Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Generic Host Win32 error?

Started by Geek of Spades , Mar 29 2010 06:36 AM

Please log in to reply

#1
Geek of Spades

Posted 29 March 2010 - 06:36 AM

Member

Member
56 posts

Well that error pops out of nowhere, people say it was a virus but i cant seem to remove it. I'm using Bit Defender 2010 Total Security and it didn't detect anything an error like that Generic Host Win error pops out of nowhere and then the sound card just becomes undetected and i lose sound. I restart and everything is fine again until that error pops out again.

Well here is the Malbyte's Log

Malwarebytes' Anti-Malware 1.44
Database version: 3510
Windows 5.1.2600 Service Pack 2 (Safe Mode)
Internet Explorer 6.0.2900.2180

3/29/2010 8:58:06 PM
mbam-log-2010-03-29 (20-58-06).txt

Scan type: Full Scan (C:\|)
Objects scanned: 160829
Time elapsed: 34 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\microsoft driver setup (Worm.Palevo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\microsoft driver setup (Worm.Palevo) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

EDIT: I downloaded this script that stops it, and everything seems fine. Is it actually a virus?

Edited by Geek of Spades, 29 March 2010 - 06:24 PM.

#2
RKinner

Posted 30 March 2010 - 08:16 AM

Malware Expert

Expert
24,624 posts

It's a virus. It spreads via P2P, MSN messenger and USB drives. Be a good idea to follow our Malware Removal guide http://www.geekstogo...uide-t2852.html
and post your logs (copy and paste please - do not attach) so we can make sure it's all gone.

Ron

#3
Geek of Spades

Posted 31 March 2010 - 01:16 AM

Member

Topic Starter
Member
56 posts

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-31 14:45:57
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\ok\LOCALS~1\Temp\ffwyrpoc.sys

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)
AttachedDevice \Driver\Tcpip \Device\Tcp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)
AttachedDevice \Driver\Tcpip \Device\Udp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)
AttachedDevice \Driver\Tcpip \Device\RawIp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\pupic@DisplayName Task Universal
Reg HKLM\SYSTEM\CurrentControlSet\Services\pupic@Type 32
Reg HKLM\SYSTEM\CurrentControlSet\Services\pupic@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\pupic@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\pupic@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\CurrentControlSet\Services\pupic@ObjectName LocalSystem
Reg HKLM\SYSTEM\CurrentControlSet\Services\pupic@Description Provides automatic configuration for the 802.11 adapters
Reg HKLM\SYSTEM\CurrentControlSet\Services\pupic\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\Services\pupic\Parameters@ServiceDll C:\WINDOWS\system32\miorzvi.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\rrvqfjqz@DisplayName Config Task
Reg HKLM\SYSTEM\CurrentControlSet\Services\rrvqfjqz@Type 32
Reg HKLM\SYSTEM\CurrentControlSet\Services\rrvqfjqz@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\rrvqfjqz@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\rrvqfjqz@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\CurrentControlSet\Services\rrvqfjqz@ObjectName LocalSystem
Reg HKLM\SYSTEM\CurrentControlSet\Services\rrvqfjqz@Description Manages audio devices for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Reg HKLM\SYSTEM\CurrentControlSet\Services\rrvqfjqz\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\Services\rrvqfjqz\Parameters@ServiceDll C:\WINDOWS\system32\miorzvi.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\sbquwk@DisplayName Security Microsoft
Reg HKLM\SYSTEM\CurrentControlSet\Services\sbquwk@Type 32
Reg HKLM\SYSTEM\CurrentControlSet\Services\sbquwk@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sbquwk@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sbquwk@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\CurrentControlSet\Services\sbquwk@ObjectName LocalSystem
Reg HKLM\SYSTEM\CurrentControlSet\Services\sbquwk@Description Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability.
Reg HKLM\SYSTEM\CurrentControlSet\Services\sbquwk\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\Services\sbquwk\Parameters@ServiceDll C:\WINDOWS\system32\miorzvi.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\vottywqu@DisplayName Support Image
Reg HKLM\SYSTEM\CurrentControlSet\Services\vottywqu@Type 32
Reg HKLM\SYSTEM\CurrentControlSet\Services\vottywqu@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\vottywqu@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\vottywqu@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\CurrentControlSet\Services\vottywqu@ObjectName LocalSystem
Reg HKLM\SYSTEM\CurrentControlSet\Services\vottywqu@Description Enables Help and Support Center to run on this computer. If this service is stopped, Help and Support Center will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Reg HKLM\SYSTEM\CurrentControlSet\Services\vottywqu\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\Services\vottywqu\Parameters@ServiceDll C:\Program Files\Internet Explorer\miorzvi.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\yzzmxaq@DisplayName Driver Center
Reg HKLM\SYSTEM\CurrentControlSet\Services\yzzmxaq@Type 32
Reg HKLM\SYSTEM\CurrentControlSet\Services\yzzmxaq@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\yzzmxaq@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\yzzmxaq@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\CurrentControlSet\Services\yzzmxaq@ObjectName LocalSystem
Reg HKLM\SYSTEM\CurrentControlSet\Services\yzzmxaq@Description Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start.
Reg HKLM\SYSTEM\CurrentControlSet\Services\yzzmxaq\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\Services\yzzmxaq\Parameters@ServiceDll C:\WINDOWS\system32\miorzvi.dll
Reg HKLM\SYSTEM\ControlSet002\Services\pupic@DisplayName Task Universal
Reg HKLM\SYSTEM\ControlSet002\Services\pupic@Type 32
Reg HKLM\SYSTEM\ControlSet002\Services\pupic@Start 2
Reg HKLM\SYSTEM\ControlSet002\Services\pupic@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet002\Services\pupic@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet002\Services\pupic@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet002\Services\pupic@Description Provides automatic configuration for the 802.11 adapters
Reg HKLM\SYSTEM\ControlSet002\Services\pupic\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\pupic\Parameters@ServiceDll C:\WINDOWS\system32\miorzvi.dll
Reg HKLM\SYSTEM\ControlSet002\Services\rrvqfjqz@DisplayName Config Task
Reg HKLM\SYSTEM\ControlSet002\Services\rrvqfjqz@Type 32
Reg HKLM\SYSTEM\ControlSet002\Services\rrvqfjqz@Start 2
Reg HKLM\SYSTEM\ControlSet002\Services\rrvqfjqz@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet002\Services\rrvqfjqz@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet002\Services\rrvqfjqz@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet002\Services\rrvqfjqz@Description Manages audio devices for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Reg HKLM\SYSTEM\ControlSet002\Services\rrvqfjqz\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\rrvqfjqz\Parameters@ServiceDll C:\WINDOWS\system32\miorzvi.dll
Reg HKLM\SYSTEM\ControlSet002\Services\sbquwk@DisplayName Security Microsoft
Reg HKLM\SYSTEM\ControlSet002\Services\sbquwk@Type 32
Reg HKLM\SYSTEM\ControlSet002\Services\sbquwk@Start 2
Reg HKLM\SYSTEM\ControlSet002\Services\sbquwk@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet002\Services\sbquwk@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet002\Services\sbquwk@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet002\Services\sbquwk@Description Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability.
Reg HKLM\SYSTEM\ControlSet002\Services\sbquwk\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sbquwk\Parameters@ServiceDll C:\WINDOWS\system32\miorzvi.dll
Reg HKLM\SYSTEM\ControlSet002\Services\vottywqu@DisplayName Support Image
Reg HKLM\SYSTEM\ControlSet002\Services\vottywqu@Type 32
Reg HKLM\SYSTEM\ControlSet002\Services\vottywqu@Start 2
Reg HKLM\SYSTEM\ControlSet002\Services\vottywqu@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet002\Services\vottywqu@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet002\Services\vottywqu@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet002\Services\vottywqu@Description Enables Help and Support Center to run on this computer. If this service is stopped, Help and Support Center will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Reg HKLM\SYSTEM\ControlSet002\Services\vottywqu\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\vottywqu\Parameters@ServiceDll C:\Program Files\Internet Explorer\miorzvi.dll
Reg HKLM\SYSTEM\ControlSet002\Services\yzzmxaq@DisplayName Driver Center
Reg HKLM\SYSTEM\ControlSet002\Services\yzzmxaq@Type 32
Reg HKLM\SYSTEM\ControlSet002\Services\yzzmxaq@Start 2
Reg HKLM\SYSTEM\ControlSet002\Services\yzzmxaq@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet002\Services\yzzmxaq@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet002\Services\yzzmxaq@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet002\Services\yzzmxaq@Description Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start.
Reg HKLM\SYSTEM\ControlSet002\Services\yzzmxaq\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\yzzmxaq\Parameters@ServiceDll C:\WINDOWS\system32\miorzvi.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{09e0bc77-0c45-4363-aeaf-8ef1e8f64498}@Model 274
Reg HKLM\SOFTWARE\Classes\CLSID\{09e0bc77-0c45-4363-aeaf-8ef1e8f64498}@Therad 43
Reg HKLM\SOFTWARE\Classes\CLSID\{09e0bc77-0c45-4363-aeaf-8ef1e8f64498}@MData 0x2B 0x8F 0x78 0x29 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}@scansk 0x7C 0xAF 0xE6 0x4A ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}@scansk 0xE9 0x88 0x8A 0x48 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{9c20e4cd-a7b9-414d-abf4-cbd6b8cae9c5}@Model 87
Reg HKLM\SOFTWARE\Classes\CLSID\{9c20e4cd-a7b9-414d-abf4-cbd6b8cae9c5}@Therad 2
Reg HKLM\SOFTWARE\Classes\CLSID\{9c20e4cd-a7b9-414d-abf4-cbd6b8cae9c5}@MData 0x73 0xD5 0xCF 0xB8 ...

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] pupic <-- ROOTKIT !!!
Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] rrvqfjqz <-- ROOTKIT !!!
Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] sbquwk <-- ROOTKIT !!!
Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] vottywqu <-- ROOTKIT !!!
Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] yzzmxaq <-- ROOTKIT !!!

---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwAllocateVirtualMemory [0xF4A29884]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwAssignProcessToJobObject [0xF4A29BF0]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwConnectPort [0xF4A2ADA0]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwCreateFile [0xF4A2A5B6]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwCreateKey [0xF4A2B20A]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwCreateProcess [0xF4A29D3A]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwCreateProcessEx [0xF4A29DBC]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwCreateSection [0xF4A2A3DA]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwCreateThread [0xF4A29486]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwDeviceIoControlFile [0xF4A2B30A]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwDuplicateObject [0xF4A2D9F4]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwFsControlFile [0xF4A2B44E]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwLoadDriver [0xF4A2BD92]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwOpenFile [0xF4A2A4CA]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwOpenProcess [0xF4A2D746]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwOpenSection [0xF4A2A2FA]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwOpenThread [0xF4A2D874]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwProtectVirtualMemory [0xF4A29782]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwQueueApcThread [0xF4A29C92]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwRequestPort [0xF4A2AE30]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwRequestWaitReplyPort [0xF4A2ABEC]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwSecureConnectPort [0xF4A2AFBA]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwSetContextThread [0xF4A29576]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwSetSystemInformation [0xF4A29988]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwSuspendProcess [0xF4A296E4]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwSuspendThread [0xF4A29646]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwSystemDebugControl [0xF4A29B4E]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwTerminateProcess [0xF4A2D6B6]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwTerminateThread [0xF4A2DB02]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwWriteVirtualMemory [0xF4A29384]

---- EOF - GMER 1.0.15 ----

#4
Geek of Spades

Posted 31 March 2010 - 01:17 AM

Member

Topic Starter
Member
56 posts

OTL logfile created on: 3/31/2010 3:12:07 PM - Run 2
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\ok\My Documents\Fixer
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

255.00 Mb Total Physical Memory | 123.00 Mb Available Physical Memory | 48.00% Memory free
1,002.00 Mb Paging File | 733.00 Mb Available in Paging File | 73.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 20.74 Gb Free Space | 55.66% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OK-3738E9F70A4A
Current User Name: ok
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\ok\My Documents\Fixer\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe (BitDefender S.R.L.)
PRC - C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe (BitDefender S.R.L.)
PRC - C:\Program Files\Trillian\trillian.exe (Cerulean Studios)
PRC - C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
PRC - C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe (BitDefender S.R.L.)
PRC - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe (BitDefender S.R.L.)
PRC - C:\Program Files\Internet Download Manager\IEMonitor.exe (Tonec Inc.)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\ok\My Documents\Fixer\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Internet Download Manager\idmmkb.dll (Tonec Inc.)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (VSSERV) -- C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe (BitDefender S.R.L.)
SRV - (LIVESRV) -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe (BitDefender S.R.L.)
SRV - (scan) -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll (S.C. BitDefender S.R.L)
SRV - (Arrakis3) -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe (BitDefender S.R.L. http://www.bitdefender.com)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 0.0.0.0:80

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com.ph/"
FF - prefs.js..extensions.enabledItems: [email protected]:2.0
FF - prefs.js..extensions.enabledItems: FasterFox_Lite@BigRedBrent:3.8.2Lite
FF - prefs.js..extensions.enabledItems: [email protected]:3.1.2
FF - prefs.js..extensions.enabledItems: [email protected]:6.9.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.27
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\ [2010/03/27 09:14:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/27 09:14:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/29 12:58:17 | 000,000,000 | ---D | M]

[2003/08/25 17:40:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ok\Application Data\Mozilla\Extensions
[2010/03/31 08:57:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ok\Application Data\Mozilla\Firefox\Profiles\zc5edf01.default\extensions
[2009/10/22 10:43:01 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\ok\Application Data\Mozilla\Firefox\Profiles\zc5edf01.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/12/23 07:53:20 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\ok\Application Data\Mozilla\Firefox\Profiles\zc5edf01.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/12/26 12:35:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ok\Application Data\Mozilla\Firefox\Profiles\zc5edf01.default\extensions\FasterFox_Lite@BigRedBrent
[2010/03/29 15:17:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ok\Application Data\Mozilla\Firefox\Profiles\zc5edf01.default\extensions\[email protected]
[2010/03/31 08:57:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ok\Application Data\Mozilla\Firefox\Profiles\zc5edf01.default\extensions\[email protected]
[2010/02/08 17:35:36 | 000,002,254 | ---- | M] () -- C:\Documents and Settings\ok\Application Data\Mozilla\Firefox\Profiles\zc5edf01.default\searchplugins\askcom.xml
[2010/03/29 15:18:05 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2009/10/27 08:04:18 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Tonec Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (UrlHelper Class) - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - Reg Error: Value error. File not found
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\googletoolbar.dll (Google Inc.)
O2 - BHO: (Trillian Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\googletoolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\ietoolbar.dll (BitDefender S.R.L.)
O3 - HKLM\..\Toolbar: (BearShare MediaBar) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (Trillian Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\googletoolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (BearShare MediaBar) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - Reg Error: Value error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2010\IEShow.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKCU..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Google Search - C:\Program Files\Google\googletoolbar.dll (Google Inc.)
O8 - Extra context menu item: Backward &Links - C:\Program Files\Google\googletoolbar.dll (Google Inc.)
O8 - Extra context menu item: Cac&hed Snapshot of Page - C:\Program Files\Google\googletoolbar.dll (Google Inc.)
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: Si&milar Pages - C:\Program Files\Google\googletoolbar.dll (Google Inc.)
O8 - Extra context menu item: Translate into English - C:\Program Files\Google\googletoolbar.dll (Google Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\System32\idmmbc.dll (Tonec Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 124.104.135.68 58.69.254.206 58.69.254.141 58.69.254.204
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/08/01 06:58:52 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{57e5b750-d64c-11d7-94f1-00c02689db7c}\Shell\AutoRun\command - "" = .\winguard\wwload.exe
O33 - MountPoints2\{57e5b750-d64c-11d7-94f1-00c02689db7c}\Shell\exploRE\coMMand - "" = .///winguard\\/wwload.exe
O33 - MountPoints2\{57e5b750-d64c-11d7-94f1-00c02689db7c}\Shell\OPen\command - "" = .////\\\winguard\\\\/wwload.exe
O33 - MountPoints2\{9684fb64-d6a2-11d7-95d1-00c02689db7c}\Shell\AutoRun\command - "" = F:\0o.com -- File not found
O33 - MountPoints2\{9684fb64-d6a2-11d7-95d1-00c02689db7c}\Shell\open\Command - "" = F:\0o.com -- File not found
O33 - MountPoints2\{a94bffb8-d64d-11d7-9571-00c02689db7c}\Shell\AutoRun\command - "" = F:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe -- File not found
O33 - MountPoints2\{a94bffb8-d64d-11d7-9571-00c02689db7c}\Shell\open\command - "" = F:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe -- File not found
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/08/01 06:58:08 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: dcxsnpux - File not found
NetSvcs: nqwvetk - File not found
NetSvcs: xneyhq - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (54046588552609792)

========== Files/Folders - Created Within 14 Days ==========

[2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ok\Application Data\Sun
[2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- C:\Program Files\LimeWire
[2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Download Manager
[2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ok\Application Data\DMCache
[2010/03/31 13:17:18 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/03/31 13:14:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ok\My Documents\Fixer
[2010/03/31 08:57:52 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2010/03/31 08:53:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ok\Application Data\Trillian
[2010/03/31 08:51:36 | 000,000,000 | ---D | C] -- C:\Program Files\Trillian
[2010/03/29 23:27:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2010/03/29 22:46:39 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\ok\Recent
[2010/03/29 12:46:52 | 000,151,552 | ---- | C] (Wr) -- C:\WINDOWS\System32\37.scr
[2010/03/29 12:34:38 | 000,151,552 | ---- | C] (Wr) -- C:\WINDOWS\System32\72.scr
[2010/03/29 11:28:06 | 000,151,552 | RHS- | C] (Wr) -- C:\WINDOWS\System32\xfgnl.exe
[2010/03/29 11:27:45 | 000,151,552 | ---- | C] (Wr) -- C:\WINDOWS\System32\60.scr
[2010/03/28 18:13:24 | 000,217,088 | ---- | C] (VR0RiNS) -- C:\WINDOWS\System32\50.exe
[2010/03/28 17:26:57 | 000,217,088 | ---- | C] (VR0RiNS) -- C:\WINDOWS\System32\38.exe
[2010/03/28 16:17:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ok\My Documents\My Games
[2010/03/28 16:17:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ok\Application Data\Microsoft Games
[2010/03/28 16:12:02 | 000,000,000 | ---D | C] -- C:\Program Files\GameSpy Arcade
[2010/03/28 16:04:51 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Games
[2010/03/27 10:07:54 | 000,151,552 | ---- | C] (Wr) -- C:\WINDOWS\System32\42.scr
[2010/03/27 02:58:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ok\Application Data\BitDefender
[2010/03/27 02:58:30 | 000,000,000 | ---D | C] -- C:\Binaries
[2010/03/27 02:57:46 | 000,000,000 | ---D | C] -- C:\Program Files\BitDefender
[2010/03/27 02:57:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BitDefender
[2010/03/27 02:55:03 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2010/03/27 02:55:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2010/03/27 02:55:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTemp
[2010/03/27 02:53:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\BitDefender
[2010/03/27 00:15:31 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$MSI31Uninstall_KB893803$
[2010/03/26 21:56:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ok\Application Data\IDM
[2010/03/26 21:26:23 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\ok\My Documents\Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}
[2010/03/23 19:10:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ok\Application Data\skypePM
[2010/03/23 19:09:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ok\Application Data\Skype
[2010/03/23 19:09:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010/03/23 19:09:00 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2010/03/23 19:08:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2010/03/22 22:48:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ok\My Documents\Downloads
[2009/12/29 14:18:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/12/29 14:02:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/12/29 14:01:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2009/10/22 09:22:27 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/10/22 09:22:27 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/08/01 07:03:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft

========== Files - Modified Within 14 Days ==========

[2010/03/31 15:01:01 | 000,000,228 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/03/31 14:46:58 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/31 14:46:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/31 14:46:52 | 267,833,344 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/31 14:37:01 | 000,000,966 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-1326574676-682003330-1003UA.job
[2010/03/31 13:19:08 | 002,359,296 | -H-- | M] () -- C:\Documents and Settings\ok\NTUSER.DAT
[2010/03/31 13:19:08 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\ok\ntuser.ini
[2010/03/31 13:17:22 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\ok\Desktop\NTREGOPT.lnk
[2010/03/31 13:17:22 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\ok\Desktop\ERUNT.lnk
[2010/03/31 13:00:05 | 001,576,772 | -H-- | M] () -- C:\Documents and Settings\ok\Local Settings\Application Data\IconCache.db
[2010/03/31 08:53:32 | 000,000,766 | ---- | M] () -- C:\Documents and Settings\ok\Desktop\Trillian.lnk
[2010/03/31 08:20:50 | 000,000,376 | ---- | M] () -- C:\Documents and Settings\ok\Application Dataprivacy.xml
[2010/03/30 12:03:49 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/03/30 08:41:27 | 000,000,025 | ---- | M] () -- C:\Documents and Settings\ok\Application Data\bdfvconp.ini
[2010/03/29 22:38:29 | 000,000,914 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-1326574676-682003330-1003Core.job
[2010/03/29 19:32:49 | 000,000,052 | ---- | M] () -- C:\WINDOWS\System32\ashttpstats.csv
[2010/03/29 14:57:43 | 000,000,406 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2010/03/29 12:46:53 | 000,151,552 | ---- | M] (Wr) -- C:\WINDOWS\System32\37.scr
[2010/03/29 12:34:39 | 000,151,552 | ---- | M] (Wr) -- C:\WINDOWS\System32\72.scr
[2010/03/29 11:27:45 | 000,151,552 | RHS- | M] (Wr) -- C:\WINDOWS\System32\xfgnl.exe
[2010/03/29 11:27:45 | 000,151,552 | ---- | M] (Wr) -- C:\WINDOWS\System32\60.scr
[2010/03/29 09:23:10 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/28 18:13:24 | 000,217,088 | ---- | M] (VR0RiNS) -- C:\WINDOWS\System32\50.exe
[2010/03/28 17:29:16 | 000,217,088 | ---- | M] (VR0RiNS) -- C:\WINDOWS\System32\38.exe
[2010/03/28 16:15:55 | 000,001,787 | ---- | M] () -- C:\Documents and Settings\ok\Desktop\Rise Of Nations.lnk
[2010/03/28 16:11:49 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/03/27 21:41:20 | 000,000,850 | ---- | M] () -- C:\Documents and Settings\ok\Application DataProductTweaks.xml
[2010/03/27 21:41:20 | 000,000,385 | ---- | M] () -- C:\Documents and Settings\ok\Application Datauser_gensett.xml
[2010/03/27 11:03:01 | 000,000,016 | ---- | M] () -- C:\WINDOWS\System32\asdict.dat
[2010/03/27 11:03:01 | 000,000,004 | ---- | M] () -- C:\WINDOWS\System32\aspdict-en.dat
[2010/03/27 10:07:54 | 000,151,552 | ---- | M] (Wr) -- C:\WINDOWS\System32\42.scr
[2010/03/27 09:13:21 | 000,000,385 | ---- | M] () -- C:\WINDOWS\System32\user_gensett.xml
[2010/03/27 08:40:35 | 000,106,464 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\WINDOWS\System32\drivers\bdhv.sys
[2010/03/27 08:40:33 | 000,153,448 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\WINDOWS\System32\drivers\bdfm.sys
[2010/03/27 07:22:35 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\wsbl.dat
[2010/03/27 07:22:35 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\phar_unmip.dat
[2010/03/27 07:22:35 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\phar_histprot.dat
[2010/03/27 07:22:35 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\ph_white.dat
[2010/03/27 07:22:35 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\ph_summ.dat
[2010/03/27 07:22:35 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\ph_spoof.sig
[2010/03/27 07:22:35 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\ph_sign.slf
[2010/03/27 07:22:35 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\ph_fuzzy.sig
[2010/03/27 07:22:35 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\ph_black.dat
[2010/03/27 07:22:34 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pcwords2.dat
[2010/03/27 07:22:34 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pcwords.dat
[2010/03/27 07:22:34 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_webproxy.dat
[2010/03/27 07:22:34 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_video.dat
[2010/03/27 07:22:34 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_tabloids.dat
[2010/03/27 07:22:34 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_socialnetworks.dat
[2010/03/27 07:22:34 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_sign.slf
[2010/03/27 07:22:34 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_searchengines.dat
[2010/03/27 07:22:34 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_regionaltlds.dat
[2010/03/27 07:22:34 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_pornography.dat
[2010/03/27 07:22:34 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_onlineshop.dat
[2010/03/27 07:22:34 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_onlinepay.dat
[2010/03/27 07:22:34 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_onlinedating.dat
[2010/03/27 07:22:34 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_news.dat
[2010/03/27 07:22:34 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_im.dat
[2010/03/27 07:22:34 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_illegal.dat
[2010/03/27 07:22:34 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_hate.dat
[2010/03/27 07:22:34 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_games.dat
[2010/03/27 07:22:34 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_gambling.dat
[2010/03/27 07:22:34 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_drugs.dat
[2010/03/27 07:22:34 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\ab_sbl.sig
[2010/03/27 07:22:34 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\ab_bl.sig
[2010/03/27 02:58:55 | 000,001,869 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\BitDefender Total Security 2010.lnk
[2010/03/27 02:57:02 | 000,389,854 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/27 02:57:02 | 000,383,584 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/27 02:57:02 | 000,053,812 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/26 21:25:55 | 000,000,935 | ---- | M] () -- C:\Documents and Settings\ok\My Documents\Document Recovery.bat
[2010/03/26 20:40:48 | 000,002,261 | ---- | M] () -- C:\Documents and Settings\ok\Desktop\Google Chrome.lnk
[2010/03/26 11:55:25 | 000,000,649 | ---- | M] () -- C:\Documents and Settings\ok\Desktop\Shortcut to SeireiteiRO.lnk
[2010/03/23 19:10:12 | 000,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/03/22 21:48:13 | 000,072,962 | ---- | M] () -- C:\Documents and Settings\ok\My Documents\cc_20100322_214806.reg
[2010/03/22 21:39:46 | 000,007,680 | ---- | M] () -- C:\Documents and Settings\ok\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Files Created - No Company Name ==========

[2010/03/31 13:17:22 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\ok\Desktop\NTREGOPT.lnk
[2010/03/31 13:17:22 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\ok\Desktop\ERUNT.lnk
[2010/03/31 08:58:26 | 000,000,228 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/03/31 08:53:32 | 000,000,766 | ---- | C] () -- C:\Documents and Settings\ok\Desktop\Trillian.lnk
[2010/03/30 08:41:27 | 000,000,025 | ---- | C] () -- C:\Documents and Settings\ok\Application Data\bdfvconp.ini
[2010/03/29 20:59:44 | 267,833,344 | -HS- | C] () -- C:\hiberfil.sys
[2010/03/28 16:15:55 | 000,001,787 | ---- | C] () -- C:\Documents and Settings\ok\Desktop\Rise Of Nations.lnk
[2010/03/27 21:41:20 | 000,000,850 | ---- | C] () -- C:\Documents and Settings\ok\Application DataProductTweaks.xml
[2010/03/27 21:41:20 | 000,000,385 | ---- | C] () -- C:\Documents and Settings\ok\Application Datauser_gensett.xml
[2010/03/27 11:03:01 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\asdict.dat
[2010/03/27 11:03:01 | 000,000,004 | ---- | C] () -- C:\WINDOWS\System32\aspdict-en.dat
[2010/03/27 09:13:21 | 000,000,385 | ---- | C] () -- C:\WINDOWS\System32\user_gensett.xml
[2010/03/27 08:41:42 | 000,000,052 | ---- | C] () -- C:\WINDOWS\System32\ashttpstats.csv
[2010/03/27 07:22:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\wsbl.dat
[2010/03/27 07:22:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\phar_unmip.dat
[2010/03/27 07:22:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\phar_histprot.dat
[2010/03/27 07:22:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ph_white.dat
[2010/03/27 07:22:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ph_summ.dat
[2010/03/27 07:22:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ph_spoof.sig
[2010/03/27 07:22:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ph_sign.slf
[2010/03/27 07:22:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ph_fuzzy.sig
[2010/03/27 07:22:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ph_black.dat
[2010/03/27 07:22:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pcwords2.dat
[2010/03/27 07:22:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pcwords.dat
[2010/03/27 07:22:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_webproxy.dat
[2010/03/27 07:22:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_video.dat
[2010/03/27 07:22:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_tabloids.dat
[2010/03/27 07:22:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_socialnetworks.dat
[2010/03/27 07:22:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_sign.slf
[2010/03/27 07:22:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_searchengines.dat
[2010/03/27 07:22:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_regionaltlds.dat
[2010/03/27 07:22:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_pornography.dat
[2010/03/27 07:22:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_onlineshop.dat
[2010/03/27 07:22:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_onlinepay.dat
[2010/03/27 07:22:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_onlinedating.dat
[2010/03/27 07:22:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_news.dat
[2010/03/27 07:22:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_im.dat
[2010/03/27 07:22:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_illegal.dat
[2010/03/27 07:22:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_hate.dat
[2010/03/27 07:22:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_games.dat
[2010/03/27 07:22:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_gambling.dat
[2010/03/27 07:22:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_drugs.dat
[2010/03/27 07:22:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ab_sbl.sig
[2010/03/27 07:22:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ab_bl.sig
[2010/03/27 07:17:16 | 000,000,376 | ---- | C] () -- C:\Documents and Settings\ok\Application Dataprivacy.xml
[2010/03/27 02:58:55 | 000,001,869 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\BitDefender Total Security 2010.lnk
[2010/03/26 21:25:55 | 000,000,935 | ---- | C] () -- C:\Documents and Settings\ok\My Documents\Document Recovery.bat
[2010/03/26 11:55:25 | 000,000,649 | ---- | C] () -- C:\Documents and Settings\ok\Desktop\Shortcut to SeireiteiRO.lnk
[2010/03/23 19:10:12 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/03/23 19:09:05 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/03/22 22:48:06 | 000,002,261 | ---- | C] () -- C:\Documents and Settings\ok\Desktop\Google Chrome.lnk
[2010/03/22 22:32:01 | 000,000,966 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-1326574676-682003330-1003UA.job
[2010/03/22 22:32:00 | 000,000,914 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-1326574676-682003330-1003Core.job
[2010/03/22 21:48:08 | 000,072,962 | ---- | C] () -- C:\Documents and Settings\ok\My Documents\cc_20100322_214806.reg
[2009/10/30 10:25:08 | 000,000,045 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/08/06 05:05:59 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2009/08/06 05:05:45 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2009/08/06 05:02:28 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/01/15 12:45:34 | 000,181,248 | ---- | C] () -- C:\WINDOWS\System32\txmlutil.dll
[2007/10/25 17:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2007/01/31 13:50:32 | 000,913,408 | ---- | C] () -- C:\WINDOWS\System32\xreglib.dll
[2004/08/04 06:56:44 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/07/17 17:36:38 | 000,011,376 | R--- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2003/08/26 11:35:51 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2003/08/25 18:10:02 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\ok\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2003/08/25 00:08:10 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2003/08/25 00:08:09 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2003/08/25 00:07:58 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\ok\Application Data\$_hpcst$.hpc
[2003/01/08 06:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2009/02/25 11:17:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\037A
[2003/08/25 17:34:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\30232
[2003/08/25 18:22:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\3203
[2003/08/26 11:34:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\358C
[2010/03/27 03:04:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BitDefender
[2003/08/25 00:32:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eboostr
[2003/08/25 00:10:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/03/27 02:58:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ok\Application Data\BitDefender
[2010/03/31 14:47:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ok\Application Data\DMCache
[2010/01/02 13:54:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ok\Application Data\GrabPro
[2010/03/28 15:59:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ok\Application Data\IDM
[2010/03/25 15:07:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ok\Application Data\Orbit
[2003/08/25 00:10:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ok\Application Data\PC Suite
[2010/03/27 08:36:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ok\Application Data\Samsung
[2010/03/31 09:03:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ok\Application Data\Trillian
[2010/03/31 15:01:01 | 000,000,228 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AGP440.SYS >
[2004/08/04 07:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 07:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004/08/04 04:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2004/08/04 06:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2004/08/04 06:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2004/08/04 06:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll
[2009/06/25 15:04:32 | 000,001,536 | ---- | M] () MD5=8D4CD834292293F4055BAC313268E2DE -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\lib\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2004/08/04 06:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2004/08/04 06:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2004/08/04 06:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 06:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2004/08/04 06:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\dllcache\scecli.dll
[2004/08/04 06:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010/03/27 08:40:33 | 000,153,448 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\bdfm.sys
[2009/10/19 16:04:00 | 000,110,984 | ---- | M] (BitDefender LLC) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\bdfndisf.sys
[2009/07/24 11:26:08 | 000,285,704 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\bdfsfltr.sys

< %systemroot%\System32\config\*.sav >
[2009/07/31 23:44:14 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/07/31 23:44:14 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/07/31 23:44:13 | 000,872,448 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< End of report >

#5
RKinner

Posted 31 March 2010 - 01:33 AM

Malware Expert

Expert
24,624 posts

You still show signs of infection:

Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************************************
reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2" /f

**********************************************************************

Start, Run, cmd, OK to bring up a new Command Prompt window. Rightclick and select Paste and the above text should appear. Make sure you got it all and then hit Enter.

Close the Command Prompt window.

Download Flash_Disinfector.exe by sUBs
http://download.blee...Disinfector.exe
and save it to your desktop.

* Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
* The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
* Wait until it has finished scanning and then exit the program.
* Reboot your computer when done.

Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.

Download but do not yet run ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html

Download and Rename this file -- (call it george.exe ) to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on george to start the program.

* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Re-activate your protection programs at this time :!:

Post Back (copy/paste the .txt files, do not use attachments)
After following the above, post back with:

MBAM log
Combofix log

Ron

#6
Geek of Spades

Posted 01 April 2010 - 12:23 AM

Member

Topic Starter
Member
56 posts

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3939

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

4/1/2010 2:03:49 PM
mbam-log-2010-04-01 (14-03-49).txt

Scan type: Full scan (C:\|)
Objects scanned: 152133
Time elapsed: 58 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\logfile32.txt (Malware.Trace) -> Quarantined and deleted successfully.

#7
Geek of Spades

Posted 01 April 2010 - 12:24 AM

Member

Topic Starter
Member
56 posts

ComboFix 10-03-29.04 - ok 04/01/2010 14:23:06.7.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.255.60 [GMT 8:00]
Running from: c:\documents and settings\ok\Desktop\george.exe
AV: BitDefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: BitDefender Firewall *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\BitDefender\BitDefender Online Backup\ntSVc.ocx
c:\recycler\S-1-5-21-0470139243-9417863185-526554628-4960
c:\recycler\S-1-5-21-1295679671-4747332963-047672340-2482
c:\recycler\S-1-5-21-1623003875-2089148023-828350667-9924
c:\recycler\S-1-5-21-4796818899-2293880736-113404778-4796
c:\recycler\S-1-5-21-5017285481-0403918316-966136236-2737
c:\recycler\S-1-5-21-5379338124-4573719183-397162818-2314
c:\recycler\S-1-5-21-6680479454-5345885333-737425136-8233
c:\recycler\S-1-5-21-9673862540-6569721590-412745037-9644
c:\windows\system32\37.scr
c:\windows\system32\38.exe
c:\windows\system32\42.scr
c:\windows\system32\50.exe
c:\windows\system32\60.scr
c:\windows\system32\72.scr

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ABP470N5
-------\Legacy_VMWARESERVICE
-------\Service_abp470n5

((((((((((((((((((((((((( Files Created from 2010-03-01 to 2010-04-01 )))))))))))))))))))))))))))))))
.

23069-02-25 02:38 . 2009-02-25 03:37 152576 ----a-w- c:\documents and settings\ok\Application Data\Sun\Java\jre1.6.0_11\lzma.dll
23069-02-25 02:25 . 23069-02-25 02:25 -------- d-----w- c:\program files\LimeWire
23069-02-25 02:13 . 2010-04-01 06:32 -------- d-----w- c:\documents and settings\ok\Application Data\DMCache
23069-02-25 02:12 . 2010-03-26 14:00 -------- d-----w- c:\program files\Internet Download Manager
2010-03-31 05:17 . 2010-03-31 05:17 -------- d-----w- c:\program files\ERUNT
2010-03-31 00:57 . 2010-03-31 00:58 -------- d-----w- c:\program files\Ask.com
2010-03-31 00:53 . 2010-03-31 01:03 -------- d-----w- c:\documents and settings\ok\Application Data\Trillian
2010-03-31 00:51 . 2010-03-31 15:23 -------- d-----w- c:\program files\Trillian
2010-03-29 15:27 . 2010-03-29 15:39 -------- d-----w- c:\windows\SxsCaPendDel
2010-03-29 03:28 . 2010-03-29 03:27 151552 --sh--r- c:\windows\system32\xfgnl.exe
2010-03-28 08:17 . 2010-03-28 08:17 -------- d-----w- c:\documents and settings\ok\Application Data\Microsoft Games
2010-03-28 08:12 . 2010-03-28 08:12 -------- d-----w- c:\program files\GameSpy Arcade
2010-03-28 08:04 . 2010-03-28 08:04 -------- d-----w- c:\program files\Microsoft Games
2010-03-27 03:03 . 2010-03-27 03:03 4 ----a-w- c:\windows\system32\aspdict-en.dat
2010-03-27 03:03 . 2010-03-27 03:03 16 ----a-w- c:\windows\system32\asdict.dat
2010-03-26 18:58 . 2010-03-26 18:58 -------- d-----w- c:\documents and settings\ok\Application Data\BitDefender
2010-03-26 18:58 . 2010-03-26 18:58 -------- d-----w- C:\Binaries
2010-03-26 18:57 . 2010-03-26 19:04 -------- d-----w- c:\documents and settings\All Users\Application Data\BitDefender
2010-03-26 18:57 . 2010-03-26 18:58 -------- d-----w- c:\program files\BitDefender
2010-03-26 18:55 . 2010-03-26 18:56 -------- d-----w- c:\windows\system32\URTTemp
2010-03-26 18:53 . 2010-03-26 18:58 -------- d-----w- c:\program files\Common Files\BitDefender
2010-03-26 14:00 . 2010-03-26 14:00 198064 ----a-w- c:\documents and settings\ok\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
2010-03-26 13:56 . 2010-03-28 07:59 -------- d-----w- c:\documents and settings\ok\Application Data\IDM
2010-03-23 11:10 . 2010-03-31 13:02 -------- d-----w- c:\documents and settings\ok\Application Data\skypePM
2010-03-23 11:10 . 2010-03-23 11:10 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-03-23 11:09 . 2010-03-31 13:25 -------- d-----w- c:\documents and settings\ok\Application Data\Skype
2010-03-23 11:09 . 2010-03-23 11:09 -------- d-----w- c:\program files\Common Files\Skype
2010-03-23 11:09 . 2010-03-23 11:09 -------- d-----r- c:\program files\Skype
2010-03-23 11:08 . 2010-03-23 11:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-03-22 14:55 . 2010-03-22 14:55 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-01 04:54 . 2009-10-22 01:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-01 04:43 . 2003-08-24 16:13 -------- d-----w- c:\documents and settings\ok\Application Data\U3
2010-03-31 00:27 . 2009-08-05 21:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-03-31 00:27 . 2009-08-05 21:04 -------- d-----w- c:\program files\Yahoo!
2010-03-29 16:05 . 2009-10-26 01:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-03-29 15:33 . 2009-10-26 01:06 -------- d-----w- c:\documents and settings\ok\Application Data\Yahoo!
2010-03-29 07:24 . 2009-10-22 01:58 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 07:24 . 2009-10-22 01:58 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-27 07:13 . 2003-08-25 00:26 -------- d-----w- c:\program files\RO
2010-03-27 00:40 . 2009-12-07 10:49 106464 ----a-w- c:\windows\system32\drivers\bdhv.sys
2010-03-27 00:40 . 2009-12-07 10:46 153448 ----a-w- c:\windows\system32\drivers\bdfm.sys
2010-03-27 00:36 . 2003-08-24 16:07 -------- d-----w- c:\documents and settings\ok\Application Data\Samsung
2010-03-27 00:36 . 2003-08-24 16:06 -------- d-----w- c:\program files\Samsung
2010-03-27 00:34 . 2003-08-24 16:07 -------- d-----w- c:\program files\PC Connectivity Solution
2010-03-25 07:07 . 2010-01-02 05:53 -------- d-----w- c:\documents and settings\ok\Application Data\Orbit
.

((((((((((((((((((((((((((((( SnapShot@2003-08-24_16.23.21 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-11 16:02 . 2009-07-11 16:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
+ 2007-11-06 18:19 . 2007-11-06 18:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
+ 2009-07-11 16:02 . 2009-07-11 16:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
+ 2009-07-11 16:02 . 2009-07-11 16:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
+ 2009-07-11 16:02 . 2009-07-11 16:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
+ 2009-07-11 16:02 . 2009-07-11 16:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
+ 2009-07-11 16:02 . 2009-07-11 16:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
+ 2009-07-11 16:02 . 2009-07-11 16:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
+ 2009-07-11 16:02 . 2009-07-11 16:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
+ 2009-07-11 16:02 . 2009-07-11 16:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
+ 2009-07-11 16:02 . 2009-07-11 16:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
+ 2009-07-11 16:02 . 2009-07-11 16:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
+ 2009-07-11 16:02 . 2009-07-11 16:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
+ 2008-07-29 00:05 . 2008-07-29 00:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
+ 2008-07-29 00:05 . 2008-07-29 00:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
+ 2008-07-29 00:05 . 2008-07-29 00:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
+ 2008-07-29 00:05 . 2008-07-29 00:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
+ 2008-07-29 00:05 . 2008-07-29 00:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
+ 2008-07-29 00:05 . 2008-07-29 00:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
+ 2008-07-29 00:05 . 2008-07-29 00:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
+ 2008-07-29 00:05 . 2008-07-29 00:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
+ 2008-07-29 00:05 . 2008-07-29 00:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
+ 2008-07-29 00:05 . 2008-07-29 00:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
+ 2008-07-29 00:05 . 2008-07-29 00:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
+ 2009-07-11 16:05 . 2009-07-11 16:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
+ 2009-07-11 16:05 . 2009-07-11 16:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
+ 2008-07-28 22:07 . 2008-07-28 22:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
+ 2008-07-28 22:07 . 2008-07-28 22:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
+ 2009-07-11 12:54 . 2009-07-11 12:54 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e79c4723\vcomp.dll
+ 2009-07-11 12:32 . 2009-07-11 12:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80KOR.dll
+ 2009-07-11 12:32 . 2009-07-11 12:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80JPN.dll
+ 2009-07-11 12:32 . 2009-07-11 12:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ITA.dll
+ 2009-07-11 12:32 . 2009-07-11 12:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80FRA.dll
+ 2009-07-11 12:32 . 2009-07-11 12:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ESP.dll
+ 2009-07-11 12:32 . 2009-07-11 12:32 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ENU.dll
+ 2009-07-11 12:32 . 2009-07-11 12:32 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80DEU.dll
+ 2009-07-11 12:32 . 2009-07-11 12:32 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHT.dll
+ 2009-07-11 12:32 . 2009-07-11 12:32 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHS.dll
+ 2009-07-11 17:07 . 2009-07-11 17:07 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80u.dll
+ 2009-07-11 17:19 . 2009-07-11 17:19 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80.dll
+ 2009-07-11 11:41 . 2009-07-11 11:41 97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll
+ 2010-03-28 08:14 . 2010-03-28 08:14 82432 c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\msxml4r.dll
+ 2010-04-01 06:31 . 2010-04-01 06:31 16384 c:\windows\temp\Perflib_Perfdata_724.dat
+ 2009-07-31 22:56 . 2009-08-06 11:24 53472 c:\windows\system32\wuauclt.exe
+ 2003-02-20 21:16 . 2003-02-20 21:16 49152 c:\windows\system32\URTTemp\regtlib.exe
+ 2010-03-26 18:55 . 2003-02-20 11:09 77824 c:\windows\system32\URTTemp\mscorsn.dll
+ 2010-03-26 16:16 . 2005-03-21 07:00 13536 c:\windows\system32\spmsg.dll
+ 2010-03-27 03:19 . 2009-08-06 11:24 44768 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.4.7600.226\wups2.dll
+ 2010-03-27 03:19 . 2009-08-06 11:24 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll
+ 2003-08-24 16:08 . 2009-01-15 03:11 12160 c:\windows\system32\Samsung_USB_Drivers\7\i386\ssecwhnt.sys
+ 2003-08-24 16:08 . 2009-01-15 03:11 25856 c:\windows\system32\Samsung_USB_Drivers\7\i386\ssecnd5.sys
+ 2003-08-24 16:08 . 2009-01-15 03:11 14976 c:\windows\system32\Samsung_USB_Drivers\7\i386\ssecmdfl.sys
+ 2003-08-24 16:08 . 2009-01-15 03:11 10624 c:\windows\system32\Samsung_USB_Drivers\7\i386\sseccrnt.sys
+ 2003-08-24 16:08 . 2009-01-15 03:11 12160 c:\windows\system32\Samsung_USB_Drivers\7\i386\sseccmnt.sys
+ 2003-08-24 16:08 . 2009-01-15 03:11 86528 c:\windows\system32\Samsung_USB_Drivers\7\i386\ssecbus.sys
+ 2003-08-24 16:08 . 2007-07-05 04:38 73728 c:\windows\system32\Samsung_USB_Drivers\6_old\SSBCUninstall.exe
+ 2003-08-24 16:08 . 2007-07-05 04:38 12160 c:\windows\system32\Samsung_USB_Drivers\6_old\i386\ssbcwhnt.sys
+ 2003-08-24 16:08 . 2007-07-05 04:38 14848 c:\windows\system32\Samsung_USB_Drivers\6_old\i386\ssbcmdfl.sys
+ 2003-08-24 16:08 . 2007-07-05 04:38 12160 c:\windows\system32\Samsung_USB_Drivers\6_old\i386\ssbccmnt.sys
+ 2003-08-24 16:08 . 2007-07-05 04:38 83328 c:\windows\system32\Samsung_USB_Drivers\6_old\i386\ssbcbus.sys
+ 2003-08-24 16:08 . 2009-03-20 02:01 73728 c:\windows\system32\Samsung_USB_Drivers\6\SS_BUninstall.exe
+ 2003-08-24 16:08 . 2009-03-20 02:01 12160 c:\windows\system32\Samsung_USB_Drivers\6\i386\ss_bwhnt.sys
+ 2003-08-24 16:08 . 2009-03-20 02:01 98560 c:\windows\system32\Samsung_USB_Drivers\6\i386\ss_bserd.sys
+ 2003-08-24 16:08 . 2009-03-20 02:01 14976 c:\windows\system32\Samsung_USB_Drivers\6\i386\ss_bmdfl.sys
+ 2003-08-24 16:08 . 2009-03-20 02:01 12160 c:\windows\system32\Samsung_USB_Drivers\6\i386\ss_bcmnt.sys
+ 2003-08-24 16:08 . 2009-03-20 02:01 90112 c:\windows\system32\Samsung_USB_Drivers\6\i386\ss_bbus.sys
+ 2003-08-24 16:08 . 2009-02-25 02:13 74240 c:\windows\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
+ 2003-08-24 16:08 . 2009-02-25 02:13 12160 c:\windows\system32\Samsung_USB_Drivers\5\i386\sssdwhnt.sys
+ 2003-08-24 16:08 . 2009-02-25 02:13 14976 c:\windows\system32\Samsung_USB_Drivers\5\i386\sssdmdfl.sys
+ 2003-08-24 16:08 . 2009-02-25 02:13 12160 c:\windows\system32\Samsung_USB_Drivers\5\i386\sssdcmnt.sys
+ 2003-08-24 16:08 . 2009-02-25 02:13 87296 c:\windows\system32\Samsung_USB_Drivers\5\i386\sssdbus.sys
+ 2003-08-24 16:08 . 2007-07-03 08:53 70824 c:\windows\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
+ 2003-08-24 16:08 . 2007-07-03 08:59 86824 c:\windows\system32\Samsung_USB_Drivers\3\i386\sscdserd.sys
+ 2003-08-24 16:08 . 2007-07-03 08:57 11944 c:\windows\system32\Samsung_USB_Drivers\3\i386\sscdmdfl.sys
+ 2003-08-24 16:08 . 2007-07-03 08:54 80552 c:\windows\system32\Samsung_USB_Drivers\3\i386\sscdbus.sys
+ 2003-08-24 16:08 . 2007-05-02 03:12 72968 c:\windows\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
+ 2003-08-24 16:08 . 2007-05-02 03:12 12424 c:\windows\system32\Samsung_USB_Drivers\2\i386\ssm_whnt.sys
+ 2003-08-24 16:08 . 2007-05-02 03:12 15112 c:\windows\system32\Samsung_USB_Drivers\2\i386\ssm_mdfl.sys
+ 2003-08-24 16:08 . 2007-05-02 03:12 12424 c:\windows\system32\Samsung_USB_Drivers\2\i386\ssm_cmnt.sys
+ 2003-08-24 16:08 . 2007-05-02 03:12 83592 c:\windows\system32\Samsung_USB_Drivers\2\i386\ssm_bus.sys
+ 2003-08-24 16:08 . 2007-05-02 03:11 72968 c:\windows\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
+ 2003-08-24 16:08 . 2007-05-02 03:11 12424 c:\windows\system32\Samsung_USB_Drivers\1\i386\ss_whnt.sys
+ 2003-08-24 16:08 . 2007-05-02 03:11 15112 c:\windows\system32\Samsung_USB_Drivers\1\i386\ss_mdfl.sys
+ 2003-08-24 16:08 . 2007-05-02 03:11 12424 c:\windows\system32\Samsung_USB_Drivers\1\i386\ss_cmnt.sys
+ 2003-08-24 16:08 . 2007-05-02 03:11 83592 c:\windows\system32\Samsung_USB_Drivers\1\i386\ss_bus.sys
+ 2001-08-23 12:00 . 2010-03-26 18:57 53812 c:\windows\system32\perfc009.dat
+ 2003-08-24 16:08 . 2007-05-02 08:31 90624 c:\windows\system32\nmwcdcls.dll
+ 2003-02-20 11:16 . 2003-02-20 11:16 32768 c:\windows\system32\netfxperf.dll
+ 2003-04-18 07:29 . 2003-04-18 07:29 82432 c:\windows\system32\msxml4r.dll
+ 2002-01-04 18:38 . 2002-01-04 18:38 54784 c:\windows\system32\msvci70.dll
+ 2004-08-03 22:56 . 2005-03-21 07:00 15360 c:\windows\system32\msisip.dll
+ 2004-08-03 22:56 . 2005-03-21 07:00 78848 c:\windows\system32\msiexec.exe
+ 2003-02-20 10:43 . 2003-02-20 10:43 16896 c:\windows\system32\mscorier.dll
+ 2003-08-24 16:08 . 2009-03-31 01:39 36608 c:\windows\system32\FsUsbExDisk.Sys
+ 2003-08-24 16:08 . 2008-01-14 10:39 25600 c:\windows\system32\DRVSTORE\shpusb_558D416BCEB984F35885804D3E1A9C3773F1B17C\i386\SHPUSB.sys
+ 2003-08-24 16:08 . 2008-01-14 10:39 30208 c:\windows\system32\DRVSTORE\shpacm_18A9B92ED8DEDC602E49E767FA4BE98A30525207\i386\SHPACM.sys
+ 2003-08-24 16:08 . 2007-09-17 07:53 21632 c:\windows\system32\DRVSTORE\pccsmcfd_4A1E30386F4D0DEC8F5DF262CFBD8845EEBAB175\pccsmcfd.sys
+ 2003-08-24 16:08 . 2007-05-02 08:31 12288 c:\windows\system32\DRVSTORE\nmwcdsam2k_880D94EACF26DB5FF04E2A3B3A16959D5F0A0274\nmwcdsacm.sys
+ 2003-08-24 16:08 . 2007-05-02 08:31 12288 c:\windows\system32\DRVSTORE\nmwcdsacj_880D94EACF26DB5FF04E2A3B3A16959D5F0A0274\nmwcdsacj.sys
+ 2003-08-24 16:08 . 2007-05-02 08:31 90624 c:\windows\system32\DRVSTORE\nmwcdsa_880D94EACF26DB5FF04E2A3B3A16959D5F0A0274\nmwcdcls.dll
+ 2003-08-24 16:08 . 2009-03-20 02:01 12160 c:\windows\system32\drivers\ss_bwhnt.sys
+ 2003-08-24 16:08 . 2009-03-20 02:01 12160 c:\windows\system32\drivers\ss_bwh.sys
+ 2003-08-24 16:08 . 2009-03-20 02:01 14976 c:\windows\system32\drivers\ss_bmdfl.sys
+ 2003-08-24 16:08 . 2009-03-20 02:01 12160 c:\windows\system32\drivers\ss_bcmnt.sys
+ 2003-08-24 16:08 . 2009-03-20 02:01 12160 c:\windows\system32\drivers\ss_bcm.sys
+ 2003-08-24 16:08 . 2009-03-20 02:01 90112 c:\windows\system32\drivers\ss_bbus.sys
+ 2004-07-17 09:36 . 2003-04-19 17:17 11376 c:\windows\system32\drivers\secdrv.sys
+ 2003-08-24 16:08 . 2007-09-17 07:53 21632 c:\windows\system32\drivers\pccsmcfd.sys
+ 2009-09-22 00:22 . 2009-09-22 00:22 83208 c:\windows\system32\drivers\BDVEDISK.sys
+ 2009-12-23 01:25 . 2003-08-24 16:32 56816 c:\windows\system32\drivers\avgntflt.sys
+ 2009-07-31 22:56 . 2009-08-06 11:24 53472 c:\windows\system32\dllcache\wuauclt.exe
+ 2004-08-03 22:56 . 2005-03-21 07:00 15360 c:\windows\system32\dllcache\msisip.dll
+ 2004-08-03 22:56 . 2005-03-21 07:00 78848 c:\windows\system32\dllcache\msiexec.exe
+ 2004-08-03 22:56 . 2009-08-06 11:24 96480 c:\windows\system32\dllcache\cdm.dll
+ 2004-08-03 22:56 . 2009-08-06 11:24 96480 c:\windows\system32\cdm.dll
+ 2001-03-02 12:52 . 2001-03-02 12:52 15360 c:\windows\system32\asfsipc.dll
+ 2009-08-05 21:05 . 2005-08-18 01:39 90112 c:\windows\soundman.exe
+ 2009-08-06 11:24 . 2009-08-06 11:24 44768 c:\windows\SoftwareDistribution\SelfUpdate\Default\wups2.dll
+ 2009-08-06 11:24 . 2009-08-06 11:24 35552 c:\windows\SoftwareDistribution\SelfUpdate\Default\wups.dll
+ 2009-08-06 11:24 . 2009-08-06 11:24 53472 c:\windows\SoftwareDistribution\SelfUpdate\Default\wuauclt.exe
+ 2009-08-06 11:24 . 2009-08-06 11:24 96480 c:\windows\SoftwareDistribution\SelfUpdate\Default\cdm.dll
+ 2003-02-20 12:10 . 2003-02-20 12:10 31744 c:\windows\Microsoft.NET\Framework\v1.1.4322\WMINet_Utils.dll
+ 2003-02-20 23:24 . 2003-02-20 23:24 57344 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.RegularExpressions.dll
+ 2003-02-20 23:26 . 2003-02-20 23:26 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
+ 2003-02-20 11:09 . 2003-02-20 11:09 64000 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.Thunk.dll
+ 2003-02-20 23:26 . 2003-02-20 23:26 65536 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Drawing.Design.dll
+ 2003-02-20 23:26 . 2003-02-20 23:26 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.DirectoryServices.dll
+ 2003-02-20 23:26 . 2003-02-20 23:26 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Configuration.Install.dll
+ 2003-02-20 23:25 . 2003-02-20 23:25 12288 c:\windows\Microsoft.NET\Framework\v1.1.4322\RegSvcs.exe
+ 2003-02-20 23:26 . 2003-02-20 23:26 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\RegCode.dll
+ 2003-02-20 23:25 . 2003-02-20 23:25 28672 c:\windows\Microsoft.NET\Framework\v1.1.4322\RegAsm.exe
+ 2003-02-20 11:09 . 2003-02-20 11:09 90112 c:\windows\Microsoft.NET\Framework\v1.1.4322\PerfCounter.dll
+ 2003-02-20 11:09 . 2003-02-20 11:09 73728 c:\windows\Microsoft.NET\Framework\v1.1.4322\ngen.exe
+ 2003-02-20 10:43 . 2003-02-20 10:43 22528 c:\windows\Microsoft.NET\Framework\v1.1.4322\MUI\0409\mscorsecr.dll
+ 2003-02-20 11:18 . 2003-02-20 11:18 20480 c:\windows\Microsoft.NET\Framework\v1.1.4322\mtxoci8.dll
+ 2003-02-20 11:09 . 2003-02-20 11:09 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2003-02-20 11:09 . 2003-02-20 11:09 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsec.dll
+ 2003-02-20 11:06 . 2003-02-20 11:06 65536 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorpe.dll
+ 2003-02-20 11:09 . 2003-02-20 11:09 98304 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2003-02-20 11:09 . 2003-02-20 11:09 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2003-02-20 11:09 . 2003-02-20 11:09 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscordbc.dll
+ 2003-02-20 23:25 . 2003-02-20 23:25 49152 c:\windows\Microsoft.NET\Framework\v1.1.4322\MigPolWin.exe
+ 2003-02-20 23:25 . 2003-02-20 23:25 49152 c:\windows\Microsoft.NET\Framework\v1.1.4322\MigPol.exe
+ 2003-02-20 23:25 . 2003-02-20 23:25 11264 c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2003-02-20 23:24 . 2003-02-20 23:24 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.Vsa.dll
+ 2003-02-20 23:24 . 2003-02-20 23:24 28672 c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualBasic.Vsa.dll
+ 2003-02-20 23:24 . 2003-02-20 23:24 40960 c:\windows\Microsoft.NET\Framework\v1.1.4322\jsc.exe
+ 2003-02-20 23:24 . 2003-02-20 23:24 26112 c:\windows\Microsoft.NET\Framework\v1.1.4322\ISymWrapper.dll
+ 2003-02-20 11:22 . 2003-02-20 11:22 40960 c:\windows\Microsoft.NET\Framework\v1.1.4322\InstallUtilLib.dll
+ 2003-02-20 23:24 . 2003-02-20 23:24 15872 c:\windows\Microsoft.NET\Framework\v1.1.4322\InstallUtil.exe
+ 2003-02-20 23:24 . 2003-02-20 23:24 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\IEHost.dll
+ 2003-02-20 20:12 . 2003-02-20 20:12 28672 c:\windows\Microsoft.NET\Framework\v1.1.4322\cvtres.exe
+ 2003-02-20 23:24 . 2003-02-20 23:24 33792 c:\windows\Microsoft.NET\Framework\v1.1.4322\CustomMarshalers.dll
+ 2003-02-20 23:24 . 2003-02-20 23:24 12288 c:\windows\Microsoft.NET\Framework\v1.1.4322\cscompmgd.dll
+ 2003-02-21 02:20 . 2003-02-21 02:20 49152 c:\windows\Microsoft.NET\Framework\v1.1.4322\csc.exe
+ 2003-02-20 11:09 . 2003-02-20 11:09 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2003-02-20 23:24 . 2003-02-20 23:24 49152 c:\windows\Microsoft.NET\Framework\v1.1.4322\ConfigWizards.exe
+ 2003-02-20 23:24 . 2003-02-20 23:24 94208 c:\windows\Microsoft.NET\Framework\v1.1.4322\CasPol.exe
+ 2003-02-20 11:19 . 2003-02-20 11:19 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2003-02-20 11:19 . 2003-02-20 11:19 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
+ 2003-02-20 11:19 . 2003-02-20 11:19 20480 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_regiis.exe
+ 2003-02-20 11:19 . 2003-02-20 11:19 40960 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_rc.dll
+ 2003-02-20 11:19 . 2003-02-20 11:19 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
+ 2003-02-20 21:00 . 2003-02-20 21:00 98304 c:\windows\Microsoft.NET\Framework\v1.1.4322\alink.dll
+ 2003-02-20 19:55 . 2003-02-20 19:55 94208 c:\windows\Microsoft.NET\Framework\v1.1.4322\1033\cscompui.dll
+ 2003-02-20 18:59 . 2003-02-20 18:59 16896 c:\windows\Microsoft.NET\Framework\v1.1.4322\1033\alinkui.dll
+ 2003-02-20 11:09 . 2003-02-20 11:09 57344 c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe
+ 2010-03-28 08:14 . 2010-03-28 08:14 89600 c:\windows\Installer\8ca4.msi
+ 2003-08-24 16:08 . 2003-08-24 16:08 10134 c:\windows\Installer\{AC599724-5755-48C1-ABE7-ABB857652930}\ARPPRODUCTICON.exe
+ 2010-03-26 18:59 . 2010-03-26 18:59 57344 c:\windows\Installer\{1895A08A-0DEC-4855-B1F4-1B95FB39901B}\texticon.exe
+ 2010-03-26 18:59 . 2010-03-26 18:59 32768 c:\windows\Installer\{1895A08A-0DEC-4855-B1F4-1B95FB39901B}\maintenance_icon.exe
+ 2010-03-26 18:59 . 2010-03-26 18:59 61440 c:\windows\Installer\{1895A08A-0DEC-4855-B1F4-1B95FB39901B}\helpicon.exe
+ 2010-03-26 18:56 . 2010-03-26 18:56 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_b959e1ae\System.Drawing.Design.dll
+ 2010-03-26 18:56 . 2010-03-26 18:56 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_780b15c2\CustomMarshalers.dll
+ 2010-03-26 18:55 . 2010-03-26 18:55 57344 c:\windows\assembly\GAC\System.Web.RegularExpressions\1.0.5000.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2010-03-26 18:55 . 2010-03-26 18:55 77824 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-03-26 18:55 . 2010-03-26 18:55 64000 c:\windows\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.Thunk.dll
+ 2010-03-26 18:55 . 2010-03-26 18:55 65536 c:\windows\assembly\GAC\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2010-03-26 18:55 . 2010-03-26 18:55 86016 c:\windows\assembly\GAC\System.DirectoryServices\1.0.5000.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2010-03-26 18:55 . 2010-03-26 18:55 77824 c:\windows\assembly\GAC\System.Configuration.Install\1.0.5000.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2010-03-26 18:55 . 2010-03-26 18:55 32768 c:\windows\assembly\GAC\Regcode\1.0.5000.0__b03f5f7f11d50a3a\RegCode.dll
+ 2010-03-26 18:55 . 2010-03-26 18:55 32768 c:\windows\assembly\GAC\Microsoft.Vsa\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2010-03-26 18:55 . 2010-03-26 18:55 11264 c:\windows\assembly\GAC\Microsoft.Vsa.Vb.CodeDOMProcessor\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2010-03-26 18:55 . 2010-03-26 18:55 28672 c:\windows\assembly\GAC\Microsoft.VisualBasic.Vsa\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2010-03-26 18:55 . 2010-03-26 18:55 26112 c:\windows\assembly\GAC\ISymWrapper\1.0.5000.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2010-03-26 18:55 . 2010-03-26 18:55 32768 c:\windows\assembly\GAC\IEHost\1.0.5000.0__b03f5f7f11d50a3a\IEHost.dll
+ 2010-03-26 18:55 . 2010-03-26 18:55 33792 c:\windows\assembly\GAC\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2010-03-26 18:55 . 2010-03-26 18:55 12288 c:\windows\assembly\GAC\cscompmgd\7.0.5000.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2003-08-24 16:08 . 2007-07-03 09:00 9256 c:\windows\system32\Samsung_USB_Drivers\3\i386\sscdwhnt.sys
+ 2003-08-24 16:08 . 2007-07-03 08:56 9256 c:\windows\system32\Samsung_USB_Drivers\3\i386\sscdcmnt.sys
+ 2001-03-02 12:52 . 2001-03-02 12:52 8704 c:\windows\system32\npwmsdrm.dll
+ 2003-02-20 10:43 . 2003-02-20 10:43 4096 c:\windows\system32\mui\0409\mscoreer.dll
+ 2003-08-24 16:08 . 2008-01-14 10:39 6656 c:\windows\system32\DRVSTORE\shpacm_18A9B92ED8DEDC602E49E767FA4BE98A30525207\i386\SHPACMFilter.sys
+ 2003-08-24 16:08 . 2007-05-02 08:31 8320 c:\windows\system32\DRVSTORE\nmwcdsac_880D94EACF26DB5FF04E2A3B3A16959D5F0A0274\nmwcdsac.sys
+ 2007-10-25 09:26 . 2007-10-25 09:26 5632 c:\windows\system32\drivers\StarOpen.sys
+ 2003-02-20 11:09 . 2003-02-20 11:09 9216 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscortim.dll
+ 2003-02-20 23:25 . 2003-02-20 23:25 6656 c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft_VsaVb.dll
+ 2003-02-20 23:25 . 2003-02-20 23:25 6144 c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualC.Dll
+ 2003-02-20 23:24 . 2003-02-20 23:24 4608 c:\windows\Microsoft.NET\Framework\v1.1.4322\IIEHost.dll
+ 2003-02-20 23:24 . 2003-02-20 23:24 7168 c:\windows\Microsoft.NET\Framework\v1.1.4322\IEExecRemote.dll
+ 2003-02-20 23:24 . 2003-02-20 23:24 7680 c:\windows\Microsoft.NET\Framework\v1.1.4322\IEExec.exe
+ 2003-02-20 23:24 . 2003-02-20 23:24 7680 c:\windows\Microsoft.NET\Framework\v1.1.4322\Accessibility.dll
+ 2003-02-20 11:09 . 2003-02-20 11:09 5120 c:\windows\Microsoft.NET\Framework\sbscmp10.dll
+ 2002-05-14 01:42 . 2002-05-14 01:42 5120 c:\windows\Microsoft.NET\Framework\sbs_wminet_utils.dll
+ 2002-06-27 04:45 . 2002-06-27 04:45 5120 c:\windows\Microsoft.NET\Framework\sbs_VsaVb7rt.dll
+ 2002-05-14 01:42 . 2002-05-14 01:42 5120 c:\windows\Microsoft.NET\Framework\sbs_system.enterpriseservices.dll
+ 2002-05-14 01:42 . 2002-05-14 01:42 5120 c:\windows\Microsoft.NET\Framework\sbs_system.data.dll
+ 2002-05-14 01:42 . 2002-05-14 01:42 5120 c:\windows\Microsoft.NET\Framework\sbs_system.configuration.install.dll
+ 2002-05-14 01:42 . 2002-05-14 01:42 5120 c:\windows\Microsoft.NET\Framework\sbs_mscorsec.dll
+ 2002-07-19 03:52 . 2002-07-19 03:52 5120 c:\windows\Microsoft.NET\Framework\sbs_mscorrc.dll
+ 2002-05-14 01:42 . 2002-05-14 01:42 5120 c:\windows\Microsoft.NET\Framework\sbs_mscordbi.dll
+ 2002-05-14 01:42 . 2002-05-14 01:42 5632 c:\windows\Microsoft.NET\Framework\sbs_microsoft.vsa.vb.codedomprocessor.dll
+ 2002-05-14 01:42 . 2002-05-14 01:42 5120 c:\windows\Microsoft.NET\Framework\sbs_microsoft.jscript.dll
+ 2002-05-14 01:42 . 2002-05-14 01:42 5120 c:\windows\Microsoft.NET\Framework\sbs_iehost.dll
+ 2002-05-14 01:42 . 2002-05-14 01:42 5120 c:\windows\Microsoft.NET\Framework\sbs_diasymreader.dll
+ 2003-08-24 16:08 . 2003-08-24 16:08 3262 c:\windows\Installer\{7E84FAC8-C518-40F9-9807-7455301D6D25}\ARPPRODUCTICON.exe
+ 2010-03-26 18:55 . 2010-03-26 18:55 6656 c:\windows\assembly\GAC\Microsoft_VsaVb\7.0.5000.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2010-03-26 18:55 . 2010-03-26 18:55 6144 c:\windows\assembly\GAC\Microsoft.VisualC\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualC.dll
+ 2010-03-26 18:55 . 2010-03-26 18:55 4608 c:\windows\assembly\GAC\IIEHost\1.0.5000.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2010-03-26 18:55 . 2010-03-26 18:55 7168 c:\windows\assembly\GAC\IEExecRemote\1.0.5000.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2010-03-26 18:55 . 2010-03-26 18:55 7680 c:\windows\assembly\GAC\Accessibility\1.0.5000.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2009-07-11 16:02 . 2009-07-11 16:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
+ 2009-07-11 16:02 . 2009-07-11 16:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
+ 2009-07-11 16:05 . 2009-07-11 16:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
+ 2008-07-29 00:05 . 2008-07-29 00:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
+ 2008-07-29 00:05 . 2008-07-29 00:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
+ 2008-07-28 19:54 . 2008-07-28 19:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
+ 2009-07-11 16:02 . 2009-07-11 16:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
+ 2008-07-29 00:05 . 2008-07-29 00:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll
+ 2009-07-11 17:12 . 2009-07-11 17:12 632656 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
+ 2009-07-11 17:09 . 2009-07-11 17:09 554832 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll
+ 2009-07-11 17:08 . 2009-07-11 17:08 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcm80.dll
+ 2007-01-31 05:50 . 2007-01-31 05:50 913408 c:\windows\system32\xreglib.dll
+ 2009-07-31 22:56 . 2009-08-06 11:24 209632 c:\windows\system32\wuweb.dll
+ 2009-07-31 22:56 . 2009-08-06 11:24 327896 c:\windows\system32\wucltui.dll
+ 2009-07-31 22:56 . 2009-08-06 11:23 575704 c:\windows\system32\wuapi.dll
+ 2001-05-09 08:50 . 2001-05-09 08:50 446464 c:\windows\system32\wmvdmoe.dll
+ 2001-05-09 08:47 . 2001-05-09 08:47 466944 c:\windows\system32\wmv8dmoe.dll
+ 2001-05-09 09:40 . 2001-05-09 09:40 309584 c:\windows\system32\wmv8dmod.dll
+ 2010-03-26 18:55 . 2003-02-20 20:42 348160 c:\windows\system32\URTTemp\msvcr71.dll
+ 2010-03-26 18:55 . 2003-02-20 11:06 155648 c:\windows\system32\URTTemp\mscoree.dll
+ 2010-03-26 18:55 . 2003-02-20 11:06 282624 c:\windows\system32\URTTemp\fusion.dll
+ 2009-01-15 04:45 . 2009-01-15 04:45 181248 c:\windows\system32\txmlutil.dll
+ 2003-08-24 16:08 . 2009-03-09 07:20 103936 c:\windows\system32\Samsung_USB_Drivers\7\SSECUninstall.exe
+ 2003-08-24 16:08 . 2009-01-15 03:11 109312 c:\windows\system32\Samsung_USB_Drivers\7\i386\ssecunic.sys
+ 2003-08-24 16:08 . 2009-01-15 03:11 104192 c:\windows\system32\Samsung_USB_Drivers\7\i386\ssecobex.sys
+ 2003-08-24 16:08 . 2009-01-15 03:11 108032 c:\windows\system32\Samsung_USB_Drivers\7\i386\ssecmgmt.sys
+ 2003-08-24 16:08 . 2009-01-15 03:11 114304 c:\windows\system32\Samsung_USB_Drivers\7\i386\ssecmdm.sys
+ 2003-08-24 16:08 . 2007-07-05 04:38 109696 c:\windows\system32\Samsung_USB_Drivers\6_old\i386\ssbcmdm.sys
+ 2003-08-24 16:08 . 2009-03-20 02:01 121856 c:\windows\system32\Samsung_USB_Drivers\6\i386\ss_bmdm.sys
+ 2003-08-24 16:08 . 2009-02-25 02:13 106368 c:\windows\system32\Samsung_USB_Drivers\5\i386\sssdobex.sys
+ 2003-08-24 16:08 . 2009-02-25 02:13 110208 c:\windows\system32\Samsung_USB_Drivers\5\i386\sssdmgmt.sys
+ 2003-08-24 16:08 . 2009-02-25 02:13 115968 c:\windows\system32\Samsung_USB_Drivers\5\i386\sssdmdm.sys
+ 2003-08-24 16:08 . 2007-07-03 08:58 106792 c:\windows\system32\Samsung_USB_Drivers\3\i386\sscdmdm.sys
+ 2003-08-24 16:08 . 2007-05-02 03:12 109704 c:\windows\system32\Samsung_USB_Drivers\2\i386\ssm_mdm.sys
+ 2003-08-24 16:08 . 2007-05-02 03:11 109704 c:\windows\system32\Samsung_USB_Drivers\1\i386\ss_mdm.sys
+ 2001-08-23 12:00 . 2010-03-26 18:57 383584 c:\windows\system32\perfh009.dat
+ 2003-02-20 19:42 . 2003-02-20 19:42 348160 c:\windows\system32\msvcr71.dll
+ 2002-01-04 17:37 . 2002-01-04 17:37 344064 c:\windows\system32\msvcr70.dll
+ 2003-03-18 11:14 . 2003-03-18 11:14 499712 c:\windows\system32\msvcp71.dll
+ 2002-01-04 18:40 . 2002-01-04 18:40 487424 c:\windows\system32\msvcp70.dll
+ 2004-08-03 22:56 . 2005-03-21 07:00 884736 c:\windows\system32\msimsg.dll
- 2004-08-03 22:56 . 2004-08-03 22:56 884736 c:\windows\system32\msimsg.dll
+ 2004-08-03 22:56 . 2005-03-21 07:00 271360 c:\windows\system32\msihnd.dll
+ 2003-02-20 11:09 . 2003-02-20 11:09 106496 c:\windows\system32\mscories.dll
+ 2003-02-20 11:06 . 2003-02-20 11:06 155648 c:\windows\system32\mscoree.dll
+ 2004-03-31 04:28 . 2004-03-31 04:28 131072 c:\windows\system32\mapi32.dll
+ 23069-02-25 02:26 . 2010-03-29 01:27 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
- 23069-02-25 02:26 . 2003-08-24 17:14 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2010-01-27 01:07 . 2010-01-27 01:07 256280 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2010-01-27 00:58 . 2010-01-27 00:58 256280 c:\windows\system32\Macromed\Flash\FlashUtil10e.exe
+ 2009-12-29 04:58 . 2009-12-29 04:57 149280 c:\windows\system32\javaws.exe
+ 2009-12-29 04:58 . 2009-12-29 04:57 145184 c:\windows\system32\javaw.exe
+ 2009-12-29 04:58 . 2009-12-29 04:57 145184 c:\windows\system32\java.exe
+ 2010-01-25 14:48 . 2009-09-09 10:43 210352 c:\windows\system32\idmmbc.dll
+ 2003-08-24 16:08 . 2009-03-31 01:39 233472 c:\windows\system32\FsUsbExService.Exe
+ 2003-08-24 16:08 . 2009-03-31 01:39 110592 c:\windows\system32\FsUsbExDevice.Dll
+ 2003-08-24 16:08 . 2008-03-06 03:14 831048 c:\windows\system32\DRVSTORE\pccswpddri_CAEB6BB34654D5A4CAB32D7967078BA417F01F05\WudfUpdate_01005.dll
+ 2003-08-24 16:08 . 2008-03-06 03:19 534016 c:\windows\system32\DRVSTORE\pccswpddri_CAEB6BB34654D5A4CAB32D7967078BA417F01F05\PCCSWpdDriver.dll
+ 2003-08-24 16:08 . 2007-05-02 08:32 135680 c:\windows\system32\DRVSTORE\nmwcdsa_880D94EACF26DB5FF04E2A3B3A16959D5F0A0274\nmwcdsa.sys
+ 2003-08-24 16:08 . 2009-03-20 02:01 121856 c:\windows\system32\drivers\ss_bmdm.sys
+ 2009-07-24 03:26 . 2009-07-24 03:26 285704 c:\windows\system32\drivers\bdfsfltr.sys
+ 2009-10-19 08:04 . 2009-10-19 08:04 110984 c:\windows\system32\drivers\bdfndisf.sys
+ 2009-07-31 22:56 . 2009-08-06 11:24 209632 c:\windows\system32\dllcache\wuweb.dll
+ 2009-07-31 22:56 . 2009-08-06 11:24 327896 c:\windows\system32\dllcache\wucltui.dll
+ 2009-07-31 22:56 . 2009-08-06 11:23 575704 c:\windows\system32\dllcache\wuapi.dll
- 2004-08-03 22:56 . 2004-08-03 22:56 884736 c:\windows\system32\dllcache\msimsg.dll
+ 2004-08-03 22:56 . 2005-03-21 07:00 884736 c:\windows\system32\dllcache\msimsg.dll
+ 2004-08-03 22:56 . 2005-03-21 07:00 271360 c:\windows\system32\dllcache\msihnd.dll
+ 2009-12-29 04:58 . 2009-12-29 04:57 411368 c:\windows\system32\deploytk.dll
+ 2007-04-11 02:11 . 2007-04-11 02:11 511328 c:\windows\system32\capicom.dll
+ 2009-08-06 11:24 . 2009-08-06 11:24 209632 c:\windows\SoftwareDistribution\SelfUpdate\Default\wuweb.dll
+ 2009-08-06 11:24 . 2009-08-06 11:24 327896 c:\windows\SoftwareDistribution\SelfUpdate\Default\wucltui.dll
+ 2009-08-06 11:23 . 2009-08-06 11:23 575704 c:\windows\SoftwareDistribution\SelfUpdate\Default\wuapi.dll
+ 2003-02-21 02:20 . 2003-02-21 02:20 737280 c:\windows\Microsoft.NET\Framework\v1.1.4322\vbc.exe
+ 2003-02-20 23:27 . 2003-02-20 23:27 569344 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.Services.dll
+ 2003-02-20 23:27 . 2003-02-20 23:27 819200 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.Mobile.dll
+ 2003-02-20 23:27 . 2003-02-20 23:27 126976 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.ServiceProcess.dll
+ 2003-02-20 23:26 . 2003-02-20 23:26 131072 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Serialization.Formatters.Soap.dll
+ 2003-02-20 23:26 . 2003-02-20 23:26 323584 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Remoting.dll
+ 2003-02-20 23:26 . 2003-02-20 23:26 241664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Messaging.dll
+ 2003-02-20 23:26 . 2003-02-20 23:26 368640 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Management.dll
+ 2003-02-20 23:26 . 2003-02-20 23:26 241664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.dll
+ 2003-02-20 23:26 . 2003-02-20 23:26 466944 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Drawing.dll
+ 2003-02-20 23:25 . 2003-02-20 23:25 299008 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Data.OracleClient.dll
+ 2003-02-20 11:09 . 2003-02-20 11:09 319488 c:\windows\Microsoft.NET\Framework\v1.1.4322\SOS.dll
+ 2003-02-20 11:09 . 2003-02-20 11:09 122880 c:\windows\Microsoft.NET\Framework\v1.1.4322\shfusres.dll
+ 2003-02-20 11:09 . 2003-02-20 11:09 253952 c:\windows\Microsoft.NET\Framework\v1.1.4322\shfusion.dll
+ 2003-02-20 20:42 . 2003-02-20 20:42 348160 c:\windows\Microsoft.NET\Framework\v1.1.4322\msvcr71.dll
+ 2003-02-20 11:09 . 2003-02-20 11:09 143360 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorrc.dll
+ 2003-02-20 10:43 . 2003-02-20 10:43 131072 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscormmc.dll
+ 2003-02-20 11:06 . 2003-02-20 11:06 311296 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2003-02-20 11:09 . 2003-02-20 11:09 233472 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscordbi.dll
+ 2003-02-20 23:26 . 2003-02-20 23:26 299008 c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualBasic.dll
+ 2003-02-20 23:26 . 2003-02-20 23:26 716800 c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.JScript.dll
+ 2003-02-20 11:09 . 2003-02-20 11:09 196608 c:\windows\Microsoft.NET\Framework\v1.1.4322\ilasm.exe
+ 2003-02-20 11:06 . 2003-02-20 11:06 282624 c:\windows\Microsoft.NET\Framework\v1.1.4322\fusion.dll
+ 2003-02-20 11:16 . 2003-02-20 11:16 798720 c:\windows\Microsoft.NET\Framework\v1.1.4322\EventLogMessages.dll
+ 2003-02-21 02:21 . 2003-02-21 02:21 524288 c:\windows\Microsoft.NET\Framework\v1.1.4322\diasymreader.dll
+ 2003-02-21 02:21 . 2003-02-21 02:21 626688 c:\windows\Microsoft.NET\Framework\v1.1.4322\cscomp.dll
+ 2002-07-29 03:11 . 2002-07-29 03:11 219136 c:\windows\Microsoft.NET\Framework\v1.1.4322\c_g18030.dll
+ 2003-02-20 11:19 . 2003-02-20 11:19 253952 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2003-02-20 21:04 . 2003-02-20 21:04 155648 c:\windows\Microsoft.NET\Framework\v1.1.4322\1033\Vsavb7rtUI.dll
+ 2003-02-20 19:02 . 2003-02-20 19:02 131072 c:\windows\Microsoft.NET\Framework\v1.1.4322\1033\vbc7ui.dll
+ 2003-02-20 10:43 . 2003-02-20 10:43 131072 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll
+ 2010-03-29 15:28 . 2010-03-29 15:28 424960 c:\windows\Installer\84dda4.msi
+ 2009-12-29 04:56 . 2009-12-29 04:56 537600 c:\windows\Installer\75e308.msi
+ 2009-12-23 01:23 . 2009-12-23 01:23 228352 c:\windows\Installer\718f8.msi
+ 2003-08-24 16:08 . 2003-08-24 16:08 176128 c:\windows\Installer\4ec10.msi
+ 2003-08-24 16:08 . 2003-08-24 16:08 487424 c:\windows\Installer\4ec0b.msi
+ 2010-03-26 12:58 . 2010-03-26 12:58 219648 c:\windows\Installer\41ac94.msi
+ 2010-03-23 11:09 . 2010-03-23 11:09 371272 c:\windows\Installer\{D103C4BA-F905-437A-8049-DB24763BBE36}\SkypeIcon.exe
+ 2010-03-31 00:58 . 2010-03-31 00:58 102400 c:\windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\ARPPRODUCTICON.exe
+ 2010-03-26 18:59 . 2010-03-26 18:59 336782 c:\windows\Installer\{1895A08A-0DEC-4855-B1F4-1B95FB39901B}\register_icon.exe
+ 2010-03-31 05:23 . 2010-03-31 05:23 212992 c:\windows\ERDNT\3-31-2010\Users\00000002\UsrClass.dat
+ 2010-03-31 05:23 . 2005-10-20 04:02 163328 c:\windows\ERDNT\3-31-2010\ERDNT.EXE
+ 2010-03-26 18:56 . 2010-03-26 18:56 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_6485f581\System.Drawing.dll
+ 2010-03-26 18:55 . 2010-03-26 18:55 569344 c:\windows\assembly\GAC\System.Web.Services\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2010-03-26 18:55 . 2010-03-26 18:55 819200 c:\windows\assembly\GAC\System.Web.Mobile\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2010-03-26 18:55 . 2010-03-26 18:55 126976 c:\windows\assembly\GAC\System.ServiceProcess\1.0.5000.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2010-03-26 18:55 . 2010-03-26 18:55 131072 c:\windows\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.5000.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2010-03-26 18:55 . 2010-03-26 18:55 323584 c:\windows\assembly\GAC\System.Runtime.Remoting\1.0.5000.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2010-03-26 18:55 . 2010-03-26 18:55 241664 c:\windows\assembly\GAC\System.Messaging\1.0.5000.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2010-03-26 18:55 . 2010-03-26 18:55 368640 c:\windows\assembly\GAC\System.Management\1.0.5000.0__b03f5f7f11d50a3a\System.Management.dll
+ 2010-03-26 18:55 . 2010-03-26 18:55 241664 c:\windows\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2010-03-26 18:55 . 2010-03-26 18:55 466944 c:\windows\assembly\GAC\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2010-03-26 18:55 . 2010-03-26 18:55 299008 c:\windows\assembly\GAC\System.Data.OracleClient\1.0.5000.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2010-03-26 18:55 . 2010-03-26 18:55 299008 c:\windows\assembly\GAC\Microsoft.VisualBasic\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2010-03-26 18:55 . 2010-03-26 18:55 716800 c:\windows\assembly\GAC\Microsoft.JScript\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2009-07-11 16:02 . 2009-07-11 16:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
+ 2009-07-11 16:02 . 2009-07-11 16:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
+ 2008-07-29 00:05 . 2008-07-29 00:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll
+ 2008-07-29 00:05 . 2008-07-29 00:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll
+ 2009-07-11 12:46 . 2009-07-11 12:46 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80u.dll
+ 2009-07-11 12:46 . 2009-07-11 12:46 1105920 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80.dll
+ 2010-03-28 08:14 . 2010-03-28 08:14 1230336 c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.1.0.0_x-ww_b319d8da\msxml4.dll
+ 2009-07-31 22:56 . 2009-08-06 11:23 1929952 c:\windows\system32\wuaueng.dll
+ 2010-03-26 18:55 . 2003-02-20 11:08 2482176 c:\windows\system32\URTTemp\mscorwks.dll
+ 2003-04-18 07:46 . 2003-04-18 07:46 1233920 c:\windows\system32\msxml4.dll
+ 2004-08-03 22:56 . 2005-03-21 07:00 2890240 c:\windows\system32\msi.dll
+ 2010-01-27 01:07 . 2010-01-27 01:07 3884312 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2009-07-31 22:56 . 2009-08-06 11:23 1929952 c:\windows\system32\dllcache\wuaueng.dll
+ 2004-08-03 22:56 . 2005-03-21 07:00 2890240 c:\windows\system32\dllcache\msi.dll
+ 2009-08-06 11:23 . 2009-08-06 11:23 1929952 c:\windows\SoftwareDistribution\SelfUpdate\Default\wuaueng.dll
+ 2003-02-20 21:04 . 2003-02-20 21:04 1032192 c:\windows\Microsoft.NET\Framework\v1.1.4322\VsaVb7rt.dll
+ 2003-02-20 23:27 . 2003-02-20 23:27 1335296 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.XML.dll
+ 2003-02-20 23:27 . 2003-02-20 23:27 2039808 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Windows.Forms.dll
+ 2003-02-20 23:27 . 2003-02-20 23:27 1245184 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2003-02-20 23:26 . 2003-02-20 23:26 1216512 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2003-02-20 23:26 . 2003-02-20 23:26 1699840 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Design.dll
+ 2003-02-20 23:26 . 2003-02-20 23:26 1290240 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Data.dll
+ 2003-02-20 11:08 . 2003-02-20 11:08 2482176 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2003-02-20 11:07 . 2003-02-20 11:07 2494464 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2003-02-20 23:26 . 2003-02-20 23:26 2088960 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2003-02-20 23:25 . 2003-02-20 23:25 1564672 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorcfg.dll
+ 2010-03-26 18:55 . 2010-03-26 18:55 3449344 c:\windows\Installer\88bb20.msi
+ 2010-03-31 00:58 . 2010-03-31 00:58 1860608 c:\windows\Installer\2268cb.msi
+ 2010-03-23 11:09 . 2010-03-23 11:09 1575936 c:\windows\Installer\218f91.msi
+ 2010-03-31 05:23 . 2010-03-31 05:23 2142208 c:\windows\ERDNT\3-31-2010\Users\00000001\NTUSER.DAT
+ 2010-03-26 18:56 . 2010-03-26 18:56 1929216 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_9f401b81\System.dll
+ 2010-03-26 18:56 . 2010-03-26 18:56 2076672 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_e8ebf174\System.Xml.dll
+ 2010-03-26 18:56 . 2010-03-26 18:56 2994176 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_955ff0ed\System.Windows.Forms.dll
+ 2010-03-26 18:56 . 2010-03-26 18:56 1462272 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_d37ffc3a\System.Design.dll
+ 2010-03-26 18:56 . 2010-03-26 18:56 3289088 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_04593493\mscorlib.dll
+ 2010-03-26 18:55 . 2010-03-26 18:55 1216512 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2010-03-26 18:55 . 2010-03-26 18:55 1335296 c:\windows\assembly\GAC\System.Xml\1.0.5000.0__b77a5c561934e089\System.Xml.dll
+ 2010-03-26 18:55 . 2010-03-26 18:55 2039808 c:\windows\assembly\GAC\System.Windows.Forms\1.0.5000.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2010-03-26 18:55 . 2010-03-26 18:55 1245184 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2010-03-26 18:55 . 2010-03-26 18:55 1699840 c:\windows\assembly\GAC\System.Design\1.0.5000.0__b03f5f7f11d50a3a\System.Design.dll
+ 2010-03-26 18:55 . 2010-03-26 18:55 1290240 c:\windows\assembly\GAC\System.Data\1.0.5000.0__b77a5c561934e089\System.Data.dll
+ 2010-03-26 18:55 . 2010-03-26 18:55 1564672 c:\windows\assembly\GAC\mscorcfg\1.0.5000.0__b03f5f7f11d50a3a\mscorcfg.dll
+ 2010-03-26 18:59 . 2010-03-26 18:59 21731328 c:\windows\Installer\88bb27.msi
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-08 1362320]

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-08 09:40 1362320 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-08 1362320]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\ok\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-03-22 136176]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2010-01-25 3179952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-08-18 90112]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-29 149280]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2010\IEShow.exe" [2009-10-19 71152]
"BDAgent"="c:\program files\BitDefender\BitDefender 2010\bdagent.exe" [2010-01-20 1120704]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\McAfee Security Scan\\1.0.150\\McUICnt.exe"=
"c:\\WINDOWS\\SOUNDMAN.EXE"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\WINDOWS\\system32\\netsh.exe"=
"c:\\Program Files\\Mozilla Firefox\\uninstall\\helper.exe"=
"c:\\Program Files\\Granado Espada\\ge.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1309:TCP"= 1309:TCP:sbkie
"3917:TCP"= 3917:TCP:rotuo

R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [8/6/2009 5:03 AM 13696]
R2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2010\bdvedisk.sys [9/22/2009 8:22 AM 83208]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [12/7/2009 6:46 PM 153448]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [10/19/2009 4:04 PM 110984]
S2 pupic;Task Universal;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 6:56 AM 14336]
S2 rrvqfjqz;Config Task;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 6:56 AM 14336]
S2 sbquwk;Security Microsoft;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 6:56 AM 14336]
S2 vottywqu;Support Image;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 6:56 AM 14336]
S2 yzzmxaq;Driver Center;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 6:56 AM 14336]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [10/19/2009 4:06 PM 183880]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [8/25/2003 12:08 AM 36608]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [8/25/2003 12:08 AM 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [8/25/2003 12:08 AM 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [8/25/2003 12:08 AM 121856]
S3 XDva295;XDva295;\??\c:\windows\system32\XDva295.sys --> c:\windows\system32\XDva295.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
dcxsnpux
nqwvetk
xneyhq
pupic
vottywqu
sbquwk
rrvqfjqz
yzzmxaq
.
Contents of the 'Scheduled Tasks' folder

2010-03-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-1326574676-682003330-1003Core.job
- c:\documents and settings\ok\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-22 14:31]

2010-04-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-1326574676-682003330-1003UA.job
- c:\documents and settings\ok\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-22 14:31]

2010-04-01 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-02-08 09:40]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://yahoo.com/
uInternet Settings,ProxyServer = 0.0.0.0:80
IE: &Google Search - c:\program files\Google\googletoolbar.dll/cmsearch.html
IE: Backward &Links - c:\program files\Google\googletoolbar.dll/cmbacklinks.html
IE: Cac&hed Snapshot of Page - c:\program files\Google\googletoolbar.dll/cmcache.html
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Si&milar Pages - c:\program files\Google\googletoolbar.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\googletoolbar.dll/cmtrans.html
LSP: c:\windows\system32\idmmbc.dll
FF - ProfilePath - c:\documents and settings\ok\Application Data\Mozilla\Firefox\Profiles\zc5edf01.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.ph/

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true.
- - - - ORPHANS REMOVED - - - -

BHO-{74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - (no file)
AddRemove-BearShare MediaBar - c:\program files\BearShare Applications\BearShare MediaBar\Uninstall.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-01 14:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\SetID\Internal]
@Denied: (A 2) (LocalSystem)
"DATA"="<settings expireTime=\"0\" productStatus=\"1\" obSize=\"0\" InstallTS=\"2145870353\" isSubsc=\"0\" version=\"12.0.1\" timeDiff=\"1\" oldDevice=\"\" authStatus_ts=\"0\" />"
"Device"="yM29zbvPzMnLvrm+x8fPzce+zro="
DUMPHIVE0.003 (REGF)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{09e0bc77-0c45-4363-aeaf-8ef1e8f64498}]
@Denied: (Full) (Everyone)
"Model"=dword:00000112
"Therad"=dword:0000002b
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):7c,af,e6,4a,95,8c,9f,9a,ba,bd,27,3b,7d,10,68,11,44,46,99,54,eb,
e8,59,f3,9a,0c,7d,ba,7a,03,d1,a4,2b,65,fc,8f,ec,84,30,5c,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):e9,88,8a,48,30,8e,bb,84,dc,cb,ff,38,75,cc,53,26,73,cb,54,17,f4,
f1,48,10,ab,1e,98,6c,ad,14,46,56,d3,ab,d9,a0,b6,ea,91,fc,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9c20e4cd-a7b9-414d-abf4-cbd6b8cae9c5}]
@Denied: (Full) (Everyone)
"Model"=dword:00000057
"Therad"=dword:00000002
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(856)
c:\windows\system32\idmmbc.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\SOUNDMAN.EXE
c:\program files\Internet Download Manager\IEMonitor.exe
.
**************************************************************************
.
Completion time: 2010-04-01 14:37:31 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-01 06:37
ComboFix2.txt 2009-10-30 01:39
ComboFix3.txt 2009-10-27 00:07
ComboFix4.txt 2009-10-26 00:12
ComboFix5.txt 2010-04-01 06:21

Pre-Run: 22,084,579,328 bytes free
Post-Run: 22,046,228,480 bytes free

- - End Of File - - 7D3CF5024E2C4A8D8BC37B64C24B2EB3

Thanks for helping

#8
Geek of Spades

Posted 01 April 2010 - 06:56 AM

Member

Topic Starter
Member
56 posts

Umm my PC takes too long when I press shut down. I don't even get to the part where I choose Restart, Shut Down or Log Off. So I'll just press the switch on the CPU. Then it goes to windows is shutting down. It gets stuck there for quite along time that i just turn it off manually.

Is this related?

#9
RKinner

Posted 01 April 2010 - 09:10 AM

Malware Expert

Expert
24,624 posts

You have a nasty rootkit so it's not surprising that you have problems.

Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

Killall:

DirLook::
C:\Documents and Settings\All Users\Application Data\037A
C:\Documents and Settings\All Users\Application Data\30232
C:\Documents and Settings\All Users\Application Data\3203
C:\Documents and Settings\All Users\Application Data\358C
C:\Documents and Settings\All Users\Application Data\eboostr

File::
c:\windows\system32\xfgnl.exe

Driver::
dcxsnpux
nqwvetk
xneyhq
pupic
vottywqu
sbquwk
rrvqfjqz
yzzmxaq
XDva295

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1309:TCP"=-
"3917:TCP"=-

******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Drag it over to george and let it start as before.

Post the new log.

Ron

Ron

#10
Geek of Spades

Posted 01 April 2010 - 06:46 PM

Member

Topic Starter
Member
56 posts

ComboFix 10-03-29.04 - ok 04/02/2010 9:03.8.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.255.102 [GMT 8:00]
Running from: c:\documents and settings\ok\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\ok\Desktop\CFScript.txt
AV: BitDefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: BitDefender Firewall *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
* Created a new restore point

FILE ::
"c:\windows\system32\xfgnl.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\xfgnl.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DCXSNPUX
-------\Legacy_NQWVETK
-------\Legacy_PUPIC
-------\Legacy_RRVQFJQZ
-------\Legacy_SBQUWK
-------\Legacy_VOTTYWQU
-------\Legacy_XDVA295
-------\Legacy_XNEYHQ
-------\Legacy_YZZMXAQ
-------\Service_pupic
-------\Service_rrvqfjqz
-------\Service_sbquwk
-------\Service_vottywqu
-------\Service_XDva295
-------\Service_yzzmxaq

((((((((((((((((((((((((( Files Created from 2010-03-02 to 2010-04-02 )))))))))))))))))))))))))))))))
.

23069-02-25 02:38 . 2009-02-25 03:37 152576 ----a-w- c:\documents and settings\ok\Application Data\Sun\Java\jre1.6.0_11\lzma.dll
23069-02-25 02:25 . 23069-02-25 02:25 -------- d-----w- c:\program files\LimeWire
23069-02-25 02:13 . 2010-04-02 01:11 -------- d-----w- c:\documents and settings\ok\Application Data\DMCache
23069-02-25 02:12 . 2010-03-26 14:00 -------- d-----w- c:\program files\Internet Download Manager
2010-04-01 07:50 . 2010-04-01 07:51 -------- d-----w- c:\program files\RocketDock
2010-04-01 07:46 . 2004-05-04 03:53 1645320 ----a-w- c:\windows\system\gdipl.dll
2010-03-31 05:17 . 2010-03-31 05:17 -------- d-----w- c:\program files\ERUNT
2010-03-31 00:57 . 2010-03-31 00:58 -------- d-----w- c:\program files\Ask.com
2010-03-31 00:53 . 2010-03-31 01:03 -------- d-----w- c:\documents and settings\ok\Application Data\Trillian
2010-03-31 00:51 . 2010-04-01 14:44 -------- d-----w- c:\program files\Trillian
2010-03-29 15:27 . 2010-03-29 15:39 -------- d-----w- c:\windows\SxsCaPendDel
2010-03-28 08:17 . 2010-03-28 08:17 -------- d-----w- c:\documents and settings\ok\Application Data\Microsoft Games
2010-03-28 08:12 . 2010-03-28 08:12 -------- d-----w- c:\program files\GameSpy Arcade
2010-03-28 08:04 . 2010-03-28 08:04 -------- d-----w- c:\program files\Microsoft Games
2010-03-27 03:03 . 2010-03-27 03:03 4 ----a-w- c:\windows\system32\aspdict-en.dat
2010-03-27 03:03 . 2010-03-27 03:03 16 ----a-w- c:\windows\system32\asdict.dat
2010-03-26 18:58 . 2010-03-26 18:58 -------- d-----w- c:\documents and settings\ok\Application Data\BitDefender
2010-03-26 18:58 . 2010-03-26 18:58 -------- d-----w- C:\Binaries
2010-03-26 18:57 . 2010-03-26 19:04 -------- d-----w- c:\documents and settings\All Users\Application Data\BitDefender
2010-03-26 18:57 . 2010-03-26 18:58 -------- d-----w- c:\program files\BitDefender
2010-03-26 18:55 . 2010-03-26 18:56 -------- d-----w- c:\windows\system32\URTTemp
2010-03-26 18:53 . 2010-03-26 18:58 -------- d-----w- c:\program files\Common Files\BitDefender
2010-03-26 14:00 . 2010-03-26 14:00 198064 ----a-w- c:\documents and settings\ok\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
2010-03-26 13:56 . 2010-03-28 07:59 -------- d-----w- c:\documents and settings\ok\Application Data\IDM
2010-03-23 11:10 . 2010-03-31 13:02 -------- d-----w- c:\documents and settings\ok\Application Data\skypePM
2010-03-23 11:10 . 2010-03-23 11:10 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-03-23 11:09 . 2010-04-01 13:12 -------- d-----w- c:\documents and settings\ok\Application Data\Skype
2010-03-23 11:09 . 2010-03-23 11:09 -------- d-----w- c:\program files\Common Files\Skype
2010-03-23 11:09 . 2010-03-23 11:09 -------- d-----r- c:\program files\Skype
2010-03-23 11:08 . 2010-03-23 11:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-03-22 14:55 . 2010-03-22 14:55 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-01 07:42 . 2003-08-25 07:46 43336 ----a-w- c:\documents and settings\ok\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-01 04:54 . 2009-10-22 01:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-01 04:43 . 2003-08-24 16:13 -------- d-----w- c:\documents and settings\ok\Application Data\U3
2010-03-31 00:27 . 2009-08-05 21:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-03-31 00:27 . 2009-08-05 21:04 -------- d-----w- c:\program files\Yahoo!
2010-03-29 16:05 . 2009-10-26 01:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-03-29 15:33 . 2009-10-26 01:06 -------- d-----w- c:\documents and settings\ok\Application Data\Yahoo!
2010-03-29 07:24 . 2009-10-22 01:58 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 07:24 . 2009-10-22 01:58 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-27 07:13 . 2003-08-25 00:26 -------- d-----w- c:\program files\RO
2010-03-27 00:40 . 2009-12-07 10:49 106464 ----a-w- c:\windows\system32\drivers\bdhv.sys
2010-03-27 00:40 . 2009-12-07 10:46 153448 ----a-w- c:\windows\system32\drivers\bdfm.sys
2010-03-27 00:36 . 2003-08-24 16:07 -------- d-----w- c:\documents and settings\ok\Application Data\Samsung
2010-03-27 00:36 . 2003-08-24 16:06 -------- d-----w- c:\program files\Samsung
2010-03-27 00:34 . 2003-08-24 16:07 -------- d-----w- c:\program files\PC Connectivity Solution
2010-03-25 07:07 . 2010-01-02 05:53 -------- d-----w- c:\documents and settings\ok\Application Data\Orbit
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\documents and settings\All Users\Application Data\037A ----

2009-02-25 03:17 . 2008-12-01 16:12 2242 ----a-w- c:\documents and settings\All Users\Application Data\037A\{C86219B3-F4F1-4D14-A658-F9EE52AA2045}.swf

---- Directory of c:\documents and settings\All Users\Application Data\30232 ----

2003-08-25 09:34 . 2008-12-01 16:12 2242 ----a-w- c:\documents and settings\All Users\Application Data\30232\{982FC6D9-9009-4501-8997-C9A4004354EF}.swf

---- Directory of c:\documents and settings\All Users\Application Data\3203 ----

2003-08-25 10:22 . 2008-12-01 16:12 2242 ----a-w- c:\documents and settings\All Users\Application Data\3203\{C8CE3CDF-7056-4893-AAC1-09C2227DC259}.swf

---- Directory of c:\documents and settings\All Users\Application Data\358C ----

2003-08-26 03:34 . 2008-12-01 16:12 2242 ----a-w- c:\documents and settings\All Users\Application Data\358C\{0B17CFE2-9373-49EF-AA6D-ED6BED16B471}.swf

---- Directory of c:\documents and settings\All Users\Application Data\eboostr ----

((((((((((((((((((((((((((((( SnapShot_2010-04-01_06.33.08 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-04-02 01:11 . 2010-04-02 01:11 16384 c:\windows\temp\Perflib_Perfdata_230.dat
+ 2004-08-03 22:56 . 2006-08-09 12:58 218624 c:\windows\system32\uxtheme.dll
- 2004-08-03 22:56 . 2004-08-03 22:56 218624 c:\windows\system32\uxtheme.dll
+ 2009-07-31 15:45 . 2010-04-01 12:55 190592 c:\windows\system32\FNTCACHE.DAT
+ 2004-08-03 22:56 . 2006-08-09 12:58 218624 c:\windows\system32\dllcache\uxtheme.dll
- 2004-08-03 22:56 . 2004-08-03 22:56 218624 c:\windows\system32\dllcache\uxtheme.dll
+ 2010-04-01 07:27 . 2003-04-24 11:14 763904 c:\windows\Resources\Themes\Sentinel_X\shell\Red\shellstyle.dll
+ 2010-04-01 07:27 . 2003-04-24 11:11 763904 c:\windows\Resources\Themes\Sentinel_X\shell\Orange\shellstyle.dll
+ 2010-04-01 07:27 . 2003-04-24 11:08 763904 c:\windows\Resources\Themes\Sentinel_X\shell\Green\shellstyle.dll
+ 2010-04-01 07:27 . 2003-04-24 11:07 763904 c:\windows\Resources\Themes\Sentinel_X\shell\Deviant\shellstyle.dll
+ 2010-04-01 07:27 . 2003-04-24 11:03 763904 c:\windows\Resources\Themes\Sentinel_X\shell\Blue\shellstyle.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-08 1362320]

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-08 09:40 1362320 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-08 1362320]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\ok\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-03-22 136176]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2010-01-25 3179952]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-08-18 90112]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-29 149280]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2010\IEShow.exe" [2009-10-19 71152]
"BDAgent"="c:\program files\BitDefender\BitDefender 2010\bdagent.exe" [2010-01-20 1120704]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\McAfee Security Scan\\1.0.150\\McUICnt.exe"=
"c:\\WINDOWS\\SOUNDMAN.EXE"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\WINDOWS\\system32\\netsh.exe"=
"c:\\Program Files\\Mozilla Firefox\\uninstall\\helper.exe"=
"c:\\Program Files\\Granado Espada\\ge.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [8/6/2009 5:03 AM 13696]
R2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2010\bdvedisk.sys [9/22/2009 8:22 AM 83208]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [12/7/2009 6:46 PM 153448]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [10/19/2009 4:04 PM 110984]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [10/19/2009 4:06 PM 183880]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [8/25/2003 12:08 AM 36608]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [8/25/2003 12:08 AM 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [8/25/2003 12:08 AM 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [8/25/2003 12:08 AM 121856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
.
Contents of the 'Scheduled Tasks' folder

2010-04-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-1326574676-682003330-1003Core.job
- c:\documents and settings\ok\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-22 14:31]

2010-04-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-1326574676-682003330-1003UA.job
- c:\documents and settings\ok\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-22 14:31]

2010-04-02 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-02-08 09:40]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://yahoo.com/
uInternet Settings,ProxyServer = 0.0.0.0:80
IE: &Google Search - c:\program files\Google\googletoolbar.dll/cmsearch.html
IE: Backward &Links - c:\program files\Google\googletoolbar.dll/cmbacklinks.html
IE: Cac&hed Snapshot of Page - c:\program files\Google\googletoolbar.dll/cmcache.html
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Si&milar Pages - c:\program files\Google\googletoolbar.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\googletoolbar.dll/cmtrans.html
LSP: c:\windows\system32\idmmbc.dll
FF - ProfilePath - c:\documents and settings\ok\Application Data\Mozilla\Firefox\Profiles\zc5edf01.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.ph/

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-02 09:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\SetID\Internal]
@Denied: (A 2) (LocalSystem)
"DATA"="<settings expireTime=\"0\" productStatus=\"1\" obSize=\"0\" InstallTS=\"2145870353\" isSubsc=\"0\" version=\"12.0.1\" timeDiff=\"1\" oldDevice=\"\" authStatus_ts=\"0\" />"
"Device"="yM29zbvPzMnLvrm+x8fPzce+zro="
DUMPHIVE0.003 (REGF)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{09e0bc77-0c45-4363-aeaf-8ef1e8f64498}]
@Denied: (Full) (Everyone)
"Model"=dword:00000112
"Therad"=dword:0000002b
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):7c,af,e6,4a,95,8c,9f,9a,ba,bd,27,3b,7d,10,68,11,44,46,99,54,eb,
e8,59,f3,9a,0c,7d,ba,7a,03,d1,a4,2b,65,fc,8f,ec,84,30,5c,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):e9,88,8a,48,30,8e,bb,84,dc,cb,ff,38,75,cc,53,26,73,cb,54,17,f4,
f1,48,10,ab,1e,98,6c,ad,14,46,56,d3,ab,d9,a0,b6,ea,91,fc,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9c20e4cd-a7b9-414d-abf4-cbd6b8cae9c5}]
@Denied: (Full) (Everyone)
"Model"=dword:00000057
"Therad"=dword:00000002
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(864)
c:\windows\system32\idmmbc.dll

- - - - - - - > 'explorer.exe'(3500)
c:\program files\RocketDock\RocketDock.dll
c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
c:\windows\system32\msls31.dll
c:\windows\system32\shdoclc.dll
c:\windows\system32\msimtf.dll
c:\windows\system32\MSCTF.dll
c:\program files\Internet Download Manager\idmmkb.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\SOUNDMAN.EXE
c:\program files\Internet Download Manager\IEMonitor.exe
.
**************************************************************************
.
Completion time: 2010-04-02 09:16:44 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-02 01:16
ComboFix2.txt 2010-04-01 06:37
ComboFix3.txt 2009-10-30 01:39
ComboFix4.txt 2009-10-27 00:07
ComboFix5.txt 2010-04-02 00:59

Pre-Run: 22,033,874,944 bytes free
Post-Run: 22,008,713,216 bytes free

- - End Of File - - 65E03D9AEF9416A442CBA0E9B115BEFB

#11
RKinner

Posted 02 April 2010 - 01:20 AM

Malware Expert

Expert
24,624 posts

Uninstall the ask toolbar then:

Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

Killall:

File::
C:\Documents and Settings\All Users\Application Data\037A
C:\Documents and Settings\All Users\Application Data\30232
C:\Documents and Settings\All Users\Application Data\3203
C:\Documents and Settings\All Users\Application Data\358C
C:\Documents and Settings\All Users\Application Data\eboostr

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{09e0bc77-0c45-4363-aeaf-8ef1e8f64498}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9c20e4cd-a7b9-414d-abf4-cbd6b8cae9c5}]

Registry::
[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{09e0bc77-0c45-4363-aeaf-8ef1e8f64498}]
[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9c20e4cd-a7b9-414d-abf4-cbd6b8cae9c5}]

******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Drag it over to george and let it start as before.

Post the new log.

We need to clean up System Restore. Follow Jim's procedure here:
http://forum.aumha.o...581099691bf108f

I usually recommend a free BitDefender online scan as a final check to see if we missed anything. http://www.bitdefend...nline/free.html

How is the computer doing now?

Ron

#12
Geek of Spades

Posted 02 April 2010 - 07:41 PM

Member

Topic Starter
Member
56 posts

ComboFix 10-03-29.04 - ok 04/03/2010 9:45.9.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.255.135 [GMT 8:00]
Running from: c:\documents and settings\ok\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\ok\Desktop\CFScript.txt
AV: BitDefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: BitDefender Firewall *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}

FILE ::
"c:\documents and settings\All Users\Application Data\037A"
"c:\documents and settings\All Users\Application Data\30232"
"c:\documents and settings\All Users\Application Data\3203"
"c:\documents and settings\All Users\Application Data\358C"
"c:\documents and settings\All Users\Application Data\eboostr"
.

((((((((((((((((((((((((( Files Created from 2010-03-03 to 2010-04-03 )))))))))))))))))))))))))))))))
.

23069-02-25 02:38 . 2009-02-25 03:37 152576 ----a-w- c:\documents and settings\ok\Application Data\Sun\Java\jre1.6.0_11\lzma.dll
23069-02-25 02:25 . 23069-02-25 02:25 -------- d-----w- c:\program files\LimeWire
23069-02-25 02:13 . 2010-04-03 02:07 -------- d-----w- c:\documents and settings\ok\Application Data\DMCache
23069-02-25 02:12 . 2010-03-26 14:00 -------- d-----w- c:\program files\Internet Download Manager
2010-04-01 07:50 . 2010-04-01 07:51 -------- d-----w- c:\program files\RocketDock
2010-04-01 07:46 . 2004-05-04 03:53 1645320 ----a-w- c:\windows\system\gdipl.dll
2010-03-31 05:17 . 2010-03-31 05:17 -------- d-----w- c:\program files\ERUNT
2010-03-31 00:57 . 2010-03-31 00:58 -------- d-----w- c:\program files\Ask.com
2010-03-31 00:53 . 2010-03-31 01:03 -------- d-----w- c:\documents and settings\ok\Application Data\Trillian
2010-03-31 00:51 . 2010-04-01 14:44 -------- d-----w- c:\program files\Trillian
2010-03-29 15:27 . 2010-03-29 15:39 -------- d-----w- c:\windows\SxsCaPendDel
2010-03-28 08:17 . 2010-03-28 08:17 -------- d-----w- c:\documents and settings\ok\Application Data\Microsoft Games
2010-03-28 08:12 . 2010-03-28 08:12 -------- d-----w- c:\program files\GameSpy Arcade
2010-03-28 08:04 . 2010-03-28 08:04 -------- d-----w- c:\program files\Microsoft Games
2010-03-27 03:03 . 2010-03-27 03:03 4 ----a-w- c:\windows\system32\aspdict-en.dat
2010-03-27 03:03 . 2010-03-27 03:03 16 ----a-w- c:\windows\system32\asdict.dat
2010-03-26 18:58 . 2010-03-26 18:58 -------- d-----w- c:\documents and settings\ok\Application Data\BitDefender
2010-03-26 18:58 . 2010-03-26 18:58 -------- d-----w- C:\Binaries
2010-03-26 18:57 . 2010-03-26 19:04 -------- d-----w- c:\documents and settings\All Users\Application Data\BitDefender
2010-03-26 18:57 . 2010-03-26 18:58 -------- d-----w- c:\program files\BitDefender
2010-03-26 18:55 . 2010-03-26 18:56 -------- d-----w- c:\windows\system32\URTTemp
2010-03-26 18:53 . 2010-03-26 18:58 -------- d-----w- c:\program files\Common Files\BitDefender
2010-03-26 14:00 . 2010-03-26 14:00 198064 ----a-w- c:\documents and settings\ok\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
2010-03-26 13:56 . 2010-03-28 07:59 -------- d-----w- c:\documents and settings\ok\Application Data\IDM
2010-03-23 11:10 . 2010-03-31 13:02 -------- d-----w- c:\documents and settings\ok\Application Data\skypePM
2010-03-23 11:10 . 2010-03-23 11:10 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-03-23 11:09 . 2010-04-01 13:12 -------- d-----w- c:\documents and settings\ok\Application Data\Skype
2010-03-23 11:09 . 2010-03-23 11:09 -------- d-----w- c:\program files\Common Files\Skype
2010-03-23 11:09 . 2010-03-23 11:09 -------- d-----r- c:\program files\Skype
2010-03-23 11:08 . 2010-03-23 11:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-03-22 14:55 . 2010-03-22 14:55 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-01 07:42 . 2003-08-25 07:46 43336 ----a-w- c:\documents and settings\ok\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-01 04:54 . 2009-10-22 01:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-01 04:43 . 2003-08-24 16:13 -------- d-----w- c:\documents and settings\ok\Application Data\U3
2010-03-31 00:27 . 2009-08-05 21:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-03-31 00:27 . 2009-08-05 21:04 -------- d-----w- c:\program files\Yahoo!
2010-03-29 16:05 . 2009-10-26 01:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-03-29 15:33 . 2009-10-26 01:06 -------- d-----w- c:\documents and settings\ok\Application Data\Yahoo!
2010-03-29 07:24 . 2009-10-22 01:58 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 07:24 . 2009-10-22 01:58 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-27 07:13 . 2003-08-25 00:26 -------- d-----w- c:\program files\RO
2010-03-27 00:40 . 2009-12-07 10:49 106464 ----a-w- c:\windows\system32\drivers\bdhv.sys
2010-03-27 00:40 . 2009-12-07 10:46 153448 ----a-w- c:\windows\system32\drivers\bdfm.sys
2010-03-27 00:36 . 2003-08-24 16:07 -------- d-----w- c:\documents and settings\ok\Application Data\Samsung
2010-03-27 00:36 . 2003-08-24 16:06 -------- d-----w- c:\program files\Samsung
2010-03-27 00:34 . 2003-08-24 16:07 -------- d-----w- c:\program files\PC Connectivity Solution
2010-03-25 07:07 . 2010-01-02 05:53 -------- d-----w- c:\documents and settings\ok\Application Data\Orbit
.

((((((((((((((((((((((((((((( SnapShot_2010-04-01_06.33.08 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-04-03 01:55 . 2010-04-03 01:55 16384 c:\windows\temp\Perflib_Perfdata_738.dat
+ 2004-08-03 22:56 . 2006-08-09 12:58 218624 c:\windows\system32\uxtheme.dll
- 2004-08-03 22:56 . 2004-08-03 22:56 218624 c:\windows\system32\uxtheme.dll
+ 2009-07-31 15:45 . 2010-04-01 12:55 190592 c:\windows\system32\FNTCACHE.DAT
+ 2004-08-03 22:56 . 2006-08-09 12:58 218624 c:\windows\system32\dllcache\uxtheme.dll
- 2004-08-03 22:56 . 2004-08-03 22:56 218624 c:\windows\system32\dllcache\uxtheme.dll
+ 2010-04-01 07:27 . 2003-04-24 11:14 763904 c:\windows\Resources\Themes\Sentinel_X\shell\Red\shellstyle.dll
+ 2010-04-01 07:27 . 2003-04-24 11:11 763904 c:\windows\Resources\Themes\Sentinel_X\shell\Orange\shellstyle.dll
+ 2010-04-01 07:27 . 2003-04-24 11:08 763904 c:\windows\Resources\Themes\Sentinel_X\shell\Green\shellstyle.dll
+ 2010-04-01 07:27 . 2003-04-24 11:07 763904 c:\windows\Resources\Themes\Sentinel_X\shell\Deviant\shellstyle.dll
+ 2010-04-01 07:27 . 2003-04-24 11:03 763904 c:\windows\Resources\Themes\Sentinel_X\shell\Blue\shellstyle.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-08 1362320]

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-08 09:40 1362320 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-08 1362320]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\ok\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-03-22 136176]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2010-01-25 3179952]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-08-18 90112]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-29 149280]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2010\IEShow.exe" [2009-10-19 71152]
"BDAgent"="c:\program files\BitDefender\BitDefender 2010\bdagent.exe" [2010-01-20 1120704]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\McAfee Security Scan\\1.0.150\\McUICnt.exe"=
"c:\\WINDOWS\\SOUNDMAN.EXE"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\WINDOWS\\system32\\netsh.exe"=
"c:\\Program Files\\Mozilla Firefox\\uninstall\\helper.exe"=
"c:\\Program Files\\Granado Espada\\ge.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [8/6/2009 5:03 AM 13696]
R2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2010\bdvedisk.sys [9/22/2009 8:22 AM 83208]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [12/7/2009 6:46 PM 153448]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [10/19/2009 4:04 PM 110984]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [10/19/2009 4:06 PM 183880]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [8/25/2003 12:08 AM 36608]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [8/25/2003 12:08 AM 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [8/25/2003 12:08 AM 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [8/25/2003 12:08 AM 121856]
S3 XDva295;XDva295;\??\c:\windows\system32\XDva295.sys --> c:\windows\system32\XDva295.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
.
Contents of the 'Scheduled Tasks' folder

2010-04-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-1326574676-682003330-1003Core.job
- c:\documents and settings\ok\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-22 14:31]

2010-04-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-1326574676-682003330-1003UA.job
- c:\documents and settings\ok\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-22 14:31]

2010-04-03 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-02-08 09:40]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://yahoo.com/
uInternet Settings,ProxyServer = 0.0.0.0:80
IE: &Google Search - c:\program files\Google\googletoolbar.dll/cmsearch.html
IE: Backward &Links - c:\program files\Google\googletoolbar.dll/cmbacklinks.html
IE: Cac&hed Snapshot of Page - c:\program files\Google\googletoolbar.dll/cmcache.html
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Si&milar Pages - c:\program files\Google\googletoolbar.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\googletoolbar.dll/cmtrans.html
LSP: c:\windows\system32\idmmbc.dll
FF - ProfilePath - c:\documents and settings\ok\Application Data\Mozilla\Firefox\Profiles\zc5edf01.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.ph/

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-03 10:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\SetID\Internal]
@Denied: (A 2) (LocalSystem)
"DATA"="<settings expireTime=\"0\" productStatus=\"1\" obSize=\"0\" InstallTS=\"2145870353\" isSubsc=\"0\" version=\"12.0.1\" timeDiff=\"1\" oldDevice=\"\" authStatus_ts=\"0\" />"
"Device"="yM29zbvPzMnLvrm+x8fPzce+zro="
DUMPHIVE0.003 (REGF)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(864)
c:\windows\system32\idmmbc.dll

- - - - - - - > 'explorer.exe'(2936)
c:\program files\RocketDock\RocketDock.dll
c:\windows\system32\shdoclc.dll
c:\program files\Internet Download Manager\idmmkb.dll
c:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\SOUNDMAN.EXE
c:\program files\Internet Download Manager\IEMonitor.exe
.
**************************************************************************
.
Completion time: 2010-04-03 10:11:19 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-03 02:11
ComboFix2.txt 2010-04-02 01:16
ComboFix3.txt 2010-04-01 06:37
ComboFix4.txt 2009-10-30 01:39
ComboFix5.txt 2010-04-03 01:43

Pre-Run: 21,968,117,760 bytes free
Post-Run: 21,939,150,848 bytes free

- - End Of File - - ED8DBBA3B848380C4F83A8AB90AAF2C8

#13
RKinner

Posted 02 April 2010 - 07:49 PM

Malware Expert

Expert
24,624 posts

Uninstall the ask toolbar

How is the computer doing now?

#14
Geek of Spades

Posted 02 April 2010 - 08:12 PM

Member

Topic Starter
Member
56 posts

QuickScan Beta 32-bit v0.9.9.15
-------------------------------

Scan date: Sat Apr 03 10:26:43 2010
Machine ID: B00ABCF7

No infection found.
---------------------

Processes
---------
<unsigned> Office Source Engine 4072 C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
<unsigned> Realtek Sound Manager 2312 C:\WINDOWS\SOUNDMAN.EXE
<unsigned> RocketDock.exe 2388 C:\Program Files\RocketDock\RocketDock.exe

<verified> BitDefender 2010 1348 C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe
<verified> BitDefender 2010 676 C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe
<verified> BitDefender 2010 1192 C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
<verified> BitDefender 2010 1168 C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
<verified> Google Chrome 2276 C:\Documents and Settings\ok\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
<verified> Google Chrome 2376 C:\Documents and Settings\ok\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
<verified> Google Chrome 2476 C:\Documents and Settings\ok\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
<verified> Google Chrome 2488 C:\Documents and Settings\ok\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
<verified> Google Chrome 2496 C:\Documents and Settings\ok\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
<verified> Google Chrome 2500 C:\Documents and Settings\ok\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
<verified> Google Chrome 3864 C:\Documents and Settings\ok\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
<verified> IEMonitor Application 3824 C:\Program Files\Internet Download Manager\IEMonitor.exe
<verified> Java™ Platform SE 6 U17 1848 C:\Program Files\Java\jre6\bin\jqs.exe
<verified> Java™ Platform SE 6 U17 2320 C:\Program Files\Java\jre6\bin\jusched.exe
<verified> Microsoft® Windows® Operating System 2936 C:\WINDOWS\explorer.exe
<verified> Microsoft® Windows® Operating System 776 C:\WINDOWS\system32\csrss.exe
<verified> Microsoft® Windows® Operating System 864 C:\WINDOWS\system32\lsass.exe
<verified> Microsoft® Windows® Operating System 852 C:\WINDOWS\system32\services.exe
<verified> Microsoft® Windows® Operating System 696 C:\WINDOWS\System32\smss.exe
<verified> Microsoft® Windows® Operating System 1692 C:\WINDOWS\system32\spoolsv.exe
<verified> Microsoft® Windows® Operating System 1020 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 1064 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 1296 C:\WINDOWS\System32\svchost.exe
<verified> Microsoft® Windows® Operating System 1420 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 1528 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 800 C:\WINDOWS\system32\winlogon.exe
<verified> Yahoo! AutoUpdater 1972 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

Network activity
----------------
Process chrome.exe (2488) connected on port 80 (HTTP) - CRL.VERISIGN.NET
Process chrome.exe (2488) connected on port 80 (HTTP) - CRL.VERISIGN.NET
Process chrome.exe (2488) connected on port 80 (HTTP) - 204.2.166.88
Process chrome.exe (3864) connected on port 80 (HTTP) - 209.85.153.118
Process chrome.exe (3864) connected on port 80 (HTTP) - 209.85.153.133
Process chrome.exe (3864) connected on port 80 (HTTP) - 209.85.153.118
Process chrome.exe (3864) connected on port 80 (HTTP) - 209.85.153.118
Process chrome.exe (3864) connected on port 80 (HTTP) - 198.173.160.202
Process chrome.exe (3864) connected on port 80 (HTTP) - 198.173.160.200
Process chrome.exe (3864) connected on port 80 (HTTP) - 198.173.160.200
Process chrome.exe (3864) connected on port 80 (HTTP) - 204.2.171.35
Process chrome.exe (3864) connected on port 80 (HTTP) - 74.125.53.102
Process chrome.exe (3864) connected on port 80 (HTTP) - 66.220.146.18
Process chrome.exe (3864) connected on port 80 (HTTP) - 66.220.146.18
Process chrome.exe (3864) connected on port 80 (HTTP) - 209.85.153.118
Process chrome.exe (3864) connected on port 80 (HTTP) - 209.85.153.118
Process chrome.exe (3864) connected on port 80 (HTTP) - 209.85.153.118
Process chrome.exe (3864) connected on port 80 (HTTP) - 198.173.160.200
Process chrome.exe (3864) connected on port 80 (HTTP) - 198.173.160.202
Process chrome.exe (3864) connected on port 80 (HTTP) - 204.2.171.139
Process chrome.exe (3864) connected on port 80 (HTTP) - 69.63.176.178
Process chrome.exe (3864) connected on port 80 (HTTP) - 69.63.176.178
Process chrome.exe (3864) connected on port 80 (HTTP) - 204.2.171.9
Process chrome.exe (3864) connected on port 80 (HTTP) - 74.125.53.100
Process chrome.exe (3864) connected on port 80 (HTTP) - 209.85.153.118
Process chrome.exe (3864) connected on port 80 (HTTP) - 209.85.153.118
Process chrome.exe (3864) connected on port 80 (HTTP) - 209.85.153.118
Process chrome.exe (3864) connected on port 80 (HTTP) - 198.173.160.202
Process chrome.exe (3864) connected on port 80 (HTTP) - 198.173.160.202
Process chrome.exe (3864) connected on port 80 (HTTP) - 198.173.160.194
Process chrome.exe (3864) connected on port 80 (HTTP) - 198.173.160.200
Process chrome.exe (3864) connected on port 80 (HTTP) - 198.173.160.202
Process chrome.exe (3864) connected on port 80 (HTTP) - 204.2.171.139
Process chrome.exe (3864) connected on port 80 (HTTP) - 204.2.171.152
Process chrome.exe (3864) connected on port 80 (HTTP) - 69.63.181.11
Process chrome.exe (3864) connected on port 80 (HTTP) - 64.233.183.113
Process chrome.exe (3864) connected on port 80 (HTTP) - 74.125.53.100
Process chrome.exe (3864) connected on port 80 (HTTP) - 209.85.153.118
Process chrome.exe (3864) connected on port 80 (HTTP) - 209.85.153.118
Process chrome.exe (3864) connected on port 80 (HTTP) - 209.85.153.133
Process chrome.exe (3864) connected on port 80 (HTTP) - 209.85.153.118
Process chrome.exe (3864) connected on port 80 (HTTP) - 198.173.160.200
Process chrome.exe (3864) connected on port 80 (HTTP) - 198.173.160.202
Process chrome.exe (3864) connected on port 80 (HTTP) - 204.2.171.152
Process chrome.exe (3864) connected on port 80 (HTTP) - 204.2.171.27
Process chrome.exe (3864) connected on port 80 (HTTP) - 204.2.171.139
Process chrome.exe (3864) connected on port 80 (HTTP) - 208.117.253.90
Process chrome.exe (3864) connected on port 80 (HTTP) - 66.220.146.18

Process svchost.exe (1064) listens on ports: 135 (RPC)

Autoruns and critical files
---------------------------
<unsigned> Internet Download Manager (IDM) C:\Program Files\Internet Download Manager\IDMan.exe
<unsigned> Realtek Sound Manager C:\WINDOWS\SOUNDMAN.EXE
<unsigned> RocketDock.exe C:\Program Files\RocketDock\RocketDock.exe

<verified> BitDefender 2010 C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe
<verified> BitDefender 2010 C:\Program Files\BitDefender\BitDefender 2010\IEShow.exe
<verified> Google Update C:\Documents and Settings\ok\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
<verified> Java™ Platform SE 6 U17 C:\Program Files\Java\jre6\bin\jusched.exe
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\browseui.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\crypt32.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\cscdll.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\logonui.exe
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\sclgntfy.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\shell32.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\stobject.dll
<verified> Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\webcheck.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\wlnotify.dll
<verified> UpdateTask.exe C:\Program Files\Ask.com\UpdateTask.exe

Browser plugins
---------------
<unsigned> Google Toolbar for IE c:\program files\google\googletoolbar.dll
<unsigned> Java™ Platform SE 6 U17 c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
<unsigned> Messenger C:\Program Files\Messenger\msmsgs.exe

<verified> BitDefender 2010 c:\program files\bitdefender\bitdefender 2010\ietoolbar.dll
<verified> BitDefender QuickScan C:\Documents and Settings\ok\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbaokpefboaljmnibacdomagkkfmhodl\0.9.9.15\npqscan.dll
<verified> BitDefender QuickScan C:\Documents and Settings\ok\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbaokpefboaljmnibacdomagkkfmhodl\0.9.9.15\npqslauncher.dll
<verified> Internet Download Manager LSP dll C:\WINDOWS\system32\idmmbc.dll
<verified> Internet Download Manager Module c:\program files\internet download manager\idmiecc.dll
<verified> Java Deployment Toolkit 6.0.170.4 C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
<verified> Java™ Platform SE 6 U17 c:\program files\java\jre6\bin\jp2ssv.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\mswsock.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\shdocvw.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\winrnr.dll
<verified> Mozilla Default Plug-in C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
<verified> NPSWF32.dll C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
<verified> Toolbar c:\program files\ask.com\genericasktoolbar.dll
<verified> Yahoo! Single Instance for Mail c:\program files\yahoo!\companion\installs\cpn0\ytsingleinstance.dll
<verified> Yahoo! Toolbar c:\program files\yahoo!\companion\installs\cpn0\yt.dll

Missing files
-------------
File not found: C:\ComboFix\catchme.sys
referenced in: HKLM\System\ControlSet001\services\catchme\"ImagePath"

File not found: C:\DOCUME~1\ok\LOCALS~1\Temp\mbr.sys
referenced in: HKLM\System\ControlSet001\services\mbr\"ImagePath"

Scan
----
<unsigned> MD5: bb2c488a4527840568e989f8e4960c6c C:\Program Files\BitDefender\BitDefender 2010\accessal.dll
<unsigned> MD5: a6fe004f551725ba9084e3899d69eb6b C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_59\neurons.dll
<unsigned> MD5: 5f9c29d8b4a7824e0dc35407f33f596a C:\Program Files\BitDefender\BitDefender 2010\advanced.dll
<unsigned> MD5: 93ca9038ddc5b0a4f86a5e0aaa8cfcf6 C:\Program Files\BitDefender\BitDefender 2010\agentreg.dll
<unsigned> MD5: 90f89c53141c791f2e8786d41c880f13 C:\Program Files\BitDefender\BitDefender 2010\antispy.dll
<unsigned> MD5: b1b826e84bcbfc0e0eef2bd577fb0099 C:\Program Files\BitDefender\BitDefender 2010\antivirus.dll
<unsigned> MD5: d63b60fedd3e90bd0f79354cdf3d0a4f C:\Program Files\BitDefender\BitDefender 2010\as2core\as2core.dll
<unsigned> MD5: a0bbdcdea6a90c402e60e4b0eea61870 C:\Program Files\BitDefender\BitDefender 2010\as2core\asemlbr.mdl
<unsigned> MD5: a1e9f0cd9626b7d25b02079cd8e3963a C:\Program Files\BitDefender\BitDefender 2010\as2core\asemlci.mdl
<unsigned> MD5: 3162938a172870e7796765546a51ecd3 C:\Program Files\BitDefender\BitDefender 2010\as2core\asemldsp.mdl
<unsigned> MD5: 2a5f48206827d1bebe0753b699d54d97 C:\Program Files\BitDefender\BitDefender 2010\as2core\asemlf.mdl
<unsigned> MD5: c92e4542ae114db127530cb0cc25f557 C:\Program Files\BitDefender\BitDefender 2010\as2core\asemlimg.mdl
<unsigned> MD5: 619164530ec1ff5ffbee0266398dc706 C:\Program Files\BitDefender\BitDefender 2010\as2core\asemlnn2.mdl
<unsigned> MD5: 17fea4aeda17453a9d9ffc36c5ba9ab4 C:\Program Files\BitDefender\BitDefender 2010\as2core\asemlrtr.mdl
<unsigned> MD5: 2c62a119af1d7d87292c7da9fa0ec96f C:\Program Files\BitDefender\BitDefender 2010\as2core\asemlsgn.mdl
<unsigned> MD5: f30fe1053c74f180b86e9722fe313ba5 C:\Program Files\BitDefender\BitDefender 2010\as2core\ashttpab.mdl
<unsigned> MD5: 2d2e6536424bc41bc0a060e785f4ded1 C:\Program Files\BitDefender\BitDefender 2010\as2core\ashttpbr.mdl
<unsigned> MD5: e2717858e4c3e67a265eac1b0fb699fa C:\Program Files\BitDefender\BitDefender 2010\as2core\ashttpdsp.mdl
<unsigned> MD5: 17ef2d1b8710bd2d6269e73a5b445fd7 C:\Program Files\BitDefender\BitDefender 2010\as2core\ashttpf.mdl
<unsigned> MD5: 675c826dfccbd633f2146ec650fddb20 C:\Program Files\BitDefender\BitDefender 2010\as2core\ashttpph.mdl
<unsigned> MD5: 71b294e8883003a64e9b8fccea379366 C:\Program Files\BitDefender\BitDefender 2010\as2core\ashttpphar.mdl
<unsigned> MD5: 1d4042bb471c90f437cb198cd4c46a53 C:\Program Files\BitDefender\BitDefender 2010\as2core\ashttprbl.mdl
<unsigned> MD5: a67dc13cd0b58f5e49aa001b8d7c48aa C:\Program Files\BitDefender\BitDefender 2010\as2core\ashttprtsr.mdl
<unsigned> MD5: b82d86351f148c02deb5f5fb2553303a C:\Program Files\BitDefender\BitDefender 2010\as2core\ashttpws.mdl
<unsigned> MD5: a35ac277f8107d39dec7ae0ad49b22c4 C:\Program Files\BitDefender\BitDefender 2010\asfn.dll
<unsigned> MD5: 099216028aac2727387a8d3ba8ea1f1d C:\Program Files\BitDefender\BitDefender 2010\ashield.dll
<unsigned> MD5: 8a663b1a51f5e64e72e509cccf41b2e8 C:\Program Files\BitDefender\BitDefender 2010\backup.dll
<unsigned> MD5: 7dd0183c75074f196d596723204f0331 C:\Program Files\BitDefender\BitDefender 2010\bdaphal.dll
<unsigned> MD5: b51a808a62224e6e5bad79aa2c3a9550 C:\Program Files\BitDefender\BitDefender 2010\bdascl.dll
<unsigned> MD5: d8614069f483d8d1dc8d5f413ae812a5 C:\Program Files\BitDefender\BitDefender 2010\bdasconp.dll
<unsigned> MD5: 6ef26690fe8145c6cad7d1f2edbae9c6 C:\Program Files\BitDefender\BitDefender 2010\bdasemlal.dll
<unsigned> MD5: dcf1d8efba04e137f02e75a7ec65381c C:\Program Files\BitDefender\BitDefender 2010\bdassp.dll
<unsigned> MD5: bf17bbf2f7818a55f5263fc61b440bca C:\Program Files\BitDefender\BitDefender 2010\bdch.dll
<unsigned> MD5: ebb66e20027cad32702378e31d97310f C:\Program Files\BitDefender\BitDefender 2010\bdfdrvi.dll
<unsigned> MD5: ff0d6f38df9412c5f8fc485d1e31eda2 C:\Program Files\BitDefender\BitDefender 2010\bdfltdp.dll
<unsigned> MD5: 5d816b652af34069b4fd2b0c0b771ef5 C:\Program Files\BitDefender\BitDefender 2010\bdfvconp.dll
<unsigned> MD5: 9ab6eaf2550f2aa3eab0073c4933066c C:\Program Files\BitDefender\BitDefender 2010\bdfvsctx.dll
<unsigned> MD5: 716d065e6378c5b00c8864db9a438719 C:\Program Files\BitDefender\BitDefender 2010\bdfvsecp.dll
<unsigned> MD5: d80f660c30c18c6fb044129e54a237ee C:\Program Files\BitDefender\BitDefender 2010\bdguictl.dll
<unsigned> MD5: c8948a6d8156e95def15c360b31d6a1a C:\Program Files\BitDefender\BitDefender 2010\bdmltusrsrv.dll
<unsigned> MD5: 399b3ffd2d0bb623c0486eee9274fc38 C:\Program Files\BitDefender\BitDefender 2010\bdoe.dll
<unsigned> MD5: c1aac344970ed72c78991be6020a31a1 C:\Program Files\BitDefender\BitDefender 2010\bdpchal.dll
<unsigned> MD5: 919b05f123022d545533f593982a81f8 C:\Program Files\BitDefender\BitDefender 2010\bdplugin.dll
<unsigned> MD5: 86ba3fa9d0ea925758e1b31899f56917 C:\Program Files\BitDefender\BitDefender 2010\bdpop3p.dll
<unsigned> MD5: 35941f307c4612b043052c5d9b0266fc C:\Program Files\BitDefender\BitDefender 2010\bdpredir.dll
<unsigned> MD5: aa5a7f6c60d921698f325293023e12db C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys
<unsigned> MD5: 62ac5d91f0cd5ea9a71432fe91757d3f C:\Program Files\BitDefender\BitDefender 2010\bdsmtpp.dll
<unsigned> MD5: 2943bc450a6cd83b08389ade2fc9a82e C:\Program Files\BitDefender\BitDefender 2010\bdsubmit.dll
<unsigned> MD5: 4f2472055a5ba9405fe35b8a91f95b9e C:\Program Files\BitDefender\BitDefender 2010\bdusers.dll
<unsigned> MD5: 61d3f01351ebce4dc2434f868f330b1c C:\Program Files\BitDefender\BitDefender 2010\bdutils.dll
<unsigned> MD5: 07209661a4b97bf6d9a44ea2e9d687b1 C:\Program Files\BitDefender\BitDefender 2010\bdvedapi.dll
<unsigned> MD5: 6f2623a2fe0d7bc53229b4f12d569084 C:\Program Files\BitDefender\BitDefender 2010\bdwizard.dll
<unsigned> MD5: c6d74c937600a25b4d36e6c8b42d13ab C:\Program Files\BitDefender\BitDefender 2010\bkpconp.dll
<unsigned> MD5: ec67517da1efaf7ace6b2571b0fc47fd C:\Program Files\BitDefender\BitDefender 2010\cookie.dll
<unsigned> MD5: e8e94ce5250fd7a9b46fc39b84539fd3 C:\Program Files\BitDefender\BitDefender 2010\dashboard.dll
<unsigned> MD5: 623c9754952a35b018f2448af8184075 C:\Program Files\BitDefender\BitDefender 2010\dbghelp.dll
<unsigned> MD5: fdbe62e0aa0de702ed88abafa97dd07e C:\Program Files\BitDefender\BitDefender 2010\dbokf.dll
<unsigned> MD5: cdf6a3f7a7e2ebe3976ff25d916b5d58 C:\Program Files\BitDefender\BitDefender 2010\dbokfui.dll
<unsigned> MD5: 65bf32808061ddb24c32d3b58385b6a5 C:\Program Files\BitDefender\BitDefender 2010\emaildp.dll
<unsigned> MD5: a42af2d38299929fbefd231b758ea4c5 C:\Program Files\BitDefender\BitDefender 2010\encryption.dll
<unsigned> MD5: 112d14d541c14f9cceb1c4131af51f95 C:\Program Files\BitDefender\BitDefender 2010\ENU\backup.ui
<unsigned> MD5: c18a7e5c2ec3c4e6ba9dd0197a8e3697 C:\Program Files\BitDefender\BitDefender 2010\ENU\bdagent.ui
<unsigned> MD5: 4894e50b5bb58ddb03d46ff8c6ec7064 C:\Program Files\BitDefender\BitDefender 2010\ENU\bdascl.ui
<unsigned> MD5: f2afcc494059b43ec2d3179221ed21ff C:\Program Files\BitDefender\BitDefender 2010\ENU\bdfdrvi.ui
<unsigned> MD5: 50228c7dcceee6ec2dcd291b90b8b5b7 C:\Program Files\BitDefender\BitDefender 2010\ENU\bdfvconp.ui
<unsigned> MD5: 1025b62f55f538018365e057afeaef43 C:\Program Files\BitDefender\BitDefender 2010\ENU\bdfvsctx.ui
<unsigned> MD5: df843c66ff632b8b4b83ae4a1a081166 C:\Program Files\BitDefender\BitDefender 2010\ENU\bdfvsecp.ui
<unsigned> MD5: 04567f20e5828bcf951bcae4644047a4 C:\Program Files\BitDefender\BitDefender 2010\ENU\bdguictl.ui
<unsigned> MD5: 0cec61e605ed45fd107012946eca6c48 C:\Program Files\BitDefender\BitDefender 2010\ENU\fwgui.ui
<unsigned> MD5: c89ff55dd66883b449ac3871ae30aa68 C:\Program Files\BitDefender\BitDefender 2010\ENU\hmplugin.ui
<unsigned> MD5: b72a94498f116dc9309c46736106ff88 C:\Program Files\BitDefender\BitDefender 2010\ENU\imsecurityal.ui
<unsigned> MD5: fb80f0acab526661697879d4d02f2174 C:\Program Files\BitDefender\BitDefender 2010\ENU\issues.ui
<unsigned> MD5: 93fbe43a2b52222a178d965eea5982dc C:\Program Files\BitDefender\BitDefender 2010\ENU\logger.ui
<unsigned> MD5: 02969125735fb30a0dcd0b81ac428d3c C:\Program Files\BitDefender\BitDefender 2010\ENU\netscanal.ui
<unsigned> MD5: 5094d3b45ae5b4b56e72c9b7b1c5ad73 C:\Program Files\BitDefender\BitDefender 2010\ENU\popup.ui
<unsigned> MD5: ae1648a5ca94d28c9beebdb923573216 C:\Program Files\BitDefender\BitDefender 2010\ENU\seccenter.ui
<unsigned> MD5: e8194b47b93feac84eb53b09b9931bca C:\Program Files\BitDefender\BitDefender 2010\ENU\security.ui
<unsigned> MD5: 11e55d1ff1e7639c8c7ce1d3d031e872 C:\Program Files\BitDefender\BitDefender 2010\ENU\tuneup.ui
<unsigned> MD5: e52a0ef2d82243b46ccc80f048618949 C:\Program Files\BitDefender\BitDefender 2010\ENU\vsserv.ui
<unsigned> MD5: 905eae9f3dfdf390293f1d5b452c4c3e C:\Program Files\BitDefender\BitDefender 2010\ENU\wizards.ui
<unsigned> MD5: 0ff183347b8519c3ad2627ad187c1507 C:\Program Files\BitDefender\BitDefender 2010\ENU\wsc.ui
<unsigned> MD5: e42e29117116ffb5838a2918afac7cd5 C:\Program Files\BitDefender\BitDefender 2010\exclude.dll
<unsigned> MD5: d3b640d5e48fa5de71d0271c43aa2ff1 C:\Program Files\BitDefender\BitDefender 2010\excludesp.dll
<unsigned> MD5: c38cd7626fa7bdd4ad9ed8dd3657f200 C:\Program Files\BitDefender\BitDefender 2010\excmgr.dll
<unsigned> MD5: 1221ef7745706d3d7060b16489aeba4c C:\Program Files\BitDefender\BitDefender 2010\framework.dll
<unsigned> MD5: 00521d60ffc8fabf5b218103fcd8643f C:\Program Files\BitDefender\BitDefender 2010\fwgui.dll
<unsigned> MD5: 394774371baaf0ed44e1a1ade47431a9 C:\Program Files\BitDefender\BitDefender 2010\fwlibrary.dll
<unsigned> MD5: b484a9b731e7eb3900278cf1a87abd81 C:\Program Files\BitDefender\BitDefender 2010\gamemodeal.dll
<unsigned> MD5: 596f0d25cae08ebab81c74b4f569bc70 C:\Program Files\BitDefender\BitDefender 2010\general.dll
<unsigned> MD5: ba6d56118405eb3cc56a1e6821402db5 C:\Program Files\BitDefender\BitDefender 2010\hmcore.dll
<unsigned> MD5: ba75c91f64332a3fbeb66cae975bd0dc C:\Program Files\BitDefender\BitDefender 2010\hmplugin.dll
<unsigned> MD5: babed013772b2479fc80677199b1c561 C:\Program Files\BitDefender\BitDefender 2010\htmlpack.dll
<unsigned> MD5: 928cbfd903d8468f4f3c48850c343a0c C:\Program Files\BitDefender\BitDefender 2010\httpdp.dll
<unsigned> MD5: d1a7fd03765448d4f1643e8676a3d050 C:\Program Files\BitDefender\BitDefender 2010\httproxy.dll
<unsigned> MD5: 6ea3e74dde07d5742b4a8a96e658b9a5 C:\Program Files\BitDefender\BitDefender 2010\imencui.dll
<unsigned> MD5: 428b77f9286b326c9cc1422be1c7cbd2 C:\Program Files\BitDefender\BitDefender 2010\imguimsn.dll
<unsigned> MD5: 961011bf525812e251e6c01c443f13ec C:\Program Files\BitDefender\BitDefender 2010\imguiym.dll
<unsigned> MD5: 2e7b325f9fd427eea00190a418e9715f C:\Program Files\BitDefender\BitDefender 2010\imsecurityal.dll
<unsigned> MD5: 0dc99fa571b16ca68d43da1217f0df39 C:\Program Files\BitDefender\BitDefender 2010\issues.dll
<unsigned> MD5: c35b587477dd5133c7315b17e5197d99 C:\Program Files\BitDefender\BitDefender 2010\knownfilessp.dll
<unsigned> MD5: 63783280c9d59fe4a7c0936e593c2f1c C:\Program Files\BitDefender\BitDefender 2010\libexpatw.dll
<unsigned> MD5: db3b214d755f2b1d3df7ebb5f1d7f9a7 C:\Program Files\BitDefender\BitDefender 2010\live.dll
<unsigned> MD5: cc553b29c3f3ad08889fb34da07fd6cb C:\Program Files\BitDefender\BitDefender 2010\loggeral.dll
<unsigned> MD5: 73eb38cd16f10d4e9feab94a074f9758 C:\Program Files\BitDefender\BitDefender 2010\midasal.dll
<unsigned> MD5: 3694d6eb715d49e39dbf069a027c4635 C:\Program Files\BitDefender\BitDefender 2010\midascomm.dll
<unsigned> MD5: 81ba29d924489060da34b838153a50f5 C:\Program Files\BitDefender\BitDefender 2010\midasdp.dll
<unsigned> MD5: c60bbd93f5845e038736ad0e6dbc191d C:\Program Files\BitDefender\BitDefender 2010\mimepack.dll
<unsigned> MD5: 9fcc26a37b039a3bb850b3c3913ffa96 C:\Program Files\BitDefender\BitDefender 2010\msndll.dll
<unsigned> MD5: 953a3fa47473dd834ca45f4784e9a6ca C:\Program Files\BitDefender\BitDefender 2010\msndp.dll
<unsigned> MD5: 072c599f66d7fc56a3e825b4f1b0ec6a C:\Program Files\BitDefender\BitDefender 2010\nag.dll
<unsigned> MD5: 3330611427eb0b287e2d93124b94a231 C:\Program Files\BitDefender\BitDefender 2010\netscanal.dll
<unsigned> MD5: 120e2bf8e97ed54d17d336cf80bc183d C:\Program Files\BitDefender\BitDefender 2010\npcomm.dll
<unsigned> MD5: cd0c21718924967a5294987cee08561f C:\Program Files\BitDefender\BitDefender 2010\pcontrol.dll
<unsigned> MD5: 2e0484aa83492f340152ad67240c754a C:\Program Files\BitDefender\BitDefender 2010\popup.dll
<unsigned> MD5: 38d5d966c07e30196d0689dd812aca26 C:\Program Files\BitDefender\BitDefender 2010\privintf.dll
<unsigned> MD5: 68b401ee420619d0589cae3587c34878 C:\Program Files\BitDefender\BitDefender 2010\privscan.dll
<unsigned> MD5: 6c0bf0a4aeafb186d122af4c2cfacf48 C:\Program Files\BitDefender\BitDefender 2010\procinfo.dll
<unsigned> MD5: eec0ac794290bbb14ecff29ab489a84b C:\Program Files\BitDefender\BitDefender 2010\productinfo.dll
<unsigned> MD5: 2568b078097d5f619ad25cbaa2ee6a31 C:\Program Files\BitDefender\BitDefender 2010\producttweaksplugin.dll
<unsigned> MD5: c7337a467c72dffe6491db07c7277656 C:\Program Files\BitDefender\BitDefender 2010\quarcore.dll
<unsigned> MD5: 4b0a922d47d33e40e3f8034fd1111fb7 C:\Program Files\BitDefender\BitDefender 2010\quarmgr.dll
<unsigned> MD5: cdc14f4e68e7d44c9f71b162b8bc0f7f C:\Program Files\BitDefender\BitDefender 2010\quarui.dll
<unsigned> MD5: 29db6d468dd2e39940c6931b95e4bdd6 C:\Program Files\BitDefender\BitDefender 2010\reg_sup.dll
<unsigned> MD5: 033804363cfff92d3ceee3aab9147aec C:\Program Files\BitDefender\BitDefender 2010\reginfo.dll
<unsigned> MD5: d72b8be50bb5ba64cd4ed7c618e754b0 C:\Program Files\BitDefender\BitDefender 2010\registry.dll
<unsigned> MD5: 5372a64cbf245a7782c986aa202c60e1 C:\Program Files\BitDefender\BitDefender 2010\registryal.dll
<unsigned> MD5: d39ce32e0484e4f8938202f61b74c9c5 C:\Program Files\BitDefender\BitDefender 2010\scansp.dll
<unsigned> MD5: 2ecebf0613d1c7bafc812151a6c1ffb0 C:\Program Files\BitDefender\BitDefender 2010\sch_serv.dll
<unsigned> MD5: 02fa9f26c1376dc346fe753a9871e46e C:\Program Files\BitDefender\BitDefender 2010\script.dll
<unsigned> MD5: ecd5597fac4899a51ee376bd0c95e6da C:\Program Files\BitDefender\BitDefender 2010\security.dll
<unsigned> MD5: 1fd8a42d0d84bd27ef5baadc7e64ef30 C:\Program Files\BitDefender\BitDefender 2010\sfal.dll
<unsigned> MD5: 4d70158a932f80b243c74bd6c472d0c3 C:\Program Files\BitDefender\BitDefender 2010\sfprocdp.dll
<unsigned> MD5: dcb2d0048b897a7bab0c1778111b5725 C:\Program Files\BitDefender\BitDefender 2010\smartscnal.dll
<unsigned> MD5: 549956058c6257c80fc38d02f2fc4a18 C:\Program Files\BitDefender\BitDefender 2010\sqlite3.dll
<unsigned> MD5: ea048f013773593e174ee6a10d3e4c75 C:\Program Files\BitDefender\BitDefender 2010\strdecoder.dll
<unsigned> MD5: 4d20af21b4bad55a5ad9f775e8111e3a C:\Program Files\BitDefender\BitDefender 2010\sysinfo.dll
<unsigned> MD5: 394d7f587d8ea3887c926322c85083f8 C:\Program Files\BitDefender\BitDefender 2010\tuneup.dll
<unsigned> MD5: 8edbd17b909d3432df487aa861faf308 C:\Program Files\BitDefender\BitDefender 2010\tuneupconp.dll
<unsigned> MD5: 8dd193953b7924df74ca3df585a05267 C:\Program Files\BitDefender\BitDefender 2010\txmlx.dll
<unsigned> MD5: b0b2a51c329fc9be19acb4691a0bc959 C:\Program Files\BitDefender\BitDefender 2010\vscan.dll
<unsigned> MD5: fb5cde81ce3e0e2f22ac9026ada120eb C:\Program Files\BitDefender\BitDefender 2010\vshield.dll
<unsigned> MD5: 816015779b8d8609cc86f3296f5cad29 C:\Program Files\BitDefender\BitDefender 2010\vulnerability.dll
<unsigned> MD5: 0a264d5c2b3d6c3e68d3bb53ed9ab227 C:\Program Files\BitDefender\BitDefender 2010\wizards.dll
<unsigned> MD5: e084a996dd300ffc3daa8ae6896011d3 C:\Program Files\BitDefender\BitDefender 2010\wslib.dll
<unsigned> MD5: aa41addc010862d6e5992cc1039ef944 C:\Program Files\BitDefender\BitDefender 2010\wspack.dll
<unsigned> MD5: ec4ce6d06b04ce2f29e2a70c5bd7b9ff C:\Program Files\BitDefender\BitDefender 2010\wsutils.dll
<unsigned> MD5: 087de82b13c51fdeee25f2c61ee7fc9d C:\Program Files\BitDefender\BitDefender 2010\ycryptp.dll
<unsigned> MD5: 1b69d55119bacc44166b2d42ffa82fee C:\Program Files\BitDefender\BitDefender 2010\ymdp.dll
<unsigned> MD5: d90a33660d328a9f587580f0b38c85de C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys
<unsigned> MD5: 5f67cd0e938b5669970c5872275dc753 C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll
<unsigned> MD5: fc3ad2be54a26b6c6e7b374805a8c17d C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\smartscn.dll
<unsigned> MD5: b16d66a71de03285e14e9f165b59eda4 C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys
<unsigned> MD5: 61d3f01351ebce4dc2434f868f330b1c C:\Program Files\Common Files\BitDefender\BitDefender Update Service\bdutils.dll
<unsigned> MD5: 120e2bf8e97ed54d17d336cf80bc183d C:\Program Files\Common Files\BitDefender\BitDefender Update Service\npcomm.dll
<unsigned> MD5: eec0ac794290bbb14ecff29ab489a84b C:\Program Files\Common Files\BitDefender\BitDefender Update Service\productinfo.dll
<unsigned> MD5: 16f9a2dfbe5c1185d7e5280e3d9682ed C:\Program Files\Common Files\BitDefender\BitDefender Update Service\txmlutil.dll
<unsigned> MD5: e084a996dd300ffc3daa8ae6896011d3 C:\Program Files\Common Files\BitDefender\BitDefender Update Service\wslib.dll
<unsigned> MD5: aa41addc010862d6e5992cc1039ef944 C:\Program Files\Common Files\BitDefender\BitDefender Update Service\wspack.dll
<unsigned> MD5: ec4ce6d06b04ce2f29e2a70c5bd7b9ff C:\Program Files\Common Files\BitDefender\BitDefender Update Service\wsutils.dll
<unsigned> MD5: 9160c25c439a846e43b32b26a3595d90 C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
<unsigned> MD5: f18ab6e6881f51e30a68747068f47a31 c:\program files\google\googletoolbar.dll
<unsigned> MD5: 6f2e3275f0815587c3f79effb6395c61 C:\Program Files\Internet Download Manager\IDMan.exe
<unsigned> MD5: 86f1895ae8c5e8b17d99ece768a70732 C:\Program Files\Java\jre6\bin\msvcr71.dll
<unsigned> MD5: dee8f03d1eace0c8f914a2c76568ea32 c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
<unsigned> MD5: e7886851fec5177961f719f07339cecd C:\Program Files\Messenger\msmsgs.exe
<unsigned> MD5: 9d38320bb32230349379df5ddbbf7fce C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
<unsigned> MD5: aaf9b4df67938753cb21808ea3574242 C:\Program Files\RO\npkcrypt.sys
<unsigned> MD5: 4a2a05b25df4385f5aec6f07b1c1e93d C:\Program Files\RocketDock\RocketDock.dll
<unsigned> MD5: 7dfccc67990b6de7f30f553a4e4612a4 C:\Program Files\RocketDock\RocketDock.exe
<unsigned> MD5: a986fcfdac587e68478db51547b90800 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
<unsigned> MD5: cbf6d4324b846e6e79e1a1746721f944 C:\WINDOWS\SOUNDMAN.EXE
<unsigned> MD5: be5d50529799b9bab6be879ec768b6cf C:\WINDOWS\system32\drivers\BIOS.sys
<unsigned> MD5: c71394d99a04ca76484492f590c9cba5 C:\WINDOWS\system32\drivers\SECDRV.sys
<unsigned> MD5: 790a4ca68f44be35967b3df61f3e4675 C:\WINDOWS\system32\FsUsbExDisk.SYS
<unsigned> MD5: cf0376023360aadd55c89ba50564afdc C:\WINDOWS\system32\mdimon.dll
<unsigned> MD5: 58e13a2292839321d3cdc918d5a4f5ae C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
<unsigned> MD5: 16f9a2dfbe5c1185d7e5280e3d9682ed C:\WINDOWS\system32\txmlutil.dll
<unsigned> MD5: d56227e628537269df9d0ff04aa67768 C:\WINDOWS\system32\uxtheme.dll

The following file(s) must be uploaded for server-side scanning:
C:\WINDOWS\SOUNDMAN.EXE

Upload started - 1 file(s)
SOUNDMAN.EXE (90112)
Upload speed - 1 KB/s
Upload finished - 1 uploaded, 0 failed

The uploaded file(s) were found clean.

Scan finished - communication took 110 sec
Total traffic - 0.17 MB sent, 2.91 KB recvd
Scanned 1091 files and modules - 735 seconds

This is the bit defender log, well I'm suing bit defender 2010 Total Security as my AV and the results are the same.

Ill uninstall the ask toolbar and then restart ill post if its still like it or its fine now

EDIT: Startup is faster, shutdown is still the same still taking forever/not shutting down

Edited by Geek of Spades, 02 April 2010 - 08:23 PM.