Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

explorer.exe sky rockets my cpu usage to 100% while playing DotA

Started by dissidia , Mar 18 2010 02:51 AM

Please log in to reply

#1
dissidia

Posted 18 March 2010 - 02:51 AM

New Member

Member
5 posts

title tells it all and I'm hoping that someone could help me with this issue because it's annoying. Even when my pc is idle the cpu usage still goes to 50%. by the way, this is my hijacjthis log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:50:30 PM, on 3/18/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Sygate\SPF\smc.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
D:\Program Files\Common Files\Java\Java Update\jusched.exe
D:\Program Files\ESET\ESET Smart Security\egui.exe
D:\Program Files\cFosSpeed\cFosSpeed.exe
D:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
D:\Program Files\Stardock\ObjectDock\ObjectDock.exe
D:\Program Files\cFosSpeed\spd.exe
D:\Program Files\ESET\ESET Smart Security\ekrn.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Documents and Settings\jay\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
D:\Documents and Settings\jay\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\jay\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\jay\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\jay\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\jay\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\jay\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\jay\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\jay\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\jay\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SmcService] D:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [GrooveMonitor] "D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [egui] "D:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [cFosSpeed] D:\Program Files\cFosSpeed\cFosSpeed.exe
O4 - HKCU\..\Run: [Google Update] "D:\Documents and Settings\jay\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SRS Audio Sandbox] "D:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Stardock ObjectDock.lnk = D:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase6087.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - D:\Program Files\cFosSpeed\spd.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - D:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - D:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - D:\Program Files\Sygate\SPF\smc.exe

--
End of file - 6518 bytes

thanks for the help.

#2
RKinner

Posted 19 March 2010 - 10:31 AM

Malware Expert

Expert
24,624 posts

Follow the instructions in

http://www.geekstogo...uide-t2852.html

and post your logs.

Ron

#3
dissidia

Posted 19 March 2010 - 05:40 PM

New Member

Topic Starter
Member
5 posts

Hi Mr. Rkinner, thanks for your instructions. So here are my logs that the other thread is requesting.

Malwarebytes' Anti-Malware 1.44
Database version: 3886
Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

3/20/2010 6:59:55 AM
mbam-log-2010-03-20 (06-59-55).txt

Scan type: Quick Scan
Objects scanned: 115741
Time elapsed: 4 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (explorer.exe,D:\RECYCLER\S-1-5-21-1430110684-5608733584-432387419-0699\MsMxEng.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

_______________________________________________________________________________________________________________

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-20 07:24:02
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: D:\DOCUME~1\jay\LOCALS~1\Temp\fwkiraog.sys

---- System - GMER 1.0.15 ----

SSDT \??\D:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwAllocateVirtualMemory [0xF6908B30]
SSDT \??\D:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwCreateThread [0xF69086F0]
SSDT \??\D:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwMapViewOfSection [0xF6908470]
SSDT \??\D:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwProtectVirtualMemory [0xF6908C50]
SSDT \??\D:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwShutdownSystem [0xF6908990]
SSDT \??\D:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xF4452320]
SSDT \??\D:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwWriteVirtualMemory [0xF6908D60]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Ip wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Udp wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\RawIp wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)
AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET)

---- EOF - GMER 1.0.15 ----

_______________________________________________________________________________________________________________

OTL.txt

OTL logfile created on: 3/20/2010 7:34:58 AM - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = D:\Documents and Settings\jay\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

767.00 Mb Total Physical Memory | 423.00 Mb Available Physical Memory | 55.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
Drive C: | 39.26 Gb Total Space | 5.86 Gb Free Space | 14.92% Space Free | Partition Type: NTFS
Drive D: | 35.25 Gb Total Space | 6.83 Gb Free Space | 19.38% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JAYMACHI-77D8AF
Current User Name: jay
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/03/20 07:32:22 | 000,555,520 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\jay\Desktop\OTL.exe
PRC - [2010/03/13 23:58:36 | 000,530,928 | ---- | M] (Google Inc.) -- D:\Documents and Settings\jay\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2010/02/26 00:39:16 | 003,215,360 | ---- | M] (SRS Labs, Inc.) -- D:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe
PRC - [2009/10/30 12:25:08 | 000,415,960 | R--- | M] (cFos Software GmbH) -- D:\Program Files\cFosSpeed\spd.exe
PRC - [2009/10/30 12:25:04 | 000,977,624 | R--- | M] (cFos Software GmbH) -- D:\Program Files\cFosSpeed\cfosspeed.exe
PRC - [2009/10/07 09:16:50 | 000,472,280 | ---- | M] (ESET) -- D:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2009/10/07 09:15:42 | 001,461,080 | ---- | M] (ESET) -- D:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2007/04/25 19:02:30 | 003,444,008 | ---- | M] (Stardock) -- D:\Program Files\Stardock\ObjectDock\ObjectDock.exe
PRC - [2004/08/13 19:05:56 | 002,532,576 | ---- | M] (Sygate Technologies, Inc.) -- D:\Program Files\Sygate\SPF\Smc.exe
PRC - [2004/08/04 01:07:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2010/03/20 07:32:22 | 000,555,520 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\jay\Desktop\OTL.exe
MOD - [2007/04/24 19:25:46 | 000,112,400 | ---- | M] () -- D:\Program Files\Stardock\ObjectDock\DockShellHook.dll
MOD - [2004/08/10 17:05:30 | 000,083,096 | ---- | M] (Sygate Technologies, Inc.) -- D:\WINDOWS\system32\SSSensor.dll
MOD - [2004/08/04 01:07:00 | 001,050,624 | R--- | M] (Microsoft Corporation) -- D:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2009/10/30 12:25:08 | 000,415,960 | R--- | M] (cFos Software GmbH) [Auto | Running] -- D:\Program Files\cFosSpeed\spd.exe -- (cFosSpeedS)
SRV - [2009/10/07 09:21:14 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- D:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/10/07 09:16:50 | 000,472,280 | ---- | M] (ESET) [Auto | Running] -- D:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2004/08/13 19:05:56 | 002,532,576 | ---- | M] (Sygate Technologies, Inc.) [Auto | Running] -- D:\Program Files\Sygate\SPF\Smc.exe -- (SmcService)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

O1 HOSTS File: ([2010/03/07 08:28:06 | 000,000,734 | ---- | M]) - D:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O4 - HKLM..\Run: [cFosSpeed] D:\Program Files\cFosSpeed\cfosspeed.exe (cFos Software GmbH)
O4 - HKLM..\Run: [egui] D:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] D:\WINDOWS\System32\HdAShCut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [NvCplDaemon] D:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] D:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] D:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SmcService] D:\Program Files\Sygate\SPF\Smc.exe (Sygate Technologies, Inc.)
O4 - HKLM..\Run: [VMonitor] D:\Program Files\AVEO\USB PC Camera\VMonitor.exe File not found
O4 - HKCU..\Run: [SRS Audio Sandbox] D:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe (SRS Labs, Inc.)
O4 - Startup: D:\Documents and Settings\jay\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = D:\Program Files\Stardock\ObjectDock\ObjectDock.exe (Stardock)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - D:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase6087.cab (Windows Live Safety Center Base Module)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 58.69.254.83 124.104.135.68 58.69.254.5
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - D:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - D:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (Explorer.exe) - D:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: D:\Documents and Settings\jay\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: D:\Documents and Settings\jay\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/12/06 22:48:41 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - D:\WINDOWS\system32\ias [2002/01/01 01:12:54 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.

========== Files/Folders - Created Within 14 Days ==========

[2010/03/20 07:33:25 | 000,000,000 | -HSD | C] -- D:\Config.Msi
[2010/03/20 07:32:11 | 000,555,520 | ---- | C] (OldTimer Tools) -- D:\Documents and Settings\jay\Desktop\OTL.exe
[2010/03/20 07:29:05 | 000,000,000 | ---D | C] -- D:\WINDOWS\Minidump
[2010/03/20 07:28:14 | 000,000,000 | -HSD | C] -- D:\FOUND.003
[2010/03/20 06:50:50 | 000,000,000 | ---D | C] -- D:\Documents and Settings\jay\Application Data\Malwarebytes
[2010/03/20 06:50:45 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/20 06:50:43 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/03/20 06:50:42 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbam.sys
[2010/03/20 06:50:40 | 000,000,000 | ---D | C] -- D:\Program Files\Malwarebytes' Anti-Malware
[2010/03/20 06:47:54 | 005,115,840 | ---- | C] (Malwarebytes Corporation ) -- D:\Documents and Settings\jay\Desktop\mbam-setup.exe
[2010/03/20 06:47:42 | 000,000,000 | ---D | C] -- D:\WINDOWS\ERDNT
[2010/03/20 06:46:54 | 000,000,000 | ---D | C] -- D:\Program Files\ERUNT
[2010/03/18 16:54:20 | 000,000,000 | ---D | C] -- D:\WINDOWS\pss
[2010/03/18 16:50:24 | 000,000,000 | ---D | C] -- D:\Program Files\Trend Micro
[2010/03/18 16:35:42 | 000,000,000 | RH-D | C] -- D:\Documents and Settings\jay\Recent
[2010/03/17 19:15:52 | 000,000,000 | ---D | C] -- D:\Documents and Settings\jay\Application Data\IObit
[2010/03/17 19:15:48 | 000,000,000 | ---D | C] -- D:\Program Files\IObit
[2010/03/15 20:33:46 | 000,000,000 | ---D | C] -- D:\Program Files\SopCast
[2010/03/14 21:50:03 | 000,000,000 | -H-D | C] -- D:\Unioncast Data
[2010/03/14 07:27:57 | 000,000,000 | ---D | C] -- D:\Program Files\SyQic Yoonic Engine - PLDT Watchpad
[2010/03/12 22:00:32 | 000,000,000 | ---D | C] -- D:\Program Files\Windows Live Safety Center
[2010/03/12 21:33:16 | 000,000,000 | ---D | C] -- D:\Documents and Settings\jay\Local Settings\Application Data\Promosoft Corporation
[2010/03/12 21:33:14 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\TEMP
[2010/03/09 23:19:19 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\Macromed
[2010/03/09 16:03:58 | 000,000,000 | ---D | C] -- D:\Program Files\Common Files\Adobe AIR
[2010/03/09 15:56:24 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\Adobe
[2010/03/08 03:40:50 | 000,000,000 | ---D | C] -- D:\Warcraft III
[2010/03/07 16:49:53 | 000,000,000 | RHSD | C] -- D:\RECYCLER
[2010/03/07 08:05:20 | 000,872,152 | ---- | C] (cFos Software GmbH) -- D:\WINDOWS\System32\drivers\cfosspeed.sys
[2010/03/07 08:05:20 | 000,288,472 | ---- | C] (cFos Software GmbH) -- D:\WINDOWS\System32\cfosspeed.dll
[2010/03/07 07:47:01 | 000,000,000 | -HSD | C] -- D:\Documents and Settings\jay\PrivacIE
[2010/03/07 07:46:02 | 000,000,000 | -HSD | C] -- D:\Documents and Settings\jay\IETldCache
[2010/03/07 07:41:07 | 000,000,000 | ---D | C] -- D:\WINDOWS\WBEM
[2010/03/07 07:38:52 | 000,000,000 | -H-D | C] -- D:\WINDOWS\ie8
[2010/03/07 07:34:20 | 000,000,000 | -H-D | C] -- D:\WINDOWS\$hf_mig$
[2010/03/06 22:02:36 | 000,000,000 | ---D | C] -- D:\Documents and Settings\jay\Local Settings\Application Data\Deployment
[2010/03/06 22:00:25 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\XPSViewer
[2010/03/06 22:00:20 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\en-US
[2010/03/06 22:00:16 | 000,000,000 | ---D | C] -- D:\Program Files\Reference Assemblies
[2010/03/06 21:58:57 | 000,000,000 | R-SD | C] -- D:\WINDOWS\assembly
[2010/03/06 21:58:37 | 000,000,000 | ---D | C] -- D:\WINDOWS\Microsoft.NET
[2010/03/06 21:57:46 | 000,000,000 | ---D | C] -- D:\Program Files\MSXML 6.0
[2010/03/06 21:35:04 | 000,000,000 | ---D | M] -- D:\Documents and Settings\LocalService\Local Settings\Application Data\ESET
[2010/03/06 19:18:07 | 000,000,000 | ---D | C] -- D:\Documents and Settings\jay\Local Settings\Application Data\WMTools Downloaded Files
[2010/02/26 23:01:18 | 000,000,000 | ---D | M] -- D:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/02/26 23:01:04 | 000,000,000 | ---D | M] -- D:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2002/01/01 01:17:52 | 000,000,000 | --SD | M] -- D:\Documents and Settings\NetworkService\Application Data\Microsoft
[2002/01/01 01:17:52 | 000,000,000 | --SD | M] -- D:\Documents and Settings\LocalService\Application Data\Microsoft

========== Files - Modified Within 14 Days ==========

[2010/03/20 07:32:22 | 000,555,520 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\jay\Desktop\OTL.exe
[2010/03/20 07:29:46 | 000,201,733 | ---- | M] () -- D:\WINDOWS\System32\nvapps.xml
[2010/03/20 07:29:24 | 000,000,006 | -H-- | M] () -- D:\WINDOWS\tasks\SA.DAT
[2010/03/20 07:29:06 | 000,002,048 | --S- | M] () -- D:\WINDOWS\bootstat.dat
[2010/03/20 07:06:14 | 000,284,915 | ---- | M] () -- D:\Documents and Settings\jay\Desktop\gmer.zip
[2010/03/20 07:01:54 | 005,242,880 | -H-- | M] () -- D:\Documents and Settings\jay\NTUSER.DAT
[2010/03/20 06:49:36 | 005,115,840 | ---- | M] (Malwarebytes Corporation ) -- D:\Documents and Settings\jay\Desktop\mbam-setup.exe
[2010/03/20 06:47:02 | 000,000,506 | ---- | M] () -- D:\Documents and Settings\jay\Desktop\ERUNT.lnk
[2010/03/20 06:43:36 | 000,002,206 | ---- | M] () -- D:\WINDOWS\System32\wpa.dbl
[2010/03/19 23:56:12 | 000,000,178 | -HS- | M] () -- D:\Documents and Settings\jay\ntuser.ini
[2010/03/18 23:28:32 | 000,010,948 | ---- | M] () -- D:\Documents and Settings\jay\Desktop\Tracy Kim P.docx
[2010/03/18 16:07:28 | 001,309,584 | ---- | M] () -- D:\Documents and Settings\jay\Desktop\ProcessMonitor.zip
[2010/03/18 14:52:02 | 000,000,918 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-117609710-839522115-1003Core1cac666dd3607f0.job
[2010/03/17 19:51:38 | 000,098,980 | ---- | M] () -- D:\Documents and Settings\jay\Desktop\HAZMAT_Class_7_Radioactive.png
[2010/03/17 17:17:12 | 000,000,025 | ---- | M] () -- D:\popcinfot.dat
[2010/03/15 20:33:48 | 000,000,580 | ---- | M] () -- D:\Documents and Settings\jay\Desktop\SopCast.lnk
[2010/03/15 20:33:34 | 005,277,219 | ---- | M] () -- D:\Documents and Settings\jay\Desktop\SopCast-328.zip
[2010/03/14 20:46:14 | 000,004,608 | ---- | M] () -- D:\Documents and Settings\jay\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/14 07:47:04 | 000,509,574 | ---- | M] () -- D:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/14 07:47:04 | 000,435,260 | ---- | M] () -- D:\WINDOWS\System32\perfh009.dat
[2010/03/14 07:47:04 | 000,068,156 | ---- | M] () -- D:\WINDOWS\System32\perfc009.dat
[2010/03/14 07:27:40 | 000,000,358 | ---- | M] () -- D:\Documents and Settings\jay\Desktop\PLDT Watchpad.appref-ms
[2010/03/13 00:40:06 | 000,000,548 | -H-- | M] () -- D:\Documents and Settings\jay\Desktop\Cheat Engine.lnk
[2010/03/12 21:23:28 | 000,000,320 | ---- | M] () -- D:\Documents and Settings\jay\Desktop\PropertyHandler.reg
[2010/03/07 16:49:18 | 000,013,422 | ---- | M] () -- D:\Documents and Settings\jay\My Documents\Impossible finish chapter.docx
[2010/03/07 09:53:08 | 000,151,145 | ---- | M] () -- D:\Documents and Settings\jay\Desktop\hehe.JPG
[2010/03/07 07:38:28 | 000,068,456 | ---- | M] () -- D:\Documents and Settings\jay\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/03/07 07:37:04 | 000,266,208 | ---- | M] () -- D:\WINDOWS\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2010/03/20 07:05:54 | 000,284,915 | ---- | C] () -- D:\Documents and Settings\jay\Desktop\gmer.zip
[2010/03/20 06:47:01 | 000,000,506 | ---- | C] () -- D:\Documents and Settings\jay\Desktop\ERUNT.lnk
[2010/03/18 23:28:29 | 000,010,948 | ---- | C] () -- D:\Documents and Settings\jay\Desktop\Tracy Kim P.docx
[2010/03/18 16:06:58 | 001,309,584 | ---- | C] () -- D:\Documents and Settings\jay\Desktop\ProcessMonitor.zip
[2010/03/18 14:47:23 | 000,000,918 | ---- | C] () -- D:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-117609710-839522115-1003Core1cac666dd3607f0.job
[2010/03/17 19:51:37 | 000,098,980 | ---- | C] () -- D:\Documents and Settings\jay\Desktop\HAZMAT_Class_7_Radioactive.png
[2010/03/15 20:33:47 | 000,000,580 | ---- | C] () -- D:\Documents and Settings\jay\Desktop\SopCast.lnk
[2010/03/15 20:32:06 | 005,277,219 | ---- | C] () -- D:\Documents and Settings\jay\Desktop\SopCast-328.zip
[2010/03/14 07:27:45 | 000,000,358 | ---- | C] () -- D:\Documents and Settings\jay\Desktop\PLDT Watchpad.appref-ms
[2010/03/12 21:23:26 | 000,000,320 | ---- | C] () -- D:\Documents and Settings\jay\Desktop\PropertyHandler.reg
[2010/03/07 16:49:16 | 000,013,422 | ---- | C] () -- D:\Documents and Settings\jay\My Documents\Impossible finish chapter.docx
[2010/03/07 09:53:06 | 000,151,145 | ---- | C] () -- D:\Documents and Settings\jay\Desktop\hehe.JPG
[2010/03/06 22:00:57 | 000,158,528 | ---- | C] () -- D:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/03/04 18:04:10 | 000,004,608 | ---- | C] () -- D:\Documents and Settings\jay\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/28 20:28:33 | 000,000,029 | ---- | C] () -- D:\WINDOWS\System32\WINCNMDB.DLL
[2010/02/26 23:06:38 | 000,005,810 | R--- | C] () -- D:\WINDOWS\System32\drivers\ASACPI.sys
[2010/02/26 23:06:36 | 000,003,376 | ---- | C] () -- D:\WINDOWS\Ascd_tmp.ini
[2010/02/26 23:06:33 | 000,005,824 | ---- | C] () -- D:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2010/02/26 00:32:20 | 000,047,360 | R--- | C] () -- D:\WINDOWS\System32\drivers\Surroundhp_kern_i386.sys
[2010/02/26 00:32:20 | 000,042,112 | R--- | C] () -- D:\WINDOWS\System32\drivers\csiidecoder_kern_i386.sys
[2010/02/26 00:32:19 | 000,047,104 | R--- | C] () -- D:\WINDOWS\System32\drivers\tshd4_kern_i386.sys
[2010/02/26 00:32:19 | 000,039,808 | R--- | C] () -- D:\WINDOWS\System32\drivers\SRS_SSCFilter_i386.sys
[2008/10/07 13:33:00 | 001,703,936 | ---- | C] () -- D:\WINDOWS\System32\nvwdmcpl.dll
[2008/10/07 13:33:00 | 001,486,848 | ---- | C] () -- D:\WINDOWS\System32\nview.dll
[2008/10/07 13:33:00 | 001,019,904 | ---- | C] () -- D:\WINDOWS\System32\nvwimg.dll
[2008/10/07 13:33:00 | 000,466,944 | ---- | C] () -- D:\WINDOWS\System32\nvshell.dll
[2008/10/07 13:33:00 | 000,286,720 | ---- | C] () -- D:\WINDOWS\System32\nvnt4cpl.dll
[2004/08/10 20:39:04 | 000,218,264 | ---- | C] () -- D:\WINDOWS\System32\SetAid.dll
[2004/08/04 01:07:00 | 000,027,440 | ---- | C] () -- D:\WINDOWS\System32\drivers\secdrv.sys
[2002/01/01 00:02:30 | 000,036,864 | ---- | C] () -- D:\WINDOWS\System32\AVEOCamSDK.dll
[2002/01/01 00:02:30 | 000,028,672 | ---- | C] () -- D:\WINDOWS\System32\MFC_InstDrvDLL.dll

========== LOP Check ==========

[2010/02/26 23:17:10 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Azureus
[2010/02/26 23:53:18 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\PopCap Games
[2010/02/27 00:00:44 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\ESET
[2010/02/26 00:32:26 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\SRS Labs
[2010/03/12 21:33:16 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\TEMP
[2010/02/26 23:17:02 | 000,000,000 | ---D | M] -- D:\Documents and Settings\jay\Application Data\Azureus
[2010/02/26 00:02:26 | 000,000,000 | ---D | M] -- D:\Documents and Settings\jay\Application Data\ESET
[2010/02/27 13:21:56 | 000,000,000 | ---D | M] -- D:\Documents and Settings\jay\Application Data\Opera
[2010/03/17 19:15:54 | 000,000,000 | ---D | M] -- D:\Documents and Settings\jay\Application Data\IObit

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[2008/11/03 13:57:44 | 000,102,400 | ---- | M] () -- D:\DFPatcher.exe
[2009/05/25 18:38:26 | 001,883,136 | ---- | M] () -- D:\specialforce.exe
[2008/12/19 12:55:46 | 000,102,400 | ---- | M] () -- D:\dflauncher.exe
[2009/10/25 15:46:42 | 281,529,548 | ---- | M] () -- D:\HoNClient-0.1.49.exe

< MD5 for: AGP440.SYS >
[2004/08/04 01:07:00 | 018,738,937 | ---- | M] () .cab file -- D:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 01:07:00 | 018,738,937 | ---- | M] () .cab file -- D:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2002/08/29 01:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- D:\New Folder\$NtServicePackUninstall$\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- D:\WINDOWS\system32\dllcache\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- D:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 01:07:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- D:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- D:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2004/08/03 17:07:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- D:\WINDOWS\system32\dllcache\eventlog.dll
[2004/08/04 01:07:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- D:\WINDOWS\system32\eventlog.dll
[2002/08/29 11:40:52 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=BF3C8CF53C77B48206B39910B6D6CBCC -- D:\New Folder\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2002/08/29 11:41:08 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=3ADD563ED7A1C66E6F5E0F7A661AA96D -- D:\New Folder\$NtServicePackUninstall$\netlogon.dll
[2004/08/04 01:07:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- D:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 01:07:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- D:\WINDOWS\system32\scecli.dll
[2002/08/29 11:41:12 | 000,174,592 | ---- | M] (Microsoft Corporation) MD5=97418A5C642A5C748A28BD7CF6860B57 -- D:\New Folder\$NtServicePackUninstall$\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2002/01/01 01:16:42 | 000,905,216 | ---- | M] () -- D:\WINDOWS\system32\config\system.sav
[2002/01/01 01:16:44 | 000,659,456 | ---- | M] () -- D:\WINDOWS\system32\config\software.sav
[2002/01/01 01:16:44 | 000,094,208 | ---- | M] () -- D:\WINDOWS\system32\config\default.sav
< End of report >

_______________________________________________________________________________________________________________

extras.txt

OTL Extras logfile created on: 3/20/2010 7:34:58 AM - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = D:\Documents and Settings\jay\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

767.00 Mb Total Physical Memory | 423.00 Mb Available Physical Memory | 55.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
Drive C: | 39.26 Gb Total Space | 5.86 Gb Free Space | 14.92% Space Free | Partition Type: NTFS
Drive D: | 35.25 Gb Total Space | 6.83 Gb Free Space | 19.38% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JAYMACHI-77D8AF
Current User Name: jay
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "D:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- D:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = D:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"D:\Program Files\Microsoft Office\Office12\groove.exe" = D:\Program Files\Microsoft Office\Office12\groove.exe:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"D:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = D:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"D:\Program Files\Opera\opera.exe" = D:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{21199F32-B676-4FE2-A443-EF7DB6B8FD4F}" = Opera 10.10
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 18
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{76F21300-9ECC-40F2-8314-362FC1D47348}" = ESET Smart Security
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{88391C67-5C9F-4CA6-A81F-6BEEA1FD5B4F}" = DELKIN USB WEBCAM
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" =
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{AF2DE873-ECB3-4BF5-BA8D-6C61A0948DA5}" = SyQic Yoonic Engine - PLDT Watchpad
"{BF448A52-C83E-455D-B5D3-FD9E964C9419}" = Sygate Personal Firewall Pro
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3CBE4AD-CC84-484F-8E44-CFB303BFDA4D}" = SRS Audio Sandbox
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"cFosSpeed" = cFosSpeed v5.00
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"HijackThis" = HijackThis 2.0.2
"hon" = Heroes of Newerth
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NVIDIA Drivers" = NVIDIA Drivers
"ObjectDock" = ObjectDock
"SopCast" = SopCast 3.2.8
"UltraISO_is1" = UltraISO Premium V9.32
"WIC" = Windows Imaging Component
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"WinRAR archiver" = WinRAR archiver
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"e9558ccd6b9790b9" = PLDT WatchPad
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/11/2010 6:05:30 PM | Computer Name = JAYMACHI-77D8AF | Source = Google Update | ID = 20
Description =

Error - 12/31/2001 12:06:45 PM | Computer Name = JAYMACHI-77D8AF | Source = Google Update | ID = 20
Description =

Error - 3/12/2010 12:25:11 AM | Computer Name = JAYMACHI-77D8AF | Source = Google Update | ID = 20
Description =

Error - 1/1/2002 4:51:13 AM | Computer Name = JAYMACHI-77D8AF | Source = Google Update | ID = 20
Description =

Error - 3/12/2010 7:46:08 PM | Computer Name = JAYMACHI-77D8AF | Source = Google Update | ID = 20
Description =

Error - 12/31/2001 12:04:08 PM | Computer Name = JAYMACHI-77D8AF | Source = Google Update | ID = 20
Description =

Error - 3/17/2010 4:50:45 AM | Computer Name = JAYMACHI-77D8AF | Source = Google Update | ID = 20
Description =

Error - 12/31/2001 12:00:52 PM | Computer Name = JAYMACHI-77D8AF | Source = Google Update | ID = 20
Description =

Error - 12/31/2001 12:06:01 PM | Computer Name = JAYMACHI-77D8AF | Source = Google Update | ID = 20
Description =

Error - 12/31/2001 12:12:46 PM | Computer Name = JAYMACHI-77D8AF | Source = Google Update | ID = 20
Description =

[ System Events ]
Error - 3/19/2010 6:32:16 PM | Computer Name = JAYMACHI-77D8AF | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 112.204.89.45 on
the Network Card with network address 0011D8FA7874.

Error - 3/19/2010 6:32:17 PM | Computer Name = JAYMACHI-77D8AF | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 3/19/2010 6:32:17 PM | Computer Name = JAYMACHI-77D8AF | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 3/19/2010 6:41:03 PM | Computer Name = JAYMACHI-77D8AF | Source = Service Control Manager | ID = 7034
Description = The Sygate Personal Firewall Pro service terminated unexpectedly.
It has done this 1 time(s).

Error - 3/19/2010 6:41:03 PM | Computer Name = JAYMACHI-77D8AF | Source = Service Control Manager | ID = 7034
Description = The cFosSpeed System Service service terminated unexpectedly. It
has done this 1 time(s).

Error - 3/19/2010 6:41:03 PM | Computer Name = JAYMACHI-77D8AF | Source = Service Control Manager | ID = 7031
Description = The Eset Service service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 0 milliseconds: Restart
the service.

Error - 3/19/2010 6:41:03 PM | Computer Name = JAYMACHI-77D8AF | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Display Driver Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 3/19/2010 6:41:03 PM | Computer Name = JAYMACHI-77D8AF | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 3/19/2010 7:04:15 PM | Computer Name = JAYMACHI-77D8AF | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
IntelIde

Error - 3/19/2010 7:29:59 PM | Computer Name = JAYMACHI-77D8AF | Source = System Error | ID = 1003
Description = Error code 000000f4, parameter1 00000003, parameter2 82d60610, parameter3
82d60784, parameter4 80606586.

< End of report >

PS, I think there is also a problem with my RUNDLL32.exe because when I start playing, It begins to run and it also makes my cpu usage go to 100% which gives me a lag time playing.

Edited by dissidia, 19 March 2010 - 06:08 PM.

#4
RKinner

Posted 19 March 2010 - 06:38 PM

Malware Expert

Expert
24,624 posts

Run Malwarebytes' Anti-Malware again but this time do a full scan.

Launch Malwarebytes' Anti-Malware,
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.

Download but do not yet run ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html

Download and Rename this file -- (call it george.exe ) to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on george to start the program.

* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Re-activate your protection programs at this time :!:

Post back with both logs.

Ron

PS You are in the Philippines right?

Edited by RKinner, 19 March 2010 - 06:39 PM.

#5
dissidia

Posted 19 March 2010 - 11:49 PM

New Member

Topic Starter
Member
5 posts

Hi Ron, so here are the logs.

Malwarebytes' Anti-Malware 1.44
Database version: 3886
Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

3/20/2010 1:22:08 PM
mbam-log-2010-03-20 (13-22-08).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 201035
Time elapsed: 47 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\jay\My Documents\Azureus Downloads\Any.DVD.Converter.Professional.v3.6.7.Multilingual-ismail-13.11.2008\ismail\any.dvd.converter.professional.v3.6.7-ismail.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\New Folder\cs4\1. Adobe.Photoshop.CS4.Extended.Crack.Only-ENGiNE\PhotoShopCS4_X32_Crk.exe (Trojan.Agent) -> Quarantined and deleted successfully.

_______________________________________________________________________________________________________________

ComboFix 10-03-19.06 - jay 03/20/2010 13:34:11.1.2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.759.394 [GMT 8:00]
Running from: d:\documents and settings\jay\Desktop\ComboFix.exe
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\popcinfot.dat
d:\recycler\S-1-5-21-1430110684-5608733584-432387419-0699
d:\recycler\S-1-5-21-2115734213-0506870627-138972769-5630
d:\recycler\S-1-5-21-5778675469-8685574950-457289436-3407
d:\recycler\S-1-5-21-6038899185-9869115486-243284118-6959
d:\recycler\S-1-5-21-6472547763-8491241343-514740325-1888
d:\recycler\S-1-5-21-6641652608-7911899340-724645368-0845
d:\recycler\S-1-5-21-6696190217-3573611519-275686423-6259
d:\windows\system32\drivers\wpdmwfdd.sys
d:\windows\system32\WINCNMDB.DLL

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ixjhqi

((((((((((((((((((((((((( Files Created from 2010-02-20 to 2010-03-20 )))))))))))))))))))))))))))))))
.

2010-03-19 23:28 . 2010-03-19 23:28 -------- d-----w- D:\FOUND.003
2010-03-19 22:50 . 2010-03-19 22:50 -------- d-----w- d:\documents and settings\jay\Application Data\Malwarebytes
2010-03-19 22:50 . 2010-01-07 08:07 38224 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys
2010-03-19 22:50 . 2010-03-19 22:50 -------- d-----w- d:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-19 22:50 . 2010-01-07 08:07 19160 ----a-w- d:\windows\system32\drivers\mbam.sys
2010-03-19 22:50 . 2010-03-19 22:50 -------- d-----w- d:\program files\Malwarebytes' Anti-Malware
2010-03-19 22:46 . 2010-03-19 22:46 -------- d-----w- d:\program files\ERUNT
2010-03-18 08:50 . 2010-03-18 08:50 -------- d-----w- d:\program files\Trend Micro
2010-03-17 11:15 . 2010-03-17 11:15 -------- d-----w- d:\documents and settings\jay\Application Data\IObit
2010-03-17 11:15 . 2010-03-17 11:15 -------- d-----w- d:\program files\IObit
2010-03-15 12:33 . 2010-03-15 12:33 -------- d-----w- d:\program files\SopCast
2010-03-14 13:50 . 2010-03-14 13:50 -------- d-----w- D:\Unioncast Data
2010-03-13 23:27 . 2010-03-13 23:27 -------- d-----w- d:\program files\SyQic Yoonic Engine - PLDT Watchpad
2010-03-12 14:00 . 2010-03-12 14:00 -------- d-----w- d:\program files\Windows Live Safety Center
2010-03-12 13:33 . 2010-03-12 13:33 -------- d-----w- d:\documents and settings\jay\Local Settings\Application Data\Promosoft Corporation
2010-03-12 13:33 . 2010-03-12 13:33 -------- d-----w- d:\documents and settings\All Users\Application Data\TEMP
2010-03-09 15:19 . 2010-03-09 15:19 -------- d-----w- d:\windows\system32\Macromed
2010-03-09 08:03 . 2010-03-09 08:04 -------- d-----w- d:\program files\Common Files\Adobe AIR
2010-03-09 07:56 . 2010-03-09 07:56 -------- d-----w- d:\windows\system32\Adobe
2010-03-07 19:40 . 2010-03-07 19:40 -------- d-----w- D:\Warcraft III
2010-03-07 00:05 . 2009-10-30 04:25 872152 ----a-w- d:\windows\system32\drivers\cfosspeed.sys
2010-03-07 00:05 . 2009-10-30 04:25 288472 ----a-w- d:\windows\system32\cfosspeed.dll
2010-03-06 23:47 . 2010-03-06 23:47 -------- d-sh--w- d:\documents and settings\jay\PrivacIE
2010-03-06 23:46 . 2010-03-06 23:46 -------- d-sh--w- d:\documents and settings\jay\IETldCache
2010-03-06 23:38 . 2010-03-06 23:38 -------- d--h--w- d:\windows\ie8
2010-03-06 23:34 . 2010-03-06 23:34 -------- d--h--w- d:\windows\$hf_mig$
2010-03-06 23:34 . 2008-02-26 11:59 294912 ------w- d:\windows\system32\dllcache\msctf.dll
2010-03-06 14:02 . 2010-03-06 14:02 -------- d-----w- d:\documents and settings\jay\Local Settings\Application Data\Deployment
2010-03-06 14:00 . 2010-03-06 23:17 158528 ----a-w- d:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-03-06 14:00 . 2010-03-06 14:00 -------- d-----w- d:\windows\system32\XPSViewer
2010-03-06 14:00 . 2010-03-06 14:00 -------- d-----w- d:\program files\Reference Assemblies
2010-03-06 14:00 . 2008-07-06 12:06 89088 ----a-w- d:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-03-06 13:59 . 2008-07-06 12:06 89088 ------w- d:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-03-06 13:59 . 2008-07-06 12:06 575488 ------w- d:\windows\system32\xpsshhdr.dll
2010-03-06 13:59 . 2008-07-06 12:06 575488 ------w- d:\windows\system32\dllcache\xpsshhdr.dll
2010-03-06 13:59 . 2008-07-06 12:06 117760 ------w- d:\windows\system32\prntvpt.dll
2010-03-06 13:59 . 2008-07-06 10:50 597504 ------w- d:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-03-06 13:59 . 2008-07-06 10:50 597504 ------w- d:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-03-06 13:59 . 2008-07-06 12:06 1676288 ------w- d:\windows\system32\xpssvcs.dll
2010-03-06 13:59 . 2008-07-06 12:06 1676288 ------w- d:\windows\system32\dllcache\xpssvcs.dll
2010-03-06 13:57 . 2010-03-06 13:57 -------- d-----w- d:\program files\MSXML 6.0
2010-03-06 13:35 . 2010-03-06 13:35 -------- d-----w- d:\documents and settings\LocalService\Local Settings\Application Data\ESET
2010-03-06 11:18 . 2010-03-06 11:18 -------- d-----w- d:\documents and settings\jay\Local Settings\Application Data\WMTools Downloaded Files
2010-03-03 22:36 . 2008-03-05 08:03 238088 ----a-w- d:\windows\system32\xactengine3_0.dll
2010-02-28 14:09 . 2010-02-28 14:09 -------- d-----w- d:\windows\Sun
2010-02-28 14:09 . 2010-02-28 14:09 503808 ----a-w- d:\documents and settings\jay\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6e5a9ec1-n\msvcp71.dll
2010-02-28 14:09 . 2010-02-28 14:09 499712 ----a-w- d:\documents and settings\jay\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6e5a9ec1-n\jmc.dll
2010-02-28 14:09 . 2010-02-28 14:09 348160 ----a-w- d:\documents and settings\jay\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6e5a9ec1-n\msvcr71.dll
2010-02-28 14:09 . 2010-02-28 14:09 -------- d-----w- d:\program files\Common Files\Java
2010-02-28 14:09 . 2010-02-28 14:09 61440 ----a-w- d:\documents and settings\jay\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4ba15891-n\decora-sse.dll
2010-02-28 14:09 . 2010-02-28 14:09 12800 ----a-w- d:\documents and settings\jay\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4ba15891-n\decora-d3d.dll
2010-02-28 14:08 . 2010-02-28 14:08 411368 ----a-w- d:\windows\system32\deploytk.dll
2010-02-28 14:08 . 2010-02-28 14:08 -------- d-----w- d:\program files\Java
2010-02-28 12:28 . 2010-02-28 12:28 -------- d-----w- d:\program files\ActMak
2010-02-28 11:43 . 2010-02-28 11:43 -------- d-----w- d:\program files\cFosSpeed
2010-02-27 06:09 . 2010-02-27 06:09 -------- d-----w- d:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-02-27 06:05 . 2010-02-27 06:05 -------- d-----w- d:\documents and settings\jay\Local Settings\Application Data\Yahoo
2010-02-27 06:05 . 2010-02-27 06:05 -------- d-----w- d:\documents and settings\jay\Application Data\Yahoo!
2010-02-27 06:03 . 2010-02-27 06:03 -------- d-----w- d:\documents and settings\All Users\Application Data\Yahoo!
2010-02-27 06:03 . 2009-11-10 06:39 607472 ----a-w- d:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe
2010-02-27 06:02 . 2010-02-27 06:02 -------- d-----w- d:\program files\Yahoo!
2010-02-27 06:02 . 2010-02-27 06:02 -------- d-----w- d:\windows\SxsCaPendDel
2010-02-27 06:01 . 2010-02-27 06:01 -------- d-----w- d:\program files\Common Files\INCA Shared
2010-02-27 05:35 . 2010-02-27 05:35 -------- d-----w- d:\program files\MSBuild
2010-02-27 05:21 . 2010-02-27 05:21 -------- d-----w- d:\documents and settings\jay\Local Settings\Application Data\Opera
2010-02-27 05:21 . 2010-02-27 05:21 -------- d-----w- d:\program files\Opera
2010-02-27 02:08 . 2010-02-27 02:08 -------- d-----w- d:\documents and settings\jay\Local Settings\Application Data\ESET
2010-02-27 00:30 . 2010-02-27 00:30 -------- d-----w- d:\program files\Common Files\EZB Systems
2010-02-27 00:29 . 2010-02-27 00:29 -------- d-----w- d:\program files\UltraISO
2010-02-26 18:08 . 2010-02-26 18:08 -------- d-----w- d:\program files\Common Files\Adobe
2010-02-26 18:08 . 2010-02-26 18:08 -------- d-----w- d:\documents and settings\jay\Local Settings\Application Data\Adobe
2010-02-26 18:01 . 2008-10-09 20:52 452440 ----a-w- d:\windows\system32\d3dx10_40.dll
2010-02-26 18:01 . 2008-10-09 20:52 2036576 ----a-w- d:\windows\system32\D3DCompiler_40.dll
2010-02-26 18:01 . 2008-10-09 20:52 4379984 ----a-w- d:\windows\system32\D3DX9_40.dll
2010-02-26 18:00 . 2007-04-04 10:53 81768 ----a-w- d:\windows\system32\xinput1_3.dll
2010-02-26 18:00 . 2010-02-26 18:00 -------- d-----w- d:\windows\Logs
2010-02-26 18:00 . 2010-02-26 18:00 -------- d-----w- d:\program files\Heroes of Newerth
2010-02-26 17:14 . 2006-10-26 11:56 33104 ----a-w- d:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2010-02-26 17:14 . 2006-10-26 11:56 32592 ----a-w- d:\windows\system32\msonpmon.dll
2010-02-26 17:14 . 2010-02-26 17:14 -------- d-----w- d:\program files\Microsoft Works
2010-02-26 17:13 . 2010-02-26 17:13 -------- d--h--w- d:\windows\system32\GroupPolicy
2010-02-26 17:08 . 2010-02-26 17:08 -------- d-----w- d:\windows\SHELLNEW
2010-02-26 17:07 . 2010-02-26 17:07 -------- d-----w- d:\documents and settings\jay\Local Settings\Application Data\Microsoft Help
2010-02-26 17:07 . 2010-02-26 17:07 -------- d-----w- d:\documents and settings\All Users\Application Data\Microsoft Help
2010-02-26 17:07 . 2010-02-26 17:07 -------- d-----r- D:\MSOCache
2010-02-26 17:01 . 2010-02-26 17:01 -------- d-----w- d:\documents and settings\jay\Application Data\Media Player Classic
2010-02-26 16:52 . 2010-02-26 16:52 -------- d-----w- d:\documents and settings\jay\Local Settings\Application Data\Stardock
2010-02-26 16:51 . 2010-02-26 16:51 -------- d-----w- d:\program files\Stardock
2010-02-26 16:51 . 2010-02-26 16:51 -------- d-----w- d:\program files\Common Files\Stardock
2010-02-26 16:01 . 2010-02-26 16:01 -------- d-----w- d:\program files\Common Files\Wise Installation Wizard
2010-02-26 16:00 . 2010-02-26 16:00 -------- d-----w- d:\program files\ESET
2010-02-26 16:00 . 2010-02-26 16:00 -------- d-----w- d:\documents and settings\All Users\Application Data\ESET
2010-02-26 15:53 . 2010-02-26 15:53 -------- d-----w- d:\documents and settings\All Users\Application Data\PopCap Games
2010-02-26 15:51 . 2010-02-26 15:51 -------- d-----w- d:\documents and settings\jay\Local Settings\Application Data\Temp
2010-02-26 15:51 . 2010-02-26 15:51 -------- d-----w- d:\documents and settings\jay\Local Settings\Application Data\Google
2010-02-26 15:26 . 2010-02-26 15:26 -------- d-----w- d:\windows\nview
2010-02-26 15:26 . 2008-10-07 05:33 453152 ----a-w- d:\windows\system32\nvudisp.exe
2010-02-26 15:26 . 2008-10-02 02:07 453152 ----a-w- d:\windows\system32\NVUNINST.EXE
2010-02-26 15:19 . 2010-03-06 23:38 68456 ----a-w- d:\documents and settings\jay\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-26 15:17 . 2010-02-26 15:17 -------- d-----w- d:\documents and settings\All Users\Application Data\Azureus
2010-02-26 15:17 . 2010-02-26 15:17 -------- d-----w- d:\documents and settings\jay\Application Data\Azureus
2010-02-26 15:14 . 2005-03-03 11:10 74496 ----a-w- d:\windows\system32\drivers\Rtlnicxp.sys
2010-02-26 15:14 . 2010-02-26 15:14 -------- d-----w- d:\windows\OPTIONS
2010-02-26 15:14 . 2010-02-26 15:14 -------- d--h--w- d:\program files\InstallShield Installation Information
2010-02-26 15:13 . 2010-02-26 15:14 -------- d-----w- d:\program files\Common Files\InstallShield
2010-02-26 15:13 . 2005-05-18 10:52 132608 ----a-r- d:\windows\system32\drivers\ADIHdAud.sys
2010-02-26 15:07 . 2010-02-26 15:07 -------- d-----w- d:\program files\Intel
2010-02-26 15:06 . 2004-08-12 10:56 5810 ----a-r- d:\windows\system32\drivers\ASACPI.sys
2010-02-26 15:06 . 2005-02-14 14:28 5824 ----a-w- d:\windows\system32\drivers\ASUSHWIO.SYS
2010-02-26 15:04 . 2010-02-26 15:04 552 ----a-w- d:\windows\system32\d3d8caps.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-26 14:56 . 2010-02-26 14:56 -------- d-----w- d:\program files\microsoft frontpage
2010-02-26 14:52 . 2010-02-26 14:52 21640 ----a-w- d:\windows\system32\emptyregdb.dat
2010-02-25 16:43 . 2010-02-25 16:43 -------- d-----w- d:\program files\Combined Community Codec Pack
2010-02-25 16:34 . 2010-02-26 14:55 86327 ----a-w- d:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-02-25 16:32 . 2010-02-25 16:32 -------- d-----w- d:\documents and settings\All Users\Application Data\SRS Labs
2010-02-25 16:32 . 2010-02-25 16:32 -------- d-----w- d:\program files\SRS Labs
2010-02-25 16:03 . 2010-02-25 16:03 -------- d-----w- d:\program files\Sygate
2010-02-25 16:02 . 2010-02-25 16:02 -------- d-----w- d:\documents and settings\jay\Application Data\ESET
2010-02-04 02:01 . 2010-03-03 22:37 74072 ----a-w- d:\windows\system32\XAPOFX1_4.dll
2010-02-04 02:01 . 2010-03-03 22:37 528216 ----a-w- d:\windows\system32\XAudio2_6.dll
2010-02-04 02:01 . 2010-03-03 22:37 238936 ----a-w- d:\windows\system32\xactengine3_6.dll
2010-02-04 02:01 . 2010-03-03 22:37 22360 ----a-w- d:\windows\system32\X3DAudio1_7.dll
2010-01-18 06:30 . 2010-01-18 06:30 348160 ----a-w- d:\windows\system32\msvcr71.dll
2010-01-18 06:30 . 2010-01-18 06:30 499712 ----a-w- d:\windows\system32\msvcp71.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="d:\documents and settings\jay\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-02-26 135664]
"SRS Audio Sandbox"="d:\program files\SRS Labs\Audio Sandbox\SRSSSC.exe" [2010-02-25 3215360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 61952]
"NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"nwiz"="nwiz.exe" [2008-10-07 1630208]
"NvMediaCenter"="d:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"SmcService"="d:\progra~1\Sygate\SPF\smc.exe" [2004-08-13 2532576]
"GrooveMonitor"="d:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-21 35760]
"Adobe ARM"="d:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"SunJavaUpdateSched"="d:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"egui"="d:\program files\ESET\ESET Smart Security\egui.exe" [2009-10-07 1461080]
"cFosSpeed"="d:\program files\cFosSpeed\cFosSpeed.exe" [2009-10-30 977624]

d:\documents and settings\jay\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - d:\program files\Stardock\ObjectDock\ObjectDock.exe [2010-2-27 3444008]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"d:\\Program Files\\Microsoft Office\\Office12\\groove.exe"=
"d:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\Program Files\\Opera\\opera.exe"=
"d:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

R2 ekrn;Eset Service;d:\program files\ESET\ESET Smart Security\ekrn.exe [4/23/2008 2:58 PM 472280]
R3 AVEO;DELKIN USB WEBCAM;d:\windows\system32\drivers\aveodcnt.sys [1/1/2002 12:02 AM 171520]
S3 GarenaPEngine;GarenaPEngine;\??\d:\docume~1\jay\LOCALS~1\Temp\JGO191.tmp --> d:\docume~1\jay\LOCALS~1\Temp\JGO191.tmp [?]
.
Contents of the 'Scheduled Tasks' folder

2010-03-18 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-117609710-839522115-1003Core1cac666dd3607f0.job
- d:\documents and settings\jay\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-26 15:51]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-VMonitor - d:\program files\AVEO\USB PC Camera\VMonitor.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-20 13:42
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\d:\docume~1\jay\LOCALS~1\Temp\JGO191.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1092)
d:\windows\system32\COMRes.dll

- - - - - - - > 'explorer.exe'(684)
d:\program files\Stardock\ObjectDock\DockShellHook.dll
d:\windows\system32\SSSensor.dll
d:\progra~1\WINDOW~2\wmpband.dll
d:\windows\system32\ieframe.dll
d:\windows\system32\webcheck.dll
d:\program files\Malwarebytes' Anti-Malware\mbamext.dll
d:\program files\WinRAR\rarext.dll
d:\program files\ESET\ESET Smart Security\shellExt.dll
.
------------------------ Other Running Processes ------------------------
.
d:\program files\Sygate\SPF\smc.exe
d:\program files\cFosSpeed\spd.exe
d:\program files\Java\jre6\bin\jqs.exe
d:\windows\system32\nvsvc32.exe
d:\windows\system32\RUNDLL32.EXE
d:\windows\system32\wdfmgr.exe
d:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-03-20 13:44:39 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-20 05:44

Pre-Run: 7,160,397,824 bytes free
Post-Run: 7,077,593,088 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - 3D6F5D0BDC68839D5A2720BEDD82EB49

PS: Yes, I'm from the Philippines.

#6
RKinner

Posted 20 March 2010 - 12:37 AM

Malware Expert

Expert
24,624 posts

I just asked about the Philippines because your DNS servers are located there but OTL said you were US. Sometimes we get DNS hijacks so wanted to make sure.

Just a minor cleanup:

Copy all of the text between the stars to the clipboard by highlighting it and then pressing Ctrl+C.
*******************************************************
KILLALL::

Driver::
GarenaPEngine
vsdatant

******************************************************

Open Notepad (Start, Run, notepad, OK) and then paste the text by Ctrl +v. File, Save As (to your desktop) CFScript , OK

Now close everything including this browser, pause or turn off your antivirus and drag CFScript.txt over to combofix (george) and let go. Combofix should start normally.

I'll want to see the log as before.

Your Extras log said your time server was having problems. Is it still having problems?

Also you have only SP2. Is there a reason for that? If not you should update.

Your System Restore is turned off. It should be on for safety.

You probably got infected through Azureus. P2P networks like Azureus are full of trojans and viruses. If you must use it make sure you submit any files you get through Azureus to http://virustotal.com before you open them.

Ron

#7
dissidia

Posted 20 March 2010 - 01:06 AM

New Member

Topic Starter
Member
5 posts

Sir Ron,

here is the log after doing the instructions that you've said.

ComboFix 10-03-19.06 - jay 03/20/2010 14:46:28.2.2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.767.540 [GMT 8:00]
Running from: d:\documents and settings\jay\Desktop\geroge.exe.exe
Command switches used :: d:\documents and settings\jay\Desktop\CFScript.txt
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_GARENAPENGINE
-------\Service_GarenaPEngine
-------\Service_vsdatant

((((((((((((((((((((((((( Files Created from 2010-02-20 to 2010-03-20 )))))))))))))))))))))))))))))))
.

2010-03-19 23:28 . 2010-03-19 23:28 -------- d-----w- D:\FOUND.003
2010-03-19 22:50 . 2010-03-19 22:50 -------- d-----w- d:\documents and settings\jay\Application Data\Malwarebytes
2010-03-19 22:50 . 2010-01-07 08:07 38224 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys
2010-03-19 22:50 . 2010-03-19 22:50 -------- d-----w- d:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-19 22:50 . 2010-01-07 08:07 19160 ----a-w- d:\windows\system32\drivers\mbam.sys
2010-03-19 22:50 . 2010-03-19 22:50 -------- d-----w- d:\program files\Malwarebytes' Anti-Malware
2010-03-19 22:46 . 2010-03-19 22:46 -------- d-----w- d:\program files\ERUNT
2010-03-18 08:50 . 2010-03-18 08:50 -------- d-----w- d:\program files\Trend Micro
2010-03-17 11:15 . 2010-03-17 11:15 -------- d-----w- d:\documents and settings\jay\Application Data\IObit
2010-03-17 11:15 . 2010-03-17 11:15 -------- d-----w- d:\program files\IObit
2010-03-15 12:33 . 2010-03-15 12:33 -------- d-----w- d:\program files\SopCast
2010-03-14 13:50 . 2010-03-14 13:50 -------- d-----w- D:\Unioncast Data
2010-03-13 23:27 . 2010-03-13 23:27 -------- d-----w- d:\program files\SyQic Yoonic Engine - PLDT Watchpad
2010-03-12 14:00 . 2010-03-12 14:00 -------- d-----w- d:\program files\Windows Live Safety Center
2010-03-12 13:33 . 2010-03-12 13:33 -------- d-----w- d:\documents and settings\jay\Local Settings\Application Data\Promosoft Corporation
2010-03-12 13:33 . 2010-03-12 13:33 -------- d-----w- d:\documents and settings\All Users\Application Data\TEMP
2010-03-09 15:19 . 2010-03-09 15:19 -------- d-----w- d:\windows\system32\Macromed
2010-03-09 08:03 . 2010-03-09 08:04 -------- d-----w- d:\program files\Common Files\Adobe AIR
2010-03-09 07:56 . 2010-03-09 07:56 -------- d-----w- d:\windows\system32\Adobe
2010-03-07 19:40 . 2010-03-07 19:40 -------- d-----w- D:\Warcraft III
2010-03-07 00:05 . 2009-10-30 04:25 872152 ----a-w- d:\windows\system32\drivers\cfosspeed.sys
2010-03-07 00:05 . 2009-10-30 04:25 288472 ----a-w- d:\windows\system32\cfosspeed.dll
2010-03-06 23:47 . 2010-03-06 23:47 -------- d-sh--w- d:\documents and settings\jay\PrivacIE
2010-03-06 23:46 . 2010-03-06 23:46 -------- d-sh--w- d:\documents and settings\jay\IETldCache
2010-03-06 23:38 . 2010-03-06 23:38 -------- d--h--w- d:\windows\ie8
2010-03-06 23:34 . 2010-03-06 23:34 -------- d--h--w- d:\windows\$hf_mig$
2010-03-06 23:34 . 2008-02-26 11:59 294912 ------w- d:\windows\system32\dllcache\msctf.dll
2010-03-06 14:02 . 2010-03-06 14:02 -------- d-----w- d:\documents and settings\jay\Local Settings\Application Data\Deployment
2010-03-06 14:00 . 2010-03-06 23:17 158528 ----a-w- d:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-03-06 14:00 . 2010-03-06 14:00 -------- d-----w- d:\windows\system32\XPSViewer
2010-03-06 14:00 . 2010-03-06 14:00 -------- d-----w- d:\program files\Reference Assemblies
2010-03-06 14:00 . 2008-07-06 12:06 89088 ----a-w- d:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-03-06 13:59 . 2008-07-06 12:06 89088 ------w- d:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-03-06 13:59 . 2008-07-06 12:06 575488 ------w- d:\windows\system32\xpsshhdr.dll
2010-03-06 13:59 . 2008-07-06 12:06 575488 ------w- d:\windows\system32\dllcache\xpsshhdr.dll
2010-03-06 13:59 . 2008-07-06 12:06 117760 ------w- d:\windows\system32\prntvpt.dll
2010-03-06 13:59 . 2008-07-06 10:50 597504 ------w- d:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-03-06 13:59 . 2008-07-06 10:50 597504 ------w- d:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-03-06 13:59 . 2008-07-06 12:06 1676288 ------w- d:\windows\system32\xpssvcs.dll
2010-03-06 13:59 . 2008-07-06 12:06 1676288 ------w- d:\windows\system32\dllcache\xpssvcs.dll
2010-03-06 13:57 . 2010-03-06 13:57 -------- d-----w- d:\program files\MSXML 6.0
2010-03-06 13:35 . 2010-03-06 13:35 -------- d-----w- d:\documents and settings\LocalService\Local Settings\Application Data\ESET
2010-03-06 11:18 . 2010-03-06 11:18 -------- d-----w- d:\documents and settings\jay\Local Settings\Application Data\WMTools Downloaded Files
2010-03-03 22:36 . 2008-03-05 08:03 238088 ----a-w- d:\windows\system32\xactengine3_0.dll
2010-02-28 14:09 . 2010-02-28 14:09 -------- d-----w- d:\windows\Sun
2010-02-28 14:09 . 2010-02-28 14:09 503808 ----a-w- d:\documents and settings\jay\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6e5a9ec1-n\msvcp71.dll
2010-02-28 14:09 . 2010-02-28 14:09 499712 ----a-w- d:\documents and settings\jay\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6e5a9ec1-n\jmc.dll
2010-02-28 14:09 . 2010-02-28 14:09 348160 ----a-w- d:\documents and settings\jay\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6e5a9ec1-n\msvcr71.dll
2010-02-28 14:09 . 2010-02-28 14:09 -------- d-----w- d:\program files\Common Files\Java
2010-02-28 14:09 . 2010-02-28 14:09 61440 ----a-w- d:\documents and settings\jay\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4ba15891-n\decora-sse.dll
2010-02-28 14:09 . 2010-02-28 14:09 12800 ----a-w- d:\documents and settings\jay\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4ba15891-n\decora-d3d.dll
2010-02-28 14:08 . 2010-02-28 14:08 411368 ----a-w- d:\windows\system32\deploytk.dll
2010-02-28 14:08 . 2010-02-28 14:08 -------- d-----w- d:\program files\Java
2010-02-28 12:28 . 2010-02-28 12:28 -------- d-----w- d:\program files\ActMak
2010-02-28 11:43 . 2010-02-28 11:43 -------- d-----w- d:\program files\cFosSpeed
2010-02-27 06:09 . 2010-02-27 06:09 -------- d-----w- d:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-02-27 06:05 . 2010-02-27 06:05 -------- d-----w- d:\documents and settings\jay\Local Settings\Application Data\Yahoo
2010-02-27 06:05 . 2010-02-27 06:05 -------- d-----w- d:\documents and settings\jay\Application Data\Yahoo!
2010-02-27 06:03 . 2010-02-27 06:03 -------- d-----w- d:\documents and settings\All Users\Application Data\Yahoo!
2010-02-27 06:03 . 2009-11-10 06:39 607472 ----a-w- d:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe
2010-02-27 06:02 . 2010-02-27 06:02 -------- d-----w- d:\program files\Yahoo!
2010-02-27 06:02 . 2010-02-27 06:02 -------- d-----w- d:\windows\SxsCaPendDel
2010-02-27 06:01 . 2010-02-27 06:01 -------- d-----w- d:\program files\Common Files\INCA Shared
2010-02-27 05:35 . 2010-02-27 05:35 -------- d-----w- d:\program files\MSBuild
2010-02-27 05:21 . 2010-02-27 05:21 -------- d-----w- d:\documents and settings\jay\Local Settings\Application Data\Opera
2010-02-27 05:21 . 2010-02-27 05:21 -------- d-----w- d:\program files\Opera
2010-02-27 02:08 . 2010-02-27 02:08 -------- d-----w- d:\documents and settings\jay\Local Settings\Application Data\ESET
2010-02-27 00:30 . 2010-02-27 00:30 -------- d-----w- d:\program files\Common Files\EZB Systems
2010-02-27 00:29 . 2010-02-27 00:29 -------- d-----w- d:\program files\UltraISO
2010-02-26 18:08 . 2010-02-26 18:08 -------- d-----w- d:\program files\Common Files\Adobe
2010-02-26 18:08 . 2010-02-26 18:08 -------- d-----w- d:\documents and settings\jay\Local Settings\Application Data\Adobe
2010-02-26 18:01 . 2008-10-09 20:52 452440 ----a-w- d:\windows\system32\d3dx10_40.dll
2010-02-26 18:01 . 2008-10-09 20:52 2036576 ----a-w- d:\windows\system32\D3DCompiler_40.dll
2010-02-26 18:01 . 2008-10-09 20:52 4379984 ----a-w- d:\windows\system32\D3DX9_40.dll
2010-02-26 18:00 . 2007-04-04 10:53 81768 ----a-w- d:\windows\system32\xinput1_3.dll
2010-02-26 18:00 . 2010-02-26 18:00 -------- d-----w- d:\windows\Logs
2010-02-26 18:00 . 2010-02-26 18:00 -------- d-----w- d:\program files\Heroes of Newerth
2010-02-26 17:14 . 2006-10-26 11:56 33104 ----a-w- d:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2010-02-26 17:14 . 2006-10-26 11:56 32592 ----a-w- d:\windows\system32\msonpmon.dll
2010-02-26 17:14 . 2010-02-26 17:14 -------- d-----w- d:\program files\Microsoft Works
2010-02-26 17:13 . 2010-02-26 17:13 -------- d--h--w- d:\windows\system32\GroupPolicy
2010-02-26 17:08 . 2010-02-26 17:08 -------- d-----w- d:\windows\SHELLNEW
2010-02-26 17:07 . 2010-02-26 17:07 -------- d-----w- d:\documents and settings\jay\Local Settings\Application Data\Microsoft Help
2010-02-26 17:07 . 2010-02-26 17:07 -------- d-----w- d:\documents and settings\All Users\Application Data\Microsoft Help
2010-02-26 17:07 . 2010-02-26 17:07 -------- d-----r- D:\MSOCache
2010-02-26 17:01 . 2010-02-26 17:01 -------- d-----w- d:\documents and settings\jay\Application Data\Media Player Classic
2010-02-26 16:52 . 2010-02-26 16:52 -------- d-----w- d:\documents and settings\jay\Local Settings\Application Data\Stardock
2010-02-26 16:51 . 2010-02-26 16:51 -------- d-----w- d:\program files\Stardock
2010-02-26 16:51 . 2010-02-26 16:51 -------- d-----w- d:\program files\Common Files\Stardock
2010-02-26 16:01 . 2010-02-26 16:01 -------- d-----w- d:\program files\Common Files\Wise Installation Wizard
2010-02-26 16:00 . 2010-02-26 16:00 -------- d-----w- d:\program files\ESET
2010-02-26 16:00 . 2010-02-26 16:00 -------- d-----w- d:\documents and settings\All Users\Application Data\ESET
2010-02-26 15:53 . 2010-02-26 15:53 -------- d-----w- d:\documents and settings\All Users\Application Data\PopCap Games
2010-02-26 15:51 . 2010-02-26 15:51 -------- d-----w- d:\documents and settings\jay\Local Settings\Application Data\Temp
2010-02-26 15:51 . 2010-02-26 15:51 -------- d-----w- d:\documents and settings\jay\Local Settings\Application Data\Google
2010-02-26 15:26 . 2010-02-26 15:26 -------- d-----w- d:\windows\nview
2010-02-26 15:26 . 2008-10-07 05:33 453152 ----a-w- d:\windows\system32\nvudisp.exe
2010-02-26 15:26 . 2008-10-02 02:07 453152 ----a-w- d:\windows\system32\NVUNINST.EXE
2010-02-26 15:19 . 2010-03-06 23:38 68456 ----a-w- d:\documents and settings\jay\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-26 15:17 . 2010-02-26 15:17 -------- d-----w- d:\documents and settings\All Users\Application Data\Azureus
2010-02-26 15:17 . 2010-02-26 15:17 -------- d-----w- d:\documents and settings\jay\Application Data\Azureus
2010-02-26 15:14 . 2005-03-03 11:10 74496 ----a-w- d:\windows\system32\drivers\Rtlnicxp.sys
2010-02-26 15:14 . 2010-02-26 15:14 -------- d-----w- d:\windows\OPTIONS
2010-02-26 15:14 . 2010-02-26 15:14 -------- d--h--w- d:\program files\InstallShield Installation Information
2010-02-26 15:13 . 2010-02-26 15:14 -------- d-----w- d:\program files\Common Files\InstallShield
2010-02-26 15:13 . 2005-05-18 10:52 132608 ----a-r- d:\windows\system32\drivers\ADIHdAud.sys
2010-02-26 15:07 . 2010-02-26 15:07 -------- d-----w- d:\program files\Intel
2010-02-26 15:06 . 2004-08-12 10:56 5810 ----a-r- d:\windows\system32\drivers\ASACPI.sys
2010-02-26 15:06 . 2005-02-14 14:28 5824 ----a-w- d:\windows\system32\drivers\ASUSHWIO.SYS
2010-02-26 15:04 . 2010-02-26 15:04 552 ----a-w- d:\windows\system32\d3d8caps.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-26 14:56 . 2010-02-26 14:56 -------- d-----w- d:\program files\microsoft frontpage
2010-02-26 14:52 . 2010-02-26 14:52 21640 ----a-w- d:\windows\system32\emptyregdb.dat
2010-02-25 16:43 . 2010-02-25 16:43 -------- d-----w- d:\program files\Combined Community Codec Pack
2010-02-25 16:34 . 2010-02-26 14:55 86327 ----a-w- d:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-02-25 16:32 . 2010-02-25 16:32 -------- d-----w- d:\documents and settings\All Users\Application Data\SRS Labs
2010-02-25 16:32 . 2010-02-25 16:32 -------- d-----w- d:\program files\SRS Labs
2010-02-25 16:03 . 2010-02-25 16:03 -------- d-----w- d:\program files\Sygate
2010-02-25 16:02 . 2010-02-25 16:02 -------- d-----w- d:\documents and settings\jay\Application Data\ESET
2010-02-04 02:01 . 2010-03-03 22:37 74072 ----a-w- d:\windows\system32\XAPOFX1_4.dll
2010-02-04 02:01 . 2010-03-03 22:37 528216 ----a-w- d:\windows\system32\XAudio2_6.dll
2010-02-04 02:01 . 2010-03-03 22:37 238936 ----a-w- d:\windows\system32\xactengine3_6.dll
2010-02-04 02:01 . 2010-03-03 22:37 22360 ----a-w- d:\windows\system32\X3DAudio1_7.dll
2010-01-18 06:30 . 2010-01-18 06:30 348160 ----a-w- d:\windows\system32\msvcr71.dll
2010-01-18 06:30 . 2010-01-18 06:30 499712 ----a-w- d:\windows\system32\msvcp71.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-03-20_05.42.34 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-20 06:55 . 2010-03-20 06:55 16384 d:\windows\temp\Perflib_Perfdata_b4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="d:\documents and settings\jay\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-02-26 135664]
"SRS Audio Sandbox"="d:\program files\SRS Labs\Audio Sandbox\SRSSSC.exe" [2010-02-25 3215360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 61952]
"NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"nwiz"="nwiz.exe" [2008-10-07 1630208]
"NvMediaCenter"="d:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"SmcService"="d:\progra~1\Sygate\SPF\smc.exe" [2004-08-13 2532576]
"GrooveMonitor"="d:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-21 35760]
"Adobe ARM"="d:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"SunJavaUpdateSched"="d:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"egui"="d:\program files\ESET\ESET Smart Security\egui.exe" [2009-10-07 1461080]
"cFosSpeed"="d:\program files\cFosSpeed\cFosSpeed.exe" [2009-10-30 977624]

d:\documents and settings\jay\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - d:\program files\Stardock\ObjectDock\ObjectDock.exe [2010-2-27 3444008]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"d:\\Program Files\\Microsoft Office\\Office12\\groove.exe"=
"d:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\Program Files\\Opera\\opera.exe"=
"d:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

R2 ekrn;Eset Service;d:\program files\ESET\ESET Smart Security\ekrn.exe [4/23/2008 2:58 PM 472280]
R3 AVEO;DELKIN USB WEBCAM;d:\windows\system32\drivers\aveodcnt.sys [1/1/2002 12:02 AM 171520]
.
Contents of the 'Scheduled Tasks' folder

2010-03-18 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-117609710-839522115-1003Core1cac666dd3607f0.job
- d:\documents and settings\jay\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-26 15:51]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-20 14:55
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1092)
d:\windows\system32\midimap.dll

- - - - - - - > 'explorer.exe'(2532)
d:\program files\Stardock\ObjectDock\DockShellHook.dll
d:\progra~1\WINDOW~2\wmpband.dll
d:\windows\system32\SSSensor.dll
d:\windows\system32\ieframe.dll
d:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
d:\program files\Sygate\SPF\smc.exe
d:\program files\cFosSpeed\spd.exe
d:\program files\Java\jre6\bin\jqs.exe
d:\windows\system32\nvsvc32.exe
d:\windows\system32\wdfmgr.exe
d:\windows\system32\RUNDLL32.EXE
d:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-03-20 14:57:39 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-20 06:57
ComboFix2.txt 2010-03-20 05:44

Pre-Run: 7,070,449,664 bytes free
Post-Run: 7,036,895,232 bytes free

- - End Of File - - 80D6FDD290A30EADE72037707847ECAC

yes, my time server is having some problems. whenever I turn use my computer, the date always become Jan 1, 2002 and i always need to synch it through the internet to get the proper time. This just happens everytime that I turn on the computer even if i shut it down with the correct time.

There's is no reason why I'm not switching to XP SP3. it's just I have a trait that when the machine is still running fine then there is no reason to update. It's also goes like this, Why bother repair something if it is not broken.

My system restore is now turned on.

PS, I think the main culprit is the rundll32.exe because when I'm testing playing DotA, im also monitoring my usage with the task manager and I've found out that whenever I'm in the warcraft program, the rundll32.exe runs and it makes my cpu usage go to 100% and when I alt tab to the desktop, the cpu usage drops down to 30% and the rundll32.exe disappears in the process at the task manager.

Edited by dissidia, 20 March 2010 - 02:00 AM.

#8
dissidia

Posted 20 March 2010 - 01:07 AM

New Member

Topic Starter
Member
5 posts

Sorry, I double posted the reply on top.

Edited by dissidia, 20 March 2010 - 01:17 AM.

#9
dissidia

Posted 23 March 2010 - 11:03 PM

New Member

Topic Starter
Member
5 posts

ahm, bump?

#10
RKinner

Posted 24 March 2010 - 12:40 AM

Malware Expert

Expert
24,624 posts

Your log now looks pretty good. Let's run another scan to make sure.

The problem with time that you report is due to the battery being dead. Most desktops use a 3 volt battery to keep the clock running when unplugged or off. Sounds like yours is dead.

I usually recommend a free BitDefender online scan as a final check to see if we missed anything. http://www.bitdefend...nline/free.html

If windows blocks the active x then try putting Bitdefender in your trusted sites: In IE, Tool, Internet Options, Security, Trusted Sites, Sites. Then uncheck the HTTPS box and put in *.bitdefender.com then ADD. OK.

Service Pack 3 is full of security fixes so you really should install it.

Rundll32.exe is running some other dll file which is really using the CPU cycles. Start your game then

Start, Run, cmd, OK to bring up a command window.

Type with an Enter after each line:

tasklist /m > junk.txt

notepad junk.txt

Copy the text and paste it into a reply.

Ron

PS Will be off island tomorrow until the evening.

#11
dissidia

Posted 24 March 2010 - 06:36 AM

New Member

Topic Starter
Member
5 posts

hi thanks for the reply. I think my battery as what you said is already dead because its already 4 years that i did not change it. so here is the contents of the junk.txt:

Image Name PID Modules
========================= ====== =============================================
System Idle Process 0 N/A
System 4 N/A
SMSS.EXE 1016 ntdll.dll
CSRSS.EXE 1068 ntdll.dll, CSRSRV.dll, basesrv.dll,
winsrv.dll, USER32.dll, KERNEL32.dll,
GDI32.dll, sxs.dll, ADVAPI32.dll, RPCRT4.dll
WINLOGON.EXE 1092 ntdll.dll, kernel32.dll, ADVAPI32.dll,
RPCRT4.dll, AUTHZ.dll, msvcrt.dll,
CRYPT32.dll, USER32.dll, GDI32.dll,
MSASN1.dll, NDdeApi.dll, PROFMAP.dll,
NETAPI32.dll, USERENV.dll, PSAPI.DLL,
REGAPI.dll, Secur32.dll, SETUPAPI.dll,
VERSION.dll, WINSTA.dll, WINTRUST.dll,
IMAGEHLP.dll, WS2_32.dll, WS2HELP.dll,
IMM32.DLL, MSGINA.dll, SHELL32.dll,
SHLWAPI.dll, COMCTL32.dll, ODBC32.dll,
comdlg32.dll, comctl32.dll, odbcint.dll,
SHSVCS.dll, sfc.dll, sfc_os.dll, ole32.dll,
Apphelp.dll, msctfime.ime, WINSCARD.DLL,
WTSAPI32.dll, sxs.dll, uxtheme.dll,
WINMM.dll, cscdll.dll, WlNotify.dll,
WINSPOOL.DRV, MPR.dll, rsaenh.dll,
msv1_0.dll, iphlpapi.dll, SAMLIB.dll,
cscui.dll, xpsp2res.dll, NTMARTA.DLL,
WLDAP32.dll, wdmaud.drv, msacm32.drv,
MSACM32.dll, midimap.dll, COMRes.dll,
OLEAUT32.dll, CLBCATQ.DLL, wbemprox.dll,
wbemcomn.dll, wbemsvc.dll, fastprox.dll,
MSVCP60.dll, NTDSAPI.dll, DNSAPI.dll
SERVICES.EXE 1136 ntdll.dll, kernel32.dll, msvcrt.dll,
ADVAPI32.dll, RPCRT4.dll, USER32.dll,
GDI32.dll, USERENV.dll, SCESRV.dll,
AUTHZ.dll, umpnpmgr.dll, WINSTA.dll,
NETAPI32.dll, NCObjAPI.DLL, MSVCP60.dll,
ShimEng.dll, AcGenral.DLL, WINMM.dll,
ole32.dll, OLEAUT32.dll, MSACM32.dll,
VERSION.dll, SHELL32.dll, SHLWAPI.dll,
UxTheme.dll, IMM32.DLL, comctl32.dll,
comctl32.dll, secur32.dll, Apphelp.dll,
eventlog.dll, WS2_32.dll, WS2HELP.dll,
PSAPI.DLL, wtsapi32.dll
LSASS.EXE 1148 ntdll.dll, kernel32.dll, ADVAPI32.dll,
RPCRT4.dll, LSASRV.dll, msvcrt.dll,
Secur32.dll, USER32.dll, GDI32.dll,
SAMSRV.dll, cryptdll.dll, DNSAPI.dll,
WS2_32.dll, WS2HELP.dll, MSASN1.dll,
NETAPI32.dll, SAMLIB.dll, MPR.dll,
NTDSAPI.dll, WLDAP32.dll, ShimEng.dll,
AcGenral.DLL, WINMM.dll, ole32.dll,
OLEAUT32.dll, MSACM32.dll, VERSION.dll,
SHELL32.dll, SHLWAPI.dll, USERENV.dll,
UxTheme.dll, IMM32.DLL, comctl32.dll,
comctl32.dll, msprivs.dll, kerberos.dll,
msv1_0.dll, iphlpapi.dll, netlogon.dll,
w32time.dll, MSVCP60.dll, schannel.dll,
CRYPT32.dll, wdigest.dll, rsaenh.dll,
setupapi.dll, scecli.dll, dssenh.dll
SVCHOST.EXE 1312 ntdll.dll, kernel32.dll, ADVAPI32.dll,
RPCRT4.dll, ShimEng.dll, AcGenral.DLL,
USER32.dll, GDI32.dll, WINMM.dll, ole32.dll,
msvcrt.dll, OLEAUT32.dll, MSACM32.dll,
VERSION.dll, SHELL32.dll, SHLWAPI.dll,
USERENV.dll, UxTheme.dll, IMM32.DLL,
comctl32.dll, comctl32.dll, NTMARTA.DLL,
WLDAP32.dll, SAMLIB.dll, rpcss.dll,
WS2_32.dll, WS2HELP.dll, Secur32.dll,
xpsp2res.dll, CLBCATQ.DLL, COMRes.dll,
termsrv.dll, ICAAPI.dll, SETUPAPI.dll,
WINTRUST.dll, CRYPT32.dll, MSASN1.dll,
IMAGEHLP.dll, AUTHZ.dll, mstlsapi.dll,
ACTIVEDS.dll, adsldpc.dll, NETAPI32.dll,
ATL.DLL, REGAPI.dll, rsaenh.dll,
Apphelp.dll, WTSAPI32.dll, WINSTA.dll,
msv1_0.dll, iphlpapi.dll
SVCHOST.EXE 1412 ntdll.dll, kernel32.dll, ADVAPI32.dll,
RPCRT4.dll, ShimEng.dll, AcGenral.DLL,
USER32.dll, GDI32.dll, WINMM.dll, ole32.dll,
msvcrt.dll, OLEAUT32.dll, MSACM32.dll,
VERSION.dll, SHELL32.dll, SHLWAPI.dll,
USERENV.dll, UxTheme.dll, IMM32.DLL,
comctl32.dll, comctl32.dll, rpcss.dll,
WS2_32.dll, WS2HELP.dll, Secur32.dll,
xpsp2res.dll, rsaenh.dll, mswsock.dll,
hnetcfg.dll, wshtcpip.dll, DNSAPI.dll,
iphlpapi.dll, winrnr.dll, WLDAP32.dll,
rasadhlp.dll, CLBCATQ.DLL, COMRes.dll
SVCHOST.EXE 1536 ntdll.dll, kernel32.dll, ADVAPI32.dll,
RPCRT4.dll, ShimEng.dll, AcGenral.DLL,
USER32.dll, GDI32.dll, WINMM.dll, ole32.dll,
msvcrt.dll, OLEAUT32.dll, MSACM32.dll,
VERSION.dll, SHELL32.dll, SHLWAPI.dll,
USERENV.dll, UxTheme.dll, IMM32.DLL,
comctl32.dll, comctl32.dll, NTMARTA.DLL,
WLDAP32.dll, SAMLIB.dll, xpsp2res.dll,
shsvcs.dll, WINSTA.dll, NETAPI32.dll,
dhcpcsvc.dll, DNSAPI.dll, WS2_32.dll,
WS2HELP.dll, iphlpapi.dll, Secur32.dll,
mswsock.dll, hnetcfg.dll, wshtcpip.dll,
rsaenh.dll, wzcsvc.dll, rtutils.dll,
WMI.dll, CRYPT32.dll, MSASN1.dll,
WTSAPI32.dll, ESENT.dll, ATL.DLL,
rastls.dll, CRYPTUI.dll, WINTRUST.dll,
IMAGEHLP.dll, WININET.dll, Normaliz.dll,
urlmon.dll, iertutil.dll, MPRAPI.dll,
ACTIVEDS.dll, adsldpc.dll, SETUPAPI.dll,
RASAPI32.dll, rasman.dll, TAPI32.dll,
SCHANNEL.dll, WinSCard.dll, raschap.dll,
msv1_0.dll, CLBCATQ.DLL, COMRes.dll,
schedsvc.dll, NTDSAPI.dll, MSIDLE.DLL,
audiosrv.dll, wkssvc.dll, cryptsvc.dll,
certcli.dll, dmserver.dll, ersvc.dll,
es.dll, pchsvc.dll, srvsvc.dll, netman.dll,
netshell.dll, credui.dll, WZCSAPI.DLL,
sens.dll, seclogon.dll, srsvc.dll,
POWRPROF.dll, SXS.DLL, trkwks.dll,
w32time.dll, MSVCP60.dll, wmisvc.dll,
VSSAPI.DLL, wuauserv.dll, wuaueng.dll,
WINSPOOL.DRV, WINHTTP.dll, Cabinet.dll,
mspatcha.dll, browser.dll, wscsvc.dll,
msi.dll, wbemcomn.dll, ipnathlp.dll,
AUTHZ.dll, wbemcore.dll, esscli.dll,
FastProx.dll, wbemsvc.dll, wmiutils.dll,
repdrvfs.dll, sfc.dll, sfc_os.dll,
wmiprvsd.dll, NCObjAPI.DLL, wbemess.dll,
comsvcs.dll, MTXCLU.DLL, WSOCK32.dll,
colbact.DLL, CLUSAPI.DLL, RESUTILS.DLL,
ncprov.dll, upnp.dll, SSDPAPI.dll,
netcfgx.dll, tapisrv.dll, PSAPI.DLL,
rasmans.dll, WINIPSEC.DLL, rastapi.dll,
rasadhlp.dll, unimdm.tsp, uniplat.dll,
RASDLG.dll, unimdmat.dll, modemui.dll,
kmddsp.tsp, ndptsp.tsp, ipconf.tsp,
h323.tsp, hidphone.tsp, HID.DLL, rasppp.dll,
ntlsapi.dll, kerberos.dll, cryptdll.dll,
Apphelp.dll, winrnr.dll, qmgr.dll, MPR.dll,
SHFOLDER.dll
Smc.exe 1628 ntdll.dll, kernel32.dll, Trident.dll,
tfman.dll, USER32.dll, GDI32.dll,
ADVAPI32.dll, RPCRT4.dll, SHLWAPI.dll,
msvcrt.dll, tse.dll, DataMan.dll, ole32.dll,
OLEAUT32.dll, PSSensor.dll, SSSensor.dll,
SpNet.dll, WS2_32.dll, WS2HELP.dll,
SHELL32.dll, comdlg32.dll, COMCTL32.dll,
WINSPOOL.DRV, VERSION.dll,
IdsTrafficPipe.dll, wpsman.dll, wsman.dll,
snmpapi.dll, wgman.dll, SyLog.dll,
Netport.dll, WSOCK32.dll, SyLink.dll,
NETAPI32.dll, WININET.dll, Normaliz.dll,
urlmon.dll, iertutil.dll, oledlg.dll,
OLEPRO32.DLL, IMM32.DLL, CLBCATQ.DLL,
COMRes.dll, WINHTTP.dll, NTMARTA.DLL,
WLDAP32.dll, SAMLIB.dll, PsApi.dll,
iphlpapi.dll, rasapi32.dll, rasman.dll,
TAPI32.dll, rtutils.dll, WINMM.dll,
MPRAPI.dll, ACTIVEDS.dll, adsldpc.dll,
ATL.DLL, SETUPAPI.dll, mswsock.dll,
hnetcfg.dll, wshtcpip.dll, CRYPT32.dll,
MSASN1.dll, rsaenh.dll, xpsp2res.dll,
uxtheme.dll, userenv.dll, secur32.dll,
cryptnet.dll, SensApi.dll, DNSAPI.dll,
VDMDBG.DLL, winrnr.dll, rasadhlp.dll,
msctfime.ime, RICHED32.DLL, RICHED20.dll
SVCHOST.EXE 1652 ntdll.dll, kernel32.dll, ADVAPI32.dll,
RPCRT4.dll, ShimEng.dll, AcGenral.DLL,
USER32.dll, GDI32.dll, WINMM.dll, ole32.dll,
msvcrt.dll, OLEAUT32.dll, MSACM32.dll,
VERSION.dll, SHELL32.dll, SHLWAPI.dll,
USERENV.dll, UxTheme.dll, IMM32.DLL,
comctl32.dll, comctl32.dll, dnsrslvr.dll,
DNSAPI.dll, WS2_32.dll, WS2HELP.dll,
iphlpapi.dll, mswsock.dll, hnetcfg.dll,
wshtcpip.dll
SVCHOST.EXE 1904 ntdll.dll, kernel32.dll, ADVAPI32.dll,
RPCRT4.dll, ShimEng.dll, AcGenral.DLL,
USER32.dll, GDI32.dll, WINMM.dll, ole32.dll,
msvcrt.dll, OLEAUT32.dll, MSACM32.dll,
VERSION.dll, SHELL32.dll, SHLWAPI.dll,
USERENV.dll, UxTheme.dll, IMM32.DLL,
comctl32.dll, comctl32.dll, NTMARTA.DLL,
WLDAP32.dll, SAMLIB.dll, xpsp2res.dll,
lmhsvc.dll, iphlpapi.dll, WS2_32.dll,
WS2HELP.dll, webclnt.dll, WININET.dll,
Normaliz.dll, urlmon.dll, iertutil.dll,
Secur32.dll, regsvc.dll, ssdpsrv.dll,
hnetcfg.dll, CLBCATQ.DLL, COMRes.dll,
mswsock.dll, wshtcpip.dll
SPOOLSV.EXE 548 ntdll.dll, kernel32.dll, msvcrt.dll,
ADVAPI32.dll, RPCRT4.dll, GDI32.dll,
USER32.dll, ShimEng.dll, AcGenral.DLL,
WINMM.dll, ole32.dll, OLEAUT32.dll,
MSACM32.dll, VERSION.dll, SHELL32.dll,
SHLWAPI.dll, USERENV.dll, UxTheme.dll,
IMM32.DLL, comctl32.dll, comctl32.dll,
SPOOLSS.DLL, WS2_32.dll, WS2HELP.dll,
DNSAPI.dll, rasadhlp.dll, localspl.dll,
Secur32.dll, sfc_os.dll, WINTRUST.dll,
CRYPT32.dll, MSASN1.dll, IMAGEHLP.dll,
winspool.drv, netapi32.dll, cnbjmon.dll,
pjlmon.dll, msonpmon.dll, MSVCR80.dll,
msi.dll, tcpmon.dll, usbmon.dll,
filterpipelineprintproc.dll, msonpppr.dll,
mswsock.dll, winrnr.dll, WLDAP32.dll,
win32spl.dll, NETRAP.dll, NTDSAPI.dll,
CLBCATQ.DLL, COMRes.dll, inetpp.dll,
xpsp2res.dll
EGUI.EXE 656 ntdll.dll, kernel32.dll, MFC80U.DLL,
MSVCR80.dll, msvcrt.dll, GDI32.dll,
USER32.dll, SHLWAPI.dll, ADVAPI32.dll,
RPCRT4.dll, SHELL32.dll, COMCTL32.dll,
ole32.dll, OLEAUT32.dll, IMM32.DLL,
MFC80ENU.DLL, uxtheme.dll, msctfime.ime,
NTMARTA.DLL, WLDAP32.dll, SAMLIB.dll,
SSSensor.dll, MSCTF.dll, DockShellHook.dll,
eguiScan.dll, eguiAmon.dll, eguiEmon.dll,
eguiEpfw.dll, MPR.dll, VERSION.dll,
WS2_32.dll, WS2HELP.dll, eguiSmon.dll,
eguiUpdate.dll, eguiMailPlugins.dll
cfosspeed.exe 1216 ntdll.dll, kernel32.dll, SETUPAPI.dll,
msvcrt.dll, ADVAPI32.dll, RPCRT4.dll,
GDI32.dll, USER32.dll, RASAPI32.dll,
rasman.dll, WS2_32.dll, WS2HELP.dll,
NETAPI32.dll, TAPI32.dll, SHLWAPI.dll,
rtutils.dll, WINMM.dll, IPHLPAPI.DLL,
gdiplus.dll, ole32.dll, COMDLG32.dll,
COMCTL32.dll, SHELL32.dll, OLEAUT32.dll,
VERSION.dll, IMM32.DLL, comctl32.dll,
WTSAPI32.DLL, WINSTA.dll, uxtheme.dll,
MSCTF.dll, msctfime.ime, SXS.DLL,
CLBCATQ.DLL, COMRes.dll, xpsp2res.dll,
SSSensor.dll, DockShellHook.dll
SRSSSC.EXE 1204 ntdll.dll, kernel32.dll, SETUPAPI.dll,
msvcrt.dll, ADVAPI32.dll, RPCRT4.dll,
GDI32.dll, USER32.dll, VERSION.dll,
MSIMG32.dll, COMDLG32.dll, SHLWAPI.dll,
COMCTL32.dll, SHELL32.dll, WINSPOOL.DRV,
ole32.dll, OLEAUT32.dll, WS2_32.dll,
WS2HELP.dll, WINMM.dll, WININET.dll,
Normaliz.dll, urlmon.dll, iertutil.dll,
DSOUND.dll, IPHLPAPI.DLL, IMM32.DLL,
uxtheme.dll, WINTRUST.dll, CRYPT32.dll,
MSASN1.dll, IMAGEHLP.dll, wdmaud.drv,
msacm32.drv, MSACM32.dll, midimap.dll,
Secur32.dll, RASAPI32.dll, rasman.dll,
NETAPI32.dll, TAPI32.dll, rtutils.dll,
USERENV.dll, DockShellHook.dll, MSCTF.dll,
msctfime.ime, KsUser.dll, SSSensor.dll,
msv1_0.dll
CTFMON.EXE 1360 ntdll.dll, kernel32.dll, msvcrt.dll,
ADVAPI32.dll, RPCRT4.dll, USER32.dll,
GDI32.dll, MSCTF.dll, MSUTB.dll,
ShimEng.dll, AcGenral.DLL, WINMM.dll,
ole32.dll, OLEAUT32.dll, MSACM32.dll,
VERSION.dll, SHELL32.dll, SHLWAPI.dll,
USERENV.dll, UxTheme.dll, IMM32.DLL,
comctl32.dll, msctfime.ime, SSSensor.dll
ObjectDock.exe 1480 ntdll.dll, kernel32.dll, COMCTL32.dll,
msvcrt.dll, ADVAPI32.dll, RPCRT4.dll,
GDI32.dll, USER32.dll, SHLWAPI.dll,
WINMM.dll, VERSION.dll, CrashRpt.dll,
comdlg32.dll, SHELL32.dll, dbghelp.dll,
ole32.dll, OLEAUT32.dll, zlib.dll,
CRTDLL.dll, gdiplus.dll, IMM32.DLL,
uxtheme.dll, MSCTF.dll, appHelp.dll,
CLBCATQ.DLL, COMRes.dll, GRA8E1~1.DLL,
GrooveUtil.DLL, WININET.dll, Normaliz.dll,
urlmon.dll, iertutil.dll, CRYPT32.dll,
MSASN1.dll, MSVCR80.dll, GrooveNew.DLL,
ATL80.DLL, rsaenh.dll, MSImg32.dll,
cscui.dll, CSCDLL.dll, ODImg.dll,
MSVCR70.dll, ODImg.dll, msctfime.ime,
DockShellHook.dll, mscms.dll, WINSPOOL.DRV,
xpsp2res.dll, SETUPAPI.dll, USERENV.dll,
ntshrui.dll, ATL.DLL, NETAPI32.dll,
Clock.dll, SSSensor.dll, psapi.dll,
GR99D3~1.DLL, msxml3.dll, WINHTTP.dll,
GR326C~1.DLL, Secur32.dll
SPD.EXE 1936 ntdll.dll, kernel32.dll, IPHLPAPI.DLL,
msvcrt.dll, ADVAPI32.dll, RPCRT4.dll,
USER32.dll, GDI32.dll, WS2_32.dll,
WS2HELP.dll, ole32.dll, OLEAUT32.dll,
IMM32.DLL, uxtheme.dll, CLBCATQ.DLL,
COMRes.dll, VERSION.dll, netcfgx.dll,
SHLWAPI.dll, CLUSAPI.dll, DNSAPI.dll,
SETUPAPI.dll, WINTRUST.dll, CRYPT32.dll,
MSASN1.dll, IMAGEHLP.dll, MPRAPI.dll,
ACTIVEDS.dll, adsldpc.dll, NETAPI32.dll,
WLDAP32.dll, ATL.DLL, rtutils.dll,
SAMLIB.dll, mswsock.dll, hnetcfg.dll,
wshtcpip.dll
EKRN.EXE 2040 ntdll.dll, kernel32.dll, WS2_32.dll,
msvcrt.dll, WS2HELP.dll, ADVAPI32.dll,
RPCRT4.dll, USER32.dll, GDI32.dll,
SHELL32.dll, SHLWAPI.dll, ole32.dll,
OLEAUT32.dll, MSVCP80.dll, MSVCR80.dll,
IMM32.DLL, comctl32.dll, comctl32.dll,
NTMARTA.DLL, WLDAP32.dll, SAMLIB.dll,
ekrnScan.dll, ekrnAmon.dll, ekrnEmon.dll,
ekrnEpfw.dll, MPR.dll, ekrnSmon.dll,
ekrnUpdate.dll, updater.dll,
ekrnMailPlugins.dll, uxtheme.dll,
msctfime.ime, Psapi.dll, mswsock.dll,
hnetcfg.dll, wshtcpip.dll, IpHlpApi.dll,
xpsp2res.dll, CLBCATQ.DLL, COMRes.dll,
VERSION.dll, wbemprox.dll, wbemcomn.dll,
wbemsvc.dll, fastprox.dll, MSVCP60.dll,
NTDSAPI.dll, DNSAPI.dll, NETAPI32.dll,
Secur32.dll, SSSensor.dll, netman.dll,
netshell.dll, rtutils.dll, credui.dll,
ATL.DLL, MPRAPI.dll, ACTIVEDS.dll,
adsldpc.dll, SETUPAPI.dll, RASAPI32.dll,
rasman.dll, TAPI32.dll, WINMM.dll,
WZCSvc.DLL, WMI.dll, DHCPCSVC.DLL,
CRYPT32.dll, MSASN1.dll, WTSAPI32.dll,
WINSTA.dll, ESENT.dll, WININET.dll,
Normaliz.dll, urlmon.dll, iertutil.dll,
WZCSAPI.DLL, USERENV.dll, winrnr.dll,
rasadhlp.dll
JQS.EXE 172 ntdll.dll, kernel32.dll, WS2_32.dll,
msvcrt.dll, WS2HELP.dll, ADVAPI32.dll,
RPCRT4.dll, ole32.dll, GDI32.dll,
USER32.dll, MSVCR71.dll, IMM32.DLL,
psapi.dll, pdh.dll, SHLWAPI.dll,
comdlg32.dll, COMCTL32.dll, SHELL32.dll,
OLEAUT32.dll, ODBC32.dll, odbcbcp.dll,
VERSION.dll, CRYPT32.dll, MSASN1.dll,
comctl32.dll, odbcint.dll, mswsock.dll,
hnetcfg.dll, wshtcpip.dll, perfos.dll,
perfdisk.dll
SVCHOST.EXE 264 ntdll.dll, kernel32.dll, ADVAPI32.dll,
RPCRT4.dll, ShimEng.dll, AcGenral.DLL,
USER32.dll, GDI32.dll, WINMM.dll, ole32.dll,
msvcrt.dll, OLEAUT32.dll, MSACM32.dll,
VERSION.dll, SHELL32.dll, SHLWAPI.dll,
USERENV.dll, UxTheme.dll, IMM32.DLL,
comctl32.dll, comctl32.dll, wiaservc.dll,
CFGMGR32.dll, setupapi.DLL, mscms.dll,
WINSPOOL.DRV, WINSTA.dll, NETAPI32.dll,
xpsp2res.dll, CLBCATQ.DLL, COMRes.dll,
WINTRUST.dll, CRYPT32.dll, MSASN1.dll,
IMAGEHLP.dll, wiavusd.dll, gdiplus.dll,
SHFOLDER.dll, actxprxy.dll, sti.dll
WDFMGR.EXE 944 ntdll.dll, kernel32.dll, msvcrt.dll,
ADVAPI32.dll, RPCRT4.dll, USER32.dll,
GDI32.dll, SETUPAPI.dll, Secur32.dll,
IMM32.DLL, WINTRUST.dll, CRYPT32.dll,
MSASN1.dll, IMAGEHLP.dll
ALG.EXE 2128 ntdll.dll, kernel32.dll, msvcrt.dll,
ATL.DLL, USER32.dll, GDI32.dll,
ADVAPI32.dll, RPCRT4.dll, ole32.dll,
OLEAUT32.dll, WSOCK32.dll, WS2_32.dll,
WS2HELP.dll, MSWSOCK.DLL, ShimEng.dll,
AcGenral.DLL, WINMM.dll, MSACM32.dll,
VERSION.dll, SHELL32.dll, SHLWAPI.dll,
USERENV.dll, UxTheme.dll, IMM32.DLL,
comctl32.dll, comctl32.dll, CLBCATQ.DLL,
COMRes.dll, xpsp2res.dll, hnetcfg.dll,
wshtcpip.dll
WSCNTFY.EXE 2640 ntdll.dll, kernel32.dll, msvcrt.dll,
USER32.dll, GDI32.dll, SHELL32.dll,
ADVAPI32.dll, RPCRT4.dll, SHLWAPI.dll,
IMM32.DLL, comctl32.dll, xpsp2res.dll,
uxtheme.dll, DockShellHook.dll, MSCTF.dll,
msctfime.ime, ole32.dll, SSSensor.dll
GoogleUpdate.exe 1696 ntdll.dll, kernel32.dll, ADVAPI32.dll,
RPCRT4.dll, ole32.dll, msvcrt.dll,
GDI32.dll, USER32.dll, IMM32.DLL,
SHLWAPI.dll, SHELL32.dll, comctl32.dll,
goopdate.dll, NETAPI32.dll, WS2_32.dll,
WS2HELP.dll, dbghelp.dll, VERSION.dll,
xpsp2res.dll, CLBCATQ.DLL, OLEAUT32.dll,
COMRes.dll, mstask.dll, NTDSAPI.dll,
DNSAPI.dll, WLDAP32.dll, Secur32.dll,
comdlg32.dll, MPR.dll, USERENV.dll,
uxtheme.dll, DockShellHook.dll, MSCTF.dll,
msctfime.ime, SSSensor.dll, PSAPI.DLL
EXPLORER.EXE 2832 ntdll.dll, kernel32.dll, msvcrt.dll,
ADVAPI32.dll, RPCRT4.dll, GDI32.dll,
USER32.dll, SHLWAPI.dll, SHELL32.dll,
ole32.dll, OLEAUT32.dll, BROWSEUI.dll,
SHDOCVW.dll, CRYPT32.dll, MSASN1.dll,
CRYPTUI.dll, WINTRUST.dll, IMAGEHLP.dll,
NETAPI32.dll, WININET.dll, Normaliz.dll,
urlmon.dll, iertutil.dll, WLDAP32.dll,
VERSION.dll, UxTheme.dll, ShimEng.dll,
AcGenral.DLL, WINMM.dll, MSACM32.dll,
USERENV.dll, IMM32.DLL, comctl32.dll,
comctl32.dll, DockShellHook.dll, MSCTF.dll,
msctfime.ime, appHelp.dll, CLBCATQ.DLL,
COMRes.dll, GRA8E1~1.DLL, GrooveUtil.DLL,
MSVCR80.dll, GrooveNew.DLL, ATL80.DLL,
rsaenh.dll, MSImg32.dll, cscui.dll,
CSCDLL.dll, themeui.dll, Secur32.dll,
xpsp2res.dll, SSSensor.dll, wmpband.dll,
MPR.dll, SAMLIB.dll, GR99D3~1.DLL,
msxml3.dll, WINHTTP.dll, LINKINFO.dll,
ntshrui.dll, ATL.DLL, dfshim.dll,
mscoree.dll, mscorwks.dll, SETUPAPI.dll,
ieframe.dll, msi.dll, NETSHELL.dll,
rtutils.dll, credui.dll, WS2_32.dll,
WS2HELP.dll, iphlpapi.dll, gdiplus.dll,
wmploc.dll, SXS.DLL, jscript.dll, MLANG.dll,
WINSTA.dll, webcheck.dll, stobject.dll,
BatMeter.dll, POWRPROF.dll, WTSAPI32.dll,
wdmaud.drv, msacm32.drv, midimap.dll,
drprov.dll, ntlanman.dll, NETUI0.dll,
NETUI1.dll, NETRAP.dll, davclnt.dll,
browselc.dll, GrooveIntlResource.dll,
MSFTEDIT.DLL, GR326C~1.DLL, DUSER.dll,
MSGINA.dll, ODBC32.dll, comdlg32.dll,
odbcint.dll, mscms.dll, WINSPOOL.DRV,
wmvcore.dll, WMASF.DLL, shdoclc.dll,
PDFShell.dll, actxprxy.dll, sti.dll,
CFGMGR32.dll, RASAPI32.dll, rasman.dll,
TAPI32.dll, sensapi.dll, msv1_0.dll,
mswsock.dll, rasadhlp.dll, DNSAPI.dll,
hnetcfg.dll, wshtcpip.dll, srchui.dll,
OLEACC.dll, MSVCP60.dll, srchctls.dll,
agentdp2.dll, msohevi.dll, mbamext.dll,
rarext.dll, shellExt.dll
Ymsgr_tray.exe 3444 ntdll.dll, kernel32.dll, yui.dll,
COMCTL32.dll, msvcrt.dll, ADVAPI32.dll,
RPCRT4.dll, GDI32.dll, USER32.dll,
SHLWAPI.dll, MSIMG32.dll, RICHED20.dll,
IMM32.dll, SHELL32.dll, ole32.dll,
OLEAUT32.dll, MSVCP80.dll, MSVCR80.dll,
WININET.dll, Normaliz.dll, urlmon.dll,
iertutil.dll, comctl32.dll, uxtheme.dll,
res_msgr.dll, DockShellHook.dll, MSCTF.dll,
msctfime.ime, SSSensor.dll
CHROME.EXE 1964 ntdll.dll, kernel32.dll, USER32.dll,
GDI32.dll, ADVAPI32.dll, RPCRT4.dll,
SHELL32.dll, msvcrt.dll, SHLWAPI.dll,
USERENV.dll, WINMM.dll, WTSAPI32.dll,
WINSTA.dll, NETAPI32.dll, VERSION.dll,
IMM32.DLL, comctl32.dll, chrome.dll,
ole32.dll, OLEAUT32.dll, OLEACC.dll,
MSVCP60.dll, PSAPI.DLL, Secur32.dll,
USP10.dll, WS2_32.dll, WS2HELP.dll,
icudt42.dll, uxtheme.dll, DockShellHook.dll,
MSCTF.dll, NTMARTA.DLL, WLDAP32.dll,
SAMLIB.dll, en-US.dll, mswsock.dll,
DNSAPI.dll, SSSensor.dll, msctfime.ime,
rasadhlp.dll, riched20.dll, SXS.DLL,
gears.dll, urlmon.dll, iertutil.dll,
WINHTTP.dll, RASAPI32.DLL, rasman.dll,
TAPI32.dll, rtutils.dll, msv1_0.dll,
iphlpapi.dll, hnetcfg.dll, wshtcpip.dll,
rsaenh.dll
CHROME.EXE 1984 ntdll.dll, kernel32.dll, USER32.dll,
GDI32.dll, ADVAPI32.dll, RPCRT4.dll,
SHELL32.dll, msvcrt.dll, SHLWAPI.dll,
USERENV.dll, WINMM.dll, WTSAPI32.dll,
WINSTA.dll, NETAPI32.dll, VERSION.dll,
IMM32.DLL, comctl32.dll, chrome.dll,
ole32.dll, OLEAUT32.dll, OLEACC.dll,
MSVCP60.dll, PSAPI.DLL, Secur32.dll,
USP10.dll, WS2_32.dll, WS2HELP.dll,
icudt42.dll, en-US.dll, uxtheme.dll,
LPK.DLL, avcodec-52.dll, avutil-50.dll,
avformat-52.dll
cmd.exe 296 ntdll.dll, kernel32.dll, msvcrt.dll,
USER32.dll, GDI32.dll, ShimEng.dll,
AcGenral.DLL, ADVAPI32.dll, RPCRT4.dll,
WINMM.dll, ole32.dll, OLEAUT32.dll,
MSACM32.dll, VERSION.dll, SHELL32.dll,
SHLWAPI.dll, USERENV.dll, UxTheme.dll,
IMM32.DLL, comctl32.dll, comctl32.dll,
Apphelp.dll
War3.exe 2804 ntdll.dll, kernel32.dll, COMCTL32.dll,
ADVAPI32.dll, RPCRT4.dll, GDI32.dll,
USER32.dll, WINMM.dll, comdlg32.dll,
SHLWAPI.dll, msvcrt.dll, SHELL32.dll,
Storm.dll, MSVCR80.dll, VERSION.dll,
WININET.dll, Normaliz.dll, urlmon.dll,
ole32.dll, OLEAUT32.dll, iertutil.dll,
mss32.dll, WSOCK32.dll, WS2_32.dll,
WS2HELP.dll, IMM32.dll, comctl32.dll,
uxtheme.dll, DockShellHook.dll, MSCTF.dll,
CLBCATQ.DLL, COMRes.dll, Game.dll,
ijl15.dll, OPENGL32.dll, GLU32.dll,
DDRAW.dll, DCIMAN32.dll, Secur32.dll,
CRYPT32.dll, MSASN1.dll, NTMARTA.DLL,
WLDAP32.dll, SAMLIB.dll, WINTRUST.dll,
IMAGEHLP.dll, xpsp2res.dll, rsaenh.dll,
userenv.dll, netapi32.dll, cryptnet.dll,
WINHTTP.dll, SensApi.dll, msctfime.ime,
d3d8.dll, d3d8thk.dll, Mp3dec.asi,
Mssdolby.m3d, Msseax2.m3d, Mssfast.m3d,
Reverb3.flt, DSOUND.DLL, wdmaud.drv,
msacm32.drv, MSACM32.dll, midimap.dll,
KsUser.dll, mswsock.dll, SSSensor.dll
taskmgr.exe 828 ntdll.dll, kernel32.dll, ADVAPI32.dll,
RPCRT4.dll, GDI32.dll, USER32.dll,
iphlpapi.dll, msvcrt.dll, WS2_32.dll,
WS2HELP.dll, COMCTL32.dll, SHLWAPI.dll,
SHELL32.dll, Secur32.dll, VDMDBG.dll,
ShimEng.dll, AcGenral.DLL, WINMM.dll,
ole32.dll, OLEAUT32.dll, MSACM32.dll,
VERSION.dll, USERENV.dll, UxTheme.dll,
IMM32.DLL, DockShellHook.dll, MSCTF.dll,
msctfime.ime, SSSensor.dll, WINSTA.dll,
NETAPI32.dll, UTILDLL.dll, TAPI32.dll,
rtutils.dll, SETUPAPI.dll, WTSAPI32.dll,
cfgmgr32.dll, SAMLIB.dll
tasklist.exe 3500 ntdll.dll, kernel32.dll, msvcrt.dll,
ADVAPI32.dll, RPCRT4.dll, USER32.dll,
GDI32.dll, MPR.dll, ole32.dll, OLEAUT32.dll,
Secur32.dll, WS2_32.dll, WS2HELP.dll,
framedyn.dll, NETAPI32.dll, DBGHELP.dll,
VERSION.dll, ShimEng.dll, AcGenral.DLL,
WINMM.dll, MSACM32.dll, SHELL32.dll,
SHLWAPI.dll, USERENV.dll, UxTheme.dll,
IMM32.DLL, comctl32.dll, comctl32.dll,
DockShellHook.dll, MSCTF.dll, xpsp2res.dll,
CLBCATQ.DLL, COMRes.dll, wbemprox.dll,
wbemcomn.dll, Winsta.dll, wbemsvc.dll,
fastprox.dll, MSVCP60.dll, NTDSAPI.dll,
DNSAPI.dll, WLDAP32.dll
wmiprvse.exe 3412 ntdll.dll, kernel32.dll, msvcrt.dll,
ADVAPI32.dll, RPCRT4.dll, USER32.dll,
GDI32.dll, wbemcomn.dll, OLEAUT32.dll,
ole32.dll, FastProx.dll, MSVCP60.dll,
NTDSAPI.dll, DNSAPI.dll, WS2_32.dll,
WS2HELP.dll, WLDAP32.dll, NETAPI32.dll,
Secur32.dll, NCObjAPI.DLL, ShimEng.dll,
AcGenral.DLL, WINMM.dll, MSACM32.dll,
VERSION.dll, SHELL32.dll, SHLWAPI.dll,
USERENV.dll, UxTheme.dll, IMM32.DLL,
comctl32.dll, comctl32.dll, xpsp2res.dll,
CLBCATQ.DLL, COMRes.dll, wbemprox.dll,
wbemsvc.dll, wmiutils.dll, cimwin32.dll,
framedyn.dll, SETUPAPI.dll, WTSAPI32.dll,
WINSTA.dll, CFGMGR32.DLL, WMI.DLL

and here is also the result of the online scan:

BitDefender QuickScan Beta 32-bit v0.9.9.10
-------------------------------------------

Scan date: Wed Mar 24 20:20:29 2010
Machine ID: A0421D41

No infection found.
---------------------

Processes
---------
<unsigned> SRS Audio Sandbox 1340 D:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe
<unsigned> Stardock ObjectDock 1584 D:\Program Files\Stardock\ObjectDock\ObjectDock.exe

<verified> cFosSpeed Service 1968 D:\Program Files\cFosSpeed\spd.exe
<verified> cFosSpeed Window 1152 D:\Program Files\cFosSpeed\cFosSpeed.exe
<verified> ESET Smart Security 1040 D:\Program Files\ESET\ESET Smart Security\egui.exe
<verified> ESET Smart Security 140 D:\Program Files\ESET\ESET Smart Security\ekrn.exe
<verified> Firefox 3828 D:\Program Files\Mozilla Firefox\firefox.exe
<verified> Google Chrome 2552 D:\Documents and Settings\jay\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
<verified> Google Chrome 2732 D:\Documents and Settings\jay\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
<verified> Google Chrome 2980 D:\Documents and Settings\jay\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
<verified> Google Chrome 3176 D:\Documents and Settings\jay\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
<verified> Google Chrome 3568 D:\Documents and Settings\jay\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
<verified> Google Chrome 3792 D:\Documents and Settings\jay\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
<verified> Java™ Platform SE 6 U18 260 D:\Program Files\Java\jre6\bin\jqs.exe
<verified> Microsoft® Windows® Operating System 812 D:\WINDOWS\Explorer.EXE
<verified> Microsoft® Windows® Operating System 1880 D:\WINDOWS\System32\alg.exe
<verified> Microsoft® Windows® Operating System 1068 D:\WINDOWS\system32\csrss.exe
<verified> Microsoft® Windows® Operating System 1368 D:\WINDOWS\system32\ctfmon.exe
<verified> Microsoft® Windows® Operating System 1148 D:\WINDOWS\system32\lsass.exe
<verified> Microsoft® Windows® Operating System 1136 D:\WINDOWS\system32\services.exe
<verified> Microsoft® Windows® Operating System 1016 D:\WINDOWS\System32\smss.exe
<verified> Microsoft® Windows® Operating System 484 D:\WINDOWS\system32\spoolsv.exe
<verified> Microsoft® Windows® Operating System 548 D:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 1308 D:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 1532 D:\WINDOWS\System32\svchost.exe
<verified> Microsoft® Windows® Operating System 1408 D:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 1660 D:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 1972 D:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 3044 D:\WINDOWS\system32\wbem\wmiprvse.exe
<verified> Microsoft® Windows® Operating System 1456 D:\WINDOWS\system32\wdfmgr.exe
<verified> Microsoft® Windows® Operating System 1092 D:\WINDOWS\system32\winlogon.exe
<verified> Microsoft® Windows® Operating System 1580 D:\WINDOWS\system32\wuauclt.exe
<verified> Sygate® Security Agent and Personal Fir 1624 D:\Program Files\Sygate\SPF\smc.exe
<verified> Yahoo! Messenger 1000 D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

Network activity
----------------
Process ekrn.exe (140) connected on port 80 (HTTP) - 199.7.51.190
Process ekrn.exe (140) connected on port 80 (HTTP) - 64.233.183.101
Process ekrn.exe (140) connected on port 5050 (Yahoo Messenger) - 68.180.217.31
Process ekrn.exe (140) connected on port 80 (HTTP) - 122.252.133.115
Process ekrn.exe (140) connected on port 80 (HTTP) - 210.5.102.40
Process ekrn.exe (140) connected on port 80 (HTTP) - 199.7.48.190
Process ekrn.exe (140) connected on port 80 (HTTP) - 199.7.48.190
Process ekrn.exe (140) connected on port 80 (HTTP) - 64.18.25.38
Process ekrn.exe (140) connected on port 80 (HTTP) - 199.7.51.190
Process ekrn.exe (140) connected on port 80 (HTTP) - 75.126.164.78
Process ekrn.exe (140) connected on port 443 (HTTP over SSL) - 68.142.233.160

Process YahooMessenger.exe (1000) listens on ports: 5101 (Yahoo Messenger)
Process svchost.exe (1408) listens on ports: 135 (RPC)

Autoruns and critical files
---------------------------
<unsigned> SRS Audio Sandbox D:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe

<verified> cFosSpeed Window D:\Program Files\cFosSpeed\cFosSpeed.exe
<verified> ESET Smart Security D:\Program Files\ESET\ESET Smart Security\egui.exe
<verified> Google Update D:\Documents and Settings\jay\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
<verified> GrooveShellExtensions Module d:\program files\microsoft office\office12\grooveshellextensions.dll
<verified> Microsoft® Windows® Operating System D:\WINDOWS\System32\BROWSEUI.DLL
<verified> Microsoft® Windows® Operating System D:\WINDOWS\System32\CRYPT32.DLL
<verified> Microsoft® Windows® Operating System D:\WINDOWS\System32\CRYPTNET.DLL
<verified> Microsoft® Windows® Operating System D:\WINDOWS\System32\CSCDLL.DLL
<verified> Microsoft® Windows® Operating System D:\WINDOWS\system32\ctfmon.exe
<verified> Microsoft® Windows® Operating System D:\WINDOWS\system32\logonui.exe
<verified> Microsoft® Windows® Operating System D:\WINDOWS\system32\sclgntfy.dll
<verified> Microsoft® Windows® Operating System D:\WINDOWS\System32\SHELL32.DLL
<verified> Microsoft® Windows® Operating System D:\WINDOWS\System32\STOBJECT.DLL
<verified> Microsoft® Windows® Operating System d:\windows\system32\userinit.exe
<verified> Microsoft® Windows® Operating System D:\WINDOWS\System32\WLNOTIFY.DLL
<verified> Sygate® Security Agent and Personal Fir D:\PROGRA~1\Sygate\SPF\smc.exe
<verified> Windows® Internet Explorer D:\WINDOWS\System32\WEBCHECK.DLL

Browser plugins
---------------
<unsigned> bdoscandel.exe D:\WINDOWS\bdoscandel.exe
<unsigned> bdscanonline D:\WINDOWS\Downloaded Program Files\oscan82.ocx
<unsigned> ipsupd.dll D:\WINDOWS\Downloaded Program Files\ipsupd.dll
<unsigned> Shockwave for Director D:\WINDOWS\system32\Adobe\Director\np32dsw.dll

<verified> AcroIEHelperShim Library d:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
<verified> Adobe Acrobat D:\Program Files\Internet Explorer\plugins\nppdf32.dll
<verified> Adobe® Flash® Player ActiveX D:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
<verified> BitDefender QuickScan D:\Documents and Settings\jay\Application Data\Mozilla\Firefox\Profiles/4yikn58t.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
<verified> BitDefender QuickScan D:\Documents and Settings\jay\Application Data\Mozilla\Firefox\Profiles/4yikn58t.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
<verified> GrooveShellExtensions Module d:\program files\microsoft office\office12\grooveshellextensions.dll
<verified> Java™ Platform SE 6 U18 d:\program files\java\jre6\bin\jp2ssv.dll
<verified> Java™ Platform SE 6 U18 d:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
<verified> Messenger D:\Program Files\Messenger\msmsgs.exe
<verified> Microsoft® Windows Live OneCare D:\WINDOWS\Downloaded Program Files\wlscBase.dll
<verified> Microsoft® Windows® Operating System D:\WINDOWS\System32\MSWSOCK.DLL
<verified> Microsoft® Windows® Operating System D:\WINDOWS\system32\rsvpsp.dll
<verified> Microsoft® Windows® Operating System D:\WINDOWS\System32\WINRNR.DLL
<verified> Mozilla Default Plug-in D:\Program Files\Mozilla Firefox\plugins\npnul32.dll
<verified> NPSWF32.dll D:\WINDOWS\System32\Macromed\Flash\NPSWF32.dll
<verified> Windows Presentation Foundation D:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
<verified> Windows® Internet Explorer D:\WINDOWS\System32\IEFRAME.DLL
<verified> Yahoo Application State Plugin D:\Program Files\Yahoo!\Shared\npYState.dll

Scan
----
<unsigned> MD5: 8c7e1bc5e4bc5bd0fcb0f57319c44333 D:\Program Files\Common Files\Stardock\ODimg.dll
<unsigned> MD5: 86f1895ae8c5e8b17d99ece768a70732 D:\Program Files\Java\JRE6\BIN\MSVCR71.DLL
<unsigned> MD5: a67137616bb9668f46f595ce4c861af4 D:\Program Files\Mozilla Firefox\freebl3.dll
<unsigned> MD5: cbf614a2ea4fdae7a45fb98097002f3b D:\Program Files\Mozilla Firefox\nssdbm3.dll
<unsigned> MD5: cc579e1a88c865c880ce32d8b46c4734 D:\Program Files\Mozilla Firefox\softokn3.dll
<unsigned> MD5: db50b379aae595163a02f6635702b79f D:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe
<unsigned> MD5: e458d88c71990f545ef941cd16080bad D:\Program Files\Stardock\ObjectDock\DBGHELP.DLL
<unsigned> MD5: 9038e4179464283e41f0e17e2288b16d D:\Program Files\Stardock\ObjectDock\Docklets\Clock\Clock.dll
<unsigned> MD5: b0b8be5736a798808f08cf63ac07a5c6 D:\Program Files\Stardock\ObjectDock\ObjectDock.exe
<unsigned> MD5: 92756208fe9138d360f2beb68d5ca349 D:\Program Files\Stardock\ObjectDock\ODimg.dll
<unsigned> MD5: bf71a06ff065e3fd7e32ea67dca34885 D:\Program Files\UltraISO\drivers\ISODrive.sys
<unsigned> MD5: e0a7d542b66725fe81eb9f5aeb9b1e82 D:\Program Files\WinRAR\RarExt.dll
<unsigned> MD5: a004ba34e233fc175585e237018c3977 D:\Program Files\Yahoo!\Messenger\ConnectionWizard.dll
<unsigned> MD5: bb39b30f102efb368b8cd674bdeaaf0f D:\Program Files\Yahoo!\Messenger\core_video.dll
<unsigned> MD5: 90ee0f1685814f73c69f89b79f623e4a D:\Program Files\Yahoo!\Messenger\ft60.dll
<unsigned> MD5: 37f0ef0585e9e7e46cb6d639ef1780c2 D:\Program Files\Yahoo!\Messenger\NSPR4.DLL
<unsigned> MD5: 871e07916ee1bb038242c69725508cd9 D:\Program Files\Yahoo!\Messenger\resources\en-US\RES_MSGR.DLL
<unsigned> MD5: 11032d75731f12c155380867cb7eac90 D:\Program Files\Yahoo!\Messenger\RGX.DLL
<unsigned> MD5: 52aa1115c6db660fc4033b574cb74a0a D:\Program Files\Yahoo!\Messenger\rmc_audio.dll
<unsigned> MD5: 9e45114fc9cd79eac1c7d606427b06e1 D:\Program Files\Yahoo!\Messenger\rmc_video.dll
<unsigned> MD5: f9db100679ba076bc2cbea3242057834 D:\Program Files\Yahoo!\Messenger\yalertcenterM.dll
<unsigned> MD5: 444a384496aa2d847b03043e82079fb2 D:\Program Files\Yahoo!\Messenger\YCPFoundation.dll
<unsigned> MD5: eba765bcdf865a76f99c036fa5b254d1 D:\Program Files\Yahoo!\Messenger\YCPSSL.DLL
<unsigned> MD5: 1c2f23d1bbbc24640a0bae490f1e97e3 D:\Program Files\Yahoo!\Messenger\YHTTP.DLL
<unsigned> MD5: 9b9a85eff3fb7be2d1021987d74ab256 D:\Program Files\Yahoo!\Messenger\YImage.dll
<unsigned> MD5: bca542914008b52dfa533305ee0a084b D:\Program Files\Yahoo!\Messenger\YIniDom.dll
<unsigned> MD5: a257f8af1e56e8376df52942bcfd6428 D:\Program Files\Yahoo!\Messenger\YLOG.DLL
<unsigned> MD5: 1d8ea4362b93f4a60560b1b8d0b687cd D:\Program Files\Yahoo!\Messenger\ymdm_audio.dll
<unsigned> MD5: 85d4f6f687acbfa83e888698ff58b860 D:\Program Files\Yahoo!\Messenger\ymdm_video.dll
<unsigned> MD5: fe256156d8f3c2966deb07e0a0dac904 D:\Program Files\Yahoo!\Messenger\Yml.dll
<unsigned> MD5: 3901c0dce171b09b6f7295dcd6532c80 D:\Program Files\Yahoo!\Messenger\ymsdk.dll
<unsigned> MD5: 03d5843fc7d878b1a5f7b16a0ef1d9cc D:\Program Files\Yahoo!\Messenger\YMSGLITE.DLL
<unsigned> MD5: 1e79f70e84192c111fcd189138284c11 D:\Program Files\Yahoo!\Messenger\ypagerps.dll
<unsigned> MD5: 03be78763683b59020a7cd19ef3d01f8 D:\Program Files\Yahoo!\Messenger\YPluginRegistry.dll
<unsigned> MD5: 03115382e0b298de872f99abb417b867 D:\Program Files\Yahoo!\Messenger\YUI.DLL
<unsigned> MD5: b75e2a565ae6b03dd3941a5dd4e2f31c D:\WINDOWS\bdoscandel.exe
<unsigned> MD5: 2b1c4c87eb20addba59dca975e28dffb D:\WINDOWS\Downloaded Program Files\ipsupd.dll
<unsigned> MD5: a9f9db72cad15e93ad756acff7e4c7dd D:\WINDOWS\Downloaded Program Files\oscan82.ocx
<unsigned> MD5: 32a783fe8d78db883368ca851e274dbe D:\WINDOWS\system32\Adobe\Director\np32dsw.dll
<unsigned> MD5: 320ecf13baf18ae739a9e6d4f13eff1c D:\WINDOWS\system32\drivers\ADIHdAud.sys
<unsigned> MD5: e1710c69e2af442442b522ec77b12ef0 D:\WINDOWS\system32\DRIVERS\AVEOdcnt.sys
<unsigned> MD5: 04906f0072903bd0280791a562596b95 D:\WINDOWS\SYSTEM32\Drivers\Teefer.sys
<unsigned> MD5: 9eb103f5652c9253bad58350aede476d D:\WINDOWS\system32\drivers\wpsdrvnt.sys
<unsigned> MD5: 3e9a33113d663d8bd5ed38858e669652 D:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.DLL
<unsigned> MD5: 686b224b4987c22b153fbb545fee9657 D:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\MFC80U.DLL
<unsigned> MD5: d8584c7fb9a1ba8480f9000c1ca1b415 D:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ENU.dll

No file uploaded.

Scan finished - communication took 13 sec
Total traffic - 0.06 MB sent, 2.63 KB recvd
Scanned 1019 files and modules - 478 seconds

by the way, enjoy your vacation.

Edited by dissidia, 24 March 2010 - 07:24 AM.

#12
RKinner

Posted 24 March 2010 - 07:29 AM

Malware Expert

Expert
24,624 posts

For Explorer using too much cpu you can try
ShellExView:

http://www.nirsoft.n...xview_setup.exe

Download and install then run it. About the 3rd column from the left is Microsoft. Click once or twice on the column header to sort things by Yes or No. We want No at the top. Disable each NO by clicking on it then clicking on the red light.

Once all or done, reboot or close and restart explorer.

Now check your task manager. Any better? Go back and turn one on a time until you find the culprit. You have to restart explorer or reboot each time.

The only thing I can see that uses rundll32.exe is your video adapter. You might look for a new driver for it.

Ron

Edited by RKinner, 24 March 2010 - 05:42 PM.