Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Agobot Virus Infection

Started by Tokay , May 23 2011 06:06 PM

Please log in to reply

#1
Tokay

Posted 23 May 2011 - 06:06 PM

Member

Member
44 posts

Hi there

I was recently directed here from a different forum when I, while trying to diagnose a computer issue involving randomly spiking CPU and screen static, it was made clear that my system was infected. The virus was called Agobot, and seems to be located in my csrss.exe file, the boot startup of which, incidentally, I disabled just this morning when I began to receive error messages that csrss.exe was crashing. I'm not sure what this means exactly, but one of my concerns is that there are other viruses or whatnots in my computer and I am anxious to see them gone and to prevent further entry into my system. I do not know how it was obtained, and I figured that if there were any viruses, my Avira Free Anti-Virus might have picked them up. Before Avira, I was running Avast, and I still had the same situation where, when playing movies or games, my computer's CPU would spike and horizontal static would appear every few minutes or so. I have also run Spybot S&D, just to be thorough in describing what I've tried so far.

This computer is a laptop; a Dell Latitude D620, running Windows XP Professional.

Let me know if I can provide any more information. Below I have included my OTL report:

---

OTL logfile created on: 5/23/2011 4:34:50 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Dioscuri\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.87 Gb Available Physical Memory | 43.74% Memory free
3.84 Gb Paging File | 2.76 Gb Available in Paging File | 71.68% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 13.09 Gb Free Space | 8.78% Space Free | Partition Type: NTFS
Drive F: | 465.76 Gb Total Space | 275.01 Gb Free Space | 59.05% Space Free | Partition Type: NTFS

Computer Name: THXSEAGATE | User Name: Dioscuri | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/23 16:34:38 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dioscuri\My Documents\Downloads\OTL.exe
PRC - [2011/05/23 15:32:22 | 000,216,576 | ---- | M] () -- C:\Documents and Settings\Dioscuri\Local Settings\Temp\csrss.exe
PRC - [2011/05/23 13:38:05 | 000,206,336 | ---- | M] () -- C:\Documents and Settings\Dioscuri\Application Data\dwm.exe
PRC - [2011/05/19 19:19:50 | 000,196,608 | ---- | M] () -- C:\Documents and Settings\Dioscuri\Application Data\Microsoft\conhost.exe
PRC - [2011/05/07 04:57:16 | 001,010,232 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Dioscuri\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2011/03/28 16:15:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011/03/28 16:15:40 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/03/28 16:15:30 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/03/28 16:15:29 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/03/05 10:01:46 | 000,862,480 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2010/03/05 09:57:28 | 001,396,736 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
PRC - [2010/03/05 09:54:20 | 000,954,368 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
PRC - [2010/03/05 09:46:22 | 001,206,544 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
PRC - [2010/03/05 09:43:50 | 000,473,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2010/01/29 10:16:40 | 000,090,112 | ---- | M] () -- C:\Program Files\BigFix Enterprise\BES Client\PowerManagement\BFIdleTracker.exe
PRC - [2009/10/19 19:08:22 | 001,408,072 | ---- | M] (BigFix, Inc.) -- C:\Program Files\BigFix Enterprise\BES Client\BESClientUI.exe
PRC - [2009/10/19 19:08:20 | 002,370,632 | ---- | M] (BigFix Inc.) -- C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe
PRC - [2009/09/22 17:00:00 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2009/09/22 17:00:00 | 000,091,456 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\McTray.exe
PRC - [2008/06/11 22:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/09 17:21:06 | 000,169,328 | ---- | M] (Maxtor Corporation) -- C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
PRC - [2007/10/09 17:21:02 | 000,124,280 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
PRC - [2007/07/20 17:55:46 | 001,228,800 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2007/07/20 17:53:52 | 000,475,136 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2007/05/10 10:22:32 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\stsystra.exe
PRC - [2005/10/07 14:13:38 | 000,176,128 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2005/09/08 06:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2005/07/27 16:41:08 | 000,045,056 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
PRC - [2004/06/28 23:56:12 | 000,045,056 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\hidfind.exe

========== Modules (SafeList) ==========

MOD - [2011/05/23 16:34:38 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dioscuri\My Documents\Downloads\OTL.exe
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/03/28 16:15:40 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/28 16:15:30 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/07/15 08:39:56 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/05 10:01:46 | 000,862,480 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2010/03/05 09:54:20 | 000,954,368 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2010/03/05 09:43:50 | 000,473,360 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2009/10/19 19:08:20 | 002,370,632 | ---- | M] (BigFix Inc.) [Auto | Running] -- C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe -- (BESClient)
SRV - [2009/09/22 17:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2007/10/09 17:21:02 | 000,124,280 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe -- (Basics Service)
SRV - [2007/07/20 17:53:52 | 000,475,136 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)

========== Driver Services (SafeList) ==========

DRV - [2011/04/01 17:07:59 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/04/01 17:07:59 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/10/19 11:54:41 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/06/17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 15:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2010/05/31 11:58:36 | 006,608,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel®
DRV - [2009/08/10 01:46:38 | 000,013,952 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2007/09/26 02:01:00 | 002,236,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel®
DRV - [2007/05/10 10:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/02/09 22:06:00 | 000,100,096 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\symmpi.sys -- (symmpi)
DRV - [2006/05/02 19:45:45 | 000,028,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbccid.sys -- (USBCCID)
DRV - [2005/10/26 11:01:02 | 000,142,720 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2005/09/28 21:57:18 | 000,113,847 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2005/09/08 06:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 06:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 06:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 06:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 06:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 06:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 06:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 13:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 13:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/08/12 18:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/02/11 05:52:36 | 000,157,056 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2004/08/03 15:29:28 | 000,701,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/06/15 16:06:20 | 000,251,578 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\a320raid.sys -- (a320raid)
DRV - [2001/08/17 10:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)
DRV - [2001/08/17 10:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = \system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://my.seagate.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50545

========== FireFox ==========

FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 50545
FF - prefs.js..network.proxy.type: 1

[2011/05/09 10:02:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dioscuri\Application Data\Mozilla\Extensions
[2011/05/09 10:23:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/01/13 12:26:00 | 000,000,000 | ---D | M] (IE View) -- C:\Program Files\Mozilla Firefox\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}
[2010/01/12 14:35:24 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Program Files\Mozilla Firefox\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/01/13 12:25:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}-trash
File not found (No name found) --
[2010/09/23 13:03:24 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/09/26 03:16:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION

O1 HOSTS File: ([2010/06/16 16:43:22 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [Auto_Inventory] C:\WINDOWS\LD_Boot.exe ()
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [basicsmssmenu] C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe (Maxtor Corporation)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [conhost] C:\Documents and Settings\Dioscuri\Application Data\Microsoft\conhost.exe ()
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel® Corporation)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\RunOnce: [Spybot - Search & Destroy] C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe (Safer Networking Limited)
O4 - Startup: C:\Documents and Settings\Dioscuri\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
F3 - HKCU WinNT: Load - (C:\DOCUME~1\Dioscuri\LOCALS~1\Temp\csrss.exe) - C:\Documents and Settings\Dioscuri\Local Settings\Temp\csrss.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} https://quickr.seagate.com/qp2.cab (Lotus Quickr Class)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop...t/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1201641630687 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} http://xserv.dell.co.../DellSystem.CAB (DellSystem.Scanner)
O16 - DPF: {9C855227-889B-4B50-A41E-4B97C2F1E6A5} https://seagate.soft.../SLMSViewer.cab (SLMSViewer Control)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell....lSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {C3CBFE35-9BE8-11D1-B31B-006008948294} http://ok-orgpub.okl...ins/OrgPubX.cab (OrgPublisher PluginX)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA} https://eet61.adp.co...dows-i586-p.exe (Java Plug-in)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://internationa...ent/ieatgpc.cab (Reg Error: Key error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://ssl-sv.seaga...SetupClient.cab (JuniperSetupClientControl Class)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (MSGINA.DLL) - C:\WINDOWS\System32\msgina.dll (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (C:\Documents and Settings\Dioscuri\Application Data\dwm.exe) - C:\Documents and Settings\Dioscuri\Application Data\dwm.exe ()
O24 - Desktop WallPaper: C:\Documents and Settings\Dioscuri\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Dioscuri\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/05/01 09:41:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - Unable to obtain root file information for disk F:\
O33 - MountPoints2\{33532d45-ce7e-11dc-a65b-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{33532d45-ce7e-11dc-a65b-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{33532d45-ce7e-11dc-a65b-806d6172696f}\Shell\AutoRun\command - "" = D:\Programs\nu2menu\nu2menu.exe
O33 - MountPoints2\{a47e1dc3-ba32-11d9-9e03-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{a47e1dc3-ba32-11d9-9e03-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a47e1dc3-ba32-11d9-9e03-806d6172696f}\Shell\AutoRun\command - "" = D:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/23 13:37:53 | 000,000,000 | ---D | C] -- C:\Program Files\WhoCrashed
[2011/05/23 13:37:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WhoCrashed
[2011/05/23 09:16:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/05/23 09:16:40 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/05/23 09:16:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/05/23 09:08:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/05/23 09:07:44 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/05/23 09:07:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/05/20 11:48:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/05/20 01:51:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2011/05/19 22:56:09 | 000,000,000 | ---D | C] -- C:\Program Files\directx
[2011/05/19 19:20:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dioscuri\Application Data\Kernel Recovery for iPod(Demo)
[2011/05/19 19:08:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Fox Interactive
[2011/05/19 13:01:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dioscuri\Application Data\Avira
[2011/05/19 11:26:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2011/05/19 11:25:46 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2011/05/19 11:25:43 | 000,137,656 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/05/19 11:25:43 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011/05/19 11:25:43 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2011/05/19 11:25:43 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2011/05/19 11:25:41 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/05/19 11:25:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2011/05/18 11:00:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dioscuri\Application Data\WindSolutions
[2011/05/18 11:00:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WindSolutions
[2011/05/16 17:48:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dioscuri\Desktop\[bleep], man (movies)
[2011/05/16 17:00:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dioscuri\Desktop\[bleep], man
[2011/05/16 16:52:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Recuva
[2011/05/16 16:52:19 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
[2011/05/10 22:38:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dioscuri\Start Menu\Programs\DVD Decrypter
[2011/05/10 22:38:57 | 000,000,000 | ---D | C] -- C:\Program Files\DVD Decrypter
[2011/05/10 22:38:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DVD Shrink
[2011/05/10 22:38:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DVD Shrink
[2011/05/10 22:38:37 | 000,000,000 | ---D | C] -- C:\Program Files\DVD Shrink
[2011/05/10 22:33:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dioscuri\Local Settings\Application Data\PackageAware
[2011/05/10 22:21:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dioscuri\Application Data\dvdcss
[2011/05/09 17:08:24 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Dioscuri\Recent
[2011/05/09 13:13:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dioscuri\My Documents\Red Kawa
[2011/05/09 13:13:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dioscuri\Application Data\Red Kawa
[2011/05/09 11:07:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dioscuri\Local Settings\Application Data\Geckofx
[2011/05/09 11:03:18 | 000,000,000 | ---D | C] -- C:\Program Files\AviSynth 2.5
[2011/05/09 11:02:45 | 000,000,000 | ---D | C] -- C:\Program Files\AnvSoft
[2011/05/09 11:02:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Red Kawa
[2011/05/09 11:02:26 | 000,000,000 | ---D | C] -- C:\Program Files\Red Kawa
[2011/05/09 10:02:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dioscuri\Application Data\Mozilla
[2011/05/06 11:44:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2011/05/06 11:25:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dioscuri\My Documents\Any Video Converter
[2011/05/06 11:24:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dioscuri\Application Data\AnvSoft
[2011/05/05 10:40:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dioscuri\Local Settings\Application Data\HandBrake
[2011/05/05 10:40:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dioscuri\Application Data\HandBrake
[2011/05/05 10:39:52 | 000,000,000 | ---D | C] -- C:\Program Files\Handbrake
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/23 16:28:00 | 000,000,990 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3983183778-1303381309-3793546208-1021UA.job
[2011/05/23 13:38:05 | 000,206,336 | ---- | M] () -- C:\Documents and Settings\Dioscuri\Application Data\dwm.exe
[2011/05/23 13:31:43 | 000,232,669 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2011/05/23 13:31:33 | 000,189,259 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/05/23 13:30:47 | 000,021,282 | ---- | M] () -- C:\Documents and Settings\Dioscuri\Application Data\442A.6D6
[2011/05/23 11:38:33 | 000,000,245 | RHS- | M] () -- C:\boot.ini
[2011/05/23 10:03:57 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/23 10:02:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/23 10:02:11 | 2145,509,376 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/23 09:55:53 | 000,000,241 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2011/05/23 09:08:10 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Dioscuri\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/05/23 00:49:06 | 2145,435,648 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2011/05/22 00:28:00 | 000,000,938 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3983183778-1303381309-3793546208-1021Core.job
[2011/05/21 21:45:26 | 000,232,669 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2011/05/21 18:45:22 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/05/21 13:25:24 | 000,002,533 | ---- | M] () -- C:\Documents and Settings\Dioscuri\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk
[2011/05/21 09:53:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/05/19 11:21:28 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/05/16 23:41:16 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\Dioscuri\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/15 00:53:05 | 000,442,884 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/15 00:53:05 | 000,072,296 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/14 10:28:51 | 000,002,287 | ---- | M] () -- C:\Documents and Settings\Dioscuri\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/05/14 10:28:50 | 000,002,309 | ---- | M] () -- C:\Documents and Settings\Dioscuri\Desktop\Google Chrome.lnk
[2011/05/11 22:48:04 | 000,000,003 | ---- | M] () -- C:\WINDOWS\System32\SysCalls.dat
[2011/05/09 17:13:51 | 000,941,132 | ---- | M] () -- C:\cc_20110509_1712.reg
[2011/05/07 09:13:44 | 000,000,598 | ---- | M] () -- C:\Documents and Settings\Dioscuri\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2011/05/06 01:50:20 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/23 13:38:05 | 000,206,336 | ---- | C] () -- C:\Documents and Settings\Dioscuri\Application Data\dwm.exe
[2011/05/23 09:08:10 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Dioscuri\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/05/21 18:47:04 | 2145,509,376 | -HS- | C] () -- C:\hiberfil.sys
[2011/05/21 18:45:22 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/05/19 19:19:50 | 000,021,282 | ---- | C] () -- C:\Documents and Settings\Dioscuri\Application Data\442A.6D6
[2011/05/09 17:13:18 | 000,941,132 | ---- | C] () -- C:\cc_20110509_1712.reg
[2011/05/06 08:53:59 | 001,660,416 | ---- | C] () -- C:\WINDOWS\PS_MatrixScreensaver.scr
[2011/05/06 01:50:20 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/07 20:34:44 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/10/07 16:00:14 | 000,041,472 | ---- | C] () -- C:\WINDOWS\FreeAgentGo.dll
[2010/10/07 14:32:05 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\Dioscuri\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/30 14:18:23 | 000,069,506 | ---- | C] () -- C:\WINDOWS\hpoins05.dat
[2010/09/30 14:18:23 | 000,019,696 | ---- | C] () -- C:\WINDOWS\hpomdl05.dat
[2010/09/29 11:54:43 | 006,814,952 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2010/09/29 09:51:07 | 000,057,320 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/09/26 00:22:32 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/05/03 11:02:53 | 000,232,669 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2009/12/01 09:31:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpmnwun.ini
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/06/25 11:03:38 | 000,078,336 | ---- | C] () -- C:\WINDOWS\System32\DLLEX32.DLL
[2009/06/25 11:03:38 | 000,014,304 | ---- | C] () -- C:\WINDOWS\System32\HLPADDIN.DLL
[2009/06/25 11:03:38 | 000,000,008 | ---- | C] () -- C:\WINDOWS\SV.INI
[2009/06/25 11:00:54 | 000,000,057 | ---- | C] () -- C:\WINDOWS\SABRE.INI
[2008/12/02 17:43:46 | 000,000,228 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2008/12/02 15:52:38 | 000,125,678 | ---- | C] () -- C:\WINDOWS\cleanup_remedy.exe
[2008/12/02 15:20:03 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/12/02 15:20:03 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2008/12/02 15:19:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI
[2008/12/02 15:19:00 | 000,120,839 | ---- | C] () -- C:\WINDOWS\cleanup_2ksp3.exe
[2008/11/14 17:38:27 | 000,000,241 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/11/14 17:19:27 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\SysCalls.dat
[2008/11/14 16:09:46 | 000,129,793 | ---- | C] () -- C:\WINDOWS\LD_Boot.exe
[2008/11/14 16:09:46 | 000,129,739 | ---- | C] () -- C:\WINDOWS\LD_Repair.exe
[2008/10/20 12:57:25 | 000,126,734 | ---- | C] () -- C:\WINDOWS\WSE_FixLDAgent.EXE
[2008/01/31 13:14:08 | 000,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
[2008/01/31 11:55:05 | 000,125,557 | ---- | C] () -- C:\WINDOWS\cleanup.exe
[2008/01/31 10:07:09 | 000,000,036 | ---- | C] () -- C:\WINDOWS\webica.ini
[2008/01/31 10:04:34 | 000,110,494 | ---- | C] () -- C:\WINDOWS\wzclean.exe
[2008/01/30 12:19:46 | 000,065,619 | ---- | C] () -- C:\WINDOWS\System32\setupw2k.dll
[2008/01/30 12:19:40 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\nwslog32.dll
[2008/01/29 12:31:01 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4833.dll
[2008/01/29 12:26:41 | 001,630,208 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2008/01/29 12:26:39 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/01/29 12:26:38 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/01/29 12:26:32 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/01/29 12:26:23 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/01/29 12:26:19 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2008/01/29 12:25:56 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2008/01/29 12:25:49 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2005/11/18 11:47:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/05/01 10:12:27 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/05/01 09:45:03 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/05/01 09:37:38 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/05/01 04:19:06 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/05/01 04:17:56 | 004,737,192 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/01/21 13:02:28 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\RMDevice.dll
[2004/08/04 05:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 05:00:00 | 000,442,884 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 05:00:00 | 000,072,296 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 05:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/02/27 10:41:28 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\nsldappr32v50.dll
[2002/02/27 10:41:26 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\nsldap32v50.dll
[2002/02/27 10:41:26 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\nsldapssl32v50.dll
[2001/07/30 20:17:12 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL

========== LOP Check ==========

[2008/12/12 11:04:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
[2009/03/13 15:59:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AR System
[2011/05/19 11:21:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/04/18 14:36:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/01/29 09:41:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BigFix
[2011/04/22 09:38:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2011/04/18 10:51:19 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/10/19 11:53:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2009/06/02 13:25:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2011/04/18 12:55:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2008/12/04 16:34:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2010/02/18 15:33:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vulScan
[2011/04/13 11:14:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wave Systems Corp
[2011/05/18 11:04:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WindSolutions
[2010/09/23 14:43:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/05/06 11:24:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dioscuri\Application Data\AnvSoft
[2011/04/12 23:12:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dioscuri\Application Data\AR System
[2011/04/18 11:01:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dioscuri\Application Data\AVG10
[2011/04/14 13:11:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dioscuri\Application Data\DAEMON Tools Lite
[2010/09/29 12:22:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dioscuri\Application Data\dBpoweramp
[2011/05/05 10:49:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dioscuri\Application Data\HandBrake
[2008/01/31 10:07:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dioscuri\Application Data\ICAClient
[2011/04/12 22:59:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dioscuri\Application Data\Juniper Networks
[2011/05/19 19:20:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dioscuri\Application Data\Kernel Recovery for iPod(Demo)
[2010/11/10 00:49:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dioscuri\Application Data\Mumble
[2011/05/09 13:13:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dioscuri\Application Data\Red Kawa
[2010/09/27 00:11:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dioscuri\Application Data\SystemRequirementsLab
[2011/04/22 12:13:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dioscuri\Application Data\Unity
[2011/05/21 16:30:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dioscuri\Application Data\uTorrent
[2011/04/13 11:11:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dioscuri\Application Data\Wave Systems Corp
[2011/04/12 23:07:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dioscuri\Application Data\Webex
[2011/05/18 11:04:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dioscuri\Application Data\WindSolutions

========== Purity Check ==========

< End of report >

#2
RKinner

Posted 23 May 2011 - 11:53 PM

Malware Expert

Expert
24,625 posts

1. Open Avira AntiVir Personal. (There is likely an icon on your desktop, or in your system tray by the clock.)
2. Click the "Configuration" link on the main screen. This opens the configuration panel.
3. Check the "Expert mode" option.
4. Click on General > Security.
5. *Uncheck* the option titled "Protect files and registry entries from manipulation".
6. Click the "OK" button.
7. Reboot your computer.

Copy the text in the code box by highlighting and Ctrl + c


:OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50545
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 50545
FF - prefs.js..network.proxy.type: 1
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
F3 - HKCU WinNT: Load - (C:\DOCUME~1\Dioscuri\LOCALS~1\Temp\csrss.exe) - C:\Documents and Settings\Dioscuri\Local Settings\Temp\csrss.exe ()
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA} https://eet61.adp.co...dows-i586-p.exe (Java Plug-in)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://internationa...ent/ieatgpc.cab (Reg Error: Key error.)
O20 - HKCU Winlogon: Shell - (C:\Documents and Settings\Dioscuri\Application Data\dwm.exe) - C:\Documents and Settings\Dioscuri\Application Data\dwm.exe ()
O33 - MountPoints2\{33532d45-ce7e-11dc-a65b-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{33532d45-ce7e-11dc-a65b-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{33532d45-ce7e-11dc-a65b-806d6172696f}\Shell\AutoRun\command - "" = D:\Programs\nu2menu\nu2menu.exe
O33 - MountPoints2\{a47e1dc3-ba32-11d9-9e03-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{a47e1dc3-ba32-11d9-9e03-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a47e1dc3-ba32-11d9-9e03-806d6172696f}\Shell\AutoRun\command - "" = D:\setup.exe
[2011/05/23 13:38:05 | 000,206,336 | ---- | M] () -- C:\Documents and Settings\Dioscuri\Application Data\dwm.exe
[2011/05/23 13:31:43 | 000,232,669 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2011/05/23 13:31:33 | 000,189,259 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/05/23 13:30:47 | 000,021,282 | ---- | M] () -- C:\Documents and Settings\Dioscuri\Application Data\442A.6D6

:Commands
[RESETHOSTS]
[emptytemp]
[purity]
[Reboot]

then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.

Open OTL again and select the Use All option in the Extra Registry group then the Run Scan button. Post the two logs it produces in your next reply.

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.

ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html

Download and Save this file to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on ComboFix to start the program.

* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Re-activate your anti-virus at this time :!:

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan (Note if the Fix button is enabled and tell me) click save log, save it to your desktop and post in your next reply
Posted Image

Ron

#3
Tokay

Posted 24 May 2011 - 12:50 AM

Member

Topic Starter
Member
44 posts

Here is the first log produced. OTC is currently performing a scan, so I will post those other logs as soon as it is completed.

---

All processes killed
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: "127.0.0.1" removed from network.proxy.http
Prefs.js: 50545 removed from network.proxy.http_port
Prefs.js: 1 removed from network.proxy.type
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\McAfeeUpdaterUI deleted successfully.
C:\Program Files\McAfee\Common Framework\UdaterUI.exe moved successfully.
File C:\Documents and Settings\Dioscuri\Local Settings\Temp\csrss.exe not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\Load:C:\DOCUME~1\Dioscuri\LOCALS~1\Temp\csrss.exe deleted successfully.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
C:\WINDOWS\Downloaded Program Files\ieatgpc.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Documents and Settings\Dioscuri\Application Data\dwm.exe deleted successfully.
C:\Documents and Settings\Dioscuri\Application Data\dwm.exe moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{33532d45-ce7e-11dc-a65b-806d6172696f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33532d45-ce7e-11dc-a65b-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{33532d45-ce7e-11dc-a65b-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33532d45-ce7e-11dc-a65b-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{33532d45-ce7e-11dc-a65b-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33532d45-ce7e-11dc-a65b-806d6172696f}\ not found.
File D:\Programs\nu2menu\nu2menu.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a47e1dc3-ba32-11d9-9e03-806d6172696f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a47e1dc3-ba32-11d9-9e03-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a47e1dc3-ba32-11d9-9e03-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a47e1dc3-ba32-11d9-9e03-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a47e1dc3-ba32-11d9-9e03-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a47e1dc3-ba32-11d9-9e03-806d6172696f}\ not found.
File D:\setup.exe not found.
File C:\Documents and Settings\Dioscuri\Application Data\dwm.exe not found.
C:\WINDOWS\system32\nvModes.001 moved successfully.
C:\WINDOWS\system32\nvapps.xml moved successfully.
C:\Documents and Settings\Dioscuri\Application Data\442A.6D6 moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: 1285
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 405 bytes

User: 1564
->Temp folder emptied: 3056545 bytes
->Temporary Internet Files folder emptied: 54123898 bytes
->FireFox cache emptied: 43581622 bytes
->Flash cache emptied: 705 bytes

User: 400588
->Temp folder emptied: 319743054 bytes
->Temporary Internet Files folder emptied: 360495562 bytes
->FireFox cache emptied: 86464130 bytes

User: All Users

User: Default User
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 405 bytes

User: Dioscuri
->Temp folder emptied: 18681673 bytes
->Temporary Internet Files folder emptied: 38174597 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 17385948 bytes
->Google Chrome cache emptied: 248123661 bytes
->Flash cache emptied: 21744 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 17909033 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 123391233 bytes

User: pazk
->Temp folder emptied: 24646 bytes
->Temporary Internet Files folder emptied: 11588362 bytes
->Flash cache emptied: 37568 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2162283 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 480279 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 87519930 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,367.00 mb

OTL by OldTimer - Version 3.2.23.0 log created on 05232011_233439

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

#4
Tokay

Posted 24 May 2011 - 12:57 AM

Member

Topic Starter
Member
44 posts

Here are the two logs the scan came up with, starting with OTL.txt and then Extras.txt. Thanks!

--

OTL logfile created on: 5/23/2011 11:50:29 PM - Run 2
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Dioscuri\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.20 Gb Available Physical Memory | 60.14% Memory free
3.84 Gb Paging File | 3.11 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 63.79 Gb Free Space | 42.80% Space Free | Partition Type: NTFS
Drive F: | 465.76 Gb Total Space | 225.16 Gb Free Space | 48.34% Space Free | Partition Type: NTFS

Computer Name: THXSEAGATE | User Name: Dioscuri | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/23 16:34:38 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dioscuri\My Documents\Downloads\OTL.exe
PRC - [2011/05/19 19:19:50 | 000,196,608 | ---- | M] () -- C:\Documents and Settings\Dioscuri\Application Data\Microsoft\conhost.exe
PRC - [2011/05/07 04:57:16 | 001,010,232 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Dioscuri\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2011/03/28 16:15:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011/03/28 16:15:40 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/03/28 16:15:30 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/03/28 16:15:29 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/03/05 10:01:46 | 000,862,480 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2010/03/05 09:57:28 | 001,396,736 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
PRC - [2010/03/05 09:54:20 | 000,954,368 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
PRC - [2010/03/05 09:46:22 | 001,206,544 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
PRC - [2010/03/05 09:43:50 | 000,473,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2009/10/19 19:08:22 | 001,408,072 | ---- | M] (BigFix, Inc.) -- C:\Program Files\BigFix Enterprise\BES Client\BESClientUI.exe
PRC - [2009/10/19 19:08:20 | 002,370,632 | ---- | M] (BigFix Inc.) -- C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe
PRC - [2008/06/12 02:25:18 | 000,037,232 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
PRC - [2008/06/11 22:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/09 17:21:06 | 000,169,328 | ---- | M] (Maxtor Corporation) -- C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
PRC - [2007/10/09 17:21:02 | 000,124,280 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
PRC - [2007/07/20 17:55:46 | 001,228,800 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2007/07/20 17:53:52 | 000,475,136 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2007/05/10 10:22:32 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\stsystra.exe
PRC - [2006/09/21 15:44:14 | 000,129,793 | ---- | M] () -- C:\WINDOWS\LD_Boot.exe
PRC - [2005/10/07 14:13:38 | 000,176,128 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2005/09/08 06:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2005/07/27 16:41:08 | 000,045,056 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
PRC - [2004/06/28 23:56:12 | 000,045,056 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\hidfind.exe

========== Modules (SafeList) ==========

MOD - [2011/05/23 16:34:38 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dioscuri\My Documents\Downloads\OTL.exe
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/03/28 16:15:40 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/28 16:15:30 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/07/15 08:39:56 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/05 10:01:46 | 000,862,480 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2010/03/05 09:54:20 | 000,954,368 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2010/03/05 09:43:50 | 000,473,360 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2009/10/19 19:08:20 | 002,370,632 | ---- | M] (BigFix Inc.) [Auto | Running] -- C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe -- (BESClient)
SRV - [2009/09/22 17:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2007/10/09 17:21:02 | 000,124,280 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe -- (Basics Service)
SRV - [2007/07/20 17:53:52 | 000,475,136 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)

========== Driver Services (SafeList) ==========

DRV - [2011/04/01 17:07:59 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/04/01 17:07:59 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/10/19 11:54:41 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/06/17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 15:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2010/05/31 11:58:36 | 006,608,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel®
DRV - [2009/08/10 01:46:38 | 000,013,952 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2007/09/26 02:01:00 | 002,236,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel®
DRV - [2007/05/10 10:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/02/09 22:06:00 | 000,100,096 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\symmpi.sys -- (symmpi)
DRV - [2006/05/02 19:45:45 | 000,028,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbccid.sys -- (USBCCID)
DRV - [2005/10/26 11:01:02 | 000,142,720 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2005/09/28 21:57:18 | 000,113,847 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2005/09/08 06:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 06:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 06:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 06:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 06:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 06:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 06:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 13:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 13:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/08/12 18:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/02/11 05:52:36 | 000,157,056 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2004/08/03 15:29:28 | 000,701,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/06/15 16:06:20 | 000,251,578 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\a320raid.sys -- (a320raid)
DRV - [2001/08/17 10:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)
DRV - [2001/08/17 10:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = \system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://my.seagate.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:63717

========== FireFox ==========

FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 63717
FF - prefs.js..network.proxy.type: 1

[2011/05/09 10:02:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dioscuri\Application Data\Mozilla\Extensions
[2011/05/09 10:23:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/01/13 12:26:00 | 000,000,000 | ---D | M] (IE View) -- C:\Program Files\Mozilla Firefox\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}
[2010/01/12 14:35:24 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Program Files\Mozilla Firefox\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/01/13 12:25:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}-trash
File not found (No name found) --
[2010/09/23 13:03:24 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/09/26 03:16:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION

O1 HOSTS File: ([2011/05/23 23:34:47 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [Auto_Inventory] C:\WINDOWS\LD_Boot.exe ()
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [basicsmssmenu] C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe (Maxtor Corporation)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [conhost] C:\Documents and Settings\Dioscuri\Application Data\Microsoft\conhost.exe ()
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel® Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - Startup: C:\Documents and Settings\Dioscuri\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
F3 - HKCU WinNT: Load - (C:\DOCUME~1\Dioscuri\LOCALS~1\Temp\csrss.exe) - C:\Documents and Settings\Dioscuri\Local Settings\Temp\csrss.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} https://quickr.seagate.com/qp2.cab (Lotus Quickr Class)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop...t/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1201641630687 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} http://xserv.dell.co.../DellSystem.CAB (DellSystem.Scanner)
O16 - DPF: {9C855227-889B-4B50-A41E-4B97C2F1E6A5} https://seagate.soft.../SLMSViewer.cab (SLMSViewer Control)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell....lSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {C3CBFE35-9BE8-11D1-B31B-006008948294} http://ok-orgpub.okl...ins/OrgPubX.cab (OrgPublisher PluginX)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://ssl-sv.seaga...SetupClient.cab (JuniperSetupClientControl Class)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (MSGINA.DLL) - C:\WINDOWS\System32\msgina.dll (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Dioscuri\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Dioscuri\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/05/01 09:41:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/01/05 08:19:03 | 000,000,062 | -H-- | M] () - F:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/23 23:34:39 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/23 13:37:53 | 000,000,000 | ---D | C] -- C:\Program Files\WhoCrashed
[2011/05/23 09:16:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/05/23 09:16:40 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/05/23 09:16:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/05/23 09:08:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/05/23 09:07:44 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/05/23 09:07:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/05/20 11:48:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/05/20 01:51:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2011/05/19 22:56:09 | 000,000,000 | ---D | C] -- C:\Program Files\directx
[2011/05/19 19:20:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dioscuri\Application Data\Kernel Recovery for iPod(Demo)
[2011/05/19 19:08:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Fox Interactive
[2011/05/19 13:01:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dioscuri\Application Data\Avira
[2011/05/19 11:26:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2011/05/19 11:25:46 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2011/05/19 11:25:43 | 000,137,656 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/05/19 11:25:43 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011/05/19 11:25:43 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2011/05/19 11:25:43 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2011/05/19 11:25:41 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/05/19 11:25:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2011/05/18 11:00:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dioscuri\Application Data\WindSolutions
[2011/05/18 11:00:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WindSolutions
[2011/05/16 16:52:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Recuva
[2011/05/16 16:52:19 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
[2011/05/10 22:38:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dioscuri\Start Menu\Programs\DVD Decrypter
[2011/05/10 22:38:57 | 000,000,000 | ---D | C] -- C:\Program Files\DVD Decrypter
[2011/05/10 22:38:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DVD Shrink
[2011/05/10 22:38:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DVD Shrink
[2011/05/10 22:38:37 | 000,000,000 | ---D | C] -- C:\Program Files\DVD Shrink
[2011/05/10 22:33:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dioscuri\Local Settings\Application Data\PackageAware
[2011/05/10 22:21:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dioscuri\Application Data\dvdcss
[2011/05/09 17:08:24 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Dioscuri\Recent
[2011/05/09 13:13:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dioscuri\My Documents\Red Kawa
[2011/05/09 13:13:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dioscuri\Application Data\Red Kawa
[2011/05/09 11:07:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dioscuri\Local Settings\Application Data\Geckofx
[2011/05/09 11:03:18 | 000,000,000 | ---D | C] -- C:\Program Files\AviSynth 2.5
[2011/05/09 11:02:45 | 000,000,000 | ---D | C] -- C:\Program Files\AnvSoft
[2011/05/09 11:02:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Red Kawa
[2011/05/09 11:02:26 | 000,000,000 | ---D | C] -- C:\Program Files\Red Kawa
[2011/05/09 10:02:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dioscuri\Application Data\Mozilla
[2011/05/06 11:44:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2011/05/06 11:25:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dioscuri\My Documents\Any Video Converter
[2011/05/06 11:24:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dioscuri\Application Data\AnvSoft
[2011/05/05 10:40:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dioscuri\Local Settings\Application Data\HandBrake
[2011/05/05 10:40:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dioscuri\Application Data\HandBrake
[2011/05/05 10:39:52 | 000,000,000 | ---D | C] -- C:\Program Files\Handbrake

========== Files - Modified Within 30 Days ==========

[2011/05/23 23:53:47 | 000,207,872 | ---- | M] () -- C:\Documents and Settings\Dioscuri\Application Data\dwm.exe
[2011/05/23 23:53:39 | 000,003,144 | ---- | M] () -- C:\Documents and Settings\Dioscuri\Application Data\442A.6D6
[2011/05/23 23:47:49 | 000,232,669 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2011/05/23 23:47:44 | 000,000,104 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2011/05/23 23:42:16 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/23 23:41:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/23 23:41:18 | 2145,509,376 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/23 23:34:47 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/05/23 23:28:01 | 000,000,990 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3983183778-1303381309-3793546208-1021UA.job
[2011/05/23 23:21:31 | 000,000,331 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2011/05/23 21:38:52 | 000,000,245 | RHS- | M] () -- C:\boot.ini
[2011/05/23 18:19:27 | 000,232,669 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2011/05/23 09:08:10 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Dioscuri\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/05/23 00:49:06 | 2145,435,648 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2011/05/22 00:28:00 | 000,000,938 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3983183778-1303381309-3793546208-1021Core.job
[2011/05/21 18:45:22 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/05/21 13:25:24 | 000,002,533 | ---- | M] () -- C:\Documents and Settings\Dioscuri\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk
[2011/05/21 09:53:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/05/19 11:21:28 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/05/16 23:41:16 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\Dioscuri\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/15 00:53:05 | 000,442,884 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/15 00:53:05 | 000,072,296 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/14 10:28:51 | 000,002,287 | ---- | M] () -- C:\Documents and Settings\Dioscuri\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/05/14 10:28:50 | 000,002,309 | ---- | M] () -- C:\Documents and Settings\Dioscuri\Desktop\Google Chrome.lnk
[2011/05/11 22:48:04 | 000,000,003 | ---- | M] () -- C:\WINDOWS\System32\SysCalls.dat
[2011/05/09 17:13:51 | 000,941,132 | ---- | M] () -- C:\cc_20110509_1712.reg
[2011/05/07 09:13:44 | 000,000,598 | ---- | M] () -- C:\Documents and Settings\Dioscuri\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2011/05/06 01:50:20 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

========== Files Created - No Company Name ==========

[2011/05/23 23:53:47 | 000,207,872 | ---- | C] () -- C:\Documents and Settings\Dioscuri\Application Data\dwm.exe
[2011/05/23 23:47:54 | 000,003,144 | ---- | C] () -- C:\Documents and Settings\Dioscuri\Application Data\442A.6D6
[2011/05/23 23:47:44 | 000,000,104 | ---- | C] () -- C:\WINDOWS\System32\NvApps.xml
[2011/05/23 23:41:29 | 000,232,669 | ---- | C] () -- C:\WINDOWS\System32\nvModes.001
[2011/05/23 09:08:10 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Dioscuri\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/05/21 18:47:04 | 2145,509,376 | -HS- | C] () -- C:\hiberfil.sys
[2011/05/21 18:45:22 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/05/09 17:13:18 | 000,941,132 | ---- | C] () -- C:\cc_20110509_1712.reg
[2011/05/06 08:53:59 | 001,660,416 | ---- | C] () -- C:\WINDOWS\PS_MatrixScreensaver.scr
[2011/05/06 01:50:20 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/07 20:34:44 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/10/07 16:00:14 | 000,041,472 | ---- | C] () -- C:\WINDOWS\FreeAgentGo.dll
[2010/10/07 14:32:05 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\Dioscuri\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/30 14:18:23 | 000,069,506 | ---- | C] () -- C:\WINDOWS\hpoins05.dat
[2010/09/30 14:18:23 | 000,019,696 | ---- | C] () -- C:\WINDOWS\hpomdl05.dat
[2010/09/29 11:54:43 | 006,814,952 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2010/09/29 09:51:07 | 000,057,320 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/09/26 00:22:32 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/05/03 11:02:53 | 000,232,669 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2009/12/01 09:31:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpmnwun.ini
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/06/25 11:03:38 | 000,078,336 | ---- | C] () -- C:\WINDOWS\System32\DLLEX32.DLL
[2009/06/25 11:03:38 | 000,014,304 | ---- | C] () -- C:\WINDOWS\System32\HLPADDIN.DLL
[2009/06/25 11:03:38 | 000,000,008 | ---- | C] () -- C:\WINDOWS\SV.INI
[2009/06/25 11:00:54 | 000,000,057 | ---- | C] () -- C:\WINDOWS\SABRE.INI
[2008/12/02 17:43:46 | 000,000,228 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2008/12/02 15:52:38 | 000,125,678 | ---- | C] () -- C:\WINDOWS\cleanup_remedy.exe
[2008/12/02 15:20:03 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/12/02 15:20:03 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2008/12/02 15:19:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI
[2008/12/02 15:19:00 | 000,120,839 | ---- | C] () -- C:\WINDOWS\cleanup_2ksp3.exe
[2008/11/14 17:38:27 | 000,000,331 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/11/14 17:19:27 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\SysCalls.dat
[2008/11/14 16:09:46 | 000,129,793 | ---- | C] () -- C:\WINDOWS\LD_Boot.exe
[2008/11/14 16:09:46 | 000,129,739 | ---- | C] () -- C:\WINDOWS\LD_Repair.exe
[2008/10/20 12:57:25 | 000,126,734 | ---- | C] () -- C:\WINDOWS\WSE_FixLDAgent.EXE
[2008/01/31 13:14:08 | 000,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
[2008/01/31 11:55:05 | 000,125,557 | ---- | C] () -- C:\WINDOWS\cleanup.exe
[2008/01/31 10:07:09 | 000,000,036 | ---- | C] () -- C:\WINDOWS\webica.ini
[2008/01/31 10:04:34 | 000,110,494 | ---- | C] () -- C:\WINDOWS\wzclean.exe
[2008/01/30 12:19:46 | 000,065,619 | ---- | C] () -- C:\WINDOWS\System32\setupw2k.dll
[2008/01/30 12:19:40 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\nwslog32.dll
[2008/01/29 12:31:01 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4833.dll
[2008/01/29 12:26:41 | 001,630,208 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2008/01/29 12:26:39 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/01/29 12:26:38 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/01/29 12:26:32 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/01/29 12:26:23 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/01/29 12:26:19 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2008/01/29 12:25:56 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2008/01/29 12:25:49 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2005/11/18 11:47:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/05/01 10:12:27 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/05/01 09:45:03 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/05/01 09:37:38 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/05/01 04:19:06 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/05/01 04:17:56 | 004,737,192 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/01/21 13:02:28 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\RMDevice.dll
[2004/08/04 05:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 05:00:00 | 000,442,884 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 05:00:00 | 000,072,296 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 05:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/02/27 10:41:28 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\nsldappr32v50.dll
[2002/02/27 10:41:26 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\nsldap32v50.dll
[2002/02/27 10:41:26 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\nsldapssl32v50.dll
[2001/07/30 20:17:12 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL

< End of report >

---

OTL Extras logfile created on: 5/23/2011 11:50:29 PM - Run 2
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Dioscuri\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.20 Gb Available Physical Memory | 60.14% Memory free
3.84 Gb Paging File | 3.11 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 63.79 Gb Free Space | 42.80% Space Free | Partition Type: NTFS
Drive F: | 465.76 Gb Total Space | 225.16 Gb Free Space | 48.34% Space Free | Partition Type: NTFS

Computer Name: THXSEAGATE | User Name: Dioscuri | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1"
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1"
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- rundll32.exe C:\WINDOWS\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DoNotAllowExceptions" = 0
"EnableFirewall" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"52311:UDP" = 52311:UDP:*:Enabled:BES Client

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DoNotAllowExceptions" = 0
"EnableFirewall" = 1
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"52311:UDP" = 52311:UDP:*:Enabled:BES Client
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader
"6112:TCP" = 6112:TCP:*:Enabled:Blizzard Downloader

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe" = C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service -- (McAfee, Inc.)
"C:\WINDOWS\system32\cba\pds.exe" = C:\WINDOWS\system32\cba\pds.exe:*:Enabled:LANDesk Ping Discovery Service
"C:\WINDOWS\system32\msgsys.exe" = C:\WINDOWS\system32\msgsys.exe:*:Enabled:LANDesk Message Service
"C:\Program Files\LANDesk\LDClient\issuser.exe" = C:\Program Files\LANDesk\LDClient\issuser.exe:*:Enabled:LANDesk Remote Control Agent
"C:\Program Files\LANDesk\LDClient\tmcsvc.exe" = C:\Program Files\LANDesk\LDClient\tmcsvc.exe:*:Enabled:LANDesk Targeted Multicast
"C:\WINDOWS\System32\ftp.exe" = C:\WINDOWS\System32\ftp.exe:*:Enabled:FTP -- (Microsoft Corporation)
"C:\Program Files\LANDesk\Shared Files\residentagent.exe" = C:\Program Files\LANDesk\Shared Files\residentagent.exe:*:Enabled:LANDesk® Management Agent
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\World of Warcraft\Launcher.exe" = C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\Launcher.patch.exe" = C:\Program Files\World of Warcraft\Launcher.patch.exe:*:Enabled:Blizzard Launcher
"C:\Program Files\World of Warcraft\Blizzard Downloader.exe" = C:\Program Files\World of Warcraft\Blizzard Downloader.exe:*:Enabled:Blizzard Downloader
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{0837A661-FEC3-48B3-876C-91E7D32048A9}" = Macromedia Dreamweaver 8
"{0DC86BEC-5CE3-413A-BB61-C40A3D186B24}" = Scan
"{0E4BC542-9CFD-4E97-B586-9F1E5516E7B9}" = Microsoft IntelliPoint 6.1
"{0FF18B53-CA57-40BB-B562-21A27B662005}" = 1600
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{14BEB6DF-A499-4A38-8E06-E173BCD5C087}" = ScannerCopy
"{154A9EEB-05FC-45E6-B7BD-75D27ED02276}" = Crystal11_Redistributables
"{17293791-C82E-476C-9997-9A0FF234A19B}" = HP Product Assistant
"{181821B7-82AA-44DA-9DAF-EF254CCB670A}" = Fax
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}" = TrayApp
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 24
"{2D91C34E-12CC-4B1B-90D5-31DAD47B6F48}" = OZ776 SCR CardBus Windows Driver
"{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}" = Unload
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{342C7C88-D335-4bc2-8CF1-281857629CE2}" = HP PSC & OfficeJet 4.7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{353FE16B-30FE-469A-BF55-B978F4218003}" = iTunes
"{391E18CE-7D3B-45E9-A8F0-34E77F14F47A}" = ProductContext
"{442BE28B-782B-4DC0-B490-E70A403B1C69}" = Readme
"{48B0F38D-1913-44F3-99AA-D4C55A2B038E}" = Drive Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{64FC0C98-B035-4530-B15D-3D30610B6DF1}" = HP Software Update
"{655CB07D-C944-40BE-B93F-55957CAC7625}" = AiO_Scan
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.7
"{68963635-14A4-48D9-B431-DF3A74D1AAE1}" = Destinations
"{700A6597-3CE6-49C1-AA75-846B24CDA66D}" = BufferChm
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}" = HPSystemDiagnostics
"{8048F0F3-C5AB-4C3C-8518-2B5E41DDFABA}" = AuthenTec Fingerprint Sensor Minimum Install
"{84031A18-BA9A-4156-A74F-E05B52DDFCE2}" = DING!
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{85CFD253-38AE-4DB1-ACB7-F0F4C791990D}" = AiOSoftware
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F7A4D82-B168-4F89-99C2-B9873EC877AF}" = HP Image Zone Express
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{9F5492E6-D322-438B-B04A-3C78CA93E5D7}" =
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Standard
"{90530409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Standard 2003
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1.2
"{9CB8279B-F11B-437C-AC58-C91AA3482F8D}" = Intel® PROSet/Wireless WiFi Software
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC76BA86-1033-F400-BA7E-000000000004}" = Adobe Acrobat 9 Standard - English, Français, Deutsch
"{AC76BA86-1033-F400-BA7E-000000000004}{AC76BA86-1033-F400-BA7E-000000000004}" = Adobe Acrobat 9 Standard - English, Français, Deutsch
"{ADD72094-D289-4714-A62E-70574478A2BC}" = System Requirements Lab for Intel
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7F54262-AB66-44B3-88BF-9FC69941B643}" = Broadcom Gigabit Integrated Controller
"{B911B811-BA3E-46D4-90F8-6F3338359651}" = Director
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BD29EBAC-AD7D-4b27-B727-4CC6AC52D36B}" = MarketResearch
"{BF7023BC-319B-4FE1-B569-C854A19F81F8}" = BigFix Enterprise Client
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C861921A-E002-498F-9800-153CCBABB9C9}" = 32 Bit HP CIO Components Installer
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB449D5A-7710-47aa-B9F5-352B877C90E6}" = 1600_Help
"{CDFCF124-115F-4976-8BF4-08C89187A146}" = WebReg
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D55A74A5-5B3B-441A-B5EE-435E304627FB}" = Embassy Trusted Drive Manager Remote Configuration
"{E008BEB1-AB63-46C1-BD3D-08D3A1F8E26D}" = McAfee Agent
"{EBCCE08A-B3EE-40E7-96D7-31741D481015}" = No One Lives Forever 2
"{EE3E60BC-F29F-4E7B-A110-B538387D34DA}" = No One Lives Forever - Game of the Year Edition
"{F4C6CC40-1142-49be-A28C-7BBD36F0B41A}" = 1600Trb
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner (remove only)
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"ERUNT_is1" = ERUNT 1.1j
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP Photo & Imaging" = HP Image Zone 4.7
"HPExtendedCapabilities" = HP Extended Capabilities 4.7
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{2D91C34E-12CC-4B1B-90D5-31DAD47B6F48}" = OZ776 SCR CardBus Windows Driver
"InstallShield_{48B0F38D-1913-44F3-99AA-D4C55A2B038E}" = Drive Manager
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.4.0 (Basic)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Mumble" = Mumble and Murmur
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PC Information" = PC Information
"Picasa 3" = Picasa 3
"ProInst" = Intel PROSet Wireless
"PROPLUS" = Microsoft Office Professional Plus 2007
"PROSet" = Intel® PRO Network Adapters and Drivers
"Recuva" = Recuva
"Shockwave" = Shockwave
"SystemRequirementsLab" = System Requirements Lab
"uTorrent" = µTorrent
"Videora iPod Converter" = Videora iPod Converter 6
"VLC media player" = VLC media player 1.1.8
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"World of Warcraft" = World of Warcraft
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/22/2011 1:52:55 AM | Computer Name = THXSEAGATE | Source = Application Error | ID = 1000
Description = Faulting application csrss.exe, version 1.0.0.5, faulting module unknown,
version 0.0.0.0, fault address 0x001540cd.

Error - 5/22/2011 1:52:57 AM | Computer Name = THXSEAGATE | Source = Application Error | ID = 1000
Description = Faulting application csrss.exe, version 1.0.0.5, faulting module unknown,
version 0.0.0.0, fault address 0x001540cd.

Error - 5/22/2011 1:53:04 AM | Computer Name = THXSEAGATE | Source = Application Error | ID = 1000
Description = Faulting application csrss.exe, version 1.0.0.5, faulting module unknown,
version 0.0.0.0, fault address 0x001540cd.

Error - 5/23/2011 2:25:32 AM | Computer Name = THXSEAGATE | Source = Application Error | ID = 1000
Description = Faulting application csrss.exe, version 1.0.0.5, faulting module unknown,
version 0.0.0.0, fault address 0x001540cd.

Error - 5/23/2011 2:25:36 AM | Computer Name = THXSEAGATE | Source = Application Error | ID = 1000
Description = Faulting application csrss.exe, version 1.0.0.5, faulting module unknown,
version 0.0.0.0, fault address 0x001540cd.

Error - 5/23/2011 3:14:38 AM | Computer Name = THXSEAGATE | Source = Application Error | ID = 1000
Description = Faulting application csrss.exe, version 1.0.0.5, faulting module unknown,
version 0.0.0.0, fault address 0x001540cd.

Error - 5/23/2011 3:50:21 AM | Computer Name = THXSEAGATE | Source = Application Error | ID = 1000
Description = Faulting application csrss.exe, version 1.0.0.5, faulting module unknown,
version 0.0.0.0, fault address 0x001540cd.

Error - 5/23/2011 11:56:00 AM | Computer Name = THXSEAGATE | Source = Application Error | ID = 1000
Description = Faulting application csrss.exe, version 1.0.0.5, faulting module unknown,
version 0.0.0.0, fault address 0x001540cd.

Error - 5/23/2011 6:20:37 PM | Computer Name = THXSEAGATE | Source = MsiInstaller | ID = 1013
Description = Product: McAfee Agent -- McAfee Agent cannot be removed because other
products are still using it.

Error - 5/23/2011 9:23:58 PM | Computer Name = THXSEAGATE | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

[ OSession Events ]
Error - 4/28/2009 2:13:49 PM | Computer Name = SVA-U400588L002 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 8514
seconds with 180 seconds of active time. This session ended with a crash.

Error - 11/12/2009 6:28:58 PM | Computer Name = SVA-U400588L002 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6341.5001, Microsoft Office Version: 12.0.6215.1000. This session lasted 2823
seconds with 2520 seconds of active time. This session ended with a crash.

Error - 1/4/2010 3:07:58 PM | Computer Name = SVA-U400588L002 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6341.5001, Microsoft Office Version: 12.0.6215.1000. This session lasted 62
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 5/24/2011 2:34:40 AM | Computer Name = THXSEAGATE | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 5/24/2011 2:34:40 AM | Computer Name = THXSEAGATE | Source = Service Control Manager | ID = 7034
Description = The Basics Service service terminated unexpectedly. It has done this
1 time(s).

Error - 5/24/2011 2:34:40 AM | Computer Name = THXSEAGATE | Source = Service Control Manager | ID = 7034
Description = The Bonjour Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 5/24/2011 2:34:40 AM | Computer Name = THXSEAGATE | Source = Service Control Manager | ID = 7034
Description = The BES Client service terminated unexpectedly. It has done this
1 time(s).

Error - 5/24/2011 2:34:40 AM | Computer Name = THXSEAGATE | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 5/24/2011 2:34:40 AM | Computer Name = THXSEAGATE | Source = Service Control Manager | ID = 7034
Description = The Intel® PROSet/Wireless Event Log service terminated unexpectedly.
It has done this 1 time(s).

Error - 5/24/2011 2:34:40 AM | Computer Name = THXSEAGATE | Source = Service Control Manager | ID = 7034
Description = The NICCONFIGSVC service terminated unexpectedly. It has done this
1 time(s).

Error - 5/24/2011 2:34:40 AM | Computer Name = THXSEAGATE | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Display Driver Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 5/24/2011 2:34:40 AM | Computer Name = THXSEAGATE | Source = Service Control Manager | ID = 7034
Description = The Intel® PROSet/Wireless Registry Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 5/24/2011 2:34:42 AM | Computer Name = THXSEAGATE | Source = Service Control Manager | ID = 7034
Description = The iPod Service service terminated unexpectedly. It has done this
1 time(s).

< End of report >

#5
RKinner

Posted 24 May 2011 - 07:49 AM

Malware Expert

Expert
24,625 posts

The first OTL script didn't work. I missed one of the infectors and it brought back its buddies. Let's try again:

Clear the Java Cache by following the instructions on
http://www.java.com/...lugin_cache.xml

Uninstall:
Spybot - Search & Destroy
J2SE Runtime Environment 5.0 Update 11
Java™ 6 Update 7
µTorrent

Copy the text in the code box by highlighting and Ctrl + c


:Services
McAfeeFramework
sptd

:OTL
PRC - [2011/05/19 19:19:50 | 000,196,608 | ---- | M] () -- C:\Documents and Settings\Dioscuri\Application Data\Microsoft\conhost.exe
SRV - [2009/09/22 17:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
DRV - [2010/10/19 11:54:41 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:63717
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 63717
FF - prefs.js..network.proxy.type: 1
[2010/01/13 12:25:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}-trash
File not found (No name found) -- 
[2010/09/23 13:03:24 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
O4 - HKLM..\Run: [conhost] C:\Documents and Settings\Dioscuri\Application Data\Microsoft\conhost.exe ()
F3 - HKCU WinNT: Load - (C:\DOCUME~1\Dioscuri\LOCALS~1\Temp\csrss.exe) - C:\Documents and Settings\Dioscuri\Local Settings\Temp\csrss.exe ()
O32 - AutoRun File - [2009/01/05 08:19:03 | 000,000,062 | -H-- | M] () - F:\autorun.inf -- [ NTFS ]
[2011/05/23 23:53:47 | 000,207,872 | ---- | M] () -- C:\Documents and Settings\Dioscuri\Application Data\dwm.exe
[2011/05/23 23:53:39 | 000,003,144 | ---- | M] () -- C:\Documents and Settings\Dioscuri\Application Data\442A.6D6
[2011/05/23 23:47:49 | 000,232,669 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2011/05/23 23:47:44 | 000,000,104 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2011/05/23 18:19:27 | 000,232,669 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat

:files
C:\Documents and Settings\Dioscuri\Application Data\Microsoft\conhost.exe
C:\DOCUME~1\Dioscuri\LOCALS~1\Temp\csrss.exe
    
:Commands
[purity]
[emptytemp]
[Reboot]

then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. (OTL may hang this time. IF it does just force a shutdown and restart.) Save the log and copy and paste it to a reply.

Open OTL again and select the Use All option in the Extra Registry group then the Run Scan button. Post the two logs it produces in your next reply.

It's possible that MBAM or Combofix will also get rid of them tho they usually do not clear the malware proxies. If you lose internet after running one of them then:

To fix it:

In IE, Tools, Internet Options, Connections, LAN Settings, then uncheck all boxes and OK. Close IE and restart IE.

In FireFox, Tools, Options, Advanced, Settings, check No Proxy then OK. Close Firefox and restart Firefox.

In Chrome, Wrench, Options, Under the Hood, Change Proxy Settings, uncheck all boxes, OK.

Ron

#6
Tokay

Posted 24 May 2011 - 09:02 AM

Member

Topic Starter
Member
44 posts

So, the Malwarebytes just finished, and here's the log. You're lapping me with your directions, since I'm still on the set of instructions that would have me . Would you rather me stop and follow your new directions or proceed first to the end of the other post and begin with combofix and aswMBR.exe?

Sorry it took so long- the Malwarebytes scan was a long one.

---

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6660

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

5/24/2011 7:54:16 AM
mbam-log-2011-05-24 (07-54-16).txt

Scan type: Full scan (C:\|F:\|)
Objects scanned: 326352
Time elapsed: 2 hour(s), 2 minute(s), 37 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 4
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
c:\documents and settings\Dioscuri\application data\microsoft\conhost.exe (Backdoor.Cycbot.Gen) -> 1056 -> Unloaded process successfully.
c:\documents and settings\Dioscuri\application data\dwm.exe (Trojan.Downloader) -> 3596 -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\conhost (Backdoor.Cycbot.Gen) -> Value: conhost -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load (Trojan.Agent) -> Value: load -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell.Gen) -> Value: Shell -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> Delete on reboot.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Trojan.Agent) -> Bad: (C:\DOCUME~1\Dioscuri\LOCALS~1\Temp\csrss.exe) Good: () -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\Dioscuri\application data\microsoft\conhost.exe (Backdoor.Cycbot.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Dioscuri\application data\dwm.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\Dioscuri\local settings\Temp\csrss.exe (Trojan.Agent) -> Delete on reboot.

#7
RKinner

Posted 24 May 2011 - 09:18 AM

Malware Expert

Expert
24,625 posts

It looks like MBAM took out the evil doers so continue with the original directions then finish with the latest.

#8
Tokay

Posted 24 May 2011 - 09:43 AM

Member

Topic Starter
Member
44 posts

Combofix just finished. I ended up with two logfiles. One of course is combofix.txt, which you asked for, but the other is simply log.txt. Would you like to see that one as well? Here's the former:

---

ComboFix 11-05-23.02 - Dioscuri 05/24/2011 8:32.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1374 [GMT -7:00]
Running from: c:\documents and settings\Dioscuri\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\400588\g2mdlhlpx.exe
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\pazk\Desktop\Setup.exe
c:\windows\sv.ini
c:\windows\system32\drivers\etc\lmhosts
F:\autorun.inf
.
----- BITS: Possible infected sites -----
.
hxxp://au.dj+|Cv+@J:NGD_DQ{zGD_DQ{zGD_DQ{zGD_DQ{z+@J:Nj+|Cvcuri\LOCALS~1\Temp\GURD.exeGoogle Update
.
((((((((((((((((((((((((( Files Created from 2011-04-24 to 2011-05-24 )))))))))))))))))))))))))))))))
.
.
2011-05-23 16:07 . 2011-05-23 16:08 -------- d-----w- c:\program files\ERUNT
2011-05-20 08:51 . 2011-05-23 16:58 -------- d-----w- c:\windows\system32\NtmsData
2011-05-20 05:56 . 2011-05-20 05:56 -------- d-----w- c:\program files\directx
2011-05-20 02:20 . 2011-05-20 02:20 -------- d-----w- c:\documents and settings\Dioscuri\Application Data\Kernel Recovery for iPod(Demo)
2011-05-19 20:01 . 2011-05-19 20:01 -------- d-----w- c:\documents and settings\Dioscuri\Application Data\Avira
2011-05-19 18:25 . 2011-04-02 00:07 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-05-19 18:25 . 2011-04-02 00:07 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-05-19 18:25 . 2010-06-17 22:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2011-05-19 18:25 . 2010-06-17 22:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2011-05-19 18:25 . 2011-05-19 18:25 -------- d-----w- c:\program files\Avira
2011-05-19 18:25 . 2011-05-19 18:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2011-05-18 18:00 . 2011-05-18 18:04 -------- d-----w- c:\documents and settings\Dioscuri\Application Data\WindSolutions
2011-05-18 18:00 . 2011-05-18 18:04 -------- d-----w- c:\documents and settings\All Users\Application Data\WindSolutions
2011-05-16 23:52 . 2011-05-16 23:52 -------- d-----w- c:\program files\Recuva
2011-05-11 05:38 . 2011-05-11 05:39 -------- d-----w- c:\program files\DVD Decrypter
2011-05-11 05:38 . 2011-05-11 05:38 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2011-05-11 05:38 . 2011-05-11 05:38 -------- d-----w- c:\program files\DVD Shrink
2011-05-11 05:33 . 2011-05-11 05:33 -------- d-----w- c:\documents and settings\Dioscuri\Local Settings\Application Data\PackageAware
2011-05-11 05:21 . 2011-05-11 19:31 -------- d-----w- c:\documents and settings\Dioscuri\Application Data\dvdcss
2011-05-10 00:13 . 2011-05-10 00:13 941132 ----a-w- C:\cc_20110509_1712.reg
2011-05-09 20:13 . 2011-05-09 20:13 -------- d-----w- c:\documents and settings\Dioscuri\Application Data\Red Kawa
2011-05-09 18:07 . 2011-05-09 18:07 -------- d-----w- c:\documents and settings\Dioscuri\Local Settings\Application Data\Geckofx
2011-05-09 18:03 . 2011-05-12 09:31 -------- d-----w- c:\program files\AviSynth 2.5
2011-05-09 18:02 . 2011-05-09 18:02 -------- d-----w- c:\program files\AnvSoft
2011-05-09 18:02 . 2011-05-09 18:02 -------- d-----w- c:\program files\Red Kawa
2011-05-06 18:44 . 2011-05-06 18:44 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2011-05-06 18:24 . 2011-05-06 18:24 -------- d-----w- c:\documents and settings\Dioscuri\Application Data\AnvSoft
2011-05-06 15:53 . 2010-12-13 16:32 1660416 ----a-w- c:\windows\PS_MatrixScreensaver.scr
2011-05-05 17:40 . 2011-05-05 17:49 -------- d-----w- c:\documents and settings\Dioscuri\Application Data\HandBrake
2011-05-05 17:40 . 2011-05-05 17:40 -------- d-----w- c:\documents and settings\Dioscuri\Local Settings\Application Data\HandBrake
2011-05-05 17:39 . 2011-05-06 15:48 -------- d-----w- c:\program files\Handbrake
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-13 22:40 . 2011-04-13 22:40 4284416 ----a-w- c:\windows\system32\GPhotos.scr
2011-04-06 23:20 . 2011-04-06 23:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 23:20 . 2011-04-06 23:20 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 23:20 . 2011-04-06 23:20 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 23:20 . 2011-04-06 23:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-03-07 05:33 . 2005-05-01 16:38 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:45 . 2004-08-04 12:00 434176 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2004-08-04 12:00 1857920 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-01 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-01 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-01 138008]
"Auto_Inventory"="c:\windows\LD_Boot.exe" [2006-09-21 129793]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-07-21 1228800]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 849280]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-09 13537280]
"nwiz"="nwiz.exe" [2008-06-09 1630208]
"NVHotkey"="nvHotkey.dll" [2008-06-09 90112]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2010-03-05 1396736]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-03-05 1206544]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-09 86016]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-14 421160]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
"basicsmssmenu"="c:\program files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [2007-10-10 169328]
.
c:\documents and settings\Dioscuri\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
c:\documents and settings\400588\Start Menu\Programs\Startup\
DING!.lnk - c:\program files\Southwest Airlines\Ding\Ding.exe [2006-6-22 462848]
.
c:\documents and settings\pazk\Start Menu\Programs\Startup\
DING!.lnk - c:\program files\Southwest Airlines\Ding\Ding.exe [2006-6-22 462848]
HotSync Manager.lnk - c:\program files\Palm\HOTSYNC.EXE [2003-4-22 299008]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3112102451-3306018722-1083012058-17703\Scripts\Logon\0\0]
"Script"=%LOGONSERVER%.%USERDNSDOMAIN%\NETLOGON\Global\Launchapp.wsf
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3112102451-3306018722-1083012058-39327\Scripts\Logon\0\0]
"Script"=%LOGONSERVER%.%USERDNSDOMAIN%\NETLOGON\Global\Launchapp.wsf
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"mnmsrvc"=3 (0x3)
"McAfeeFramework"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\WINDOWS\\System32\\ftp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"52311:UDP"= 52311:UDP:BES Client
"3724:TCP"= 3724:TCP:Blizzard Downloader
"6112:TCP"= 6112:TCP:Blizzard Downloader
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10/19/2010 11:54 AM 691696]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5/19/2011 11:25 AM 136360]
S0 a320raid;a320raid;c:\windows\system32\drivers\a320raid.sys [5/8/2005 11:55 AM 251578]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 18:50]
.
2011-05-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3983183778-1303381309-3793546208-1021Core.job
- c:\documents and settings\Dioscuri\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-23 09:12]
.
2011-05-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3983183778-1303381309-3793546208-1021UA.job
- c:\documents and settings\Dioscuri\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-23 09:12]
.
2008-12-05 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2007-02-05 23:52]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mLocal Page = \system32\blank.htm
mStart Page = https://my.seagate.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {865E3EAB-B314-46CF-AF14-913C16CEBF94} = 24.205.224.36,24.205.192.61
DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} - hxxp://xserv.dell.com/DellDriverScanner/DellSystem.CAB
DPF: {9C855227-889B-4B50-A41E-4B97C2F1E6A5} - hxxps://seagate.softscape.com/ly/seagatePROD/activex/SLMSViewer.cab
DPF: {C3CBFE35-9BE8-11D1-B31B-006008948294} - hxxp://ok-orgpub.okla.seagate.com/OrgPub/plugins/OrgPubX.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-24 08:37
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2011-05-24 08:38:55
ComboFix-quarantined-files.txt 2011-05-24 15:38
.
Pre-Run: 68,224,151,552 bytes free
Post-Run: 68,158,738,432 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
[spybotsd]
timeout.old=30
.
- - End Of File - - F1416E82F436019CD55172AE81E8072A

#9
Tokay

Posted 24 May 2011 - 09:48 AM

Member

Topic Starter
Member
44 posts

Okay, this is aswMBR's logfile. The FixMBR button was indeed enabled.

---

aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-05-24 08:46:36
-----------------------------
08:46:36.656 OS Version: Windows 5.1.2600 Service Pack 3
08:46:36.656 Number of processors: 2 586 0xF06
08:46:36.656 ComputerName: THXSEAGATE UserName: Dioscuri
08:46:37.687 Initialize success
08:46:55.640 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
08:46:55.640 Disk 0 Vendor: ST9160824AS 3.AAH Size: 152627MB BusType: 3
08:46:55.640 Disk 0 MBR read error 0
08:46:55.640 Disk 0 MBR scan
08:46:55.640 Disk 0 unknown MBR code
08:46:55.640 MBR BIOS signature not found 0
08:46:55.640 Disk 0 scanning sectors +312576705
08:46:55.640 Disk 0 scanning C:\WINDOWS\system32\drivers
08:47:11.640 Service scanning
08:47:12.718 Disk 0 trace - called modules:
08:47:12.765 ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys sppp.sys >>UNKNOWN [0x8a7bb938]<<
08:47:12.765 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a6d7030]
08:47:12.765 3 CLASSPNP.SYS[ba198fd7] -> nt!IofCallDriver -> \Device\000000b4[0x8a70b160]
08:47:12.765 5 ACPI.sys[b9e74620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a6d7d98]
08:47:12.765 Scan finished successfully
08:47:27.296 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Dioscuri\My Documents\MBR.dat"
08:47:27.296 The log file has been saved successfully to "C:\Documents and Settings\Dioscuri\My Documents\aswMBR.txt"

#10
Tokay

Posted 24 May 2011 - 10:42 AM

Member

Topic Starter
Member
44 posts

On a side note- did you want to have me run OTC again and this whole set of instructions?

Clear the Java Cache by following the instructions on
http://www.java.com/...lugin_cache.xml

Uninstall:
Spybot - Search & Destroy
J2SE Runtime Environment 5.0 Update 11
Java™ 6 Update 7
µTorrent

Copy the text in the code box by highlighting and Ctrl + c

:Services
McAfeeFramework
sptd

:OTL
PRC - [2011/05/19 19:19:50 | 000,196,608 | ---- | M] () -- C:\Documents and Settings\Dioscuri\Application Data\Microsoft\conhost.exe
SRV - [2009/09/22 17:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
DRV - [2010/10/19 11:54:41 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:63717
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 63717
FF - prefs.js..network.proxy.type: 1
[2010/01/13 12:25:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}-trash
File not found (No name found) --
[2010/09/23 13:03:24 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
O4 - HKLM..\Run: [conhost] C:\Documents and Settings\Dioscuri\Application Data\Microsoft\conhost.exe ()
F3 - HKCU WinNT: Load - (C:\DOCUME~1\Dioscuri\LOCALS~1\Temp\csrss.exe) - C:\Documents and Settings\Dioscuri\Local Settings\Temp\csrss.exe ()
O32 - AutoRun File - [2009/01/05 08:19:03 | 000,000,062 | -H-- | M] () - F:\autorun.inf -- [ NTFS ]
[2011/05/23 23:53:47 | 000,207,872 | ---- | M] () -- C:\Documents and Settings\Dioscuri\Application Data\dwm.exe
[2011/05/23 23:53:39 | 000,003,144 | ---- | M] () -- C:\Documents and Settings\Dioscuri\Application Data\442A.6D6
[2011/05/23 23:47:49 | 000,232,669 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2011/05/23 23:47:44 | 000,000,104 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2011/05/23 18:19:27 | 000,232,669 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat

:files
C:\Documents and Settings\Dioscuri\Application Data\Microsoft\conhost.exe
C:\DOCUME~1\Dioscuri\LOCALS~1\Temp\csrss.exe

:Commands
[purity]
[emptytemp]
[Reboot]

then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. (OTL may hang this time. IF it does just force a shutdown and restart.) Save the log and copy and paste it to a reply.

Open OTL again and select the Use All option in the Extra Registry group then the Run Scan button. Post the two logs it produces in your next reply.

It's possible that MBAM or Combofix will also get rid of them tho they usually do not clear the malware proxies. If you lose internet after running one of them then:

To fix it:

In IE, Tools, Internet Options, Connections, LAN Settings, then uncheck all boxes and OK. Close IE and restart IE.

In FireFox, Tools, Options, Advanced, Settings, check No Proxy then OK. Close Firefox and restart Firefox.

In Chrome, Wrench, Options, Under the Hood, Change Proxy Settings, uncheck all boxes, OK.

#11
RKinner

Posted 24 May 2011 - 10:46 AM

Malware Expert

Expert
24,625 posts

Yes I would like to see the other log. Something new.

Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

Killall::

SecCenter::
AV: AVG Anti-Virus *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

DirLook::
C:\Program Files\Common
%user%\library

File::
c:\windows\system32\drivers\sptd.sys
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3983183778-1303381309-3793546208-1021Core.job
c:\documents and settings\Dioscuri\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3983183778-1303381309-3793546208-1021UA.job
c:\documents and settings\Dioscuri\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

Driver::
sptd
mcafee framework

Folder::
c:\program files\mcafee

******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag CFScript over to Combofix and let go. Combofix should start by itself.

Run aswmbr again. Does it show the FIX button enabled? If so press it. If only the FixMBR button is enabled then just copy and paste the log.

Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Double click on TDSSKiller.exe
If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Yes run OTL again per the second set of instructions. It won't hurt anything if the malware is already gone.

Ron

#12
Tokay

Posted 24 May 2011 - 10:49 AM

Member

Topic Starter
Member
44 posts

Okay then. Here's that log.

---

ComboFix 11-05-23.02 - Dioscuri 05/24/2011 8:32.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1374 [GMT -7:00]
Running from: c:\documents and settings\Dioscuri\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\400588\g2mdlhlpx.exe
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\pazk\Desktop\Setup.exe
c:\windows\sv.ini
c:\windows\system32\drivers\etc\lmhosts
F:\autorun.inf
.
----- BITS: Possible infected sites -----
.
hxxp://au.dj+|Cv+@J:NGD_DQ{zGD_DQ{zGD_DQ{zGD_DQ{z+@J:Nj+|Cvcuri\LOCALS~1\Temp\GURD.exeGoogle Update
.
((((((((((((((((((((((((( Files Created from 2011-04-24 to 2011-05-24 )))))))))))))))))))))))))))))))
.
.
2011-05-23 16:07 . 2011-05-23 16:08 -------- d-----w- c:\program files\ERUNT
2011-05-20 08:51 . 2011-05-23 16:58 -------- d-----w- c:\windows\system32\NtmsData
2011-05-20 05:56 . 2011-05-20 05:56 -------- d-----w- c:\program files\directx
2011-05-20 02:20 . 2011-05-20 02:20 -------- d-----w- c:\documents and settings\Dioscuri\Application Data\Kernel Recovery for iPod(Demo)
2011-05-19 20:01 . 2011-05-19 20:01 -------- d-----w- c:\documents and settings\Dioscuri\Application Data\Avira
2011-05-19 18:25 . 2011-04-02 00:07 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-05-19 18:25 . 2011-04-02 00:07 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-05-19 18:25 . 2010-06-17 22:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2011-05-19 18:25 . 2010-06-17 22:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2011-05-19 18:25 . 2011-05-19 18:25 -------- d-----w- c:\program files\Avira
2011-05-19 18:25 . 2011-05-19 18:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2011-05-18 18:00 . 2011-05-18 18:04 -------- d-----w- c:\documents and settings\Dioscuri\Application Data\WindSolutions
2011-05-18 18:00 . 2011-05-18 18:04 -------- d-----w- c:\documents and settings\All Users\Application Data\WindSolutions
2011-05-16 23:52 . 2011-05-16 23:52 -------- d-----w- c:\program files\Recuva
2011-05-11 05:38 . 2011-05-11 05:39 -------- d-----w- c:\program files\DVD Decrypter
2011-05-11 05:38 . 2011-05-11 05:38 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2011-05-11 05:38 . 2011-05-11 05:38 -------- d-----w- c:\program files\DVD Shrink
2011-05-11 05:33 . 2011-05-11 05:33 -------- d-----w- c:\documents and settings\Dioscuri\Local Settings\Application Data\PackageAware
2011-05-11 05:21 . 2011-05-11 19:31 -------- d-----w- c:\documents and settings\Dioscuri\Application Data\dvdcss
2011-05-10 00:13 . 2011-05-10 00:13 941132 ----a-w- C:\cc_20110509_1712.reg
2011-05-09 20:13 . 2011-05-09 20:13 -------- d-----w- c:\documents and settings\Dioscuri\Application Data\Red Kawa
2011-05-09 18:07 . 2011-05-09 18:07 -------- d-----w- c:\documents and settings\Dioscuri\Local Settings\Application Data\Geckofx
2011-05-09 18:03 . 2011-05-12 09:31 -------- d-----w- c:\program files\AviSynth 2.5
2011-05-09 18:02 . 2011-05-09 18:02 -------- d-----w- c:\program files\AnvSoft
2011-05-09 18:02 . 2011-05-09 18:02 -------- d-----w- c:\program files\Red Kawa
2011-05-06 18:44 . 2011-05-06 18:44 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2011-05-06 18:24 . 2011-05-06 18:24 -------- d-----w- c:\documents and settings\Dioscuri\Application Data\AnvSoft
2011-05-06 15:53 . 2010-12-13 16:32 1660416 ----a-w- c:\windows\PS_MatrixScreensaver.scr
2011-05-05 17:40 . 2011-05-05 17:49 -------- d-----w- c:\documents and settings\Dioscuri\Application Data\HandBrake
2011-05-05 17:40 . 2011-05-05 17:40 -------- d-----w- c:\documents and settings\Dioscuri\Local Settings\Application Data\HandBrake
2011-05-05 17:39 . 2011-05-06 15:48 -------- d-----w- c:\program files\Handbrake
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-13 22:40 . 2011-04-13 22:40 4284416 ----a-w- c:\windows\system32\GPhotos.scr
2011-04-06 23:20 . 2011-04-06 23:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 23:20 . 2011-04-06 23:20 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 23:20 . 2011-04-06 23:20 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 23:20 . 2011-04-06 23:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-03-07 05:33 . 2005-05-01 16:38 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:45 . 2004-08-04 12:00 434176 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2004-08-04 12:00 1857920 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-01 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-01 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-01 138008]
"Auto_Inventory"="c:\windows\LD_Boot.exe" [2006-09-21 129793]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-07-21 1228800]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 849280]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-09 13537280]
"nwiz"="nwiz.exe" [2008-06-09 1630208]
"NVHotkey"="nvHotkey.dll" [2008-06-09 90112]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2010-03-05 1396736]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-03-05 1206544]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-09 86016]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-14 421160]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
"basicsmssmenu"="c:\program files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [2007-10-10 169328]
.
c:\documents and settings\Dioscuri\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
c:\documents and settings\400588\Start Menu\Programs\Startup\
DING!.lnk - c:\program files\Southwest Airlines\Ding\Ding.exe [2006-6-22 462848]
.
c:\documents and settings\pazk\Start Menu\Programs\Startup\
DING!.lnk - c:\program files\Southwest Airlines\Ding\Ding.exe [2006-6-22 462848]
HotSync Manager.lnk - c:\program files\Palm\HOTSYNC.EXE [2003-4-22 299008]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3112102451-3306018722-1083012058-17703\Scripts\Logon\0\0]
"Script"=%LOGONSERVER%.%USERDNSDOMAIN%\NETLOGON\Global\Launchapp.wsf
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3112102451-3306018722-1083012058-39327\Scripts\Logon\0\0]
"Script"=%LOGONSERVER%.%USERDNSDOMAIN%\NETLOGON\Global\Launchapp.wsf
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"mnmsrvc"=3 (0x3)
"McAfeeFramework"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\WINDOWS\\System32\\ftp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"52311:UDP"= 52311:UDP:BES Client
"3724:TCP"= 3724:TCP:Blizzard Downloader
"6112:TCP"= 6112:TCP:Blizzard Downloader
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10/19/2010 11:54 AM 691696]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5/19/2011 11:25 AM 136360]
S0 a320raid;a320raid;c:\windows\system32\drivers\a320raid.sys [5/8/2005 11:55 AM 251578]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 18:50]
.
2011-05-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3983183778-1303381309-3793546208-1021Core.job
- c:\documents and settings\Dioscuri\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-23 09:12]
.
2011-05-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3983183778-1303381309-3793546208-1021UA.job
- c:\documents and settings\Dioscuri\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-23 09:12]
.
2008-12-05 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2007-02-05 23:52]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mLocal Page = \system32\blank.htm
mStart Page = https://my.seagate.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {865E3EAB-B314-46CF-AF14-913C16CEBF94} = 24.205.224.36,24.205.192.61
DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} - hxxp://xserv.dell.com/DellDriverScanner/DellSystem.CAB
DPF: {9C855227-889B-4B50-A41E-4B97C2F1E6A5} - hxxps://seagate.softscape.com/ly/seagatePROD/activex/SLMSViewer.cab
DPF: {C3CBFE35-9BE8-11D1-B31B-006008948294} - hxxp://ok-orgpub.okla.seagate.com/OrgPub/plugins/OrgPubX.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-24 08:37
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2011-05-24 08:38:55
ComboFix-quarantined-files.txt 2011-05-24 15:38
.
Pre-Run: 68,224,151,552 bytes free
Post-Run: 68,158,738,432 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
[spybotsd]
timeout.old=30
.
- - End Of File - - F1416E82F436019CD55172AE81E8072A

#13
Tokay

Posted 24 May 2011 - 11:17 AM

Member

Topic Starter
Member
44 posts

Here's the log from the Combofix that just ran. Now I'll just keep heading down that list

---

ComboFix 11-05-23.02 - Dioscuri 05/24/2011 9:58.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1404 [GMT -7:00]
Running from: c:\documents and settings\Dioscuri\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Dioscuri\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
FILE ::
"c:\documents and settings\Dioscuri\Local Settings\Application Data\Google\Update\GoogleUpdate.exe"
"c:\windows\system32\drivers\sptd.sys"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3983183778-1303381309-3793546208-1021Core.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3983183778-1303381309-3793546208-1021UA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Dioscuri\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
c:\program files\mcafee
c:\program files\mcafee\Common Framework\0404\AgentRes.Dll
c:\program files\mcafee\Common Framework\0404\CMAUIRes.dll
c:\program files\mcafee\Common Framework\0404\MueRes.dll
c:\program files\mcafee\Common Framework\0404\UpdRes.Dll
c:\program files\mcafee\Common Framework\0407\AgentRes.Dll
c:\program files\mcafee\Common Framework\0407\CMAUIRes.dll
c:\program files\mcafee\Common Framework\0407\MueRes.dll
c:\program files\mcafee\Common Framework\0407\UpdRes.Dll
c:\program files\mcafee\Common Framework\0409\AgentRes.Dll
c:\program files\mcafee\Common Framework\0409\CMAUIRes.dll
c:\program files\mcafee\Common Framework\0409\MueRes.dll
c:\program files\mcafee\Common Framework\0409\MueRes_InUse.dll
c:\program files\mcafee\Common Framework\0409\UpdRes.Dll
c:\program files\mcafee\Common Framework\040A\AgentRes.Dll
c:\program files\mcafee\Common Framework\040A\CMAUIRes.dll
c:\program files\mcafee\Common Framework\040A\MueRes.dll
c:\program files\mcafee\Common Framework\040A\UpdRes.Dll
c:\program files\mcafee\Common Framework\040C\AgentRes.Dll
c:\program files\mcafee\Common Framework\040C\CMAUIRes.dll
c:\program files\mcafee\Common Framework\040C\MueRes.dll
c:\program files\mcafee\Common Framework\040C\UpdRes.Dll
c:\program files\mcafee\Common Framework\0410\AgentRes.Dll
c:\program files\mcafee\Common Framework\0410\CMAUIRes.dll
c:\program files\mcafee\Common Framework\0410\MueRes.dll
c:\program files\mcafee\Common Framework\0410\UpdRes.Dll
c:\program files\mcafee\Common Framework\0411\AgentRes.Dll
c:\program files\mcafee\Common Framework\0411\CMAUIRes.dll
c:\program files\mcafee\Common Framework\0411\MueRes.dll
c:\program files\mcafee\Common Framework\0411\UpdRes.Dll
c:\program files\mcafee\Common Framework\0412\AgentRes.Dll
c:\program files\mcafee\Common Framework\0412\CMAUIRes.dll
c:\program files\mcafee\Common Framework\0412\MueRes.dll
c:\program files\mcafee\Common Framework\0412\UpdRes.Dll
c:\program files\mcafee\Common Framework\0413\AgentRes.Dll
c:\program files\mcafee\Common Framework\0413\CMAUIRes.dll
c:\program files\mcafee\Common Framework\0413\MueRes.dll
c:\program files\mcafee\Common Framework\0413\UpdRes.Dll
c:\program files\mcafee\Common Framework\0415\AgentRes.Dll
c:\program files\mcafee\Common Framework\0415\CMAUIRes.dll
c:\program files\mcafee\Common Framework\0415\MueRes.dll
c:\program files\mcafee\Common Framework\0415\UpdRes.Dll
c:\program files\mcafee\Common Framework\0416\AgentRes.Dll
c:\program files\mcafee\Common Framework\0416\CMAUIRes.dll
c:\program files\mcafee\Common Framework\0416\MueRes.dll
c:\program files\mcafee\Common Framework\0416\UpdRes.Dll
c:\program files\mcafee\Common Framework\041D\AgentRes.Dll
c:\program files\mcafee\Common Framework\041D\CMAUIRes.dll
c:\program files\mcafee\Common Framework\041D\MueRes.dll
c:\program files\mcafee\Common Framework\041D\UpdRes.Dll
c:\program files\mcafee\Common Framework\0804\AgentRes.Dll
c:\program files\mcafee\Common Framework\0804\CMAUIRes.dll
c:\program files\mcafee\Common Framework\0804\MueRes.dll
c:\program files\mcafee\Common Framework\0804\UpdRes.Dll
c:\program files\mcafee\Common Framework\Agent.dll
c:\program files\mcafee\Common Framework\AgentPlugin.dll
c:\program files\mcafee\Common Framework\AppLib.dll
c:\program files\mcafee\Common Framework\boost_thread-vc71-mt-1_32.dll
c:\program files\mcafee\Common Framework\ClientUI.dll
c:\program files\mcafee\Common Framework\CMALib.dll
c:\program files\mcafee\Common Framework\CmdAgent.exe
c:\program files\mcafee\Common Framework\CmdAgent.log
c:\program files\mcafee\Common Framework\ComponentSubsystem.dll
c:\program files\mcafee\Common Framework\ComponentUserInterface.dll
c:\program files\mcafee\Common Framework\cryptocme2.dll
c:\program files\mcafee\Common Framework\cryptocme2.sig
c:\program files\mcafee\Common Framework\FrameworkService.exe
c:\program files\mcafee\Common Framework\FrmInst.exe
c:\program files\mcafee\Common Framework\GenEvtInf20080131151418.dll
c:\program files\mcafee\Common Framework\Genevtinf3.dll
c:\program files\mcafee\Common Framework\inetmgr.dll
c:\program files\mcafee\Common Framework\ipcchannel.dll
c:\program files\mcafee\Common Framework\JrMac.dll
c:\program files\mcafee\Common Framework\ListenServer.dll
c:\program files\mcafee\Common Framework\Logging.dll
c:\program files\mcafee\Common Framework\Management.dll
c:\program files\mcafee\Common Framework\McScanCheck.exe
c:\program files\mcafee\Common Framework\McTray.exe
c:\program files\mcafee\Common Framework\Mcurial.Dll
c:\program files\mcafee\Common Framework\mfeCmnLib71.dll
c:\program files\mcafee\Common Framework\mfecurl.dll
c:\program files\mcafee\Common Framework\mfezlib.dll
c:\program files\mcafee\Common Framework\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest
c:\program files\mcafee\Common Framework\Microsoft.VC80.CRT\msvcm80.dll
c:\program files\mcafee\Common Framework\Microsoft.VC80.CRT\msvcp80.dll
c:\program files\mcafee\Common Framework\Microsoft.VC80.CRT\msvcr80.dll
c:\program files\mcafee\Common Framework\msaconfig.exe
c:\program files\mcafee\Common Framework\msvcp71.dll
c:\program files\mcafee\Common Framework\msvcr71.dll
c:\program files\mcafee\Common Framework\Mue.exe
c:\program files\mcafee\Common Framework\naCmnLib2_64.dll
c:\program files\mcafee\Common Framework\naCmnLib2_71.dll
c:\program files\mcafee\Common Framework\naCmnLib3_71.dll
c:\program files\mcafee\Common Framework\naCmnLib64.dll
c:\program files\mcafee\Common Framework\naCmnLib71.dll
c:\program files\mcafee\Common Framework\nagshr32.dll
c:\program files\mcafee\Common Framework\nailog.dll
c:\program files\mcafee\Common Framework\nailog2.dll
c:\program files\mcafee\Common Framework\nailog2_64.dll
c:\program files\mcafee\Common Framework\nailog3.dll
c:\program files\mcafee\Common Framework\nailog64.dll
c:\program files\mcafee\Common Framework\Nainet.dll
c:\program files\mcafee\Common Framework\naitcpp.dll
c:\program files\mcafee\Common Framework\naitcpp.inf
c:\program files\mcafee\Common Framework\naPolicyManager.dll
c:\program files\mcafee\Common Framework\naPrdMgr.exe
c:\program files\mcafee\Common Framework\naSPIPE.dll
c:\program files\mcafee\Common Framework\naXML2_64.dll
c:\program files\mcafee\Common Framework\naXML2_71.dll
c:\program files\mcafee\Common Framework\naxml3_71.dll
c:\program files\mcafee\Common Framework\naXML64.dll
c:\program files\mcafee\Common Framework\naXML71.dll
c:\program files\mcafee\Common Framework\naziplib.dll
c:\program files\mcafee\Common Framework\Patchw32.dll
c:\program files\mcafee\Common Framework\PcrPlug.dll
c:\program files\mcafee\Common Framework\PoEvtInf.dll
c:\program files\mcafee\Common Framework\Scheduler.dll
c:\program files\mcafee\Common Framework\SecureFrameworkFactory20080131151420.dll
c:\program files\mcafee\Common Framework\SecureFrameworkFactory3.dll
c:\program files\mcafee\Common Framework\TCHelper.dll
c:\program files\mcafee\Common Framework\TCSubSys.dll
c:\program files\mcafee\Common Framework\updater.Dll
c:\program files\mcafee\Common Framework\UpdateSubSys.Dll
c:\program files\mcafee\Common Framework\UpdPlug.Dll
c:\program files\mcafee\Common Framework\UserSpace.Dll
c:\program files\mcafee\Common Framework\XMLWrap.Dll
c:\program files\mcafee\SiteAdvisor\apengine.dll
c:\program files\mcafee\SiteAdvisor\chrome.manifest
c:\program files\mcafee\SiteAdvisor\cntscan.dll
c:\program files\mcafee\SiteAdvisor\Components\IMcFFPlg.xpt
c:\program files\mcafee\SiteAdvisor\Components\McFFPlg.dll
c:\program files\mcafee\SiteAdvisor\content.dat
c:\program files\mcafee\SiteAdvisor\contents.rdf
c:\program files\mcafee\SiteAdvisor\default.txt
c:\program files\mcafee\SiteAdvisor\elist.dat
c:\program files\mcafee\SiteAdvisor\ffplg.inf
c:\program files\mcafee\SiteAdvisor\ieplg.inf
c:\program files\mcafee\SiteAdvisor\mcbrwctl.dll
c:\program files\mcafee\SiteAdvisor\mcfrmwk.dll
c:\program files\mcafee\SiteAdvisor\McIEPlg.dll
c:\program files\mcafee\SiteAdvisor\McPlgUI.dll
c:\program files\mcafee\SiteAdvisor\McSACore.exe
c:\program files\mcafee\SiteAdvisor\McSACorePS.dll
c:\program files\mcafee\SiteAdvisor\msacmain.inf
c:\program files\mcafee\SiteAdvisor\sa_cache_sqlite.dll
c:\program files\mcafee\SiteAdvisor\sa_http_win32.dll
c:\program files\mcafee\SiteAdvisor\SA_indep.inf
c:\program files\mcafee\SiteAdvisor\SA_main.inf
c:\program files\mcafee\SiteAdvisor\sa_mbl.dll
c:\program files\mcafee\SiteAdvisor\sa_store_sqlite.dll
c:\program files\mcafee\SiteAdvisor\SA_win32.inf
c:\program files\mcafee\SiteAdvisor\sac.inf
c:\program files\mcafee\SiteAdvisor\sachook.inf
c:\program files\mcafee\SiteAdvisor\sacimg.inf
c:\program files\mcafee\SiteAdvisor\sacomm.inf
c:\program files\mcafee\SiteAdvisor\sacore.dll
c:\program files\mcafee\SiteAdvisor\sacore.inf
c:\program files\mcafee\SiteAdvisor\sacres.inf
c:\program files\mcafee\SiteAdvisor\safelocalization.inf
c:\program files\mcafee\SiteAdvisor\sahook.dll
c:\program files\mcafee\SiteAdvisor\saplugin.dll
c:\program files\mcafee\SiteAdvisor\sares.dll
c:\program files\mcafee\SiteAdvisor\SASet.dll
c:\program files\mcafee\SiteAdvisor\saSets.ini
c:\program files\mcafee\SiteAdvisor\SaSSHMod.dll
c:\program files\mcafee\SiteAdvisor\saupkeep.dll
c:\program files\mcafee\SiteAdvisor\Scripts\balloon.html
c:\program files\mcafee\SiteAdvisor\Scripts\balloon_logo.gif
c:\program files\mcafee\SiteAdvisor\Scripts\balloon_logo_plus.gif
c:\program files\mcafee\SiteAdvisor\Scripts\bullet.gif
c:\program files\mcafee\SiteAdvisor\Scripts\button_black.gif
c:\program files\mcafee\SiteAdvisor\Scripts\button_black_lock.gif
c:\program files\mcafee\SiteAdvisor\Scripts\button_disabled.gif
c:\program files\mcafee\SiteAdvisor\Scripts\button_green.gif
c:\program files\mcafee\SiteAdvisor\Scripts\button_green_lock.gif
c:\program files\mcafee\SiteAdvisor\Scripts\button_grey.gif
c:\program files\mcafee\SiteAdvisor\Scripts\button_grey_lock.gif
c:\program files\mcafee\SiteAdvisor\Scripts\button_hs.gif
c:\program files\mcafee\SiteAdvisor\Scripts\button_hs_lock.gif
c:\program files\mcafee\SiteAdvisor\Scripts\button_red.gif
c:\program files\mcafee\SiteAdvisor\Scripts\button_red_lock.gif
c:\program files\mcafee\SiteAdvisor\Scripts\button_yellow.gif
c:\program files\mcafee\SiteAdvisor\Scripts\button_yellow_lock.gif
c:\program files\mcafee\SiteAdvisor\Scripts\contents.rdf
c:\program files\mcafee\SiteAdvisor\Scripts\down_arrow.gif
c:\program files\mcafee\SiteAdvisor\Scripts\download_careful.gif
c:\program files\mcafee\SiteAdvisor\Scripts\download_unsafe.gif
c:\program files\mcafee\SiteAdvisor\Scripts\empty.gif
c:\program files\mcafee\SiteAdvisor\Scripts\g.png
c:\program files\mcafee\SiteAdvisor\Scripts\g_banner_c.gif
c:\program files\mcafee\SiteAdvisor\Scripts\g_banner_l.gif
c:\program files\mcafee\SiteAdvisor\Scripts\g_banner_r.gif
c:\program files\mcafee\SiteAdvisor\Scripts\g_banner_sep.gif
c:\program files\mcafee\SiteAdvisor\Scripts\g_bottom_c.gif
c:\program files\mcafee\SiteAdvisor\Scripts\g_bottom_l.gif
c:\program files\mcafee\SiteAdvisor\Scripts\g_bottom_r.gif
c:\program files\mcafee\SiteAdvisor\Scripts\g_bottom_sep.gif
c:\program files\mcafee\SiteAdvisor\Scripts\g_facet.gif
c:\program files\mcafee\SiteAdvisor\Scripts\g_footer_c.gif
c:\program files\mcafee\SiteAdvisor\Scripts\g_footer_l.gif
c:\program files\mcafee\SiteAdvisor\Scripts\g_footer_r.gif
c:\program files\mcafee\SiteAdvisor\Scripts\g_header_c.gif
c:\program files\mcafee\SiteAdvisor\Scripts\g_header_l.gif
c:\program files\mcafee\SiteAdvisor\Scripts\g_header_r.gif
c:\program files\mcafee\SiteAdvisor\Scripts\g_icon.gif
c:\program files\mcafee\SiteAdvisor\Scripts\g_upsell_border.gif
c:\program files\mcafee\SiteAdvisor\Scripts\gl.png
c:\program files\mcafee\SiteAdvisor\Scripts\gleftarrow.gif
c:\program files\mcafee\SiteAdvisor\Scripts\gllc.png
c:\program files\mcafee\SiteAdvisor\Scripts\glrc.png
c:\program files\mcafee\SiteAdvisor\Scripts\gr.png
c:\program files\mcafee\SiteAdvisor\Scripts\green.gif
c:\program files\mcafee\SiteAdvisor\Scripts\greenbubble.gif
c:\program files\mcafee\SiteAdvisor\Scripts\greendownarrow.gif
c:\program files\mcafee\SiteAdvisor\Scripts\greenuparrow.gif
c:\program files\mcafee\SiteAdvisor\Scripts\grightarrow.gif
c:\program files\mcafee\SiteAdvisor\Scripts\gul.png
c:\program files\mcafee\SiteAdvisor\Scripts\gulc.png
c:\program files\mcafee\SiteAdvisor\Scripts\gurc.png
c:\program files\mcafee\SiteAdvisor\Scripts\hackersafe.gif
c:\program files\mcafee\SiteAdvisor\Scripts\hs.gif
c:\program files\mcafee\SiteAdvisor\Scripts\hs_icon.gif
c:\program files\mcafee\SiteAdvisor\Scripts\locale\cs-CZ\FF\safe.css
c:\program files\mcafee\SiteAdvisor\Scripts\locale\cs-CZ\IE\safe.css
c:\program files\mcafee\SiteAdvisor\Scripts\locale\da-DK\FF\safe.css
c:\program files\mcafee\SiteAdvisor\Scripts\locale\da-DK\IE\safe.css
c:\program files\mcafee\SiteAdvisor\Scripts\locale\de-DE\FF\safe.css
c:\program files\mcafee\SiteAdvisor\Scripts\locale\de-DE\IE\safe.css
c:\program files\mcafee\SiteAdvisor\Scripts\locale\el-GR\FF\safe.css
c:\program files\mcafee\SiteAdvisor\Scripts\locale\el-GR\IE\safe.css
c:\program files\mcafee\SiteAdvisor\Scripts\locale\en-AU\FF\safe.css
c:\program files\mcafee\SiteAdvisor\Scripts\locale\en-AU\IE\safe.css
c:\program files\mcafee\SiteAdvisor\Scripts\locale\en-CA\FF\safe.css
c:\program files\mcafee\SiteAdvisor\Scripts\locale\en-CA\IE\safe.css
c:\program files\mcafee\SiteAdvisor\Scripts\locale\en-GB\FF\safe.css
c:\program files\mcafee\SiteAdvisor\Scripts\locale\en-GB\IE\safe.css
c:\program files\mcafee\SiteAdvisor\Scripts\locale\en-IE\FF\safe.css
c:\program files\mcafee\SiteAdvisor\Scripts\locale\en-IE\IE\safe.css
c:\program files\mcafee\SiteAdvisor\Scripts\locale\en-US\FF\safe.css
c:\program files\mcafee\SiteAdvisor\Scripts\locale\en-US\IE\safe.css
c:\program files\mcafee\SiteAdvisor\Scripts\locale\es-AR\FF\safe.css
c:\program files\mcafee\SiteAdvisor\Scripts\locale\es-AR\IE\safe.css
c:\program files\mcafee\SiteAdvisor\Scripts\locale\es-CL\FF\safe.css
c:\program files\mcafee\SiteAdvisor\Scripts\locale\es-CL\IE\safe.css
c:\program files\mcafee\SiteAdvisor\Scripts\locale\es-ES\FF\safe.css
c:\program files\mcafee\SiteAdvisor\Scripts\locale\es-ES\IE\safe.css
c:\program files\mcafee\SiteAdvisor\Scripts\locale\es-MX\FF\safe.css
c:\program files\mcafee\SiteAdvisor\Scripts\locale\es-MX\IE\safe.css
c:\program files\mcafee\SiteAdvisor\Scripts\locale\es-PE\FF\safe.css
c:\program files\mcafee\SiteAdvisor\Scripts\locale\es-PE\IE\safe.css
c:\program files\mcafee\SiteAdvisor\Scripts\locale\fi-FI\FF\safe.css
c:\program files\mcafee\SiteAdvisor\Scripts\locale\fi-FI\IE\safe.css
c:\program files\mcafee\SiteAdvisor\Scripts\locale\fr-CA\FF\safe.css
c:\program files\mcafee\SiteAdvisor\Scripts\locale\fr-CA\IE\safe.css
c:\program files\mcafee\SiteAdvisor\Scripts\locale\fr-FR\FF\safe.css
c:\program files\mcafee\SiteAdvisor\Scripts\locale\fr-FR\IE\safe.css
c:\program files\mcafee\SiteAdvisor\Scripts\locale\hu-HU\FF\safe.css
c:\program files\mcafee\SiteAdvisor\Scripts\locale\hu-HU\IE\safe.css
c:\program files\mcafee\SiteAdvisor\Scripts\locale\it-IT\FF\safe.css
c:\program files\mcafee\SiteAdvisor\Scripts\locale\it-IT\IE\safe.css
c:\program files\mcafee\SiteAdvisor\Scripts\locale\ja-JP\FF\safe.css
c:\program files\mcafee\SiteAdvisor\Scripts\locale\ja-JP\IE\safe.css
c:\program files\mcafee\SiteAdvisor\Scripts\locale\ko-KR\FF\safe.css
c:\program files\mcafee\SiteAdvisor\Scripts\locale\ko-KR\IE\safe.css
c:\program files\mcafee\SiteAdvisor\Scripts\locale\nb-NO\FF\safe.css
c:\program files\mcafee\SiteAdvisor\Scripts\locale\nb-NO\IE\safe.css
c:\program files\mcafee\SiteAdvisor\Scripts\locale\nl-NL\FF\safe.css
c:\program files\mcafee\SiteAdvisor\Scripts\locale\nl-NL\IE\safe.css
c:\program files\mcafee\SiteAdvisor\Scripts\locale\no-NO\FF\safe.css
c:\program files\mcafee\SiteAdvisor\Scripts\locale\no-NO\IE\safe.css
c:\program files\mcafee\SiteAdvisor\Scripts\locale\pl-PL\FF\safe.css
c:\program files\mcafee\SiteAdvisor\Scripts\locale\pl-PL\IE\safe.css
c:\program files\mcafee\SiteAdvisor\Scripts\locale\pt-BR\FF\safe.css
c:\program files\mcafee\SiteAdvisor\Scripts\locale\pt-BR\IE\safe.css
c:\program files\mcafee\SiteAdvisor\Scripts\locale\pt-PT\FF\safe.css
c:\program files\mcafee\SiteAdvisor\Scripts\locale\pt-PT\IE\safe.css
c:\program files\mcafee\SiteAdvisor\Scripts\locale\ru-RU\FF\safe.css
c:\program files\mcafee\SiteAdvisor\Scripts\locale\ru-RU\IE\safe.css
c:\program files\mcafee\SiteAdvisor\Scripts\locale\sk-SK\FF\safe.css
c:\program files\mcafee\SiteAdvisor\Scripts\locale\sk-SK\IE\safe.css
c:\program files\mcafee\SiteAdvisor\Scripts\locale\sv-SE\FF\safe.css
c:\program files\mcafee\SiteAdvisor\Scripts\locale\sv-SE\IE\safe.css
c:\program files\mcafee\SiteAdvisor\Scripts\locale\tr-TR\FF\safe.css
c:\program files\mcafee\SiteAdvisor\Scripts\locale\tr-TR\IE\safe.css
c:\program files\mcafee\SiteAdvisor\Scripts\locale\zh-CN\FF\safe.css
c:\program files\mcafee\SiteAdvisor\Scripts\locale\zh-CN\IE\safe.css
c:\program files\mcafee\SiteAdvisor\Scripts\locale\zh-TW\FF\safe.css
c:\program files\mcafee\SiteAdvisor\Scripts\locale\zh-TW\IE\safe.css
c:\program files\mcafee\SiteAdvisor\Scripts\main.js
c:\program files\mcafee\SiteAdvisor\Scripts\mainff.js
c:\program files\mcafee\SiteAdvisor\Scripts\mcafee_logo.gif
c:\program files\mcafee\SiteAdvisor\Scripts\mcafee_yahoo_cobranded_toolbar.gif
c:\program files\mcafee\SiteAdvisor\Scripts\mcafeesiteadvisor.gif
c:\program files\mcafee\SiteAdvisor\Scripts\protection.gif
c:\program files\mcafee\SiteAdvisor\Scripts\r.png
c:\program files\mcafee\SiteAdvisor\Scripts\r_banner_c.gif
c:\program files\mcafee\SiteAdvisor\Scripts\r_banner_l.gif
c:\program files\mcafee\SiteAdvisor\Scripts\r_banner_r.gif
c:\program files\mcafee\SiteAdvisor\Scripts\r_banner_sep.gif
c:\program files\mcafee\SiteAdvisor\Scripts\r_bottom_c.gif
c:\program files\mcafee\SiteAdvisor\Scripts\r_bottom_l.gif
c:\program files\mcafee\SiteAdvisor\Scripts\r_bottom_r.gif
c:\program files\mcafee\SiteAdvisor\Scripts\r_bottom_sep.gif
c:\program files\mcafee\SiteAdvisor\Scripts\r_facet.gif
c:\program files\mcafee\SiteAdvisor\Scripts\r_footer_c.gif
c:\program files\mcafee\SiteAdvisor\Scripts\r_footer_l.gif
c:\program files\mcafee\SiteAdvisor\Scripts\r_footer_r.gif
c:\program files\mcafee\SiteAdvisor\Scripts\r_header_c.gif
c:\program files\mcafee\SiteAdvisor\Scripts\r_header_l.gif
c:\program files\mcafee\SiteAdvisor\Scripts\r_header_r.gif
c:\program files\mcafee\SiteAdvisor\Scripts\r_icon.gif
c:\program files\mcafee\SiteAdvisor\Scripts\r_upsell_border.gif
c:\program files\mcafee\SiteAdvisor\Scripts\red.gif
c:\program files\mcafee\SiteAdvisor\Scripts\redbubble.gif
c:\program files\mcafee\SiteAdvisor\Scripts\reddownarrow.gif
c:\program files\mcafee\SiteAdvisor\Scripts\reduparrow.gif
c:\program files\mcafee\SiteAdvisor\Scripts\rl.png
c:\program files\mcafee\SiteAdvisor\Scripts\rleftarrow.gif
c:\program files\mcafee\SiteAdvisor\Scripts\rllc.png
c:\program files\mcafee\SiteAdvisor\Scripts\rlrc.png
c:\program files\mcafee\SiteAdvisor\Scripts\rr.png
c:\program files\mcafee\SiteAdvisor\Scripts\rrightarrow.gif
c:\program files\mcafee\SiteAdvisor\Scripts\rul.png
c:\program files\mcafee\SiteAdvisor\Scripts\rulc.png
c:\program files\mcafee\SiteAdvisor\Scripts\rurc.png
c:\program files\mcafee\SiteAdvisor\Scripts\safe-facet-green.gif
c:\program files\mcafee\SiteAdvisor\Scripts\safe-facet-red.gif
c:\program files\mcafee\SiteAdvisor\Scripts\safe-facet-white.gif
c:\program files\mcafee\SiteAdvisor\Scripts\safe-facet-yellow.gif
c:\program files\mcafee\SiteAdvisor\Scripts\safe.xul
c:\program files\mcafee\SiteAdvisor\Scripts\safe_ff.js
c:\program files\mcafee\SiteAdvisor\Scripts\safe_ie.js
c:\program files\mcafee\SiteAdvisor\Scripts\safesearch.dat
c:\program files\mcafee\SiteAdvisor\Scripts\safesearch.js
c:\program files\mcafee\SiteAdvisor\Scripts\searchglass.gif
c:\program files\mcafee\SiteAdvisor\Scripts\siteadvisor.gif
c:\program files\mcafee\SiteAdvisor\Scripts\untested.gif
c:\program files\mcafee\SiteAdvisor\Scripts\w_banner_c.gif
c:\program files\mcafee\SiteAdvisor\Scripts\w_banner_l.gif
c:\program files\mcafee\SiteAdvisor\Scripts\w_banner_r.gif
c:\program files\mcafee\SiteAdvisor\Scripts\w_banner_sep.gif
c:\program files\mcafee\SiteAdvisor\Scripts\w_bottom_c.gif
c:\program files\mcafee\SiteAdvisor\Scripts\w_bottom_l.gif
c:\program files\mcafee\SiteAdvisor\Scripts\w_bottom_r.gif
c:\program files\mcafee\SiteAdvisor\Scripts\w_bottom_sep.gif
c:\program files\mcafee\SiteAdvisor\Scripts\w_footer_c.gif
c:\program files\mcafee\SiteAdvisor\Scripts\w_footer_l.gif
c:\program files\mcafee\SiteAdvisor\Scripts\w_footer_r.gif
c:\program files\mcafee\SiteAdvisor\Scripts\w_header_c.gif
c:\program files\mcafee\SiteAdvisor\Scripts\w_header_l.gif
c:\program files\mcafee\SiteAdvisor\Scripts\w_header_r.gif
c:\program files\mcafee\SiteAdvisor\Scripts\w_icon.gif
c:\program files\mcafee\SiteAdvisor\Scripts\w_upsell_border.gif
c:\program files\mcafee\SiteAdvisor\Scripts\whitebubble.gif
c:\program files\mcafee\SiteAdvisor\Scripts\whitedownarrow.gif
c:\program files\mcafee\SiteAdvisor\Scripts\whiteuparrow.gif
c:\program files\mcafee\SiteAdvisor\Scripts\wleftarrow.gif
c:\program files\mcafee\SiteAdvisor\Scripts\wrightarrow.gif
c:\program files\mcafee\SiteAdvisor\Scripts\xdown.gif
c:\program files\mcafee\SiteAdvisor\Scripts\xup.gif
c:\program files\mcafee\SiteAdvisor\Scripts\y.png
c:\program files\mcafee\SiteAdvisor\Scripts\y_banner_c.gif
c:\program files\mcafee\SiteAdvisor\Scripts\y_banner_l.gif
c:\program files\mcafee\SiteAdvisor\Scripts\y_banner_r.gif
c:\program files\mcafee\SiteAdvisor\Scripts\y_banner_sep.gif
c:\program files\mcafee\SiteAdvisor\Scripts\y_bottom_c.gif
c:\program files\mcafee\SiteAdvisor\Scripts\y_bottom_l.gif
c:\program files\mcafee\SiteAdvisor\Scripts\y_bottom_r.gif
c:\program files\mcafee\SiteAdvisor\Scripts\y_bottom_sep.gif
c:\program files\mcafee\SiteAdvisor\Scripts\y_facet.gif
c:\program files\mcafee\SiteAdvisor\Scripts\y_footer_c.gif
c:\program files\mcafee\SiteAdvisor\Scripts\y_footer_l.gif
c:\program files\mcafee\SiteAdvisor\Scripts\y_footer_r.gif
c:\program files\mcafee\SiteAdvisor\Scripts\y_header_c.gif
c:\program files\mcafee\SiteAdvisor\Scripts\y_header_l.gif
c:\program files\mcafee\SiteAdvisor\Scripts\y_header_r.gif
c:\program files\mcafee\SiteAdvisor\Scripts\y_icon.gif
c:\program files\mcafee\SiteAdvisor\Scripts\y_upsell_border.gif
c:\program files\mcafee\SiteAdvisor\Scripts\yellow.gif
c:\program files\mcafee\SiteAdvisor\Scripts\yellowbubble.gif
c:\program files\mcafee\SiteAdvisor\Scripts\yellowdownarrow.gif
c:\program files\mcafee\SiteAdvisor\Scripts\yellowuparrow.gif
c:\program files\mcafee\SiteAdvisor\Scripts\yl.png
c:\program files\mcafee\SiteAdvisor\Scripts\yleftarrow.gif
c:\program files\mcafee\SiteAdvisor\Scripts\yllc.png
c:\program files\mcafee\SiteAdvisor\Scripts\ylrc.png
c:\program files\mcafee\SiteAdvisor\Scripts\yr.png
c:\program files\mcafee\SiteAdvisor\Scripts\yrightarrow.gif
c:\program files\mcafee\SiteAdvisor\Scripts\ytri.gif
c:\program files\mcafee\SiteAdvisor\Scripts\yul.png
c:\program files\mcafee\SiteAdvisor\Scripts\yulc.png
c:\program files\mcafee\SiteAdvisor\Scripts\yurc.png
c:\program files\mcafee\SiteAdvisor\sqlite3.dll
c:\program files\mcafee\SiteAdvisor\subst.inf
c:\program files\mcafee\SiteAdvisor\uninstall.exe
c:\windows\system32\drivers\sptd.sys
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3983183778-1303381309-3793546208-1021Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3983183778-1303381309-3793546208-1021UA.job
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SPTD
-------\Service_sptd
.
.
((((((((((((((((((((((((( Files Created from 2011-04-24 to 2011-05-24 )))))))))))))))))))))))))))))))
.
.
2011-05-24 07:00 . 2011-05-24 07:00 -------- d-----w- c:\documents and settings\Dioscuri\Application Data\Malwarebytes
2011-05-24 07:00 . 2010-12-21 01:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-24 07:00 . 2011-05-24 07:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-05-24 07:00 . 2011-05-24 07:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-24 07:00 . 2010-12-21 01:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-24 06:34 . 2011-05-24 06:34 -------- d-----w- C:\_OTL
2011-05-23 20:37 . 2011-05-24 00:14 -------- d-----w- c:\program files\WhoCrashed
2011-05-23 16:16 . 2011-05-23 16:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-05-23 16:16 . 2011-05-23 16:21 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-05-23 16:07 . 2011-05-23 16:08 -------- d-----w- c:\program files\ERUNT
2011-05-20 08:51 . 2011-05-23 16:58 -------- d-----w- c:\windows\system32\NtmsData
2011-05-20 05:56 . 2011-05-20 05:56 -------- d-----w- c:\program files\directx
2011-05-20 02:20 . 2011-05-20 02:20 -------- d-----w- c:\documents and settings\Dioscuri\Application Data\Kernel Recovery for iPod(Demo)
2011-05-19 20:01 . 2011-05-19 20:01 -------- d-----w- c:\documents and settings\Dioscuri\Application Data\Avira
2011-05-19 18:25 . 2011-04-02 00:07 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-05-19 18:25 . 2011-04-02 00:07 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-05-19 18:25 . 2010-06-17 22:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2011-05-19 18:25 . 2010-06-17 22:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2011-05-19 18:25 . 2011-05-19 18:25 -------- d-----w- c:\program files\Avira
2011-05-19 18:25 . 2011-05-19 18:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2011-05-18 18:00 . 2011-05-18 18:04 -------- d-----w- c:\documents and settings\Dioscuri\Application Data\WindSolutions
2011-05-18 18:00 . 2011-05-18 18:04 -------- d-----w- c:\documents and settings\All Users\Application Data\WindSolutions
2011-05-16 23:52 . 2011-05-16 23:52 -------- d-----w- c:\program files\Recuva
2011-05-11 05:38 . 2011-05-11 05:39 -------- d-----w- c:\program files\DVD Decrypter
2011-05-11 05:38 . 2011-05-11 05:38 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2011-05-11 05:38 . 2011-05-11 05:38 -------- d-----w- c:\program files\DVD Shrink
2011-05-11 05:33 . 2011-05-11 05:33 -------- d-----w- c:\documents and settings\Dioscuri\Local Settings\Application Data\PackageAware
2011-05-11 05:21 . 2011-05-11 19:31 -------- d-----w- c:\documents and settings\Dioscuri\Application Data\dvdcss
2011-05-10 00:13 . 2011-05-10 00:13 941132 ----a-w- C:\cc_20110509_1712.reg
2011-05-09 20:13 . 2011-05-09 20:13 -------- d-----w- c:\documents and settings\Dioscuri\Application Data\Red Kawa
2011-05-09 18:07 . 2011-05-09 18:07 -------- d-----w- c:\documents and settings\Dioscuri\Local Settings\Application Data\Geckofx
2011-05-09 18:03 . 2011-05-12 09:31 -------- d-----w- c:\program files\AviSynth 2.5
2011-05-09 18:02 . 2011-05-09 18:02 -------- d-----w- c:\program files\AnvSoft
2011-05-09 18:02 . 2011-05-09 18:02 -------- d-----w- c:\program files\Red Kawa
2011-05-06 18:44 . 2011-05-06 18:44 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2011-05-06 18:24 . 2011-05-06 18:24 -------- d-----w- c:\documents and settings\Dioscuri\Application Data\AnvSoft
2011-05-06 15:53 . 2010-12-13 16:32 1660416 ----a-w- c:\windows\PS_MatrixScreensaver.scr
2011-05-05 17:40 . 2011-05-05 17:49 -------- d-----w- c:\documents and settings\Dioscuri\Application Data\HandBrake
2011-05-05 17:40 . 2011-05-05 17:40 -------- d-----w- c:\documents and settings\Dioscuri\Local Settings\Application Data\HandBrake
2011-05-05 17:39 . 2011-05-06 15:48 -------- d-----w- c:\program files\Handbrake
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-13 22:40 . 2011-04-13 22:40 4284416 ----a-w- c:\windows\system32\GPhotos.scr
2011-04-06 23:20 . 2011-04-06 23:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 23:20 . 2011-04-06 23:20 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 23:20 . 2011-04-06 23:20 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 23:20 . 2011-04-06 23:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-03-07 05:33 . 2005-05-01 16:38 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:45 . 2004-08-04 12:00 434176 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2004-08-04 12:00 1857920 ----a-w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of %user%\library ----
.
.
---- Directory of c:\program files\Common ----
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-01 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-01 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-01 138008]
"Auto_Inventory"="c:\windows\LD_Boot.exe" [2006-09-21 129793]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-07-21 1228800]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 849280]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-09 13537280]
"nwiz"="nwiz.exe" [2008-06-09 1630208]
"NVHotkey"="nvHotkey.dll" [2008-06-09 90112]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2010-03-05 1396736]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-03-05 1206544]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-09 86016]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-14 421160]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
"basicsmssmenu"="c:\program files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [2007-10-10 169328]
.
c:\documents and settings\Dioscuri\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
c:\documents and settings\400588\Start Menu\Programs\Startup\
DING!.lnk - c:\program files\Southwest Airlines\Ding\Ding.exe [2006-6-22 462848]
.
c:\documents and settings\pazk\Start Menu\Programs\Startup\
DING!.lnk - c:\program files\Southwest Airlines\Ding\Ding.exe [2006-6-22 462848]
HotSync Manager.lnk - c:\program files\Palm\HOTSYNC.EXE [2003-4-22 299008]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3112102451-3306018722-1083012058-17703\Scripts\Logon\0\0]
"Script"=%LOGONSERVER%.%USERDNSDOMAIN%\NETLOGON\Global\Launchapp.wsf
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3112102451-3306018722-1083012058-39327\Scripts\Logon\0\0]
"Script"=%LOGONSERVER%.%USERDNSDOMAIN%\NETLOGON\Global\Launchapp.wsf
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"mnmsrvc"=3 (0x3)
"McAfeeFramework"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\System32\\ftp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"52311:UDP"= 52311:UDP:BES Client
"3724:TCP"= 3724:TCP:Blizzard Downloader
"6112:TCP"= 6112:TCP:Blizzard Downloader
.
R0 a320raid;a320raid;c:\windows\system32\drivers\a320raid.sys [5/8/2005 11:55 AM 251578]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5/19/2011 11:25 AM 136360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 18:50]
.
2008-12-05 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2007-02-05 23:52]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mLocal Page = \system32\blank.htm
mStart Page = https://my.seagate.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {865E3EAB-B314-46CF-AF14-913C16CEBF94} = 24.205.224.36,24.205.192.61
DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} - hxxp://xserv.dell.com/DellDriverScanner/DellSystem.CAB
DPF: {9C855227-889B-4B50-A41E-4B97C2F1E6A5} - hxxps://seagate.softscape.com/ly/seagatePROD/activex/SLMSViewer.cab
DPF: {C3CBFE35-9BE8-11D1-B31B-006008948294} - hxxp://ok-orgpub.okla.seagate.com/OrgPub/plugins/OrgPubX.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-24 10:06
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3092)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Seagate\Basics\Service\SyncServicesBasics.exe
c:\program files\BigFix Enterprise\BES Client\BESClient.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\BigFix Enterprise\BES Client\BESClientUI.exe
c:\windows\system32\rundll32.exe
c:\program files\Apoint\Apntex.exe
c:\program files\Apoint\HidFind.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\wbem\unsecapp.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2011-05-24 10:11:07 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-24 17:11
ComboFix2.txt 2011-05-24 15:38
.
Pre-Run: 68,183,465,984 bytes free
Post-Run: 68,017,881,088 bytes free
.
- - End Of File - - A251F2A82F45E90981C7AA4A5B95BCD9

#14
Tokay

Posted 24 May 2011 - 11:20 AM

Member

Topic Starter
Member
44 posts

And here's the aswMBR log from just now, since it didn't give me the FIX option:

---

aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-05-24 10:20:11
-----------------------------
10:20:11.375 OS Version: Windows 5.1.2600 Service Pack 3
10:20:11.375 Number of processors: 2 586 0xF06
10:20:11.375 ComputerName: THXSEAGATE UserName: Dioscuri
10:20:12.296 Initialize success
10:20:15.656 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
10:20:15.656 Disk 0 Vendor: ST9160824AS 3.AAH Size: 152627MB BusType: 3
10:20:17.750 Disk 0 MBR read successfully
10:20:17.750 Disk 0 MBR scan
10:20:17.750 Disk 0 Windows XP default MBR code
10:20:19.765 Disk 0 scanning sectors +312576705
10:20:19.937 Disk 0 scanning C:\WINDOWS\system32\drivers
10:20:29.859 Service scanning
10:20:30.921 Disk 0 trace - called modules:
10:20:30.968 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
10:20:30.968 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a6ed388]
10:20:30.968 3 CLASSPNP.SYS[ba188fd7] -> nt!IofCallDriver -> \Device\000000b3[0x8a748f18]
10:20:30.968 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a77c940]
10:20:30.968 Scan finished successfully
10:20:45.015 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Dioscuri\My Documents\MBR.dat"
10:20:45.031 The log file has been saved successfully to "C:\Documents and Settings\Dioscuri\My Documents\aswMBR (2).txt"

#15
Tokay

Posted 24 May 2011 - 11:29 AM

Member

Topic Starter
Member
44 posts

I just got done running the tdsskiller, and it had some good news

---

2011/05/24 10:23:43.0546 2900 TDSS rootkit removing tool 2.5.2.0 May 24 2011 11:01:23
2011/05/24 10:23:44.0250 2900 ================================================================================
2011/05/24 10:23:44.0250 2900 SystemInfo:
2011/05/24 10:23:44.0250 2900
2011/05/24 10:23:44.0250 2900 OS Version: 5.1.2600 ServicePack: 3.0
2011/05/24 10:23:44.0250 2900 Product type: Workstation
2011/05/24 10:23:44.0250 2900 ComputerName: THXSEAGATE
2011/05/24 10:23:44.0250 2900 UserName: Dioscuri
2011/05/24 10:23:44.0250 2900 Windows directory: C:\WINDOWS
2011/05/24 10:23:44.0250 2900 System windows directory: C:\WINDOWS
2011/05/24 10:23:44.0250 2900 Processor architecture: Intel x86
2011/05/24 10:23:44.0250 2900 Number of processors: 2
2011/05/24 10:23:44.0250 2900 Page size: 0x1000
2011/05/24 10:23:44.0250 2900 Boot type: Normal boot
2011/05/24 10:23:44.0250 2900 ================================================================================
2011/05/24 10:23:49.0093 2900 Initialize success
2011/05/24 10:24:01.0265 0536 ================================================================================
2011/05/24 10:24:01.0265 0536 Scan started
2011/05/24 10:24:01.0265 0536 Mode: Manual;
2011/05/24 10:24:01.0265 0536 ================================================================================
2011/05/24 10:24:02.0109 0536 a320raid (ce91060555920221df0ad2b4e16ffd3e) C:\WINDOWS\system32\DRIVERS\a320raid.sys
2011/05/24 10:24:02.0234 0536 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/05/24 10:24:02.0281 0536 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
2011/05/24 10:24:02.0343 0536 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/05/24 10:24:02.0375 0536 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/05/24 10:24:02.0406 0536 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/05/24 10:24:02.0437 0536 adpu320 (e4e13ce4c85c7e45a643ba54b8c8b16b) C:\WINDOWS\system32\DRIVERS\adpu320.sys
2011/05/24 10:24:02.0484 0536 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/05/24 10:24:02.0546 0536 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/05/24 10:24:02.0593 0536 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/05/24 10:24:02.0609 0536 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/05/24 10:24:02.0640 0536 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/05/24 10:24:02.0671 0536 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/05/24 10:24:02.0687 0536 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/05/24 10:24:02.0734 0536 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/05/24 10:24:02.0781 0536 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/05/24 10:24:02.0796 0536 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/05/24 10:24:02.0843 0536 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/05/24 10:24:02.0906 0536 ApfiltrService (090880e9bf20f928bc341f96d27c019e) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
2011/05/24 10:24:02.0937 0536 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
2011/05/24 10:24:03.0000 0536 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/05/24 10:24:03.0046 0536 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/05/24 10:24:03.0078 0536 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/05/24 10:24:03.0109 0536 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/05/24 10:24:03.0156 0536 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/05/24 10:24:03.0203 0536 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/05/24 10:24:03.0312 0536 ati2mtag (8759322ffc1a50569c1e5528ee8026b7) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/05/24 10:24:03.0390 0536 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/05/24 10:24:03.0437 0536 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/05/24 10:24:03.0562 0536 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2011/05/24 10:24:03.0609 0536 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
2011/05/24 10:24:03.0656 0536 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2011/05/24 10:24:03.0734 0536 b57w2k (c0acd392ece55784884cc208aafa06ce) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2011/05/24 10:24:03.0812 0536 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/05/24 10:24:03.0906 0536 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
2011/05/24 10:24:03.0953 0536 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
2011/05/24 10:24:04.0015 0536 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys
2011/05/24 10:24:04.0062 0536 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
2011/05/24 10:24:04.0125 0536 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/05/24 10:24:04.0140 0536 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/05/24 10:24:04.0171 0536 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/05/24 10:24:04.0203 0536 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/05/24 10:24:04.0234 0536 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/05/24 10:24:04.0265 0536 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/05/24 10:24:04.0359 0536 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/05/24 10:24:04.0421 0536 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/05/24 10:24:04.0453 0536 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/05/24 10:24:04.0515 0536 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/05/24 10:24:04.0578 0536 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/05/24 10:24:04.0625 0536 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/05/24 10:24:04.0703 0536 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/05/24 10:24:04.0796 0536 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
2011/05/24 10:24:04.0859 0536 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
2011/05/24 10:24:04.0906 0536 DLADResN (83545593e297f50a8e2524b4c071a153) C:\WINDOWS\system32\DLA\DLADResN.SYS
2011/05/24 10:24:04.0953 0536 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
2011/05/24 10:24:04.0984 0536 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
2011/05/24 10:24:05.0031 0536 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
2011/05/24 10:24:05.0062 0536 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
2011/05/24 10:24:05.0078 0536 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
2011/05/24 10:24:05.0125 0536 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
2011/05/24 10:24:05.0218 0536 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/05/24 10:24:05.0281 0536 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/05/24 10:24:05.0312 0536 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/05/24 10:24:05.0343 0536 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/05/24 10:24:05.0390 0536 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/05/24 10:24:05.0406 0536 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/05/24 10:24:05.0453 0536 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
2011/05/24 10:24:05.0468 0536 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
2011/05/24 10:24:05.0546 0536 E1000 (c50a32e88251e2bfc2a3721a4078df0e) C:\WINDOWS\system32\DRIVERS\e1000325.sys
2011/05/24 10:24:05.0593 0536 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
2011/05/24 10:24:05.0656 0536 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/05/24 10:24:05.0703 0536 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/05/24 10:24:05.0734 0536 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/05/24 10:24:05.0765 0536 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/05/24 10:24:05.0812 0536 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/05/24 10:24:05.0859 0536 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/05/24 10:24:05.0921 0536 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/05/24 10:24:05.0968 0536 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/05/24 10:24:06.0015 0536 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/05/24 10:24:06.0078 0536 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/05/24 10:24:06.0125 0536 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/05/24 10:24:06.0171 0536 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/05/24 10:24:06.0234 0536 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/05/24 10:24:06.0250 0536 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/05/24 10:24:06.0265 0536 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/05/24 10:24:06.0343 0536 HSF_DPV (e8ec1767ea315a39a0dd8989952ca0e9) C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys
2011/05/24 10:24:06.0390 0536 HSXHWAZL (61478fa42ee04562e7f11f4dca87e9c8) C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys
2011/05/24 10:24:06.0437 0536 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/05/24 10:24:06.0500 0536 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/05/24 10:24:06.0515 0536 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/05/24 10:24:06.0546 0536 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/05/24 10:24:06.0812 0536 ialm (612194abc69a6db0e2c49e1544ca93a0) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2011/05/24 10:24:07.0109 0536 iaStor (580bfec487c55264bfe3d60c3c24eee1) C:\WINDOWS\system32\DRIVERS\iaStor.sys
2011/05/24 10:24:07.0171 0536 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/05/24 10:24:07.0218 0536 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/05/24 10:24:07.0250 0536 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/05/24 10:24:07.0296 0536 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/05/24 10:24:07.0328 0536 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/05/24 10:24:07.0390 0536 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/05/24 10:24:07.0406 0536 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/05/24 10:24:07.0437 0536 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/05/24 10:24:07.0468 0536 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/05/24 10:24:07.0500 0536 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
2011/05/24 10:24:07.0531 0536 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/05/24 10:24:07.0578 0536 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/05/24 10:24:07.0609 0536 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/05/24 10:24:07.0625 0536 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/05/24 10:24:07.0656 0536 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/05/24 10:24:07.0687 0536 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/05/24 10:24:07.0750 0536 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/05/24 10:24:07.0843 0536 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/05/24 10:24:07.0875 0536 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/05/24 10:24:07.0906 0536 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/05/24 10:24:07.0953 0536 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/05/24 10:24:07.0984 0536 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/05/24 10:24:08.0015 0536 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/05/24 10:24:08.0031 0536 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/05/24 10:24:08.0109 0536 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/05/24 10:24:08.0140 0536 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/05/24 10:24:08.0171 0536 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/05/24 10:24:08.0187 0536 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/05/24 10:24:08.0218 0536 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/05/24 10:24:08.0250 0536 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/05/24 10:24:08.0281 0536 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/05/24 10:24:08.0296 0536 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/05/24 10:24:08.0328 0536 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/05/24 10:24:08.0359 0536 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/05/24 10:24:08.0359 0536 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/05/24 10:24:08.0406 0536 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/05/24 10:24:08.0437 0536 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/05/24 10:24:08.0453 0536 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/05/24 10:24:08.0578 0536 NETw4x32 (88100ebdd10309fbd445ef8e42452eae) C:\WINDOWS\system32\DRIVERS\NETw4x32.sys
2011/05/24 10:24:08.0953 0536 NETw5x32 (3bdc90d9b12b685944f2b0896af5413c) C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
2011/05/24 10:24:09.0218 0536 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/05/24 10:24:09.0250 0536 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/05/24 10:24:09.0281 0536 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/05/24 10:24:09.0328 0536 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/05/24 10:24:09.0625 0536 nv (c116d2b008a1640c4484a1dcd1abe12c) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/05/24 10:24:09.0953 0536 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/05/24 10:24:10.0000 0536 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/05/24 10:24:10.0078 0536 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/05/24 10:24:10.0140 0536 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/05/24 10:24:10.0171 0536 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/05/24 10:24:10.0296 0536 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/05/24 10:24:10.0343 0536 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/05/24 10:24:10.0453 0536 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/05/24 10:24:10.0484 0536 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/05/24 10:24:10.0609 0536 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/05/24 10:24:10.0671 0536 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/05/24 10:24:10.0765 0536 Point32 (dcdf0421a1c14f2923e298a30fd7636d) C:\WINDOWS\system32\DRIVERS\point32.sys
2011/05/24 10:24:10.0828 0536 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/05/24 10:24:10.0875 0536 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/05/24 10:24:10.0921 0536 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/05/24 10:24:10.0968 0536 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/05/24 10:24:11.0031 0536 PxHelp20 (7c81ae3c9b82ba2da437ed4d31bc56cf) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/05/24 10:24:11.0062 0536 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/05/24 10:24:11.0078 0536 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/05/24 10:24:11.0484 0536 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/05/24 10:24:11.0546 0536 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/05/24 10:24:11.0593 0536 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/05/24 10:24:11.0640 0536 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/05/24 10:24:11.0718 0536 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
2011/05/24 10:24:11.0750 0536 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/05/24 10:24:11.0765 0536 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/05/24 10:24:11.0812 0536 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/05/24 10:24:11.0843 0536 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/05/24 10:24:11.0859 0536 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/05/24 10:24:11.0906 0536 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/05/24 10:24:11.0937 0536 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/05/24 10:24:11.0968 0536 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/05/24 10:24:12.0015 0536 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
2011/05/24 10:24:12.0078 0536 s24trans (e7958e8acda7ca20127ef5f2235f25cc) C:\WINDOWS\system32\DRIVERS\s24trans.sys
2011/05/24 10:24:12.0156 0536 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2011/05/24 10:24:12.0203 0536 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/05/24 10:24:12.0250 0536 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/05/24 10:24:12.0265 0536 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/05/24 10:24:12.0312 0536 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/05/24 10:24:12.0421 0536 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/05/24 10:24:12.0484 0536 SMCIRDA (707647a1aa0edb6cbef61b0c75c28ed3) C:\WINDOWS\system32\DRIVERS\smcirda.sys
2011/05/24 10:24:12.0562 0536 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/05/24 10:24:12.0640 0536 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/05/24 10:24:12.0718 0536 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/05/24 10:24:12.0781 0536 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/05/24 10:24:12.0859 0536 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2011/05/24 10:24:12.0984 0536 STHDA (951801dfb54d86f611f0af47825476f9) C:\WINDOWS\system32\drivers\sthda.sys
2011/05/24 10:24:13.0062 0536 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/05/24 10:24:13.0125 0536 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/05/24 10:24:13.0203 0536 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/05/24 10:24:13.0234 0536 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/05/24 10:24:13.0265 0536 symmpi (a42f863305943869ba00a613c8ee8c7e) C:\WINDOWS\system32\drivers\symmpi.sys
2011/05/24 10:24:13.0296 0536 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/05/24 10:24:13.0312 0536 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/05/24 10:24:13.0406 0536 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/05/24 10:24:13.0484 0536 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/05/24 10:24:13.0546 0536 TcUsb (53900527fa5e2ccc818c5894383772d1) C:\WINDOWS\system32\Drivers\tcusb.sys
2011/05/24 10:24:13.0578 0536 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/05/24 10:24:13.0609 0536 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/05/24 10:24:13.0687 0536 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/05/24 10:24:13.0734 0536 tifm21 (8778a553003a3d37a550a1f9cff6be28) C:\WINDOWS\system32\drivers\tifm21.sys
2011/05/24 10:24:13.0796 0536 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/05/24 10:24:13.0828 0536 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/05/24 10:24:13.0921 0536 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/05/24 10:24:13.0968 0536 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/05/24 10:24:14.0031 0536 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/05/24 10:24:14.0093 0536 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/05/24 10:24:14.0156 0536 USBCCID (6b5e4d5e6e5ecd6acd14aed59768ce5c) C:\WINDOWS\system32\DRIVERS\usbccid.sys
2011/05/24 10:24:14.0250 0536 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/05/24 10:24:14.0312 0536 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/05/24 10:24:14.0390 0536 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/05/24 10:24:14.0453 0536 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/05/24 10:24:14.0500 0536 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/05/24 10:24:14.0546 0536 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/05/24 10:24:14.0578 0536 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/05/24 10:24:14.0625 0536 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/05/24 10:24:14.0656 0536 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/05/24 10:24:14.0671 0536 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/05/24 10:24:14.0734 0536 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/05/24 10:24:14.0781 0536 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/05/24 10:24:14.0875 0536 winachsf (ba6b6fb242a6ba4068c8b763063beb63) C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
2011/05/24 10:24:14.0968 0536 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/05/24 10:24:15.0078 0536 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/05/24 10:24:15.0125 0536 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/05/24 10:24:15.0187 0536 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/05/24 10:24:15.0593 0536 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR2
2011/05/24 10:24:15.0656 0536 ================================================================================
2011/05/24 10:24:15.0656 0536 Scan finished
2011/05/24 10:24:15.0656 0536 ================================================================================
2011/05/24 10:24:15.0671 3280 Detected object count: 0
2011/05/24 10:24:15.0671 3280 Actual detected object count: 0