Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Fighting Vundo Torjan on Win XP, Please Help [Solved]

Started by dm305 , Nov 29 2009 09:24 AM

  • This topic is locked This topic is locked

#1
dm305
Posted 29 November 2009 - 09:24 AM

dm305

    Member

  • Member
  • PipPip
  • 14 posts
Hi. I have been fighting this trojan for about a week now. It has caused my system to be unstable, safe mode does not work, and many popup ads in firefox.

I have been trying to fight it using hijack this and spybot fileshredder but it wont go away. Any help would be greatly appreciated!



Here is my hijackthis log:

*************************************************

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:24:10 AM, on 11/29/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe
C:\WINDOWS\system32\MAFWTray.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [Six Engine] "C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe" -r
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [MAFWTaskbarApp] C:\WINDOWS\system32\MAFWTray.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\RpcAgentSrv.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 3192 bytes
  • 0

Advertisements

#2
hammerman
Posted 29 November 2009 - 09:27 AM

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Hello dm305 and welcome to GeeksToGo.
I'm hammerman and I'm going to help you fix your problem.

Before we begin, here are some guidelines which will help us both in fixing your problem.
  • I suggest you print or save any instructions I give you for easy reference. We may be using Safe mode and you will not always be able to access this thread. You can copy and paste these instructions into Notepad and then save the text file to your Desktop. If you need any help with this or further clarification, please let me know.
  • Please do no attach logs or post them in Quote/Code boxes unless requested.
  • When posting logs, please ensure Word Wrap is turned off in Notepad. Open Notepad, select Format on the menu bar and make sure that Word Wrap is unchecked.
  • Please follow the steps exactly in the same order posted. If you can't perform a certain step, or you're unsure on what to do, please stop and let me know.
  • Malware removal is not instantaneous and will take a number of steps to complete. Please continue to carry out the steps requested until I let you know that your computer appears clean.
  • If in doubt about anything, please ask.
Can you please go to the Malware and Spyware Cleaning Guide and follow the steps in the guide.

These steps will remove the majority of infections. If you still need assistance, post the following logs in a reply to this topic.

1. RootRepeal log
2. Malwarebytes log
3. OTL logs
  • 0

#3
dm305
Posted 30 November 2009 - 03:48 AM

dm305

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Thanks for your help hammerman, I appreciate it a lot.

After the MalwareBytes scan, the system was running smooth, but the virus came back a few hours later.

Here are my RootRepeal, Malwarebytes, and OTLLogs logs below:




ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/11/30 04:37
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP2
==================================================

Drivers
-------------------
Name: 00000918
Image Path: 00000918
Address: 0xA9F3E000 Size: 71424 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA962D000 Size: 49152 File Visible: No Signed: -
Status: -

SSDT
-------------------
ServiceTable Hooked [0x83cab8b8]!

Hidden Services
-------------------
Service Name: ikkplxessfxos
Image Path: C:\WINDOWS\system32\drivers\rpdjoctkj.sys

==EOF==


--------------------------------------------------------------------------------------------------

curslib.dll
str.sys

Malwarebytes' Anti-Malware 1.41
Database version: 3257
Windows 5.1.2600 Service Pack 2

11/29/2009 1:02:52 PM
mbam-log-2009-11-29 (13-02-52).txt

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 349975
Time elapsed: 1 hour(s), 15 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 6
Folders Infected: 0
Files Infected: 64

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\curslib.dll (Spyware.Passwords) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\homeview (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AVR (Rogue.AdvancedVirusRemover) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Plate (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\AAS\Lounge Lizard 3.0\UNWISE.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully.
C:\Program Files\Arturia\CS-80V\UNWISE.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully.
C:\Program Files\EA SPORTS\FIFA 09\rld-fi9k.exe (Malware.Packer) -> Quarantined and deleted successfully.
C:\Program Files\Propellerhead\Recycle\UNWISE.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully.
C:\Program Files\Steinberg\VSTplugins\vstationuninstall\UNWISE.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully.
C:\Program Files\Trend Micro\HijackThis\backups\backup-20091123-213631-576-F4C5E.exe.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Waves\DiamondUninstall\UNWISE.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully.
C:\Program Files\Edirol\Super Quartet Log\UNWISE.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3713EE44-C8DB-4CC0-8FAA-B74FA3314EF7}\RP444\A0147590.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3713EE44-C8DB-4CC0-8FAA-B74FA3314EF7}\RP444\A0147591.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3713EE44-C8DB-4CC0-8FAA-B74FA3314EF7}\RP444\A0147592.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3713EE44-C8DB-4CC0-8FAA-B74FA3314EF7}\RP447\A0152608.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3713EE44-C8DB-4CC0-8FAA-B74FA3314EF7}\RP447\A0153608.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3713EE44-C8DB-4CC0-8FAA-B74FA3314EF7}\RP447\A0154608.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3713EE44-C8DB-4CC0-8FAA-B74FA3314EF7}\RP447\A0156608.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3713EE44-C8DB-4CC0-8FAA-B74FA3314EF7}\RP447\A0156615.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3713EE44-C8DB-4CC0-8FAA-B74FA3314EF7}\RP449\A0165712.dll (Trojan.Fakeinit) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3713EE44-C8DB-4CC0-8FAA-B74FA3314EF7}\RP450\A0166703.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3713EE44-C8DB-4CC0-8FAA-B74FA3314EF7}\RP450\A0170731.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3713EE44-C8DB-4CC0-8FAA-B74FA3314EF7}\RP450\A0172731.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3713EE44-C8DB-4CC0-8FAA-B74FA3314EF7}\RP451\A0175731.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3713EE44-C8DB-4CC0-8FAA-B74FA3314EF7}\RP451\A0176731.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3713EE44-C8DB-4CC0-8FAA-B74FA3314EF7}\RP451\A0176738.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3713EE44-C8DB-4CC0-8FAA-B74FA3314EF7}\RP451\A0177738.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3713EE44-C8DB-4CC0-8FAA-B74FA3314EF7}\RP451\A0180740.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3713EE44-C8DB-4CC0-8FAA-B74FA3314EF7}\RP451\A0180753.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3713EE44-C8DB-4CC0-8FAA-B74FA3314EF7}\RP452\A0180875.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3713EE44-C8DB-4CC0-8FAA-B74FA3314EF7}\RP452\A0180876.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3713EE44-C8DB-4CC0-8FAA-B74FA3314EF7}\RP452\A0180909.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\aqphgfjv.sur (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\giwovumo.dll_old (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\grpbytrr.vvw (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lylnxhth.tho (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rdolib.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\azgfctgw.fgk (Trojan.Fakeinit) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cpumonom.kup (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\curslib.dll (Spyware.Passwords) -> Delete on reboot.
C:\WINDOWS\system32\hhpfgqof.jiq (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\odcjnloe.dtx (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\urvqoofr.akc (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winlogon86.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winupdate86.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wincert.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yxhhfdot.vfi (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kanelewu.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
D:\FL3\FLREINSTALL\UNWISE.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully.
D:\FL3\FLREINSTALL\FLREIN~1\UNWISE.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully.
D:\FL3\FLStudio5\UNWISE.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully.
D:\VST\Edirol\Super Quartet Log\UNWISE.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully.
D:\VST\KORG Legacy DIGITAL\UNWISE.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully.
D:\VST\ReValver\ReValver Live.exe (Malware.Packer) -> Quarantined and deleted successfully.
D:\VST\VstPlugins\Halion 3\Documentation\UNWISE.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully.
D:\VST\VstPlugins\Nomad Factory RAL\UNWISE.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully.
D:\VST\Waves\DIAMOND UNINSTALL\UNWISE.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully.
D:\Downloads\bpssr.exe (Rogue.BulletProofSpyware) -> Quarantined and deleted successfully.
D:\Downloads\EvID4226Patch223d-en\EvID4226Patch.exe (Malware.Tool) -> Quarantined and deleted successfully.
E:\transferred\Spectrasonics.Stylus.RMX.Keygen.H2O.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
E:\Vstplugins\KORG Legacy DIGITAL\UNWISE.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dave\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced Virus Remover.lnk (Rogue.AdvancedVirusRemover) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\str.sys (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\9g2234wesdf3dfgjf23 (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\41.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\flags.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uses32.dat (Malware.Trace) -> Quarantined and deleted successfully.


-------------------------------------------------------------------------------------------------------

OTL logfile created on: 11/30/2009 4:39:01 AM - Run 1
OTL by OldTimer - Version 3.1.11.3 Folder = D:\Downloads\NexDownloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.23 Gb Total Space | 15.10 Gb Free Space | 21.81% Space Free | Partition Type: NTFS
Drive D: | 117.19 Gb Total Space | 1.44 Gb Free Space | 1.23% Space Free | Partition Type: NTFS
Drive E: | 115.69 Gb Total Space | 2.27 Gb Free Space | 1.96% Space Free | Partition Type: NTFS
Drive F: | 2.10 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DAVE-07511676E2
Current User Name: Dave
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/11/30 04:35:47 | 00,536,064 | ---- | M] (OldTimer Tools) -- D:\Downloads\NexDownloads\OTL.exe
PRC - [2009/11/29 13:10:03 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/11/29 13:10:03 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/05/19 00:23:16 | 00,049,968 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aim6.exe
PRC - [2009/02/03 23:41:54 | 00,602,112 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2008/12/20 12:26:09 | 07,678,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2008/11/06 12:33:00 | 00,041,264 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aolsoftware.exe
PRC - [2008/11/02 03:38:58 | 00,167,936 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE
PRC - [2008/09/05 23:29:58 | 00,917,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WgaTray.exe
PRC - [2008/07/23 16:04:20 | 05,625,344 | ---- | M] () -- C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe
PRC - [2007/10/24 13:37:26 | 00,245,760 | ---- | M] (Avid Technology, Inc.) -- C:\WINDOWS\system32\mafwTray.exe
PRC - [2007/06/29 17:54:16 | 00,073,728 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
PRC - [2007/06/13 05:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/11/13 23:05:34 | 00,061,440 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) -- C:\Program Files\Digidesign\Drivers\MMERefresh.exe
PRC - [2006/07/10 15:49:34 | 01,093,632 | ---- | M] () -- C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe
PRC - [2006/04/07 15:02:24 | 01,343,488 | ---- | M] (AWS Convergence Technologies, Inc.) -- C:\Program Files\AWS\WeatherBug\Weather.exe
PRC - [2005/12/18 14:18:56 | 00,307,200 | ---- | M] (Team H2O) -- C:\Program Files\Syncrosoft\POS\H2O\cledx.exe
PRC - [2005/10/18 15:00:10 | 00,241,152 | ---- | M] (ASUSTeK COMPUTER INC.) -- C:\WINDOWS\ATKKBService.exe


========== Modules (SafeList) ==========

MOD - [2009/11/30 04:35:47 | 00,536,064 | ---- | M] (OldTimer Tools) -- D:\Downloads\NexDownloads\OTL.exe
MOD - [2006/08/25 10:45:55 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/11/29 13:10:03 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/09/23 21:59:24 | 01,695,368 | ---- | M] (NanJing Nagasoft Co, LTD.) -- C:\WINDOWS\system32\Nagasoft\vjocx.dll -- (vvdsvc)
SRV - [2009/07/20 10:51:52 | 00,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/05/17 21:04:00 | 00,098,488 | ---- | M] (SiSoftware) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV - [2009/02/03 23:41:54 | 00,602,112 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2009/02/03 20:05:00 | 00,593,920 | ---- | M] () -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart)
SRV - [2007/06/29 17:54:16 | 00,073,728 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC)
SRV - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/11/13 23:05:34 | 00,061,440 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) -- C:\Program Files\Digidesign\Drivers\MMERefresh.exe -- (DigiRefresh)
SRV - [2006/11/13 20:59:52 | 00,122,880 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) -- C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe -- (digiSPTIService)
SRV - [2006/10/26 19:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005/10/18 15:00:10 | 00,241,152 | ---- | M] (ASUSTeK COMPUTER INC.) -- C:\WINDOWS\ATKKBService.exe -- (ATKKeyboardService)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Pro Football Reference"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 7171


FF - HKLM\software\mozilla\eMusic Download Manager\Extensions\\Components: C:\Program Files\eMusic Download Manager\xulrunner\components [2009/09/30 14:34:38 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\eMusic Download Manager\Extensions\\Plugins: C:\Program Files\eMusic Download Manager\xulrunner\plugins [2009/09/30 14:34:41 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/09/30 14:34:38 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/10 00:55:16 | 00,000,000 | ---D | M]

[2009/11/29 16:31:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\6jufizyb.default\extensions
[2009/01/17 04:19:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\6jufizyb.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/11/29 09:48:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\6jufizyb.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/11/20 12:20:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\6jufizyb.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/03/20 01:51:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\6jufizyb.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009/01/27 04:08:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\6jufizyb.default\extensions\{FFA36170-80B1-4535-B0E3-A4569E497DD0}
[2009/11/30 04:26:28 | 00,001,087 | ---- | M] () -- C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\6jufizyb.default\searchplugins\baseball-referencecom.xml
[2009/01/28 23:40:59 | 00,006,280 | ---- | M] () -- C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\6jufizyb.default\searchplugins\btjunkie.xml
[2009/02/11 16:47:15 | 00,001,591 | ---- | M] () -- C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\6jufizyb.default\searchplugins\dictionary.xml
[2009/11/30 04:26:28 | 00,001,973 | ---- | M] () -- C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\6jufizyb.default\searchplugins\mycroft-project.xml
[2009/11/30 04:26:28 | 00,002,721 | ---- | M] () -- C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\6jufizyb.default\searchplugins\pro-football-reference.xml
[2009/01/28 23:38:26 | 00,001,032 | ---- | M] () -- C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\6jufizyb.default\searchplugins\wikipedia-eng.xml
[2009/11/29 16:31:47 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/12/01 03:16:20 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
[2008/12/04 14:47:59 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2008/12/20 12:26:14 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2008/12/20 12:26:14 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2008/12/20 12:26:05 | 00,067,688 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jar50.dll
[2008/12/20 12:26:06 | 00,054,368 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jsd3250.dll
[2008/12/20 12:26:06 | 00,034,944 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\myspell.dll
[2008/12/20 12:26:07 | 00,046,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\spellchk.dll
[2008/12/20 12:26:07 | 00,172,136 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\xpinstal.dll
[2007/04/16 12:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: (750 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 virustotal.com
O1 - Hosts: 127.0.0.1 www.virustotal.com
O1 - Hosts: 127.0.0.1 virustotal
O1 - Hosts: 127.0.0.1 virscan.com
O1 - Hosts: 127.0.0.1 www.virscan.com
O1 - Hosts: 127.0.0.1 virscan
O1 - Hosts: 127.0.0.1 http://virscan.com
O1 - Hosts: 127.0.0.1 virustotal
O1 - Hosts: 127.0.0.1 virscan
O1 - Hosts: 127.0.0.1 http://virusscan.jotti.org/
O1 - Hosts: 127.0.0.1 virusscan.jotti.org/
O1 - Hosts: 127.0.0.1 www.virusscan.jotti.org/
O1 - Hosts: 127.0.0.1 scanner.novirusthanks.org/
O1 - Hosts: 127.0.0.1 http://scanner.novirusthanks.org/
O1 - Hosts: 127.0.0.1 www.scanner.novirusthanks.org/
O4 - HKLM..\Run: [Ai Nap] C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe ()
O4 - HKLM..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe (Digidesign, A Division of Avid Technology, Inc.)
O4 - HKLM..\Run: [H2O] C:\Program Files\Syncrosoft\POS\H2O\cledx.exe (Team H2O)
O4 - HKLM..\Run: [MAFWTaskbarApp] C:\WINDOWS\system32\mafwTray.exe (Avid Technology, Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [Six Engine] C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [Aim6] C:\Program Files\AIM6\aim6.exe (AOL LLC)
O4 - HKCU..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O4 - Startup: C:\Documents and Settings\Dave\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/11/27 22:52:59 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/06/28 21:22:26 | 00,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/11/29 23:02:38 | 00,000,000 | ---D | M] - E:\autorunbackups -- [ NTFS ]
O32 - AutoRun File - [2007/05/01 11:23:41 | 00,000,148 | R--- | M] () - F:\AUTORUN.inf -- [ UDF ]
O32 - AutoRun File - [2007/07/03 21:32:31 | 00,000,000 | R--D | M] - F:\AutoRun -- [ UDF ]
O32 - AutoRun File - [2007/07/03 21:32:31 | 00,634,880 | R--- | M] (Electronic Arts Inc.) - F:\AutoRun.exe -- [ UDF ]
O32 - AutoRun File - [2007/07/03 21:23:42 | 00,585,728 | R--- | M] (Electronic Arts Inc.) - F:\AutoRunGUI.dll -- [ UDF ]
O33 - MountPoints2\{53a31d51-1015-11de-b037-00173165702c}\Shell\AutoRun\command - "" = podcastready.exe
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/11/27 22:52:39 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (58831718991265792)

========== Files/Folders - Created Within 14 Days ==========

[2009/11/29 20:15:49 | 00,000,000 | -H-D | C] -- C:\VJVod_Cache
[2009/11/29 15:24:06 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Nagasoft
[2009/11/29 13:10:00 | 00,000,000 | ---D | C] -- C:\Program Files\Java
[2009/11/29 10:44:54 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/11/29 10:44:53 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/11/29 10:44:52 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/11/29 10:30:39 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2009/11/29 10:27:56 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/11/29 10:27:30 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/11/28 22:53:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Desktop\Vinyl Room
[2009/11/25 13:08:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Application Data\Malwarebytes
[2009/11/25 13:08:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/11/24 00:13:05 | 00,000,000 | ---D | C] -- C:\Program Files\MagicISO
[2009/11/23 05:42:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dave\My Documents\MelodynePlugin
[2009/11/23 05:28:04 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Celemony
[2009/11/20 16:39:41 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/11/20 16:39:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/11/20 16:37:30 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[3 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[1 C:\Documents and Settings\Dave\*.tmp files -> C:\Documents and Settings\Dave\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2009/11/30 04:37:23 | 00,521,942 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/30 04:37:23 | 00,441,454 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/30 04:37:23 | 00,071,264 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/11/30 04:33:47 | 00,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2009/11/30 04:33:23 | 00,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/30 04:33:07 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/30 04:33:05 | 00,121,808 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2009/11/30 04:33:05 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/30 04:28:30 | 10,485,760 | ---- | M] () -- C:\Documents and Settings\Dave\ntuser.dat
[2009/11/30 04:28:30 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Dave\ntuser.ini
[2009/11/29 22:04:17 | 00,000,471 | ---- | M] () -- C:\WINDOWS\System32\Datei4
[2009/11/29 22:04:17 | 00,000,471 | ---- | M] () -- C:\WINDOWS\System32\Datei2
[2009/11/29 22:04:17 | 00,000,470 | ---- | M] () -- C:\WINDOWS\System32\Datei3
[2009/11/29 22:04:17 | 00,000,470 | ---- | M] () -- C:\WINDOWS\System32\Datei1
[2009/11/29 22:04:17 | 00,000,469 | ---- | M] () -- C:\WINDOWS\System32\Datei7
[2009/11/29 22:04:17 | 00,000,469 | ---- | M] () -- C:\WINDOWS\System32\Datei5
[2009/11/29 22:04:17 | 00,000,468 | ---- | M] () -- C:\WINDOWS\System32\Datei0
[2009/11/29 22:04:17 | 00,000,467 | ---- | M] () -- C:\WINDOWS\System32\Datei9
[2009/11/29 22:04:17 | 00,000,467 | ---- | M] () -- C:\WINDOWS\System32\Datei8
[2009/11/29 22:04:17 | 00,000,467 | ---- | M] () -- C:\WINDOWS\System32\Datei10
[2009/11/29 22:04:17 | 00,000,465 | ---- | M] () -- C:\WINDOWS\System32\Datei6
[2009/11/29 13:05:11 | 00,237,600 | ---- | M] () -- C:\WINDOWS\System32\drivers\str.sys
[2009/11/29 10:44:56 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/29 10:27:46 | 00,000,767 | ---- | M] () -- C:\Documents and Settings\Dave\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/11/29 10:27:30 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\NTREGOPT.lnk
[2009/11/29 10:27:30 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\ERUNT.lnk
[2009/11/29 06:30:36 | 03,707,952 | -H-- | M] () -- C:\Documents and Settings\Dave\Local Settings\Application Data\IconCache.db
[2009/11/29 02:38:55 | 00,002,193 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk
[2009/11/29 00:39:04 | 00,165,376 | ---- | M] () -- C:\Documents and Settings\Dave\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/26 22:11:31 | 04,927,808 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\01 WhateverUWantDirty.mp3
[2009/11/25 22:03:14 | 00,000,095 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2009/11/25 15:21:39 | 00,085,504 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\Inherit.exe
[2009/11/25 03:00:50 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/11/24 01:41:19 | 19,325,5424 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\bootXP.iso
[2009/11/24 00:44:53 | 00,001,486 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\MagicISO.lnk
[2009/11/23 21:58:55 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\6334.exe
[2009/11/23 21:38:55 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\18467.exe
[2009/11/23 05:41:05 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/11/20 16:37:31 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\HijackThis.lnk
[2009/11/20 01:19:00 | 02,699,125 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\Young Swift - Trouble.mp3
[2009/11/19 16:22:42 | 04,599,351 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\Ester_Dean_ft_Chris_Brown-Drop_it_Low-(Al_Sween_Remix)(Clean).mp3
[2009/11/19 16:13:29 | 00,006,278 | -HS- | M] () -- C:\WINDOWS\E88D4.exe
[2009/11/19 01:11:20 | 01,408,104 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\scratch2.mp3
[2009/11/18 23:27:17 | 95,233,254 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\dnb.mp3
[2009/11/18 20:41:35 | 00,625,058 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\scratch.mp3
[2009/11/17 21:39:36 | 07,165,910 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\182Reup.mp3
[2009/11/17 20:29:24 | 00,000,219 | ---- | M] () -- C:\WINDOWS\System32\lsprst7.tgz
[2009/11/17 20:29:24 | 00,000,205 | ---- | M] () -- C:\WINDOWS\System32\lsprst7.dll
[2009/11/17 20:29:24 | 00,000,087 | ---- | M] () -- C:\WINDOWS\System32\ssprs.tgz
[2009/11/17 20:29:24 | 00,000,073 | ---- | M] () -- C:\WINDOWS\System32\ssprs.dll
[2009/11/17 18:48:46 | 02,866,650 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\Charlie_bit_me_Auto-Tuned.flv
[2009/11/17 17:57:48 | 00,000,799 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/11/17 17:42:26 | 03,931,034 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\Yup-2.mp3
[2009/11/17 00:37:58 | 02,154,917 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\Yup.mp3
[3 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[1 C:\Documents and Settings\Dave\*.tmp files -> C:\Documents and Settings\Dave\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/11/29 13:05:09 | 00,237,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\str.sys
[2009/11/29 10:44:56 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/29 10:27:46 | 00,000,767 | ---- | C] () -- C:\Documents and Settings\Dave\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/11/29 10:27:30 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\NTREGOPT.lnk
[2009/11/29 10:27:30 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\ERUNT.lnk
[2009/11/27 00:35:49 | 04,927,808 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\01 WhateverUWantDirty.mp3
[2009/11/25 15:21:46 | 00,085,504 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\Inherit.exe
[2009/11/24 01:41:15 | 19,325,5424 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\bootXP.iso
[2009/11/24 00:13:05 | 00,001,486 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\MagicISO.lnk
[2009/11/23 21:58:55 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\6334.exe
[2009/11/23 21:38:55 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\18467.exe
[2009/11/20 16:37:31 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\HijackThis.lnk
[2009/11/20 03:18:00 | 02,699,125 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\Young Swift - Trouble.mp3
[2009/11/19 16:27:32 | 04,599,351 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\Ester_Dean_ft_Chris_Brown-Drop_it_Low-(Al_Sween_Remix)(Clean).mp3
[2009/11/19 01:11:16 | 01,408,104 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\scratch2.mp3
[2009/11/18 23:24:59 | 95,233,254 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\dnb.mp3
[2009/11/18 20:41:33 | 00,625,058 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\scratch.mp3
[2009/11/18 02:00:28 | 00,006,278 | -HS- | C] () -- C:\WINDOWS\E88D4.exe
[2009/11/17 21:38:10 | 07,165,910 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\182Reup.mp3
[2009/11/17 18:48:27 | 02,866,650 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\Charlie_bit_me_Auto-Tuned.flv
[2009/11/17 17:39:53 | 03,931,034 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\Yup-2.mp3
[2009/11/16 17:57:41 | 02,154,917 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\Yup.mp3
[2009/11/16 16:52:54 | 05,260,479 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\Sebastian - Wobbley (Al Sween Remix).mp3
[2009/10/15 03:36:43 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.INI
[2009/09/30 14:35:00 | 00,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/09/05 20:09:27 | 00,870,128 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\mcs.rma
[2009/09/05 20:09:27 | 00,000,004 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\B07C9A
[2009/07/25 23:00:10 | 00,217,088 | ---- | C] () -- C:\WINDOWS\System32\qtmlClient.dll
[2009/07/25 23:00:05 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\DigiPlatformSupport.dll
[2009/07/15 09:08:35 | 00,000,095 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2009/05/31 22:26:19 | 10,440,704 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sandra.mda
[2009/05/18 19:24:13 | 00,625,152 | ---- | C] () -- C:\WINDOWS\System32\mp3tsshx.dll
[2009/04/21 23:19:06 | 00,172,173 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2009/04/14 17:44:36 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/01/11 04:11:53 | 00,163,840 | ---- | C] () -- C:\WINDOWS\System32\ArtFfct.dll
[2009/01/11 04:11:52 | 12,550,144 | ---- | C] () -- C:\WINDOWS\CS-80V(10 voices).dll
[2009/01/06 01:26:09 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/12/22 21:35:42 | 00,157,184 | ---- | C] () -- C:\WINDOWS\System32\xnrar.dll
[2008/12/21 05:16:49 | 00,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/12/21 05:16:48 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/12/21 05:16:48 | 01,559,040 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/12/21 05:16:48 | 00,282,624 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/12/21 05:16:47 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/12/21 05:16:47 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/12/03 18:51:28 | 00,000,039 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2008/11/30 05:32:54 | 00,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2008/11/30 05:32:54 | 00,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2008/11/30 05:32:54 | 00,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2008/11/30 05:32:54 | 00,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2008/11/30 05:32:54 | 00,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2008/11/30 00:20:36 | 00,000,316 | ---- | C] () -- C:\WINDOWS\System32\Remover.ini
[2008/11/29 19:16:17 | 00,165,376 | ---- | C] () -- C:\Documents and Settings\Dave\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/28 13:47:20 | 00,000,127 | ---- | C] () -- C:\Documents and Settings\Dave\Local Settings\Application Data\fusioncache.dat
[2008/11/28 13:46:05 | 00,010,496 | ---- | C] () -- C:\WINDOWS\System32\ATKOSDMini.DLL
[2008/11/28 13:46:05 | 00,000,018 | ---- | C] () -- C:\WINDOWS\System32\atkid.ini
[2008/11/28 13:46:04 | 00,046,592 | ---- | C] () -- C:\WINDOWS\System32\asfrench.dll
[2008/11/28 13:46:04 | 00,046,080 | ---- | C] () -- C:\WINDOWS\System32\asrussian.dll
[2008/11/28 13:46:04 | 00,046,080 | ---- | C] () -- C:\WINDOWS\System32\asgerman.dll
[2008/11/28 13:46:04 | 00,046,080 | ---- | C] () -- C:\WINDOWS\System32\aseng.dll
[2008/11/28 13:46:04 | 00,045,568 | ---- | C] () -- C:\WINDOWS\System32\askorean.dll
[2008/11/28 13:46:04 | 00,045,568 | ---- | C] () -- C:\WINDOWS\System32\asjapan.dll
[2008/11/28 13:46:04 | 00,045,568 | ---- | C] () -- C:\WINDOWS\System32\ASCHT.dll
[2008/11/28 13:46:04 | 00,045,568 | ---- | C] () -- C:\WINDOWS\System32\aschs.dll
[2008/11/27 23:29:19 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2008/11/27 23:29:19 | 00,012,400 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2008/11/27 23:29:17 | 00,011,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys
[2008/11/27 23:29:17 | 00,010,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys
[2008/11/27 23:24:30 | 00,029,322 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2008/11/27 23:24:17 | 00,028,545 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2008/11/27 23:24:14 | 00,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2008/11/27 23:24:09 | 00,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2007/10/25 19:02:54 | 00,000,566 | ---- | C] () -- C:\WINDOWS\System32\SP207.ini
[2007/07/12 07:04:02 | 00,002,354 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

========== LOP Check ==========

[2008/11/29 23:28:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2008/12/21 05:15:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NETGEAR
[2009/07/25 23:12:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
[2008/11/29 23:50:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2009/03/08 03:14:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Propellerhead Software
[2009/10/29 03:24:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/06/17 22:40:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/11/29 23:28:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\acccore
[2008/11/30 02:16:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Applied Acoustics Systems
[2009/10/08 21:39:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\com.imeem.DesktopUploader.6C3F108F466C0F04F30B58747CAA4DF34281133B.1
[2009/07/25 23:14:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Digidesign
[2009/01/23 01:01:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\DisplayTune
[2009/03/16 22:19:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\eMusic
[2009/06/02 22:21:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\FileZilla
[2008/12/16 17:03:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\GetRightToGo
[2009/01/14 20:19:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Leadertech
[2009/07/25 23:12:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\PACE Anti-Piracy
[2009/03/08 03:14:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Propellerhead Software
[2009/03/21 21:43:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\SanDisk
[2008/11/30 02:01:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Steinberg
[2009/11/29 01:43:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\uTorrent
[2008/12/05 21:29:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Viewpoint
[2008/11/30 02:12:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Waves Audio
[2009/11/30 02:16:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\WeatherBug
[2009/11/30 04:33:47 | 00,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\agp440.sys
[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\agp440.sys

< MD5 for: ATAPI.SYS >
[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\atapi.sys
[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\atapi.sys
[2004/08/03 21:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2004/08/03 21:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\system32\DRIVERS\atapi.sys
[2004/08/03 17:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys
[2004/08/03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\i386\atapi.sys
[2004/08/03 21:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0027\DriverFiles\i386\atapi.sys
[2004/08/03 21:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0028\DriverFiles\i386\atapi.sys
[2004/08/03 21:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\eventlog.dll
[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\eventlog.dll
[2006/02/28 06:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2006/02/28 06:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: IASTOR.SYS >
[2008/02/21 16:10:19 | 00,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\WINDOWS\NLDRV\003\iastor.sys
[2008/02/22 10:11:41 | 00,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\WINDOWS\NLDRV\005\iastor.sys
[2007/04/25 09:13:45 | 00,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\WINDOWS\NLDRV\001\iastor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\netlogon.dll
[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\netlogon.dll
[2009/02/06 13:46:09 | 00,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 13:46:09 | 00,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2006/02/28 06:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2006/02/28 06:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2006/02/28 06:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\dllcache\scecli.dll
[2006/02/28 06:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll
[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\scecli.dll
[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\scecli.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 1306 bytes -> C:\Program Files\WindowsUpdate:YEjse8VqpGCY6zYAxc4ZM7xHIoMT
@Alternate Data Stream - 1223 bytes -> C:\Program Files\Common Files\Microsoft Shared:gkSoqRDQrpP9UnFCaMpXp5
@Alternate Data Stream - 1220 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:Ko07KgivPWGdvWqfeO7y0KwZm
@Alternate Data Stream - 1213 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:H6PpsVWEz4wVTsTGE9joXRRkfpA
@Alternate Data Stream - 1185 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:uEBHUxwBQBwhnwrsM
@Alternate Data Stream - 1160 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:PrNt97IWIqCWHYlE3Ir
@Alternate Data Stream - 1056 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:f9UsAUbJUZk99gjkDTYbNi37B
@Alternate Data Stream - 1048 bytes -> C:\Program Files\WindowsUpdate:WiVBGBaFbqOxTVa7u40a9pegukeE3
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C69EAC3C
< End of report >


______________________________________________________________________________


OTL Extras logfile created on: 11/30/2009 4:39:01 AM - Run 1
OTL by OldTimer - Version 3.1.11.3 Folder = D:\Downloads\NexDownloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.23 Gb Total Space | 15.10 Gb Free Space | 21.81% Space Free | Partition Type: NTFS
Drive D: | 117.19 Gb Total Space | 1.44 Gb Free Space | 1.23% Space Free | Partition Type: NTFS
Drive E: | 115.69 Gb Total Space | 2.27 Gb Free Space | 1.96% Space Free | Partition Type: NTFS
Drive F: | 2.10 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DAVE-07511676E2
Current User Name: Dave
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\games\MLB05\mvp2005.exe" = D:\games\MLB05\mvp2005.exe:*:Enabled:mvp2005 -- ()
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Program Files\Steinberg\Cubase SX 3\Cubasesx3.exe" = C:\Program Files\Steinberg\Cubase SX 3\Cubasesx3.exe:*:Enabled:Cubase SX -- (Steinberg)
"D:\Program Files\TVAnts\Tvants.exe" = D:\Program Files\TVAnts\Tvants.exe:*:Enabled:TVAnts -- (Zhejiang University)
"C:\Program Files\EA SPORTS\Madden NFL 08\Updater.exe" = C:\Program Files\EA SPORTS\Madden NFL 08\Updater.exe:*:Enabled:Updater -- ()
"C:\Program Files\EA SPORTS\Madden NFL 08\mainapp.exe" = C:\Program Files\EA SPORTS\Madden NFL 08\mainapp.exe:*:Enabled:Madden NFL 08 -- (EA - Salt Lake)
"E:\New Folder\utorrent.exe" = E:\New Folder\utorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"E:\Program Files\SopCast\adv\SopAdver.exe" = E:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com)
"E:\Program Files\SopCast\SopCast.exe" = E:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\mIRC\mirc.exe" = C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC -- (mIRC Co. Ltd.)
"C:\Documents and Settings\Dave\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe" = C:\Documents and Settings\Dave\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player -- (Octoshape ApS)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- File not found
"C:\Program Files\Steam\steamapps\jasonnigguardo\counter-strike source\hl2.exe" = C:\Program Files\Steam\steamapps\jasonnigguardo\counter-strike source\hl2.exe:*:Enabled:hl2 -- ()
"C:\Program Files\Steam\steamapps\jasonnigguardo\counter-strike\hl.exe" = C:\Program Files\Steam\steamapps\jasonnigguardo\counter-strike\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\RpcAgentSrv.exe" = C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\RpcAgentSrv.exe:*:Enabled:SiSoftware Deployment Agent Service -- (SiSoftware)
"C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\WNt500x86\RpcSandraSrv.exe" = C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\WNt500x86\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service -- (SiSoftware)
"D:\Program Files\StreamTorrent 1.0\StreamTorrent.exe" = D:\Program Files\StreamTorrent 1.0\StreamTorrent.exe:*:Enabled:StreamTorrent P2P Media Player -- (StreamTorrent Team)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"E:\games\SF4\StreetFighterIV.exe" = E:\games\SF4\StreetFighterIV.exe:*:Enabled:STREET FIGHTER IV -- (CAPCOM U.S.A., INC.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Explorer -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}" = Microsoft Games for Windows - LIVE Redistributable
"{0863885D-E64B-9E5A-9747-03321A2D2A49}" = CCC Help Korean
"{0C40E716-2558-01E2-4797-484E4CCB2500}" = Catalyst Control Center Localization All
"{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK
"{10FDD69C-2428-0FFB-12A2-2A6907D6282F}" = CCC Help Japanese
"{139DEC1F-D380-EB76-B0DF-88BC99B3B7BB}" = Catalyst Control Center Graphics Light
"{15733AD1-1CEF-459A-9245-0924FC63BDD5}" = HP My Display
"{20e0baa7-c13c-4930-a3ca-50a1d475e4ed}" = Nero 9 Essentials
"{2315B23D-3E21-4920-837D-AE6460934ECB}" = FIFA 09
"{2347E903-6299-A99F-C46C-05EB55912539}" = CCC Help Chinese Traditional
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 17
"{2B3A996D-CCBF-3D62-B0AD-EA05553D3CEE}" = CCC Help Chinese Standard
"{2FEA102C-F535-4513-009B-57B165013C18}" = Tiger Woods PGA TOUR 08
"{300D2ECE-DA75-1623-871F-935A205FC450}" = CCC Help German
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{310BC5E2-31AF-49BB-904D-E71EB93645DC}" = Ai Suite
"{315ACD04-BCEB-478B-9B1D-5431D0E6CB11}" = ASUS Enhanced Display Driver
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35AD8A37-8ECE-4E97-A34E-B15BFEF0E2F2}" = Basic Webcam
"{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}" = ATI HYDRAVISION
"{407FC95C-EB27-4CAF-9548-9E30ACFE5072}" = Movie Joiner v4
"{4BF8A8A5-B3EA-6073-0457-669CC1E929C8}" = CCC Help Hungarian
"{4D243BA7-9AC4-46D1-90E5-EEB88974F501}" = Microsoft Games for Windows - LIVE
"{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{501C0FDB-DCA5-E211-956C-26ADC4C54B66}" = Catalyst Control Center Core Implementation
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57F85CF9-B9EF-6C77-8095-A2CF95738099}" = CCC Help Danish
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{59ABBDF0-E1E5-48AF-85FB-F523A08C3490}" = STREET FIGHTER IV
"{5DA6F06A-B389-407B-BF8C-1548767914D8}" = ATI Problem Report Wizard
"{63A17691-ABC0-E86F-5D7A-A2F7EE36145E}" = CCC Help Dutch
"{64B20B36-AEE7-4DD4-897C-C5DA5C218F60}" = Logitech Gaming Software 5.02
"{6501E9B8-77C7-7D81-7F1A-4C2D7E36B403}" = CCC Help Italian
"{71D4305B-56E6-4971-A799-FB7678A1D1AB}" = ASUS ATI Driver
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72A5824D-08E9-9A96-2104-19E4FE86E5FA}" = CCC Help Spanish
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7907CAB0-6C4F-C554-34EA-93EAC98B42F9}" = CCC Help Turkish
"{82982D26-D60E-27D8-361F-F14A8F6440E7}" = Catalyst Control Center HydraVision Full
"{82D48AB1-8E7F-4AA5-A5FA-47FA58A48110}" = Free Bomb Factory Plug-Ins 7.3
"{87934EAD-CE6F-16C6-6004-73E092AA15A6}" = Catalyst Control Center Graphics Previews Common
"{89B80F72-CCD0-95C3-21CB-89BA03D98155}" = CCC Help Finnish
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C49987B-689E-469D-86AE-8E325A038701}" = Melodyne plugin
"{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}" = EPU-4 Engine
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{906D95BA-4515-59A5-F2E4-072B1E73BB75}" = CCC Help English
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{950D9352-AAD8-49F1-AC10-C7FE64283C13}" = Mp3/Tag Studio 3.5 (beta 20)
"{9D8BE52A-2C9A-91F2-310E-560CCE4FD247}" = CCC Help Russian
"{A0D62771-4353-8D52-44B8-0FCFF07D5FF1}" = ccc-core-preinstall
"{A15B3CF2-7FB7-4102-BBC9-9680B7F0825F}" = InterLok Driver Kit
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3AE78AD-093F-57F1-280D-A31B0C1C1425}" = CCC Help Greek
"{A3BC1DBD-64D6-4EBC-0091-24C811662D40}" = Madden NFL 08
"{A41A9C99-0029-783E-40C3-3AA0D1A6535D}" = CCC Help Polish
"{A680CE58-7B2C-9A45-D05F-5AC22DFA2F76}" = CCC Help Portuguese
"{A7C292D9-0CAA-4FED-AEA9-77724F61B52C}" = Melodyne plugin
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A97B911E-8B1F-3B0F-F3D1-63B04084CC0F}" = Skins
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AD3AE2EE-E0DB-7818-3F05-7E8B2FB22C49}" = CCC Help Norwegian
"{AFE354A5-640F-4A23-94C8-0B441E8967CA}" = Digidesign Shared Plug-Ins 7.3
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B414174C-97E4-9E8B-018E-AC77055D0107}" = CCC Help Thai
"{B6D0AACC-1F01-A901-5348-FF3599EFE70D}" = CCC Help French
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B98604A2-5229-CBE6-98A4-A6D7C63B7458}" = ccc-utility
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2196}_is1" = SiSoftware Sandra Lite 2009.SP3c
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBD1A47D-691E-56C2-AC6A-1B3F80E3EC14}" = CCC Help Swedish
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D34313F7-B5E2-D3AF-FBB1-EF3ED1DEF5AB}" = CCC Help Czech
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{D9CF5E60-42B1-489B-A0E2-9A6EE3DEB969}" = Firewire Family
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{E3A6437F-DE5B-6F3E-7BB3-39185D0BBDCE}" = ccc-core-static
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EB1446FB-A3EF-D04D-C224-EEC74F11805F}" = Catalyst Control Center Graphics Full New
"{EC6C29B8-DEB6-47F7-AD1D-DEAE109A5801}" = Digidesign Pro Tools M-Powered 7.3.1cs4
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F354FE7E-783D-6880-F7DB-C61197C799E3}" = imeem Uploader
"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II
"{FE931AAE-B6D9-8A02-60C7-EF4862306F58}" = Catalyst Control Center Graphics Full Existing
"7-Zip" = 7-Zip 4.65
"82A44D22-9452-49FB-00FB-CEC7DCAF7E23" = EA SPORTS online 2008
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"AIM_6" = AIM 6
"All ATI Software" = ATI - Software Uninstall Utility
"Antares Auto-Tune v4.39" = Antares Auto-Tune v4.39
"Applied Acoustics Lounge Lizard EP VSTi DXi v3.0" = Applied Acoustics Lounge Lizard EP VSTi DXi v3.0
"Arturia CS-80V v1.5" = Arturia CS-80V v1.5
"ASIO4ALL" = ASIO4ALL
"ATI Display Driver" = ATI Display Driver
"Autobahn" = MLB.TV NexDef Plug-in
"Basement Arts Reflex v1.03 VSTi" = Basement Arts Reflex v1.03 VSTi
"Cleanse Uninstaller Pro 2008 " = Cleanse Uninstaller Pro 2008
"Collab" = Collab
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"com.imeem.DesktopUploader.6C3F108F466C0F04F30B58747CAA4DF34281133B.1" = imeem Uploader
"Edirol HQ Orchestral VSTi v1.03" = Edirol HQ Orchestral VSTi v1.03
"Edirol SuperQuartet v1.5" = Edirol SuperQuartet v1.5
"eMusic Download Manager" = eMusic Download Manager 4.1.1
"ERUNT_is1" = ERUNT 1.1j
"FileZilla Client" = FileZilla Client 3.2.2.1
"FL Studio 8" = FL Studio 8
"FL Studio_is1" = FL Studio v7.0
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007 Trial
"HS2_is1" = Steinberg Hypersonic 2
"IL Download Manager" = IL Download Manager
"InstallShield_{35AD8A37-8ECE-4E97-A34E-B15BFEF0E2F2}" = Basic Webcam
"KLiteCodecPack_is1" = K-Lite Codec Pack 3.5.0 Full
"Korg Legacy Collection VSTi v1.0.02" = Korg Legacy Collection VSTi v1.0.02
"Magic ISO Maker v5.5 (build 0276)" = Magic ISO Maker v5.5 (build 0276)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mIRC" = mIRC
"Mozilla Firefox (2.0.0.20)" = Mozilla Firefox (2.0.0.20)
"Native Instruments B4 II" = Native Instruments B4 II
"Native Instruments Guitar Rig 3" = Native Instruments Guitar Rig 3
"Nero - Burning Rom!UninstallKey" = Nero 6 Demo
"Novation V-Station for Cubase SX3 VSTi v1.41" = Novation V-Station for Cubase SX3 VSTi v1.41
"PoiZone" = PoiZone
"PowerISO" = PowerISO
"RealPlayer 12.0" = RealPlayer
"Reason4_is1" = Reason 4.0
"ReCycle v2.1" = ReCycle v2.1
"SHOUTcastDSP" = SHOUTcast Source DSP 1.9.0 (remove only)
"SopCast" = SopCast 3.0.3
"Steam App 10" = Counter-Strike
"Steam App 240" = Counter-Strike: Source
"Steam App 440" = Team Fortress 2
"Steinberg Cubase SX 3" = Steinberg Cubase SX 3
"StreamTorrent 1.0" = Stream Torrent 1.0
"Synapse Junglist VSTi v3.2" = Synapse Junglist VSTi v3.2
"SyncroSoft Emu" = SyncroSoft Emu (Remove only)
"Syncrosoft's License Control" = Syncrosoft's License Control
"Toxic Biohazard" = Toxic Biohazard
"TVAnts 1.0" = TVAnts 1.0
"V CAST Music with Rhapsody" = V CAST Music with Rhapsody
"Veetle TV" = Veetle TV 0.9.15
"VexcastPlayer2.0" = VexcastPlayer2.0
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 0.9.2
"Waves Diamond Bundle v5.2" = Waves Diamond Bundle v5.2
"Waves SSL Collection v1.2" = Waves SSL Collection v1.2
"WeatherBug" = WeatherBug
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"Sansa Updater" = Sansa Updater

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/25/2009 11:52:09 PM | Computer Name = DAVE-07511676E2 | Source = Application Hang | ID = 1002
Description = Hanging application winamp.exe, version 5.5.4.2165, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 7/27/2009 2:52:53 AM | Computer Name = DAVE-07511676E2 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.8.20081.21709, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 11/30/2009 5:28:06 AM | Computer Name = DAVE-07511676E2 | Source = Service Control Manager | ID = 7034
Description = The Viewpoint Manager Service service terminated unexpectedly. It
has done this 1 time(s).

Error - 11/30/2009 5:28:06 AM | Computer Name = DAVE-07511676E2 | Source = Service Control Manager | ID = 7034
Description = The Digidesign MME Refresh Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 11/30/2009 5:33:20 AM | Computer Name = DAVE-07511676E2 | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058

Error - 11/30/2009 5:33:20 AM | Computer Name = DAVE-07511676E2 | Source = Service Control Manager | ID = 7000
Description = The Nsynas32 service failed to start due to the following error: %%2

Error - 11/30/2009 5:33:20 AM | Computer Name = DAVE-07511676E2 | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 11/30/2009 5:33:30 AM | Computer Name = DAVE-07511676E2 | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 11/30/2009 5:33:30 AM | Computer Name = DAVE-07511676E2 | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 11/30/2009 5:33:42 AM | Computer Name = DAVE-07511676E2 | Source = Service Control Manager | ID = 7028
Description = The ikkplxessfxos Registry key denied access to SYSTEM account programs
so the Service Control Manager took ownership of the Registry key.

Error - 11/30/2009 5:38:23 AM | Computer Name = DAVE-07511676E2 | Source = Service Control Manager | ID = 7028
Description = The ikkplxessfxos Registry key denied access to SYSTEM account programs
so the Service Control Manager took ownership of the Registry key.

Error - 11/30/2009 5:39:01 AM | Computer Name = DAVE-07511676E2 | Source = Service Control Manager | ID = 7028
Description = The ikkplxessfxos Registry key denied access to SYSTEM account programs
so the Service Control Manager took ownership of the Registry key.


< End of report >
  • 0

#4
hammerman
Posted 30 November 2009 - 07:29 AM

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Hi,

WARNING:
You have a backdoor trojan installed on your computer.
Backdoor Trojans, IRCBots and Infostealers are very dangerous because they provide a means of accessing a computer system that bypasses security mechanisms and steal sensitive information like passwords, personal and financial data which they send back to the hacker. Remote attackers use backdoor Trojans as part of an exploit to to gain unauthorized access to a computer and take control of it without your knowledge.

All passwords should be changed immediately to include those used for banking, email, eBay and forums. You should consider them to be compromised. They should be changed by using a different computer and not the infected one. If not, an attacker may get the new passwords and transaction information. Banking and credit card institutions should be notified of the possible security breach.

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**
  • If you are using Firefox, make sure that your download settings are as follows:
    • Tools->Options->Main tab
    • Set to "Always ask me where to Save the files".
  • During the download, rename Combofix to Combo-Fix as follows:

    Posted Image

    Posted Image
  • It is important you rename Combofix during the download, but not after.
  • Please do not rename Combofix to other names, but only to the one indicated.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on Combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\Combo-Fix.txt" for further review.
**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**
  • 0

#5
dm305
Posted 30 November 2009 - 12:22 PM

dm305

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Thanks Hammerhead. I ran combofix per your instructions. Here is the log:

ComboFix 09-11-29.06 - Dave 11/30/2009 13:07.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3327.2900 [GMT -5:00]
Running from: c:\documents and settings\Dave\Desktop\Combo-Fix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\E88D4.exe
c:\windows\system32\18467.exe
c:\windows\system32\6334.exe
c:\windows\system32\lsprst7.dll
c:\windows\system32\ssprs.dll
c:\windows\system32\drivers\str.sys . . . . failed to delete

----- BITS: Possible infected sites -----

hxxp://82.98.231.102
.
((((((((((((((((((((((((( Files Created from 2009-10-28 to 2009-11-30 )))))))))))))))))))))))))))))))
.

2009-11-30 01:15 . 2009-11-30 01:15 -------- d-----w- C:\VJVod_Cache
2009-11-30 01:15 . 2009-11-30 01:15 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\nagasoft
2009-11-29 20:24 . 2009-11-29 20:24 -------- d-----w- c:\windows\system32\Nagasoft
2009-11-29 18:10 . 2009-11-29 18:10 -------- d-----w- c:\program files\Java
2009-11-29 18:09 . 2009-11-29 18:09 152576 ----a-w- c:\documents and settings\Dave\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-29 18:09 . 2009-11-29 18:09 79488 ----a-w- c:\documents and settings\Dave\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-29 15:44 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-29 15:44 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-29 15:44 . 2009-11-29 15:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-29 15:30 . 2009-11-29 15:30 -------- d-----w- C:\VundoFix Backups
2009-11-29 15:27 . 2009-11-29 15:27 -------- d-----w- c:\program files\ERUNT
2009-11-25 18:08 . 2009-11-25 18:08 -------- d-----w- c:\documents and settings\Dave\Application Data\Malwarebytes
2009-11-25 18:08 . 2009-11-25 18:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-24 05:13 . 2009-11-24 05:44 -------- d-----w- c:\program files\MagicISO
2009-11-23 10:28 . 2009-11-23 10:28 -------- d-----w- c:\program files\Common Files\Celemony
2009-11-20 21:39 . 2009-11-21 08:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-20 21:39 . 2009-11-20 21:40 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-20 21:37 . 2009-11-20 21:37 -------- d-----w- c:\program files\Trend Micro
2009-11-10 03:01 . 2009-11-10 03:01 -------- d-----w- c:\program files\Veetle

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-30 18:15 . 2009-11-30 18:15 237600 ------w- c:\windows\system32\drivers\str.sys
2009-11-30 07:16 . 2008-12-01 00:45 -------- d-----w- c:\documents and settings\Dave\Application Data\WeatherBug
2009-11-29 18:10 . 2008-12-01 08:16 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-29 11:30 . 2009-04-21 05:14 -------- d-----w- c:\program files\Steam
2009-11-29 06:43 . 2008-12-03 10:01 -------- d-----w- c:\documents and settings\Dave\Application Data\uTorrent
2009-11-25 18:05 . 2008-12-10 10:24 -------- d-----w- c:\program files\SpeedFan
2009-11-23 10:28 . 2009-10-19 18:34 -------- d-----w- c:\program files\VstPlugins
2009-11-22 23:45 . 2009-11-22 23:45 0 ----a-w- c:\documents and settings\Dave\ntuser.tmp
2009-11-18 01:11 . 2009-02-20 08:38 -------- d-----w- c:\documents and settings\Dave\Application Data\Skype
2009-11-17 22:11 . 2009-02-20 08:41 -------- d-----w- c:\documents and settings\Dave\Application Data\skypePM
2009-11-17 05:48 . 2009-03-22 02:47 548792 ----a-w- c:\documents and settings\Dave\Application Data\SanDisk\Sansa Updater\SansaUpdater.exe
2009-11-10 05:55 . 2008-12-19 00:19 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-30 06:52 . 2009-10-30 06:52 -------- d--h--r- c:\documents and settings\Dave\Application Data\SecuROM
2009-10-29 19:42 . 2009-10-29 19:42 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2009-10-29 08:24 . 2009-05-19 00:24 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-29 07:48 . 2009-10-29 07:48 -------- d-----w- c:\program files\Celemony
2009-10-29 07:48 . 2008-11-28 04:27 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-19 18:34 . 2009-10-19 18:34 -------- d-----w- c:\program files\ASIO4ALL v2
2009-10-19 18:34 . 2008-11-30 07:49 -------- d-----w- c:\program files\Image-Line
2009-10-19 18:33 . 2009-10-19 18:33 -------- d-----w- c:\program files\Outsim
2009-10-15 08:12 . 2009-10-15 08:12 -------- d-----w- c:\program files\7-Zip
2009-10-09 02:39 . 2009-10-09 02:39 -------- d-----w- c:\documents and settings\Dave\Application Data\com.imeem.DesktopUploader.6C3F108F466C0F04F30B58747CAA4DF34281133B.1
2009-10-09 02:39 . 2009-10-09 02:39 -------- d-----w- c:\program files\imeem Uploader
2009-10-09 02:39 . 2009-10-09 02:39 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-10-09 02:38 . 2009-10-09 02:39 38208 ----a-w- c:\documents and settings\Dave\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-10-09 02:38 . 2009-10-09 02:39 38208 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-09-30 19:34 . 2008-11-30 07:11 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-09-25 05:56 . 2006-02-28 11:00 662016 ----a-w- c:\windows\system32\wininet.dll
2009-09-25 05:56 . 2006-02-28 11:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-09-11 14:33 . 2006-02-28 11:00 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 09:39 . 2009-06-01 03:27 2311 ----a-w- c:\documents and settings\All Users\Application Data\xml141.tmp
2009-09-10 09:39 . 2009-06-01 03:27 13499 ----a-w- c:\documents and settings\All Users\Application Data\xml140.tmp
2009-09-10 09:39 . 2009-06-01 03:27 7972 ----a-w- c:\documents and settings\All Users\Application Data\xml13F.tmp
2009-09-04 20:45 . 2006-02-28 11:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2008-12-20 17:26 . 2008-11-28 04:41 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2008-12-20 17:26 . 2008-11-28 04:41 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-20 17:26 . 2008-11-28 04:41 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2008-12-20 17:26 . 2008-11-28 04:41 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2008-12-20 17:26 . 2008-11-28 04:41 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

------- Sigcheck -------

[-] 2008-12-16 . 3ADCE4790F591BF160A94F6F08039577 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\dllcache\TCPIP.SYS
[-] 2008-12-16 . 3ADCE4790F591BF160A94F6F08039577 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\drivers\TCPIP.SYS
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\tcpip.sys
[7] 2006-02-28 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748$\tcpip.sys

[-] 2009-01-06 . 6225F14B8CE08CCBA8B25AD27843C674 . 502272 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe
[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\winlogon.exe
[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\winlogon.exe


[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\sfcfiles.dll
[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\sfcfiles.dll
[-] 2008-02-22 . 6E266AAF4168B3569A330C61AB01F6B4 . 1580544 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll


c:\windows\System32\wscntfy.exe ... is missing !!
c:\windows\System32\ctfmon.exe ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-05-19 49968]
"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2006-04-07 1343488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ai Nap"="c:\program files\ASUS\Ai Suite\AiNap\AiNap.exe" [2006-07-10 1093632]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-11-02 167936]
"H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2005-12-18 307200]
"Six Engine"="c:\program files\ASUS\EPU-4 Engine\FourEngine.exe" [2008-07-23 5625344]
"DigidesignMMERefresh"="c:\program files\Digidesign\Drivers\MMERefresh.exe" [2006-11-14 61440]
"MAFWTaskbarApp"="c:\windows\system32\MAFWTray.exe" [2007-10-24 245760]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-29 149280]

c:\documents and settings\Dave\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\appcertdlls]
appsecdll REG_SZ c:\windows\system32\wincert.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\games\\MLB05\\mvp2005.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Steinberg\\Cubase SX 3\\Cubasesx3.exe"=
"d:\\Program Files\\TVAnts\\Tvants.exe"=
"c:\\Program Files\\EA SPORTS\\Madden NFL 08\\Updater.exe"=
"c:\\Program Files\\EA SPORTS\\Madden NFL 08\\mainapp.exe"=
"e:\\New Folder\\utorrent.exe"=
"e:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"e:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Documents and Settings\\Dave\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Program Files\\Steam\\steamapps\\jasonnigguardo\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\jasonnigguardo\\counter-strike\\hl.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009.SP3c\\RpcAgentSrv.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009.SP3c\\WNt500x86\\RpcSandraSrv.exe"=
"d:\\Program Files\\StreamTorrent 1.0\\StreamTorrent.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"e:\\games\\SF4\\StreetFighterIV.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 DigiFilter;DigiFilter;c:\windows\system32\drivers\DigiFilt.sys [7/25/2009 11:00 PM 16384]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [11/29/2008 11:28 PM 24652]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [11/29/2008 11:55 PM 33792]
R3 MAFW;MAFW;c:\windows\system32\drivers\mafw.sys [7/29/2009 1:04 AM 186368]
R3 PAC207;Basic Webcam;c:\windows\system32\drivers\PFC027.SYS [2/13/2008 1:17 PM 618112]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\RpcAgentSrv.exe [5/31/2009 10:26 PM 98488]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
vvdsvc REG_MULTI_SZ vvdsvc
.
Contents of the 'Scheduled Tasks' folder

2009-11-30 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-29 02:18]
.
.
------- Supplementary Scan -------
.
FF - ProfilePath - c:\documents and settings\Dave\Application Data\Mozilla\Firefox\Profiles\6jufizyb.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (Eng)
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Mozilla Firefox\extensions\[email protected]\components\qfaservices.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
- - - - ORPHANS REMOVED - - - -

AddRemove-Applied Acoustics Lounge Lizard EP VSTi DXi v3.0 - c:\progra~1\AAS\LOUNGE~1.0\UNWISE.EXE
AddRemove-Arturia CS-80V v1.5 - c:\progra~1\Arturia\CS-80V\UNWISE.EXE
AddRemove-Basement Arts Reflex v1.03 VSTi - c:\progra~1\STEINB~1\VSTPLU~1\Reflex\UNWISE.EXE
AddRemove-Edirol SuperQuartet v1.5 - c:\progra~1\Edirol\SUPERQ~1\UNWISE.EXE
AddRemove-Korg Legacy Collection VSTi v1.0.02 - c:\progra~1\STEINB~1\VSTPLU~1\LEGACY~1\UNWISE.EXE
AddRemove-mIRC - c:\program files\mIRC\uninstall.exe _?=c:\program files\mIRC
AddRemove-Novation V-Station for Cubase SX3 VSTi v1.41 - c:\progra~1\STEINB~1\VSTPLU~1\VSTATI~1\UNWISE.EXE
AddRemove-RealPlayer 12.0 - c:\program files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|12.0
AddRemove-ReCycle v2.1 - c:\progra~1\PROPEL~1\Recycle\UNWISE.EXE
AddRemove-Steam App 10 - c:\program files\Steam\steam.exe steam://uninstall/10
AddRemove-Steam App 240 - c:\program files\Steam\steam.exe steam://uninstall/240
AddRemove-Steam App 440 - c:\program files\Steam\steam.exe steam://uninstall/440
AddRemove-Synapse Junglist VSTi v3.2 - c:\progra~1\STEINB~1\VSTPLU~1\Junglist\UNWISE.EXE
AddRemove-Waves Diamond Bundle v5.2 - c:\progra~1\Waves\DIAMON~1\UNWISE.EXE
AddRemove-{20e0baa7-c13c-4930-a3ca-50a1d475e4ed} - c:\program files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER=XM02-508X-MHAT-19WU-9Z3Z-0CH0-3U6E-85W5-MMHH-6647-1Z5L-7M8C-0U45-758P-0000



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-30 13:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\system32\drivers\rpdjoctkj.sys 71424 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x840C7E07]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba10cfc3
\Driver\ACPI -> ACPI.sys @ 0xb9f7fcb8
\Driver\atapi -> atapi.sys @ 0xb9f117b4
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x8058241c
ParseProcedure -> ntkrnlpa.exe @ 0x8058155c
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x8058241c
ParseProcedure -> ntkrnlpa.exe @ 0x8058155c
NDIS: Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller -> SendCompleteHandler -> NDIS.sys @ 0xb9df8ba0
PacketIndicateHandler -> NDIS.sys @ 0xb9e05b21
SendHandler -> NDIS.sys @ 0xb9de387b
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ikkplxessfxos]
"ImagePath"="\??\c:\windows\system32\drivers\rpdjoctkj.sys"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(800)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(936)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\ATKKBService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\WgaTray.exe
c:\program files\AIM6\aolsoftware.exe
.
**************************************************************************
.
Completion time: 2009-11-30 13:19 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-30 18:19

Pre-Run: 16,084,922,368 bytes free
Post-Run: 15,976,542,208 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - A37EBFCE2A671872DBCFE179651F5E34
  • 0

#6
hammerman
Posted 30 November 2009 - 03:17 PM

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Hi,

Please follow these steps.

-- Step 1 --

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KillAll::

File::

Folder::

Registry::
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ikkplxessfxos]

Driver::

RootKit::
c:\windows\system32\drivers\str.sys
c:\windows\system32\drivers\rpdjoctkj.sys

FCopy::
C:\WINDOWS\system32\dllcache\atapi.sys | C:\WINDOWS\system32\drivers\atapi.sys

MIA::
c:\windows\System32\wscntfy.exe
c:\windows\System32\ctfmon.exe

SRPeek::
c:\windows\system32\winlogon.exe
c:\windows\system32\sfcfiles.dll


Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

-- Step 2 --

  • Make sure to use Internet Explorer for this
  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:

    • c:\windows\system32\drivers\TCPIP.SYS
  • Click on the Upload button
  • If a pop-up appears saying the file has been scanned already, please select the ReScan button.
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.
Repeat with these files.

c:\windows\system32\winlogon.exe
c:\windows\system32\sfcfiles.dll

-- Step 3 --

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
*winlogon*
*sfcfiles*
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
  • 0

#7
dm305
Posted 30 November 2009 - 04:23 PM

dm305

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Thanks again, here are the logs you requested:

ComboFix 09-11-30.02 - Dave 11/30/2009 16:54.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3327.3064 [GMT -5:00]
Running from: c:\documents and settings\Dave\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Dave\Desktop\CFScript.txt
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\rpdjoctkj.sys

c:\windows\System32\wscntfy.exe was missing
Restored copy from - c:\system volume information\_restore{3713EE44-C8DB-4CC0-8FAA-B74FA3314EF7}\RP453\A0180984.exe

c:\windows\System32\ctfmon.exe was missing
Restored copy from - c:\system volume information\_restore{3713EE44-C8DB-4CC0-8FAA-B74FA3314EF7}\RP450\A0167713.exe

.
--------------- FCopy ---------------

c:\windows\system32\dllcache\atapi.sys --> c:\windows\system32\drivers\atapi.sys
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IKKPLXESSFXOS


((((((((((((((((((((((((( Files Created from 2009-10-28 to 2009-11-30 )))))))))))))))))))))))))))))))
.

2009-11-30 21:59 . 2006-02-28 11:00 15360 -c--a-w- c:\windows\system32\dllcache\ctfmon.exe
2009-11-30 21:59 . 2006-02-28 11:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
2009-11-30 21:59 . 2006-02-28 11:00 13824 -c--a-w- c:\windows\system32\dllcache\wscntfy.exe
2009-11-30 21:59 . 2006-02-28 11:00 13824 ----a-w- c:\windows\system32\wscntfy.exe
2009-11-30 01:15 . 2009-11-30 01:15 -------- d-----w- C:\VJVod_Cache
2009-11-30 01:15 . 2009-11-30 01:15 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\nagasoft
2009-11-29 20:24 . 2009-11-29 20:24 -------- d-----w- c:\windows\system32\Nagasoft
2009-11-29 18:10 . 2009-11-29 18:10 -------- d-----w- c:\program files\Java
2009-11-29 18:09 . 2009-11-29 18:09 152576 ----a-w- c:\documents and settings\Dave\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-29 18:09 . 2009-11-29 18:09 79488 ----a-w- c:\documents and settings\Dave\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-29 15:44 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-29 15:44 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-29 15:44 . 2009-11-29 15:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-29 15:30 . 2009-11-29 15:30 -------- d-----w- C:\VundoFix Backups
2009-11-29 15:27 . 2009-11-29 15:27 -------- d-----w- c:\program files\ERUNT
2009-11-25 18:08 . 2009-11-25 18:08 -------- d-----w- c:\documents and settings\Dave\Application Data\Malwarebytes
2009-11-25 18:08 . 2009-11-25 18:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-24 05:13 . 2009-11-24 05:44 -------- d-----w- c:\program files\MagicISO
2009-11-23 10:28 . 2009-11-23 10:28 -------- d-----w- c:\program files\Common Files\Celemony
2009-11-20 21:39 . 2009-11-21 08:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-20 21:39 . 2009-11-20 21:40 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-20 21:37 . 2009-11-20 21:37 -------- d-----w- c:\program files\Trend Micro
2009-11-10 03:01 . 2009-11-10 03:01 -------- d-----w- c:\program files\Veetle

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-30 21:28 . 2009-02-20 08:38 -------- d-----w- c:\documents and settings\Dave\Application Data\Skype
2009-11-30 20:09 . 2009-02-20 08:41 -------- d-----w- c:\documents and settings\Dave\Application Data\skypePM
2009-11-30 07:16 . 2008-12-01 00:45 -------- d-----w- c:\documents and settings\Dave\Application Data\WeatherBug
2009-11-29 18:10 . 2008-12-01 08:16 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-29 11:30 . 2009-04-21 05:14 -------- d-----w- c:\program files\Steam
2009-11-29 06:43 . 2008-12-03 10:01 -------- d-----w- c:\documents and settings\Dave\Application Data\uTorrent
2009-11-25 18:05 . 2008-12-10 10:24 -------- d-----w- c:\program files\SpeedFan
2009-11-23 10:28 . 2009-10-19 18:34 -------- d-----w- c:\program files\VstPlugins
2009-11-22 23:45 . 2009-11-22 23:45 0 ----a-w- c:\documents and settings\Dave\ntuser.tmp
2009-11-17 05:48 . 2009-03-22 02:47 548792 ----a-w- c:\documents and settings\Dave\Application Data\SanDisk\Sansa Updater\SansaUpdater.exe
2009-11-10 05:55 . 2008-12-19 00:19 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-30 06:52 . 2009-10-30 06:52 -------- d--h--r- c:\documents and settings\Dave\Application Data\SecuROM
2009-10-29 19:42 . 2009-10-29 19:42 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2009-10-29 08:24 . 2009-05-19 00:24 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-29 07:48 . 2009-10-29 07:48 -------- d-----w- c:\program files\Celemony
2009-10-29 07:48 . 2008-11-28 04:27 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-19 18:34 . 2009-10-19 18:34 -------- d-----w- c:\program files\ASIO4ALL v2
2009-10-19 18:34 . 2008-11-30 07:49 -------- d-----w- c:\program files\Image-Line
2009-10-19 18:33 . 2009-10-19 18:33 -------- d-----w- c:\program files\Outsim
2009-10-15 08:12 . 2009-10-15 08:12 -------- d-----w- c:\program files\7-Zip
2009-10-09 02:39 . 2009-10-09 02:39 -------- d-----w- c:\documents and settings\Dave\Application Data\com.imeem.DesktopUploader.6C3F108F466C0F04F30B58747CAA4DF34281133B.1
2009-10-09 02:39 . 2009-10-09 02:39 -------- d-----w- c:\program files\imeem Uploader
2009-10-09 02:39 . 2009-10-09 02:39 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-10-09 02:38 . 2009-10-09 02:39 38208 ----a-w- c:\documents and settings\Dave\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-10-09 02:38 . 2009-10-09 02:39 38208 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-09-30 19:34 . 2008-11-30 07:11 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-09-25 05:56 . 2006-02-28 11:00 662016 ------w- c:\windows\system32\wininet.dll
2009-09-25 05:56 . 2006-02-28 11:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-09-11 14:33 . 2006-02-28 11:00 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 09:39 . 2009-06-01 03:27 2311 ----a-w- c:\documents and settings\All Users\Application Data\xml141.tmp
2009-09-10 09:39 . 2009-06-01 03:27 13499 ----a-w- c:\documents and settings\All Users\Application Data\xml140.tmp
2009-09-10 09:39 . 2009-06-01 03:27 7972 ----a-w- c:\documents and settings\All Users\Application Data\xml13F.tmp
2009-09-04 20:45 . 2006-02-28 11:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2008-12-20 17:26 . 2008-11-28 04:41 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2008-12-20 17:26 . 2008-11-28 04:41 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-20 17:26 . 2008-11-28 04:41 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2008-12-20 17:26 . 2008-11-28 04:41 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2008-12-20 17:26 . 2008-11-28 04:41 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

(((((((((((((((((((((((((((((((((((((((((( SR_Search ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
------- Sigcheck -------

[-] 2008-12-16 . 3ADCE4790F591BF160A94F6F08039577 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\dllcache\TCPIP.SYS
[-] 2008-12-16 . 3ADCE4790F591BF160A94F6F08039577 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\drivers\TCPIP.SYS
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\tcpip.sys
[7] 2006-02-28 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748$\tcpip.sys

[-] 2009-01-06 . 6225F14B8CE08CCBA8B25AD27843C674 . 502272 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe
[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\winlogon.exe
[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\winlogon.exe

[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\sfcfiles.dll
[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\sfcfiles.dll
[-] 2008-02-22 . 6E266AAF4168B3569A330C61AB01F6B4 . 1580544 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-11-30_18.15.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-30 22:00 . 2009-11-30 22:00 16384 c:\windows\temp\Perflib_Perfdata_d4.dat
+ 2006-02-28 11:00 . 2009-11-30 22:05 71264 c:\windows\system32\perfc009.dat
- 2006-02-28 11:00 . 2009-11-30 17:58 71264 c:\windows\system32\perfc009.dat
+ 2009-11-30 09:30 . 2009-11-30 21:53 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-11-30 09:30 . 2009-11-30 18:14 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2008-11-28 04:05 . 2009-11-30 18:14 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-11-28 04:05 . 2009-11-30 21:53 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-11-28 04:05 . 2009-11-30 21:53 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-11-28 04:05 . 2009-11-30 18:14 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2006-02-28 11:00 . 2009-11-30 22:05 441454 c:\windows\system32\perfh009.dat
- 2006-02-28 11:00 . 2009-11-30 17:58 441454 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-05-19 49968]
"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2006-04-07 1343488]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-02-28 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ai Nap"="c:\program files\ASUS\Ai Suite\AiNap\AiNap.exe" [2006-07-10 1093632]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-11-02 167936]
"H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2005-12-18 307200]
"Six Engine"="c:\program files\ASUS\EPU-4 Engine\FourEngine.exe" [2008-07-23 5625344]
"DigidesignMMERefresh"="c:\program files\Digidesign\Drivers\MMERefresh.exe" [2006-11-14 61440]
"MAFWTaskbarApp"="c:\windows\system32\MAFWTray.exe" [2007-10-24 245760]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-29 149280]

c:\documents and settings\Dave\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\appcertdlls]
appsecdll REG_SZ c:\windows\system32\wincert.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\games\\MLB05\\mvp2005.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Steinberg\\Cubase SX 3\\Cubasesx3.exe"=
"d:\\Program Files\\TVAnts\\Tvants.exe"=
"c:\\Program Files\\EA SPORTS\\Madden NFL 08\\Updater.exe"=
"c:\\Program Files\\EA SPORTS\\Madden NFL 08\\mainapp.exe"=
"e:\\New Folder\\utorrent.exe"=
"e:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"e:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Documents and Settings\\Dave\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Program Files\\Steam\\steamapps\\jasonnigguardo\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\jasonnigguardo\\counter-strike\\hl.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009.SP3c\\RpcAgentSrv.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009.SP3c\\WNt500x86\\RpcSandraSrv.exe"=
"d:\\Program Files\\StreamTorrent 1.0\\StreamTorrent.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"e:\\games\\SF4\\StreetFighterIV.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 DigiFilter;DigiFilter;c:\windows\system32\drivers\DigiFilt.sys [7/25/2009 11:00 PM 16384]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [11/29/2008 11:28 PM 24652]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [11/29/2008 11:55 PM 33792]
R3 MAFW;MAFW;c:\windows\system32\drivers\mafw.sys [7/29/2009 1:04 AM 186368]
R3 PAC207;Basic Webcam;c:\windows\system32\drivers\PFC027.SYS [2/13/2008 1:17 PM 618112]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\RpcAgentSrv.exe [5/31/2009 10:26 PM 98488]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
vvdsvc REG_MULTI_SZ vvdsvc
.
Contents of the 'Scheduled Tasks' folder

2009-11-30 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-29 02:18]
.
.
------- Supplementary Scan -------
.
FF - ProfilePath - c:\documents and settings\Dave\Application Data\Mozilla\Firefox\Profiles\6jufizyb.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (Eng)
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Mozilla Firefox\extensions\[email protected]\components\qfaservices.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-30 17:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(804)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3008)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\ATKKBService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\WgaTray.exe
c:\program files\AIM6\aolsoftware.exe
.
**************************************************************************
.
Completion time: 2009-11-30 17:07 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-30 22:07

Pre-Run: 15,907,667,968 bytes free
Post-Run: 15,921,557,504 bytes free

- - End Of File - - C7B157728A0A32B6DF0842F3E75E0D2C


---------------------------------

VirSCAN.org Scanned Report :
Scanned time : 2009/11/30 16:52:02 (EST)
Scanner results: Scanners did not find malware!
File Name : TCPIP.SYS
File Size : 360320 byte
File Type : PE32 executable for MS Windows (native) Intel 80386 32-bit
MD5 : 3adce4790f591bf160a94f6f08039577
SHA1 : d0f02ab9b940322c8644ac49526df1422ba732bd
Online report : http://virscan.org/r...2c601ced7b.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.8 20091201040131 2009-12-01 4.03 -
AhnLab V3 2009.11.29.00 2009.11.29 2009-11-29 0.96 -
AntiVir 8.2.1.88 7.10.1.123 2009-11-30 0.12 -
Antiy 2.0.18 20091127.3320938 2009-11-27 0.12 -
Arcavir 2009 200911301242 2009-11-30 0.36 -
Authentium 5.1.1 200911301123 2009-11-30 2.20 -
AVAST! 4.7.4 091130-1 2009-11-30 0.02 -
AVG 8.5.288 270.14.87/2536 2009-11-30 0.34 -
BitDefender 7.81008.4667490 7.29225 2009-12-01 3.98 -
CA (VET) 35.1.0 7146 2009-11-27 7.07 -
ClamAV 0.95.2 10095 2009-11-30 0.08 -
Comodo 3.12 3094 2009-11-30 0.74 -
CP Secure 1.3.0.5 2009.11.28 2009-11-28 0.32 -
Dr.Web 4.44.0.9170 2009.11.30 2009-11-30 7.47 -
F-Prot 4.4.4.56 20091130 2009-11-30 2.11 -
F-Secure 7.02.73807 2009.11.30.14 2009-11-30 0.13 -
Fortinet 11.111- 11.111 2009-11-30 0.21 -
GData 19.9099/19.598 20091130 2009-11-30 6.03 -
ViRobot 20091130 2009.11.30 2009-11-30 0.49 -
Ikarus T3.1.01.74 2009.11.30.74623 2009-11-30 4.20 -
JiangMin 11.0.800 2009.11.27 2009-11-27 4.10 -
Kaspersky 5.5.10 2009.11.30 2009-11-30 0.07 -
KingSoft 2009.2.5.15 2009.11.30.22 2009-11-30 0.64 -
McAfee 5.3.00 5818 2009-11-30 3.39 -
Microsoft 1.5302 2009.11.30 2009-11-30 6.24 -
Norman 6.01.09 6.01.00 2009-11-30 4.00 -
Panda 9.05.01 2009.11.30 2009-11-30 2.92 -
Trend Micro 9.000-1003 6.662.08 2009-11-30 0.00 -
Quick Heal 10.00 2009.11.30 2009-11-30 2.33 -
Rising 20.0 22.24.00.09 2009-11-30 1.32 -
Sophos 3.01.0 4.47 2009-12-01 3.10 -
Sunbelt 5518 5518 2009-11-18 1.77 -
Symantec 1.3.0.24 20091130.004 2009-11-30 0.07 -
nProtect 20091127.01 6396533 2009-11-27 3.75 -
The Hacker 6.5.0.2 v00082 2009-11-30 0.74 -
VBA32 3.12.12.0 20091129.2113 2009-11-29 2.25 -
VirusBuster 4.5.11.10 10.114.5/2017549 2009-11-30 2.58 -

__________


VirSCAN.org Scanned Report :
Scanned time : 2009/11/30 16:55:34 (EST)
Scanner results: 5% Scanner(s) (2/37) found malware!
File Name : winlogon.exe
File Size : 502272 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 6225f14b8ce08ccba8b25ad27843c674
SHA1 : ec2dbfe0c28b004bee344daa53fdc2e2ced0695f
Online report : http://virscan.org/r...92ba330027.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.8 20091201040131 2009-12-01 4.10 -
AhnLab V3 2009.11.29.00 2009.11.29 2009-11-29 0.98 -
AntiVir 8.2.1.88 7.10.1.123 2009-11-30 0.09 -
Antiy 2.0.18 20091127.3320938 2009-11-27 0.12 -
Arcavir 2009 200911301242 2009-11-30 0.10 -
Authentium 5.1.1 200911301123 2009-11-30 2.20 W32/Swizzor-based.2!Maximus (Heuristic)
AVAST! 4.7.4 091130-1 2009-11-30 0.03 -
AVG 8.5.288 270.14.87/2536 2009-11-30 0.34 -
BitDefender 7.81008.4667490 7.29225 2009-12-01 3.99 -
CA (VET) 35.1.0 7146 2009-11-27 7.41 -
ClamAV 0.95.2 10095 2009-11-30 0.09 -
Comodo 3.12 3094 2009-11-30 0.74 -
CP Secure 1.3.0.5 2009.11.28 2009-11-28 0.09 -
Dr.Web 4.44.0.9170 2009.11.30 2009-11-30 7.32 -
F-Prot 4.4.4.56 20091130 2009-11-30 2.14 Possible W32/Swizzor-based.2!Maximus
F-Secure 7.02.73807 2009.11.30.14 2009-11-30 9.38 -
Fortinet 11.111- 11.111 2009-11-30 0.31 -
GData 19.9100/19.598 20091130 2009-11-30 5.38 -
ViRobot 20091130 2009.11.30 2009-11-30 0.41 -
Ikarus T3.1.01.74 2009.11.30.74623 2009-11-30 4.22 -
JiangMin 11.0.800 2009.11.27 2009-11-27 4.83 -
Kaspersky 5.5.10 2009.11.30 2009-11-30 0.11 -
KingSoft 2009.2.5.15 2009.11.30.22 2009-11-30 0.51 -
McAfee 5.3.00 5818 2009-11-30 3.37 -
Microsoft 1.5302 2009.11.30 2009-11-30 6.00 -
Norman 6.01.09 6.01.00 2009-11-30 4.00 -
Panda 9.05.01 2009.11.30 2009-11-30 4.65 -
Trend Micro 9.000-1003 6.662.08 2009-11-30 0.00 -
Quick Heal 10.00 2009.11.30 2009-11-30 1.38 -
Rising 20.0 22.24.00.09 2009-11-30 1.04 -
Sophos 3.01.0 4.47 2009-12-01 3.10 -
Sunbelt 5518 5518 2009-11-18 1.89 -
Symantec 1.3.0.24 20091130.004 2009-11-30 0.06 -
nProtect 20091127.01 6396533 2009-11-27 3.74 -
The Hacker 6.5.0.2 v00082 2009-11-30 0.77 -
VBA32 3.12.12.0 20091129.2113 2009-11-29 2.50 -
VirusBuster 4.5.11.10 10.114.5/2017549 2009-11-30 3.52 -

__________

VirSCAN.org Scanned Report :
Scanned time : 2009/11/30 16:59:52 (EST)
Scanner results: Scanners did not find malware!
File Name : sfcfiles.dll
File Size : 1580544 byte
File Type : PE32 executable for MS Windows (DLL) (console) Intel 80386 3
MD5 : 6e266aaf4168b3569a330c61ab01f6b4
SHA1 : 92ed1089d9c2f5ce0a8787cc5f8ae0d2b3133a8a
Online report : http://virscan.org/r...768e6447ec.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.8 20091201040131 2009-12-01 4.03 -
AhnLab V3 2009.11.29.00 2009.11.29 2009-11-29 0.93 -
AntiVir 8.2.1.88 7.10.1.123 2009-11-30 0.50 -
Antiy 2.0.18 20091127.3320938 2009-11-27 0.12 -
Arcavir 2009 200911301242 2009-11-30 0.06 -
Authentium 5.1.1 200911301123 2009-11-30 1.22 -
AVAST! 4.7.4 091130-1 2009-11-30 0.07 -
AVG 8.5.288 270.14.87/2536 2009-11-30 0.33 -
BitDefender 7.81008.4667490 7.29225 2009-12-01 4.02 -
CA (VET) 35.1.0 7146 2009-11-27 3.87 -
ClamAV 0.95.2 10095 2009-11-30 0.20 -
Comodo 3.12 3094 2009-11-30 0.82 -
CP Secure 1.3.0.5 2009.11.28 2009-11-28 0.42 -
Dr.Web 4.44.0.9170 2009.11.30 2009-11-30 7.33 -
F-Prot 4.4.4.56 20091130 2009-11-30 1.21 -
F-Secure 7.02.73807 2009.11.30.14 2009-11-30 9.24 -
Fortinet 11.111- 11.111 2009-11-30 0.21 -
GData 19.9100/19.598 20091130 2009-11-30 5.51 -
ViRobot 20091130 2009.11.30 2009-11-30 0.41 -
Ikarus T3.1.01.74 2009.11.30.74623 2009-11-30 4.18 -
JiangMin 11.0.800 2009.11.27 2009-11-27 4.45 -
Kaspersky 5.5.10 2009.11.30 2009-11-30 0.07 -
KingSoft 2009.2.5.15 2009.11.30.22 2009-11-30 0.51 -
McAfee 5.3.00 5818 2009-11-30 3.32 -
Microsoft 1.5302 2009.11.30 2009-11-30 6.00 -
Norman 6.01.09 6.01.00 2009-11-30 4.00 -
Panda 9.05.01 2009.11.30 2009-11-30 1.82 -
Trend Micro 9.000-1003 6.662.08 2009-11-30 0.00 -
Quick Heal 10.00 2009.11.30 2009-11-30 1.97 -
Rising 20.0 22.24.00.09 2009-11-30 0.97 -
Sophos 3.01.0 4.47 2009-12-01 3.11 -
Sunbelt 5518 5518 2009-11-18 1.74 -
Symantec 1.3.0.24 20091130.004 2009-11-30 0.08 -
nProtect 20091127.01 6396533 2009-11-27 4.10 -
The Hacker 6.5.0.2 v00082 2009-11-30 1.15 -
VBA32 3.12.12.0 20091129.2113 2009-11-29 2.16 -
VirusBuster 4.5.11.10 10.114.5/2017549 2009-11-30 2.50 -


---------------------------------

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 17:21 on 30/11/2009 by Dave (Administrator - Elevation successful)

========== filefind ==========

Searching for "*winlogon*"
C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\winlogon.exe --a--- 507904 bytes [00:12 14/04/2008] [00:12 14/04/2008] ED0EF0A136DEC83DF69F04118870003E
C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\winlogon.exe --a--- 507904 bytes [16:35 28/04/2009] [00:12 14/04/2008] ED0EF0A136DEC83DF69F04118870003E
C:\WINDOWS\system32\winlogon.bak --a--- 502272 bytes [11:00 28/02/2006] [11:00 28/02/2006] 01C3346C241652F43AED8E2149881BFE
C:\WINDOWS\system32\winlogon.exe --a--- 502272 bytes [11:00 28/02/2006] [17:59 06/01/2009] 6225F14B8CE08CCBA8B25AD27843C674

Searching for "*sfcfiles*"
C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\sfcfiles.dll --a--- 1614848 bytes [00:12 14/04/2008] [00:12 14/04/2008] 9DD07AF82244867CA36681EA2D29CE79
C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\sfcfiles.dll --a--- 1614848 bytes [16:35 28/04/2009] [00:12 14/04/2008] 9DD07AF82244867CA36681EA2D29CE79
C:\WINDOWS\system32\sfcfiles.dll --a--- 1580544 bytes [15:11 22/02/2008] [15:11 22/02/2008] 6E266AAF4168B3569A330C61AB01F6B4

-=End Of File=-
  • 0

#8
hammerman
Posted 30 November 2009 - 11:51 PM

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Hi,

I notice that you do not have an antivirus program running on your computer. Without this protection, you are extremely vulnerable to the ever-increasing number of viruses and malware present today. This is so important that I ask you to install an antivirus program before we proceed.

There are many free programs available for you to use. Two such programs are Avast from here or Avira from here. Please install ONE of these programs now and ensure you carry out a full update.
  • 0

#9
dm305
Posted 01 December 2009 - 02:28 AM

dm305

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

Hi,

I notice that you do not have an antivirus program running on your computer. Without this protection, you are extremely vulnerable to the ever-increasing number of viruses and malware present today. This is so important that I ask you to install an antivirus program before we proceed.

There are many free programs available for you to use. Two such programs are Avast from here or Avira from here. Please install ONE of these programs now and ensure you carry out a full update.


Thanks for looking out....... I never did have an antivirus as I figured they were always behind the latest virus definitions and I could handle it better myself. But I guess you're right, they're necessary. I just downloaded and updated Avast.
  • 0

#10
hammerman
Posted 01 December 2009 - 11:32 AM

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Hi,

Please follow these steps and then give me an update on how your computer's running.

-- Step 1 --

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

-- Step 2 --

Run Malwarebytes' Anti-Malware.
  • Select the Update tab and then click Check for Updates. If an update is found, it will download and install the latest version.
  • Select the Scanner tab, select "Perform full scan", then click Scan
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

-- Step 3 --

Run OTL
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Custom Scans/Fixes box paste this in the following.

    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
  • When the scan completes, it will open a notepad window, OTL.Txt. This is saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

  • 0

Advertisements

#11
dm305
Posted 01 December 2009 - 03:06 PM

dm305

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Thanks Hammerhead. The computer seems to be running well (No popups), but there's a few things I need to tell you though:

- When I downloaded avast, it ran a scan the next time I rebooted my machine, before I followed the instructions in your post above. The scan was done before windows launched, and it found multiple infected files and deleted them.

- When I ran the MBAM scan, avast was running, and it found multiple infected files during the MBAM scan. When it found these files, MBAM scan would pause, until I clicked "Move to Chest", and then it would continue. MBAM scan itself found 0 infected files, but over the course of the scan about 6 files were found by avast. Please let me know if you want information on these infected files

I hope this didn't blow our progress in any way. Anyway, below are the logs

---------------------------

Malwarebytes' Anti-Malware 1.41
Database version: 3268
Windows 5.1.2600 Service Pack 2

12/1/2009 3:42:06 PM
mbam-log-2009-12-01 (15-42-06).txt

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 339625
Time elapsed: 1 hour(s), 28 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

-------------------------

OTL logfile created on: 12/1/2009 3:47:21 PM - Run 2
OTL by OldTimer - Version 3.1.11.3 Folder = D:\Downloads\NexDownloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.23 Gb Total Space | 14.71 Gb Free Space | 21.24% Space Free | Partition Type: NTFS
Drive D: | 117.19 Gb Total Space | 4.14 Gb Free Space | 3.53% Space Free | Partition Type: NTFS
Drive E: | 115.69 Gb Total Space | 2.84 Gb Free Space | 2.45% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DAVE-07511676E2
Current User Name: Dave
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - D:\Downloads\NexDownloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
PRC - C:\WINDOWS\system32\WgaTray.exe (Microsoft Corporation)
PRC - C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe ()
PRC - C:\WINDOWS\system32\mafwTray.exe (Avid Technology, Inc.)
PRC - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\Program Files\Digidesign\Drivers\MMERefresh.exe (Digidesign, A Division of Avid Technology, Inc.)
PRC - C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe ()
PRC - C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
PRC - C:\Program Files\Syncrosoft\POS\H2O\cledx.exe (Team H2O)
PRC - C:\WINDOWS\ATKKBService.exe (ASUSTeK COMPUTER INC.)


========== Modules (SafeList) ==========

MOD - D:\Downloads\NexDownloads\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (aswUpdSv) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (vvdsvc) -- C:\WINDOWS\system32\Nagasoft\vjocx.dll (NanJing Nagasoft Co, LTD.)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (SandraAgentSrv) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\RpcAgentSrv.exe (SiSoftware)
SRV - (Ati HotKey Poller) -- C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.)
SRV - (ATI Smart) -- C:\WINDOWS\system32\ati2sgag.exe ()
SRV - (DTSRVC) -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe ()
SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (DigiRefresh) -- C:\Program Files\Digidesign\Drivers\MMERefresh.exe (Digidesign, A Division of Avid Technology, Inc.)
SRV - (digiSPTIService) -- C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe (Digidesign, A Division of Avid Technology, Inc.)
SRV - (odserv) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (ATKKeyboardService) -- C:\WINDOWS\ATKKBService.exe (ASUSTeK COMPUTER INC.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Wikipedia (Eng)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 7171


FF - HKLM\software\mozilla\eMusic Download Manager\Extensions\\Components: C:\Program Files\eMusic Download Manager\xulrunner\components [2009/09/30 14:34:38 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\eMusic Download Manager\Extensions\\Plugins: C:\Program Files\eMusic Download Manager\xulrunner\plugins [2009/09/30 14:34:41 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/09/30 14:34:38 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/10 00:55:16 | 00,000,000 | ---D | M]

[2009/11/30 17:32:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\6jufizyb.default\extensions
[2009/01/17 04:19:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\6jufizyb.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/11/29 09:48:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\6jufizyb.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/11/20 12:20:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\6jufizyb.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/03/20 01:51:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\6jufizyb.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009/01/27 04:08:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\6jufizyb.default\extensions\{FFA36170-80B1-4535-B0E3-A4569E497DD0}
[2009/11/30 04:26:28 | 00,001,087 | ---- | M] () -- C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\6jufizyb.default\searchplugins\baseball-referencecom.xml
[2009/01/28 23:40:59 | 00,006,280 | ---- | M] () -- C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\6jufizyb.default\searchplugins\btjunkie.xml
[2009/02/11 16:47:15 | 00,001,591 | ---- | M] () -- C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\6jufizyb.default\searchplugins\dictionary.xml
[2009/11/30 04:26:28 | 00,001,973 | ---- | M] () -- C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\6jufizyb.default\searchplugins\mycroft-project.xml
[2009/11/30 04:26:28 | 00,002,721 | ---- | M] () -- C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\6jufizyb.default\searchplugins\pro-football-reference.xml
[2009/01/28 23:38:26 | 00,001,032 | ---- | M] () -- C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\6jufizyb.default\searchplugins\wikipedia-eng.xml
[2009/11/30 17:32:01 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/12/01 03:16:20 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
[2008/12/04 14:47:59 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2008/12/20 12:26:14 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2008/12/20 12:26:14 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2008/12/20 12:26:05 | 00,067,688 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jar50.dll
[2008/12/20 12:26:06 | 00,054,368 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jsd3250.dll
[2008/12/20 12:26:06 | 00,034,944 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\myspell.dll
[2008/12/20 12:26:07 | 00,046,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\spellchk.dll
[2008/12/20 12:26:07 | 00,172,136 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\xpinstal.dll
[2007/04/16 12:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: (27 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [Ai Nap] C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe ()
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe (Digidesign, A Division of Avid Technology, Inc.)
O4 - HKLM..\Run: [H2O] C:\Program Files\Syncrosoft\POS\H2O\cledx.exe (Team H2O)
O4 - HKLM..\Run: [MAFWTaskbarApp] C:\WINDOWS\system32\mafwTray.exe (Avid Technology, Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [Six Engine] C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [Aim6] C:\Program Files\AIM6\aim6.exe (AOL LLC)
O4 - HKCU..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O4 - Startup: C:\Documents and Settings\Dave\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/11/27 22:52:59 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/06/28 21:22:26 | 00,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/12/01 13:54:58 | 00,000,000 | ---D | M] - E:\autorunbackups -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16610472484667392)

========== Files/Folders - Created Within 14 Days ==========

[2009/12/01 14:08:29 | 00,341,504 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dave\Desktop\TFC.exe
[2009/12/01 03:25:20 | 00,048,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/12/01 03:25:20 | 00,023,120 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/12/01 03:25:19 | 00,027,408 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/12/01 03:25:18 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/12/01 03:25:18 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009/12/01 03:25:18 | 00,094,160 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/12/01 03:25:18 | 00,093,424 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/12/01 03:25:18 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/12/01 03:25:05 | 01,280,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/12/01 03:25:04 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/12/01 03:21:43 | 00,308,160 | ---- | C] (ALWIL Software) -- C:\Documents and Settings\Dave\Desktop\avast_home_setup.exe
[2009/11/30 16:59:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009/11/30 13:05:54 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/11/30 13:03:43 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/11/30 13:03:43 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/11/30 13:03:43 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/11/30 13:03:43 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/11/30 13:03:03 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/11/29 20:15:49 | 00,000,000 | -H-D | C] -- C:\VJVod_Cache
[2009/11/29 15:24:06 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Nagasoft
[2009/11/29 13:10:00 | 00,000,000 | ---D | C] -- C:\Program Files\Java
[2009/11/29 10:44:54 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/11/29 10:44:53 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/11/29 10:44:52 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/11/29 10:30:39 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2009/11/29 10:27:56 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/11/29 10:27:30 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/11/28 22:53:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Desktop\Vinyl Room
[2009/11/25 13:08:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Application Data\Malwarebytes
[2009/11/25 13:08:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/11/24 00:13:05 | 00,000,000 | ---D | C] -- C:\Program Files\MagicISO
[2009/11/23 05:42:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dave\My Documents\MelodynePlugin
[2009/11/23 05:28:04 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Celemony
[2009/11/20 16:39:41 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/11/20 16:39:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/11/20 16:37:30 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[3 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[1 C:\Documents and Settings\Dave\*.tmp files -> C:\Documents and Settings\Dave\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2009/12/01 14:15:47 | 00,521,942 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/12/01 14:15:47 | 00,441,454 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/12/01 14:15:47 | 00,071,264 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/12/01 14:11:48 | 00,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2009/12/01 14:11:29 | 00,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/12/01 14:11:14 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/01 14:11:09 | 00,121,808 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2009/12/01 14:11:09 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/01 14:10:20 | 10,485,760 | ---- | M] () -- C:\Documents and Settings\Dave\ntuser.dat
[2009/12/01 14:10:20 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Dave\ntuser.ini
[2009/12/01 14:08:26 | 00,341,504 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dave\Desktop\TFC.exe
[2009/12/01 03:25:20 | 00,001,709 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/12/01 03:25:18 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/12/01 03:21:41 | 00,308,160 | ---- | M] (ALWIL Software) -- C:\Documents and Settings\Dave\Desktop\avast_home_setup.exe
[2009/11/30 23:01:13 | 07,843,299 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\Snoop Dogg ft. Brandy & Pharrell - Special.mp3
[2009/11/30 17:21:16 | 00,102,660 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\SystemLook.exe
[2009/11/30 17:04:21 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/11/30 17:04:12 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/11/30 16:28:12 | 00,000,799 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/11/30 16:28:09 | 03,573,401 | R--- | M] () -- C:\Documents and Settings\Dave\Desktop\Combo-Fix.exe
[2009/11/30 13:05:58 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/11/29 22:04:17 | 00,000,471 | ---- | M] () -- C:\WINDOWS\System32\Datei4
[2009/11/29 22:04:17 | 00,000,471 | ---- | M] () -- C:\WINDOWS\System32\Datei2
[2009/11/29 22:04:17 | 00,000,470 | ---- | M] () -- C:\WINDOWS\System32\Datei3
[2009/11/29 22:04:17 | 00,000,470 | ---- | M] () -- C:\WINDOWS\System32\Datei1
[2009/11/29 22:04:17 | 00,000,469 | ---- | M] () -- C:\WINDOWS\System32\Datei7
[2009/11/29 22:04:17 | 00,000,469 | ---- | M] () -- C:\WINDOWS\System32\Datei5
[2009/11/29 22:04:17 | 00,000,468 | ---- | M] () -- C:\WINDOWS\System32\Datei0
[2009/11/29 22:04:17 | 00,000,467 | ---- | M] () -- C:\WINDOWS\System32\Datei9
[2009/11/29 22:04:17 | 00,000,467 | ---- | M] () -- C:\WINDOWS\System32\Datei8
[2009/11/29 22:04:17 | 00,000,467 | ---- | M] () -- C:\WINDOWS\System32\Datei10
[2009/11/29 22:04:17 | 00,000,465 | ---- | M] () -- C:\WINDOWS\System32\Datei6
[2009/11/29 10:44:56 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/29 10:27:46 | 00,000,767 | ---- | M] () -- C:\Documents and Settings\Dave\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/11/29 10:27:30 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\NTREGOPT.lnk
[2009/11/29 10:27:30 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\ERUNT.lnk
[2009/11/29 06:30:36 | 03,707,952 | -H-- | M] () -- C:\Documents and Settings\Dave\Local Settings\Application Data\IconCache.db
[2009/11/29 02:38:55 | 00,002,193 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk
[2009/11/29 00:39:04 | 00,165,376 | ---- | M] () -- C:\Documents and Settings\Dave\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/26 22:11:31 | 04,927,808 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\01 WhateverUWantDirty.mp3
[2009/11/25 22:03:14 | 00,000,095 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2009/11/25 15:21:39 | 00,085,504 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\Inherit.exe
[2009/11/25 03:00:50 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/11/24 18:54:29 | 01,280,480 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/11/24 18:51:09 | 00,093,424 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/11/24 18:50:59 | 00,094,160 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/11/24 18:50:12 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/11/24 18:50:00 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/11/24 18:49:07 | 00,048,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/11/24 18:48:57 | 00,023,120 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/11/24 18:47:54 | 00,027,408 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/11/24 18:47:28 | 00,097,480 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009/11/24 01:41:19 | 19,325,5424 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\bootXP.iso
[2009/11/24 00:44:53 | 00,001,486 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\MagicISO.lnk
[2009/11/23 05:41:05 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/11/20 16:37:31 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\HijackThis.lnk
[2009/11/20 01:19:00 | 02,699,125 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\Young Swift - Trouble.mp3
[2009/11/19 16:22:42 | 04,599,351 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\Ester_Dean_ft_Chris_Brown-Drop_it_Low-(Al_Sween_Remix)(Clean).mp3
[2009/11/19 01:11:20 | 01,408,104 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\scratch2.mp3
[2009/11/18 23:27:17 | 95,233,254 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\dnb.mp3
[2009/11/18 20:41:35 | 00,625,058 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\scratch.mp3
[2009/11/17 21:39:36 | 07,165,910 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\182Reup.mp3
[2009/11/17 20:29:24 | 00,000,219 | ---- | M] () -- C:\WINDOWS\System32\lsprst7.tgz
[2009/11/17 20:29:24 | 00,000,087 | ---- | M] () -- C:\WINDOWS\System32\ssprs.tgz
[2009/11/17 18:48:46 | 02,866,650 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\Charlie_bit_me_Auto-Tuned.flv
[2009/11/17 17:42:26 | 03,931,034 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\Yup-2.mp3
[3 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[1 C:\Documents and Settings\Dave\*.tmp files -> C:\Documents and Settings\Dave\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/12/01 03:25:20 | 00,001,709 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/12/01 03:25:05 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2009/11/30 23:00:38 | 07,843,299 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\Snoop Dogg ft. Brandy & Pharrell - Special.mp3
[2009/11/30 17:21:15 | 00,102,660 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\SystemLook.exe
[2009/11/30 16:28:03 | 03,573,401 | R--- | C] () -- C:\Documents and Settings\Dave\Desktop\Combo-Fix.exe
[2009/11/30 13:05:58 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/11/30 13:05:55 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/11/30 13:03:43 | 00,260,608 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/11/30 13:03:43 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/11/30 13:03:43 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/11/30 13:03:43 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2009/11/30 13:03:43 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/11/29 10:44:56 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/29 10:27:46 | 00,000,767 | ---- | C] () -- C:\Documents and Settings\Dave\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/11/29 10:27:30 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\NTREGOPT.lnk
[2009/11/29 10:27:30 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\ERUNT.lnk
[2009/11/27 00:35:49 | 04,927,808 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\01 WhateverUWantDirty.mp3
[2009/11/25 15:21:46 | 00,085,504 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\Inherit.exe
[2009/11/24 01:41:15 | 19,325,5424 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\bootXP.iso
[2009/11/24 00:13:05 | 00,001,486 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\MagicISO.lnk
[2009/11/20 16:37:31 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\HijackThis.lnk
[2009/11/20 03:18:00 | 02,699,125 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\Young Swift - Trouble.mp3
[2009/11/19 16:27:32 | 04,599,351 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\Ester_Dean_ft_Chris_Brown-Drop_it_Low-(Al_Sween_Remix)(Clean).mp3
[2009/11/19 01:11:16 | 01,408,104 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\scratch2.mp3
[2009/11/18 23:24:59 | 95,233,254 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\dnb.mp3
[2009/11/18 20:41:33 | 00,625,058 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\scratch.mp3
[2009/11/17 21:38:10 | 07,165,910 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\182Reup.mp3
[2009/11/17 18:48:27 | 02,866,650 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\Charlie_bit_me_Auto-Tuned.flv
[2009/11/17 17:39:53 | 03,931,034 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\Yup-2.mp3
[2009/10/15 03:36:43 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.INI
[2009/09/30 14:35:00 | 00,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/09/05 20:09:27 | 00,870,128 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\mcs.rma
[2009/09/05 20:09:27 | 00,000,004 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\B07C9A
[2009/07/25 23:00:10 | 00,217,088 | ---- | C] () -- C:\WINDOWS\System32\qtmlClient.dll
[2009/07/25 23:00:05 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\DigiPlatformSupport.dll
[2009/07/15 09:08:35 | 00,000,095 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2009/05/31 22:26:19 | 10,440,704 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sandra.mda
[2009/05/18 19:24:13 | 00,625,152 | ---- | C] () -- C:\WINDOWS\System32\mp3tsshx.dll
[2009/04/21 23:19:06 | 00,172,173 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2009/04/14 17:44:36 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/01/11 04:11:53 | 00,163,840 | ---- | C] () -- C:\WINDOWS\System32\ArtFfct.dll
[2009/01/11 04:11:52 | 12,550,144 | ---- | C] () -- C:\WINDOWS\CS-80V(10 voices).dll
[2009/01/06 01:26:09 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/12/22 21:35:42 | 00,157,184 | ---- | C] () -- C:\WINDOWS\System32\xnrar.dll
[2008/12/21 05:16:49 | 00,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/12/21 05:16:48 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/12/21 05:16:48 | 01,559,040 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/12/21 05:16:48 | 00,282,624 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/12/21 05:16:47 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/12/21 05:16:47 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/12/03 18:51:28 | 00,000,039 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2008/11/30 05:32:54 | 00,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2008/11/30 05:32:54 | 00,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2008/11/30 05:32:54 | 00,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2008/11/30 00:20:36 | 00,000,316 | ---- | C] () -- C:\WINDOWS\System32\Remover.ini
[2008/11/29 19:16:17 | 00,165,376 | ---- | C] () -- C:\Documents and Settings\Dave\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/28 13:47:20 | 00,000,127 | ---- | C] () -- C:\Documents and Settings\Dave\Local Settings\Application Data\fusioncache.dat
[2008/11/28 13:46:05 | 00,010,496 | ---- | C] () -- C:\WINDOWS\System32\ATKOSDMini.DLL
[2008/11/28 13:46:05 | 00,000,018 | ---- | C] () -- C:\WINDOWS\System32\atkid.ini
[2008/11/28 13:46:04 | 00,046,592 | ---- | C] () -- C:\WINDOWS\System32\asfrench.dll
[2008/11/28 13:46:04 | 00,046,080 | ---- | C] () -- C:\WINDOWS\System32\asrussian.dll
[2008/11/28 13:46:04 | 00,046,080 | ---- | C] () -- C:\WINDOWS\System32\asgerman.dll
[2008/11/28 13:46:04 | 00,046,080 | ---- | C] () -- C:\WINDOWS\System32\aseng.dll
[2008/11/28 13:46:04 | 00,045,568 | ---- | C] () -- C:\WINDOWS\System32\askorean.dll
[2008/11/28 13:46:04 | 00,045,568 | ---- | C] () -- C:\WINDOWS\System32\asjapan.dll
[2008/11/28 13:46:04 | 00,045,568 | ---- | C] () -- C:\WINDOWS\System32\ASCHT.dll
[2008/11/28 13:46:04 | 00,045,568 | ---- | C] () -- C:\WINDOWS\System32\aschs.dll
[2008/11/27 23:29:19 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2008/11/27 23:29:19 | 00,012,400 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2008/11/27 23:29:17 | 00,011,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys
[2008/11/27 23:29:17 | 00,010,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys
[2008/11/27 23:24:30 | 00,029,322 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2008/11/27 23:24:17 | 00,028,545 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2008/11/27 23:24:14 | 00,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2008/11/27 23:24:09 | 00,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2007/10/25 19:02:54 | 00,000,566 | ---- | C] () -- C:\WINDOWS\System32\SP207.ini
[2007/07/12 07:04:02 | 00,002,354 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

========== LOP Check ==========

[2008/11/29 23:28:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2008/12/21 05:15:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NETGEAR
[2009/07/25 23:12:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
[2008/11/29 23:50:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2009/03/08 03:14:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Propellerhead Software
[2009/10/29 03:24:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/06/17 22:40:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/11/29 23:28:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\acccore
[2008/11/30 02:16:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Applied Acoustics Systems
[2009/10/08 21:39:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\com.imeem.DesktopUploader.6C3F108F466C0F04F30B58747CAA4DF34281133B.1
[2009/07/25 23:14:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Digidesign
[2009/01/23 01:01:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\DisplayTune
[2009/03/16 22:19:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\eMusic
[2009/06/02 22:21:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\FileZilla
[2008/12/16 17:03:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\GetRightToGo
[2009/01/14 20:19:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Leadertech
[2009/07/25 23:12:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\PACE Anti-Piracy
[2009/03/08 03:14:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Propellerhead Software
[2009/03/21 21:43:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\SanDisk
[2008/11/30 02:01:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Steinberg
[2009/11/29 01:43:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\uTorrent
[2008/12/05 21:29:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Viewpoint
[2008/11/30 02:12:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Waves Audio
[2009/11/30 02:16:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\WeatherBug
[2009/12/01 14:11:48 | 00,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\agp440.sys
[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\agp440.sys

< MD5 for: ATAPI.SYS >
[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\atapi.sys
[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\atapi.sys
[2004/08/03 21:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2004/08/03 21:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2004/08/03 21:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 21:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\system32\DRIVERS\atapi.sys
[2004/08/03 17:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys
[2004/08/03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\i386\atapi.sys
[2004/08/03 21:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0027\DriverFiles\i386\atapi.sys
[2004/08/03 21:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0028\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\eventlog.dll
[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\eventlog.dll
[2006/02/28 06:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2006/02/28 06:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2006/02/28 06:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: IASTOR.SYS >
[2008/02/21 16:10:19 | 00,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\WINDOWS\NLDRV\003\iastor.sys
[2008/02/22 10:11:41 | 00,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\WINDOWS\NLDRV\005\iastor.sys
[2007/04/25 09:13:45 | 00,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\WINDOWS\NLDRV\001\iastor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\netlogon.dll
[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\netlogon.dll
[2009/02/06 13:46:09 | 00,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 13:46:09 | 00,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2006/02/28 06:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2006/02/28 06:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2006/02/28 06:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2006/02/28 06:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2006/02/28 06:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\dllcache\scecli.dll
[2006/02/28 06:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll
[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\scecli.dll
[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\scecli.dll

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 1306 bytes -> C:\Program Files\WindowsUpdate:YEjse8VqpGCY6zYAxc4ZM7xHIoMT
@Alternate Data Stream - 1223 bytes -> C:\Program Files\Common Files\Microsoft Shared:gkSoqRDQrpP9UnFCaMpXp5
@Alternate Data Stream - 1220 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:Ko07KgivPWGdvWqfeO7y0KwZm
@Alternate Data Stream - 1213 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:H6PpsVWEz4wVTsTGE9joXRRkfpA
@Alternate Data Stream - 1185 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:uEBHUxwBQBwhnwrsM
@Alternate Data Stream - 1160 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:PrNt97IWIqCWHYlE3Ir
@Alternate Data Stream - 1056 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:f9UsAUbJUZk99gjkDTYbNi37B
@Alternate Data Stream - 1048 bytes -> C:\Program Files\WindowsUpdate:WiVBGBaFbqOxTVa7u40a9pegukeE3
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C69EAC3C
< End of report >

-------------------------

Edited by dm305, 01 December 2009 - 03:08 PM.

  • 0

#12
hammerman
Posted 01 December 2009 - 03:13 PM

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Hi,

If you have any information on what Avast detected, could you please post it. Thanks
  • 0

#13
dm305
Posted 01 December 2009 - 03:54 PM

dm305

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

Hi,

If you have any information on what Avast detected, could you please post it. Thanks


Sure Thing... I am posting a screenshot of the chest, which has 7 files, below that a file called "warning.log" from the avast/log folder, and then another log file from that folder called aswAr.log. I hope they can be of use!

Posted Image

12/1/2009 2:26:36 PM 1259695596 Dave 1728 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\rpdjoctkj.sys.vir" file.
12/1/2009 2:27:34 PM 1259695654 Dave 1728 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\System Volume Information\_restore{3713EE44-C8DB-4CC0-8FAA-B74FA3314EF7}\RP456\A0185813.sys" file.
12/1/2009 3:23:45 PM 1259699025 Dave 1728 Sign of "Win32:Trojan-gen" has been found in "E:\New Folder\Everest Poker.exe\[Embedded_I#11e9a]\[UPX]" file.
12/1/2009 3:35:25 PM 1259699725 Dave 1728 Sign of "Win32:Trojan-gen" has been found in "E:\System Volume Information\_restore{3713EE44-C8DB-4CC0-8FAA-B74FA3314EF7}\RP457\A0186846.exe\[Embedded_I#11e9a]\[UPX]" file.


---------------------

avast! Antirootkit, version 1.0
Scan started: Tuesday, December 01, 2009 2:19:14 PM

Process [0]
Process [4]
Process C:\WINDOWS\system32\smss.exe [496]
Process C:\WINDOWS\system32\csrss.exe [764]
Process C:\WINDOWS\system32\winlogon.exe [800]
Process C:\WINDOWS\system32\services.exe [844]
Process C:\WINDOWS\system32\lsass.exe [856]
Process C:\WINDOWS\system32\ati2evxx.exe [1028]
Process C:\WINDOWS\system32\svchost.exe [1048]
Process C:\WINDOWS\system32\svchost.exe [1116]
Process C:\WINDOWS\system32\svchost.exe [1220]
Process C:\WINDOWS\system32\svchost.exe [1260]
Process C:\WINDOWS\system32\svchost.exe [1320]
Process C:\WINDOWS\system32\svchost.exe [1420]
Process C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [1520]
Process C:\WINDOWS\system32\ati2evxx.exe [1580]
Process C:\Program Files\Alwil Software\Avast4\ashServ.exe [1728]
Process C:\WINDOWS\system32\spoolsv.exe [2044]
Process C:\WINDOWS\system32\svchost.exe [280]
Process C:\WINDOWS\ATKKBService.exe [340]
Process C:\Program Files\Digidesign\Drivers\MMERefresh.exe [540]
Process C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe [552]
Process C:\Program Files\Java\jre6\bin\jqs.exe [588]
Process C:\WINDOWS\system32\svchost.exe [640]
Process C:\Program Files\Viewpoint\Common\ViewpointService.exe [712]
Process C:\WINDOWS\system32\WgaTray.exe [1472]
Process C:\WINDOWS\explorer.exe [1484]
Process C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe [2324]
Process C:\Program Files\PowerISO\PWRISOVM.EXE [2332]
Process C:\Program Files\Syncrosoft\POS\H2O\cledx.exe [2344]
Process C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe [2360]
Process C:\WINDOWS\system32\mafwTray.exe [2388]
Process C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2412]
Process C:\Program Files\Java\jre6\bin\jusched.exe [2484]
Process C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2508]
Process C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2516]
Process C:\Program Files\AIM6\aim6.exe [2528]
Process C:\Program Files\AWS\WeatherBug\Weather.exe [2712]
Process C:\WINDOWS\system32\alg.exe [2936]
Process C:\WINDOWS\system32\ctfmon.exe [2968]
Process C:\Program Files\AIM6\aolsoftware.exe [3528]
Process C:\PROGRA~1\MOZILL~1\firefox.exe [3828]
Process C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [660]
Process C:\WINDOWS\system32\wbem\wmiprvse.exe [1692]
Disk 0 MBR
File C:\WINDOWS\system32\Drivers\1394bus.sys
File C:\WINDOWS\system32\Drivers\aavmker4.sys
File C:\WINDOWS\system32\Drivers\acpi.sys
File C:\WINDOWS\system32\Drivers\acpiec.sys
File C:\WINDOWS\system32\Drivers\aec.sys
File C:\WINDOWS\system32\Drivers\afd.sys
File C:\WINDOWS\system32\Drivers\amdk6.sys
File C:\WINDOWS\system32\Drivers\amdk7.sys
File C:\WINDOWS\system32\Drivers\arp1394.sys
File C:\WINDOWS\system32\Drivers\ASACPI.sys
File C:\WINDOWS\system32\Drivers\AsInsHelp32.sys
File C:\WINDOWS\system32\Drivers\AsInsHelp64.sys
File C:\WINDOWS\system32\Drivers\AsIO.sys
File C:\WINDOWS\system32\Drivers\ASUSHWIO.SYS
File C:\WINDOWS\system32\Drivers\aswFsBlk.sys
File C:\WINDOWS\system32\Drivers\aswmon.sys
File C:\WINDOWS\system32\Drivers\aswmon2.sys
File C:\WINDOWS\system32\Drivers\aswRdr.sys
File C:\WINDOWS\system32\Drivers\aswSP.sys
File C:\WINDOWS\system32\Drivers\aswTdi.sys
File C:\WINDOWS\system32\Drivers\asyncmac.sys
File C:\WINDOWS\system32\Drivers\atapi.sys
File C:\WINDOWS\system32\Drivers\ati2erec.dll
File C:\WINDOWS\system32\Drivers\ati2mtag.sys
File C:\WINDOWS\system32\Drivers\ativcaxx.cpa
File C:\WINDOWS\system32\Drivers\ativcaxx.vp
File C:\WINDOWS\system32\Drivers\ativckxx.vp
File C:\WINDOWS\system32\Drivers\ativvpxx.vp
File C:\WINDOWS\system32\Drivers\atkkbnt.sys
File C:\WINDOWS\system32\Drivers\atmarpc.sys
File C:\WINDOWS\system32\Drivers\atmepvc.sys
File C:\WINDOWS\system32\Drivers\atmlane.sys
File C:\WINDOWS\system32\Drivers\atmuni.sys
File C:\WINDOWS\system32\Drivers\audstub.sys
File C:\WINDOWS\system32\Drivers\beep.sys
File C:\WINDOWS\system32\Drivers\Bravo_a.sys
File C:\WINDOWS\system32\Drivers\Bravo_n.sys
File C:\WINDOWS\system32\Drivers\bridge.sys
File C:\WINDOWS\system32\Drivers\bthport.sys
File C:\WINDOWS\system32\Drivers\cbidf2k.sys
File C:\WINDOWS\system32\Drivers\CCDECODE.sys
File C:\WINDOWS\system32\Drivers\cdaudio.sys
File C:\WINDOWS\system32\Drivers\cdfs.sys
File C:\WINDOWS\system32\Drivers\cdr4_xp.sys
File C:\WINDOWS\system32\Drivers\cdralw2k.sys
File C:\WINDOWS\system32\Drivers\cdrom.sys
File C:\WINDOWS\system32\Drivers\cinemst2.sys
File C:\WINDOWS\system32\Drivers\classpnp.sys
File C:\WINDOWS\system32\Drivers\cledx.sys
File C:\WINDOWS\system32\Drivers\cpqdap01.sys
File C:\WINDOWS\system32\Drivers\crusoe.sys
File C:\WINDOWS\system32\Drivers\DigiFilt.sys
File C:\WINDOWS\system32\Drivers\disdn
File C:\WINDOWS\system32\Drivers\disk.sys
File C:\WINDOWS\system32\Drivers\diskdump.sys
File C:\WINDOWS\system32\Drivers\dmboot.sys
File C:\WINDOWS\system32\Drivers\dmio.sys
File C:\WINDOWS\system32\Drivers\dmload.sys
File C:\WINDOWS\system32\Drivers\DMusic.sys
File C:\WINDOWS\system32\Drivers\drmk.sys
File C:\WINDOWS\system32\Drivers\drmkaud.sys
File C:\WINDOWS\system32\Drivers\dxapi.sys
File C:\WINDOWS\system32\Drivers\dxg.sys
File C:\WINDOWS\system32\Drivers\dxgthk.sys
File C:\WINDOWS\system32\Drivers\EIO.sys
File C:\WINDOWS\system32\Drivers\enum1394.sys
File C:\WINDOWS\system32\Drivers\etc
File C:\WINDOWS\system32\Drivers\etc\hosts
File C:\WINDOWS\system32\Drivers\etc\lmhosts.sam
File C:\WINDOWS\system32\Drivers\etc\networks
File C:\WINDOWS\system32\Drivers\etc\protocol
File C:\WINDOWS\system32\Drivers\etc\services
File C:\WINDOWS\system32\Drivers\fastfat.sys
File C:\WINDOWS\system32\Drivers\fdc.sys
File C:\WINDOWS\system32\Drivers\fips.sys
File C:\WINDOWS\system32\Drivers\flpydisk.sys
File C:\WINDOWS\system32\Drivers\fltmgr.sys
File C:\WINDOWS\system32\Drivers\fsvga.sys
File C:\WINDOWS\system32\Drivers\fs_rec.sys
File C:\WINDOWS\system32\Drivers\ftdisk.sys
File C:\WINDOWS\system32\Drivers\fw1814.bcd
File C:\WINDOWS\system32\Drivers\fw410.bcd
File C:\WINDOWS\system32\Drivers\fwadat.bcd
File C:\WINDOWS\system32\Drivers\fwap.bcd
File C:\WINDOWS\system32\Drivers\fwsolo.bcd
File C:\WINDOWS\system32\Drivers\gm.dls
File C:\WINDOWS\system32\Drivers\gmreadme.txt
File C:\WINDOWS\system32\Drivers\Hdaudbus.sys
File C:\WINDOWS\system32\Drivers\Hdaudio.sys
File C:\WINDOWS\system32\Drivers\hidclass.sys
File C:\WINDOWS\system32\Drivers\hidparse.sys
File C:\WINDOWS\system32\Drivers\hidusb.sys
File C:\WINDOWS\system32\Drivers\http.sys
File C:\WINDOWS\system32\Drivers\i8042prt.sys
File C:\WINDOWS\system32\Drivers\iLokDrvr.sys
File C:\WINDOWS\system32\Drivers\imagedrv.sys
File C:\WINDOWS\system32\Drivers\imagesrv.sys
File C:\WINDOWS\system32\Drivers\imapi.sys
File C:\WINDOWS\system32\Drivers\INF
File C:\WINDOWS\system32\Drivers\INF\oem0.inf
File C:\WINDOWS\system32\Drivers\INF\oem0.PNF
File C:\WINDOWS\system32\Drivers\INF\oem16.inf
File C:\WINDOWS\system32\Drivers\INF\oem16.PNF
File C:\WINDOWS\system32\Drivers\INF\oem17.inf
File C:\WINDOWS\system32\Drivers\INF\oem17.PNF
File C:\WINDOWS\system32\Drivers\INF\oem18.inf
File C:\WINDOWS\system32\Drivers\INF\oem18.PNF
File C:\WINDOWS\system32\Drivers\INF\oem19.inf
File C:\WINDOWS\system32\Drivers\INF\oem19.PNF
File C:\WINDOWS\system32\Drivers\INF\oem20.inf
File C:\WINDOWS\system32\Drivers\INF\oem20.PNF
File C:\WINDOWS\system32\Drivers\intelppm.sys
File C:\WINDOWS\system32\Drivers\ip6fw.sys
File C:\WINDOWS\system32\Drivers\ipfltdrv.sys
File C:\WINDOWS\system32\Drivers\ipinip.sys
File C:\WINDOWS\system32\Drivers\ipnat.sys
File C:\WINDOWS\system32\Drivers\ipsec.sys
File C:\WINDOWS\system32\Drivers\irenum.sys
File C:\WINDOWS\system32\Drivers\isapnp.sys
File C:\WINDOWS\system32\Drivers\kbdclass.sys
File C:\WINDOWS\system32\Drivers\kbdhid.sys
File C:\WINDOWS\system32\Drivers\kmixer.sys
File C:\WINDOWS\system32\Drivers\ks.sys
File C:\WINDOWS\system32\Drivers\ksecdd.sys
File C:\WINDOWS\system32\Drivers\l1e51x86.sys
File C:\WINDOWS\system32\Drivers\mafw.sys
File C:\WINDOWS\system32\Drivers\mbam.sys
File C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
File C:\WINDOWS\system32\Drivers\mcd.sys
File C:\WINDOWS\system32\Drivers\mf.sys
File C:\WINDOWS\system32\Drivers\mnmdd.sys
File C:\WINDOWS\system32\Drivers\modem.sys
File C:\WINDOWS\system32\Drivers\mouclass.sys
File C:\WINDOWS\system32\Drivers\mouhid.sys
File C:\WINDOWS\system32\Drivers\mountmgr.sys
File C:\WINDOWS\system32\Drivers\mqac.sys
File C:\WINDOWS\system32\Drivers\mrxdav.sys
File C:\WINDOWS\system32\Drivers\mrxsmb.sys
File C:\WINDOWS\system32\Drivers\msfs.sys
File C:\WINDOWS\system32\Drivers\msgpc.sys
File C:\WINDOWS\system32\Drivers\MSKSSRV.sys
File C:\WINDOWS\system32\Drivers\MSPCLOCK.sys
File C:\WINDOWS\system32\Drivers\MSPQM.sys
File C:\WINDOWS\system32\Drivers\mssmbios.sys
File C:\WINDOWS\system32\Drivers\MSTEE.sys
File C:\WINDOWS\system32\Drivers\mup.sys
File C:\WINDOWS\system32\Drivers\NABTSFEC.sys
File C:\WINDOWS\system32\Drivers\ndis.sys
File C:\WINDOWS\system32\Drivers\NdisIP.sys
File C:\WINDOWS\system32\Drivers\ndistapi.sys
File C:\WINDOWS\system32\Drivers\ndisuio.sys
File C:\WINDOWS\system32\Drivers\ndiswan.sys
File C:\WINDOWS\system32\Drivers\ndproxy.sys
File C:\WINDOWS\system32\Drivers\netbios.sys
File C:\WINDOWS\system32\Drivers\netbt.sys
File C:\WINDOWS\system32\Drivers\nic1394.sys
File C:\WINDOWS\system32\Drivers\nikedrv.sys
File C:\WINDOWS\system32\Drivers\nmnt.sys
File C:\WINDOWS\system32\Drivers\npfs.sys
File C:\WINDOWS\system32\Drivers\nrv10.bcd
File C:\WINDOWS\system32\Drivers\ntfs.sys
File C:\WINDOWS\system32\Drivers\null.sys
File C:\WINDOWS\system32\Drivers\nwlnkflt.sys
File C:\WINDOWS\system32\Drivers\nwlnkfwd.sys
File C:\WINDOWS\system32\Drivers\nwlnkipx.sys
File C:\WINDOWS\system32\Drivers\nwlnknb.sys
File C:\WINDOWS\system32\Drivers\nwlnkspx.sys
File C:\WINDOWS\system32\Drivers\nwrdr.sys
File C:\WINDOWS\system32\Drivers\ohci1394.sys
File C:\WINDOWS\system32\Drivers\oprghdlr.sys
File C:\WINDOWS\system32\Drivers\ozonic.bcd
File C:\WINDOWS\system32\Drivers\p3.sys
File C:\WINDOWS\system32\Drivers\parport.sys
File C:\WINDOWS\system32\Drivers\partmgr.sys
File C:\WINDOWS\system32\Drivers\parvdm.sys
File C:\WINDOWS\system32\Drivers\pci.sys
File C:\WINDOWS\system32\Drivers\pciide.sys
File C:\WINDOWS\system32\Drivers\pciidex.sys
File C:\WINDOWS\system32\Drivers\pcmcia.sys
File C:\WINDOWS\system32\Drivers\pdiddcci.sys
File C:\WINDOWS\system32\Drivers\PdiPorts.sys
File C:\WINDOWS\system32\Drivers\PFC027.SYS
File C:\WINDOWS\system32\Drivers\portcls.sys
File C:\WINDOWS\system32\Drivers\processr.sys
File C:\WINDOWS\system32\Drivers\projectMix.bcd
File C:\WINDOWS\system32\Drivers\psched.sys
File C:\WINDOWS\system32\Drivers\ptilink.sys
File C:\WINDOWS\system32\Drivers\PxHelp20.sys
File C:\WINDOWS\system32\Drivers\rasacd.sys
File C:\WINDOWS\system32\Drivers\rasl2tp.sys
File C:\WINDOWS\system32\Drivers\raspppoe.sys
File C:\WINDOWS\system32\Drivers\raspptp.sys
File C:\WINDOWS\system32\Drivers\raspti.sys
File C:\WINDOWS\system32\Drivers\rawwan.sys
File C:\WINDOWS\system32\Drivers\rdbss.sys
File C:\WINDOWS\system32\Drivers\rdpcdd.sys
File C:\WINDOWS\system32\Drivers\rdpdr.sys
File C:\WINDOWS\system32\Drivers\rdpwd.sys
File C:\WINDOWS\system32\Drivers\redbook.sys
File C:\WINDOWS\system32\Drivers\rio8drv.sys
File C:\WINDOWS\system32\Drivers\riodrv.sys
File C:\WINDOWS\system32\Drivers\rmcast.sys
File C:\WINDOWS\system32\Drivers\rndismp.sys
File C:\WINDOWS\system32\Drivers\rootmdm.sys
File C:\WINDOWS\system32\Drivers\Rtenicxp.sys
File C:\WINDOWS\system32\Drivers\scdemu.sys
File C:\WINDOWS\system32\Drivers\scsiport.sys
File C:\WINDOWS\system32\Drivers\sdbus.sys
File C:\WINDOWS\system32\Drivers\secdrv.sys
File C:\WINDOWS\system32\Drivers\serenum.sys
File C:\WINDOWS\system32\Drivers\serial.sys
File C:\WINDOWS\system32\Drivers\sffdisk.sys
File C:\WINDOWS\system32\Drivers\sffp_sd.sys
File C:\WINDOWS\system32\Drivers\sfloppy.sys
File C:\WINDOWS\system32\Drivers\SLIP.sys
File C:\WINDOWS\system32\Drivers\smclib.sys
File C:\WINDOWS\system32\Drivers\sonydcam.sys
File C:\WINDOWS\system32\Drivers\splitter.sys
File C:\WINDOWS\system32\Drivers\sr.sys
File C:\WINDOWS\system32\Drivers\srv.sys
File C:\WINDOWS\system32\Drivers\stream.sys
File C:\WINDOWS\system32\Drivers\StreamIP.sys
File C:\WINDOWS\system32\Drivers\swenum.sys
File C:\WINDOWS\system32\Drivers\swmidi.sys
File C:\WINDOWS\system32\Drivers\SynasUSB.sys
File C:\WINDOWS\system32\Drivers\sysaudio.sys
File C:\WINDOWS\system32\Drivers\system32
File C:\WINDOWS\system32\Drivers\system32\DRIVERS
File C:\WINDOWS\system32\Drivers\system32\DRIVERS\atapi.sys
File C:\WINDOWS\system32\Drivers\system32\DRIVERS\isapnp.sys
File C:\WINDOWS\system32\Drivers\system32\DRIVERS\pci.sys
File C:\WINDOWS\system32\Drivers\system32\DRIVERS\pciide.sys
File C:\WINDOWS\system32\Drivers\system32\DRIVERS\pciidex.sys
File C:\WINDOWS\system32\Drivers\system32\DRIVERS\usbhub.sys
File C:\WINDOWS\system32\Drivers\system32\DRIVERS\usbport.sys
File C:\WINDOWS\system32\Drivers\system32\DRIVERS\usbuhci.sys
File C:\WINDOWS\system32\Drivers\system32\usbui.dll
File C:\WINDOWS\system32\Drivers\tape.sys
File C:\WINDOWS\system32\Drivers\TCPIP.SYS
File C:\WINDOWS\system32\Drivers\TCPIP.SYS.ORIGINAL
File C:\WINDOWS\system32\Drivers\tcpip6.sys
File C:\WINDOWS\system32\Drivers\tdi.sys
File C:\WINDOWS\system32\Drivers\tdpipe.sys
File C:\WINDOWS\system32\Drivers\tdtcp.sys
File C:\WINDOWS\system32\Drivers\termdd.sys
File C:\WINDOWS\system32\Drivers\tosdvd.sys
File C:\WINDOWS\system32\Drivers\TPkd.sys
File C:\WINDOWS\system32\Drivers\tsbvcap.sys
File C:\WINDOWS\system32\Drivers\tunmp.sys
File C:\WINDOWS\system32\Drivers\udfs.sys
File C:\WINDOWS\system32\Drivers\UMDF
File C:\WINDOWS\system32\Drivers\UMDF\MsftWdf_user_01_00_00.Wdf
File C:\WINDOWS\system32\Drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf
File C:\WINDOWS\system32\Drivers\UMDF\wpdmtpdr.dll
File C:\WINDOWS\system32\Drivers\update.sys
File C:\WINDOWS\system32\Drivers\usb8023.sys
File C:\WINDOWS\system32\Drivers\usbcamd.sys
File C:\WINDOWS\system32\Drivers\usbcamd2.sys
File C:\WINDOWS\system32\Drivers\usbd.sys
File C:\WINDOWS\system32\Drivers\usbehci.sys
File C:\WINDOWS\system32\Drivers\usbhub.sys
File C:\WINDOWS\system32\Drivers\usbintel.sys
File C:\WINDOWS\system32\Drivers\usbport.sys
File C:\WINDOWS\system32\Drivers\usbprint.sys
File C:\WINDOWS\system32\Drivers\usbscan.sys
File C:\WINDOWS\system32\Drivers\USBSTOR.SYS
File C:\WINDOWS\system32\Drivers\usbuhci.sys
File C:\WINDOWS\system32\Drivers\vdmindvd.sys
File C:\WINDOWS\system32\Drivers\vga.sys
File C:\WINDOWS\system32\Drivers\videoprt.sys
File C:\WINDOWS\system32\Drivers\volsnap.sys
File C:\WINDOWS\system32\Drivers\wanarp.sys
File C:\WINDOWS\system32\Drivers\wdmaud.sys
File C:\WINDOWS\system32\Drivers\WmBEnum.sys
File C:\WINDOWS\system32\Drivers\WmFilter.sys
File C:\WINDOWS\system32\Drivers\wmilib.sys
File C:\WINDOWS\system32\Drivers\WmVirHid.sys
File C:\WINDOWS\system32\Drivers\WmXlCore.sys
File C:\WINDOWS\system32\Drivers\wpdusb.sys
File C:\WINDOWS\system32\Drivers\ws2ifsl.sys
File C:\WINDOWS\system32\Drivers\WSTCODEC.SYS
File C:\WINDOWS\system32\Drivers\WudfPf.sys
File C:\WINDOWS\system32\Drivers\WudfRd.sys
Service .NET CLR Data [???]
Service .NET CLR Networking [???]
Service .NET Data Provider for Oracle [???]
Service .NET Data Provider for SqlServer [???]
Service .NETFramework [???]
Service Aavmker4 [C:\WINDOWS\System32\Drivers\Aavmker4.sys]
Service Abiosdsk [C:\WINDOWS\System32\Drivers\Abiosdsk.sys]
Service abp480n5 [C:\WINDOWS\System32\Drivers\abp480n5.sys]
Service acap2000 [???]
Service ACPI [C:\WINDOWS\system32\DRIVERS\ACPI.sys]
Service ACPIEC [C:\WINDOWS\System32\Drivers\ACPIEC.sys]
Service adpu160m [C:\WINDOWS\System32\Drivers\adpu160m.sys]
Service aec [C:\WINDOWS\system32\drivers\aec.sys]
Service AFD [C:\WINDOWS\System32\drivers\afd.sys]
Service Aha154x [C:\WINDOWS\System32\Drivers\Aha154x.sys]
Service aic78u2 [C:\WINDOWS\System32\Drivers\aic78u2.sys]
Service aic78xx [C:\WINDOWS\System32\Drivers\aic78xx.sys]
Service Alerter [C:\WINDOWS\system32\alrsvc.dll]
Service ALG [C:\WINDOWS\System32\alg.exe]
Service AliIde [C:\WINDOWS\System32\Drivers\AliIde.sys]
Service amsint [C:\WINDOWS\System32\Drivers\amsint.sys]
Service AppMgmt [C:\WINDOWS\System32\appmgmts.dll]
Service Arp1394 [C:\WINDOWS\system32\DRIVERS\arp1394.sys]
Service asc [C:\WINDOWS\System32\Drivers\asc.sys]
Service asc3350p [C:\WINDOWS\System32\Drivers\asc3350p.sys]
Service asc3550 [C:\WINDOWS\System32\Drivers\asc3550.sys]
Service AsIO [C:\WINDOWS\system32\drivers\AsIO.sys]
Service ASP.NET [???]
Service ASP.NET_1.1.4322 [???]
Service ASP.NET_2.0.50727 [???]
Service aspnet_state [C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe]
Service asuskbnt [C:\WINDOWS\system32\drivers\atkkbnt.sys]
Service aswFsBlk [C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys]
Service aswMon2 [C:\WINDOWS\System32\Drivers\aswMon2.sys]
Service aswRdr [C:\WINDOWS\System32\Drivers\aswRdr.sys]
Service aswSP [C:\WINDOWS\System32\Drivers\aswSP.sys]
Service aswTdi [C:\WINDOWS\System32\Drivers\aswTdi.sys]
Service aswUpdSv [C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe]
Service AsyncMac [C:\WINDOWS\system32\DRIVERS\asyncmac.sys]
Service atapi [C:\WINDOWS\system32\DRIVERS\atapi.sys]
Service Atdisk [C:\WINDOWS\System32\Drivers\Atdisk.sys]
Service Ati HotKey Poller [C:\WINDOWS\system32\Ati2evxx.exe]
Service ATI Smart [C:\WINDOWS\system32\ati2sgag.exe]
Service ati2mtag [C:\WINDOWS\system32\DRIVERS\ati2mtag.sys]
Service Atierecord [???]
Service ATKKeyboardService [C:\WINDOWS\ATKKBService.exe]
Service Atmarpc [C:\WINDOWS\system32\DRIVERS\atmarpc.sys]
Service AudioSrv [C:\WINDOWS\System32\audiosrv.dll]
Service audstub [C:\WINDOWS\system32\DRIVERS\audstub.sys]
Service avast! Antivirus [C:\Program Files\Alwil Software\Avast4\ashServ.exe]
Service avast! Mail Scanner [C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe]
Service avast! Web Scanner [C:\Program Files\Alwil Software\Avast4\ashWebSv.exe]
Service BattC [???]
Service Beep [C:\WINDOWS\System32\Drivers\Beep.sys]
Service BITS [C:\WINDOWS\system32\qmgr.dll]
Service Browser [C:\WINDOWS\System32\browser.dll]
Service catchme [C:\Combo-Fix\catchme.sys]
Service cbidf2k [C:\WINDOWS\System32\Drivers\cbidf2k.sys]
Service CCDECODE [C:\WINDOWS\system32\DRIVERS\CCDECODE.sys]
Service cd20xrnt [C:\WINDOWS\System32\Drivers\cd20xrnt.sys]
Service Cdaudio [C:\WINDOWS\System32\Drivers\Cdaudio.sys]
Service Cdfs [C:\WINDOWS\System32\Drivers\Cdfs.sys]
Service Cdrom [C:\WINDOWS\system32\DRIVERS\cdrom.sys]
Service Changer [C:\WINDOWS\System32\Drivers\Changer.sys]
Service CiSvc [C:\WINDOWS\system32\cisvc.exe]
Service CLEDX [C:\WINDOWS\system32\DRIVERS\cledx.sys]
Service ClipSrv [C:\WINDOWS\system32\clipsrv.exe]
Service clr_optimization_v2.0.50727_32 [C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe]
Service CmdIde [C:\WINDOWS\System32\Drivers\CmdIde.sys]
Service COMSysApp [C:\WINDOWS\system32\dllhost.exe]
Service ContentFilter [???]
Service ContentIndex [???]
Service Cpqarray [C:\WINDOWS\System32\Drivers\Cpqarray.sys]
Service CryptSvc [C:\WINDOWS\System32\cryptsvc.dll]
Service dac2w2k [C:\WINDOWS\System32\Drivers\dac2w2k.sys]
Service dac960nt [C:\WINDOWS\System32\Drivers\dac960nt.sys]
Service DcomLaunch [C:\WINDOWS\system32\svchost]
Service Dhcp [C:\WINDOWS\System32\dhcpcsvc.dll]
Service DigiFilter [C:\WINDOWS\system32\drivers\DigiFilt.sys]
Service DigiRefresh [C:\Program Files\Digidesign\Drivers\MMERefresh.exe]
Service digiSPTIService [C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe]
Service Disk [C:\WINDOWS\system32\DRIVERS\disk.sys]
Service dmadmin [C:\WINDOWS\System32\dmadmin.exe]
Service dmboot [C:\WINDOWS\System32\drivers\dmboot.sys]
Service dmio [C:\WINDOWS\System32\drivers\dmio.sys]
Service dmload [C:\WINDOWS\System32\drivers\dmload.sys]
Service dmserver [C:\WINDOWS\System32\dmserver.dll]
Service DMusic [C:\WINDOWS\system32\drivers\DMusic.sys]
Service Dnscache [C:\WINDOWS\System32\dnsrslvr.dll]
Service dpti2o [C:\WINDOWS\System32\Drivers\dpti2o.sys]
Service drmkaud [C:\WINDOWS\system32\drivers\drmkaud.sys]
Service DTSRVC [C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe]
Service EIO [C:\WINDOWS\system32\drivers\EIO.sys]
Service ERSvc [C:\WINDOWS\System32\ersvc.dll]
Service Eventlog [C:\WINDOWS\system32\services.exe]
Service EventSystem [C:\WINDOWS\system32\es.dll]
Service ExpresFC [???]
Service Fastfat [C:\WINDOWS\System32\Drivers\Fastfat.sys]
Service FastUserSwitchingCompatibility [C:\WINDOWS\System32\shsvcs.dll]
Service Fdc [C:\WINDOWS\system32\DRIVERS\fdc.sys]
Service Fips [C:\WINDOWS\System32\Drivers\Fips.sys]
Service Flpydisk [C:\WINDOWS\system32\DRIVERS\flpydisk.sys]
Service FltMgr [C:\WINDOWS\system32\DRIVERS\fltMgr.sys]
Service FontCache3.0.0.0 [c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe]
Service fsdk-wrap [???]
Service Fs_Rec [C:\WINDOWS\System32\Drivers\Fs_Rec.sys]
Service Ftdisk [C:\WINDOWS\system32\DRIVERS\ftdisk.sys]
Service Gpc [C:\WINDOWS\system32\DRIVERS\msgpc.sys]
Service helpsvc [C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll]
Service HidServ [C:\WINDOWS\System32\hidserv.dll]
Service hidusb [C:\WINDOWS\system32\DRIVERS\hidusb.sys]
Service hpn [C:\WINDOWS\System32\Drivers\hpn.sys]
Service HTTP [C:\WINDOWS\System32\Drivers\HTTP.sys]
Service HTTPFilter [C:\WINDOWS\System32\w3ssl.dll]
Service i2omgmt [C:\WINDOWS\System32\Drivers\i2omgmt.sys]
Service i2omp [C:\WINDOWS\System32\Drivers\i2omp.sys]
Service i8042prt [C:\WINDOWS\system32\DRIVERS\i8042prt.sys]
Service iaStor [???]
Service idsvc [C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe]
Service Imapi [C:\WINDOWS\system32\DRIVERS\imapi.sys]
Service ImapiService [C:\WINDOWS\system32\imapi.exe]
Service inetaccs [???]
Service ini910u [C:\WINDOWS\System32\Drivers\ini910u.sys]
Service Inport [???]
Service IntelIde [C:\WINDOWS\System32\Drivers\IntelIde.sys]
Service intelppm [C:\WINDOWS\system32\DRIVERS\intelppm.sys]
Service Ip6Fw [C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys]
Service IpFilterDriver [C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys]
Service IpInIp [C:\WINDOWS\system32\DRIVERS\ipinip.sys]
Service IpNat [C:\WINDOWS\system32\DRIVERS\ipnat.sys]
Service IPSec [C:\WINDOWS\system32\DRIVERS\ipsec.sys]
Service IRENUM [C:\WINDOWS\system32\DRIVERS\irenum.sys]
Service ISAPISearch [???]
Service isapnp [C:\WINDOWS\system32\DRIVERS\isapnp.sys]
Service JavaQuickStarterService [C:\Program Files\Java\jre6\bin\jqs.exe]
Service Kbdclass [C:\WINDOWS\system32\DRIVERS\kbdclass.sys]
Service kbdhid [C:\WINDOWS\system32\DRIVERS\kbdhid.sys]
Service kmixer [C:\WINDOWS\system32\drivers\kmixer.sys]
Service KSecDD [C:\WINDOWS\System32\Drivers\KSecDD.sys]
Service L1e [C:\WINDOWS\system32\DRIVERS\l1e51x86.sys]
Service lanmanserver [C:\WINDOWS\System32\srvsvc.dll]
Service lanmanworkstation [C:\WINDOWS\System32\wkssvc.dll]
Service lbrtfdc [C:\WINDOWS\System32\Drivers\lbrtfdc.sys]
Service ldap [???]
Service LicenseService [???]
Service LmHosts [C:\WINDOWS\System32\lmhsvc.dll]
Service lpxnds [???]
Service MADFUUSB [???]
Service MAFW [C:\WINDOWS\system32\DRIVERS\mafw.sys]
Service MBAMSwissArmy [C:\WINDOWS\system32\drivers\mbamswissarmy.sys]
Service MCSTRM [C:\WINDOWS\System32\Drivers\MCSTRM.sys]
Service Messenger [C:\WINDOWS\System32\msgsvc.dll]
Service mnmdd [C:\WINDOWS\System32\Drivers\mnmdd.sys]
Service mnmsrvc [C:\WINDOWS\system32\mnmsrvc.exe]
Service Modem [C:\WINDOWS\System32\Drivers\Modem.sys]
Service Mouclass [C:\WINDOWS\system32\DRIVERS\mouclass.sys]
Service mouhid [C:\WINDOWS\system32\DRIVERS\mouhid.sys]
Service MountMgr [C:\WINDOWS\System32\Drivers\MountMgr.sys]
Service mraid35x [C:\WINDOWS\System32\Drivers\mraid35x.sys]
Service MRxDAV [C:\WINDOWS\system32\DRIVERS\mrxdav.sys]
Service MRxSmb [C:\WINDOWS\system32\DRIVERS\mrxsmb.sys]
Service MSDTC [C:\WINDOWS\system32\msdtc.exe]
Service MSDTC Bridge 3.0.0.0 [???]
Service Msfs [C:\WINDOWS\System32\Drivers\Msfs.sys]
Service MSIServer [C:\WINDOWS\system32\msiexec.exe]
Service MSKSSRV [C:\WINDOWS\system32\drivers\MSKSSRV.sys]
Service MSPCLOCK [C:\WINDOWS\system32\drivers\MSPCLOCK.sys]
Service MSPQM [C:\WINDOWS\system32\drivers\MSPQM.sys]
Service mssmbios [C:\WINDOWS\system32\DRIVERS\mssmbios.sys]
Service MSTEE [C:\WINDOWS\system32\drivers\MSTEE.sys]
Service MTsensor [C:\WINDOWS\system32\DRIVERS\ASACPI.sys]
Service Mup [C:\WINDOWS\System32\Drivers\Mup.sys]
Service NABTSFEC [C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys]
Service NDIS [C:\WINDOWS\System32\Drivers\NDIS.sys]
Service NdisIP [C:\WINDOWS\system32\DRIVERS\NdisIP.sys]
Service NdisTapi [C:\WINDOWS\system32\DRIVERS\ndistapi.sys]
Service Ndisuio [C:\WINDOWS\system32\DRIVERS\ndisuio.sys]
Service NdisWan [C:\WINDOWS\system32\DRIVERS\ndiswan.sys]
Service NDProxy [C:\WINDOWS\System32\Drivers\NDProxy.sys]
Service Nero BackItUp Scheduler 4.0 [C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe]
Service NetBIOS [C:\WINDOWS\system32\DRIVERS\netbios.sys]
Service NetBT [C:\WINDOWS\system32\DRIVERS\netbt.sys]
Service NetDDE [C:\WINDOWS\system32\netdde.exe]
Service NetDDEdsdm [C:\WINDOWS\system32\netdde.exe]
Service Netlogon [C:\WINDOWS\system32\lsass.exe]
Service Netman [C:\WINDOWS\System32\netman.dll]
Service NetTcpPortSharing [C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe]
Service NIC1394 [C:\WINDOWS\system32\DRIVERS\nic1394.sys]
Service Nla [C:\WINDOWS\System32\mswsock.dll]
Service Npfs [C:\WINDOWS\System32\Drivers\Npfs.sys]
Service Nsynas32 [C:\WINDOWS\System32\Drivers\Nsynas32.sys]
Service Ntfs [C:\WINDOWS\System32\Drivers\Ntfs.sys]
Service NtLmSsp [C:\WINDOWS\system32\lsass.exe]
Service NtmsSvc [C:\WINDOWS\system32\ntmssvc.dll]
Service Null [C:\WINDOWS\System32\Drivers\Null.sys]
Service NwlnkFlt [C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys]
Service NwlnkFwd [C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys]
Service odserv [C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE]
Service ohci1394 [C:\WINDOWS\system32\DRIVERS\ohci1394.sys]
Service ose [C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE]
Service PAC207 [C:\WINDOWS\system32\DRIVERS\PFC027.SYS]
Service Parport [C:\WINDOWS\system32\DRIVERS\parport.sys]
Service PartMgr [C:\WINDOWS\System32\Drivers\PartMgr.sys]
Service ParVdm [C:\WINDOWS\System32\Drivers\ParVdm.sys]
Service PCI [C:\WINDOWS\system32\DRIVERS\pci.sys]
Service PCIDump [C:\WINDOWS\System32\Drivers\PCIDump.sys]
Service PCIIde [C:\WINDOWS\system32\DRIVERS\pciide.sys]
Service Pcmcia [C:\WINDOWS\System32\Drivers\Pcmcia.sys]
Service PDCOMP [C:\WINDOWS\System32\Drivers\PDCOMP.sys]
Service PDFRAME [C:\WINDOWS\System32\Drivers\PDFRAME.sys]
Service pdiddcci [C:\WINDOWS\System32\DRIVERS\pdiddcci.sys]
Service PdiPorts [C:\WINDOWS\System32\Drivers\PdiPorts.sys]
Service PDRELI [C:\WINDOWS\System32\Drivers\PDRELI.sys]
Service PDRFRAME [C:\WINDOWS\System32\Drivers\PDRFRAME.sys]
Service perc2 [C:\WINDOWS\System32\Drivers\perc2.sys]
Service perc2hib [C:\WINDOWS\System32\Drivers\perc2hib.sys]
Service PerfDisk [???]
Service PerfNet [???]
Service PerfOS [???]
Service PerfProc [???]
Service PlugPlay [C:\WINDOWS\system32\services.exe]
Service PolicyAgent [C:\WINDOWS\system32\lsass.exe]
Service PptpMiniport [C:\WINDOWS\system32\DRIVERS\raspptp.sys]
Service ProtectedStorage [C:\WINDOWS\system32\lsass.exe]
Service PSched [C:\WINDOWS\system32\DRIVERS\psched.sys]
Service Ptilink [C:\WINDOWS\system32\DRIVERS\ptilink.sys]
Service PxHelp20 [C:\WINDOWS\System32\Drivers\PxHelp20.sys]
Service ql1080 [C:\WINDOWS\System32\Drivers\ql1080.sys]
Service Ql10wnt [C:\WINDOWS\System32\Drivers\Ql10wnt.sys]
Service ql12160 [C:\WINDOWS\System32\Drivers\ql12160.sys]
Service ql1240 [C:\WINDOWS\System32\Drivers\ql1240.sys]
Service ql1280 [C:\WINDOWS\System32\Drivers\ql1280.sys]
Service RasAcd [C:\WINDOWS\system32\DRIVERS\rasacd.sys]
Service RasAuto [C:\WINDOWS\System32\rasauto.dll]
Service Rasl2tp [C:\WINDOWS\system32\DRIVERS\rasl2tp.sys]
Service RasMan [C:\WINDOWS\System32\rasmans.dll]
Service RasPppoe [C:\WINDOWS\system32\DRIVERS\raspppoe.sys]
Service Raspti [C:\WINDOWS\system32\DRIVERS\raspti.sys]
Service Rdbss [C:\WINDOWS\system32\DRIVERS\rdbss.sys]
Service RDPCDD [C:\WINDOWS\System32\DRIVERS\RDPCDD.sys]
Service RDPDD [???]
Service rdpdr [C:\WINDOWS\system32\DRIVERS\rdpdr.sys]
Service RDPNP [???]
Service RDPWD [C:\WINDOWS\System32\Drivers\RDPWD.sys]
Service RDSessMgr [C:\WINDOWS\system32\sessmgr.exe]
Service redbook [C:\WINDOWS\system32\DRIVERS\redbook.sys]
Service RemoteAccess [C:\WINDOWS\System32\mprdim.dll]
Service RemoteRegistry [C:\WINDOWS\system32\regsvc.dll]
Service RpcLocator [C:\WINDOWS\system32\locator.exe]
Service RpcSs [C:\WINDOWS\system32\svchost]
Service RSVP [C:\WINDOWS\system32\rsvp.exe]
Service RTLE8023xp [C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys]
Service SamSs [C:\WINDOWS\system32\lsass.exe]
Service SANDRA [C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\WNt500x86\Sandra.sys]
Service SandraAgentSrv [C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\RpcAgentSrv.exe]
Service SCardSvr [C:\WINDOWS\System32\SCardSvr.exe]
Service SCDEmu [C:\WINDOWS\System32\Drivers\SCDEmu.sys]
Service Schedule [C:\WINDOWS\system32\schedsvc.dll]
Service Secdrv [C:\WINDOWS\system32\DRIVERS\secdrv.sys]
Service seclogon [C:\WINDOWS\System32\seclogon.dll]
Service SENS [C:\WINDOWS\system32\sens.dll]
Service serenum [C:\WINDOWS\system32\DRIVERS\serenum.sys]
Service Serial [C:\WINDOWS\system32\DRIVERS\serial.sys]
Service ServiceModelEndpoint 3.0.0.0 [???]
Service ServiceModelOperation 3.0.0.0 [???]
Service ServiceModelService 3.0.0.0 [???]
Service Sfloppy [C:\WINDOWS\System32\Drivers\Sfloppy.sys]
Service SharedAccess [C:\WINDOWS\System32\ipnathlp.dll]
Service ShellHWDetection [C:\WINDOWS\System32\shsvcs.dll]
Service Simbad [C:\WINDOWS\System32\Drivers\Simbad.sys]
Service SLIP [C:\WINDOWS\system32\DRIVERS\SLIP.sys]
Service SMSvcHost 3.0.0.0 [???]
Service Sparrow [C:\WINDOWS\System32\Drivers\Sparrow.sys]
Service splitter [C:\WINDOWS\system32\drivers\splitter.sys]
Service Spooler [C:\WINDOWS\system32\spoolsv.exe]
Service sr [C:\WINDOWS\system32\DRIVERS\sr.sys]
Service srservice [C:\WINDOWS\system32\srsvc.dll]
Service Srv [C:\WINDOWS\system32\DRIVERS\srv.sys]
Service SSDPSRV [C:\WINDOWS\System32\ssdpsrv.dll]
Service stisvc [C:\WINDOWS\system32\wiaservc.dll]
Service streamip [C:\WINDOWS\system32\DRIVERS\StreamIP.sys]
Service swenum [C:\WINDOWS\system32\DRIVERS\swenum.sys]
Service swmidi [C:\WINDOWS\system32\drivers\swmidi.sys]
Service SwPrv [C:\WINDOWS\system32\dllhost.exe]
Service symc810 [C:\WINDOWS\System32\Drivers\symc810.sys]
Service symc8xx [C:\WINDOWS\System32\Drivers\symc8xx.sys]
Service sym_hi [C:\WINDOWS\System32\Drivers\sym_hi.sys]
Service sym_u3 [C:\WINDOWS\System32\Drivers\sym_u3.sys]
Service sysaudio [C:\WINDOWS\system32\drivers\sysaudio.sys]
Service SysmonLog [C:\WINDOWS\system32\smlogsvc.exe]
Service TapiSrv [C:\WINDOWS\System32\tapisrv.dll]
Service Tcpip [C:\WINDOWS\system32\DRIVERS\tcpip.sys]
Service TDPIPE [C:\WINDOWS\System32\Drivers\TDPIPE.sys]
Service TDTCP [C:\WINDOWS\System32\Drivers\TDTCP.sys]
Service TermDD [C:\WINDOWS\system32\DRIVERS\termdd.sys]
Service TermService [C:\WINDOWS\System32\svchost]
Service Themes [C:\WINDOWS\System32\shsvcs.dll]
Service TlntSvr [C:\WINDOWS\system32\tlntsvr.exe]
Service TosIde [C:\WINDOWS\System32\Drivers\TosIde.sys]
Service TPkd [C:\WINDOWS\System32\Drivers\TPkd.sys]
Service TrkWks [C:\WINDOWS\system32\trkwks.dll]
Service TSDDD [???]
Service Udfs [C:\WINDOWS\System32\Drivers\Udfs.sys]
Service ultra [C:\WINDOWS\System32\Drivers\ultra.sys]
Service Update [C:\WINDOWS\system32\DRIVERS\update.sys]
Service upnphost [C:\WINDOWS\System32\upnphost.dll]
Service UPS [C:\WINDOWS\System32\ups.exe]
Service usbehci [C:\WINDOWS\system32\DRIVERS\usbehci.sys]
Service usbhub [C:\WINDOWS\system32\DRIVERS\usbhub.sys]
Service usbprint [C:\WINDOWS\system32\DRIVERS\usbprint.sys]
Service usbscan [C:\WINDOWS\system32\DRIVERS\usbscan.sys]
Service USBSTOR [C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS]
Service usbuhci [C:\WINDOWS\system32\DRIVERS\usbuhci.sys]
Service VgaSave [C:\WINDOWS\System32\drivers\vga.sys]
Service ViaIde [C:\WINDOWS\System32\Drivers\ViaIde.sys]
Service Viewpoint Manager Service [C:\Program Files\Viewpoint\Common\ViewpointService.exe]
Service VolSnap [C:\WINDOWS\System32\Drivers\VolSnap.sys]
Service VSS [C:\WINDOWS\System32\vssvc.exe]
Service vvdsvc [C:\WINDOWS\system32\Nagasoft\vjocx.dll]
Service W32Time [C:\WINDOWS\system32\w32time.dll]
Service W3SVC [???]
Service Wanarp [C:\WINDOWS\system32\DRIVERS\wanarp.sys]
Service WDICA [C:\WINDOWS\System32\Drivers\WDICA.sys]
Service wdmaud [C:\WINDOWS\system32\drivers\wdmaud.sys]
Service WebClient [C:\WINDOWS\System32\webclnt.dll]
Service Windows Workflow Foundation 3.0.0.0 [???]
Service winmgmt [C:\WINDOWS\system32\wbem\WMIsvc.dll]
Service Winsock [C:\WINDOWS\System32\Drivers\Winsock.sys]
Service WinSock2 [???]
Service WinTrust [???]
Service WmBEnum [C:\WINDOWS\system32\drivers\WmBEnum.sys]
Service WmdmPmSN [C:\WINDOWS\system32\MsPMSNSv.dll]
Service WmFilter [C:\WINDOWS\system32\drivers\WmFilter.sys]
Service Wmi [C:\WINDOWS\System32\advapi32.dll]
Service WmiApRpl [???]
Service WmiApSrv [C:\WINDOWS\system32\wbem\wmiapsrv.exe]
Service WmVirHid [C:\WINDOWS\system32\drivers\WmVirHid.sys]
Service WmXlCore [C:\WINDOWS\system32\drivers\WmXlCore.sys]
Service WpdUsb [C:\WINDOWS\System32\Drivers\wpdusb.sys]
Service WS2IFSL [C:\WINDOWS\System32\drivers\ws2ifsl.sys]
Service wscsvc [C:\WINDOWS\system32\wscsvc.dll]
Service WSTCODEC [C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS]
Service wuauserv [C:\WINDOWS\system32\wuauserv.dll]
Service WudfPf [C:\WINDOWS\system32\DRIVERS\WudfPf.sys]
Service WudfRd [C:\WINDOWS\system32\DRIVERS\wudfrd.sys]
Service WudfSvc [C:\WINDOWS\System32\WUDFSvc.dll]
Service WZCSVC [C:\WINDOWS\System32\wzcsvc.dll]
Service xmlprov [C:\WINDOWS\System32\xmlprov.dll]
Service {015EBEFF-79CA-4220-B5F9-6D849A984967} [???]
Service {8546DA60-9D05-421B-81E4-3596AF0A7FAE} [???]
Service {A96DEF63-9038-4B27-BB4A-33ADCB6427FD} [???]
Service {AF6523A8-C874-4DD9-8FDE-63942DEAC7EF} [???]
Service {B9E9B337-592F-46E7-B94F-AAD18FAB9D7D} [???]

Scan finished: Tuesday, December 01, 2009 2:19:20 PM
Hidden files found: 0
Hidden registry items found: 0
Hidden processes found: 0
Hidden services found: 0
Hidden boot sectors found: 0


----------


  • 0

#14
hammerman
Posted 01 December 2009 - 04:03 PM

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Hi,

Thanks for the info. Please follow these steps.

-- Step 1 --

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
@Alternate Data Stream - 1306 bytes -> C:\Program Files\WindowsUpdate:YEjse8VqpGCY6zYAxc4ZM7xHIoMT
@Alternate Data Stream - 1223 bytes -> C:\Program Files\Common Files\Microsoft Shared:gkSoqRDQrpP9UnFCaMpXp5
@Alternate Data Stream - 1220 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:Ko07KgivPWGdvWqfeO7y0KwZm
@Alternate Data Stream - 1213 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:H6PpsVWEz4wVTsTGE9joXRRkfpA
@Alternate Data Stream - 1185 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:uEBHUxwBQBwhnwrsM
@Alternate Data Stream - 1160 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:PrNt97IWIqCWHYlE3Ir
@Alternate Data Stream - 1056 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:f9UsAUbJUZk99gjkDTYbNi37B
@Alternate Data Stream - 1048 bytes -> C:\Program Files\WindowsUpdate:WiVBGBaFbqOxTVa7u40a9pegukeE3

:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • This fix will produce a report. Please add this to your reply.
-- Step 2 --

Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on View Report and then Save Report
  • Save the file to your desktop as a text file.
  • Copy and paste that information in your next post.

  • 0

#15
dm305
Posted 01 December 2009 - 10:22 PM

dm305

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
argh..... after 5 hours the kaspersky scan froze when I hit "save report". sigh. I'll try to run it again tonight while I sleep. It did say it found like 12 infected files though.

anyway here is the OTL report if it's any use:

All processes killed
========== OTL ==========
ADS C:\Program Files\WindowsUpdate:YEjse8VqpGCY6zYAxc4ZM7xHIoMT deleted successfully.
ADS C:\Program Files\Common Files\Microsoft Shared:gkSoqRDQrpP9UnFCaMpXp5 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\Microsoft:Ko07KgivPWGdvWqfeO7y0KwZm deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\Microsoft:H6PpsVWEz4wVTsTGE9joXRRkfpA deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\Microsoft:uEBHUxwBQBwhnwrsM deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\Microsoft:PrNt97IWIqCWHYlE3Ir deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\Microsoft:f9UsAUbJUZk99gjkDTYbNi37B deleted successfully.
ADS C:\Program Files\WindowsUpdate:WiVBGBaFbqOxTVa7u40a9pegukeE3 deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Dave
->Temp folder emptied: 5267 bytes
->Temporary Internet Files folder emptied: 3666957 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 46138957 bytes
->Google Chrome cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 33207 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 47.57 mb


OTL by OldTimer - Version 3.1.11.3 log created on 12012009_172218

Files\Folders moved on Reboot...
C:\WINDOWS\temp\Perflib_Perfdata_6c0.dat moved successfully.

Registry entries deleted on Reboot...


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP