Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

root kit infection

Started by k.vroman , May 09 2011 06:41 AM

  • This topic is locked This topic is locked

#1
k.vroman
Posted 09 May 2011 - 06:41 AM

k.vroman

    New Member

  • Member
  • Pip
  • 7 posts
thankfully my alternate login account isn't being effected by this infection because my primary login is usless. as stated in the topic description as soon as i log in i get an alert that says my computer is infected and starts a scan, with an unrecognized self proclaimed spyware program, which i immediately stop and close. after that every program or file i try to open from that point is said to be infected. on top of that, i've tried to restart in safe mode to do a virus scan but instead of being able to do that(like i was in the past) at the point where windows starts to load, the computer restarts instead. i assume that my computer was "re-infected" with a rootkit simply because it is doing exactly what it did the last time this happened. I was helped before by geeks to go but it's been so long i can't remember how to solve the problem, plus it seemed a little to complicated to try to tackle myself.I hope to learn how this happened so i can prevent this in the future. i'll check back for a response in a couple days.

sorry i forgot to add the OTL.txt so im editing this, here it is.

OTL logfile created on: 5/12/2011 6:52:23 AM - Run 4
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Kris\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 65.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): c:\pagefile.sys 5000 8000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.29 Gb Total Space | 7.94 Gb Free Space | 5.46% Space Free | Partition Type: NTFS
Drive H: | 3.75 Gb Total Space | 1.17 Gb Free Space | 31.07% Space Free | Partition Type: NTFS

Computer Name: ICEMONKEY | User Name: Kris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\April\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Documents and Settings\Kris\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
PRC - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.)
PRC - C:\Program Files\TortoiseSVN\bin\TSVNCache.exe (http://tortoisesvn.net)
PRC - C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe (Microsoft Corp.)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Kris\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (SessionLauncher) -- File not found
SRV - (RoxLiveShare10) -- File not found
SRV - (PnkBstrA) -- File not found
SRV - (Pml Driver HPZ12) -- File not found
SRV - (mi-raysat_3dsmax2010_32) -- File not found
SRV - (mi-raysat_3dsMax2008_32) -- File not found
SRV - (McciCMService) -- File not found
SRV - (JavaQuickStarterService) -- File not found
SRV - (iPod Service) -- File not found
SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
SRV - (Autodesk Licensing Service) -- File not found
SRV - (6to4) -- C:\WINDOWS\system32\6to4v32.dll ()
SRV - (itlperf) -- C:\WINDOWS\system32\itlpfw32.dll (Intel Corporation )
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (LeapFrog Connect Device Service) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.)
SRV - (PuranDefrag) -- C:\WINDOWS\System32\PuranDefragS.exe (Puran Software)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (PnkBstrB) -- C:\WINDOWS\System32\PnkBstrB.xtr ()


========== Driver Services (SafeList) ==========

DRV - (tpcdrdrv) -- C:\WINDOWS\System32\DRIVERS\tpcdrdrv.sys File not found
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\System32\DRIVERS\RTL8139.SYS File not found
DRV - (OMCI) -- C:\WINDOWS\System32\DRIVERS\OMCI.SYS File not found
DRV - (MRESP50a64) -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS File not found
DRV - (MRENDIS5) -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS File not found
DRV - (MREMPR5) -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS File not found
DRV - (MREMP50a64) -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS File not found
DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (KeyScrambler) -- C:\WINDOWS\system32\drivers\keyscrambler.sys (QFX Software Corporation)
DRV - (SCDEmu) -- C:\WINDOWS\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (PTDUMdm) -- C:\WINDOWS\system32\drivers\PTDUMdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (PTDUWWAN) -- C:\WINDOWS\system32\drivers\PTDUWWAN.sys (DEVGURU Co., LTD.)
DRV - (PTDUBus) -- C:\WINDOWS\system32\drivers\PTDUBus.sys (DEVGURU Co., LTD.)
DRV - (PTDUVsp) -- C:\WINDOWS\system32\drivers\PTDUVsp.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (PTDUWFLT) -- C:\WINDOWS\system32\drivers\PTDUWFLT.sys (DEVGURU Co., LTD.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.)
DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (xusb21) -- C:\WINDOWS\system32\drivers\xusb21.sys (Microsoft Corporation)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D6 01 43 87 C9 1B CC 01 [binary data]
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/...TDF&PC=BBLN&q="
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.pandora.com/#/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: [email protected]:1.1.0.20
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.5.6.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..keyword.URL: "http://www.bing.com/...TDF&PC=BBLN&q="
FF - prefs.js..network.proxy.type: 4


FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\Firefox [2010/12/18 13:14:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/12/19 03:03:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/03/18 15:50:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/03/18 15:50:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{6DE9B57D-E6DD-4D2B-9A59-77F42FBFAAD6}: C:\Documents and Settings\Kris\Local Settings\Application Data\{6DE9B57D-E6DD-4D2B-9A59-77F42FBFAAD6}\ [2011/05/06 16:56:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/10 09:01:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/01 01:48:31 | 000,000,000 | ---D | M]

[2008/10/07 06:45:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kris\Application Data\Mozilla\Extensions
[2011/03/31 12:15:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kris\Application Data\Mozilla\Firefox\Profiles\vivhya2h.default\extensions
[2010/05/02 13:02:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Kris\Application Data\Mozilla\Firefox\Profiles\vivhya2h.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/31 12:15:34 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Kris\Application Data\Mozilla\Firefox\Profiles\vivhya2h.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/03/31 12:15:35 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Documents and Settings\Kris\Application Data\Mozilla\Firefox\Profiles\vivhya2h.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2009/08/13 10:32:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kris\Application Data\Mozilla\Firefox\Profiles\vivhya2h.default\extensions\[email protected]
[2010/11/12 22:30:44 | 000,002,385 | ---- | M] () -- C:\Documents and Settings\Kris\Application Data\Mozilla\Firefox\Profiles\vivhya2h.default\searchplugins\askcom.xml
[2010/12/28 18:10:49 | 000,001,832 | ---- | M] () -- C:\Documents and Settings\Kris\Application Data\Mozilla\Firefox\Profiles\vivhya2h.default\searchplugins\bing.xml
[2011/03/29 07:30:08 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/04/19 01:59:29 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/12/16 07:28:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/05/10 09:01:03 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2009/11/19 16:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2010/12/16 07:27:50 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/11/19 16:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
[2010/01/01 02:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

Hosts file not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [MSN Toolbar] C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe (Microsoft Corp.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\RunOnce: [cE28601DjBaN28601] C:\Documents and Settings\All Users\Application Data\cE28601DjBaN28601\cE28601DjBaN28601.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BackupNoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1209173651500 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\crypt32chain: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\cryptnet: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\cscdll: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\dimsntfy: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\itlnfw32: DllName - itlnfw32.dll - C:\WINDOWS\System32\itlnfw32.dll ()
O20 - Winlogon\Notify\itlntfy: DllName - itlnfw32.dll - C:\WINDOWS\System32\itlnfw32.dll ()
O20 - Winlogon\Notify\ScCertProp: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\Schedule: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\sclgntfy: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\SensLogn: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\termsrv: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\WgaLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\wlballoon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Kris\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Kris\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/11/19 09:57:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2003/08/08 11:24:26 | 000,000,045 | -HS- | M] () - H:\autorun.inf.aug.8 -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/11 07:38:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\QFX Software
[2011/05/11 07:31:38 | 000,225,856 | ---- | C] (QFX Software Corporation) -- C:\WINDOWS\System32\drivers\keyscrambler.sys
[2011/05/11 07:31:37 | 000,000,000 | ---D | C] -- C:\Program Files\KeyScrambler
[2011/05/06 18:17:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\cE28601DjBaN28601
[2011/05/06 18:14:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kris\Desktop\security
[2011/05/06 16:56:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kris\Local Settings\Application Data\{6DE9B57D-E6DD-4D2B-9A59-77F42FBFAAD6}
[2011/04/26 00:24:25 | 000,000,000 | ---D | C] -- C:\Program Files\Rosetta Stone
[2011/04/26 00:24:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
[2011/04/24 12:13:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kris\Application Data\EurekaLog
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\Documents and Settings\Kris\Desktop\*.tmp files -> C:\Documents and Settings\Kris\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/12 06:52:18 | 000,202,258 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/05/12 06:48:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/12 06:43:24 | 000,000,308 | -HS- | M] () -- C:\WINDOWS\tasks\izsuoutvcc.job
[2011/05/12 06:43:24 | 000,000,306 | -HS- | M] () -- C:\WINDOWS\tasks\Pyqwpet.job
[2011/05/12 06:43:24 | 000,000,296 | -HS- | M] () -- C:\WINDOWS\tasks\Dezkmim.job
[2011/05/12 06:43:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/10 09:13:12 | 000,053,248 | ---- | M] () -- C:\WINDOWS\System32\6to4v32.dll
[2011/05/10 09:13:08 | 000,034,816 | ---- | M] () -- C:\WINDOWS\System32\itlnfw32.dll
[2011/05/09 05:43:44 | 000,012,642 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/06 18:53:38 | 000,000,000 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2011/05/06 16:56:36 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Lfaqewatebi.dat
[2011/05/06 16:56:36 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Lfimalana.bin
[2011/05/06 16:54:19 | 000,152,064 | ---- | M] () -- C:\WINDOWS\Qcefea.exe
[2011/05/06 14:48:00 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/06 08:03:29 | 000,047,616 | ---- | M] () -- C:\Documents and Settings\Kris\Desktop\planner1.doc
[2011/04/29 23:10:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/04/29 08:46:23 | 000,111,990 | ---- | M] () -- C:\WINDOWS\hpoins07.dat
[2011/04/27 17:46:57 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Kris\Desktop\Internet.lnk
[2011/04/25 10:40:42 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\Kris\Desktop\TD_Resume.doc
[2011/04/24 16:14:38 | 000,225,856 | ---- | M] (QFX Software Corporation) -- C:\WINDOWS\System32\drivers\keyscrambler.sys
[2011/04/24 12:17:12 | 000,001,528 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ImgBurn.lnk
[2011/04/24 07:19:44 | 000,001,412 | ---- | M] () -- C:\Documents and Settings\Kris\Desktop\Happy Easter Click Me!!.lnk
[2011/04/24 06:37:11 | 000,124,416 | ---- | M] () -- C:\Documents and Settings\Kris\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/21 16:40:02 | 000,026,112 | ---- | M] () -- C:\Documents and Settings\Kris\My Documents\Kris_Vroman_Resume_609[1][1].doc
[2011/04/21 15:31:33 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Kris\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2011/04/21 15:31:29 | 000,444,182 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/21 15:31:29 | 000,072,314 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\Documents and Settings\Kris\Desktop\*.tmp files -> C:\Documents and Settings\Kris\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/10 09:13:12 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\6to4v32.dll
[2011/05/10 09:13:08 | 000,034,816 | ---- | C] () -- C:\WINDOWS\System32\itlnfw32.dll
[2011/05/06 16:56:36 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Lfaqewatebi.dat
[2011/05/06 16:56:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Lfimalana.bin
[2011/05/06 16:55:11 | 000,000,308 | -HS- | C] () -- C:\WINDOWS\tasks\izsuoutvcc.job
[2011/05/06 16:55:11 | 000,000,306 | -HS- | C] () -- C:\WINDOWS\tasks\Pyqwpet.job
[2011/05/06 16:55:11 | 000,000,296 | -HS- | C] () -- C:\WINDOWS\tasks\Dezkmim.job
[2011/05/06 16:54:42 | 000,152,064 | ---- | C] () -- C:\WINDOWS\Qcefea.exe
[2011/04/29 08:46:04 | 000,113,019 | ---- | C] () -- C:\WINDOWS\hpoins07.dat.temp
[2011/04/27 17:46:57 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Kris\Desktop\Internet.lnk
[2011/04/24 07:16:46 | 000,001,412 | ---- | C] () -- C:\Documents and Settings\Kris\Desktop\Happy Easter Click Me!!.lnk
[2011/04/21 16:57:14 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\Kris\Desktop\TD_Resume.doc
[2010/12/23 09:38:15 | 000,002,051 | ---- | C] () -- C:\Documents and Settings\Kris\Application Data\HPSU_48BitScanUpdate.log
[2010/12/23 09:38:15 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2010/12/23 09:37:24 | 000,080,366 | ---- | C] () -- C:\Documents and Settings\Kris\Application Data\Update_HP_RedboxHprblog_HPSU.log
[2010/12/23 09:37:24 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2010/12/18 16:14:20 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2010/12/03 10:10:20 | 000,001,130 | ---- | C] () -- C:\Documents and Settings\Kris\Local Settings\Application Data\FASTWiz.html
[2010/12/03 09:50:57 | 000,053,119 | ---- | C] () -- C:\Documents and Settings\Kris\Local Settings\Application Data\FASTWiz.log
[2010/10/14 09:49:39 | 000,002,764 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2010/07/24 19:52:30 | 000,360,696 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/09/20 17:39:58 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS3k.DLL
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/07/21 06:30:02 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/02/18 13:50:11 | 000,003,072 | ---- | C] () -- C:\Documents and Settings\Kris\Application Data\DMX.bmk
[2009/02/04 05:06:44 | 002,053,552 | ---- | C] () -- C:\Documents and Settings\Kris\Local Settings\Application Data\rx_image.Cache
[2009/02/02 18:43:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2009/02/02 12:16:35 | 000,054,765 | ---- | C] () -- C:\WINDOWS\System32\drivers\LMFilt.sys
[2008/12/22 14:28:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/08/12 02:08:50 | 000,001,631 | ---- | C] () -- C:\Program Files\Xpadder.ini
[2008/08/11 22:13:01 | 001,009,664 | ---- | C] () -- C:\Program Files\Xpadder.exe
[2008/08/03 14:45:58 | 000,139,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008/08/03 14:45:58 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\Kris\Application Data\PnkBstrK.sys
[2008/05/30 18:54:37 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2008/05/19 05:56:09 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2008/04/24 22:24:59 | 000,000,261 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/02/02 17:02:21 | 000,000,231 | ---- | C] () -- C:\WINDOWS\System32\3dsmax.ini
[2008/02/02 17:02:20 | 000,000,043 | ---- | C] () -- C:\WINDOWS\System32\InstallSettings.ini
[2007/12/05 00:41:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/12/05 00:41:00 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/12/05 00:41:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/12/05 00:41:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/12/05 00:41:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/11/03 12:50:15 | 000,000,165 | ---- | C] () -- C:\WINDOWS\SMRTGAMS.INI
[2007/06/25 20:52:48 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI
[2007/06/04 11:39:35 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/04/17 23:41:52 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/12/30 17:37:40 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/12/03 11:32:35 | 000,124,416 | ---- | C] () -- C:\Documents and Settings\Kris\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/11/22 11:58:17 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/11/19 00:13:40 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/09/24 12:37:00 | 000,169,472 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2004/08/04 04:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/06 15:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2007/04/15 08:41:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\55-66-54-s7-6s-0q
[2010/07/21 22:03:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2011/05/12 06:52:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\cE28601DjBaN28601
[2010/12/18 13:13:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Whiz
[2009/07/24 06:17:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverScanner
[2007/04/28 07:47:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA
[2011/01/25 09:18:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2008/04/19 01:59:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JollyBear
[2010/12/25 13:22:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Leapfrog
[2008/04/19 01:59:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
[2010/12/12 07:49:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OptiTex
[2011/05/11 07:38:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QFX Software
[2011/05/01 00:11:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
[2010/12/13 14:49:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2009/12/20 00:18:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2011/05/09 05:55:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/08/13 10:33:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YoYoGames
[2008/02/02 17:44:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kris\Application Data\Autodesk
[2010/12/12 07:45:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kris\Application Data\CollanosPhone
[2010/12/12 07:45:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kris\Application Data\CollanosWorkplace
[2009/05/31 16:06:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kris\Application Data\Crayon Physics Deluxe
[2010/12/12 07:08:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kris\Application Data\DAZ 3D
[2011/03/18 15:52:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kris\Application Data\DDMSettings
[2007/04/28 07:47:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kris\Application Data\EA
[2010/06/02 01:52:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kris\Application Data\easycdda
[2011/04/24 12:13:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kris\Application Data\EurekaLog
[2010/06/13 19:45:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kris\Application Data\Facebook
[2009/11/19 22:31:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kris\Application Data\FairStars Audio Converter
[2008/04/19 01:59:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kris\Application Data\GameHouse
[2011/04/29 08:51:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kris\Application Data\Image Zone Express
[2011/04/24 12:30:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kris\Application Data\ImgBurn
[2008/12/14 23:08:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kris\Application Data\Leadertech
[2007/02/13 13:57:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kris\Application Data\MSNInstaller
[2010/07/24 19:15:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kris\Application Data\Smith Micro
[2010/07/24 20:08:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kris\Application Data\Subversion
[2009/07/24 06:17:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kris\Application Data\Uniblue
[2011/05/01 00:10:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kris\Application Data\uTorrent
[2011/05/12 06:43:24 | 000,000,296 | -HS- | M] () -- C:\WINDOWS\Tasks\Dezkmim.job
[2008/06/13 06:12:09 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Disk Cleanup.job
[2011/05/12 06:43:24 | 000,000,308 | -HS- | M] () -- C:\WINDOWS\Tasks\izsuoutvcc.job
[2011/05/12 06:43:24 | 000,000,306 | -HS- | M] () -- C:\WINDOWS\Tasks\Pyqwpet.job
[2010/11/16 00:28:03 | 000,032,578 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CFE0B346

< End of report >

Edited by k.vroman, 12 May 2011 - 06:00 AM.

  • 0

Advertisements

#2
Salagubang
Posted 16 May 2011 - 01:42 AM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Hi k.vroman,

Sorry for the delay.

My name is Salagubang and welcome to Geekstogo. :)

Are you still having problems with this machine?
  • 0

#3
k.vroman
Posted 16 May 2011 - 06:56 AM

k.vroman

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
thank you for the reply.
i thought i might have fixed it using your sites "tips to prevent" section but I'm still dealing with internet pop-ups and memory loss(after about 10-15 min. on my computer most functionality is lost due to slowing computer speed.)one more thing that keeps coming up and i dont know if it has anything to do with infection but a "Generic Host Process for Win32 Services" keeps popping up. this is what the error report contains if it's any help at all(
C:\DOCUME~1\April\LOCALS~1\Temp\WER0583.dir00\svchost.exe.mdmp
C:\DOCUME~1\April\LOCALS~1\Temp\WER0583.dir00\appcompat.txt
it seems that the first file has a fake file extension however I'm not well enough informed to start deleting files, any advice?
I can only assume what could possibly be wrong. I will supply an up to date OTL log.
thank you, and looking forward to a speedy recovery. also i will be performing the scan on my alternate account(my wife's login) as it seems to be easier to use programs on it. will this be a problem?
(
(
(
OTL logfile created on: 5/16/2011 6:47:49 AM - Run 6
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\April\Desktop\security
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 71.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): c:\pagefile.sys 5000 8000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.29 Gb Total Space | 22.06 Gb Free Space | 15.18% Space Free | Partition Type: NTFS
Drive H: | 3.75 Gb Total Space | 1.17 Gb Free Space | 31.07% Space Free | Partition Type: NTFS

Computer Name: ICEMONKEY | User Name: April | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\April\Desktop\security\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
PRC - C:\Program Files\TortoiseSVN\bin\TSVNCache.exe (http://tortoisesvn.net)
PRC - C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\April\Desktop\security\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (SessionLauncher) -- File not found
SRV - (RoxLiveShare10) -- File not found
SRV - (PnkBstrA) -- File not found
SRV - (Pml Driver HPZ12) -- File not found
SRV - (mi-raysat_3dsmax2010_32) -- File not found
SRV - (mi-raysat_3dsMax2008_32) -- File not found
SRV - (McciCMService) -- File not found
SRV - (JavaQuickStarterService) -- File not found
SRV - (itlperf) -- File not found
SRV - (iPod Service) -- File not found
SRV - (HidServ) -- File not found
SRV - (Autodesk Licensing Service) -- File not found
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (LeapFrog Connect Device Service) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.)
SRV - (PnkBstrB) -- C:\WINDOWS\System32\PnkBstrB.xtr ()


========== Driver Services (SafeList) ==========

DRV - (KeyScrambler) -- C:\WINDOWS\system32\drivers\keyscrambler.sys (QFX Software Corporation)
DRV - (SCDEmu) -- C:\WINDOWS\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (PTDUMdm) -- C:\WINDOWS\system32\drivers\PTDUMdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (PTDUWWAN) -- C:\WINDOWS\system32\drivers\PTDUWWAN.sys (DEVGURU Co., LTD.)
DRV - (PTDUBus) -- C:\WINDOWS\system32\drivers\PTDUBus.sys (DEVGURU Co., LTD.)
DRV - (PTDUVsp) -- C:\WINDOWS\system32\drivers\PTDUVsp.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (PTDUWFLT) -- C:\WINDOWS\system32\drivers\PTDUWFLT.sys (DEVGURU Co., LTD.)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.)
DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.07076007

FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\Firefox [2010/12/18 13:14:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/12/19 03:03:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/03/18 15:50:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/03/18 15:50:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{6DE9B57D-E6DD-4D2B-9A59-77F42FBFAAD6}: C:\Documents and Settings\Kris\Local Settings\Application Data\{6DE9B57D-E6DD-4D2B-9A59-77F42FBFAAD6}\
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/10 09:01:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/01 01:48:31 | 000,000,000 | ---D | M]

[2008/10/15 05:52:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\April\Application Data\Mozilla\Extensions
[2011/05/11 07:42:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\April\Application Data\Mozilla\Firefox\Profiles\188yjqie.default\extensions
[2009/12/16 13:26:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\April\Application Data\Mozilla\Firefox\Profiles\188yjqie.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/12/20 18:06:21 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\April\Application Data\Mozilla\Firefox\Profiles\188yjqie.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/05/11 07:42:39 | 000,000,000 | ---D | M] (KeyScrambler) -- C:\Documents and Settings\April\Application Data\Mozilla\Firefox\Profiles\188yjqie.default\extensions\[email protected]
[2011/03/29 07:30:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008/04/19 01:59:29 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/12/16 07:28:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
File not found (No name found) --
[2010/12/16 07:27:50 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/05/10 09:01:03 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2009/11/19 16:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2010/12/16 07:27:50 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/11/19 16:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
[2010/01/01 02:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

Hosts file not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BackupNoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1209173651500 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\crypt32chain: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\cryptnet: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\cscdll: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\dimsntfy: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\mexehon: DllName - C:\Documents and Settings\NetworkService\Local Settings\Application Data\mexehon.dll - C:\Documents and Settings\NetworkService\Local Settings\Application Data\mexehon.dll ()
O20 - Winlogon\Notify\ScCertProp: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\Schedule: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\sclgntfy: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\SensLogn: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\termsrv: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\WgaLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\wlballoon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\April\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\April\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/11/19 09:57:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2003/08/08 11:24:26 | 000,000,045 | -HS- | M] () - H:\autorun.inf.aug.8 -- [ NTFS ]
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/15 13:34:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\April\Application Data\Creative
[2011/05/13 13:54:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\QFX Software
[2011/05/13 08:42:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/05/13 05:35:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\April\Desktop\security
[2011/05/12 07:52:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\April\Application Data\SUPERAntiSpyware.com
[2011/05/12 07:52:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/05/12 07:48:30 | 011,115,432 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\All Users\Documents\SUPERAntiSpyware.exe
[2011/05/12 07:44:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype Extras
[2011/05/12 07:43:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2011/05/12 07:43:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2011/05/11 07:38:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\April\Application Data\QFX Software
[2011/05/11 07:38:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\QFX Software
[2011/05/11 07:31:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\KeyScrambler
[2011/05/11 07:31:38 | 000,225,856 | ---- | C] (QFX Software Corporation) -- C:\WINDOWS\System32\drivers\keyscrambler.sys
[2011/05/11 07:31:37 | 000,000,000 | ---D | C] -- C:\Program Files\KeyScrambler
[2011/05/11 07:30:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\April\My Documents\Downloads
[2011/05/06 18:56:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\April\Application Data\Malwarebytes
[2011/05/06 18:17:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\cE28601DjBaN28601
[2011/05/05 11:33:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\April\Application Data\Image Zone Express
[2011/04/26 00:25:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Rosetta Stone
[2011/04/26 00:24:25 | 000,000,000 | ---D | C] -- C:\Program Files\Rosetta Stone
[2011/04/26 00:24:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\April\Desktop\*.tmp files -> C:\Documents and Settings\April\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/16 06:48:02 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/16 06:45:37 | 000,202,258 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/05/16 06:40:11 | 000,000,308 | -HS- | M] () -- C:\WINDOWS\tasks\izsuoutvcc.job
[2011/05/16 06:40:11 | 000,000,306 | -HS- | M] () -- C:\WINDOWS\tasks\Pyqwpet.job
[2011/05/16 06:40:11 | 000,000,296 | -HS- | M] () -- C:\WINDOWS\tasks\Dezkmim.job
[2011/05/16 06:40:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/15 14:31:49 | 000,012,642 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/13 14:48:04 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/12 07:48:34 | 011,115,432 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\All Users\Documents\SUPERAntiSpyware.exe
[2011/05/12 07:43:45 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/05/06 18:53:38 | 000,000,000 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2011/05/06 16:56:36 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Lfaqewatebi.dat
[2011/05/06 16:56:36 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Lfimalana.bin
[2011/04/29 23:10:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/04/29 08:46:23 | 000,111,990 | ---- | M] () -- C:\WINDOWS\hpoins07.dat
[2011/04/24 16:14:38 | 000,225,856 | ---- | M] (QFX Software Corporation) -- C:\WINDOWS\System32\drivers\keyscrambler.sys
[2011/04/24 12:17:12 | 000,001,528 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ImgBurn.lnk
[2011/04/21 15:31:29 | 000,444,182 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/21 15:31:29 | 000,072,314 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\April\Desktop\*.tmp files -> C:\Documents and Settings\April\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/13 08:27:49 | 000,011,264 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\mexehon.dll
[2011/05/12 07:43:45 | 000,001,878 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/05/06 16:56:36 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Lfaqewatebi.dat
[2011/05/06 16:56:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Lfimalana.bin
[2011/05/06 16:55:11 | 000,000,308 | -HS- | C] () -- C:\WINDOWS\tasks\izsuoutvcc.job
[2011/05/06 16:55:11 | 000,000,306 | -HS- | C] () -- C:\WINDOWS\tasks\Pyqwpet.job
[2011/05/06 16:55:11 | 000,000,296 | -HS- | C] () -- C:\WINDOWS\tasks\Dezkmim.job
[2011/04/29 08:46:04 | 000,113,019 | ---- | C] () -- C:\WINDOWS\hpoins07.dat.temp
[2010/12/23 09:38:15 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2010/12/23 09:37:24 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2010/12/19 14:29:52 | 000,111,990 | ---- | C] () -- C:\WINDOWS\hpoins07.dat
[2010/12/19 13:59:48 | 000,021,124 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat
[2010/12/19 13:51:14 | 000,102,262 | ---- | C] () -- C:\WINDOWS\hpoins05.dat.temp
[2010/12/19 13:51:14 | 000,021,124 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat.temp
[2010/12/18 16:14:20 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2010/12/13 14:29:16 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/12/13 14:29:16 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/12/13 14:29:16 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/12/13 14:29:16 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/12/13 14:29:16 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/10/14 09:49:39 | 000,102,285 | ---- | C] () -- C:\WINDOWS\hpoins05.dat
[2010/07/24 19:52:30 | 000,360,696 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/04/25 19:40:40 | 000,000,200 | ---- | C] () -- C:\WINDOWS\QCPC80UI.dat
[2009/09/20 17:39:58 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS3k.DLL
[2009/09/20 17:39:50 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\CNMCP3K.EXE
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/07/21 06:30:02 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/05/14 10:53:25 | 000,000,025 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2009/02/02 18:43:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2009/02/02 12:16:35 | 000,054,765 | ---- | C] () -- C:\WINDOWS\System32\drivers\LMFilt.sys
[2008/12/22 14:28:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2008/12/06 15:14:32 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/09/11 15:44:20 | 000,036,752 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2008/09/07 23:05:43 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/08/12 02:08:50 | 000,001,631 | ---- | C] () -- C:\Program Files\Xpadder.ini
[2008/08/11 22:13:01 | 001,009,664 | ---- | C] () -- C:\Program Files\Xpadder.exe
[2008/08/04 08:40:08 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\dxl.dat
[2008/08/03 14:45:58 | 000,139,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008/05/30 18:54:37 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2008/05/19 05:56:09 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2008/05/01 07:48:10 | 000,001,160 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/04/24 22:24:59 | 000,000,261 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/04/19 02:35:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/02/02 17:02:21 | 000,000,231 | ---- | C] () -- C:\WINDOWS\System32\3dsmax.ini
[2008/02/02 17:02:20 | 000,000,043 | ---- | C] () -- C:\WINDOWS\System32\InstallSettings.ini
[2007/12/05 00:41:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/12/05 00:41:00 | 001,657,376 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2007/12/05 00:41:00 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/12/05 00:41:00 | 001,346,080 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2007/12/05 00:41:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/12/05 00:41:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/12/05 00:41:00 | 000,449,056 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2007/12/05 00:41:00 | 000,432,672 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2007/12/05 00:41:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/11/03 12:50:15 | 000,000,165 | ---- | C] () -- C:\WINDOWS\SMRTGAMS.INI
[2007/06/25 20:52:48 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI
[2007/06/04 11:39:35 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/05/14 17:42:07 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\April\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/04/28 14:49:33 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2007/04/17 23:41:52 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/12/30 17:37:40 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/11/24 17:31:44 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2006/11/22 11:59:17 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2006/11/22 11:58:17 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/11/21 15:12:51 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2006/11/19 10:38:53 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2006/11/19 10:01:01 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/11/19 09:53:58 | 000,023,348 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/11/19 00:13:40 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/11/19 00:12:31 | 000,195,368 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/10/11 19:26:36 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2006/09/24 12:37:00 | 000,169,472 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2006/09/20 14:44:16 | 000,136,650 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2005/03/21 17:48:05 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/21 17:48:05 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 04:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 04:00:00 | 000,444,182 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 04:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 04:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 04:00:00 | 000,072,314 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 04:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 04:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 04:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/08/04 04:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 04:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/04 04:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/06 15:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CFE0B346

< End of report >
  • 0

#4
Salagubang
Posted 16 May 2011 - 08:43 AM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
  • Download aswMBR.exe ( 511KB ) to your desktop.
  • Double click the aswMBR.exe to run it
  • Click the "Scan" button to start scan

    Posted Image
  • Click Save log button and Save the aswMBR.log to the desktop
  • Post content of that log here for me

  • 0

#5
k.vroman
Posted 16 May 2011 - 04:14 PM

k.vroman

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
ok heres that log file

Attached Files


  • 0

#6
Salagubang
Posted 16 May 2011 - 04:47 PM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Step One

Re-Run aswMBR

Click Scan

On completion of the scan

Click the Fix for TDL4

Posted Image

Save the log as before and post in your next reply

Next

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If a Malicious file is detected, the default action will be Cure, click on Continue
  • If a Suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.


Step Two

Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#7
k.vroman
Posted 16 May 2011 - 06:49 PM

k.vroman

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-05-16 17:42:37
-----------------------------
17:42:37.189 OS Version: Windows 5.1.2600 Service Pack 2
17:42:37.189 Number of processors: 1 586 0x2F02
17:42:37.189 ComputerName: ICEMONKEY UserName: April
17:42:37.751 Initialize success
17:42:39.298 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-1f
17:42:39.298 Disk 0 Vendor: ST3160021A 8.01 Size: 152627MB BusType: 3
17:42:41.313 Disk 0 MBR read successfully
17:42:41.313 Disk 0 MBR scan
17:42:41.313 Disk 0 Windows XP default MBR code
17:42:43.313 Disk 0 scanning sectors +312576705
17:42:43.329 Disk 0 scanning C:\WINDOWS\system32\drivers
17:42:51.984 Service scanning
17:42:53.906 Disk 0 trace - called modules:
17:42:53.921 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
17:42:53.921 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8abdbab8]
17:42:53.921 3 CLASSPNP.SYS[ba10905b] -> nt!IofCallDriver -> \Device\0000005e[0x8ac5c200]
17:42:53.921 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP4T0L0-1f[0x8abf9d98]
17:42:53.921 Scan finished successfully
17:43:44.572 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\April\Desktop\MBR.dat"
17:43:44.619 The log file has been saved successfully to "C:\Documents and Settings\April\Desktop\aswMBR.txt"
17:44:06.867 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\April\Desktop\MBR.dat"
17:44:06.867 The log file has been saved successfully to "C:\Documents and Settings\April\Desktop\aswMBR.txt"


(
(
(


TDSSKiller Log


2011/05/16 17:44:21.0756 3552 TDSS rootkit removing tool 2.5.1.0 May 13 2011 13:20:29
2011/05/16 17:44:22.0240 3552 ================================================================================
2011/05/16 17:44:22.0240 3552 SystemInfo:
2011/05/16 17:44:22.0240 3552
2011/05/16 17:44:22.0240 3552 OS Version: 5.1.2600 ServicePack: 2.0
2011/05/16 17:44:22.0240 3552 Product type: Workstation
2011/05/16 17:44:22.0240 3552 ComputerName: ICEMONKEY
2011/05/16 17:44:22.0240 3552 UserName: April
2011/05/16 17:44:22.0240 3552 Windows directory: C:\WINDOWS
2011/05/16 17:44:22.0240 3552 System windows directory: C:\WINDOWS
2011/05/16 17:44:22.0240 3552 Processor architecture: Intel x86
2011/05/16 17:44:22.0240 3552 Number of processors: 1
2011/05/16 17:44:22.0240 3552 Page size: 0x1000
2011/05/16 17:44:22.0240 3552 Boot type: Normal boot
2011/05/16 17:44:22.0240 3552 ================================================================================
2011/05/16 17:44:22.0630 3552 Initialize success
2011/05/16 17:44:29.0786 3588 ================================================================================
2011/05/16 17:44:29.0786 3588 Scan started
2011/05/16 17:44:29.0786 3588 Mode: Manual;
2011/05/16 17:44:29.0786 3588 ================================================================================
2011/05/16 17:44:30.0270 3588 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/05/16 17:44:30.0411 3588 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/05/16 17:44:30.0551 3588 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
2011/05/16 17:44:30.0661 3588 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
2011/05/16 17:44:31.0083 3588 ALCXWDM (dd8520280304b6145a6be31008748c7c) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2011/05/16 17:44:31.0379 3588 AmdK8 (efbb0956baed786e137351b5ca272aef) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
2011/05/16 17:44:31.0504 3588 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/05/16 17:44:31.0754 3588 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/05/16 17:44:31.0879 3588 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/05/16 17:44:32.0083 3588 ati2mtag (e78b73eb84c257d0d940e041742d2699) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/05/16 17:44:32.0254 3588 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/05/16 17:44:32.0395 3588 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/05/16 17:44:32.0536 3588 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/05/16 17:44:32.0645 3588 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/05/16 17:44:32.0832 3588 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/05/16 17:44:32.0957 3588 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/05/16 17:44:33.0036 3588 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/05/16 17:44:33.0114 3588 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
2011/05/16 17:44:33.0504 3588 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/05/16 17:44:33.0645 3588 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2011/05/16 17:44:33.0770 3588 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\DRIVERS\dmio.sys
2011/05/16 17:44:33.0879 3588 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/05/16 17:44:33.0973 3588 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/05/16 17:44:34.0098 3588 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/05/16 17:44:34.0239 3588 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/05/16 17:44:34.0317 3588 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/05/16 17:44:34.0426 3588 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2011/05/16 17:44:34.0504 3588 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/05/16 17:44:34.0645 3588 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/05/16 17:44:34.0738 3588 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/05/16 17:44:34.0832 3588 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/05/16 17:44:34.0910 3588 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/05/16 17:44:35.0020 3588 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/05/16 17:44:35.0145 3588 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/05/16 17:44:35.0254 3588 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/05/16 17:44:35.0348 3588 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/05/16 17:44:35.0426 3588 HSFHWBS2 (b6b0721a86e51d141ec55c3cc1ca5686) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
2011/05/16 17:44:35.0567 3588 HSF_DPV (698204d9c2832e53633e53a30a53fc3d) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
2011/05/16 17:44:35.0738 3588 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/05/16 17:44:35.0910 3588 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/05/16 17:44:36.0004 3588 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/05/16 17:44:36.0191 3588 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/05/16 17:44:36.0316 3588 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/05/16 17:44:36.0441 3588 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/05/16 17:44:36.0738 3588 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/05/16 17:44:36.0879 3588 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/05/16 17:44:36.0957 3588 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/05/16 17:44:37.0066 3588 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/05/16 17:44:37.0191 3588 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/05/16 17:44:37.0269 3588 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/05/16 17:44:37.0394 3588 KeyScrambler (8f1bb80d589affb9c5e9cd7544251b29) C:\WINDOWS\system32\drivers\keyscrambler.sys
2011/05/16 17:44:37.0473 3588 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
2011/05/16 17:44:37.0551 3588 KSecDD (1be7cc2535d760ae4d481576eb789f24) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/05/16 17:44:37.0801 3588 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/05/16 17:44:37.0941 3588 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/05/16 17:44:38.0004 3588 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2011/05/16 17:44:38.0066 3588 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/05/16 17:44:38.0176 3588 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/05/16 17:44:38.0254 3588 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/05/16 17:44:38.0410 3588 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
2011/05/16 17:44:38.0582 3588 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
2011/05/16 17:44:38.0769 3588 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/05/16 17:44:38.0863 3588 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/05/16 17:44:38.0988 3588 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/05/16 17:44:39.0066 3588 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/05/16 17:44:39.0176 3588 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/05/16 17:44:39.0269 3588 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/05/16 17:44:39.0363 3588 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/05/16 17:44:39.0441 3588 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2011/05/16 17:44:39.0519 3588 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/05/16 17:44:39.0613 3588 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/05/16 17:44:39.0691 3588 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/05/16 17:44:39.0769 3588 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/05/16 17:44:39.0863 3588 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/05/16 17:44:39.0941 3588 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/05/16 17:44:40.0019 3588 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/05/16 17:44:40.0113 3588 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/05/16 17:44:40.0207 3588 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/05/16 17:44:40.0316 3588 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/05/16 17:44:40.0488 3588 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/05/16 17:44:40.0785 3588 nv (ce34061a298bfb4ebd1a0bb8592dc977) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/05/16 17:44:41.0113 3588 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/05/16 17:44:41.0207 3588 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/05/16 17:44:41.0316 3588 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/05/16 17:44:41.0535 3588 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/05/16 17:44:41.0644 3588 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/05/16 17:44:41.0738 3588 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/05/16 17:44:41.0816 3588 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/05/16 17:44:41.0972 3588 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/05/16 17:44:42.0050 3588 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/05/16 17:44:42.0441 3588 pfc (f2b3785d7282bac66d4b644fc88749f0) C:\WINDOWS\system32\drivers\pfc.sys
2011/05/16 17:44:42.0535 3588 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/05/16 17:44:42.0644 3588 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/05/16 17:44:42.0722 3588 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/05/16 17:44:42.0831 3588 PTDUBus (dbaf8a53d7669efb4742896b458181d0) C:\WINDOWS\system32\DRIVERS\PTDUBus.sys
2011/05/16 17:44:42.0941 3588 PTDUMdm (fa4e2a5cf478624d3154fb045fb2d076) C:\WINDOWS\system32\DRIVERS\PTDUMdm.sys
2011/05/16 17:44:43.0034 3588 PTDUVsp (9c489b38ca13f251289004fe4f8631dd) C:\WINDOWS\system32\DRIVERS\PTDUVsp.sys
2011/05/16 17:44:43.0128 3588 PTDUWFLT (37a75ac00d26364a5ea2050a6f85c2d0) C:\WINDOWS\system32\DRIVERS\PTDUWFLT.sys
2011/05/16 17:44:43.0238 3588 PTDUWWAN (f4a789a94ff74a47eb321be4465259d0) C:\WINDOWS\system32\DRIVERS\PTDUWWAN.sys
2011/05/16 17:44:43.0363 3588 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/05/16 17:44:43.0472 3588 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/05/16 17:44:43.0769 3588 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/05/16 17:44:43.0847 3588 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/05/16 17:44:43.0925 3588 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/05/16 17:44:44.0050 3588 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/05/16 17:44:44.0128 3588 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/05/16 17:44:44.0222 3588 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/05/16 17:44:44.0378 3588 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/05/16 17:44:44.0487 3588 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/05/16 17:44:44.0628 3588 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/05/16 17:44:44.0800 3588 RTL8023xp (62287f3ec4b4948e815a74eddd323843) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
2011/05/16 17:44:44.0925 3588 SCDEmu (20b2751cd4c8f3fd989739ca661b9f30) C:\WINDOWS\system32\drivers\SCDEmu.sys
2011/05/16 17:44:45.0034 3588 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/05/16 17:44:45.0128 3588 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/05/16 17:44:45.0190 3588 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/05/16 17:44:45.0331 3588 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/05/16 17:44:45.0519 3588 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
2011/05/16 17:44:45.0659 3588 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/05/16 17:44:45.0769 3588 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/05/16 17:44:45.0909 3588 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/05/16 17:44:46.0003 3588 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/05/16 17:44:46.0253 3588 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/05/16 17:44:46.0378 3588 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/05/16 17:44:46.0503 3588 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/05/16 17:44:46.0628 3588 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/05/16 17:44:46.0722 3588 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/05/16 17:44:46.0925 3588 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/05/16 17:44:47.0065 3588 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
2011/05/16 17:44:47.0206 3588 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/05/16 17:44:47.0300 3588 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/05/16 17:44:47.0425 3588 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/05/16 17:44:47.0518 3588 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/05/16 17:44:47.0596 3588 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/05/16 17:44:47.0675 3588 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/05/16 17:44:47.0753 3588 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/05/16 17:44:47.0815 3588 usbstor (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/05/16 17:44:47.0893 3588 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/05/16 17:44:48.0018 3588 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/05/16 17:44:48.0143 3588 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/05/16 17:44:48.0284 3588 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/05/16 17:44:48.0471 3588 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/05/16 17:44:48.0612 3588 winachsf (74cf3f2e4e40c4a2e18d39d6300a5c24) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/05/16 17:44:48.0784 3588 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
2011/05/16 17:44:48.0878 3588 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/05/16 17:44:48.0940 3588 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/05/16 17:44:49.0034 3588 xusb21 (f5e5f944e63a9b5f6e76c2ebb2ac462f) C:\WINDOWS\system32\DRIVERS\xusb21.sys
2011/05/16 17:44:49.0221 3588 ================================================================================
2011/05/16 17:44:49.0221 3588 Scan finished
2011/05/16 17:44:49.0221 3588 ================================================================================
2011/05/16 17:47:46.0108 0308 ================================================================================
2011/05/16 17:47:46.0108 0308 Scan started
2011/05/16 17:47:46.0108 0308 Mode: Manual;
2011/05/16 17:47:46.0108 0308 ================================================================================
2011/05/16 17:47:47.0796 0308 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/05/16 17:47:47.0921 0308 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/05/16 17:47:48.0061 0308 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
2011/05/16 17:47:48.0171 0308 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
2011/05/16 17:47:48.0514 0308 ALCXWDM (dd8520280304b6145a6be31008748c7c) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2011/05/16 17:47:48.0702 0308 AmdK8 (efbb0956baed786e137351b5ca272aef) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
2011/05/16 17:47:48.0827 0308 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/05/16 17:47:49.0124 0308 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/05/16 17:47:49.0249 0308 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/05/16 17:47:49.0452 0308 ati2mtag (e78b73eb84c257d0d940e041742d2699) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/05/16 17:47:49.0592 0308 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/05/16 17:47:49.0702 0308 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/05/16 17:47:49.0998 0308 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/05/16 17:47:50.0280 0308 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/05/16 17:47:50.0452 0308 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/05/16 17:47:50.0577 0308 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/05/16 17:47:50.0639 0308 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/05/16 17:47:50.0717 0308 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
2011/05/16 17:47:51.0061 0308 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/05/16 17:47:51.0201 0308 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2011/05/16 17:47:51.0311 0308 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\DRIVERS\dmio.sys
2011/05/16 17:47:51.0436 0308 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/05/16 17:47:51.0530 0308 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/05/16 17:47:51.0686 0308 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/05/16 17:47:51.0842 0308 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/05/16 17:47:51.0920 0308 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/05/16 17:47:52.0061 0308 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2011/05/16 17:47:52.0123 0308 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/05/16 17:47:52.0279 0308 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/05/16 17:47:52.0717 0308 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/05/16 17:47:52.0842 0308 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/05/16 17:47:52.0936 0308 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/05/16 17:47:53.0108 0308 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/05/16 17:47:53.0295 0308 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/05/16 17:47:53.0420 0308 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/05/16 17:47:53.0561 0308 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/05/16 17:47:53.0670 0308 HSFHWBS2 (b6b0721a86e51d141ec55c3cc1ca5686) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
2011/05/16 17:47:53.0779 0308 HSF_DPV (698204d9c2832e53633e53a30a53fc3d) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
2011/05/16 17:47:53.0873 0308 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/05/16 17:47:54.0107 0308 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/05/16 17:47:54.0232 0308 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/05/16 17:47:54.0436 0308 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/05/16 17:47:54.0560 0308 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/05/16 17:47:54.0639 0308 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/05/16 17:47:54.0935 0308 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/05/16 17:47:55.0045 0308 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/05/16 17:47:55.0139 0308 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/05/16 17:47:55.0248 0308 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/05/16 17:47:55.0342 0308 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/05/16 17:47:55.0435 0308 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/05/16 17:47:55.0514 0308 KeyScrambler (8f1bb80d589affb9c5e9cd7544251b29) C:\WINDOWS\system32\drivers\keyscrambler.sys
2011/05/16 17:47:55.0592 0308 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
2011/05/16 17:47:55.0654 0308 KSecDD (1be7cc2535d760ae4d481576eb789f24) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/05/16 17:47:55.0857 0308 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/05/16 17:47:55.0998 0308 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/05/16 17:47:56.0092 0308 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2011/05/16 17:47:56.0170 0308 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/05/16 17:47:56.0263 0308 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/05/16 17:47:56.0342 0308 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/05/16 17:47:56.0513 0308 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
2011/05/16 17:47:56.0670 0308 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
2011/05/16 17:47:56.0888 0308 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/05/16 17:47:57.0341 0308 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/05/16 17:47:57.0560 0308 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/05/16 17:47:57.0685 0308 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/05/16 17:47:57.0795 0308 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/05/16 17:47:57.0904 0308 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/05/16 17:47:57.0998 0308 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/05/16 17:47:58.0076 0308 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2011/05/16 17:47:58.0154 0308 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/05/16 17:47:58.0248 0308 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/05/16 17:47:58.0357 0308 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/05/16 17:47:58.0435 0308 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/05/16 17:47:58.0513 0308 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/05/16 17:47:58.0591 0308 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/05/16 17:47:58.0669 0308 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/05/16 17:47:58.0779 0308 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/05/16 17:47:58.0857 0308 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/05/16 17:47:58.0982 0308 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/05/16 17:47:59.0091 0308 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/05/16 17:47:59.0404 0308 nv (ce34061a298bfb4ebd1a0bb8592dc977) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/05/16 17:47:59.0794 0308 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/05/16 17:48:00.0013 0308 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/05/16 17:48:00.0263 0308 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/05/16 17:48:00.0388 0308 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/05/16 17:48:00.0513 0308 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/05/16 17:48:00.0607 0308 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/05/16 17:48:00.0716 0308 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/05/16 17:48:00.0857 0308 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/05/16 17:48:00.0982 0308 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/05/16 17:48:01.0403 0308 pfc (f2b3785d7282bac66d4b644fc88749f0) C:\WINDOWS\system32\drivers\pfc.sys
2011/05/16 17:48:01.0497 0308 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/05/16 17:48:01.0607 0308 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/05/16 17:48:01.0685 0308 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/05/16 17:48:01.0778 0308 PTDUBus (dbaf8a53d7669efb4742896b458181d0) C:\WINDOWS\system32\DRIVERS\PTDUBus.sys
2011/05/16 17:48:01.0888 0308 PTDUMdm (fa4e2a5cf478624d3154fb045fb2d076) C:\WINDOWS\system32\DRIVERS\PTDUMdm.sys
2011/05/16 17:48:02.0153 0308 PTDUVsp (9c489b38ca13f251289004fe4f8631dd) C:\WINDOWS\system32\DRIVERS\PTDUVsp.sys
2011/05/16 17:48:02.0435 0308 PTDUWFLT (37a75ac00d26364a5ea2050a6f85c2d0) C:\WINDOWS\system32\DRIVERS\PTDUWFLT.sys
2011/05/16 17:48:02.0653 0308 PTDUWWAN (f4a789a94ff74a47eb321be4465259d0) C:\WINDOWS\system32\DRIVERS\PTDUWWAN.sys
2011/05/16 17:48:02.0778 0308 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/05/16 17:48:02.0903 0308 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/05/16 17:48:03.0231 0308 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/05/16 17:48:03.0356 0308 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/05/16 17:48:03.0435 0308 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/05/16 17:48:03.0528 0308 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/05/16 17:48:03.0606 0308 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/05/16 17:48:03.0700 0308 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/05/16 17:48:03.0794 0308 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/05/16 17:48:03.0903 0308 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/05/16 17:48:04.0028 0308 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/05/16 17:48:04.0153 0308 RTL8023xp (62287f3ec4b4948e815a74eddd323843) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
2011/05/16 17:48:04.0278 0308 SCDEmu (20b2751cd4c8f3fd989739ca661b9f30) C:\WINDOWS\system32\drivers\SCDEmu.sys
2011/05/16 17:48:04.0388 0308 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/05/16 17:48:04.0481 0308 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/05/16 17:48:04.0559 0308 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/05/16 17:48:05.0012 0308 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/05/16 17:48:05.0591 0308 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
2011/05/16 17:48:05.0684 0308 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/05/16 17:48:05.0809 0308 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/05/16 17:48:05.0887 0308 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/05/16 17:48:05.0997 0308 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/05/16 17:48:06.0247 0308 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/05/16 17:48:06.0340 0308 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/05/16 17:48:06.0419 0308 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/05/16 17:48:06.0512 0308 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/05/16 17:48:06.0622 0308 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/05/16 17:48:06.0856 0308 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/05/16 17:48:07.0028 0308 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
2011/05/16 17:48:07.0418 0308 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/05/16 17:48:07.0622 0308 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/05/16 17:48:07.0731 0308 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/05/16 17:48:07.0793 0308 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/05/16 17:48:07.0903 0308 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/05/16 17:48:08.0043 0308 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/05/16 17:48:08.0137 0308 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/05/16 17:48:08.0200 0308 usbstor (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/05/16 17:48:08.0278 0308 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/05/16 17:48:08.0434 0308 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/05/16 17:48:08.0590 0308 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/05/16 17:48:08.0778 0308 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/05/16 17:48:08.0918 0308 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/05/16 17:48:09.0075 0308 winachsf (74cf3f2e4e40c4a2e18d39d6300a5c24) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/05/16 17:48:09.0200 0308 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
2011/05/16 17:48:09.0325 0308 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/05/16 17:48:09.0434 0308 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/05/16 17:48:09.0528 0308 xusb21 (f5e5f944e63a9b5f6e76c2ebb2ac462f) C:\WINDOWS\system32\DRIVERS\xusb21.sys
2011/05/16 17:48:09.0731 0308 ================================================================================
2011/05/16 17:48:09.0731 0308 Scan finished
2011/05/16 17:48:09.0731 0308 ================================================================================


(
(
(

combofix log

ComboFix 11-05-16.02 - April 05/16/2011 17:55:31.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1439 [GMT -6:00]
Running from: c:\documents and settings\April\My Documents\Downloads\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\NetworkService\Local Settings\Application Data\mexehon.dll
c:\program files\CollanosWorkplace\Workplace.exe
c:\windows\system32\Install.txt
c:\windows\system32\tukdtjsr.txt
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ITLPERF
-------\Service_itlperf
.
.
((((((((((((((((((((((((( Files Created from 2011-04-17 to 2011-05-17 )))))))))))))))))))))))))))))))
.
.
2011-05-15 19:34 . 2011-05-15 19:34 -------- d-----w- c:\documents and settings\April\Application Data\Creative
2011-05-13 19:54 . 2011-05-13 19:54 -------- d-----w- c:\documents and settings\LocalService\Application Data\QFX Software
2011-05-13 18:51 . 2011-05-13 18:51 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2011-05-12 13:52 . 2011-05-12 13:52 -------- dc----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-05-12 13:52 . 2011-05-12 13:52 -------- d-----w- c:\documents and settings\April\Application Data\SUPERAntiSpyware.com
2011-05-12 13:44 . 2011-05-14 00:31 -------- dc----w- c:\documents and settings\All Users\Application Data\Skype Extras
2011-05-12 13:43 . 2011-05-12 13:43 -------- d-----w- c:\program files\Common Files\Skype
2011-05-11 13:38 . 2011-05-11 13:38 -------- dc----w- c:\documents and settings\All Users\Application Data\QFX Software
2011-05-11 13:38 . 2011-05-11 13:38 -------- d-----w- c:\documents and settings\April\Application Data\QFX Software
2011-05-11 13:31 . 2011-04-24 22:14 225856 ----a-w- c:\windows\system32\drivers\keyscrambler.sys
2011-05-11 13:31 . 2011-05-11 13:31 -------- d-----w- c:\program files\KeyScrambler
2011-05-07 00:56 . 2011-05-07 00:56 -------- d-----w- c:\documents and settings\April\Application Data\Malwarebytes
2011-05-07 00:17 . 2011-05-12 12:52 -------- dc----w- c:\documents and settings\All Users\Application Data\cE28601DjBaN28601
2011-05-06 22:56 . 2011-05-06 22:56 0 ----a-w- c:\windows\Lfimalana.bin
2011-05-05 17:33 . 2011-05-05 17:33 -------- d-----w- c:\documents and settings\April\Application Data\Image Zone Express
2011-04-26 06:24 . 2011-05-01 06:11 -------- dc----w- c:\documents and settings\All Users\Application Data\Rosetta Stone
2011-04-26 06:24 . 2011-04-26 06:24 -------- d-----w- c:\program files\Rosetta Stone
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-13 15:27 . 2011-03-13 15:27 398760 ----a-r- c:\windows\system32\cpnprt2.cid
2008-06-24 14:20 . 2008-08-12 04:13 1009664 -c--a-w- c:\program files\Xpadder.exe
2011-05-10 15:01 . 2011-03-29 13:30 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-26 13680640]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe" [2010-07-06 240480]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 49152]
"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2010-11-19 193880]
"nwiz"="nwiz.exe" [2008-12-26 1657376]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-01-10 1230704]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-01-22 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AtiExtEvent]
[BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
[BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
[BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
[BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
[BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
[BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
[BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
[BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
[BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
[BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
[BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]
[BU]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BOINC Manager.lnk]
backup=c:\windows\pss\BOINC Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Kris^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\Kris\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CollanosWorkplace_C:
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CollanosWorkplace_C:\Program Files
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-22 05:05 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-12-26 06:08 13680640 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-12-26 06:08 86016 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 23:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" /background
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"nwiz"=nwiz.exe /install
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"SoundMan"=SOUNDMAN.EXE
"UserFaultCheck"=%systemroot%\system32\dumprep 0 -u
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Curious Labs\\Poser 6\\Poser.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 2008\\3dsmax.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Team Fortress 2\\Team Fortress 2\\hl2.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Unreal Tournament 3\\Binaries\\UT3.exe"=
"c:\\Program Files\\Steam\\steamapps\\1cedr4k3v5\\team fortress 2\\hl2.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 2010\\3dsmax.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 2010\\mentalray\\satellite\\raysat_3dsmax2010_32.exe"=
"c:\\Program Files\\CollanosWorkplace\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Steam\\steamapps\\1cedr4k3v5\\team fortress 2 beta\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\plants vs zombies\\PlantsVsZombies.exe"=
"c:\\Program Files\\LeapFrog\\LeapFrog Connect\\LeapFrogConnect.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\RosettaStoneVersion3.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8591:TCP"= 8591:TCP:BitComet 8591 TCP
"8591:UDP"= 8591:UDP:BitComet 8591 UDP
"3724:TCP"= 3724:TCP:Blizzard Downloader
"6112:TCP"= 6112:TCP:Blizzard Downloader
.
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [5/11/2011 7:31 AM 225856]
S0 tpcdrdrv;tpcdrdrv;c:\windows\system32\DRIVERS\tpcdrdrv.sys --> c:\windows\system32\DRIVERS\tpcdrdrv.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/3/2011 2:37 PM 136176]
S2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit; [x]
S2 RoxLiveShare10;LiveShare P2P Server 10; [x]
S2 SessionLauncher;SessionLauncher; [x]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/3/2011 2:37 PM 136176]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 PTDUBus;PANTECH UM175 Composite Device Driver ;c:\windows\system32\drivers\PTDUBus.sys [8/2/2010 4:51 AM 54416]
S3 PTDUMdm;PANTECH UM175 Drivers;c:\windows\system32\drivers\PTDUMdm.sys [8/2/2010 4:51 AM 160272]
S3 PTDUVsp;PANTECH UM175 Diagnostic Port;c:\windows\system32\drivers\PTDUVsp.sys [8/2/2010 4:51 AM 160272]
S3 PTDUWFLT;PTDUWWAN Filter Driver;c:\windows\system32\drivers\PTDUWFLT.sys [8/2/2010 4:51 AM 11920]
S3 PTDUWWAN;PANTECH UM175 WWAN Driver;c:\windows\system32\drivers\PTDUWWAN.sys [8/2/2010 4:51 AM 113680]
S4 PuranDefrag;PuranDefrag;c:\windows\system32\PuranDefragS.exe [12/16/2010 7:30 AM 229376]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
itlsvc REG_MULTI_SZ itlperf
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
2008-06-13 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2004-08-04 10:00]
.
2011-05-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-03 20:37]
.
2011-05-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-03 20:37]
.
2010-12-05 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2011-05-13 21:31]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\April\Application Data\Mozilla\Firefox\Profiles\188yjqie.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Notify-mexehon - (no file)
MSConfigStartUp-CollanosWorkplace - c:\program files\CollanosWorkplace\Workplace.exe
MSConfigStartUp-nhoyubik - c:\documents and settings\Kris\Local Settings\Application Data\umbhes\ciddsftav.exe
AddRemove-{49FB31C1-26EC-44c6-AB47-73C66E2BC41E} - c:\program files\HP\Digital Imaging\{49FB31C1-26EC-44c6-AB47-73C66E2BC41E}\setup\hpzscr01.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-16 18:20
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Adobe\Premiere\7.0\DefaultPreset]
@DACL=(02 0000)
@="c:\\Program Files\\Adobe\\Premiere Pro\\Settings\\DV - NTSC\\Standard 48kHz.prpreset"
.
[HKEY_LOCAL_MACHINE\software\Adobe\Premiere\7.0\Help]
@DACL=(02 0000)
"AdobeMediaEncoder"="c:\\Program Files\\Adobe\\Premiere Pro\\Help\\1_0_0_0.html"
"Contents"="c:\\Program Files\\Adobe\\Premiere Pro\\Help\\1_0_0_0.html"
"ExportToDVD"="c:\\Program Files\\Adobe\\Premiere Pro\\Help\\1_13_2_0.html"
"HowToUse"="c:\\Program Files\\Adobe\\Premiere Pro\\Help\\0_0_0_0.html"
"Keyboard"="c:\\Program Files\\Adobe\\Premiere Pro\\Help\\1_4_15_0.html"
"Search"="c:\\Program Files\\Adobe\\Premiere Pro\\Help\\search.html"
"Support"="http://www.adobe.com.../premiere.html"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2208)
c:\windows\system32\WININET.dll
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseSVN\bin\TortoiseStub.dll
c:\program files\TortoiseSVN\bin\TortoiseSVN.dll
c:\program files\TortoiseSVN\bin\intl3_tsvn.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\TortoiseSVN\bin\TSVNCache.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
.
**************************************************************************
.
Completion time: 2011-05-16 18:29:17 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-17 00:29
ComboFix2.txt 2010-12-13 21:02
.
Pre-Run: 23,543,955,456 bytes free
Post-Run: 24,364,929,024 bytes free
.
Current=1 Default=1 Failed=5 LastKnownGood=2 Sets=1,2,3,5
- - End Of File - - EB6F8C33A2ECBF3852C65B2AE6CAF073
  • 0

#8
Salagubang
Posted 16 May 2011 - 07:22 PM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
  • 0

#9
k.vroman
Posted 17 May 2011 - 03:33 AM

k.vroman

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
sorry about the long pause, had to go to work. Things seem to be working a lot better now. heres the MBAM log...


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6594

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

5/16/2011 9:14:56 PM
mbam-log-2011-05-16 (21-14-56).txt

Scan type: Quick scan
Objects scanned: 212916
Time elapsed: 46 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#10
Salagubang
Posted 17 May 2011 - 03:43 AM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Nearly there.

Lets do an online scan to take of the remnants.

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

next

Open OTL and choose Run Scan. Post the log on your next reply for review.

:)
  • 0

#11
k.vroman
Posted 17 May 2011 - 07:35 PM

k.vroman

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=dc65453d078bb5499112c87835826854
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-05-18 12:36:13
# local_time=2011-05-17 06:36:13 (-0600, Central America Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 13091746 13091746 0 0
# compatibility_mode=768 16777215 100 0 95271073 95271073 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=342851
# found=12
# cleaned=12
# scan_time=9910
C:\Downloads\game maker 7 with crack.rar probably a variant of Win32/Agent.HTKOKPX trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Downloads\Crack\GM70_DrXJ.exe probably a variant of Win32/Agent.HTKOKPX trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Game_Maker7\DrXJ.exe probably a variant of Win32/Agent.IEFJQXY trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\MBR_HardDisk0.mbr Win32/Olmarik.AJL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{50D6F916-513E-4249-BB63-50F16D64AA32}\RP2\A0006048.exe a variant of Win32/Injector.GEV trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{50D6F916-513E-4249-BB63-50F16D64AA32}\RP2\A0006208.exe probably a variant of Win32/Agent.HTKOKPX trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{50D6F916-513E-4249-BB63-50F16D64AA32}\RP2\A0006209.exe probably a variant of Win32/Agent.IEFJQXY trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{50D6F916-513E-4249-BB63-50F16D64AA32}\RP3\A0006237.exe a variant of Win32/Kryptik.NRN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{50D6F916-513E-4249-BB63-50F16D64AA32}\RP6\A0019496.exe probably a variant of Win32/Agent.HTKOKPX trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{50D6F916-513E-4249-BB63-50F16D64AA32}\RP6\A0019497.exe probably a variant of Win32/Agent.IEFJQXY trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\12132010_140543\C_WINDOWS\system32\12543.js JS/TrojanDownloader.Agent.NWG trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\12132010_140543\C_WINDOWS\system32\535.js JS/TrojanDownloader.Agent.NWG trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
  • 0

#12
Salagubang
Posted 17 May 2011 - 07:58 PM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Looking good. :)

How is the computer running?

Please post a fresh OTL scan for review.
  • 0

#13
k.vroman
Posted 17 May 2011 - 08:14 PM

k.vroman

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
seems things are back to normal, thanks.


OTL logfile created on: 5/17/2011 8:10:55 PM - Run 7
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\April\Desktop\security
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 64.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): c:\pagefile.sys 5000 8000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.29 Gb Total Space | 22.43 Gb Free Space | 15.44% Space Free | Partition Type: NTFS
Drive H: | 3.75 Gb Total Space | 1.17 Gb Free Space | 31.07% Space Free | Partition Type: NTFS

Computer Name: ICEMONKEY | User Name: April | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\April\Desktop\security\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
PRC - C:\Program Files\TortoiseSVN\bin\TSVNCache.exe (http://tortoisesvn.net)
PRC - C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\April\Desktop\security\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (SessionLauncher) -- File not found
SRV - (RoxLiveShare10) -- File not found
SRV - (PnkBstrA) -- File not found
SRV - (Pml Driver HPZ12) -- File not found
SRV - (mi-raysat_3dsmax2010_32) -- File not found
SRV - (mi-raysat_3dsMax2008_32) -- File not found
SRV - (McciCMService) -- File not found
SRV - (JavaQuickStarterService) -- File not found
SRV - (iPod Service) -- File not found
SRV - (HidServ) -- File not found
SRV - (Autodesk Licensing Service) -- File not found
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (LeapFrog Connect Device Service) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.)
SRV - (PnkBstrB) -- C:\WINDOWS\System32\PnkBstrB.xtr ()


========== Driver Services (SafeList) ==========

DRV - (catchme) -- File not found
DRV - (KeyScrambler) -- C:\WINDOWS\system32\drivers\keyscrambler.sys (QFX Software Corporation)
DRV - (SCDEmu) -- C:\WINDOWS\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (PTDUMdm) -- C:\WINDOWS\system32\drivers\PTDUMdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (PTDUWWAN) -- C:\WINDOWS\system32\drivers\PTDUWWAN.sys (DEVGURU Co., LTD.)
DRV - (PTDUBus) -- C:\WINDOWS\system32\drivers\PTDUBus.sys (DEVGURU Co., LTD.)
DRV - (PTDUVsp) -- C:\WINDOWS\system32\drivers\PTDUVsp.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (PTDUWFLT) -- C:\WINDOWS\system32\drivers\PTDUWFLT.sys (DEVGURU Co., LTD.)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.)
DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9A 5F B2 9A DB 14 CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.07076007

FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\Firefox [2010/12/18 13:14:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/12/19 03:03:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/03/18 15:50:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/03/18 15:50:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{6DE9B57D-E6DD-4D2B-9A59-77F42FBFAAD6}: C:\Documents and Settings\Kris\Local Settings\Application Data\{6DE9B57D-E6DD-4D2B-9A59-77F42FBFAAD6}\
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/10 09:01:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/16 17:40:28 | 000,000,000 | ---D | M]

[2008/10/15 05:52:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\April\Application Data\Mozilla\Extensions
[2011/05/11 07:42:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\April\Application Data\Mozilla\Firefox\Profiles\188yjqie.default\extensions
[2009/12/16 13:26:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\April\Application Data\Mozilla\Firefox\Profiles\188yjqie.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/12/20 18:06:21 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\April\Application Data\Mozilla\Firefox\Profiles\188yjqie.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/05/11 07:42:39 | 000,000,000 | ---D | M] (KeyScrambler) -- C:\Documents and Settings\April\Application Data\Mozilla\Firefox\Profiles\188yjqie.default\extensions\[email protected]
[2011/03/29 07:30:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008/04/19 01:59:29 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/12/16 07:28:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
File not found (No name found) --
[2010/12/16 07:27:50 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/05/10 09:01:03 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2009/11/19 16:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2010/12/16 07:27:50 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/11/19 16:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
[2010/01/01 02:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/05/16 18:20:00 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BackupNoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1209173651500 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\crypt32chain: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\cryptnet: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\cscdll: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\dimsntfy: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\ScCertProp: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\Schedule: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\sclgntfy: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\SensLogn: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\termsrv: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\WgaLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\wlballoon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\April\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\April\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/11/19 09:57:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2003/08/08 11:24:26 | 000,000,045 | -HS- | M] () - H:\autorun.inf.aug.8 -- [ NTFS ]
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/17 19:29:03 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/05/17 15:47:44 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/05/17 15:44:32 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\April\PrivacIE
[2011/05/16 18:29:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/05/16 17:32:46 | 001,407,280 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\April\Desktop\TDSSKiller.exe
[2011/05/16 17:32:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\April\Application Data\WinRAR
[2011/05/16 16:11:45 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Documents and Settings\April\Desktop\aswMBR.exe
[2011/05/15 13:34:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\April\Application Data\Creative
[2011/05/13 13:54:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\QFX Software
[2011/05/13 08:42:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/05/13 05:35:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\April\Desktop\security
[2011/05/12 07:52:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\April\Application Data\SUPERAntiSpyware.com
[2011/05/12 07:52:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/05/12 07:48:30 | 011,115,432 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\All Users\Documents\SUPERAntiSpyware.exe
[2011/05/12 07:44:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype Extras
[2011/05/12 07:43:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2011/05/12 07:43:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2011/05/11 07:38:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\April\Application Data\QFX Software
[2011/05/11 07:38:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\QFX Software
[2011/05/11 07:31:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\KeyScrambler
[2011/05/11 07:31:38 | 000,225,856 | ---- | C] (QFX Software Corporation) -- C:\WINDOWS\System32\drivers\keyscrambler.sys
[2011/05/11 07:31:37 | 000,000,000 | ---D | C] -- C:\Program Files\KeyScrambler
[2011/05/11 07:30:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\April\My Documents\Downloads
[2011/05/06 18:56:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\April\Application Data\Malwarebytes
[2011/05/06 18:17:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\cE28601DjBaN28601
[2011/05/05 11:33:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\April\Application Data\Image Zone Express
[2011/04/26 00:25:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Rosetta Stone
[2011/04/26 00:24:25 | 000,000,000 | ---D | C] -- C:\Program Files\Rosetta Stone
[2011/04/26 00:24:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\April\Desktop\*.tmp files -> C:\Documents and Settings\April\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/17 19:48:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/17 14:48:00 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/16 18:20:14 | 000,202,258 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/05/16 18:20:00 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/05/16 18:19:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/16 17:49:11 | 000,000,909 | ---- | M] () -- C:\Documents and Settings\April\Desktop\Shortcut to ComboFix.exe.lnk
[2011/05/16 17:44:06 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\April\Desktop\MBR.dat
[2011/05/16 17:40:18 | 000,012,642 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/16 16:11:48 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Documents and Settings\April\Desktop\aswMBR.exe
[2011/05/16 16:09:22 | 000,000,000 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2011/05/13 13:21:28 | 001,407,280 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\April\Desktop\TDSSKiller.exe
[2011/05/12 07:48:34 | 011,115,432 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\All Users\Documents\SUPERAntiSpyware.exe
[2011/05/12 07:43:45 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/05/06 16:56:36 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Lfaqewatebi.dat
[2011/05/06 16:56:36 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Lfimalana.bin
[2011/04/29 23:10:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/04/29 08:46:23 | 000,111,990 | ---- | M] () -- C:\WINDOWS\hpoins07.dat
[2011/04/24 16:14:38 | 000,225,856 | ---- | M] (QFX Software Corporation) -- C:\WINDOWS\System32\drivers\keyscrambler.sys
[2011/04/24 12:17:12 | 000,001,528 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ImgBurn.lnk
[2011/04/21 15:31:29 | 000,444,182 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/21 15:31:29 | 000,072,314 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\April\Desktop\*.tmp files -> C:\Documents and Settings\April\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/16 17:49:11 | 000,000,909 | ---- | C] () -- C:\Documents and Settings\April\Desktop\Shortcut to ComboFix.exe.lnk
[2011/05/16 16:12:40 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\April\Desktop\MBR.dat
[2011/05/12 07:43:45 | 000,001,878 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/05/06 16:56:36 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Lfaqewatebi.dat
[2011/05/06 16:56:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Lfimalana.bin
[2011/04/29 08:46:04 | 000,113,019 | ---- | C] () -- C:\WINDOWS\hpoins07.dat.temp
[2010/12/23 09:38:15 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2010/12/23 09:37:24 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2010/12/19 14:29:52 | 000,111,990 | ---- | C] () -- C:\WINDOWS\hpoins07.dat
[2010/12/19 13:59:48 | 000,021,124 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat
[2010/12/19 13:51:14 | 000,102,262 | ---- | C] () -- C:\WINDOWS\hpoins05.dat.temp
[2010/12/19 13:51:14 | 000,021,124 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat.temp
[2010/12/18 16:14:20 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2010/12/13 14:29:16 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/12/13 14:29:16 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/12/13 14:29:16 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/12/13 14:29:16 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/12/13 14:29:16 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/10/14 09:49:39 | 000,102,285 | ---- | C] () -- C:\WINDOWS\hpoins05.dat
[2010/07/24 19:52:30 | 000,360,696 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/04/25 19:40:40 | 000,000,200 | ---- | C] () -- C:\WINDOWS\QCPC80UI.dat
[2009/09/20 17:39:58 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS3k.DLL
[2009/09/20 17:39:50 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\CNMCP3K.EXE
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/07/21 06:30:02 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/05/14 10:53:25 | 000,000,025 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2009/02/02 18:43:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2009/02/02 12:16:35 | 000,054,765 | ---- | C] () -- C:\WINDOWS\System32\drivers\LMFilt.sys
[2008/12/22 14:28:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2008/12/06 15:14:32 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/09/11 15:44:20 | 000,036,752 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2008/09/07 23:05:43 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/08/12 02:08:50 | 000,001,631 | ---- | C] () -- C:\Program Files\Xpadder.ini
[2008/08/11 22:13:01 | 001,009,664 | ---- | C] () -- C:\Program Files\Xpadder.exe
[2008/08/04 08:40:08 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\dxl.dat
[2008/08/03 14:45:58 | 000,139,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008/05/30 18:54:37 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2008/05/19 05:56:09 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2008/05/01 07:48:10 | 000,001,160 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/04/24 22:24:59 | 000,000,261 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/04/19 02:35:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/02/02 17:02:21 | 000,000,231 | ---- | C] () -- C:\WINDOWS\System32\3dsmax.ini
[2008/02/02 17:02:20 | 000,000,043 | ---- | C] () -- C:\WINDOWS\System32\InstallSettings.ini
[2007/12/05 00:41:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/12/05 00:41:00 | 001,657,376 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2007/12/05 00:41:00 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/12/05 00:41:00 | 001,346,080 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2007/12/05 00:41:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/12/05 00:41:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/12/05 00:41:00 | 000,449,056 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2007/12/05 00:41:00 | 000,432,672 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2007/12/05 00:41:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/11/03 12:50:15 | 000,000,165 | ---- | C] () -- C:\WINDOWS\SMRTGAMS.INI
[2007/06/25 20:52:48 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI
[2007/06/04 11:39:35 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/05/14 17:42:07 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\April\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/04/28 14:49:33 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2007/04/17 23:41:52 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/12/30 17:37:40 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/11/24 17:31:44 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2006/11/22 11:59:17 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2006/11/22 11:58:17 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/11/21 15:12:51 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2006/11/19 10:38:53 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2006/11/19 10:01:01 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/11/19 09:53:58 | 000,023,348 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/11/19 00:13:40 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/11/19 00:12:31 | 000,195,368 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/10/11 19:26:36 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2006/09/24 12:37:00 | 000,169,472 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2006/09/20 14:44:16 | 000,136,650 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2005/03/21 17:48:05 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/21 17:48:05 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 04:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 04:00:00 | 000,444,182 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 04:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 04:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 04:00:00 | 000,072,314 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 04:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 04:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 04:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/08/04 04:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 04:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/04 04:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/06 15:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CFE0B346

< End of report >
  • 0

#14
Salagubang
Posted 17 May 2011 - 08:17 PM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Congratulations. The machine is clean. :)

Lets wrap up.

We need to remove all the tools that you have used.
This is so that should you ever be re-infected, you will download updated versions. It will also remove the quarantined Malware from your computer.

Remove ComboFix
  • Click the Start button
  • Click Run...
  • Type Combofix /Uninstall in the run dialog box and click OK
Posted Image


Remove Other Tools
  • Download OTC to your desktop and run it
  • Click CleanUp! to begin the cleanup process and remove our tools, including this application
  • You may be asked to reboot the machine to finish the cleanup process - if so, choose Yes

You may manually delete any remaining clutter from your desktop.

Lets Re-hide system files and folders.
Opening Windows Explorer (to get there right-click your Start button and go to "Explore"), please do the following:
  • Go to Tools (drop-down menu at the top of the window)
  • Go down and click Folder Options
  • Click on the View tab
  • Find the Hidden Files and Folders section of the box and check "Do not show hidden files and folders"
  • Again under Hidden Files and Folders, find "Hide protected operating system files (Recommended)" and check it (if it's already checked)
  • Click Apply, and then Ok at the bottom.
  • Close the window

++++++++++++++++++++++++++++++++++++

Maintaning your computer

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete CLEAN
THEN
  • Download Flush Flash from Here and follow the easy to use instructions on the same page
NEXT

Defrag the harddrive

++++++++++++++++++++++++++++++++++

Other things to keep in mind

Windows, Java, and Adobe products should all be kept up-to-date on a regular basis so the latest security fixes are in place on your computer. Please refer to the following links on how to manage these products.

Here are a few other applications you might consider. Keeping your temporary file area clean, your Windows registry backed up, and backing up your important data are all good techniques.
  • Flush Flash - by Bobbi Flekman - cleans Flash Player cookies
  • ERUNT (Emergency Recovery Utility NT) - a registry backup utility
  • Cobian Backup - a very good backup utility - read the tutorial here
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
  • Green to go
  • Yellow for caution
  • Red to stop
WOT has an addon available for Chrome and Opera.
Please remember that just having these programs is not enough. You must use them. Running a full spyware scan weekly, a full virus scan monthly, and checking for updates and cleaning your temporary files periodically is very important in keeping your computer in tip-top shape.

Finally, please take the time to read the following articles. Applying this information will help prevent future infections:

How to prevent malware by miekiemoes
Preventing Malware and Safe Computing by Rorschach112

This article will help you understand how you may have gotten infected:
How did I get infected in the first place?

Remember, you have to be smarter than the bad guys! Be safe out there! Posted Image
  • 0

#15
Salagubang
Posted 21 May 2011 - 10:57 PM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP