009-08-18 21:25:37 ----A---- C:\Windows\system32\networkexplorer.dll
2009-08-18 21:25:37 ----A---- C:\Windows\system32\msscp.dll
2009-08-18 21:25:37 ----A---- C:\Windows\system32\msimtf.dll
2009-08-18 21:25:37 ----A---- C:\Windows\system32\logagent.exe
2009-08-18 21:25:37 ----A---- C:\Windows\system32\InkEd.dll
2009-08-18 21:25:37 ----A---- C:\Windows\system32\ifmon.dll
2009-08-18 21:25:37 ----A---- C:\Windows\system32\gpresult.exe
2009-08-18 21:25:37 ----A---- C:\Windows\system32\cipher.exe
2009-08-18 21:25:36 ----A---- C:\Windows\system32\sendmail.dll
2009-08-18 21:25:35 ----A---- C:\Windows\system32\softkbd.dll
2009-08-18 21:25:35 ----A---- C:\Windows\system32\olepro32.dll
2009-08-18 21:25:35 ----A---- C:\Windows\system32\msctfui.dll
2009-08-18 21:25:35 ----A---- C:\Windows\system32\MediaMetadataHandler.dll
2009-08-18 21:25:35 ----A---- C:\Windows\system32\drmmgrtn.dll
2009-08-18 21:25:35 ----A---- C:\Windows\system32\dmsynth.dll
2009-08-18 21:25:34 ----A---- C:\Windows\system32\wshbth.dll
2009-08-18 21:25:34 ----A---- C:\Windows\system32\version.dll
2009-08-18 21:25:34 ----A---- C:\Windows\system32\SLLUA.exe
2009-08-18 21:25:34 ----A---- C:\Windows\system32\puiapi.dll
2009-08-18 21:25:34 ----A---- C:\Windows\system32\msisip.dll
2009-08-18 21:25:34 ----A---- C:\Windows\system32\mprapi.dll
2009-08-18 21:25:34 ----A---- C:\Windows\system32\input.dll
2009-08-18 21:25:34 ----A---- C:\Windows\system32\ExplorerFrame.dll
2009-08-18 21:25:34 ----A---- C:\Windows\system32\cdd.dll
2009-08-18 21:25:33 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2009-08-18 21:25:33 ----A---- C:\Windows\system32\PortableDeviceClassExtension.dll
2009-08-18 21:25:33 ----A---- C:\Windows\system32\msjint40.dll
2009-08-18 21:25:33 ----A---- C:\Windows\system32\MsCtfMonitor.dll
2009-08-18 21:25:33 ----A---- C:\Windows\system32\l2nacp.dll
2009-08-18 21:25:33 ----A---- C:\Windows\system32\ftp.exe
2009-08-18 21:25:33 ----A---- C:\Windows\system32\fdSSDP.dll
2009-08-18 21:25:33 ----A---- C:\Windows\system32\fc.exe
2009-08-18 21:25:33 ----A---- C:\Windows\system32\eapp3hst.dll
2009-08-18 21:25:33 ----A---- C:\Windows\system32\dmusic.dll
2009-08-18 21:25:33 ----A---- C:\Windows\system32\cscapi.dll
2009-08-18 21:25:32 ----A---- C:\Windows\system32\wsdchngr.dll
2009-08-18 21:25:32 ----A---- C:\Windows\system32\Storprop.dll
2009-08-18 21:25:32 ----A---- C:\Windows\system32\SMBHelperClass.dll
2009-08-18 21:25:32 ----A---- C:\Windows\system32\rrinstaller.exe
2009-08-18 21:25:32 ----A---- C:\Windows\system32\rasdial.exe
2009-08-18 21:25:32 ----A---- C:\Windows\system32\rasdiag.dll
2009-08-18 21:25:32 ----A---- C:\Windows\system32\PortableDeviceTypes.dll
2009-08-18 21:25:32 ----A---- C:\Windows\system32\fdWCN.dll
2009-08-18 21:25:32 ----A---- C:\Windows\system32\eappcfg.dll
2009-08-18 21:25:32 ----A---- C:\Windows\system32\dot3cfg.dll
2009-08-18 21:25:32 ----A---- C:\Windows\system32\cscdll.dll
2009-08-18 21:25:32 ----A---- C:\Windows\system32\bthudtask.exe
2009-08-18 21:25:32 ----A---- C:\Windows\system32\bthci.dll
2009-08-18 21:25:31 ----A---- C:\Windows\system32\tscupgrd.exe
2009-08-18 21:25:31 ----A---- C:\Windows\system32\slcinst.dll
2009-08-18 21:25:31 ----A---- C:\Windows\system32\ocsetup.exe
2009-08-18 21:25:31 ----A---- C:\Windows\system32\nslookup.exe
2009-08-18 21:25:31 ----A---- C:\Windows\system32\networkitemfactory.dll
2009-08-18 21:25:31 ----A---- C:\Windows\system32\mfps.dll
2009-08-18 21:25:31 ----A---- C:\Windows\system32\ipconfig.exe
2009-08-18 21:25:31 ----A---- C:\Windows\system32\hbaapi.dll
2009-08-18 21:25:31 ----A---- C:\Windows\system32\FwRemoteSvr.dll
2009-08-18 21:25:31 ----A---- C:\Windows\system32\fdeploy.dll
2009-08-18 21:25:31 ----A---- C:\Windows\system32\eappgnui.dll
2009-08-18 21:25:31 ----A---- C:\Windows\system32\CHxReadingStringIME.dll
2009-08-18 21:25:30 ----A---- C:\Windows\system32\PNPXAssoc.dll
2009-08-18 21:25:30 ----A---- C:\Windows\system32\mmcico.dll
2009-08-18 21:25:30 ----A---- C:\Windows\system32\mfpmp.exe
2009-08-18 21:25:30 ----A---- C:\Windows\system32\gpupdate.exe
2009-08-18 21:25:29 ----A---- C:\Windows\system32\NcdProp.dll
2009-08-18 21:25:29 ----A---- C:\Windows\system32\iscsilog.dll
2009-08-18 21:25:29 ----A---- C:\Windows\system32\csrstub.exe
2009-08-18 21:25:29 ----A---- C:\Windows\system32\cbsra.exe
2009-08-18 21:25:29 ----A---- C:\Windows\system32\bitsigd.dll
2009-08-18 21:25:28 ----A---- C:\Windows\system32\vdmdbg.dll
2009-08-18 21:25:28 ----A---- C:\Windows\system32\odbcconf.dll
2009-08-18 21:25:27 ----A---- C:\Windows\system32\winrnr.dll
2009-08-18 21:25:27 ----A---- C:\Windows\system32\slwga.dll
2009-08-18 21:25:27 ----A---- C:\Windows\system32\midimap.dll
2009-08-18 21:25:27 ----A---- C:\Windows\system32\inetppui.dll
2009-08-18 21:25:25 ----A---- C:\Windows\system32\msimsg.dll
2009-08-18 21:25:25 ----A---- C:\Windows\system32\mferror.dll
2009-08-18 21:25:25 ----A---- C:\Windows\system32\f3ahvoas.dll
2009-08-18 21:25:10 ----A---- C:\Windows\system32\SmiEngine.dll
2009-08-18 21:25:08 ----A---- C:\Windows\system32\wdscore.dll
2009-08-18 21:25:08 ----A---- C:\Windows\system32\PkgMgr.exe
2009-08-18 21:25:02 ----A---- C:\Windows\system32\drvstore.dll
2009-08-18 09:46:14 ----D---- C:\Program Files\Common Files\Windows Live
2009-08-14 13:01:08 ----D---- C:\Program Files\Microsoft
2009-08-14 12:59:45 ----A---- C:\Windows\system32\lsasrv.dll
2009-08-14 12:59:44 ----A---- C:\Windows\system32\wdigest.dll
2009-08-14 12:59:44 ----A---- C:\Windows\system32\schannel.dll
2009-08-14 12:59:44 ----A---- C:\Windows\system32\msv1_0.dll
2009-08-14 12:59:44 ----A---- C:\Windows\system32\kerberos.dll
2009-08-14 12:59:43 ----A---- C:\Windows\system32\secur32.dll
2009-08-14 12:59:43 ----A---- C:\Windows\system32\lsass.exe
2009-08-12 16:34:59 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
2009-08-12 11:17:12 ----A---- C:\Windows\system32\atl.dll
2009-08-12 11:17:11 ----A---- C:\Windows\system32\wkssvc.dll
2009-08-12 11:17:09 ----A---- C:\Windows\system32\tsgqec.dll
2009-08-12 11:17:09 ----A---- C:\Windows\system32\mstscax.dll
2009-08-12 11:17:09 ----A---- C:\Windows\system32\aaclient.dll
2009-08-12 11:17:08 ----A---- C:\Windows\system32\avifil32.dll
2009-08-12 11:17:07 ----A---- C:\Windows\system32\wmp.dll
2009-08-12 11:17:04 ----A---- C:\Windows\system32\wmploc.DLL
2009-08-12 11:17:04 ----A---- C:\Windows\system32\wmpdxm.dll
2009-08-12 11:17:04 ----A---- C:\Windows\system32\spwmp.dll
2009-08-12 11:17:04 ----A---- C:\Windows\system32\dxmasf.dll
2009-08-11 09:15:37 ----D---- C:\Program Files\iPod
2009-08-11 09:15:36 ----D---- C:\Program Files\iTunes
2009-08-10 14:53:28 ----A---- C:\Windows\GunzLauncher.INI
2009-08-03 15:24:02 ----D---- C:\Windows\system32\SolidStateNetworks
2009-08-03 15:07:42 ----A---- C:\Windows\system32\OGAEXEC.exe
2009-08-03 15:07:42 ----A---- C:\Windows\system32\OGACheckControl.dll
2009-08-03 15:07:42 ----A---- C:\Windows\system32\OGAAddin.dll
2009-07-29 12:57:59 ----A---- C:\Windows\system32\mshtml.dll
2009-07-29 12:57:58 ----A---- C:\Windows\system32\ieframe.dll
2009-07-29 12:57:57 ----A---- C:\Windows\system32\wininet.dll
2009-07-29 12:57:57 ----A---- C:\Windows\system32\urlmon.dll
2009-07-29 12:57:57 ----A---- C:\Windows\system32\occache.dll
2009-07-29 12:57:57 ----A---- C:\Windows\system32\msfeeds.dll
2009-07-29 12:57:57 ----A---- C:\Windows\system32\iertutil.dll
2009-07-29 12:57:57 ----A---- C:\Windows\system32\iedkcs32.dll
2009-07-29 12:57:56 ----A---- C:\Windows\system32\msfeedssync.exe
2009-07-29 12:57:56 ----A---- C:\Windows\system32\msfeedsbs.dll
2009-07-29 12:57:56 ----A---- C:\Windows\system32\jsproxy.dll
2009-07-29 12:57:56 ----A---- C:\Windows\system32\ieUnatt.exe
2009-07-29 12:57:56 ----A---- C:\Windows\system32\ieui.dll
2009-07-29 12:57:56 ----A---- C:\Windows\system32\iesysprep.dll
2009-07-29 12:57:56 ----A---- C:\Windows\system32\iesetup.dll
2009-07-29 12:57:56 ----A---- C:\Windows\system32\iernonce.dll
2009-07-29 12:57:56 ----A---- C:\Windows\system32\iepeers.dll
2009-07-29 12:57:56 ----A---- C:\Windows\system32\ie4uinit.exe
2009-07-27 21:39:07 ----A---- C:\NdoorsLog.txt
2009-07-27 21:34:21 ----D---- C:\Program Files\Xfire
2009-07-27 16:35:55 ----A---- C:\Windows\patchw32.dll
2009-07-27 16:35:55 ----A---- C:\Windows\patchw.dll
2009-07-27 15:29:14 ----D---- C:\Program Files\Common Files\INCA Shared
2009-07-27 13:03:58 ----D---- C:\Program Files\Games-Masters.com
2009-07-27 07:36:40 ----A---- C:\log.txt
2009-07-26 16:44:56 ----A---- C:\Windows\system32\sirenacm.dll
2009-07-15 01:31:43 ----A---- C:\Windows\system32\t2embed.dll
2009-07-15 01:31:43 ----A---- C:\Windows\system32\lpk.dll
2009-07-15 01:31:43 ----A---- C:\Windows\system32\fontsub.dll
2009-07-15 01:31:43 ----A---- C:\Windows\system32\dciman32.dll
2009-07-15 01:31:43 ----A---- C:\Windows\system32\atmlib.dll
2009-07-15 01:31:43 ----A---- C:\Windows\system32\atmfd.dll
2009-06-29 17:24:08 ----SHD---- C:\Windows\system32\%APPDATA%
2009-06-28 19:50:16 ----A---- C:\Windows\system32\msonpmon.dll
2009-06-28 19:48:15 ----D---- C:\Program Files\Microsoft Visual Studio
2009-06-28 19:48:14 ----D---- C:\Program Files\Common Files\DESIGNER
2009-06-28 19:47:33 ----D---- C:\Windows\PCHEALTH
2009-06-28 19:47:33 ----D---- C:\Program Files\Microsoft.NET
2009-06-28 19:46:00 ----D---- C:\Program Files\Microsoft Visual Studio 8
2009-06-26 13:10:32 ----D---- C:\Program Files\Safari
2009-06-26 13:06:15 ----D---- C:\Program Files\QuickTime
2009-06-26 09:27:37 ----D---- C:\Program Files\uTorrent
2009-06-25 12:14:09 ----D---- C:\Program Files\TalkTalk
2009-06-25 12:14:06 ----A---- C:\Windows\{D084B1A9-153B-409D-AEBF-C40FCEF925EA}_WiseFW.ini
2009-06-25 12:13:57 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-06-25 11:30:52 ----D---- C:\Program Files\Common Files\SupportSoft
2009-06-24 10:17:49 ----A---- C:\Windows\system32\pthreadGC2.dll
2009-06-24 10:15:56 ----D---- C:\Program Files\VideoLAN
2009-06-15 19:44:06 ----A---- C:\Windows\system32\localspl.dll
2009-06-14 17:11:28 ----A---- C:\Windows\ntbtlog.txt
2009-06-14 16:21:29 ----A---- C:\Windows\system32\rpcrt4.dll

======List of files/folders modified in the last 3 months======

2009-09-12 00:14:50 ----D---- C:\Windows\Temp
2009-09-12 00:06:47 ----D---- C:\Windows\Minidump
2009-09-12 00:06:42 ----SHD---- C:\System Volume Information
2009-09-12 00:06:42 ----D---- C:\Windows
2009-09-11 23:37:16 ----RD---- C:\Program Files
2009-09-11 19:37:55 ----D---- C:\Windows\tracing
2009-09-11 17:14:11 ----D---- C:\Temp
2009-09-11 12:38:59 ----HD---- C:\$AVG8.VAULT$
2009-09-11 09:30:36 ----D---- C:\Windows\inf
2009-09-11 08:30:40 ----D---- C:\Windows\Microsoft.NET
2009-09-11 08:29:49 ----RSD---- C:\Windows\assembly
2009-09-10 23:18:11 ----D---- C:\Windows\System32
2009-09-10 23:04:52 ----D---- C:\Windows\system32\drivers
2009-09-10 23:00:53 ----D---- C:\Windows\Prefetch
2009-09-10 22:57:45 ----SHD---- C:\Windows\Installer
2009-09-10 22:57:40 ----D---- C:\Program Files\Common Files\System
2009-09-10 22:57:31 ----DC---- C:\Windows\system32\DRVSTORE
2009-09-10 22:57:05 ----D---- C:\Windows\winsxs
2009-09-10 22:45:40 ----D---- C:\Windows\system32\catroot2
2009-09-10 22:45:40 ----D---- C:\Windows\system32\catroot
2009-09-10 19:40:34 ----HD---- C:\ProgramData
2009-09-10 19:39:52 ----D---- C:\Program Files\Common Files
2009-09-10 11:45:18 ----D---- C:\Program Files\Avanquest update
2009-09-10 11:43:32 ----D---- C:\Program Files\Sony Ericsson
2009-09-09 11:03:04 ----D---- C:\Windows\rescache
2009-09-09 10:46:33 ----D---- C:\Program Files\Microsoft Silverlight
2009-09-09 10:45:20 ----D---- C:\Windows\system32\en-US
2009-09-09 10:41:27 ----D---- C:\Program Files\Windows Mail
2009-09-09 10:40:56 ----D---- C:\Windows\ehome
2009-09-07 09:50:30 ----SD---- C:\Windows\Downloaded Program Files
2009-09-05 11:30:52 ----HD---- C:\Program Files\InstallShield Installation Information
2009-09-05 11:28:08 ----D---- C:\Windows\Tasks
2009-09-05 10:12:21 ----D---- C:\Windows\system32\Tasks
2009-09-03 21:00:15 ----D---- C:\Program Files\Common Files\Apple
2009-09-03 20:56:57 ----D---- C:\Windows\system32\zh-TW
2009-09-03 20:56:57 ----D---- C:\Windows\system32\zh-HK
2009-09-03 20:56:57 ----D---- C:\Windows\system32\tr-TR
2009-09-03 20:56:57 ----D---- C:\Windows\system32\sv-SE
2009-09-03 20:56:57 ----D---- C:\Windows\system32\pt-BR
2009-09-03 20:56:57 ----D---- C:\Windows\system32\nl-NL
2009-09-03 20:56:57 ----D---- C:\Windows\system32\nb-NO
2009-09-03 20:56:57 ----D---- C:\Windows\system32\ko-KR
2009-09-03 20:56:57 ----D---- C:\Windows\system32\it-IT
2009-09-03 20:56:57 ----D---- C:\Windows\system32\he-IL
2009-09-03 20:56:57 ----D---- C:\Windows\system32\fr-FR
2009-09-03 20:56:57 ----D---- C:\Windows\system32\fi-FI
2009-09-03 20:56:57 ----D---- C:\Windows\system32\es-ES
2009-09-03 20:56:57 ----D---- C:\Windows\system32\el-GR
2009-09-03 20:56:57 ----D---- C:\Windows\system32\de-DE
2009-09-03 20:56:57 ----D---- C:\Windows\system32\da-DK
2009-09-03 20:56:57 ----D---- C:\Windows\system32\ar-SA
2009-09-03 19:57:47 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-09-03 10:12:14 ----D---- C:\Windows\AppPatch
2009-09-02 09:20:23 ----D---- C:\Program Files\WinRAR
2009-08-28 22:38:20 ----A---- C:\Windows\system32\mrt.exe
2009-08-26 22:28:12 ----D---- C:\Program Files\Internet Explorer
2009-08-19 16:10:25 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-08-19 07:42:32 ----SHD---- C:\Boot
2009-08-19 07:36:27 ----D---- C:\Program Files\Windows Calendar
2009-08-19 07:36:27 ----D---- C:\Program Files\Movie Maker
2009-08-19 07:36:26 ----D---- C:\Program Files\Windows Sidebar
2009-08-19 07:36:26 ----D---- C:\Program Files\Windows Media Player
2009-08-19 07:36:26 ----D---- C:\Program Files\Windows Journal
2009-08-19 07:36:26 ----D---- C:\Program Files\Windows Collaboration
2009-08-19 07:36:25 ----D---- C:\Program Files\Windows Photo Gallery
2009-08-19 07:36:23 ----D---- C:\Windows\servicing
2009-08-19 07:36:23 ----D---- C:\Program Files\Windows Defender
2009-08-19 07:36:13 ----D---- C:\Windows\system32\XPSViewer
2009-08-19 07:36:13 ----D---- C:\Windows\system32\lv-LV
2009-08-19 07:36:13 ----D---- C:\Windows\IME
2009-08-19 07:36:12 ----D---- C:\Windows\system32\sk-SK
2009-08-19 07:36:12 ----D---- C:\Windows\system32\hr-HR
2009-08-19 07:36:12 ----D---- C:\Windows\system32\et-EE
2009-08-19 07:36:09 ----D---- C:\Windows\system32\oobe
2009-08-19 07:36:09 ----D---- C:\Windows\system32\migration
2009-08-19 07:36:07 ----D---- C:\Windows\system32\ru-RU
2009-08-19 07:36:07 ----D---- C:\Windows\system32\AdvancedInstallers
2009-08-19 07:36:06 ----D---- C:\Windows\system32\SLUI
2009-08-19 07:36:06 ----D---- C:\Windows\system32\setup
2009-08-19 07:36:06 ----D---- C:\Windows\system32\pt-PT
2009-08-19 07:36:06 ----D---- C:\Windows\system32\hu-HU
2009-08-19 07:36:06 ----D---- C:\Windows\system32\cs-CZ
2009-08-19 07:36:05 ----D---- C:\Windows\system32\zh-CN
2009-08-19 07:36:05 ----D---- C:\Windows\system32\en
2009-08-19 07:36:04 ----D---- C:\Windows\system32\uk-UA
2009-08-19 07:36:04 ----D---- C:\Windows\system32\sr-Latn-CS
2009-08-19 07:36:04 ----D---- C:\Windows\system32\sl-SI
2009-08-19 07:36:04 ----D---- C:\Windows\system32\pl-PL
2009-08-19 07:36:04 ----D---- C:\Windows\system32\manifeststore
2009-08-19 07:36:04 ----D---- C:\Windows\system32\ja-JP
2009-08-19 07:36:04 ----D---- C:\Windows\system32\bg-BG
2009-08-19 07:36:03 ----D---- C:\Windows\system32\th-TH
2009-08-19 07:36:03 ----D---- C:\Windows\system32\ro-RO
2009-08-19 07:36:02 ----D---- C:\Windows\system32\wbem
2009-08-19 07:36:00 ----D---- C:\Windows\system32\migwiz
2009-08-19 07:36:00 ----D---- C:\Windows\system32\lt-LT
2009-08-19 07:35:23 ----RSD---- C:\Windows\Fonts
2009-08-19 07:32:07 ----D---- C:\Windows\system32\Boot
2009-08-19 07:30:50 ----D---- C:\Windows\system32\RTCOM
2009-08-14 13:01:25 ----D---- C:\Program Files\Common Files\microsoft shared
2009-07-31 09:19:17 ----A---- C:\Windows\system32\avgrsstx.dll
2009-07-27 01:10:22 ----D---- C:\Windows\system32\config
2009-07-27 01:10:18 ----D---- C:\Windows\system32\spool
2009-07-27 01:10:17 ----D---- C:\Windows\registration
2009-07-23 10:26:50 ----D---- C:\Windows\pss
2009-07-10 20:31:08 ----D---- C:\Windows\system32\Msdtc
2009-06-29 17:26:28 ----A---- C:\Windows\win.ini
2009-06-28 19:48:46 ----D---- C:\Program Files\MSBuild
2009-06-28 19:48:29 ----D---- C:\Program Files\Microsoft Office
2009-06-28 19:48:11 ----D---- C:\Windows\ShellNew
2009-06-20 19:28:02 ----A---- C:\Windows\system32\ff_vfw.dll
2009-06-14 21:09:35 ----D---- C:\Program Files\Microsoft Works
2009-06-14 15:15:40 ----D---- C:\Windows\system32\CodeIntegrity
2009-06-13 20:03:31 ----D---- C:\Program Files\Java
2009-06-13 00:14:02 ----D---- C:\Program Files\PFConfig

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Avgfwfd;AVG network filter service; C:\Windows\system32\DRIVERS\avgfwd6x.sys [2009-04-23 23832]
R1 AvgLdx86;AVG AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2009-07-31 335240]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\Windows\System32\Drivers\avgmfx86.sys [2009-07-31 27784]
R1 AvgTdiX;AVG8 Network Redirector; C:\Windows\System32\Drivers\avgtdix.sys [2009-04-23 108552]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-05 8192]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2008-01-03 1044984]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2006-10-18 986624]
R3 HSXHWBS2;HSXHWBS2; C:\Windows\system32\DRIVERS\HSXHWBS2.sys [2006-10-18 258048]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-01-24 2054872]
R3 moufiltr;Mouse Filter; C:\Windows\system32\DRIVERS\moufiltr.sys [2007-01-09 6144]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2007-10-29 1062048]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-05-03 7460320]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2006-10-18 659968]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S3 a016bus;Sony Ericsson Device A016 driver (WDM); C:\Windows\system32\DRIVERS\a016bus.sys [2008-01-18 83880]
S3 a016mdfl;Sony Ericsson Device A016 USB WMC Modeme Filter; C:\Windows\system32\DRIVERS\a016mdfl.sys [2008-01-18 15016]
S3 a016mdm;Sony Ericsson Device A016 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\a016mdm.sys [2008-01-18 110504]
S3 a016mgmt;Sony Ericsson Device A016 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\a016mgmt.sys [2008-01-18 104488]
S3 a016obex;Sony Ericsson Device A016 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\a016obex.sys [2008-01-18 100648]
S3 DESVUSB;Dell service driver; C:\Windows\system32\DRIVERS\desrvusb.sys [2007-07-06 17536]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 DSI_SiUSBXp_3_1;DSI_SiUSBXp_3_1; C:\Windows\system32\drivers\DSI_SiUSBXp_3_1.sys [2007-09-06 14848]
S3 dump_wmimmc;dump_wmimmc; \??\C:\Rohan_Global\GameGuard\dump_wmimmc.sys []
S3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2006-11-02 200704]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2009-08-05 54632]
S3 ggflt;SEMC USB Flash Driver Filter; C:\Windows\system32\DRIVERS\ggflt.sys [2009-09-10 13224]
S3 ggsemc;SEMC USB Flash Driver; C:\Windows\system32\DRIVERS\ggsemc.sys [2009-09-10 25512]
S3 inyafakj;inyafakj; \??\C:\Users\brian\AppData\Local\Temp\inyafakj.sys []
S3 motccgp;Motorola USB Composite Device Driver; C:\Windows\system32\DRIVERS\motccgp.sys []
S3 motccgpfl;MotCcgpFlService; C:\Windows\system32\DRIVERS\motccgpfl.sys []
S3 MotDev;Motorola Inc. USB Device; C:\Windows\system32\DRIVERS\motodrv.sys [2007-10-10 42112]
S3 motmodem;Motorola USB CDC ACM Driver; C:\Windows\system32\DRIVERS\motmodem.sys [2007-06-18 23680]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 NPPTNT2;NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [2005-01-04 4682]
S3 pgfilter;pgfilter; \??\C:\Program Files\PeerGuardian2\pgfilter.sys []
S3 qcusbmdm6k;Berlin Proprietary USB Driver; C:\Windows\system32\DRIVERS\qcusbmdm6k.sys [2005-03-10 64640]
S3 qcusbser6k;Berlin Diagnostic Port; C:\Windows\system32\DRIVERS\qcusbser6k.sys [2005-03-10 64640]
S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 2028032]
S3 RimUsb;BlackBerry Device; C:\Windows\System32\Drivers\RimUsb.sys []
S3 RimVSerPort;RIM Virtual Serial Port v2; C:\Windows\system32\DRIVERS\RimSerial.sys [2006-06-30 26752]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2008-01-19 8192]
S3 rootrepeal;rootrepeal; \??\C:\Windows\system32\drivers\rootrepeal.sys []
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM); C:\Windows\system32\DRIVERS\s1018bus.sys [2008-06-04 90408]
S3 s116bus;Sony Ericsson Device 116 driver (WDM); C:\Windows\system32\DRIVERS\s116bus.sys [2007-04-03 83336]
S3 s116mdfl;Sony Ericsson Device 116 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s116mdfl.sys [2007-04-03 15112]
S3 s116mdm;Sony Ericsson Device 116 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s116mdm.sys [2007-04-03 108680]
S3 s116mgmt;Sony Ericsson Device 116 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\s116mgmt.sys [2007-04-03 100488]
S3 s116nd5;Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (NDIS); C:\Windows\system32\DRIVERS\s116nd5.sys [2007-04-03 23176]
S3 s116obex;Sony Ericsson Device 116 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s116obex.sys [2007-04-03 98696]
S3 s116unic;Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (WDM); C:\Windows\system32\DRIVERS\s116unic.sys [2007-04-03 99080]
S3 s3017bus;Sony Ericsson Device 3017 driver (WDM); C:\Windows\system32\DRIVERS\s3017bus.sys [2007-12-10 83880]
S3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s3017mdfl.sys [2007-12-10 15016]
S3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s3017mdm.sys [2007-12-10 110632]
S3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\s3017mgmt.sys [2007-12-10 104616]
S3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS); C:\Windows\system32\DRIVERS\s3017nd5.sys [2007-12-10 25512]
S3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s3017obex.sys [2007-12-10 100648]
S3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM); C:\Windows\system32\DRIVERS\s3017unic.sys [2007-12-10 110120]
S3 snpstd;Trust Webcam 14823; C:\Windows\system32\DRIVERS\snpstd.sys [2006-05-03 390784]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys []
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936]
S3 wrssweep;Webroots Volume Access Driver; \??\C:\Program Files\Webroot\Washer\wrssweep.sys [2007-11-26 21832]
S3 XDva281;XDva281; \??\C:\Windows\system32\XDva281.sys []
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-03-29 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AERTFilters;Andrea RT Filters Service; C:\Windows\system32\AERTSrv.exe [2007-12-05 77824]
R2 avg8emc;AVG8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-07-31 908056]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-07-31 297752]
R2 avgfws8;AVG8 Firewall; C:\PROGRA~1\AVG\AVG8\avgfws8.exe [2009-07-31 1370488]
R2 Creative Labs Licensing Service;Creative Labs Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe [2008-03-28 72704]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\Windows\system32\CTsvcCDA.exe [1999-12-13 44032]
R2 deMntrService;Dell AIO Center Service; C:\Program Files\Dell\MFP_DELL\deMntrService.exe [2007-06-28 131072]
R2 KService;KService; C:\Program Files\Kontiki\KService.exe [2008-02-27 3072184]
R2 NMSAccess;NMSAccess; C:\Program Files\Cheetah Burner\Cheetah DVD Burner\NMSAccess.exe [2005-12-07 45056]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-05-03 118784]
R2 ProtexisLicensing;ProtexisLicensing; C:\Windows\system32\PSIService.exe [2006-11-02 174656]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-08-14 809296]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
R2 sprtsvc_TalkTalk;SupportSoft Sprocket Service (TalkTalk); C:\Program Files\TalkTalk\bin\sprtsvc.exe [2007-10-12 202016]
R2 tgsrvc_TalkTalk;SupportSoft Repair Service (TalkTalk); C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe [2007-08-02 148768]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-03-30 1533808]
R2 wwEngineSvc;Window Washer Engine; C:\Program Files\Webroot\Washer\WasherSvc.exe [2007-11-26 598856]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2006-08-05 386560]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-09 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-07-13 542496]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 npggsvc;nProtect GameGuard Service; C:\Windows\system32\GameMon.des [2009-05-20 2772302]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor1\pctsAuxs.exe []
S3 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor1\pctsSvc.exe []
S3 SupportSoft RemoteAssist;SupportSoft RemoteAssist; C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe [2007-08-02 382320]
S4 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2009-02-06 109056]
S4 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
S4 gupdate1c9b0c03d81f234;Google Update Service (gupdate1c9b0c03d81f234); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-03-29 133104]

-----------------EOF-----------------
gamer would only run for a few minutes then the pc would get a blue screen and reboot.
GMER 1.0.15.15077 [GAMERS.exe] - http://www.gmer.net
Rootkit quick scan 2009-09-12 00:10:58
Windows 6.0.6002 Service Pack 2


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\fastfat \Fat FLTMGR.SYS (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- Services - GMER 1.0.15 ----

Service C:\Windows\system32\drivers\rotscxoykpmacv.sys (*** hidden *** ) [SYSTEM] rotscxmbwxrxib <-- ROOTKIT !!!
Service C:\Windows\system32\drivers\rotscxqsebxmxd.sys (*** hidden *** ) [SYSTEM] rotscxssdntkcp <-- ROOTKIT !!!

---- EOF - GMER 1.0.15 ----
  • 0

#8
fenzodahl512
Posted 11 September 2009 - 08:35 PM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from HERE or HERE and save it to your Desktop.

During the download, rename Combofix to Combo-Fix as follows:

Posted Image

Posted Image


It is important you rename Combofix during the download, but not after.

**NOTE: If you are using Firefox, make sure that your download settings are as follows:
  • Tools->Options->Main tab
  • Set to "Always ask me where to Save the files".


After that, double-click and run Combo-Fix. Let it finish its job and post the log here

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..
  • 0

#9
cuda67
Posted 12 September 2009 - 01:47 PM

cuda67

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
combo-fix log:
ComboFix 09-09-11.05 - brian 12/09/2009 20:26.2.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3006.2039 [GMT 1:00]
Running from: c:\users\brian\Desktop\Combo-Fix.exe
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\brian\AppData\Local\Temp\ppcrlui_1108_2

.
((((((((((((((((((((((((( Files Created from 2009-08-12 to 2009-09-12 )))))))))))))))))))))))))))))))
.

2009-09-12 19:36 . 2009-09-12 19:36 -------- d-----w- c:\users\brian\AppData\Local\temp
2009-09-12 19:36 . 2009-09-12 19:36 -------- d-----w- c:\users\ReleaseEngineer.MACROVISION\AppData\Local\temp
2009-09-12 19:36 . 2009-09-12 19:36 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-09-12 19:36 . 2009-09-12 19:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-09-11 23:02 . 2009-09-11 23:02 -------- d-----w- C:\found.000
2009-09-11 22:37 . 2009-09-11 23:15 -------- d-----w- c:\program files\trend micro
2009-09-11 22:37 . 2009-09-11 22:38 -------- d-----w- C:\rsit
2009-09-10 22:06 . 2009-09-11 11:57 -------- d-----w- c:\users\brian\Tracing
2009-09-10 22:00 . 2009-09-10 22:00 -------- d-----w- c:\program files\ERUNT
2009-09-10 21:57 . 2009-09-10 21:57 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2009-09-10 21:57 . 2009-08-05 21:48 54632 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2009-09-10 21:57 . 2009-09-10 21:57 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-09-10 21:55 . 2009-09-10 21:55 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-09-10 21:55 . 2009-09-10 21:57 -------- d-----w- c:\program files\Windows Live
2009-09-10 18:53 . 2009-09-10 18:53 -------- d-----w- c:\users\brian\Catering things i have made
2009-09-10 18:40 . 2009-09-10 18:40 -------- d-----w- c:\users\brian\AppData\Roaming\AVS4YOU
2009-09-10 18:39 . 2009-09-10 18:40 -------- d-----w- c:\program files\Common Files\AVSMedia
2009-09-10 18:39 . 2009-09-10 19:04 -------- d-----w- c:\program files\AVS4YOU
2009-09-10 18:39 . 2003-05-21 12:50 24576 ----a-w- c:\windows\system32\msxml3a.dll
2009-09-10 18:31 . 2009-09-10 18:31 -------- d-----w- c:\program files\Xilisoft
2009-09-10 10:43 . 2009-09-10 10:43 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2009-09-10 10:43 . 2009-09-10 10:43 25512 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2009-09-10 10:43 . 2009-09-10 10:43 13224 ----a-w- c:\windows\system32\drivers\ggflt.sys
2009-09-09 10:25 . 2009-09-09 10:25 -------- d-----w- c:\users\brian\Office Genuine Advantage
2009-09-09 09:39 . 2009-07-11 19:01 513536 ----a-w- c:\windows\system32\wlansvc.dll
2009-09-09 09:39 . 2009-07-11 19:01 65024 ----a-w- c:\windows\system32\wlanapi.dll
2009-09-09 09:39 . 2009-06-10 11:41 2868224 ----a-w- c:\windows\system32\mf.dll
2009-09-07 23:01 . 2009-09-07 23:01 -------- d-----w- c:\users\brian\AppData\Roaming\Malwarebytes
2009-09-07 23:01 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-07 23:01 . 2009-09-10 22:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-07 23:01 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-07 14:31 . 2009-09-07 14:31 -------- d-----w- c:\users\Public\Games
2009-09-04 18:19 . 2008-12-11 07:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-09-04 18:19 . 2009-04-03 10:18 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-09-04 18:19 . 2008-12-18 11:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-09-04 18:19 . 2009-09-04 18:19 -------- d-----w- c:\program files\Common Files\PC Tools
2009-09-04 18:19 . 2008-12-10 10:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-09-04 18:18 . 2009-09-04 18:18 -------- d-----w- c:\users\brian\AppData\Roaming\PC Tools
2009-09-03 19:02 . 2009-09-03 19:02 30720 ----a-w- c:\windows\system32\7EE983E52D57964A.exe
2009-09-02 21:15 . 2009-08-29 00:14 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-09-02 21:15 . 2009-08-29 00:27 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-26 21:29 . 2009-06-22 10:09 2048 ----a-w- c:\windows\system32\tzres.dll
2009-08-19 06:32 . 2009-08-19 06:36 -------- d-----w- c:\windows\system32\ca-ES
2009-08-19 06:32 . 2009-08-19 06:36 -------- d-----w- c:\windows\system32\eu-ES
2009-08-19 06:32 . 2009-08-19 06:36 -------- d-----w- c:\windows\system32\vi-VN
2009-08-19 04:34 . 2009-08-19 04:34 -------- d-----w- c:\windows\system32\EventProviders
2009-08-18 20:25 . 2009-04-11 06:32 48104 ----a-w- c:\windows\system32\drivers\mup.sys
2009-08-18 08:46 . 2009-08-18 08:46 -------- d-----w- c:\program files\Common Files\Windows Live
2009-08-14 12:01 . 2009-09-10 21:55 -------- d-----w- c:\program files\Microsoft
2009-08-14 11:59 . 2009-06-15 14:52 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2009-08-14 11:59 . 2009-06-15 23:15 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-08-14 11:59 . 2009-06-15 14:54 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-08-14 11:59 . 2009-06-15 14:53 270848 ----a-w- c:\windows\system32\schannel.dll
2009-08-14 11:59 . 2009-06-15 14:53 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-08-14 11:59 . 2009-06-15 14:52 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-08-14 11:59 . 2009-06-15 14:53 72704 ----a-w- c:\windows\system32\secur32.dll
2009-08-14 11:59 . 2009-06-15 12:48 9728 ----a-w- c:\windows\system32\lsass.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-12 16:23 . 2008-10-06 22:28 -------- d-----w- c:\users\brian\AppData\Roaming\uTorrent
2009-09-10 10:56 . 2009-09-10 10:56 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ggsemc_01007.Wdf
2009-09-10 10:45 . 2008-04-02 10:43 -------- d-----w- c:\program files\Avanquest update
2009-09-10 10:43 . 2008-07-17 11:28 -------- d-----w- c:\program files\Sony Ericsson
2009-09-10 10:34 . 2008-06-19 20:01 1652 ----a-w- c:\users\brian\AppData\Roaming\wklnhst.dat
2009-09-09 09:46 . 2008-05-27 22:21 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-09 09:41 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-09-05 10:30 . 2008-03-28 19:02 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-04 16:50 . 2009-09-04 16:50 7396 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-09-03 20:00 . 2008-06-29 20:48 -------- d-----w- c:\program files\Common Files\Apple
2009-08-30 18:26 . 2009-06-24 09:19 -------- d-----w- c:\users\brian\AppData\Roaming\vlc
2009-08-19 15:10 . 2008-07-05 09:01 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-19 06:36 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-08-19 06:36 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-08-19 06:36 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-08-19 06:36 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-08-19 06:36 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-08-19 06:36 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-08-14 16:27 . 2009-09-09 09:40 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 15:53 . 2009-09-09 09:40 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49 . 2009-09-09 09:40 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49 . 2009-09-09 09:40 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49 . 2009-09-09 09:40 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49 . 2009-09-09 09:40 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49 . 2009-09-09 09:40 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49 . 2009-09-09 09:40 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49 . 2009-09-09 09:40 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48 . 2009-09-09 09:40 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-08-14 13:48 . 2009-09-09 09:40 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-13 12:00 . 2009-08-12 15:34 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2009-08-12 20:58 . 2009-07-27 20:34 -------- d-----w- c:\users\brian\AppData\Roaming\Xfire
2009-08-11 13:10 . 2009-02-11 19:16 1356 ----a-w- c:\users\brian\AppData\Local\d3d9caps.dat
2009-08-11 08:28 . 2008-06-29 20:50 -------- d-----w- c:\users\brian\AppData\Roaming\Apple Computer
2009-08-11 08:16 . 2009-08-11 08:15 -------- d-----w- c:\program files\iTunes
2009-08-11 08:15 . 2009-08-11 08:15 -------- d-----w- c:\program files\iPod
2009-08-10 13:48 . 2009-08-03 14:52 -------- d--h--w- c:\users\brian\AppData\Roaming\ijjigame
2009-08-10 08:51 . 2008-04-02 11:41 -------- d-----w- c:\users\brian\AppData\Roaming\LimeWire
2009-08-03 14:07 . 2009-08-03 14:07 403816 ----a-w- c:\windows\system32\OGACheckControl.dll
2009-08-03 14:07 . 2009-08-03 14:07 322928 ----a-w- c:\windows\system32\OGAAddin.dll
2009-08-03 14:07 . 2009-08-03 14:07 230768 ----a-w- c:\windows\system32\OGAEXEC.exe
2009-07-31 08:19 . 2008-09-23 09:53 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-07-31 08:19 . 2008-09-23 09:53 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-31 08:19 . 2008-09-23 09:53 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-07-27 20:34 . 2009-07-27 20:34 -------- d-----w- c:\program files\Xfire
2009-07-27 15:37 . 2008-04-01 10:30 106936 ----a-w- c:\users\brian\AppData\Local\GDIPFONTCACHEV1.DAT
2009-07-27 14:29 . 2009-07-27 14:29 -------- d-----w- c:\program files\Common Files\INCA Shared
2009-07-27 12:03 . 2009-07-27 12:03 -------- d-----w- c:\program files\Games-Masters.com
2009-07-26 15:44 . 2009-07-26 15:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
2009-07-21 21:52 . 2009-07-29 11:57 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-29 11:57 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-29 11:57 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-29 11:57 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-17 13:54 . 2009-08-12 10:17 71680 ----a-w- c:\windows\system32\atl.dll
2009-07-15 12:40 . 2009-08-12 10:17 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-07-15 12:39 . 2009-08-12 10:17 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-15 12:39 . 2009-08-12 10:17 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-07-15 12:39 . 2009-08-12 10:17 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-07-11 19:01 . 2009-09-09 09:40 302592 ----a-w- c:\windows\system32\wlansec.dll
2009-07-11 19:01 . 2009-09-09 09:40 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2009-07-11 17:03 . 2009-09-09 09:40 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2009-07-10 11:15 . 2009-07-10 11:15 306544 ----a-w- c:\windows\WLXPGSS.SCR
2009-06-20 18:28 . 2008-06-12 19:36 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-06-15 14:53 . 2009-07-15 00:31 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 14:52 . 2009-07-15 00:31 23552 ----a-w- c:\windows\system32\lpk.dll
2009-06-15 14:52 . 2009-07-15 00:31 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 14:51 . 2009-07-15 00:31 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-06-15 12:42 . 2009-07-15 00:31 289792 ----a-w- c:\windows\system32\atmfd.dll
2008-05-25 15:21 . 2008-04-01 23:27 88 --sh--r- c:\windows\System32\83D76F9165.sys
2008-05-29 15:01 . 2008-05-29 14:59 88 --sha-r- c:\windows\System32\C45CADE526.sys
2008-05-29 15:02 . 2008-04-01 23:27 4076 --sha-w- c:\windows\System32\KGyGaAvL.sys
2008-03-29 02:39 . 2008-03-29 02:25 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((( SnapShot@2009-09-12_19.15.21 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-03-28 19:26 . 2009-09-12 19:25 71124 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-09-12 19:25 77666 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-04-01 10:31 . 2009-09-12 19:25 19242 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2042307149-782054855-2312145781-1000_UserData.bin
- 2008-04-01 10:24 . 2009-09-12 19:15 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-04-01 10:24 . 2009-09-12 19:23 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-04-01 10:24 . 2009-09-12 19:23 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-04-01 10:24 . 2009-09-12 19:15 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-04-01 10:24 . 2009-09-12 19:15 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-04-01 10:24 . 2009-09-12 19:23 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-04-02 20:13 . 2009-09-12 19:22 5110 c:\windows\System32\WDI\ERCQueuedResolutions.dat
+ 2009-09-12 19:23 . 2009-09-12 19:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-09-12 19:23 . 2009-09-12 19:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VolPanel"="c:\program files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" [2006-11-27 180224]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-02 13535776]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-13 2007832]
"TalkTalk"="c:\program files\TalkTalk\bin\sprtcmd.exe" [2007-10-12 202016]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-01-17 4907008]

c:\users\brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-3-28 50688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):32,65,90,dd,97,20,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2042307149-782054855-2312145781-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{19EA1263-2197-4D76-A7B0-20E8419A110B}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{9828E6B1-9120-48D2-B0C1-1A634D59200B}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{4C64D948-691A-4507-872A-B13BD9230963}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{DBFDB629-E7B9-4CBA-875B-69D16FF28010}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"{DE516DD3-4502-448D-ACCE-E1292932FA33}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{FF4ADB99-9786-4223-9788-1BB8C2CD0D2F}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{49B70A0A-21D5-4DCE-8B51-AE17CBF20795}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
"{61918BBE-0739-4F16-9714-C90543783119}"= UDP:c:\program files\Google\Google Earth\googleearth.exe:Google Earth
"{EC0A9C96-9B15-475F-8FFA-B4770B7051E4}"= TCP:c:\program files\Google\Google Earth\googleearth.exe:Google Earth
"{794F82DD-A0FD-4C08-ABC9-416439C7FDBB}"= UDP:c:\program files\Google\Google Updater\GoogleUpdater.exe:GoogleUpdater
"{FF3FB4B6-C9E4-4A12-A1BE-1FFFEFF30153}"= TCP:c:\program files\Google\Google Updater\GoogleUpdater.exe:GoogleUpdater
"{51AFFA45-A834-4698-A3DC-28E9B5819BD2}"= UDP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{ECE0B0A9-4095-4B72-844E-32C20DACEDEF}"= TCP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{6B5FF771-2822-4C54-B4D5-9B4047F957AA}"= UDP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{B05B21FE-E0B3-4F91-A31F-AD9677C0AF2A}"= TCP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{39EE6E73-E002-4346-A9D6-7F0A322587EE}"= UDP:c:\program files\LimeWire1\LimeWire.exe:LimeWire
"{97BDA218-C723-4060-8E5C-313127106C77}"= TCP:c:\program files\LimeWire1\LimeWire.exe:LimeWire
"{75DF48BB-3367-4C63-98B0-AC5220FE8257}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{783232B6-43FE-481A-8534-A43A3A421218}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{C0201DF5-467D-41B1-9C73-486D83A212C8}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{2888AD58-4624-4B92-A12C-0894FC1BDBCC}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{3A8FA964-C4CA-414A-A4E9-EECB11EB34A2}"= UDP:c:\program files\TalkTalk\agent\bin\bcont.exe:bcont.exe
"{1AEAADF8-403D-4F00-987F-A614A7B57F12}"= TCP:c:\program files\TalkTalk\agent\bin\bcont.exe:bcont.exe
"{DEB03BAA-EADB-4B12-A9E2-CE3A91DFB48E}"= UDP:c:\program files\Common Files\SupportSoft\bin\tgsrvc.exe:tgsrvc.exe
"{97142D52-A824-47CB-A9E1-B4DCBCBF0CB9}"= TCP:c:\program files\Common Files\SupportSoft\bin\tgsrvc.exe:tgsrvc.exe
"{8A31898F-FF4D-4145-A171-8C9A85D726C1}"= UDP:c:\program files\TalkTalk\agent\bin\bcont_nm.exe:bcont_nm.exe
"{E688A26D-BD5E-4C08-81E6-27F777CABCC2}"= TCP:c:\program files\TalkTalk\agent\bin\bcont_nm.exe:bcont_nm.exe
"{8C23F425-A1E1-4162-A000-2F142C66FD28}"= UDP:c:\program files\TalkTalk\bin\sprtcmd.exe:sprtcmd.exe
"{EB778109-6407-479F-97D0-B55BB2428DE5}"= TCP:c:\program files\TalkTalk\bin\sprtcmd.exe:sprtcmd.exe
"{14BA9262-F409-43BD-8AAF-FDE8EA3CB473}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{43C7EB1C-509D-4E94-80B5-B0FE72C7E624}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{CD765C42-24C7-4754-BC43-4AB0D2E3C720}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{FBF0DEF3-DBEE-4082-B8DD-11DA1CFA6F7E}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{8D462C78-A5C2-456B-B9AD-9370852238F0}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{D1E62202-9ECB-4C40-99F0-7D6B84179152}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{C2C12995-FEC6-4E88-9498-FCEB1FB0AFEF}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{3040B965-F05D-48B6-8B85-5927E2E00F2B}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{DB6285B3-1B83-4FA0-AADF-931F26415EDE}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{B6C6D27E-B298-45AD-BB0B-0180F5E22DB8}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 AvgRkx86;avgrkx86.sys;c:\windows\System32\drivers\avgrkx86.sys [23/09/2008 10:53 12552]
R0 PCTCore;PCTools KDS;c:\windows\System32\drivers\PCTCore.sys [04/09/2009 19:19 130936]
R1 Avgfwfd;AVG network filter service;c:\windows\System32\drivers\avgfwd6x.sys [23/10/2008 09:44 23832]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [23/09/2008 10:53 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [23/10/2008 09:44 108552]
R2 AERTFilters;Andrea RT Filters Service;c:\windows\System32\AERTSrv.exe [05/12/2007 06:17 77824]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [23/04/2009 11:31 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [07/01/2009 23:57 297752]
R2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [23/04/2009 11:31 1370488]
R2 deMntrService;Dell AIO Center Service;c:\program files\Dell\MFP_DELL\deMntrService.exe [28/06/2007 15:05 131072]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [05/07/2008 10:01 809296]
R2 sprtsvc_TalkTalk;SupportSoft Sprocket Service (TalkTalk);c:\program files\TalkTalk\bin\sprtsvc.exe [12/10/2007 09:33 202016]
R2 tgsrvc_TalkTalk;SupportSoft Repair Service (TalkTalk);c:\program files\Common Files\SupportSoft\bin\tgsrvc.exe [02/08/2007 14:42 148768]
R2 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [06/01/2009 00:49 598856]
S2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE [30/03/2009 16:28 1533808]
S3 DESVUSB;Dell service driver;c:\windows\System32\drivers\desrvusb.sys [29/03/2008 03:22 17536]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [10/09/2009 22:57 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 22:48 704864]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\System32\drivers\ggflt.sys [10/09/2009 11:43 13224]
S3 MotDev;Motorola Inc. USB Device;c:\windows\System32\drivers\motodrv.sys [10/10/2007 17:41 42112]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 qcusbmdm6k;Berlin Proprietary USB Driver;c:\windows\System32\drivers\qcusbmdm6k.sys [21/07/2008 20:51 64640]
S3 qcusbser6k;Berlin Diagnostic Port;c:\windows\System32\drivers\qcusbser6k.sys [21/07/2008 20:52 64640]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\System32\drivers\s1018bus.sys [24/01/2009 14:16 90408]
S3 s3017bus;Sony Ericsson Device 3017 driver (WDM);c:\windows\System32\drivers\s3017bus.sys [17/07/2008 12:29 83880]
S3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter;c:\windows\System32\drivers\s3017mdfl.sys [17/07/2008 12:29 15016]
S3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver;c:\windows\System32\drivers\s3017mdm.sys [17/07/2008 12:29 110632]
S3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM);c:\windows\System32\drivers\s3017mgmt.sys [17/07/2008 12:29 104616]
S3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS);c:\windows\System32\drivers\s3017nd5.sys [17/07/2008 12:29 25512]
S3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface;c:\windows\System32\drivers\s3017obex.sys [17/07/2008 12:29 100648]
S3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM);c:\windows\System32\drivers\s3017unic.sys [17/07/2008 12:29 110120]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor1\pctsAuxs.exe --> c:\program files\Spyware Doctor1\pctsAuxs.exe [?]
S3 wrssweep;Webroots Volume Access Driver;c:\program files\Webroot\Washer\wrSSweep.sys [29/03/2009 23:27 21832]
S4 gupdate1c9b0c03d81f234;Google Update Service (gupdate1c9b0c03d81f234);c:\program files\Google\Update\GoogleUpdate.exe [29/03/2009 23:46 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-09-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-29 22:46]

2009-09-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-29 22:46]

2008-04-03 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2008-07-05 15:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-12 20:36
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2042307149-782054855-2312145781-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*X*V*I*D*-*F*O*X*-*M*F*D*s*s*"!\OpenWithList]
@Class="Shell"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0013\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-09-12 20:37
ComboFix-quarantined-files.txt 2009-09-12 19:37
ComboFix2.txt 2009-09-12 19:18

Pre-Run: 204,000,206,848 bytes free
Post-Run: 203,868,790,784 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=13 Sets=1,6,7,8,9,10,11,12,13
383 --- E O F --- 2009-09-11 23:20
  • 0

#10
fenzodahl512
Posted 12 September 2009 - 10:53 PM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Go HERE and download SysProt AntiRootkit. Unzip it to your Desktop
  • Run SysProt >> Click on the Log tab
  • Tick ALL the boxes at the "Write to log" section (Do NOT tick the "Hidden Objects Only" options)
  • Hit the Create Log button
  • When it asked for scanning option, choose Scanning all drives >> Hit Start button (Do NOT hit "Ok" button)
  • Let it scan until finish
  • Find the log.txt inside the SysProt folder and attach the log here.



NEXT


Download this tool to desktop:

http://www2.gmer.net/mbr/mbr.exe

Double click it & post the log it creates on desktop. (mbr.log)
  • 0

Advertisements

#11
cuda67
Posted 13 September 2009 - 05:10 AM

cuda67

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

Process:
Name: [System Idle Process]
PID: 0
Hidden: No
Window Visible: No

Name: System
PID: 4
Hidden: No
Window Visible: No

Name: C:\Windows\System32\smss.exe
PID: 432
Hidden: No
Window Visible: No

Name: C:\Windows\System32\csrss.exe
PID: 500
Hidden: No
Window Visible: No

Name: C:\Windows\System32\wininit.exe
PID: 552
Hidden: No
Window Visible: No

Name: C:\Windows\System32\csrss.exe
PID: 564
Hidden: No
Window Visible: No

Name: C:\Windows\System32\services.exe
PID: 596
Hidden: No
Window Visible: No

Name: C:\Windows\System32\lsass.exe
PID: 612
Hidden: No
Window Visible: No

Name: C:\Windows\System32\lsm.exe
PID: 624
Hidden: No
Window Visible: No

Name: C:\Windows\System32\winlogon.exe
PID: 700
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 840
Hidden: No
Window Visible: No

Name: C:\Windows\System32\nvvsvc.exe
PID: 884
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 912
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 1008
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 1040
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 1060
Hidden: No
Window Visible: No

Name: C:\Windows\System32\audiodg.exe
PID: 1212
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 1236
Hidden: No
Window Visible: No

Name: C:\Windows\System32\SLsvc.exe
PID: 1256
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 1288
Hidden: No
Window Visible: No

Name: C:\Windows\System32\rundll32.exe
PID: 1344
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 1456
Hidden: No
Window Visible: No

Name: C:\Windows\System32\wlanext.exe
PID: 1640
Hidden: No
Window Visible: No

Name: C:\Windows\System32\spoolsv.exe
PID: 1800
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 1824
Hidden: No
Window Visible: No

Name: C:\Windows\System32\AERTSrv.exe
PID: 2044
Hidden: No
Window Visible: No

Name: C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
PID: 196
Hidden: No
Window Visible: No

Name: C:\PROGRA~1\AVG\AVG8\avgfws8.exe
PID: 264
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
PID: 280
Hidden: No
Window Visible: No

Name: C:\Windows\System32\CTSVCCDA.EXE
PID: 276
Hidden: No
Window Visible: No

Name: C:\Program Files\Dell\MFP_DELL\deMntrService.exe
PID: 444
Hidden: No
Window Visible: No

Name: C:\Program Files\Kontiki\KService.exe
PID: 508
Hidden: No
Window Visible: No

Name: C:\Program Files\Cheetah Burner\Cheetah DVD Burner\NMSAccess.exe
PID: 1620
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 1932
Hidden: No
Window Visible: No

Name: C:\Windows\System32\PSIService.exe
PID: 1560
Hidden: No
Window Visible: No

Name: C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PID: 1024
Hidden: No
Window Visible: No

Name: C:\Program Files\TalkTalk\bin\sprtsvc.exe
PID: 2092
Hidden: No
Window Visible: No

Name: C:\PROGRA~1\AVG\AVG8\avgam.exe
PID: 2144
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 2172
Hidden: No
Window Visible: No

Name: C:\PROGRA~1\AVG\AVG8\avgrsx.exe
PID: 2192
Hidden: No
Window Visible: No

Name: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
PID: 2208
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\SupportSoft\bin\tgsrvc.exe
PID: 2260
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 2324
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PID: 2396
Hidden: No
Window Visible: No

Name: C:\Windows\System32\SearchIndexer.exe
PID: 2524
Hidden: No
Window Visible: No

Name: C:\Windows\System32\taskeng.exe
PID: 2568
Hidden: No
Window Visible: No

Name: C:\Windows\System32\WUDFHost.exe
PID: 2576
Hidden: No
Window Visible: No

Name: C:\Program Files\Webroot\Washer\WasherSvc.exe
PID: 2632
Hidden: No
Window Visible: No

Name: C:\Windows\System32\drivers\XAudio.exe
PID: 2888
Hidden: No
Window Visible: No

Name: C:\PROGRA~1\AVG\AVG8\avgemc.exe
PID: 2956
Hidden: No
Window Visible: No

Name: C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PID: 3204
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PID: 3384
Hidden: No
Window Visible: No

Name: C:\Program Files\AVG\AVG8\avgcsrvx.exe
PID: 3488
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 2688
Hidden: No
Window Visible: No

Name: C:\Windows\servicing\TrustedInstaller.exe
PID: 1936
Hidden: No
Window Visible: No

Name: C:\Windows\System32\taskeng.exe
PID: 1976
Hidden: No
Window Visible: No

Name: C:\Program Files\Google\Update\GoogleUpdate.exe
PID: 2140
Hidden: No
Window Visible: No

Name: C:\Windows\System32\dwm.exe
PID: 3184
Hidden: No
Window Visible: No

Name: C:\Windows\explorer.exe
PID: 2792
Hidden: No
Window Visible: No

Name: C:\Windows\RtHDVCpl.exe
PID: 3504
Hidden: No
Window Visible: No

Name: C:\Program Files\AVG\AVG8\avgtray.exe
PID: 3316
Hidden: No
Window Visible: No

Name: C:\Program Files\TalkTalk\bin\sprtcmd.exe
PID: 3480
Hidden: No
Window Visible: No

Name: C:\Windows\ehome\ehtray.exe
PID: 3372
Hidden: No
Window Visible: No

Name: C:\Program Files\Digital Line Detect\DLG.exe
PID: 812
Hidden: No
Window Visible: No

Name: C:\Windows\ehome\ehmsas.exe
PID: 2700
Hidden: No
Window Visible: No

Name: C:\Windows\System32\wbem\unsecapp.exe
PID: 3812
Hidden: No
Window Visible: No

Name: C:\Windows\System32\wbem\WmiPrvSE.exe
PID: 1328
Hidden: No
Window Visible: No

Name: C:\Program Files\Internet Explorer\iexplore.exe
PID: 4172
Hidden: No
Window Visible: No

Name: C:\Program Files\Internet Explorer\iexplore.exe
PID: 4216
Hidden: No
Window Visible: No

Name: C:\Program Files\Windows Live\Toolbar\wltuser.exe
PID: 4352
Hidden: No
Window Visible: No

Name: C:\Windows\System32\SearchProtocolHost.exe
PID: 5692
Hidden: No
Window Visible: No

Name: C:\Windows\System32\SearchFilterHost.exe
PID: 3776
Hidden: No
Window Visible: No

Name: C:\Users\brian\Desktop\SysProt\SysProt.exe
PID: 4968
Hidden: No
Window Visible: Yes

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \??\C:\Users\brian\Desktop\SysProt\SysProtDrv.sys
Service Name: SysProtDrv.sys
Module Base: 9E593000
Module End: 9E59E000
Hidden: No

Module Name: C:\Windows\system32\ntkrnlpa.exe
Service Name: ---
Module Base: 8263F000
Module End: 829F8000
Hidden: No

Module Name: C:\Windows\system32\hal.dll
Service Name: ---
Module Base: 8260C000
Module End: 8263F000
Hidden: No

Module Name: C:\Windows\system32\kdcom.dll
Service Name: ---
Module Base: 8040F000
Module End: 80416000
Hidden: No

Module Name: C:\Windows\system32\PSHED.dll
Service Name: ---
Module Base: 80416000
Module End: 80427000
Hidden: No

Module Name: C:\Windows\system32\BOOTVID.dll
Service Name: ---
Module Base: 80427000
Module End: 8042F000
Hidden: No

Module Name: C:\Windows\system32\CLFS.SYS
Service Name: CLFS
Module Base: 8042F000
Module End: 80470000
Hidden: No

Module Name: C:\Windows\system32\CI.dll
Service Name: ---
Module Base: 80470000
Module End: 80550000
Hidden: No

Module Name: C:\Windows\system32\drivers\Wdf01000.sys
Service Name: Wdf01000
Module Base: 80550000
Module End: 805CC000
Hidden: No

Module Name: C:\Windows\system32\drivers\WDFLDR.SYS
Service Name: ---
Module Base: 805CC000
Module End: 805D9000
Hidden: No

Module Name: C:\Windows\system32\drivers\acpi.sys
Service Name: ACPI
Module Base: 8060C000
Module End: 80652000
Hidden: No

Module Name: C:\Windows\system32\drivers\WMILIB.SYS
Service Name: ---
Module Base: 80652000
Module End: 8065B000
Hidden: No

Module Name: C:\Windows\system32\drivers\msisadrv.sys
Service Name: msisadrv
Module Base: 8065B000
Module End: 80663000
Hidden: No

Module Name: C:\Windows\system32\drivers\pci.sys
Service Name: pci
Module Base: 80663000
Module End: 8068A000
Hidden: No

Module Name: C:\Windows\System32\drivers\partmgr.sys
Service Name: partmgr
Module Base: 8068A000
Module End: 80699000
Hidden: No

Module Name: C:\Windows\system32\drivers\volmgr.sys
Service Name: volmgr
Module Base: 80699000
Module End: 806A8000
Hidden: No

Module Name: C:\Windows\System32\drivers\volmgrx.sys
Service Name: volmgrx
Module Base: 806A8000
Module End: 806F2000
Hidden: No

Module Name: C:\Windows\system32\drivers\pciide.sys
Service Name: pciide
Module Base: 806F2000
Module End: 806F9000
Hidden: No

Module Name: C:\Windows\system32\drivers\PCIIDEX.SYS
Service Name: ---
Module Base: 806F9000
Module End: 80707000
Hidden: No

Module Name: C:\Windows\System32\drivers\mountmgr.sys
Service Name: MountMgr
Module Base: 80707000
Module End: 80717000
Hidden: No

Module Name: C:\Windows\system32\drivers\atapi.sys
Service Name: atapi
Module Base: 80717000
Module End: 8071F000
Hidden: No

Module Name: C:\Windows\system32\drivers\ataport.SYS
Service Name: ---
Module Base: 8071F000
Module End: 8073D000
Hidden: No

Module Name: C:\Windows\system32\drivers\nvstor.sys
Service Name: nvstor
Module Base: 8073D000
Module End: 8074A000
Hidden: No

Module Name: C:\Windows\system32\drivers\storport.sys
Service Name: ---
Module Base: 8074A000
Module End: 8078B000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\nvstor32.sys
Service Name: nvstor32
Module Base: 8078B000
Module End: 807A8000
Hidden: No

Module Name: C:\Windows\system32\drivers\FLTMGR.SYS
Service Name: FltMgr
Module Base: 807B8000
Module End: 807EA000
Hidden: No

Module Name: C:\Windows\system32\drivers\PCTCore.sys
Service Name: PCTCore
Module Base: 805D9000
Module End: 805FC000
Hidden: No

Module Name: C:\Windows\System32\Drivers\ksecdd.sys
Service Name: KSecDD
Module Base: 83001000
Module End: 83072000
Hidden: No

Module Name: C:\Windows\system32\drivers\ndis.sys
Service Name: NDIS
Module Base: 83072000
Module End: 8317D000
Hidden: No

Module Name: C:\Windows\system32\drivers\msrpc.sys
Service Name: MsRPC
Module Base: 8317D000
Module End: 831A8000
Hidden: No

Module Name: C:\Windows\system32\drivers\NETIO.SYS
Service Name: ---
Module Base: 831A8000
Module End: 831E3000
Hidden: No

Module Name: C:\Windows\System32\drivers\tcpip.sys
Service Name: Tcpip
Module Base: 83201000
Module End: 832EB000
Hidden: No

Module Name: C:\Windows\System32\drivers\fwpkclnt.sys
Service Name: ---
Module Base: 832EB000
Module End: 83306000
Hidden: No

Module Name: C:\Windows\System32\Drivers\Ntfs.sys
Service Name: Ntfs
Module Base: 8A609000
Module End: 8A719000
Hidden: No

Module Name: C:\Windows\system32\drivers\volsnap.sys
Service Name: volsnap
Module Base: 8A719000
Module End: 8A752000
Hidden: No

Module Name: C:\Windows\System32\Drivers\spldr.sys
Service Name: spldr
Module Base: 8A752000
Module End: 8A75A000
Hidden: No

Module Name: C:\Windows\System32\Drivers\mup.sys
Service Name: Mup
Module Base: 8A75A000
Module End: 8A769000
Hidden: No

Module Name: C:\Windows\System32\drivers\ecache.sys
Service Name: Ecache
Module Base: 8A769000
Module End: 8A790000
Hidden: No

Module Name: C:\Windows\system32\drivers\disk.sys
Service Name: disk
Module Base: 8A790000
Module End: 8A7A1000
Hidden: No

Module Name: C:\Windows\system32\drivers\CLASSPNP.SYS
Service Name: ---
Module Base: 8A7A1000
Module End: 8A7C2000
Hidden: No

Module Name: C:\Windows\system32\drivers\crcdisk.sys
Service Name: crcdisk
Module Base: 8A7C2000
Module End: 8A7CB000
Hidden: No

Module Name: C:\Windows\System32\Drivers\avgrkx86.sys
Service Name: AvgRkx86
Module Base: 8A7CB000
Module End: 8A7CD000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\tunnel.sys
Service Name: tunnel
Module Base: 8A7F4000
Module End: 8A7FF000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\tunmp.sys
Service Name: tunmp
Module Base: 8A600000
Module End: 8A609000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\amdk8.sys
Service Name: AmdK8
Module Base: 83323000
Module End: 83333000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\usbohci.sys
Service Name: usbohci
Module Base: 83333000
Module End: 8333D000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\USBPORT.SYS
Service Name: ---
Module Base: 8333D000
Module End: 8337B000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\usbehci.sys
Service Name: usbehci
Module Base: 8337B000
Module End: 8338A000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\HSXHWBS2.sys
Service Name: HSXHWBS2
Module Base: 8338A000
Module End: 833D4000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\ks.sys
Service Name: ---
Module Base: 833D4000
Module End: 833FE000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\HSX_DPV.sys
Service Name: HSF_DPV
Module Base: 8E00C000
Module End: 8E10F000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\HSX_CNXT.sys
Service Name: winachsf
Module Base: 8E10F000
Module End: 8E1C3000
Hidden: No

Module Name: C:\Windows\system32\drivers\modem.sys
Service Name: Modem
Module Base: 8E1C3000
Module End: 8E1D0000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\bcmwl6.sys
Service Name: BCM43XX
Module Base: 8E608000
Module End: 8E70A000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\HDAudBus.sys
Service Name: HDAudBus
Module Base: 8E70A000
Module End: 8E797000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\nvmfdx32.sys
Service Name: NVENETFD
Module Base: 8E804000
Module End: 8E906000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\cdrom.sys
Service Name: cdrom
Module Base: 8E906000
Module End: 8E91E000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
Service Name: GEARAspiWDM
Module Base: 8E91E000
Module End: 8E928000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\nvlddmkm.sys
Service Name: nvlddmkm
Module Base: 8EC09000
Module End: 8F327000
Hidden: No

Module Name: C:\Windows\System32\drivers\dxgkrnl.sys
Service Name: DXGKrnl
Module Base: 8F327000
Module End: 8F3C6000
Hidden: No

Module Name: C:\Windows\System32\drivers\watchdog.sys
Service Name: ---
Module Base: 8F3C6000
Module End: 8F3D2000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\msiscsi.sys
Service Name: iScsiPrt
Module Base: 8E928000
Module End: 8E957000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\TDI.SYS
Service Name: ---
Module Base: 8F3D2000
Module End: 8F3DD000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\rasl2tp.sys
Service Name: Rasl2tp
Module Base: 8F3DD000
Module End: 8F3F4000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\ndistapi.sys
Service Name: NdisTapi
Module Base: 8F3F4000
Module End: 8F3FF000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\ndiswan.sys
Service Name: NdisWan
Module Base: 8E957000
Module End: 8E97A000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\raspppoe.sys
Service Name: RasPppoe
Module Base: 8E97A000
Module End: 8E989000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\raspptp.sys
Service Name: PptpMiniport
Module Base: 8E989000
Module End: 8E99D000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\rassstp.sys
Service Name: RasSstp
Module Base: 8E99D000
Module End: 8E9B2000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\termdd.sys
Service Name: TermDD
Module Base: 8E9B2000
Module End: 8E9C2000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\kbdclass.sys
Service Name: kbdclass
Module Base: 8E9C2000
Module End: 8E9CD000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mouclass.sys
Service Name: mouclass
Module Base: 8E9CD000
Module End: 8E9D8000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\swenum.sys
Service Name: swenum
Module Base: 8EC00000
Module End: 8EC02000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mssmbios.sys
Service Name: mssmbios
Module Base: 8E9D8000
Module End: 8E9E2000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\umbus.sys
Service Name: umbus
Module Base: 8E9E2000
Module End: 8E9EF000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\usbhub.sys
Service Name: usbhub
Module Base: 8E797000
Module End: 8E7CC000
Hidden: No

Module Name: C:\Windows\System32\Drivers\NDProxy.SYS
Service Name: NDProxy
Module Base: 8E9EF000
Module End: 8EA00000
Hidden: No

Module Name: C:\Windows\system32\drivers\RTKVHDA.sys
Service Name: IntcAzAudAddService
Module Base: 8F400000
Module End: 8F5F5000
Hidden: No

Module Name: C:\Windows\system32\drivers\portcls.sys
Service Name: ---
Module Base: 8E7CC000
Module End: 8E7F9000
Hidden: No

Module Name: C:\Windows\system32\drivers\drmk.sys
Service Name: ---
Module Base: 8E1D0000
Module End: 8E1F5000
Hidden: No

Module Name: C:\Windows\System32\Drivers\Fs_Rec.SYS
Service Name: Fs_Rec
Module Base: 8F5F5000
Module End: 8F5FE000
Hidden: No

Module Name: C:\Windows\System32\Drivers\Null.SYS
Service Name: Null
Module Base: 8EC02000
Module End: 8EC09000
Hidden: No

Module Name: C:\Windows\System32\Drivers\Beep.SYS
Service Name: Beep
Module Base: 8E7F9000
Module End: 8E800000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\HIDPARSE.SYS
Service Name: ---
Module Base: 8E600000
Module End: 8E607000
Hidden: No

Module Name: C:\Windows\System32\drivers\vga.sys
Service Name: vga
Module Base: 8E000000
Module End: 8E00C000
Hidden: No

Module Name: C:\Windows\System32\drivers\VIDEOPRT.SYS
Service Name: ---
Module Base: 8F803000
Module End: 8F824000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\RDPCDD.sys
Service Name: RDPCDD
Module Base: 8F824000
Module End: 8F82C000
Hidden: No

Module Name: C:\Windows\system32\drivers\rdpencdd.sys
Service Name: RDPENCDD
Module Base: 8F82C000
Module End: 8F834000
Hidden: No

Module Name: C:\Windows\System32\Drivers\Msfs.SYS
Service Name: Msfs
Module Base: 8F834000
Module End: 8F83F000
Hidden: No

Module Name: C:\Windows\System32\Drivers\Npfs.SYS
Service Name: Npfs
Module Base: 8F83F000
Module End: 8F84D000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\rasacd.sys
Service Name: RasAcd
Module Base: 8F84D000
Module End: 8F856000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\avgfwd6x.sys
Service Name: Avgfwfd
Module Base: 8F856000
Module End: 8F85F000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\tdx.sys
Service Name: tdx
Module Base: 8F85F000
Module End: 8F875000
Hidden: No

Module Name: C:\Windows\System32\Drivers\avgtdix.sys
Service Name: AvgTdiX
Module Base: 8F875000
Module End: 8F88E000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\netbt.sys
Service Name: netbt
Module Base: 8F88E000
Module End: 8F8C0000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\smb.sys
Service Name: Smb
Module Base: 8F8C0000
Module End: 8F8D4000
Hidden: No

Module Name: C:\Windows\system32\drivers\afd.sys
Service Name: AFD
Module Base: 8F8D4000
Module End: 8F91C000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\pacer.sys
Service Name: PSched
Module Base: 8F91C000
Module End: 8F932000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\netbios.sys
Service Name: NetBIOS
Module Base: 8F932000
Module End: 8F940000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\wanarp.sys
Service Name: Wanarp
Module Base: 8F940000
Module End: 8F953000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\rdbss.sys
Service Name: rdbss
Module Base: 8F953000
Module End: 8F98F000
Hidden: No

Module Name: C:\Windows\system32\drivers\nsiproxy.sys
Service Name: nsiproxy
Module Base: 8F98F000
Module End: 8F999000
Hidden: No

Module Name: C:\Windows\System32\Drivers\dfsc.sys
Service Name: DfsC
Module Base: 8F999000
Module End: 8F9B0000
Hidden: No

Module Name: C:\Windows\System32\Drivers\avgmfx86.sys
Service Name: AvgMfx86
Module Base: 8F9B0000
Module End: 8F9B6000
Hidden: No

Module Name: C:\Windows\System32\Drivers\avgldx86.sys
Service Name: AvgLdx86
Module Base: 8FA0C000
Module End: 8FA5D000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\usbccgp.sys
Service Name: usbccgp
Module Base: 8FA5D000
Module End: 8FA74000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\USBD.SYS
Service Name: ---
Module Base: 8FA74000
Module End: 8FA76000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\hidusb.sys
Service Name: HidUsb
Module Base: 8FA76000
Module End: 8FA7F000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\HIDCLASS.SYS
Service Name: ---
Module Base: 8FA7F000
Module End: 8FA8F000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\kbdhid.sys
Service Name: kbdhid
Module Base: 8FA8F000
Module End: 8FA98000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mouhid.sys
Service Name: mouhid
Module Base: 8FA98000
Module End: 8FAA0000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\moufiltr.sys
Service Name: moufiltr
Module Base: 8FAA0000
Module End: 8FAA8000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\USBSTOR.SYS
Service Name: USBSTOR
Module Base: 8FAA8000
Module End: 8FABD000
Hidden: No

Module Name: C:\Windows\System32\Drivers\crashdmp.sys
Service Name: ---
Module Base: 8FABD000
Module End: 8FACA000
Hidden: No

Module Name: \SystemRoot\System32\Drivers\dump_diskdump.sys
Service Name: ---
Module Base: 8FACA000
Module End: 8FAD4000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_nvstor32.sys
Service Name: ---
Module Base: 8FAD4000
Module End: 8FAF1000
Hidden: Yes

Module Name: C:\Windows\System32\drivers\Dxapi.sys
Service Name: ---
Module Base: 8FAF1000
Module End: 8FAFB000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\monitor.sys
Service Name: monitor
Module Base: 8FAFB000
Module End: 8FB0A000
Hidden: No

Module Name: C:\Windows\system32\drivers\luafv.sys
Service Name: luafv
Module Base: 8FB0A000
Module End: 8FB25000
Hidden: No

Module Name: C:\Windows\system32\drivers\spsys.sys
Service Name: ---
Module Base: 8FB2D000
Module End: 8FBDD000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\lltdio.sys
Service Name: lltdio
Module Base: 8FBDD000
Module End: 8FBED000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\nwifi.sys
Service Name: NativeWifiP
Module Base: 8F9B6000
Module End: 8F9E0000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\ndisuio.sys
Service Name: Ndisuio
Module Base: 8FBED000
Module End: 8FBF7000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\rspndr.sys
Service Name: rspndr
Module Base: 8F9E0000
Module End: 8F9F3000
Hidden: No

Module Name: C:\Windows\system32\drivers\HTTP.sys
Service Name: HTTP
Module Base: 9D205000
Module End: 9D270000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\srvnet.sys
Service Name: srvnet
Module Base: 9D270000
Module End: 9D28D000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\bowser.sys
Service Name: bowser
Module Base: 9D28D000
Module End: 9D2A6000
Hidden: No

Module Name: C:\Windows\System32\drivers\mpsdrv.sys
Service Name: mpsdrv
Module Base: 9D2A6000
Module End: 9D2BB000
Hidden: No

Module Name: C:\Windows\system32\drivers\mrxdav.sys
Service Name: MRxDAV
Module Base: 9D2BB000
Module End: 9D2DC000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mrxsmb.sys
Service Name: mrxsmb
Module Base: 9D2DC000
Module End: 9D2FB000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mrxsmb10.sys
Service Name: mrxsmb10
Module Base: 9D2FB000
Module End: 9D334000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mrxsmb20.sys
Service Name: mrxsmb20
Module Base: 9D334000
Module End: 9D34C000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\srv2.sys
Service Name: srv2
Module Base: 9D34C000
Module End: 9D373000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\srv.sys
Service Name: srv
Module Base: 9D373000
Module End: 9D3BF000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mdmxsdk.sys
Service Name: mdmxsdk
Module Base: 9D3D7000
Module End: 9D3DB000
Hidden: No

Module Name: C:\Windows\system32\drivers\peauth.sys
Service Name: PEAUTH
Module Base: 9E407000
Module End: 9E4E5000
Hidden: No

Module Name: C:\Windows\System32\Drivers\secdrv.SYS
Service Name: secdrv
Module Base: 9E4E5000
Module End: 9E4EF000
Hidden: No

Module Name: C:\Windows\System32\drivers\tcpipreg.sys
Service Name: tcpipreg
Module Base: 9E4EF000
Module End: 9E4FB000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\WUDFRd.sys
Service Name: WUDFRd
Module Base: 9E4FB000
Module End: 9E510000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\WUDFPf.sys
Service Name: ---
Module Base: 9E510000
Module End: 9E522000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\xaudio.sys
Service Name: XAudio
Module Base: 9E522000
Module End: 9E52A000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\cdfs.sys
Service Name: cdfs
Module Base: 9E52A000
Module End: 9E540000
Hidden: No

Module Name: C:\Windows\system32\drivers\fileinfo.sys
Service Name: FileInfo
Module Base: 9E550000
Module End: 9E560000
Hidden: No

Module Name: C:\Windows\System32\Drivers\fastfat.SYS
Service Name: fastfat
Module Base: 9E56B000
Module End: 9E593000
Hidden: No

******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwCreateProcess
Address: 805E0282
Driver Base: 805D9000
Driver End: 805FC000
Driver Name: \SystemRoot\system32\drivers\PCTCore.sys

Function Name: ZwCreateProcessEx
Address: 805E0474
Driver Base: 805D9000
Driver End: 805FC000
Driver Name: \SystemRoot\system32\drivers\PCTCore.sys

Function Name: ZwTerminateProcess
Address: 805DFF32
Driver Base: 805D9000
Driver End: 805FC000
Driver Name: \SystemRoot\system32\drivers\PCTCore.sys

Function Name: ZwCreateUserProcess
Address: 805E067C
Driver Base: 805D9000
Driver End: 805FC000
Driver Name: \SystemRoot\system32\drivers\PCTCore.sys

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
No IRP Hooks found

******************************************************************************************
******************************************************************************************
Ports:
Local Address: BRIAN-PC:NETBIOS-SSN
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: BRIAN-PC:NETBIOS-SSN
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: BRIAN-PC:18080
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: LISTENING

Local Address: BRIAN-PC:15190
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: LISTENING

Local Address: BRIAN-PC:15050
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: LISTENING

Local Address: BRIAN-PC:13128
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: LISTENING

Local Address: BRIAN-PC:11863
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: LISTENING

Local Address: BRIAN-PC:10110
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgemc.exe
State: LISTENING

Local Address: BRIAN-PC:10080
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: LISTENING

Local Address: BRIAN-PC:49161
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\services.exe
State: LISTENING

Local Address: BRIAN-PC:49159
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\svchost.exe
State: LISTENING

Local Address: BRIAN-PC:49155
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\lsass.exe
State: LISTENING

Local Address: BRIAN-PC:49154
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\svchost.exe
State: LISTENING

Local Address: BRIAN-PC:49153
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\svchost.exe
State: LISTENING

Local Address: BRIAN-PC:49152
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\wininit.exe
State: LISTENING

Local Address: BRIAN-PC:5357
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: BRIAN-PC:MICROSOFT-DS
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: BRIAN-PC:EPMAP
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\svchost.exe
State: LISTENING

Local Address: BRIAN-PC:60615
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: BRIAN-PC:SSDP
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: BRIAN-PC:138
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: BRIAN-PC:NETBIOS-NS
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: BRIAN-PC:60614
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: BRIAN-PC:SSDP
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: BRIAN-PC:138
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: BRIAN-PC:NETBIOS-NS
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: BRIAN-PC:60637
Remote Address: NA
Type: UDP
Process: C:\Program Files\Internet Explorer\iexplore.exe
State: NA

Local Address: BRIAN-PC:60616
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: BRIAN-PC:49514
Remote Address: NA
Type: UDP
Process: C:\Program Files\Internet Explorer\iexplore.exe
State: NA

Local Address: BRIAN-PC:SSDP
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: BRIAN-PC:61826
Remote Address: NA
Type: UDP
Process: C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
State: NA

Local Address: BRIAN-PC:60608
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: BRIAN-PC:54411
Remote Address: NA
Type: UDP
Process: C:\PROGRA~1\AVG\AVG8\avgemc.exe
State: NA

Local Address: BRIAN-PC:51550
Remote Address: NA
Type: UDP
Process: C:\PROGRA~1\AVG\AVG8\avgemc.exe
State: NA

Local Address: BRIAN-PC:51549
Remote Address: NA
Type: UDP
Process: C:\PROGRA~1\AVG\AVG8\avgemc.exe
State: NA

Local Address: BRIAN-PC:51548
Remote Address: NA
Type: UDP
Process: C:\PROGRA~1\AVG\AVG8\avgemc.exe
State: NA

Local Address: BRIAN-PC:LLMNR
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: BRIAN-PC:IPSEC-MSFT
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: BRIAN-PC:UPNP-DISCOVERY
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: BRIAN-PC:UPNP-DISCOVERY
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: BRIAN-PC:500
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: BRIAN-PC:123
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: D:\System Volume Information\tracking.log
Status: Access denied

Object: C:\System Volume Information\MountPointManagerRemoteDatabase
Status: Access denied

Object: C:\System Volume Information\SPP
Status: Access denied

Object: C:\System Volume Information\SystemRestore
Status: Access denied

Object: C:\System Volume Information\tracking.log
Status: Access denied

Object: C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\System Volume Information\{5260add2-9fd4-11de-a759-001e4f564a31}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\System Volume Information\{b4afa4dc-9f27-11de-a929-001e4f564a31}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTkerberos.etl
Status: Access denied

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.6 by Gmer, http://www.gmer.net

device: opened successfully
user: error reading MBR
kernel: error reading MBR
  • 0

#12
fenzodahl512
Posted 13 September 2009 - 06:37 AM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Please download avz4.zip and unzip it to your Desktop

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before this fix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..


  • Close all windows then double click on AVZ.exe
  • Click File >> Custom scripts
  • Copy & paste the contents of the following codebox in the box in the program

    begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
SetServiceStart('rotscxmbwxrxib', 4);
StopService('rotscxmbwxrxib');
DeleteService('rotscxmbwxrxib');
SetServiceStart('rotscxssdntkcp', 4);
StopService('rotscxssdntkcp');
DeleteService('rotscxssdntkcp');
DeleteFile('C:\Windows\system32\drivers\rotscxoykpmacv.sys');
DeleteFile('C:\Windows\system32\drivers\rotscxqsebxmxd.sys');
BC_ImportDeletedList;
ExecuteSysClean;
BC_DisableSvc('rotscxmbwxrxib');
BC_DeleteSvc('rotscxmbwxrxib');
BC_DeleteSvcReg('rotscxmbwxrxib');
BC_DisableSvc('rotscxssdntkcp');
BC_DeleteSvc('rotscxssdntkcp');
BC_DeleteSvcReg('rotscxssdntkcp');
BC_DeleteFile('C:\Windows\system32\drivers\rotscxoykpmacv.sys');
BC_DeleteFile('C:\Windows\system32\drivers\rotscxqsebxmxd.sys');
BC_Activate;
RebootWindows(true);
end.

  • Note: When you run the script, your PC will be restarted
  • Click Run
  • Restart your PC if it doesn't do it automatically.


Then run ComboFix once again and post the log here
  • 0

#13
cuda67
Posted 13 September 2009 - 08:51 AM

cuda67

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
ComboFix 09-09-12.A0 - brian 13/09/2009 15:31.4.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3006.1934 [GMT 1:00]
Running from: c:\users\brian\Desktop\Combo-Fix.exe
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
.

((((((((((((((((((((((((( Files Created from 2009-08-13 to 2009-09-13 )))))))))))))))))))))))))))))))
.

2009-09-13 14:39 . 2009-09-13 14:39 -------- d-----w- c:\users\brian\AppData\Local\temp
2009-09-13 14:39 . 2009-09-13 14:39 -------- d-----w- c:\users\ReleaseEngineer.MACROVISION\AppData\Local\temp
2009-09-13 14:39 . 2009-09-13 14:39 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-09-13 14:39 . 2009-09-13 14:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-09-11 23:02 . 2009-09-11 23:02 -------- d-----w- C:\found.000
2009-09-11 22:37 . 2009-09-11 23:15 -------- d-----w- c:\program files\trend micro
2009-09-11 22:37 . 2009-09-11 22:38 -------- d-----w- C:\rsit
2009-09-10 22:06 . 2009-09-11 11:57 -------- d-----w- c:\users\brian\Tracing
2009-09-10 22:00 . 2009-09-10 22:00 -------- d-----w- c:\program files\ERUNT
2009-09-10 21:57 . 2009-09-10 21:57 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2009-09-10 21:57 . 2009-08-05 21:48 54632 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2009-09-10 21:57 . 2009-09-10 21:57 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-09-10 21:55 . 2009-09-10 21:55 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-09-10 21:55 . 2009-09-10 21:57 -------- d-----w- c:\program files\Windows Live
2009-09-10 18:53 . 2009-09-10 18:53 -------- d-----w- c:\users\brian\Catering things i have made
2009-09-10 18:40 . 2009-09-10 18:40 -------- d-----w- c:\users\brian\AppData\Roaming\AVS4YOU
2009-09-10 18:39 . 2009-09-10 18:40 -------- d-----w- c:\program files\Common Files\AVSMedia
2009-09-10 18:39 . 2009-09-10 19:04 -------- d-----w- c:\program files\AVS4YOU
2009-09-10 18:39 . 2003-05-21 12:50 24576 ----a-w- c:\windows\system32\msxml3a.dll
2009-09-10 18:31 . 2009-09-10 18:31 -------- d-----w- c:\program files\Xilisoft
2009-09-10 10:43 . 2009-09-10 10:43 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2009-09-10 10:43 . 2009-09-10 10:43 25512 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2009-09-10 10:43 . 2009-09-10 10:43 13224 ----a-w- c:\windows\system32\drivers\ggflt.sys
2009-09-09 10:25 . 2009-09-09 10:25 -------- d-----w- c:\users\brian\Office Genuine Advantage
2009-09-09 09:39 . 2009-07-11 19:01 513536 ----a-w- c:\windows\system32\wlansvc.dll
2009-09-09 09:39 . 2009-07-11 19:01 65024 ----a-w- c:\windows\system32\wlanapi.dll
2009-09-09 09:39 . 2009-06-10 11:41 2868224 ----a-w- c:\windows\system32\mf.dll
2009-09-07 23:01 . 2009-09-07 23:01 -------- d-----w- c:\users\brian\AppData\Roaming\Malwarebytes
2009-09-07 23:01 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-07 23:01 . 2009-09-10 22:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-07 23:01 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-07 14:31 . 2009-09-07 14:31 -------- d-----w- c:\users\Public\Games
2009-09-04 18:19 . 2008-12-11 07:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-09-04 18:19 . 2009-04-03 10:18 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-09-04 18:19 . 2008-12-18 11:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-09-04 18:19 . 2009-09-04 18:19 -------- d-----w- c:\program files\Common Files\PC Tools
2009-09-04 18:19 . 2008-12-10 10:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-09-04 18:18 . 2009-09-04 18:18 -------- d-----w- c:\users\brian\AppData\Roaming\PC Tools
2009-09-03 19:02 . 2009-09-03 19:02 30720 ----a-w- c:\windows\system32\7EE983E52D57964A.exe
2009-09-02 21:15 . 2009-08-29 00:14 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-09-02 21:15 . 2009-08-29 00:27 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-26 21:29 . 2009-06-22 10:09 2048 ----a-w- c:\windows\system32\tzres.dll
2009-08-19 06:32 . 2009-08-19 06:36 -------- d-----w- c:\windows\system32\ca-ES
2009-08-19 06:32 . 2009-08-19 06:36 -------- d-----w- c:\windows\system32\eu-ES
2009-08-19 06:32 . 2009-08-19 06:36 -------- d-----w- c:\windows\system32\vi-VN
2009-08-19 04:34 . 2009-08-19 04:34 -------- d-----w- c:\windows\system32\EventProviders
2009-08-18 20:25 . 2009-04-11 06:32 48104 ----a-w- c:\windows\system32\drivers\mup.sys
2009-08-18 08:46 . 2009-08-18 08:46 -------- d-----w- c:\program files\Common Files\Windows Live

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-12 16:23 . 2008-10-06 22:28 -------- d-----w- c:\users\brian\AppData\Roaming\uTorrent
2009-09-10 21:55 . 2009-08-14 12:01 -------- d-----w- c:\program files\Microsoft
2009-09-10 10:56 . 2009-09-10 10:56 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ggsemc_01007.Wdf
2009-09-10 10:45 . 2008-04-02 10:43 -------- d-----w- c:\program files\Avanquest update
2009-09-10 10:43 . 2008-07-17 11:28 -------- d-----w- c:\program files\Sony Ericsson
2009-09-10 10:34 . 2008-06-19 20:01 1652 ----a-w- c:\users\brian\AppData\Roaming\wklnhst.dat
2009-09-09 09:46 . 2008-05-27 22:21 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-09 09:41 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-09-05 10:30 . 2008-03-28 19:02 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-04 16:50 . 2009-09-04 16:50 7396 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-09-03 20:00 . 2008-06-29 20:48 -------- d-----w- c:\program files\Common Files\Apple
2009-08-30 18:26 . 2009-06-24 09:19 -------- d-----w- c:\users\brian\AppData\Roaming\vlc
2009-08-19 15:10 . 2008-07-05 09:01 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-19 06:36 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-08-19 06:36 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-08-19 06:36 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-08-19 06:36 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-08-19 06:36 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-08-19 06:36 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-08-14 16:27 . 2009-09-09 09:40 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 15:53 . 2009-09-09 09:40 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49 . 2009-09-09 09:40 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49 . 2009-09-09 09:40 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49 . 2009-09-09 09:40 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49 . 2009-09-09 09:40 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49 . 2009-09-09 09:40 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49 . 2009-09-09 09:40 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49 . 2009-09-09 09:40 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48 . 2009-09-09 09:40 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-08-14 13:48 . 2009-09-09 09:40 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-13 12:00 . 2009-08-12 15:34 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2009-08-12 20:58 . 2009-07-27 20:34 -------- d-----w- c:\users\brian\AppData\Roaming\Xfire
2009-08-11 13:10 . 2009-02-11 19:16 1356 ----a-w- c:\users\brian\AppData\Local\d3d9caps.dat
2009-08-11 08:28 . 2008-06-29 20:50 -------- d-----w- c:\users\brian\AppData\Roaming\Apple Computer
2009-08-11 08:16 . 2009-08-11 08:15 -------- d-----w- c:\program files\iTunes
2009-08-11 08:15 . 2009-08-11 08:15 -------- d-----w- c:\program files\iPod
2009-08-10 13:48 . 2009-08-03 14:52 -------- d--h--w- c:\users\brian\AppData\Roaming\ijjigame
2009-08-10 08:51 . 2008-04-02 11:41 -------- d-----w- c:\users\brian\AppData\Roaming\LimeWire
2009-08-03 14:07 . 2009-08-03 14:07 403816 ----a-w- c:\windows\system32\OGACheckControl.dll
2009-08-03 14:07 . 2009-08-03 14:07 322928 ----a-w- c:\windows\system32\OGAAddin.dll
2009-08-03 14:07 . 2009-08-03 14:07 230768 ----a-w- c:\windows\system32\OGAEXEC.exe
2009-07-31 08:19 . 2008-09-23 09:53 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-07-31 08:19 . 2008-09-23 09:53 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-31 08:19 . 2008-09-23 09:53 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-07-27 20:34 . 2009-07-27 20:34 -------- d-----w- c:\program files\Xfire
2009-07-27 15:37 . 2008-04-01 10:30 106936 ----a-w- c:\users\brian\AppData\Local\GDIPFONTCACHEV1.DAT
2009-07-27 14:29 . 2009-07-27 14:29 -------- d-----w- c:\program files\Common Files\INCA Shared
2009-07-27 12:03 . 2009-07-27 12:03 -------- d-----w- c:\program files\Games-Masters.com
2009-07-26 15:44 . 2009-07-26 15:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
2009-07-21 21:52 . 2009-07-29 11:57 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-29 11:57 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-29 11:57 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-29 11:57 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-17 13:54 . 2009-08-12 10:17 71680 ----a-w- c:\windows\system32\atl.dll
2009-07-15 12:40 . 2009-08-12 10:17 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-07-15 12:39 . 2009-08-12 10:17 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-15 12:39 . 2009-08-12 10:17 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-07-15 12:39 . 2009-08-12 10:17 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-07-11 19:01 . 2009-09-09 09:40 302592 ----a-w- c:\windows\system32\wlansec.dll
2009-07-11 19:01 . 2009-09-09 09:40 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2009-07-11 17:03 . 2009-09-09 09:40 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2009-07-10 11:15 . 2009-07-10 11:15 306544 ----a-w- c:\windows\WLXPGSS.SCR
2009-06-20 18:28 . 2008-06-12 19:36 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-06-15 23:15 . 2009-08-14 11:59 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-15 14:54 . 2009-08-14 11:59 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-06-15 14:53 . 2009-07-15 00:31 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 14:53 . 2009-08-14 11:59 72704 ----a-w- c:\windows\system32\secur32.dll
2009-06-15 14:53 . 2009-08-14 11:59 270848 ----a-w- c:\windows\system32\schannel.dll
2009-06-15 14:53 . 2009-08-14 11:59 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-15 14:52 . 2009-08-14 11:59 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-15 14:52 . 2009-07-15 00:31 23552 ----a-w- c:\windows\system32\lpk.dll
2009-06-15 14:52 . 2009-08-14 11:59 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-06-15 14:52 . 2009-07-15 00:31 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 14:51 . 2009-07-15 00:31 10240 ----a-w- c:\windows\system32\dciman32.dll
2008-05-25 15:21 . 2008-04-01 23:27 88 --sh--r- c:\windows\System32\83D76F9165.sys
2008-05-29 15:01 . 2008-05-29 14:59 88 --sha-r- c:\windows\System32\C45CADE526.sys
2008-05-29 15:02 . 2008-04-01 23:27 4076 --sha-w- c:\windows\System32\KGyGaAvL.sys
2008-03-29 02:39 . 2008-03-29 02:25 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((( SnapShot@2009-09-12_19.15.21 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-03-28 19:26 . 2009-09-13 14:22 71726 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-09-13 14:22 77838 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-04-01 10:31 . 2009-09-13 14:22 20058 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2042307149-782054855-2312145781-1000_UserData.bin
- 2008-04-01 10:24 . 2009-09-12 19:15 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-04-01 10:24 . 2009-09-13 14:21 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-04-01 10:24 . 2009-09-12 19:15 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-01 10:24 . 2009-09-13 14:21 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-01 10:24 . 2009-09-13 14:21 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-04-01 10:24 . 2009-09-12 19:15 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-04-02 20:13 . 2009-09-13 14:19 5204 c:\windows\System32\WDI\ERCQueuedResolutions.dat
+ 2009-09-13 14:20 . 2009-09-13 14:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-09-13 14:20 . 2009-09-13 14:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-03-29 22:41 . 2009-09-13 14:21 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-03-29 22:41 . 2009-09-12 09:25 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VolPanel"="c:\program files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" [2006-11-27 180224]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-02 13535776]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-13 2007832]
"TalkTalk"="c:\program files\TalkTalk\bin\sprtcmd.exe" [2007-10-12 202016]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-01-17 4907008]

c:\users\brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-3-28 50688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):32,65,90,dd,97,20,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2042307149-782054855-2312145781-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{19EA1263-2197-4D76-A7B0-20E8419A110B}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{9828E6B1-9120-48D2-B0C1-1A634D59200B}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{4C64D948-691A-4507-872A-B13BD9230963}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{DBFDB629-E7B9-4CBA-875B-69D16FF28010}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"{DE516DD3-4502-448D-ACCE-E1292932FA33}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{FF4ADB99-9786-4223-9788-1BB8C2CD0D2F}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{49B70A0A-21D5-4DCE-8B51-AE17CBF20795}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
"{61918BBE-0739-4F16-9714-C90543783119}"= UDP:c:\program files\Google\Google Earth\googleearth.exe:Google Earth
"{EC0A9C96-9B15-475F-8FFA-B4770B7051E4}"= TCP:c:\program files\Google\Google Earth\googleearth.exe:Google Earth
"{794F82DD-A0FD-4C08-ABC9-416439C7FDBB}"= UDP:c:\program files\Google\Google Updater\GoogleUpdater.exe:GoogleUpdater
"{FF3FB4B6-C9E4-4A12-A1BE-1FFFEFF30153}"= TCP:c:\program files\Google\Google Updater\GoogleUpdater.exe:GoogleUpdater
"{51AFFA45-A834-4698-A3DC-28E9B5819BD2}"= UDP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{ECE0B0A9-4095-4B72-844E-32C20DACEDEF}"= TCP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{6B5FF771-2822-4C54-B4D5-9B4047F957AA}"= UDP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{B05B21FE-E0B3-4F91-A31F-AD9677C0AF2A}"= TCP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{39EE6E73-E002-4346-A9D6-7F0A322587EE}"= UDP:c:\program files\LimeWire1\LimeWire.exe:LimeWire
"{97BDA218-C723-4060-8E5C-313127106C77}"= TCP:c:\program files\LimeWire1\LimeWire.exe:LimeWire
"{75DF48BB-3367-4C63-98B0-AC5220FE8257}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{783232B6-43FE-481A-8534-A43A3A421218}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{C0201DF5-467D-41B1-9C73-486D83A212C8}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{2888AD58-4624-4B92-A12C-0894FC1BDBCC}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{3A8FA964-C4CA-414A-A4E9-EECB11EB34A2}"= UDP:c:\program files\TalkTalk\agent\bin\bcont.exe:bcont.exe
"{1AEAADF8-403D-4F00-987F-A614A7B57F12}"= TCP:c:\program files\TalkTalk\agent\bin\bcont.exe:bcont.exe
"{DEB03BAA-EADB-4B12-A9E2-CE3A91DFB48E}"= UDP:c:\program files\Common Files\SupportSoft\bin\tgsrvc.exe:tgsrvc.exe
"{97142D52-A824-47CB-A9E1-B4DCBCBF0CB9}"= TCP:c:\program files\Common Files\SupportSoft\bin\tgsrvc.exe:tgsrvc.exe
"{8A31898F-FF4D-4145-A171-8C9A85D726C1}"= UDP:c:\program files\TalkTalk\agent\bin\bcont_nm.exe:bcont_nm.exe
"{E688A26D-BD5E-4C08-81E6-27F777CABCC2}"= TCP:c:\program files\TalkTalk\agent\bin\bcont_nm.exe:bcont_nm.exe
"{8C23F425-A1E1-4162-A000-2F142C66FD28}"= UDP:c:\program files\TalkTalk\bin\sprtcmd.exe:sprtcmd.exe
"{EB778109-6407-479F-97D0-B55BB2428DE5}"= TCP:c:\program files\TalkTalk\bin\sprtcmd.exe:sprtcmd.exe
"{14BA9262-F409-43BD-8AAF-FDE8EA3CB473}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{43C7EB1C-509D-4E94-80B5-B0FE72C7E624}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{CD765C42-24C7-4754-BC43-4AB0D2E3C720}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{FBF0DEF3-DBEE-4082-B8DD-11DA1CFA6F7E}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{8D462C78-A5C2-456B-B9AD-9370852238F0}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{D1E62202-9ECB-4C40-99F0-7D6B84179152}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{C2C12995-FEC6-4E88-9498-FCEB1FB0AFEF}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{3040B965-F05D-48B6-8B85-5927E2E00F2B}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{DB6285B3-1B83-4FA0-AADF-931F26415EDE}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{B6C6D27E-B298-45AD-BB0B-0180F5E22DB8}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 AvgRkx86;avgrkx86.sys;c:\windows\System32\drivers\avgrkx86.sys [23/09/2008 10:53 12552]
R0 PCTCore;PCTools KDS;c:\windows\System32\drivers\PCTCore.sys [04/09/2009 19:19 130936]
R1 Avgfwfd;AVG network filter service;c:\windows\System32\drivers\avgfwd6x.sys [23/10/2008 09:44 23832]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [23/09/2008 10:53 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [23/10/2008 09:44 108552]
R2 AERTFilters;Andrea RT Filters Service;c:\windows\System32\AERTSrv.exe [05/12/2007 06:17 77824]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [23/04/2009 11:31 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [07/01/2009 23:57 297752]
R2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [23/04/2009 11:31 1370488]
R2 deMntrService;Dell AIO Center Service;c:\program files\Dell\MFP_DELL\deMntrService.exe [28/06/2007 15:05 131072]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [05/07/2008 10:01 809296]
R2 sprtsvc_TalkTalk;SupportSoft Sprocket Service (TalkTalk);c:\program files\TalkTalk\bin\sprtsvc.exe [12/10/2007 09:33 202016]
R2 tgsrvc_TalkTalk;SupportSoft Repair Service (TalkTalk);c:\program files\Common Files\SupportSoft\bin\tgsrvc.exe [02/08/2007 14:42 148768]
R2 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [06/01/2009 00:49 598856]
S2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE [30/03/2009 16:28 1533808]
S3 DESVUSB;Dell service driver;c:\windows\System32\drivers\desrvusb.sys [29/03/2008 03:22 17536]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [10/09/2009 22:57 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 22:48 704864]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\System32\drivers\ggflt.sys [10/09/2009 11:43 13224]
S3 MotDev;Motorola Inc. USB Device;c:\windows\System32\drivers\motodrv.sys [10/10/2007 17:41 42112]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 qcusbmdm6k;Berlin Proprietary USB Driver;c:\windows\System32\drivers\qcusbmdm6k.sys [21/07/2008 20:51 64640]
S3 qcusbser6k;Berlin Diagnostic Port;c:\windows\System32\drivers\qcusbser6k.sys [21/07/2008 20:52 64640]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\System32\drivers\s1018bus.sys [24/01/2009 14:16 90408]
S3 s3017bus;Sony Ericsson Device 3017 driver (WDM);c:\windows\System32\drivers\s3017bus.sys [17/07/2008 12:29 83880]
S3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter;c:\windows\System32\drivers\s3017mdfl.sys [17/07/2008 12:29 15016]
S3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver;c:\windows\System32\drivers\s3017mdm.sys [17/07/2008 12:29 110632]
S3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM);c:\windows\System32\drivers\s3017mgmt.sys [17/07/2008 12:29 104616]
S3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS);c:\windows\System32\drivers\s3017nd5.sys [17/07/2008 12:29 25512]
S3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface;c:\windows\System32\drivers\s3017obex.sys [17/07/2008 12:29 100648]
S3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM);c:\windows\System32\drivers\s3017unic.sys [17/07/2008 12:29 110120]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor1\pctsAuxs.exe --> c:\program files\Spyware Doctor1\pctsAuxs.exe [?]
S3 SysProtDrv.sys;SysProtDrv.sys;c:\users\brian\Desktop\SysProt\SysProtDrv.sys [13/09/2009 10:28 44288]
S3 wrssweep;Webroots Volume Access Driver;c:\program files\Webroot\Washer\wrSSweep.sys [29/03/2009 23:27 21832]
S4 gupdate1c9b0c03d81f234;Google Update Service (gupdate1c9b0c03d81f234);c:\program files\Google\Update\GoogleUpdate.exe [29/03/2009 23:46 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-09-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-29 22:46]

2009-09-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-29 22:46]

2008-04-03 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2008-07-05 15:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-13 15:39
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2042307149-782054855-2312145781-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*X*V*I*D*-*F*O*X*-*M*F*D*s*s*"!\OpenWithList]
@Class="Shell"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0013\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-09-13 15:41
ComboFix-quarantined-files.txt 2009-09-13 14:41
ComboFix2.txt 2009-09-13 14:18
ComboFix3.txt 2009-09-12 19:37
ComboFix4.txt 2009-09-12 19:18

Pre-Run: 197,557,063,680 bytes free
Post-Run: 197,424,746,496 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=13 Sets=1,6,7,8,9,10,11,12,13
382 --- E O F --- 2009-09-11 23:20
  • 0

#14
fenzodahl512
Posted 13 September 2009 - 10:04 AM

fenzodahl512

  • Malware Removal
  • 9,863 posts
1. Please open Notepad
  • If you don't know how, just go to Start >> Run >> copy/paste notepad.exe >> Enter

2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

File::
c:\windows\system32\7EE983E52D57964A.exe

RegLock::
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0013\AllUserSettings]

FixCSet::

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

  • 0

#15
cuda67
Posted 13 September 2009 - 12:54 PM

cuda67

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
ComboFix 09-09-12.A0 - brian 13/09/2009 18:19.5.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3006.1972 [GMT 1:00]
Running from: c:\users\brian\Desktop\Combo-Fix.exe
Command switches used :: c:\users\brian\Desktop\CFScript.txt
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

FILE ::
"c:\windows\system32\7EE983E52D57964A.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\7EE983E52D57964A.exe

.
((((((((((((((((((((((((( Files Created from 2009-08-13 to 2009-09-13 )))))))))))))))))))))))))))))))
.

2009-09-13 17:27 . 2009-09-13 18:40 -------- d-----w- c:\users\brian\AppData\Local\temp
2009-09-13 17:27 . 2009-09-13 17:27 -------- d-----w- c:\users\ReleaseEngineer.MACROVISION\AppData\Local\temp
2009-09-13 17:27 . 2009-09-13 17:27 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-09-13 17:27 . 2009-09-13 17:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-09-13 13:42 . 2009-09-13 13:43 -------- d-----w- C:\Combo-Fix
2009-09-11 23:02 . 2009-09-11 23:02 -------- d-----w- C:\found.000
2009-09-11 22:37 . 2009-09-11 23:15 -------- d-----w- c:\program files\trend micro
2009-09-11 22:37 . 2009-09-11 22:38 -------- d-----w- C:\rsit
2009-09-10 22:06 . 2009-09-11 11:57 -------- d-----w- c:\users\brian\Tracing
2009-09-10 22:00 . 2009-09-10 22:00 -------- d-----w- c:\program files\ERUNT
2009-09-10 21:57 . 2009-09-10 21:57 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2009-09-10 21:57 . 2009-08-05 21:48 54632 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2009-09-10 21:57 . 2009-09-10 21:57 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-09-10 21:55 . 2009-09-10 21:55 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-09-10 21:55 . 2009-09-10 21:57 -------- d-----w- c:\program files\Windows Live
2009-09-10 18:53 . 2009-09-10 18:53 -------- d-----w- c:\users\brian\Catering things i have made
2009-09-10 18:40 . 2009-09-10 18:40 -------- d-----w- c:\users\brian\AppData\Roaming\AVS4YOU
2009-09-10 18:39 . 2009-09-10 18:40 -------- d-----w- c:\program files\Common Files\AVSMedia
2009-09-10 18:39 . 2009-09-10 19:04 -------- d-----w- c:\program files\AVS4YOU
2009-09-10 18:39 . 2003-05-21 12:50 24576 ----a-w- c:\windows\system32\msxml3a.dll
2009-09-10 18:31 . 2009-09-10 18:31 -------- d-----w- c:\program files\Xilisoft
2009-09-10 10:43 . 2009-09-10 10:43 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2009-09-10 10:43 . 2009-09-10 10:43 25512 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2009-09-10 10:43 . 2009-09-10 10:43 13224 ----a-w- c:\windows\system32\drivers\ggflt.sys
2009-09-09 10:25 . 2009-09-09 10:25 -------- d-----w- c:\users\brian\Office Genuine Advantage
2009-09-09 09:39 . 2009-07-11 19:01 513536 ----a-w- c:\windows\system32\wlansvc.dll
2009-09-09 09:39 . 2009-07-11 19:01 65024 ----a-w- c:\windows\system32\wlanapi.dll
2009-09-09 09:39 . 2009-06-10 11:41 2868224 ----a-w- c:\windows\system32\mf.dll
2009-09-07 23:01 . 2009-09-07 23:01 -------- d-----w- c:\users\brian\AppData\Roaming\Malwarebytes
2009-09-07 23:01 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-07 23:01 . 2009-09-10 22:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-07 23:01 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-07 14:31 . 2009-09-07 14:31 -------- d-----w- c:\users\Public\Games
2009-09-04 18:19 . 2008-12-11 07:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-09-04 18:19 . 2009-04-03 10:18 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-09-04 18:19 . 2008-12-18 11:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-09-04 18:19 . 2009-09-04 18:19 -------- d-----w- c:\program files\Common Files\PC Tools
2009-09-04 18:19 . 2008-12-10 10:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-09-04 18:18 . 2009-09-04 18:18 -------- d-----w- c:\users\brian\AppData\Roaming\PC Tools
2009-09-02 21:15 . 2009-08-29 00:14 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-09-02 21:15 . 2009-08-29 00:27 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-26 21:29 . 2009-06-22 10:09 2048 ----a-w- c:\windows\system32\tzres.dll
2009-08-19 06:32 . 2009-08-19 06:36 -------- d-----w- c:\windows\system32\ca-ES
2009-08-19 06:32 . 2009-08-19 06:36 -------- d-----w- c:\windows\system32\eu-ES
2009-08-19 06:32 . 2009-08-19 06:36 -------- d-----w- c:\windows\system32\vi-VN
2009-08-19 04:34 . 2009-08-19 04:34 -------- d-----w- c:\windows\system32\EventProviders
2009-08-18 20:25 . 2009-04-11 06:32 48104 ----a-w- c:\windows\system32\drivers\mup.sys
2009-08-18 08:46 . 2009-08-18 08:46 -------- d-----w- c:\program files\Common Files\Windows Live

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-12 16:23 . 2008-10-06 22:28 -------- d-----w- c:\users\brian\AppData\Roaming\uTorrent
2009-09-10 21:55 . 2009-08-14 12:01 -------- d-----w- c:\program files\Microsoft
2009-09-10 10:56 . 2009-09-10 10:56 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ggsemc_01007.Wdf
2009-09-10 10:45 . 2008-04-02 10:43 -------- d-----w- c:\program files\Avanquest update
2009-09-10 10:43 . 2008-07-17 11:28 -------- d-----w- c:\program files\Sony Ericsson
2009-09-10 10:34 . 2008-06-19 20:01 1652 ----a-w- c:\users\brian\AppData\Roaming\wklnhst.dat
2009-09-09 09:46 . 2008-05-27 22:21 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-09 09:41 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-09-05 10:30 . 2008-03-28 19:02 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-04 16:50 . 2009-09-04 16:50 7396 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-09-03 20:00 . 2008-06-29 20:48 -------- d-----w- c:\program files\Common Files\Apple
2009-08-30 18:26 . 2009-06-24 09:19 -------- d-----w- c:\users\brian\AppData\Roaming\vlc
2009-08-19 15:10 . 2008-07-05 09:01 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-19 06:36 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-08-19 06:36 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-08-19 06:36 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-08-19 06:36 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-08-19 06:36 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-08-19 06:36 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-08-14 16:27 . 2009-09-09 09:40 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 15:53 . 2009-09-09 09:40 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49 . 2009-09-09 09:40 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49 . 2009-09-09 09:40 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49 . 2009-09-09 09:40 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49 . 2009-09-09 09:40 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49 . 2009-09-09 09:40 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49 . 2009-09-09 09:40 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49 . 2009-09-09 09:40 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48 . 2009-09-09 09:40 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-08-14 13:48 . 2009-09-09 09:40 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-13 12:00 . 2009-08-12 15:34 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2009-08-12 20:58 . 2009-07-27 20:34 -------- d-----w- c:\users\brian\AppData\Roaming\Xfire
2009-08-11 13:10 . 2009-02-11 19:16 1356 ----a-w- c:\users\brian\AppData\Local\d3d9caps.dat
2009-08-11 08:28 . 2008-06-29 20:50 -------- d-----w- c:\users\brian\AppData\Roaming\Apple Computer
2009-08-11 08:16 . 2009-08-11 08:15 -------- d-----w- c:\program files\iTunes
2009-08-11 08:15 . 2009-08-11 08:15 -------- d-----w- c:\program files\iPod
2009-08-10 13:48 . 2009-08-03 14:52 -------- d--h--w- c:\users\brian\AppData\Roaming\ijjigame
2009-08-10 08:51 . 2008-04-02 11:41 -------- d-----w- c:\users\brian\AppData\Roaming\LimeWire
2009-08-03 14:07 . 2009-08-03 14:07 403816 ----a-w- c:\windows\system32\OGACheckControl.dll
2009-08-03 14:07 . 2009-08-03 14:07 322928 ----a-w- c:\windows\system32\OGAAddin.dll
2009-08-03 14:07 . 2009-08-03 14:07 230768 ----a-w- c:\windows\system32\OGAEXEC.exe
2009-07-31 08:19 . 2008-09-23 09:53 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-07-31 08:19 . 2008-09-23 09:53 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-31 08:19 . 2008-09-23 09:53 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-07-27 20:34 . 2009-07-27 20:34 -------- d-----w- c:\program files\Xfire
2009-07-27 15:37 . 2008-04-01 10:30 106936 ----a-w- c:\users\brian\AppData\Local\GDIPFONTCACHEV1.DAT
2009-07-27 14:29 . 2009-07-27 14:29 -------- d-----w- c:\program files\Common Files\INCA Shared
2009-07-27 12:03 . 2009-07-27 12:03 -------- d-----w- c:\program files\Games-Masters.com
2009-07-26 15:44 . 2009-07-26 15:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
2009-07-21 21:52 . 2009-07-29 11:57 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-29 11:57 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-29 11:57 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-29 11:57 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-17 13:54 . 2009-08-12 10:17 71680 ----a-w- c:\windows\system32\atl.dll
2009-07-15 12:40 . 2009-08-12 10:17 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-07-15 12:39 . 2009-08-12 10:17 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-15 12:39 . 2009-08-12 10:17 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-07-15 12:39 . 2009-08-12 10:17 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-07-11 19:01 . 2009-09-09 09:40 302592 ----a-w- c:\windows\system32\wlansec.dll
2009-07-11 19:01 . 2009-09-09 09:40 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2009-07-11 17:03 . 2009-09-09 09:40 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2009-07-10 11:15 . 2009-07-10 11:15 306544 ----a-w- c:\windows\WLXPGSS.SCR
2009-06-20 18:28 . 2008-06-12 19:36 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-06-15 23:15 . 2009-08-14 11:59 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2008-05-25 15:21 . 2008-04-01 23:27 88 --sh--r- c:\windows\System32\83D76F9165.sys
2008-05-29 15:01 . 2008-05-29 14:59 88 --sha-r- c:\windows\System32\C45CADE526.sys
2008-05-29 15:02 . 2008-04-01 23:27 4076 --sha-w- c:\windows\System32\KGyGaAvL.sys
2008-03-29 02:39 . 2008-03-29 02:25 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((( SnapShot@2009-09-12_19.15.21 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-03-28 19:26 . 2009-09-13 14:50 71758 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-09-13 14:50 77854 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-04-01 10:31 . 2009-09-13 14:22 20058 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2042307149-782054855-2312145781-1000_UserData.bin
+ 2008-04-01 10:24 . 2009-09-13 18:39 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-04-01 10:24 . 2009-09-12 19:15 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-04-01 10:24 . 2009-09-12 19:15 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-01 10:24 . 2009-09-13 18:39 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-01 10:24 . 2009-09-13 18:39 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-04-01 10:24 . 2009-09-12 19:15 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-04-02 20:13 . 2009-09-13 14:19 5204 c:\windows\System32\WDI\ERCQueuedResolutions.dat
+ 2009-03-29 22:41 . 2009-09-13 14:21 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-03-29 22:41 . 2009-09-12 09:25 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VolPanel"="c:\program files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" [2006-11-27 180224]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-02 13535776]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-13 2007832]
"TalkTalk"="c:\program files\TalkTalk\bin\sprtcmd.exe" [2007-10-12 202016]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-01-17 4907008]

c:\users\brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-3-28 50688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):32,65,90,dd,97,20,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2042307149-782054855-2312145781-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{19EA1263-2197-4D76-A7B0-20E8419A110B}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{9828E6B1-9120-48D2-B0C1-1A634D59200B}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{4C64D948-691A-4507-872A-B13BD9230963}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{DBFDB629-E7B9-4CBA-875B-69D16FF28010}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"{DE516DD3-4502-448D-ACCE-E1292932FA33}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{FF4ADB99-9786-4223-9788-1BB8C2CD0D2F}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{49B70A0A-21D5-4DCE-8B51-AE17CBF20795}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
"{61918BBE-0739-4F16-9714-C90543783119}"= UDP:c:\program files\Google\Google Earth\googleearth.exe:Google Earth
"{EC0A9C96-9B15-475F-8FFA-B4770B7051E4}"= TCP:c:\program files\Google\Google Earth\googleearth.exe:Google Earth
"{794F82DD-A0FD-4C08-ABC9-416439C7FDBB}"= UDP:c:\program files\Google\Google Updater\GoogleUpdater.exe:GoogleUpdater
"{FF3FB4B6-C9E4-4A12-A1BE-1FFFEFF30153}"= TCP:c:\program files\Google\Google Updater\GoogleUpdater.exe:GoogleUpdater
"{51AFFA45-A834-4698-A3DC-28E9B5819BD2}"= UDP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{ECE0B0A9-4095-4B72-844E-32C20DACEDEF}"= TCP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{6B5FF771-2822-4C54-B4D5-9B4047F957AA}"= UDP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{B05B21FE-E0B3-4F91-A31F-AD9677C0AF2A}"= TCP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{39EE6E73-E002-4346-A9D6-7F0A322587EE}"= UDP:c:\program files\LimeWire1\LimeWire.exe:LimeWire
"{97BDA218-C723-4060-8E5C-313127106C77}"= TCP:c:\program files\LimeWire1\LimeWire.exe:LimeWire
"{75DF48BB-3367-4C63-98B0-AC5220FE8257}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{783232B6-43FE-481A-8534-A43A3A421218}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{C0201DF5-467D-41B1-9C73-486D83A212C8}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{2888AD58-4624-4B92-A12C-0894FC1BDBCC}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{3A8FA964-C4CA-414A-A4E9-EECB11EB34A2}"= UDP:c:\program files\TalkTalk\agent\bin\bcont.exe:bcont.exe
"{1AEAADF8-403D-4F00-987F-A614A7B57F12}"= TCP:c:\program files\TalkTalk\agent\bin\bcont.exe:bcont.exe
"{DEB03BAA-EADB-4B12-A9E2-CE3A91DFB48E}"= UDP:c:\program files\Common Files\SupportSoft\bin\tgsrvc.exe:tgsrvc.exe
"{97142D52-A824-47CB-A9E1-B4DCBCBF0CB9}"= TCP:c:\program files\Common Files\SupportSoft\bin\tgsrvc.exe:tgsrvc.exe
"{8A31898F-FF4D-4145-A171-8C9A85D726C1}"= UDP:c:\program files\TalkTalk\agent\bin\bcont_nm.exe:bcont_nm.exe
"{E688A26D-BD5E-4C08-81E6-27F777CABCC2}"= TCP:c:\program files\TalkTalk\agent\bin\bcont_nm.exe:bcont_nm.exe
"{8C23F425-A1E1-4162-A000-2F142C66FD28}"= UDP:c:\program files\TalkTalk\bin\sprtcmd.exe:sprtcmd.exe
"{EB778109-6407-479F-97D0-B55BB2428DE5}"= TCP:c:\program files\TalkTalk\bin\sprtcmd.exe:sprtcmd.exe
"{14BA9262-F409-43BD-8AAF-FDE8EA3CB473}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{43C7EB1C-509D-4E94-80B5-B0FE72C7E624}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{CD765C42-24C7-4754-BC43-4AB0D2E3C720}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{FBF0DEF3-DBEE-4082-B8DD-11DA1CFA6F7E}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{8D462C78-A5C2-456B-B9AD-9370852238F0}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{D1E62202-9ECB-4C40-99F0-7D6B84179152}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{C2C12995-FEC6-4E88-9498-FCEB1FB0AFEF}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{3040B965-F05D-48B6-8B85-5927E2E00F2B}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{DB6285B3-1B83-4FA0-AADF-931F26415EDE}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{B6C6D27E-B298-45AD-BB0B-0180F5E22DB8}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 AvgRkx86;avgrkx86.sys;c:\windows\System32\drivers\avgrkx86.sys [23/09/2008 10:53 12552]
R0 PCTCore;PCTools KDS;c:\windows\System32\drivers\PCTCore.sys [04/09/2009 19:19 130936]
R1 Avgfwfd;AVG network filter service;c:\windows\System32\drivers\avgfwd6x.sys [23/10/2008 09:44 23832]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [23/09/2008 10:53 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [23/10/2008 09:44 108552]
R2 AERTFilters;Andrea RT Filters Service;c:\windows\System32\AERTSrv.exe [05/12/2007 06:17 77824]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [23/04/2009 11:31 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [07/01/2009 23:57 297752]
R2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [23/04/2009 11:31 1370488]
R2 deMntrService;Dell AIO Center Service;c:\program files\Dell\MFP_DELL\deMntrService.exe [28/06/2007 15:05 131072]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [05/07/2008 10:01 809296]
R2 sprtsvc_TalkTalk;SupportSoft Sprocket Service (TalkTalk);c:\program files\TalkTalk\bin\sprtsvc.exe [12/10/2007 09:33 202016]
R2 tgsrvc_TalkTalk;SupportSoft Repair Service (TalkTalk);c:\program files\Common Files\SupportSoft\bin\tgsrvc.exe [02/08/2007 14:42 148768]
R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE [30/03/2009 16:28 1533808]
R2 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [06/01/2009 00:49 598856]
S3 DESVUSB;Dell service driver;c:\windows\System32\drivers\desrvusb.sys [29/03/2008 03:22 17536]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [10/09/2009 22:57 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 22:48 704864]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\System32\drivers\ggflt.sys [10/09/2009 11:43 13224]
S3 MotDev;Motorola Inc. USB Device;c:\windows\System32\drivers\motodrv.sys [10/10/2007 17:41 42112]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 qcusbmdm6k;Berlin Proprietary USB Driver;c:\windows\System32\drivers\qcusbmdm6k.sys [21/07/2008 20:51 64640]
S3 qcusbser6k;Berlin Diagnostic Port;c:\windows\System32\drivers\qcusbser6k.sys [21/07/2008 20:52 64640]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\System32\drivers\s1018bus.sys [24/01/2009 14:16 90408]
S3 s3017bus;Sony Ericsson Device 3017 driver (WDM);c:\windows\System32\drivers\s3017bus.sys [17/07/2008 12:29 83880]
S3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter;c:\windows\System32\drivers\s3017mdfl.sys [17/07/2008 12:29 15016]
S3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver;c:\windows\System32\drivers\s3017mdm.sys [17/07/2008 12:29 110632]
S3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM);c:\windows\System32\drivers\s3017mgmt.sys [17/07/2008 12:29 104616]
S3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS);c:\windows\System32\drivers\s3017nd5.sys [17/07/2008 12:29 25512]
S3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface;c:\windows\System32\drivers\s3017obex.sys [17/07/2008 12:29 100648]
S3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM);c:\windows\System32\drivers\s3017unic.sys [17/07/2008 12:29 110120]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor1\pctsAuxs.exe --> c:\program files\Spyware Doctor1\pctsAuxs.exe [?]
S3 SysProtDrv.sys;SysProtDrv.sys;c:\users\brian\Desktop\SysProt\SysProtDrv.sys [13/09/2009 10:28 44288]
S3 wrssweep;Webroots Volume Access Driver;c:\program files\Webroot\Washer\wrSSweep.sys [29/03/2009 23:27 21832]
S4 gupdate1c9b0c03d81f234;Google Update Service (gupdate1c9b0c03d81f234);c:\program files\Google\Update\GoogleUpdate.exe [29/03/2009 23:46 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-09-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-29 22:46]

2009-09-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-29 22:46]

2008-04-03 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2008-07-05 15:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-13 19:40
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2042307149-782054855-2312145781-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*X*V*I*D*-*F*O*X*-*M*F*D*s*s*"!\OpenWithList]
@Class="Shell"
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\wlanext.exe
c:\program files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
c:\windows\System32\CTSVCCDA.EXE
c:\program files\Kontiki\KService.exe
c:\windows\System32\PSIService.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\System32\drivers\XAudio.exe
c:\windows\System32\WUDFHost.exe
c:\program files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
c:\progra~1\AVG\AVG8\avgam.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\System32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2009-09-13 19:44 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-13 18:43
ComboFix2.txt 2009-09-13 14:41
ComboFix3.txt 2009-09-13 14:18
ComboFix4.txt 2009-09-12 19:37
ComboFix5.txt 2009-09-13 17:06

Pre-Run: 196,297,904,128 bytes free
Post-Run: 195,966,357,504 bytes free

334 --- E O F --- 2009-09-11 23:20


A new HijackThis log?? couldnt find the program
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP