Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

something causing various problems


  • Please log in to reply

#1
General Field Marshal

General Field Marshal

    Member

  • Member
  • PipPip
  • 71 posts
I couple of nights ago I got hit by something. Right now, Avast alerts are going off quite often, i'm having trouble putting my computer in standby or shutting it off, there are redirects, freezing, slowness issues, cursor can't be moved, etc . . .

OTL logfile created on: 4/30/2011 2:15:55 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Primo\Desktop\malware stuff
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 340.00 Mb Available Physical Memory | 33.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 33.35 Gb Total Space | 15.37 Gb Free Space | 46.09% Space Free | Partition Type: NTFS

Computer Name: DESERT7210 | User Name: Primo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/30 02:14:27 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Primo\Desktop\malware stuff\OTL.exe
PRC - [2011/04/29 15:17:35 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/01/13 03:47:34 | 003,396,624 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/01/13 03:47:33 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/07/06 09:01:16 | 002,634,048 | ---- | M] (Veoh Networks) -- C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
PRC - [2010/06/02 19:50:58 | 001,144,104 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2008/08/21 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003/06/24 14:34:38 | 000,126,976 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe


========== Modules (SafeList) ==========

MOD - [2011/04/30 02:14:27 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Primo\Desktop\malware stuff\OTL.exe
MOD - [2011/01/13 03:47:35 | 000,189,728 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2003/06/24 14:33:54 | 000,065,536 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/04/28 12:10:35 | 000,215,552 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\WINDOWS\system32\itlpfw32.dll -- (itlperf)
SRV - [2011/01/13 03:47:33 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2004/08/17 20:00:00 | 000,073,728 | -H-- | M] () [Auto | Running] -- C:\WINDOWS\system32\6to4ex.dll -- (6to4)


========== Driver Services (SafeList) ==========

DRV - [2011/01/13 03:41:16 | 000,294,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/01/13 03:40:16 | 000,047,440 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/01/13 03:40:04 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/01/13 03:37:30 | 000,023,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/01/13 03:37:11 | 000,029,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/01/13 03:37:09 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2007/05/02 08:54:08 | 000,472,224 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2007/02/06 22:38:32 | 001,133,568 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/01/25 17:27:14 | 001,038,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/01/25 17:26:36 | 000,207,616 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2005/01/25 17:26:28 | 000,703,616 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/...UGO&form=ZGAPHP
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:23012

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..keyword.URL: "http://www.bing.com/...form=ZGAADF&q="
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 50370
FF - prefs.js..network.proxy.type: 0


FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/29 15:17:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/25 03:56:03 | 000,000,000 | ---D | M]

[2010/04/21 23:18:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Primo\Application Data\Mozilla\Extensions
[2011/03/23 02:43:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Primo\Application Data\Mozilla\Firefox\Profiles\37v2w6j0.default\extensions
[2010/10/27 21:40:11 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Documents and Settings\Primo\Application Data\Mozilla\Firefox\Profiles\37v2w6j0.default\extensions\[email protected]
[2011/02/28 01:16:07 | 000,001,919 | ---- | M] () -- C:\Documents and Settings\Primo\Application Data\Mozilla\Firefox\Profiles\37v2w6j0.default\searchplugins\bing-zugo.xml
[2011/03/25 03:56:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/02/01 19:51:39 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/11/15 02:57:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
File not found (No name found) --
[2010/11/15 02:57:12 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/04/29 15:17:34 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/11/15 02:57:09 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

Hosts file not found
O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [GHWAUC6NNZ] File not found
O4 - HKCU..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\itlntfy: DllName - itlnfw32.dll - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Primo\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Primo\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/04/03 22:00:26 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/29 14:56:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/04/29 14:56:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/04/28 01:58:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/04/27 19:22:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2011/04/22 23:13:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Primo\Start Menu\Programs\WinRAR
[2011/04/22 23:13:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Primo\Application Data\WinRAR
[2011/04/22 23:13:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR
[2011/04/22 23:13:17 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2011/04/22 23:08:29 | 000,000,000 | -HSD | C] -- C:\Config.Msi

========== Files - Modified Within 30 Days ==========

[2011/04/30 02:08:10 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/30 02:01:33 | 000,000,302 | -HS- | M] () -- C:\WINDOWS\tasks\itioepuuzm.job
[2011/04/30 02:01:10 | 000,000,306 | -HS- | M] () -- C:\WINDOWS\tasks\EJQMIJ.job
[2011/04/30 02:01:03 | 000,000,310 | -HS- | M] () -- C:\WINDOWS\tasks\yhoxh.job
[2011/04/30 01:58:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/30 01:58:27 | 1072,664,576 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/29 15:16:30 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/29 13:13:20 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/04/29 02:51:49 | 000,005,120 | ---- | M] () -- C:\Documents and Settings\Primo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/27 19:22:18 | 000,157,184 | RHS- | M] () -- C:\WINDOWS\System32\kbdhepts.dll
[2011/04/25 14:00:10 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/04/24 01:14:00 | 000,052,226 | ---- | M] () -- C:\Documents and Settings\Primo\Desktop\SANY0011.jpg
[2011/04/19 10:14:37 | 000,090,296 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/19 09:35:32 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

========== Files Created - No Company Name ==========

[2011/04/28 13:10:25 | 1072,664,576 | -HS- | C] () -- C:\hiberfil.sys
[2011/04/27 19:22:19 | 000,000,310 | -HS- | C] () -- C:\WINDOWS\tasks\yhoxh.job
[2011/04/27 19:22:19 | 000,000,306 | -HS- | C] () -- C:\WINDOWS\tasks\EJQMIJ.job
[2011/04/27 19:22:19 | 000,000,302 | -HS- | C] () -- C:\WINDOWS\tasks\itioepuuzm.job
[2011/04/27 19:22:18 | 000,157,184 | RHS- | C] () -- C:\WINDOWS\System32\kbdhepts.dll
[2011/04/24 01:13:56 | 000,052,226 | ---- | C] () -- C:\Documents and Settings\Primo\Desktop\SANY0011.jpg
[2011/04/02 17:14:58 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\Primo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/02 20:05:32 | 000,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/02/02 20:05:32 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/02/01 19:54:17 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/04/25 03:25:10 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/22 14:15:47 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2010/04/21 23:18:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/07/15 08:56:42 | 000,087,540 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2006/04/04 13:58:35 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/04/03 22:03:03 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/04/03 21:57:28 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/04/03 21:42:01 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/04/03 21:42:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/04/03 21:42:00 | 000,312,172 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/04/03 21:42:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/04/03 21:42:00 | 000,040,394 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/04/03 21:42:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/04/03 21:42:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/04/03 21:41:59 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/04/03 21:41:59 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/04/03 21:41:59 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/04/03 21:41:51 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/04/03 21:41:50 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2006/04/03 14:51:42 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/04/03 14:50:44 | 000,090,296 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/17 20:00:00 | 000,073,728 | -H-- | C] () -- C:\WINDOWS\System32\6to4ex.dll
[2003/06/24 14:43:48 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll

========== LOP Check ==========

[2010/06/08 13:16:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/10/19 00:26:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/04/22 23:08:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/06/16 23:16:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Primo\Application Data\Facebook
[2010/10/18 16:33:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Primo\Application Data\InterVideo
[2011/04/30 02:01:10 | 000,000,306 | -HS- | M] () -- C:\WINDOWS\Tasks\EJQMIJ.job
[2011/04/30 02:01:33 | 000,000,302 | -HS- | M] () -- C:\WINDOWS\Tasks\itioepuuzm.job
[2011/04/30 02:01:03 | 000,000,310 | -HS- | M] () -- C:\WINDOWS\Tasks\yhoxh.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8

< End of report >

Thanks
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,330 posts
  • MVP
Copy the text in the code box by highlighting and Ctrl + c

:Services
itlperf
6to4
HidServ
AppMgmt

:OTL
SRV - [2011/04/28 12:10:35 | 000,215,552 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\WINDOWS\system32\itlpfw32.dll -- (itlperf)
SRV - [2004/08/17 20:00:00 | 000,073,728 | -H-- | M] () [Auto | Running] -- C:\WINDOWS\system32\6to4ex.dll -- (6to4)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:23012
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 50370
[2010/11/15 02:57:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKCU..\Run: [GHWAUC6NNZ] File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O20 - Winlogon\Notify\itlntfy: DllName - itlnfw32.dll - File not found
[2011/04/27 19:22:19 | 000,000,310 | -HS- | C] () -- C:\WINDOWS\tasks\yhoxh.job
[2011/04/27 19:22:19 | 000,000,306 | -HS- | C] () -- C:\WINDOWS\tasks\EJQMIJ.job
[2011/04/27 19:22:19 | 000,000,302 | -HS- | C] () -- C:\WINDOWS\tasks\itioepuuzm.job
[2011/04/27 19:22:18 | 000,157,184 | RHS- | C] () -- C:\WINDOWS\System32\kbdhepts.dll

:Files
C:\Windows\system32\itlpfw32.dll

:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
""=""%1" %*"
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\itlnfw32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Intel\Perfermence]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost]
"itlsvc"=-
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"WarnOnZoneCrossing"=-
"WarnOnPostRedirect"=-
"WarnonBadCertRecving"=-
"WarnOnHTTPSToHTTPRedirect"=-
"WarnOnPost"=-
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3]
"Flags"=dword:00000001
"1001"=dword:00000001
"1004"=dword:00000003
"1200"=dword:00000000
"1201"=dword:00000003
"1206"=dword:00000003
"1207"=dword:00000003
"1208"=dword:00000003
"1209"=dword:00000003
"120A"=dword:00000003
"1400"=dword:00000000
"1402"=dword:00000000
"1405"=dword:00000000
"1406"=dword:00000003
"1407"=dword:00000001
"1408"=dword:00000003
"1601"=dword:00000000
"1604"=dword:00000000
"1605"=dword:00000000
"1606"=dword:00000000
"1607"=dword:00000003
"1608"=dword:00000000
"1609"=dword:00000001
"160A"=dword:00000000
"1800"=dword:00000001
"1802"=dword:00000000
"1803"=dword:00000000
"1804"=dword:00000001
"1805"=dword:00000001
"1806"=dword:00000001
"1807"=dword:00000001
"1808"=dword:00000000
"1809"=dword:00000000
"180A"=dword:00000003
"180C"=dword:00000003
"180D"=dword:00000001
"2301"=dword:00000000
"1A00"=dword:00020000
"1A02"=dword:00000000
"1A03"=dword:00000000
"1A04"=dword:00000003
"1A05"=dword:00000001
"1A06"=dword:00000000
"1A10"=dword:00000001
"1C00"=dword:00010000
"1E05"=dword:00020000
"2000"=dword:00000000
"2100"=dword:00000000
"2101"=dword:00000000
"2102"=dword:00000003
"2103"=dword:00000003
"2104"=dword:00000003
"2105"=dword:00000003
"2200"=dword:00000003
"2201"=dword:00000003
"2300"=dword:00000001
"2400"=dword:00000000
"2401"=dword:00000000
"2402"=dword:00000000
"2600"=dword:00000000
[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main]
"DisableScriptDebuggerIE"=-
"Error Dlg Displayed On Every Error"=-
"Play_Animations"=-
"Display Inline Videos"=-

   
:Commands
[RESETHOSTS]
[purity]
[emptytemp]
[Reboot]

then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.

Open OTL again and select All option in the Extra Registry group and also change the File Age to 120 then hit the Run Scan button. Post the two logs it produces in your next reply.

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.

ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Rename this file -- (call it george.exe ) to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on george to start the program.
* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Double click on TDSSKiller.exe
If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Download

http://ad13.geekstogo.com/MBRCheck.exe

Save it and run it. It will produce a log MBRCheck(date).txt on your desktop. Copy and paste it into a reply.




If any of the programs fail to run try pausing your antivirus before downloading or running. If that doesn't help then:

First download and save the free Avast 6:

http://www.avast.com...ivirus-download

Uninstall your current anti-virus.

Now install the free Avast 6!
Once you have it installed and it has updated:
Click on the Avast ball. Then click on Scan Computer, then on
Boot-Time Scan then on Settings. Change the Ask at the bottom to Move to Chest. OK then Schedule Now.

Now click on Additional Protection, AutoSandbox, Settings, uncheck Enable AutoSandbox, OK. Close the Avast window. Reboot and let it run a scan. It may take hours.
Once it finishes it should load windows.

Now go back and redownload and retry any programs which did not work before. To Pause Avast just right click on the ball and select Avast! Shields Control then Disable until Computer is Restarted, Yes.

Ron
  • 0

#3
General Field Marshal

General Field Marshal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
Ran the first OTL fix. Upon reboot, it generated a log, but then the screen froze, and I had to reboot manually. I thought i'd saved the log, but I can't seem to find it now.
  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,330 posts
  • MVP
No problem. Just go on with the procedure. I just ask for the first log because some people hit the Scan button instead of Run Fix and it's easy to see when that happens. Then next OTL log will show me how well it worked.

Ron
  • 0

#5
General Field Marshal

General Field Marshal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
Ok, thanks. Next OTL log:

OTL logfile created on: 5/1/2011 9:33:08 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Primo\Desktop\malware stuff
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 295.00 Mb Available Physical Memory | 29.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 33.35 Gb Total Space | 15.24 Gb Free Space | 45.70% Space Free | Partition Type: NTFS

Computer Name: DESERT7210 | User Name: Primo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 180 Days

========== Processes (SafeList) ==========

PRC - [2011/04/30 02:14:27 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Primo\Desktop\malware stuff\OTL.exe
PRC - [2011/04/29 15:17:35 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/01/13 03:47:34 | 003,396,624 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/01/13 03:47:33 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/07/06 09:01:16 | 002,634,048 | ---- | M] (Veoh Networks) -- C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
PRC - [2010/06/02 19:50:58 | 001,144,104 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2008/08/21 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003/06/24 14:34:38 | 000,126,976 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe


========== Modules (SafeList) ==========

MOD - [2011/04/30 02:14:27 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Primo\Desktop\malware stuff\OTL.exe
MOD - [2011/01/13 03:47:35 | 000,189,728 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2003/06/24 14:33:54 | 000,065,536 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/01/13 03:47:33 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)


========== Driver Services (SafeList) ==========

DRV - [2011/01/13 03:41:16 | 000,294,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/01/13 03:40:16 | 000,047,440 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/01/13 03:40:04 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/01/13 03:37:30 | 000,023,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/01/13 03:37:11 | 000,029,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/01/13 03:37:09 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2007/05/02 08:54:08 | 000,472,224 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2007/02/06 22:38:32 | 001,133,568 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/01/25 17:27:14 | 001,038,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/01/25 17:26:36 | 000,207,616 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2005/01/25 17:26:28 | 000,703,616 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/...UGO&form=ZGAPHP
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..keyword.URL: "http://www.bing.com/...form=ZGAADF&q="
FF - prefs.js..network.proxy.type: 0


FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/29 15:17:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/25 03:56:03 | 000,000,000 | ---D | M]

[2010/04/21 23:18:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Primo\Application Data\Mozilla\Extensions
[2011/03/23 02:43:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Primo\Application Data\Mozilla\Firefox\Profiles\37v2w6j0.default\extensions
[2010/10/27 21:40:11 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Documents and Settings\Primo\Application Data\Mozilla\Firefox\Profiles\37v2w6j0.default\extensions\[email protected]
[2011/02/28 01:16:07 | 000,001,919 | ---- | M] () -- C:\Documents and Settings\Primo\Application Data\Mozilla\Firefox\Profiles\37v2w6j0.default\searchplugins\bing-zugo.xml
[2011/05/01 18:20:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/02/01 19:51:39 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
File not found (No name found) --
[2010/11/15 02:57:12 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/04/29 15:17:34 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/11/15 02:57:09 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

Hosts file not found
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Primo\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Primo\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/04/03 22:00:26 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 180 Days ==========

[2011/05/01 18:19:55 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/04/30 03:27:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\DivX
[2011/04/29 14:56:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/04/29 14:56:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/04/28 01:58:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/04/27 19:22:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2011/04/22 23:13:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Primo\Start Menu\Programs\WinRAR
[2011/04/22 23:13:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Primo\Application Data\WinRAR
[2011/04/22 23:13:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR
[2011/04/22 23:13:17 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2011/04/22 23:08:29 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/03/28 23:39:27 | 000,000,000 | ---D | C] -- C:\Program Files\IrfanView
[2011/03/28 23:39:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Primo\Start Menu\Programs\IrfanView
[2011/03/28 23:38:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Primo\Software.com
[2011/03/28 23:38:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Download Center
[2011/03/28 23:38:09 | 000,000,000 | ---D | C] -- C:\Program Files\Software.com
[2011/03/09 02:00:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Primo\My Documents\fat tuesday
[2011/02/28 01:22:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Primo\Local Settings\Application Data\Ilivid Player
[2011/02/28 01:15:44 | 000,000,000 | ---D | C] -- C:\Program Files\ilivid
[2011/02/02 20:05:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Xvid
[2011/02/02 20:05:32 | 000,000,000 | ---D | C] -- C:\Program Files\Xvid
[2011/02/01 19:54:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Primo\Application Data\skypePM
[2011/02/01 19:51:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2011/02/01 19:51:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2011/02/01 19:51:14 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2011/02/01 19:51:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Primo\Application Data\Skype
[2011/02/01 19:51:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2011/02/01 19:36:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Primo\Desktop\Liberal Crime Squad
[2011/01/21 16:37:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Primo\Start Menu\Programs\Administrative Tools
[2011/01/08 15:37:00 | 000,121,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbvideo.sys
[2011/01/08 15:37:00 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vfwwdm32.dll
[2011/01/08 15:37:00 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vfwwdm32.dll
[2011/01/08 15:36:58 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dshowext.ax
[2011/01/08 15:36:58 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dshowext.ax
[2011/01/08 15:36:52 | 000,032,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbccgp.sys
[2010/11/15 23:07:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Primo\Desktop\malware stuff
[2010/11/15 02:57:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/11/15 02:57:28 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/11/15 02:57:28 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/11/15 02:57:28 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/11/15 02:57:28 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/11/15 02:57:28 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/11/15 02:56:56 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/11/08 02:45:19 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/11/03 23:36:13 | 000,000,000 | ---D | C] -- C:\Program Files\Veetle

========== Files - Modified Within 180 Days ==========

[2011/05/01 21:19:30 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/05/01 21:16:59 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/01 21:08:59 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2011/05/01 21:08:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/01 21:07:59 | 1072,664,576 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/01 13:30:54 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/30 12:09:40 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2011/04/29 02:51:49 | 000,005,120 | ---- | M] () -- C:\Documents and Settings\Primo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/25 14:00:10 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/04/24 01:14:00 | 000,052,226 | ---- | M] () -- C:\Documents and Settings\Primo\Desktop\SANY0011.jpg
[2011/04/19 10:14:37 | 000,090,296 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/19 09:35:32 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/03/28 23:39:28 | 000,001,565 | ---- | M] () -- C:\Documents and Settings\Primo\Desktop\IrfanView Thumbnails.lnk
[2011/03/28 23:39:28 | 000,000,685 | ---- | M] () -- C:\Documents and Settings\Primo\Desktop\IrfanView.lnk
[2011/03/25 03:56:10 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Primo\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/03/25 03:56:09 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/03/13 12:46:39 | 000,312,172 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/13 12:46:39 | 000,040,394 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/07 00:33:50 | 000,692,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll
[2011/03/04 01:45:07 | 000,512,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jscript.dll
[2011/03/04 01:45:07 | 000,512,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jscript.dll
[2011/03/04 01:45:07 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\vbscript.dll
[2011/03/04 01:45:07 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vbscript.dll
[2011/03/03 08:21:11 | 001,857,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\win32k.sys
[2011/03/03 08:21:11 | 001,857,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
[2011/03/03 01:55:19 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dnsapi.dll
[2011/02/17 08:51:57 | 003,078,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2011/02/17 08:51:57 | 001,510,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shdocvw.dll
[2011/02/17 08:51:57 | 001,025,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browseui.dll
[2011/02/17 08:51:57 | 000,667,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2011/02/17 08:51:57 | 000,629,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2011/02/17 08:51:57 | 000,532,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll
[2011/02/17 08:51:57 | 000,532,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll
[2011/02/17 08:51:57 | 000,449,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll
[2011/02/17 08:51:57 | 000,251,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll
[2011/02/17 08:51:57 | 000,251,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2011/02/17 08:51:57 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll
[2011/02/17 08:51:57 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieencode.dll
[2011/02/17 08:51:57 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdc.ocx
[2011/02/17 08:18:24 | 000,455,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2011/02/17 08:18:03 | 000,357,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2011/02/17 07:37:38 | 000,369,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\html.iec
[2011/02/15 07:56:39 | 000,290,432 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\dllcache\atmfd.dll
[2011/02/15 07:56:39 | 000,290,432 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\atmfd.dll
[2011/02/09 08:53:52 | 000,270,848 | ---- | M] () -- C:\WINDOWS\System32\dllcache\sbe.dll
[2011/02/09 08:53:52 | 000,186,880 | ---- | M] () -- C:\WINDOWS\System32\dllcache\encdec.dll
[2011/02/08 08:33:55 | 000,978,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc42.dll
[2011/02/08 08:33:55 | 000,978,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll
[2011/02/08 08:33:55 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc42u.dll
[2011/02/08 08:33:55 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42u.dll
[2011/02/04 15:23:55 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/02/02 02:58:35 | 002,067,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lhmstscx.dll
[2011/02/01 19:54:17 | 000,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/01/27 06:57:06 | 000,677,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lhmstsc.exe
[2011/01/21 09:44:37 | 008,462,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell32.dll
[2011/01/21 09:44:37 | 000,439,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shimgvw.dll
[2011/01/14 01:12:38 | 001,198,213 | ---- | M] () -- C:\Documents and Settings\Primo\My Documents\DSCI0791.JPG
[2011/01/14 01:11:56 | 001,158,743 | ---- | M] () -- C:\Documents and Settings\Primo\My Documents\DSCI0790.JPG
[2011/01/14 01:11:30 | 001,300,443 | ---- | M] () -- C:\Documents and Settings\Primo\My Documents\DSCI0789.JPG
[2011/01/14 01:11:20 | 001,150,343 | ---- | M] () -- C:\Documents and Settings\Primo\My Documents\DSCI0788.JPG
[2011/01/14 01:11:06 | 001,138,029 | ---- | M] () -- C:\Documents and Settings\Primo\My Documents\DSCI0787.JPG
[2011/01/14 01:10:20 | 001,256,233 | ---- | M] () -- C:\Documents and Settings\Primo\My Documents\DSCI0786.JPG
[2011/01/14 01:10:10 | 001,382,009 | ---- | M] () -- C:\Documents and Settings\Primo\My Documents\DSCI0785.JPG
[2011/01/14 01:09:56 | 001,292,448 | ---- | M] () -- C:\Documents and Settings\Primo\My Documents\DSCI0784.JPG
[2011/01/13 03:47:35 | 000,038,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/01/13 03:47:32 | 000,188,216 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/01/13 03:41:16 | 000,294,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/01/13 03:40:16 | 000,047,440 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/01/13 03:40:04 | 000,100,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/01/13 03:39:50 | 000,094,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/01/13 03:37:30 | 000,023,632 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/01/13 03:37:11 | 000,029,392 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/01/13 03:37:09 | 000,017,744 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/12/22 07:34:28 | 000,301,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kerberos.dll
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/12/20 12:26:00 | 000,730,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\lsasrv.dll
[2010/12/20 12:26:00 | 000,730,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2010/12/09 09:30:22 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\csrsrv.dll
[2010/12/09 09:30:22 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\csrsrv.dll
[2010/12/09 08:42:26 | 002,148,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2010/12/09 08:38:47 | 002,192,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ntoskrnl.exe
[2010/12/09 08:38:47 | 002,192,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2010/12/09 08:07:07 | 002,027,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2010/12/09 08:07:05 | 002,069,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ntkrnlpa.exe
[2010/12/09 08:07:05 | 002,069,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2010/12/07 23:07:09 | 000,001,871 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Barbarian Invasion.lnk
[2010/11/18 13:12:44 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\isign32.dll
[2010/11/18 13:12:44 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isign32.dll
[2010/11/15 02:57:08 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/11/15 02:57:08 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/11/15 02:57:08 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/11/15 02:57:08 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/11/15 02:57:08 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/11/09 09:52:35 | 000,536,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado15.dll
[2010/11/09 09:52:35 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\odbc32.dll
[2010/11/09 09:52:35 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\odbc32.dll
[2010/11/09 09:52:35 | 000,200,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadox.dll
[2010/11/09 09:52:35 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadomd.dll
[2010/11/09 09:52:35 | 000,143,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadco.dll
[2010/11/09 09:52:35 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msjro.dll
[2010/11/08 07:41:00 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado27.tlb
[2010/11/08 07:41:00 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado26.tlb
[2010/11/08 07:41:00 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado25.tlb
[2010/11/08 07:41:00 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado21.tlb
[2010/11/08 07:41:00 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado20.tlb

========== Files Created - No Company Name ==========

[2011/04/30 20:08:34 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2011/04/30 12:09:40 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2011/04/28 13:10:25 | 1072,664,576 | -HS- | C] () -- C:\hiberfil.sys
[2011/04/24 01:13:56 | 000,052,226 | ---- | C] () -- C:\Documents and Settings\Primo\Desktop\SANY0011.jpg
[2011/04/02 17:14:58 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\Primo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/28 23:39:28 | 000,001,565 | ---- | C] () -- C:\Documents and Settings\Primo\Desktop\IrfanView Thumbnails.lnk
[2011/03/28 23:39:28 | 000,000,685 | ---- | C] () -- C:\Documents and Settings\Primo\Desktop\IrfanView.lnk
[2011/03/25 03:56:09 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/02/02 20:05:32 | 000,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/02/02 20:05:32 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/02/02 20:05:32 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\xvid.ax
[2011/02/01 19:54:17 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/02/01 19:51:24 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/01/13 12:23:52 | 001,382,009 | ---- | C] () -- C:\Documents and Settings\Primo\My Documents\DSCI0785.JPG
[2011/01/13 12:23:50 | 001,292,448 | ---- | C] () -- C:\Documents and Settings\Primo\My Documents\DSCI0784.JPG
[2011/01/13 12:23:48 | 001,198,213 | ---- | C] () -- C:\Documents and Settings\Primo\My Documents\DSCI0791.JPG
[2011/01/13 12:23:46 | 001,158,743 | ---- | C] () -- C:\Documents and Settings\Primo\My Documents\DSCI0790.JPG
[2011/01/13 12:23:44 | 001,300,443 | ---- | C] () -- C:\Documents and Settings\Primo\My Documents\DSCI0789.JPG
[2011/01/13 12:23:42 | 001,150,343 | ---- | C] () -- C:\Documents and Settings\Primo\My Documents\DSCI0788.JPG
[2011/01/13 12:23:41 | 001,138,029 | ---- | C] () -- C:\Documents and Settings\Primo\My Documents\DSCI0787.JPG
[2011/01/13 12:23:38 | 001,256,233 | ---- | C] () -- C:\Documents and Settings\Primo\My Documents\DSCI0786.JPG
[2010/12/07 23:07:09 | 000,001,871 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Barbarian Invasion.lnk
[2010/04/25 03:25:10 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/22 14:15:47 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2010/04/21 23:18:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/07/15 08:56:42 | 000,087,540 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2006/04/04 13:58:35 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/04/03 22:03:03 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/04/03 21:57:28 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/04/03 21:42:01 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/04/03 21:42:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/04/03 21:42:00 | 000,312,172 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/04/03 21:42:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/04/03 21:42:00 | 000,040,394 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/04/03 21:42:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/04/03 21:42:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/04/03 21:41:59 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/04/03 21:41:59 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/04/03 21:41:59 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/04/03 21:41:51 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/04/03 21:41:50 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2006/04/03 14:51:42 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/04/03 14:50:44 | 000,090,296 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/06/24 14:43:48 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8

< End of report >
  • 0

#6
General Field Marshal

General Field Marshal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
Extras log part 1:

OTL Extras logfile created on: 5/1/2011 9:33:08 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Primo\Desktop\malware stuff
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 295.00 Mb Available Physical Memory | 29.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 33.35 Gb Total Space | 15.24 Gb Free Space | 45.70% Space Free | Partition Type: NTFS

Computer Name: DESERT7210 | User Name: Primo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 180 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
InternetShortcut [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Disabled:Veoh Web Player -- (Veoh Networks)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Mozilla Firefox -- (Mozilla Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}" = QuickTime
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 22
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZero Preloader
"{44734179-8A79-4DEE-BB08-73037F065543}" = Apple Mobile Device Support
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51D386C4-0227-46A9-AC45-61F0A50E7AFF}" = Rome - Total War
"{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}" = iTunes
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD
"{9FF889B0-2F9A-495d-9C65-9F0710310A82DC}" = Download Center
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{BCD99FFB-70B6-475E-9BAF-536FBF9AA962}" = PEOPLEPCAOL
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{FD69C8CB-6964-432C-98AB-A5A09ED50EEA}" = Barbarian Invasion
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ATI Display Driver" = ATI Display Driver
"avast5" = avast! Free Antivirus
"CNXT_MODEM_PCI_VEN_8086&DEV_24C6&SUBSYS_05591014" = ThinkPad Integrated 56K Modem
"DivX Setup.divx.com" = DivX Setup
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"MSNINST" = MSN
"Power Management Driver" = ThinkPad Power Management Driver
"PROSet" = Intel® PRO Network Connections Drivers
"SynTPDeinstKey" = IBM ThinkPad UltraNav Driver
"Veetle TV" = Veetle TV 0.9.18
"Veoh Web Player Beta" = Veoh Web Player
"WinRAR archiver" = WinRAR 4.00 (32-bit)
"Xvid_is1" = Xvid 1.2.1 final uninstall

========== HKEY_CURRENT_USER Uninstall List ==========
  • 0

#7
General Field Marshal

General Field Marshal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
I don't know why it's so hard to post OTL Extras logs. I'll attach the whole thing instead.

Attached Files


  • 0

#8
General Field Marshal

General Field Marshal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
Malwarebytes log:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6488

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

5/1/2011 11:14:48 PM
mbam-log-2011-05-01 (23-14-48).txt

Scan type: Full scan (C:\|)
Objects scanned: 189749
Time elapsed: 40 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\GHWAUC6NNZ (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{B58926D6-CFB0-45d2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Value: {B58926D6-CFB0-45d2-9C28-4B5A0F0368AE} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{B58926D6-CFB0-45d2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Value: {B58926D6-CFB0-45d2-9C28-4B5A0F0368AE} -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\Primo\my documents\downloads\xvidsetup.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\system volume information\_restore{5a9ae934-098d-4da6-bae0-a05fc692cac6}\rp2\a0004076.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
  • 0

#9
General Field Marshal

General Field Marshal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
Combofix log:

ComboFix 11-05-01.02 - Primo 05/02/2011 0:17.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.731 [GMT -5:00]
Running from: c:\documents and settings\Primo\My Documents\Downloads\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Primo\Application Data\Sun\kbmovm.dll
c:\documents and settings\Primo\Application Data\Sun\mxd1.txt
.
.
((((((((((((((((((((((((( Files Created from 2011-04-02 to 2011-05-02 )))))))))))))))))))))))))))))))
.
.
2011-05-02 04:34 . 2011-05-02 04:34 1409 ----a-w- c:\windows\QTFont.for
2011-05-02 03:21 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-02 03:21 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-01 23:19 . 2011-05-01 23:19 -------- d-----w- C:\_OTL
2011-04-30 08:27 . 2011-04-30 08:27 -------- d-----w- c:\documents and settings\NetworkService\Application Data\DivX
2011-04-29 19:56 . 2011-04-29 19:56 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-04-28 00:22 . 2011-04-28 00:22 -------- d-----w- c:\windows\system32\LogFiles
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-07 05:33 . 2006-04-04 02:58 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:45 . 2006-04-04 02:42 434176 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2006-04-04 02:42 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-17 13:51 . 2006-04-04 02:42 667136 ----a-w- c:\windows\system32\wininet.dll
2011-02-17 13:51 . 2006-04-04 02:42 61952 ----a-w- c:\windows\system32\tdc.ocx
2011-02-17 13:51 . 2006-04-04 02:41 81920 ----a-w- c:\windows\system32\ieencode.dll
2011-02-17 13:18 . 2006-04-04 02:41 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2006-04-04 02:42 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:37 . 2006-04-04 02:41 369664 ----a-w- c:\windows\system32\html.iec
2011-02-17 12:32 . 2010-04-22 14:33 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56 . 2006-04-04 02:41 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 13:53 . 2006-04-04 02:42 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2006-04-04 02:41 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33 . 2006-04-04 02:41 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33 . 2006-04-04 02:41 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-02-02 07:58 . 2006-04-04 02:56 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-04-29 20:17 . 2011-03-25 08:56 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2010-07-06 2634048]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-01-26 15026056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-29 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2003-06-24 126976]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2003-06-24 561152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2011-01-13 3396624]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
.
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [6/8/2010 1:16 PM 294608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/8/2010 1:16 PM 17744]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP
uInternet Settings,ProxyOverride = <local>
FF - ProfilePath - c:\documents and settings\Primo\Application Data\Mozilla\Firefox\Profiles\37v2w6j0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=ZUGO&form=ZGAADF&q=
FF - prefs.js: network.proxy.type - 0
user_pref(security.warn_viewing_mixed,false);
user_pref(security.warn_viewing_mixed.show_once,false);
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
user_pref(security.warn_submit_insecure,false);
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
HKLM_ActiveSetup-{F9F803E5-559F-4323-8962-1572E758FDA7} - c:\documents and settings\Primo\Application Data\Sun\kbmovm.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-02 00:24
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: HTS548040M9AT00 rev.MG2OA5DA -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x866BC57B
user & kernel MBR OK
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(764)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2011-05-02 00:27:02
ComboFix-quarantined-files.txt 2011-05-02 05:26
.
Pre-Run: 16,352,071,680 bytes free
Post-Run: 16,354,209,792 bytes free
.
- - End Of File - - F796A4F41A65B90131CF8CF79ADB3C8E
  • 0

#10
General Field Marshal

General Field Marshal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
Can't run TDSSKiller as administrator, I think I need a password. Not working the normal way
  • 0

Advertisements


#11
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,330 posts
  • MVP
My fault. The Run As Administrator stuff is for Vista and Win 7. Will it run in the normal way? If not:

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan


On completion of the scan (note if the Fix button is available or not and tell me.) click save log, save it to your desktop and post in your next reply.
  • 0

#12
General Field Marshal

General Field Marshal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
aswMBR log:

aswMBR version 0.9.5.232 Copyright© 2011 AVAST Software
Run date: 2011-05-02 01:16:00
-----------------------------
01:16:00.966 OS Version: Windows 5.1.2600 Service Pack 3
01:16:00.966 Number of processors: 1 586 0x905
01:16:00.966 ComputerName: DESERT7210 UserName: Primo
01:16:02.438 Initialize success
01:16:17.550 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
01:16:17.550 Disk 0 Vendor: HTS548040M9AT00 MG2OA5DA Size: 38154MB BusType: 3
01:16:17.550 Device \Driver\atapi -> DriverStartIo 866bc57b
01:16:19.553 Disk 0 MBR read successfully
01:16:19.553 Disk 0 MBR scan
01:16:19.553 Disk 0 [email protected] code has been found
01:16:19.553 Disk 0 Windows XP default MBR code found via API
01:16:19.553 Disk 0 MBR hidden
01:16:19.553 Disk 0 MBR [TDL4] **ROOTKIT**
01:16:19.553 Disk 0 trace - called modules:
01:16:19.553 ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys >>UNKNOWN [0x85ce1cc8]<<
01:16:19.553 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86747ab8]
01:16:19.553 Scan finished successfully
01:16:55.935 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Primo\Desktop\malware stuff\MBR.dat"
01:16:55.935 The log file has been saved successfully to "C:\Documents and Settings\Primo\Desktop\malware stuff\aswMBR.txt"


Yes, there WAS a Fix button
  • 0

#13
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,330 posts
  • MVP
OK run aswmbr again and this time hit the Fix button. The PC may hang when you do but after you reboot it should allow you to run TDSSKiller.

Ron
  • 0

#14
General Field Marshal

General Field Marshal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
MBRCheck log:

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x00000014

Kernel Drivers (total 137):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EF000 \WINDOWS\system32\hal.dll
0x86734000 \WINDOWS\system32\KDCOM.DLL
0xF7C74000 \WINDOWS\system32\BOOTVID.dll
0xF7811000 ACPI.sys
0xF7D60000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7800000 pci.sys
0xF7860000 isapnp.sys
0xF7C78000 compbatt.sys
0xF7C7C000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7E28000 pciide.sys
0xF7AE0000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0xF7D62000 intelide.sys
0xF77E2000 pcmcia.sys
0xF7870000 MountMgr.sys
0xF77C3000 ftdisk.sys
0xF7C80000 ACPIEC.sys
0xF7E29000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF7AE8000 PartMgr.sys
0xF7880000 VolSnap.sys
0xF77AB000 atapi.sys
0xF7890000 disk.sys
0xF78A0000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF778B000 fltMgr.sys
0xF7779000 sr.sys
0xF78B0000 PxHelp20.sys
0xF7762000 KSecDD.sys
0xF76D5000 Ntfs.sys
0xF76A8000 NDIS.sys
0xF768E000 Mup.sys
0xF78C0000 agp440.sys
0xF7970000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF7510000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xF74FC000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF7C58000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF74D8000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7B18000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF74B0000 \SystemRoot\system32\DRIVERS\e1000325.sys
0xF7980000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF7BE8000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF73FB000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xF7D72000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7C38000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7C48000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF7990000 \SystemRoot\system32\DRIVERS\serial.sys
0xF7D4C000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF73E7000 \SystemRoot\system32\DRIVERS\parport.sys
0xF7B08000 \SystemRoot\system32\DRIVERS\nscirda.sys
0xF7D58000 \SystemRoot\system32\DRIVERS\irenum.sys
0xF7655000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF7651000 \SystemRoot\system32\DRIVERS\ibmpmdrv.sys
0xF79A0000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF79B0000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF79C0000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF73C4000 \SystemRoot\system32\DRIVERS\ks.sys
0xF7635000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0xF7366000 \SystemRoot\system32\drivers\smwdm.sys
0xF7342000 \SystemRoot\system32\drivers\portcls.sys
0xF79D0000 \SystemRoot\system32\drivers\drmk.sys
0xF7322000 \SystemRoot\system32\drivers\aeaudio.sys
0xF72EF000 \SystemRoot\system32\DRIVERS\HSFHWICH.sys
0xF71F1000 \SystemRoot\system32\DRIVERS\HSF_DPV.sys
0xF7145000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xF7B58000 \SystemRoot\System32\Drivers\Modem.SYS
0xF7FB3000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF7B68000 \SystemRoot\system32\DRIVERS\rasirda.sys
0xF7B78000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF79E0000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7D0C000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF712E000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF79F0000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF7A00000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF711D000 \SystemRoot\system32\DRIVERS\psched.sys
0xF7A10000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF7BD8000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7BF0000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF70ED000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF7A20000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7D7C000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF6FEF000 \SystemRoot\system32\DRIVERS\update.sys
0xF7D30000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF7A30000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF7A60000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7D84000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7E72000 \SystemRoot\System32\Drivers\Null.SYS
0xF7D88000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7BA0000 \SystemRoot\System32\drivers\vga.sys
0xF7D8C000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7D90000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF7BB0000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7BC0000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF73B0000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xBA785000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xBA72C000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF7AA0000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xBA706000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF7AB0000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xBA6DE000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF7B80000 \SystemRoot\System32\Drivers\aswRdr.SYS
0xBA6BC000 \SystemRoot\System32\drivers\afd.sys
0xF7AC0000 \SystemRoot\system32\DRIVERS\netbios.sys
0xBA5F1000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xBA581000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF7AD0000 \SystemRoot\System32\Drivers\Fips.SYS
0xBA53A000 \SystemRoot\System32\Drivers\aswSP.SYS
0xF7C30000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0xF7910000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xBA4FA000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7DC4000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xBA7C4000 \SystemRoot\System32\drivers\Dxapi.sys
0xF7B10000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7E90000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF04E000 \SystemRoot\System32\ati2cqag.dll
0xBF080000 \SystemRoot\System32\atikvmag.dll
0xBF0B2000 \SystemRoot\System32\ati3duag.dll
0xBF2E6000 \SystemRoot\System32\ativvaxx.dll
0xBA532000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xB828C000 \SystemRoot\system32\DRIVERS\irda.sys
0xB83DE000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB80E5000 \SystemRoot\System32\Drivers\aswMon2.SYS
0xB7E50000 \SystemRoot\system32\drivers\wdmaud.sys
0xBA69C000 \SystemRoot\system32\drivers\sysaudio.sys
0xB7C3D000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xB7C39000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xB7B95000 \SystemRoot\system32\DRIVERS\srv.sys
0xF7BA8000 \??\C:\DOCUME~1\Primo\LOCALS~1\Temp\catchme.sys
0xF7DA4000 \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
0xB7744000 \SystemRoot\System32\Drivers\HTTP.sys
0xB6BF9000 \SystemRoot\system32\DRIVERS\ar5211.sys
0xB6952000 \SystemRoot\system32\drivers\kmixer.sys
0xBF37A000 \SystemRoot\System32\ATMFD.DLL
0xB6800000 \SystemRoot\system32\drivers\klmd.sys
0xB75E4000 \??\C:\DOCUME~1\Primo\LOCALS~1\Temp\aswMBR.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 30):
0 System Idle Process
4 System
688 C:\WINDOWS\system32\smss.exe
740 csrss.exe
764 C:\WINDOWS\system32\winlogon.exe
808 C:\WINDOWS\system32\services.exe
820 C:\WINDOWS\system32\lsass.exe
968 C:\WINDOWS\system32\ibmpmsvc.exe
996 C:\WINDOWS\system32\ati2evxx.exe
1016 C:\WINDOWS\system32\svchost.exe
1104 svchost.exe
1376 svchost.exe
1428 svchost.exe
1636 C:\WINDOWS\system32\ati2evxx.exe
1860 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
712 C:\WINDOWS\system32\spoolsv.exe
1928 svchost.exe
232 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
308 C:\Program Files\Java\jre6\bin\jqs.exe
448 C:\WINDOWS\system32\svchost.exe
2468 alg.exe
744 C:\WINDOWS\explorer.exe
3708 C:\WINDOWS\system32\wuauclt.exe
2908 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
3948 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
456 C:\WINDOWS\system32\svchost.exe
2344 C:\Program Files\Mozilla Firefox\firefox.exe
2776 C:\Program Files\Mozilla Firefox\plugin-container.exe
1728 C:\WINDOWS\system32\svchost.exe
1596 C:\Documents and Settings\Primo\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`fa17c000 (NTFS)

PhysicalDrive0 Model Number: HTS548040M9AT00, Rev: MG2OA5DA

Size Device Name MBR Status
--------------------------------------------
37 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!
  • 0

#15
General Field Marshal

General Field Marshal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
Yes, I was able to run TDSSKiller this time, thanks. Log:

2011/05/02 01:37:29.0672 4044 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/05/02 01:37:30.0113 4044 ================================================================================
2011/05/02 01:37:30.0113 4044 SystemInfo:
2011/05/02 01:37:30.0113 4044
2011/05/02 01:37:30.0113 4044 OS Version: 5.1.2600 ServicePack: 3.0
2011/05/02 01:37:30.0113 4044 Product type: Workstation
2011/05/02 01:37:30.0113 4044 ComputerName: DESERT7210
2011/05/02 01:37:30.0113 4044 UserName: Primo
2011/05/02 01:37:30.0113 4044 Windows directory: C:\WINDOWS
2011/05/02 01:37:30.0113 4044 System windows directory: C:\WINDOWS
2011/05/02 01:37:30.0113 4044 Processor architecture: Intel x86
2011/05/02 01:37:30.0113 4044 Number of processors: 1
2011/05/02 01:37:30.0113 4044 Page size: 0x1000
2011/05/02 01:37:30.0113 4044 Boot type: Normal boot
2011/05/02 01:37:30.0113 4044 ================================================================================
2011/05/02 01:37:30.0704 4044 Initialize success
2011/05/02 01:38:06.0065 3452 ================================================================================
2011/05/02 01:38:06.0065 3452 Scan started
2011/05/02 01:38:06.0065 3452 Mode: Manual;
2011/05/02 01:38:06.0065 3452 ================================================================================
2011/05/02 01:38:06.0475 3452 Aavmker4 (479c9835b91147be1a92cb76fad9c6de) C:\WINDOWS\system32\drivers\Aavmker4.sys
2011/05/02 01:38:06.0615 3452 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/05/02 01:38:06.0666 3452 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/05/02 01:38:06.0766 3452 aeaudio (9f59ae2de835641fbb0c6afd80d8fa9b) C:\WINDOWS\system32\drivers\aeaudio.sys
2011/05/02 01:38:06.0846 3452 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/05/02 01:38:06.0936 3452 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/05/02 01:38:06.0986 3452 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/05/02 01:38:07.0337 3452 AR5211 (655d16ae3156986eba366a50dc2696d3) C:\WINDOWS\system32\DRIVERS\ar5211.sys
2011/05/02 01:38:07.0477 3452 aswFsBlk (cba53c5e29ae0a0ce76f9a2be3a40d9e) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011/05/02 01:38:07.0687 3452 aswMon2 (a1c52b822b7b8a5c2162d38f579f97b7) C:\WINDOWS\system32\drivers\aswMon2.sys
2011/05/02 01:38:08.0428 3452 aswRdr (b6e8c5874377a42756c282fac2e20836) C:\WINDOWS\system32\drivers\aswRdr.sys
2011/05/02 01:38:08.0578 3452 aswSP (b93a553c9b0f14263c8f016a44c3258c) C:\WINDOWS\system32\drivers\aswSP.sys
2011/05/02 01:38:08.0668 3452 aswTdi (1408421505257846eb336feeef33352d) C:\WINDOWS\system32\drivers\aswTdi.sys
2011/05/02 01:38:08.0779 3452 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/05/02 01:38:08.0859 3452 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/05/02 01:38:09.0069 3452 ati2mtag (5719f857136ee618f6ec7a5ccd9fb7ab) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/05/02 01:38:09.0149 3452 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/05/02 01:38:09.0199 3452 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/05/02 01:38:09.0329 3452 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/05/02 01:38:09.0560 3452 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/05/02 01:38:09.0620 3452 CCDECODE (fdc06e2ada8c468ebb161624e03976cf) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/05/02 01:38:09.0750 3452 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/05/02 01:38:09.0840 3452 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/05/02 01:38:09.0900 3452 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/05/02 01:38:10.0040 3452 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/05/02 01:38:10.0121 3452 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/05/02 01:38:10.0351 3452 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/05/02 01:38:10.0581 3452 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/05/02 01:38:10.0731 3452 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/05/02 01:38:10.0761 3452 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/05/02 01:38:10.0812 3452 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/05/02 01:38:10.0952 3452 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/05/02 01:38:11.0032 3452 E1000 (4de4bae4accb5a49fa85801d4f226355) C:\WINDOWS\system32\DRIVERS\e1000325.sys
2011/05/02 01:38:11.0152 3452 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/05/02 01:38:11.0232 3452 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/05/02 01:38:11.0352 3452 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/05/02 01:38:11.0442 3452 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/05/02 01:38:11.0533 3452 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/05/02 01:38:11.0673 3452 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/05/02 01:38:11.0773 3452 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/05/02 01:38:11.0833 3452 GEARAspiWDM (5dc17164f66380cbfefd895c18467773) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2011/05/02 01:38:11.0903 3452 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/05/02 01:38:12.0003 3452 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/05/02 01:38:12.0153 3452 HSFHWICH (e7bcc7ec37dd2dd36a39bb9ac87a897b) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
2011/05/02 01:38:12.0334 3452 HSF_DPV (822c60f2abee73a0e089230d94064f39) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
2011/05/02 01:38:12.0514 3452 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/05/02 01:38:12.0664 3452 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/05/02 01:38:12.0774 3452 IBMPMDRV (bf648877413f6160e480814a24942b65) C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys
2011/05/02 01:38:12.0834 3452 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/05/02 01:38:12.0975 3452 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/05/02 01:38:13.0015 3452 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/05/02 01:38:13.0065 3452 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/05/02 01:38:13.0145 3452 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/05/02 01:38:13.0175 3452 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/05/02 01:38:13.0235 3452 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/05/02 01:38:13.0345 3452 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/05/02 01:38:13.0455 3452 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
2011/05/02 01:38:13.0545 3452 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/05/02 01:38:13.0656 3452 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/05/02 01:38:13.0696 3452 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/05/02 01:38:13.0776 3452 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/05/02 01:38:13.0916 3452 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/05/02 01:38:14.0016 3452 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/05/02 01:38:14.0136 3452 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/05/02 01:38:14.0226 3452 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/05/02 01:38:14.0327 3452 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/05/02 01:38:14.0387 3452 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/05/02 01:38:14.0657 3452 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/05/02 01:38:14.0917 3452 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/05/02 01:38:15.0088 3452 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/05/02 01:38:15.0158 3452 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/05/02 01:38:15.0228 3452 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/05/02 01:38:15.0288 3452 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/05/02 01:38:15.0318 3452 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/05/02 01:38:15.0388 3452 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/05/02 01:38:15.0448 3452 MSTEE (d5059366b361f0e1124753447af08aa2) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/05/02 01:38:15.0729 3452 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/05/02 01:38:15.0789 3452 NABTSFEC (ac31b352ce5e92704056d409834beb74) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/05/02 01:38:15.0899 3452 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/05/02 01:38:15.0969 3452 NdisIP (abd7629cf2796250f315c1dd0b6cf7a0) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/05/02 01:38:16.0349 3452 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/05/02 01:38:16.0480 3452 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/05/02 01:38:16.0510 3452 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/05/02 01:38:16.0580 3452 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/05/02 01:38:16.0650 3452 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/05/02 01:38:16.0730 3452 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/05/02 01:38:16.0800 3452 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/05/02 01:38:16.0850 3452 NSCIRDA (2adc0ca9945c65284b3d19bc18765974) C:\WINDOWS\system32\DRIVERS\nscirda.sys
2011/05/02 01:38:16.0950 3452 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/05/02 01:38:17.0161 3452 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/05/02 01:38:17.0221 3452 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/05/02 01:38:17.0251 3452 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/05/02 01:38:17.0341 3452 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/05/02 01:38:17.0391 3452 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/05/02 01:38:17.0431 3452 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/05/02 01:38:17.0501 3452 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/05/02 01:38:17.0591 3452 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/05/02 01:38:17.0681 3452 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/05/02 01:38:18.0092 3452 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/05/02 01:38:18.0212 3452 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/05/02 01:38:18.0282 3452 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/05/02 01:38:18.0352 3452 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/05/02 01:38:18.0543 3452 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/05/02 01:38:18.0593 3452 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
2011/05/02 01:38:18.0613 3452 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/05/02 01:38:18.0653 3452 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/05/02 01:38:18.0693 3452 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/05/02 01:38:18.0783 3452 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/05/02 01:38:18.0823 3452 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/05/02 01:38:18.0893 3452 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/05/02 01:38:18.0993 3452 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/05/02 01:38:19.0123 3452 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/05/02 01:38:19.0214 3452 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/05/02 01:38:19.0274 3452 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/05/02 01:38:19.0414 3452 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/05/02 01:38:19.0504 3452 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/05/02 01:38:19.0604 3452 SLIP (1ffc44d6787ec1ea9a2b1440a90fa5c1) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/05/02 01:38:19.0674 3452 smwdm (1319ea66a96250d59665d133c0ff7cd0) C:\WINDOWS\system32\drivers\smwdm.sys
2011/05/02 01:38:19.0784 3452 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/05/02 01:38:19.0845 3452 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/05/02 01:38:19.0945 3452 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/05/02 01:38:20.0005 3452 streamip (a9f9fd0212e572b84edb9eb661f6bc04) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/05/02 01:38:20.0085 3452 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/05/02 01:38:20.0175 3452 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/05/02 01:38:20.0385 3452 SynTP (1cde0a5c0416187b9b89e03980c6e8de) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/05/02 01:38:20.0435 3452 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/05/02 01:38:20.0636 3452 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/05/02 01:38:20.0726 3452 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/05/02 01:38:20.0776 3452 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/05/02 01:38:20.0836 3452 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/05/02 01:38:20.0946 3452 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/05/02 01:38:21.0116 3452 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/05/02 01:38:21.0237 3452 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/05/02 01:38:21.0307 3452 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/05/02 01:38:21.0337 3452 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/05/02 01:38:21.0387 3452 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/05/02 01:38:21.0437 3452 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/05/02 01:38:21.0497 3452 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/05/02 01:38:21.0567 3452 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/05/02 01:38:21.0667 3452 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/05/02 01:38:21.0757 3452 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/05/02 01:38:21.0837 3452 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/05/02 01:38:21.0938 3452 winachsf (5ea185425bfcbc2d4b96d673d8c4deaf) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/05/02 01:38:22.0088 3452 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/05/02 01:38:22.0178 3452 WSTCODEC (233cdd1c06942115802eb7ce6669e099) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/05/02 01:38:22.0318 3452 ================================================================================
2011/05/02 01:38:22.0318 3452 Scan finished
2011/05/02 01:38:22.0318 3452 ================================================================================
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP