Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Running super slow, intermittent internet, testendonline popups, shop


  • This topic is locked This topic is locked

#61
Maxihup

Maxihup

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
MBR Log

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000007c

Kernel Drivers (total 178):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 isapnp.sys
0xBA0B8000 ohci1394.sys
0xBA0C8000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xBA4BC000 compbatt.sys
0xBA4C0000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA5AC000 aliide.sys
0xBA5AE000 cmdide.sys
0xBA5B0000 toside.sys
0xBA5B2000 viaide.sys
0xBA5B4000 intelide.sys
0xB9F4A000 pcmcia.sys
0xBA0D8000 MountMgr.sys
0xB9F2B000 ftdisk.sys
0xBA5B6000 dmload.sys
0xB9F05000 dmio.sys
0xBA330000 PartMgr.sys
0xBA4C4000 ACPIEC.sys
0xBA671000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xBA0E8000 VolSnap.sys
0xB9EED000 atapi.sys
0xB9E1D000 iaStor.sys
0xBA0F8000 disk.sys
0xBA108000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9DFD000 fltMgr.sys
0xB9DEB000 sr.sys
0xBA118000 PxHelp20.sys
0xB9DD4000 KSecDD.sys
0xB9DC1000 WudfPf.sys
0xB9D34000 Ntfs.sys
0xB9D07000 NDIS.sys
0xBA128000 Combo-Fix.sys
0xB9CED000 Mup.sys
0xBA138000 agp440.sys
0xB97CB000 54562378.sys
0xB92A9000 42497254.sys
0xB89BA000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB7062000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
0xB704E000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB89AA000 \SystemRoot\system32\DRIVERS\HECI.sys
0xB7010000 \SystemRoot\system32\DRIVERS\e1y5132.sys
0xBA478000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB6FEC000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA480000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB6FC4000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB6C4C000 \SystemRoot\system32\DRIVERS\NETw5x32.sys
0xAECF4000 \SystemRoot\system32\DRIVERS\sdbus.sys
0xAECE3000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0xAECCF000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0xAEC7D000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0xB4D88000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xBA430000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xAEC45000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xBA5CC000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xBA438000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xABA1F000 \SystemRoot\system32\DRIVERS\tpm.sys
0xAA8F0000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xAA04F000 \SystemRoot\system32\DRIVERS\ibmpmdrv.sys
0xB7687000 \SystemRoot\system32\DRIVERS\imapi.sys
0xA963C000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xA960C000 \SystemRoot\system32\DRIVERS\redbook.sys
0xA8848000 \SystemRoot\system32\DRIVERS\ks.sys
0xA9CAF000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xA9C75000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0xA8757000 \SystemRoot\system32\DRIVERS\btkrnl.sys
0xA9524000 \SystemRoot\system32\DRIVERS\audstub.sys
0xAA7D0000 \SystemRoot\System32\Drivers\RootMdm.sys
0xA9CA7000 \SystemRoot\System32\Drivers\Modem.SYS
0xA9C9F000 \SystemRoot\system32\DRIVERS\rasirda.sys
0xA9C97000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xA912F000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xA9C6D000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xA8740000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xA90FF000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xA90DF000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xA872F000 \SystemRoot\system32\DRIVERS\psched.sys
0xA90BF000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xA9572000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xA956A000 \SystemRoot\system32\DRIVERS\raspti.sys
0xA9562000 \SystemRoot\system32\DRIVERS\covpndrv.sys
0xA955A000 \SystemRoot\system32\DRIVERS\RimSerial.sys
0xA86FF000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xA8B96000 \SystemRoot\system32\DRIVERS\termdd.sys
0xA86E2000 \SystemRoot\system32\DRIVERS\mcdbus.sys
0xA86CA000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0xA9552000 \SystemRoot\system32\DRIVERS\psadd.sys
0xAA7CA000 \SystemRoot\system32\DRIVERS\swenum.sys
0xA866C000 \SystemRoot\system32\DRIVERS\update.sys
0xA941F000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xA84B3000 \SystemRoot\system32\DRIVERS\TM_CFW.sys
0xA95DC000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xA95BC000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x98140000 \SystemRoot\system32\drivers\CHDAU32.sys
0x9811C000 \SystemRoot\system32\drivers\portcls.sys
0xA910F000 \SystemRoot\system32\drivers\drmk.sys
0x980E8000 \SystemRoot\system32\DRIVERS\HSFHWAZL.sys
0x97FF7000 \SystemRoot\system32\DRIVERS\HSF_DPV.sys
0x97F44000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xAA7C4000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xB05DA000 \SystemRoot\System32\Drivers\Null.SYS
0xAA196000 \SystemRoot\System32\Drivers\Beep.SYS
0xA91A9000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xA91A1000 \SystemRoot\System32\drivers\vga.sys
0xAA194000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xAA192000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xA9199000 \SystemRoot\System32\Drivers\Msfs.SYS
0xA9191000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB217B000 \SystemRoot\system32\DRIVERS\rasacd.sys
0x97F11000 \SystemRoot\system32\DRIVERS\ipsec.sys
0x97EB8000 \SystemRoot\system32\DRIVERS\tcpip.sys
0x97E90000 \SystemRoot\system32\DRIVERS\netbt.sys
0x97E6A000 \SystemRoot\system32\DRIVERS\ipnat.sys
0x97E48000 \SystemRoot\System32\drivers\afd.sys
0xAF778000 \SystemRoot\system32\DRIVERS\netbios.sys
0x97E33000 \SystemRoot\system32\DRIVERS\tmtdi.sys
0xAF768000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x97E08000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x97DEF000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xAF758000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xBA318000 \SystemRoot\System32\Drivers\Fips.SYS
0x978CD000 \SystemRoot\system32\DRIVERS\82388117.sys
0xB76A7000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB7697000 \SystemRoot\System32\Drivers\btwusb.sys
0xB7677000 \SystemRoot\system32\drivers\libusb0.sys
0x977FD000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0xBF800000 \SystemRoot\System32\win32k.sys
0xB8355000 \SystemRoot\System32\drivers\Dxapi.sys
0xBA448000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA750000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF024000 \SystemRoot\System32\igxpgd32.dll
0xBF012000 \SystemRoot\System32\igxprd32.dll
0xBF058000 \SystemRoot\System32\igxpdv32.DLL
0xBF297000 \SystemRoot\System32\igxpdx32.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xB55EB000 \??\C:\Program Files\Trend Micro\OfficeScan Client\TmPreFlt.sys
0x97627000 \??\C:\Program Files\Trend Micro\OfficeScan Client\VSApiNt.sys
0x975D6000 \??\C:\Program Files\Trend Micro\OfficeScan Client\TmXPFlt.sys
0x97520000 \SystemRoot\system32\DRIVERS\irda.sys
0x975AE000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB22EF000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x97404000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0x973AD000 \??\C:\WINDOWS\system32\drivers\tmcomm.sys
0xA95FC000 \??\C:\WINDOWS\system32\drivers\tmevtmgr.sys
0x9736C000 \??\C:\WINDOWS\system32\drivers\tmactmon.sys
0x97329000 \SystemRoot\system32\DRIVERS\atksgt.sys
0xBA358000 \SystemRoot\system32\DRIVERS\lirsgt.sys
0x9725A000 \SystemRoot\system32\DRIVERS\srv.sys
0x972C1000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0x96A49000 \SystemRoot\System32\Drivers\HTTP.sys
0x968CC000 \SystemRoot\system32\drivers\wdmaud.sys
0x969D1000 \SystemRoot\system32\drivers\sysaudio.sys
0xBA348000 \??\C:\ComboFix\catchme.sys
0xABBAD000 \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
0x95F12000 \SystemRoot\System32\Drivers\Udfs.SYS
0x94B2C000 \SystemRoot\system32\DRIVERS\serial.sys
0x940AD000 \SystemRoot\system32\DRIVERS\serenum.sys
0x93D68000 \SystemRoot\system32\DRIVERS\parport.sys
0x942A4000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x96166000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xBA468000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x93F46000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x93ED7000 \SystemRoot\system32\DRIVERS\usbscan.sys
0xBA460000 \SystemRoot\system32\DRIVERS\usbprint.sys
0x96062000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x96126000 \SystemRoot\system32\DRIVERS\nic1394.sys
0x9276B000 \SystemRoot\system32\DRIVERS\TrufosAlt.sys
0x96981000 \??\C:\DOCUME~1\user1\LOCALS~1\Temp\aswMBR.sys
0x92740000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 63):
0 System Idle Process
4 System
1392 C:\WINDOWS\system32\smss.exe
1508 csrss.exe
1532 C:\WINDOWS\system32\winlogon.exe
1576 C:\WINDOWS\system32\services.exe
1588 C:\WINDOWS\system32\lsass.exe
1808 C:\WINDOWS\system32\DTS.exe
1820 C:\WINDOWS\system32\ibmpmsvc.exe
1848 C:\WINDOWS\system32\AtService.exe
1876 C:\WINDOWS\system32\svchost.exe
1960 svchost.exe
336 C:\WINDOWS\system32\svchost.exe
384 C:\WINDOWS\system32\svchost.exe
440 svchost.exe
900 svchost.exe
144 C:\WINDOWS\system32\brss01a.exe
1552 C:\WINDOWS\system32\spoolsv.exe
2008 svchost.exe
1260 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1288 C:\Program Files\Bonjour\mDNSResponder.exe
1356 C:\WINDOWS\system32\Brmfrmps.exe
468 C:\Program Files\Quest Software\Toad for Data Analysis Trial 1.0\DB2 Client\BIN\db2mgmtsvc.exe
768 C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
292 C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
472 C:\Program Files\Java\jre6\bin\jqs.exe
560 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
2040 C:\WINDOWS\system32\svchost.exe
816 C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
1096 C:\Program Files\CDBurnerXP\NMSAccessU.exe
1328 C:\Program Files\Trend Micro\OfficeScan Client\NTRtScan.exe
2228 C:\WINDOWS\system32\svchost.exe
2280 C:\Program Files\Common Files\New Boundary\PrismXL\PrismXL.sys
2528 C:\WINDOWS\system32\svchost.exe
2544 C:\Program Files\Teamviewer\Version5\TeamViewer_Service.exe
2612 C:\Program Files\Trend Micro\OfficeScan Client\TmListen.exe
3440 C:\WINDOWS\system32\searchindexer.exe
3840 C:\WINDOWS\system32\fxssvc.exe
2760 C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
2916 alg.exe
3948 C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe
2796 C:\Program Files\Trend Micro\BM\TMBMSRV.exe
180 C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
2644 C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
3292 C:\WINDOWS\system32\svchost.exe
3336 C:\Program Files\Teamviewer\Version5\TeamViewer.exe
3400 C:\WINDOWS\system32\igfxtray.exe
3340 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3660 C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe
3944 C:\Program Files\Google\Google Talk\googletalk.exe
2072 C:\Program Files\iTunes\iTunesHelper.exe
3732 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
5556 C:\Program Files\Windows Desktop Search\WindowsSearch.exe
3380 C:\Documents and Settings\user1\Application Data\Dropbox\bin\Dropbox.exe
6000 C:\Program Files\iPod\bin\iPodService.exe
5148 C:\WINDOWS\explorer.exe
5072 C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
3200 C:\WINDOWS\system32\ctfmon.exe
5724 C:\WINDOWS\Downloaded Program Files\TunnelServer.exe
1756 C:\WINDOWS\system32\wuauclt.exe
4160 C:\WINDOWS\system32\searchprotocolhost.exe
5852 searchfilterhost.exe
2684 C:\Documents and Settings\user1\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: ST9160827AS, Rev: 3.CMG

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!

Edited by Maxihup, 30 November 2011 - 09:37 AM.

  • 0

Advertisements


#62
Maxihup

Maxihup

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
Kapersky Virus scan log

Status: Disinfected (events: 10)
11/29/2011 11:27:05 PM Disinfected Trojan program Trojan.Java.Agent.aw C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\26\4549b0da-22a52704/photo/Zoom.class High
11/29/2011 11:27:04 PM Disinfected Trojan program Trojan.Java.Agent.aw C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\38\30bcf5e6-2b42d7c6/photo/Zoom.class High
11/29/2011 11:27:04 PM Disinfected Trojan program Trojan.Java.Agent.aw C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\34\11346d62-19b1828d/photo/Zoom.class High
11/29/2011 11:27:04 PM Disinfected Trojan program Trojan.Java.Agent.aw C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\34\11346d62-19b1828d High
11/29/2011 11:27:04 PM Disinfected Trojan program Trojan.Java.Agent.aw C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\38\30bcf5e6-2b42d7c6 High
11/29/2011 11:27:05 PM Disinfected Trojan program Trojan.Java.Agent.aw C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\26\4549b0da-22a52704 High
11/29/2011 11:27:06 PM Disinfected Trojan program Exploit.Java.CVE-2011-3544.a C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\4\6e8ad344-3c427080/v1.class High
11/29/2011 11:27:06 PM Disinfected Trojan program Exploit.Java.CVE-2011-3544.a C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\4\6e8ad344-3c427080 High
11/30/2011 7:46:28 AM Disinfected Trojan program Exploit.Java.CVE-2011-3544.a C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\6\5b353ac6-467cf195/v1.class High
11/30/2011 7:46:28 AM Disinfected Trojan program Exploit.Java.CVE-2011-3544.a C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\6\5b353ac6-467cf195 High
Status: Deleted (events: 9)
11/29/2011 11:28:12 PM Deleted Trojan program Trojan.Win32.Jorik.ZAccess.aij C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\39\6edf97a7-69310e61 High
11/30/2011 4:06:53 AM Deleted Trojan program Trojan-Spy.Win32.KeyLogger.rxj C:\Qoobox\Quarantine\C\WINDOWS\svcs.exe.vir High
11/30/2011 4:07:43 AM Deleted Trojan program Trojan.Win32.Jorik.ZAccess.aif C:\Qoobox\Quarantine\C\WINDOWS\system32\0.35658658577462654.exe.vir High
11/30/2011 4:07:42 AM Deleted Trojan program Backdoor.Win32.ZAccess.bcs C:\Qoobox\Quarantine\C\WINDOWS\system32\0.49672985443144646.exe.vir High
11/30/2011 4:07:44 AM Deleted Trojan program Trojan-Spy.Win32.Agent.bvtw C:\Qoobox\Quarantine\C\WINDOWS\system32\6to4ex.dll.vir High
11/30/2011 4:08:37 AM Deleted Trojan program Trojan-Spy.Win32.KeyLogger.rxj C:\System Volume Information\_restore{E721B4B4-42D5-44CC-B54E-65BBAC06C015}\RP3\A0003221.exe High
11/30/2011 4:08:37 AM Deleted Trojan program Trojan.Win32.Jorik.ZAccess.aif C:\System Volume Information\_restore{E721B4B4-42D5-44CC-B54E-65BBAC06C015}\RP3\A0003222.exe High
11/30/2011 4:08:39 AM Deleted Trojan program Backdoor.Win32.ZAccess.bcs C:\System Volume Information\_restore{E721B4B4-42D5-44CC-B54E-65BBAC06C015}\RP3\A0003223.exe High
11/30/2011 4:08:39 AM Deleted Trojan program Trojan-Spy.Win32.Agent.bvtw C:\System Volume Information\_restore{E721B4B4-42D5-44CC-B54E-65BBAC06C015}\RP3\A0003224.dll High
Status: Quarantined (events: 11)
11/30/2011 4:07:42 AM Quarantined virus HEUR:Trojan.Win32.Generic C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\privacy.exe.vir//PE_Patch.MEW High
11/30/2011 4:07:42 AM Quarantined virus HEUR:Trojan.Win32.Generic C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\privacy.exe.vir High
11/30/2011 4:08:16 AM Quarantined virus HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{E721B4B4-42D5-44CC-B54E-65BBAC06C015}\RP2\A0001001.sys High
11/30/2011 4:08:17 AM Quarantined virus HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{E721B4B4-42D5-44CC-B54E-65BBAC06C015}\RP2\A0002001.sys High
11/30/2011 4:08:16 AM Quarantined virus HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{E721B4B4-42D5-44CC-B54E-65BBAC06C015}\RP2\A0002039.sys High
11/30/2011 4:08:20 AM Quarantined virus HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{E721B4B4-42D5-44CC-B54E-65BBAC06C015}\RP2\A0003039.sys High
11/30/2011 4:08:26 AM Quarantined virus HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{E721B4B4-42D5-44CC-B54E-65BBAC06C015}\RP2\A0003048.sys High
11/30/2011 4:08:37 AM Quarantined virus HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{E721B4B4-42D5-44CC-B54E-65BBAC06C015}\RP3\A0003219.exe//PE_Patch.MEW High
11/30/2011 4:08:37 AM Quarantined virus HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{E721B4B4-42D5-44CC-B54E-65BBAC06C015}\RP3\A0003219.exe High
11/30/2011 4:24:53 AM Quarantined virus HEUR:Trojan.Win32.Generic C:\WINDOWS\system32\drivers\mrxsmb.sys High
11/30/2011 8:31:42 AM Quarantined virus HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{E721B4B4-42D5-44CC-B54E-65BBAC06C015}\RP7\A0003480.sys High

Edited by Maxihup, 30 November 2011 - 09:38 AM.

  • 0

#63
Maxihup

Maxihup

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
OTL log

OTL logfile created on: 11/30/2011 8:56:11 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\user1\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.93 Gb Total Physical Memory | 1.09 Gb Available Physical Memory | 56.38% Memory free
3.77 Gb Paging File | 2.89 Gb Available in Paging File | 76.74% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 87.69 Gb Free Space | 58.83% Space Free | Partition Type: NTFS

Computer Name: L1 | User Name: user1 | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/30 08:55:07 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user1\Desktop\OTL.exe
PRC - [2011/11/30 04:07:30 | 000,717,296 | ---- | M] () -- C:\Documents and Settings\user1\Local Settings\temp\RarSFX0\0974751.exe
PRC - [2011/11/30 04:07:25 | 000,457,736 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\user1\Local Settings\temp\4505848\0974751.exe
PRC - [2011/11/29 19:54:08 | 104,118,768 | ---- | M] () -- C:\Documents and Settings\user1\Desktop\setup_11.0.0.1245.x01_2011_11_30_04_06.exe
PRC - [2011/10/12 12:45:24 | 000,458,904 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
PRC - [2011/05/25 14:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\user1\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2010/12/30 04:23:20 | 000,874,832 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe
PRC - [2010/12/21 12:05:52 | 000,548,864 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PrismXL.sys
PRC - [2010/12/16 19:14:52 | 001,597,120 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\TmListen.exe
PRC - [2010/12/16 19:09:54 | 001,509,312 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\NTRtScan.exe
PRC - [2010/10/06 05:56:16 | 002,002,728 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\Teamviewer\Version5\TeamViewer_Service.exe
PRC - [2010/10/06 05:56:12 | 006,265,640 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\Teamviewer\Version5\TeamViewer.exe
PRC - [2010/06/29 11:20:40 | 000,497,080 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe
PRC - [2010/06/15 11:34:30 | 000,345,424 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe
PRC - [2010/04/25 00:36:36 | 000,689,416 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
PRC - [2009/07/17 07:32:00 | 003,576,320 | ---- | M] (Native Instruments GmbH) -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
PRC - [2009/03/19 02:53:02 | 000,098,304 | ---- | M] () -- C:\WINDOWS\system32\DTS.exe
PRC - [2009/03/19 02:48:34 | 001,680,632 | ---- | M] (AuthenTec, Inc.) -- C:\WINDOWS\system32\AtService.exe
PRC - [2008/10/17 08:32:35 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/08/18 16:45:42 | 000,346,720 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
PRC - [2008/06/15 13:34:20 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2007/01/04 17:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2007/01/01 15:22:02 | 003,776,512 | ---- | M] (Google) -- C:\Program Files\Google\Google Talk\googletalk.exe
PRC - [2006/11/06 18:33:56 | 000,035,880 | ---- | M] (International Business Machines Corporation) -- C:\Program Files\Quest Software\Toad for Data Analysis Trial 1.0\DB2 Client\BIN\db2mgmtsvc.exe
PRC - [2006/05/23 19:08:06 | 000,622,700 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2006/05/18 14:24:06 | 000,196,696 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
PRC - [2003/05/05 20:30:22 | 000,065,536 | ---- | M] (Brother Industries, Ltd.) -- C:\WINDOWS\system32\Brmfrmps.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/29 19:54:08 | 104,118,768 | ---- | M] () -- C:\Documents and Settings\user1\Desktop\setup_11.0.0.1245.x01_2011_11_30_04_06.exe
MOD - [2009/03/19 02:53:02 | 000,098,304 | ---- | M] () -- C:\WINDOWS\system32\DTS.exe
MOD - [2009/03/19 02:51:48 | 000,634,880 | ---- | M] () -- C:\Program Files\Lenovo Fingerprint Software\SharedResources.dll
MOD - [2008/06/15 13:34:20 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
MOD - [2008/04/14 03:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 03:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2005/04/22 08:45:06 | 000,007,680 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 922\dlbtmcro.dll
MOD - [2005/04/22 08:43:32 | 000,065,536 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 922\JetScan.dll
MOD - [2005/04/22 08:42:36 | 000,065,536 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 922\JetImage.dll
MOD - [2005/04/22 08:42:18 | 000,028,672 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 922\JetPDF.dll
MOD - [2005/04/22 08:42:00 | 000,036,864 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 922\JetFunc.dll
MOD - [2005/04/15 01:18:34 | 000,090,112 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\DLBTPRPR.DLL
MOD - [2005/04/15 00:55:56 | 000,561,152 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\DLBTPRP.DLL
MOD - [2005/04/15 00:42:34 | 000,397,312 | ---- | M] () -- C:\WINDOWS\system32\dlbtutil.dll
MOD - [2005/02/28 15:58:44 | 000,287,232 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\DLBTSTRN.DLL
MOD - [2005/02/28 15:57:44 | 000,004,096 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\DLBTPCFG.DLL
MOD - [2005/02/28 15:57:40 | 000,075,264 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\DLBTPP5C.DLL
MOD - [2005/02/28 15:57:10 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\DLBTUI5C.DLL
MOD - [2004/03/10 10:36:24 | 000,061,440 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 922\ConvDIB.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (SessionLauncher)
SRV - File not found [Disabled | Stopped] -- -- (r_server)
SRV - [2010/12/21 12:05:52 | 000,548,864 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PrismXL.sys -- (PrismXL)
SRV - [2010/12/16 19:14:52 | 001,597,120 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe -- (tmlisten)
SRV - [2010/12/16 19:09:54 | 001,509,312 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe -- (ntrtscan)
SRV - [2010/10/06 05:56:16 | 002,002,728 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\Teamviewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2010/06/29 11:20:40 | 000,497,080 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe -- (TmPfw)
SRV - [2010/06/15 11:34:30 | 000,345,424 | ---- | M] () [On_Demand | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\..\BM\TMBMSRV.exe -- (TMBMServer)
SRV - [2010/04/25 00:36:36 | 000,689,416 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe -- (TmProxy)
SRV - [2009/07/17 07:32:00 | 003,576,320 | ---- | M] (Native Instruments GmbH) [Auto | Running] -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService)
SRV - [2009/05/07 12:52:30 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/03/19 02:55:36 | 000,118,784 | ---- | M] (AuthenTec,Inc) [On_Demand | Stopped] -- C:\WINDOWS\system32\FpLogonServ.exe -- (FingerprintServer)
SRV - [2009/03/19 02:53:02 | 000,098,304 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\DTS.exe -- (dtsvc)
SRV - [2009/03/19 02:52:56 | 000,106,496 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\ADMonitor.exe -- (ADMonitor)
SRV - [2009/03/19 02:48:34 | 001,680,632 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\WINDOWS\system32\AtService.exe -- (ATService)
SRV - [2008/08/18 16:45:42 | 000,346,720 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2008/06/15 13:34:20 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2008/04/25 06:15:24 | 001,120,752 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2008/04/14 03:42:10 | 000,185,856 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\upnphost.dll -- (upnphost)
SRV - [2007/01/04 17:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/11/06 18:35:10 | 000,014,376 | ---- | M] (International Business Machines Corporation) [On_Demand | Stopped] -- C:\Program Files\Quest Software\Toad for Data Analysis Trial 1.0\DB2 Client\BIN\db2sec.exe -- (DB2NTSECSERVER_TAEVAL10) DB2 Security Server (TAEVAL10)
SRV - [2006/11/06 18:33:56 | 000,035,880 | ---- | M] (International Business Machines Corporation) [Auto | Running] -- C:\Program Files\Quest Software\Toad for Data Analysis Trial 1.0\DB2 Client\BIN\db2mgmtsvc.exe -- (DB2MGMTSVC_TAEVAL10) DB2 Management Service (TAEVAL10)
SRV - [2006/05/23 19:08:06 | 000,622,700 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2005/03/03 18:11:32 | 000,466,944 | ---- | M] (Dell) [On_Demand | Stopped] -- C:\WINDOWS\System32\dlbtcoms.exe -- (dlbt_device)
SRV - [2003/05/05 20:30:22 | 000,065,536 | ---- | M] (Brother Industries, Ltd.) [Auto | Running] -- C:\WINDOWS\System32\Brmfrmps.exe -- (brmfrmps)


========== Driver Services (SafeList) ==========

DRV - [2011/11/30 08:31:42 | 000,003,418 | -HS- | M] () [File_System | Unknown | Running] -- C:\WINDOWS\0974751drv.spi -- (0974751drv)
DRV - [2011/11/30 04:06:03 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\95894635.sys -- (95894635)
DRV - [2011/11/16 20:24:57 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/11/16 17:58:15 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\82388117.sys -- (82388117)
DRV - [2011/11/16 17:58:15 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\54562378.sys -- (54562378)
DRV - [2011/11/16 17:58:15 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\42497254.sys -- (42497254)
DRV - [2011/07/12 11:44:10 | 000,262,416 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\tmxpflt.sys -- (TmFilter)
DRV - [2011/07/12 11:43:58 | 000,036,624 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\tmpreflt.sys -- (TmPreFilter)
DRV - [2011/07/12 11:09:32 | 001,405,720 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\VsapiNT.sys -- (VSApiNt)
DRV - [2010/12/14 10:34:14 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2010/12/14 10:34:14 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010/12/07 14:54:52 | 000,177,232 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2010/12/07 14:54:52 | 000,067,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2010/12/07 14:54:52 | 000,057,424 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2010/11/08 20:05:38 | 000,090,448 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2010/07/21 15:47:00 | 000,341,584 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TM_CFW.sys -- (tmcfw)
DRV - [2010/07/18 20:58:34 | 000,822,400 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAU32.sys -- (CnxtHdAudService)
DRV - [2009/07/07 18:53:02 | 000,028,160 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\libusb0.sys -- (libusb0)
DRV - [2009/03/19 19:09:40 | 000,482,176 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/09/25 05:22:02 | 003,634,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel®
DRV - [2008/09/24 22:49:52 | 000,031,680 | R--- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2008/09/19 21:29:54 | 000,243,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1y5132.sys -- (e1yexpress) Intel®
DRV - [2008/08/19 19:15:06 | 000,991,656 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2008/08/19 19:15:04 | 000,047,272 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2008/04/09 17:16:48 | 000,985,472 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2008/04/09 17:16:48 | 000,731,264 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2008/04/09 17:16:48 | 000,210,560 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2008/03/26 12:21:06 | 000,013,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tpm.sys -- (tpm)
DRV - [2008/03/26 12:12:56 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2008/02/15 16:01:00 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008/01/03 12:32:52 | 002,782,208 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007/07/30 09:54:00 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/30 08:42:00 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..keyword.URL: "http://www.google.co...ient&gfns=1&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll ()
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\user1\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\user1\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\user1\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/28 21:29:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/14 08:37:09 | 000,000,000 | ---D | M]

[2009/06/01 16:23:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user1\Application Data\Mozilla\Extensions
[2011/11/28 21:29:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user1\Application Data\Mozilla\Firefox\Profiles\slul1wop.default\extensions
[2011/11/04 20:58:57 | 000,002,572 | ---- | M] () -- C:\Documents and Settings\user1\Application Data\Mozilla\Firefox\Profiles\slul1wop.default\searchplugins\askcom.xml
[2011/11/28 21:29:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\user1\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\SLUL1WOP.DEFAULT\EXTENSIONS\{C0C9A2C7-2E5C-4447-BC53-97718BC91E1B}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\user1\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\SLUL1WOP.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\DOCUMENTS AND SETTINGS\user1\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\SLUL1WOP.DEFAULT\EXTENSIONS\[email protected]_EASIESTYOUTUBE.XPI
[2011/11/28 21:29:26 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/08/01 09:03:51 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2007/03/09 17:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\mozilla firefox\plugins\npyaxmpb.dll
[2011/10/17 21:08:11 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/28 21:29:26 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/11/29 14:28:29 | 000,000,185 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [DiskeeperSystray] C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime Alternative\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4 - HKCU..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED File not found
O4 - Startup: C:\Documents and Settings\user1\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\user1\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} http://kitchenplanne..._IKEA_Win32.cab (20-20 3D Viewer for IKEA)
O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} http://kitchenplanne...yerAX_Win32.cab (20-20 3D Viewer)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} https://www-307.ibm....ntent/AcpIR.cab (IASRunner Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)s)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail....ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3F3C86E6-3882-4A93-817A-AD433459CA3C}: DhcpNameServer = 68.87.72.134 68.87.77.134
O18 - Protocol\Handler\qrev {9DE24BAC-FC3C-42c4-9FC4-76B3FAFDBD90} - C:\Program Files\Quest Software\Toad for Oracle\RNetPin.dll ()
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ATFUS: DllName - (C:\WINDOWS\system32\FpWinLogonNp.dll) - C:\WINDOWS\system32\FpWinlogonNp.dll (AuthenTec,Inc)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/10/17 21:01:45 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/11/30 08:55:02 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\user1\Desktop\OTL.exe
[2011/11/29 23:02:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/11/29 23:02:20 | 000,133,208 | ---- | C] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\95894635.sys
[2011/11/29 16:07:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\My Documents\Production Reports
[2011/11/28 16:12:30 | 000,309,320 | ---- | C] (BitDefender S.R.L.) -- C:\WINDOWS\System32\drivers\TrufosAlt.sys
[2011/11/28 16:08:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Desktop\tdsskiller
[2011/11/28 16:08:04 | 006,525,112 | ---- | C] (BitDefender LLC) -- C:\Documents and Settings\user1\Desktop\BDRemovalTool_TDSS-Clones_x32.exe
[2011/11/26 17:06:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/11/26 17:06:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/11/26 16:19:08 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/11/26 16:19:07 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/11/26 16:19:07 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/11/26 16:19:07 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/11/26 16:17:21 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/26 16:16:58 | 004,309,325 | R--- | C] (Swearware) -- C:\Documents and Settings\user1\Desktop\ComboFix.exe
[2011/11/25 10:01:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\DoctorWeb
[2011/11/23 09:06:43 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/11/22 13:08:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Desktop\EmailForwarder
[2011/11/21 08:36:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2011/11/21 08:32:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Application Data\Itsth
[2011/11/21 08:31:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Easy2Sync for Outlook
[2011/11/21 08:31:54 | 000,000,000 | ---D | C] -- C:\Program Files\Easy2Sync for Outlook
[2011/11/21 08:26:31 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Installer Clean Up
[2011/11/21 02:28:20 | 006,168,064 | ---- | C] (i-Funbox.com) -- C:\Documents and Settings\user1\Desktop\iFunBox.exe
[2011/11/18 08:05:41 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\user1\Desktop\aswMBR.exe
[2011/11/17 08:24:24 | 000,133,208 | ---- | C] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\54562378.sys
[2011/11/16 20:24:57 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/11/16 19:23:31 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\user1\Recent
[2011/11/16 17:06:51 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\user1\IECompatCache
[2011/11/16 16:54:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\My Documents\New Folder
[2011/11/16 09:14:01 | 000,133,208 | ---- | C] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\82388117.sys
[2011/11/16 08:42:12 | 000,133,208 | ---- | C] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\42497254.sys
[2011/11/15 10:42:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/11/14 15:26:46 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/11/10 14:54:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/11/10 14:18:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
[2011/11/10 14:18:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Apple Computer
[2011/11/10 14:04:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/11/10 13:16:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/11/10 13:15:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/11/08 21:30:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Application Data\Skype
[2011/11/08 21:29:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2011/11/08 21:29:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2011/11/08 21:29:50 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2011/11/08 21:13:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2011/11/08 09:21:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Games
[2011/11/04 19:57:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\TruePianos Settings
[2011/11/04 19:56:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\My Documents\Native Instruments
[2011/11/04 19:55:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Application Data\Cakewalk
[2011/11/04 19:53:52 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{D69A48BF-7653-4AA8-94BC-5847522A4573}
[2011/11/04 19:51:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Digidesign
[2011/11/04 19:51:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Native Instruments
[2011/11/04 19:51:03 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{0CC51CB2-911C-40BB-BC1B-BD3CAC590222}
[2011/11/04 19:50:29 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{D7CFB71A-972A-44FF-AE44-8780EB53ABB2}
[2011/11/04 19:50:24 | 000,000,000 | ---D | C] -- C:\Program Files\Native Instruments
[2011/11/04 19:50:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Native Instruments
[2011/11/04 19:50:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Native Instruments
[2011/11/04 19:31:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Identities
[2011/11/04 19:04:42 | 000,000,000 | ---D | C] -- C:\Program Files\Cakewalk
[2011/11/04 19:04:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Cakewalk
[2011/11/04 16:59:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Application Data\ImgBurn
[2011/11/04 16:50:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ImgBurn
[2011/11/04 16:50:03 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn
[2011/11/02 21:18:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Application Data\Voxatron

========== Files - Modified Within 30 Days ==========

[2011/11/30 09:04:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/11/30 08:55:07 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user1\Desktop\OTL.exe
[2011/11/30 08:40:11 | 000,000,990 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4027829005-1107895287-290554039-19765UA.job
[2011/11/30 08:33:11 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/30 08:31:42 | 000,003,418 | -HS- | M] () -- C:\WINDOWS\0974751drv.spi
[2011/11/30 07:20:10 | 002,810,880 | ---- | M] () -- C:\Documents and Settings\user1\Desktop\transfer.pst
[2011/11/30 04:06:03 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\95894635.sys
[2011/11/30 00:33:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/29 19:54:08 | 104,118,768 | ---- | M] () -- C:\Documents and Settings\user1\Desktop\setup_11.0.0.1245.x01_2011_11_30_04_06.exe
[2011/11/29 14:30:44 | 000,009,446 | ---- | M] () -- C:\WINDOWS\cfgall.ini
[2011/11/29 14:28:29 | 000,000,185 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/11/29 10:40:00 | 000,000,938 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4027829005-1107895287-290554039-19765Core.job
[2011/11/29 08:16:20 | 000,000,704 | ---- | M] () -- C:\Documents and Settings\user1\Desktop\Email Forwarder.lnk
[2011/11/29 08:13:12 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/29 08:12:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/28 16:54:38 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\user1\Desktop\MBR.dat
[2011/11/28 16:12:32 | 000,309,320 | ---- | M] (BitDefender S.R.L.) -- C:\WINDOWS\System32\drivers\TrufosAlt.sys
[2011/11/28 16:08:26 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\user1\Desktop\aswMBR.exe
[2011/11/28 16:08:25 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\user1\Desktop\MBRCheck.exe
[2011/11/28 16:08:18 | 006,525,112 | ---- | M] (BitDefender LLC) -- C:\Documents and Settings\user1\Desktop\BDRemovalTool_TDSS-Clones_x32.exe
[2011/11/28 16:07:49 | 001,547,774 | ---- | M] () -- C:\Documents and Settings\user1\Desktop\tdsskiller.zip
[2011/11/28 15:21:33 | 000,002,337 | ---- | M] () -- C:\Documents and Settings\user1\Application Data\Microsoft\Internet Explorer\Quick Launch\Excel 2007.lnk
[2011/11/26 16:18:03 | 004,309,325 | R--- | M] (Swearware) -- C:\Documents and Settings\user1\Desktop\ComboFix.exe
[2011/11/26 16:14:10 | 000,001,984 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/11/25 16:02:20 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\qvuiy5IX.exe.b
[2011/11/25 16:01:56 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\C71mN8.dat
[2011/11/25 09:53:53 | 082,305,216 | ---- | M] () -- C:\Documents and Settings\user1\Desktop\drweb-cureit.exe
[2011/11/25 09:43:19 | 002,044,928 | ---- | M] () -- C:\Documents and Settings\user1\My Documents\qkmz.exe
[2011/11/23 12:17:04 | 000,102,400 | ---- | M] () -- C:\WINDOWS\RegBootClean.exe
[2011/11/23 09:20:02 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/11/21 15:39:30 | 000,002,500 | ---- | M] () -- C:\Documents and Settings\user1\My Documents\9780840067739.csv
[2011/11/21 14:33:13 | 000,337,568 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/11/21 10:20:43 | 000,467,832 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/21 10:20:43 | 000,087,716 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/21 09:13:30 | 000,271,360 | ---- | M] () -- C:\Documents and Settings\user1\My Documents\Bridge.pst
[2011/11/18 13:16:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/11/16 20:24:57 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/11/16 17:58:15 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\82388117.sys
[2011/11/16 17:58:15 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\54562378.sys
[2011/11/16 17:58:15 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\42497254.sys
[2011/11/15 12:21:23 | 000,000,064 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2011/11/12 20:59:30 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\user1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/09 10:41:49 | 000,002,347 | ---- | M] () -- C:\Documents and Settings\user1\Application Data\Microsoft\Internet Explorer\Quick Launch\Word 2007.lnk
[2011/11/08 13:32:26 | 000,000,155 | ---- | M] () -- C:\WINDOWS\winamp.ini
[2011/11/08 09:25:41 | 000,000,027 | ---- | M] () -- C:\WINDOWS\ic.ini
[2011/11/07 09:42:30 | 000,068,928 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/11/04 20:22:07 | 000,652,822 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/11/04 16:50:10 | 000,001,555 | ---- | M] () -- C:\Documents and Settings\user1\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk

========== Files Created - No Company Name ==========

[2011/11/29 23:28:09 | 000,003,418 | -HS- | C] () -- C:\WINDOWS\0974751drv.spi
[2011/11/29 19:53:51 | 104,118,768 | ---- | C] () -- C:\Documents and Settings\user1\Desktop\setup_11.0.0.1245.x01_2011_11_30_04_06.exe
[2011/11/28 16:54:38 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\user1\Desktop\MBR.dat
[2011/11/28 16:08:25 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\user1\Desktop\MBRCheck.exe
[2011/11/28 16:07:43 | 001,547,774 | ---- | C] () -- C:\Documents and Settings\user1\Desktop\tdsskiller.zip
[2011/11/26 16:19:08 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/11/26 16:19:07 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/11/26 16:19:07 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/11/26 16:19:07 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/11/26 16:19:07 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/11/25 16:02:20 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\qvuiy5IX.exe.b
[2011/11/25 15:59:33 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\C71mN8.dat
[2011/11/25 09:53:44 | 082,305,216 | ---- | C] () -- C:\Documents and Settings\user1\Desktop\drweb-cureit.exe
[2011/11/25 09:43:07 | 002,044,928 | ---- | C] () -- C:\Documents and Settings\user1\My Documents\qkmz.exe
[2011/11/22 13:08:20 | 000,000,704 | ---- | C] () -- C:\Documents and Settings\user1\Desktop\Email Forwarder.lnk
[2011/11/22 13:08:01 | 003,470,274 | ---- | C] () -- C:\Documents and Settings\user1\Desktop\EmailForwarder.zip
[2011/11/21 15:39:29 | 000,002,500 | ---- | C] () -- C:\Documents and Settings\user1\My Documents\9780840067739.csv
[2011/11/21 12:51:58 | 000,053,714 | ---- | C] () -- C:\Documents and Settings\user1\My Documents\gotmail08.wav
[2011/11/21 12:51:58 | 000,009,946 | ---- | C] () -- C:\Documents and Settings\user1\My Documents\gotmail00.wav
[2011/11/21 09:46:34 | 002,810,880 | ---- | C] () -- C:\Documents and Settings\user1\Desktop\transfer.pst
[2011/11/21 09:13:30 | 000,271,360 | ---- | C] () -- C:\Documents and Settings\user1\My Documents\Bridge.pst
[2011/11/21 08:26:32 | 000,002,333 | ---- | C] () -- C:\Documents and Settings\user1\Start Menu\Programs\Windows Install Clean Up.lnk
[2011/11/14 15:27:02 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/11/14 15:26:50 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/11/08 09:25:41 | 000,000,027 | ---- | C] () -- C:\WINDOWS\ic.ini
[2011/11/04 16:50:10 | 000,001,555 | ---- | C] () -- C:\Documents and Settings\user1\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2011/10/25 08:16:15 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2011/09/20 11:19:02 | 000,102,400 | ---- | C] () -- C:\WINDOWS\RegBootClean.exe
[2011/08/12 11:20:14 | 000,015,896 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2011/04/24 13:26:40 | 000,238,936 | ---- | C] () -- C:\WINDOWS\System32\xactengine3_5.dll
[2011/03/25 10:24:44 | 000,186,616 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/02/22 20:45:27 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\user1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/30 13:55:52 | 000,314,070 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2010/12/14 10:34:14 | 000,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2010/12/14 10:34:14 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2010/12/01 13:21:43 | 000,010,579 | ---- | C] () -- C:\WINDOWS\cfgwtp.ini
[2010/07/16 14:30:12 | 000,000,205 | ---- | C] () -- C:\WINDOWS\Hop.ini
[2010/07/14 11:49:55 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\user1\Application Data\winscp.rnd
[2010/07/09 13:55:03 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2010/06/15 13:52:41 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010/05/18 12:44:31 | 000,000,067 | ---- | C] () -- C:\WINDOWS\ERK.INI
[2010/03/29 08:12:32 | 000,003,530 | ---- | C] () -- C:\Documents and Settings\user1\Local Settings\Application Data\springsettings.cfg
[2010/01/22 14:19:21 | 000,000,571 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2010/01/22 14:15:32 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlbtinsb.dll
[2010/01/22 14:15:32 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\dlbtcub.dll
[2010/01/22 14:15:31 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\dlbtins.dll
[2010/01/22 14:15:31 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\dlbtinsr.dll
[2010/01/22 14:15:31 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbtvs.dll
[2010/01/22 14:15:29 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\dlbtcu.dll
[2010/01/22 14:15:29 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\dlbtcur.dll
[2010/01/22 14:15:28 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlbtcoin.dll
[2010/01/22 14:15:28 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\dlbtsnls.dll
[2010/01/22 14:15:27 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\dlbtjswr.dll
[2010/01/22 14:15:22 | 000,397,312 | ---- | C] () -- C:\WINDOWS\System32\dlbtutil.dll
[2009/12/31 15:07:02 | 000,000,051 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2009/12/31 15:07:02 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_2460.ini
[2009/12/10 18:47:59 | 000,068,928 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/06/27 13:50:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2009/06/27 13:47:28 | 000,000,236 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2009/06/27 13:47:28 | 000,000,092 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2009/06/27 13:47:28 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRIDF04A.dat
[2009/06/27 13:47:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2009/06/27 00:06:22 | 000,000,463 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009/06/27 00:06:22 | 000,000,079 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2009/06/27 00:06:22 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2009/06/24 10:03:55 | 000,000,073 | ---- | C] () -- C:\WINDOWS\EurekaLog.ini
[2009/06/01 16:23:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/05/28 11:21:58 | 000,378,880 | ---- | C] () -- C:\WINDOWS\System32\KXauth.dll
[2009/05/15 17:17:40 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\pxhpinst.exe
[2009/05/15 17:17:19 | 000,000,155 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2009/05/07 13:16:20 | 000,009,446 | ---- | C] () -- C:\WINDOWS\cfgall.ini
[2009/05/07 01:46:42 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2009/05/07 01:46:42 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2009/05/07 01:46:42 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2009/05/07 01:46:42 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2009/05/07 01:46:42 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2009/05/07 01:46:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2009/04/23 06:56:40 | 002,026,604 | ---- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2009/04/23 06:56:40 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4990.dll
[2009/04/23 06:56:38 | 000,442,964 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2009/03/19 02:53:02 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\DTS.exe
[2009/03/19 02:52:56 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\ADMonitor.exe
[2009/01/05 07:27:08 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2009/01/05 07:27:08 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2009/01/05 07:27:08 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2009/01/05 07:27:07 | 000,158,080 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2009/01/05 07:25:24 | 000,000,064 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2008/12/30 06:45:13 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/12/30 06:45:12 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/12/30 06:45:12 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/12/30 06:45:12 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/12/30 06:45:10 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/10/20 07:27:51 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/10/17 21:03:46 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/10/17 20:59:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/10/17 16:55:48 | 000,004,392 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/10/17 16:54:36 | 000,337,568 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/10/17 09:36:53 | 000,060,928 | ---- | C] () -- C:\WINDOWS\unleap.exe
[2008/10/17 09:29:31 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/10/17 09:25:30 | 000,001,984 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/10/17 09:22:46 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\cwbrw.dll
[2008/10/17 09:22:46 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\cwbsv.dll
[2008/10/17 09:22:46 | 000,020,533 | ---- | C] () -- C:\WINDOWS\System32\cwbunplp.exe
[2008/10/17 09:22:46 | 000,020,528 | ---- | C] () -- C:\WINDOWS\System32\cwbwiz.dll
[2008/10/17 09:22:46 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\cwbsy.dll
[2008/10/17 09:22:46 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\cwbnl.dll
[2008/10/17 09:22:46 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\cwbnldlg.dll
[2008/10/17 09:22:46 | 000,000,251 | ---- | C] () -- C:\WINDOWS\System32\drivers\hlldrvr.sys
[2008/10/17 09:22:45 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\cwbco.dll
[2008/10/17 09:22:45 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\cwbad.dll
[2008/10/17 08:32:36 | 000,199,680 | ---- | C] () -- C:\WINDOWS\System32\gptext.dll
[2008/10/17 08:31:04 | 000,394,240 | ---- | C] () -- C:\WINDOWS\System32\HMTCD.dll
[2008/10/17 08:31:03 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\cabarc.exe
[2008/10/07 08:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 08:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/08/18 16:44:34 | 002,854,912 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2008/05/26 20:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 20:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/04/14 03:55:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 03:42:10 | 000,185,856 | ---- | C] () -- C:\WINDOWS\System32\upnphost.dll
[2007/09/27 09:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 09:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 09:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/12/31 05:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2001/11/14 11:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2001/08/23 06:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 06:00:00 | 000,467,832 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 06:00:00 | 000,087,716 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 06:00:00 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\CopyToSendTo.dll
[2001/08/23 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 06:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2010/10/13 14:07:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
[2011/11/15 12:25:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cakewalk
[2009/12/31 15:03:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2009/12/10 15:13:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DS Development
[2011/11/04 19:51:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Native Instruments
[2011/04/10 21:10:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2010/05/17 15:52:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCB Artist
[2009/05/28 11:23:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Quest Software
[2011/10/21 19:42:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2011/09/08 17:42:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TmForever
[2009/05/07 01:51:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2011/11/04 19:51:05 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{0CC51CB2-911C-40BB-BC1B-BD3CAC590222}
[2011/09/19 15:02:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/10/23 14:40:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2011/11/04 19:53:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{D69A48BF-7653-4AA8-94BC-5847522A4573}
[2011/11/04 19:50:32 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{D7CFB71A-972A-44FF-AE44-8780EB53ABB2}
[2010/09/21 11:58:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\.minecraft
[2009/12/07 22:05:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\Amazon
[2011/11/04 19:56:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\Cakewalk
[2008/10/17 09:51:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\Canneverbe_Limited
[2011/04/10 19:17:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\DriverCure
[2011/11/29 15:00:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\Dropbox
[2009/12/10 15:13:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\DS Development
[2011/11/29 08:16:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\emf
[2011/11/04 17:18:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\ImgBurn
[2011/04/04 09:04:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\Immunet
[2009/06/01 21:18:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\InterVideo
[2011/11/21 08:32:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\Itsth
[2010/12/29 10:50:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\Jeskola
[2009/12/10 14:25:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\MAPILab Ltd
[2011/11/15 12:30:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\OnLive App
[2011/04/10 19:17:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\ParetoLogic
[2011/09/23 10:44:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\redsn0w
[2009/05/18 13:25:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\Software
[2010/03/29 08:12:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\springsettings
[2010/07/14 11:54:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\SSH
[2010/12/14 10:38:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\Ubisoft
[2011/11/28 10:50:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\uTorrent
[2011/11/02 21:18:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\Voxatron
[2011/04/24 13:51:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\wargaming.net
[2010/04/05 12:57:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\WarZone
[2011/09/30 10:35:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\webex
[2010/08/23 12:38:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\Windows Desktop Search
[2010/08/23 13:02:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\Windows Search
[2011/03/15 13:58:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\Wizards of the Coast
[2011/03/25 10:25:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\Xtranormal

========== Purity Check ==========



========== Custom Scans ==========



< MD5 for: EXPLORER.EXE >
[2008/10/17 08:32:35 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=2BB75B7F548D82A099125D0C5971DE7D -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/10/17 08:32:35 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=2BB75B7F548D82A099125D0C5971DE7D -- C:\WINDOWS\explorer.exe
[2008/10/17 08:32:35 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=2BB75B7F548D82A099125D0C5971DE7D -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: MRXSMB.SYS >
[2008/10/17 08:38:56 | 017,775,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:mrxsmb.sys
[2009/12/04 11:25:56 | 000,456,832 | ---- | M] (Microsoft Corporation) MD5=602549D1E8A622E5746991F6C56B21CA -- C:\WINDOWS\$NtUninstallKB980232$\mrxsmb.sys
[2008/10/24 05:41:11 | 000,455,936 | ---- | M] (Microsoft Corporation) MD5=7170AB42B51954DEF2781A4D1CCE65F4 -- C:\WINDOWS\$NtUninstallKB978251$\mrxsmb.sys
[2010/02/24 05:57:57 | 000,457,216 | ---- | M] (Microsoft Corporation) MD5=D09B9F0B9960DD41E73127B7814C115F -- C:\WINDOWS\Driver Cache\i386\mrxsmb.sys
[2010/02/24 05:57:57 | 000,457,216 | ---- | M] (Microsoft Corporation) MD5=D09B9F0B9960DD41E73127B7814C115F -- C:\WINDOWS\system32\dllcache\mrxsmb.sys
[2010/02/24 05:57:57 | 000,457,216 | ---- | M] (Microsoft Corporation) MD5=D09B9F0B9960DD41E73127B7814C115F -- C:\WINDOWS\system32\drivers\mrxsmb.sys

< MD5 for: SVCHOST.EXE >
[2008/04/14 03:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/14 03:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008/04/14 03:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/04/14 03:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/14 03:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/14 03:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2008/04/14 03:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/14 03:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/14 03:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< End of report >
  • 0

#64
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
How is your system now? Problems.

Can you download new version of Combofix and run it as you did last time. Post log after the scan.
  • 0

#65
Maxihup

Maxihup

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
Seems to be running ok, but have not rebooted yet.

Running combofix now.
  • 0

#66
Maxihup

Maxihup

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
ComboFix log


ComboFix 11-11-30.01 - user1 11/30/2011 11:21:51.7.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1976.880 [GMT -6:00]
Running from: c:\documents and settings\user1\Desktop\ComboFix.exe
AV: Trend Micro OfficeScan Antivirus *Enabled/Updated* {4CA5B9AB-4295-4D4C-9664-0EBE85AE0525}
FW: Trend Micro Personal Firewall *Enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\upnphost.dll . . . is infected!!
.
.
((((((((((((((((((((((((( Files Created from 2011-10-28 to 2011-11-30 )))))))))))))))))))))))))))))))
.
.
2067-05-27 20:16 . 2011-11-08 15:56 1249280 ----a-w- c:\program files\Microsoft Games\Impossible Creatures\InsectMod.dll
2067-05-22 03:35 . 2003-06-05 22:40 106496 ----a-w- c:\program files\Microsoft Games\Impossible Creatures\Filesystem.dll
2011-11-30 05:02 . 2011-11-30 05:02 -------- d-----w- c:\windows\LastGood
2011-11-30 05:02 . 2011-11-30 10:06 133208 ----a-w- c:\windows\system32\drivers\95894635.sys
2011-11-28 22:12 . 2011-11-28 22:12 309320 ----a-w- c:\windows\system32\drivers\TrufosAlt.sys
2011-11-26 12:22 . 2011-11-26 12:23 -------- d-----w- c:\windows\system32\config\systemprofile\Tracing
2011-11-25 22:30 . 2011-11-25 22:30 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2011-11-25 16:01 . 2011-11-25 17:36 -------- d-----w- c:\documents and settings\user1\DoctorWeb
2011-11-23 15:06 . 2011-11-23 15:06 -------- d-----w- C:\_OTL
2011-11-22 19:08 . 2004-03-09 22:45 224016 ----a-w- c:\windows\system32\TABCTL32.OCX
2011-11-21 14:34 . 2011-11-21 14:34 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2011-11-21 14:32 . 2011-11-21 14:32 -------- d-----w- c:\documents and settings\user1\Application Data\Itsth
2011-11-21 14:31 . 2011-11-21 14:31 -------- d-----w- c:\program files\Easy2Sync for Outlook
2011-11-21 14:26 . 2011-11-21 14:26 3584 ----a-r- c:\documents and settings\user1\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2011-11-21 14:26 . 2011-11-21 14:26 -------- d-----w- c:\program files\Windows Installer Clean Up
2011-11-17 14:24 . 2011-11-16 23:58 133208 ----a-w- c:\windows\system32\drivers\54562378.sys
2011-11-17 02:24 . 2011-11-17 02:24 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-11-16 23:06 . 2011-11-16 23:06 -------- d-sh--w- c:\documents and settings\user1\IECompatCache
2011-11-16 15:14 . 2011-11-16 23:58 133208 ----a-w- c:\windows\system32\drivers\82388117.sys
2011-11-16 14:42 . 2011-11-16 23:58 133208 ----a-w- c:\windows\system32\drivers\42497254.sys
2011-11-14 21:38 . 2010-02-24 11:57 457216 -c--a-w- c:\windows\system32\dllcache\mrxsmb.sys
2011-11-14 21:38 . 2010-02-24 11:57 457216 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-11-10 20:18 . 2011-11-10 20:18 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2011-11-10 20:18 . 2011-11-10 20:26 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer
2011-11-10 20:04 . 2011-11-10 20:04 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-11-09 03:30 . 2011-11-25 15:41 -------- d-----w- c:\documents and settings\user1\Application Data\Skype
2011-11-09 03:29 . 2011-11-09 03:29 -------- d-----w- c:\program files\Common Files\Skype
2011-11-09 03:29 . 2011-11-09 03:29 -------- d-----r- c:\program files\Skype
2011-11-09 03:13 . 2011-11-09 03:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2011-11-08 15:56 . 2011-11-08 15:56 442368 ----a-w- c:\program files\Microsoft Games\Impossible Creatures\Locale\German\Insect\ModText.dll
2011-11-08 15:56 . 2011-11-08 15:56 442368 ----a-w- c:\program files\Microsoft Games\Impossible Creatures\Locale\French\Insect\ModText.dll
2011-11-08 15:56 . 2011-11-08 15:56 389120 ----a-w- c:\program files\Microsoft Games\Impossible Creatures\Locale\english\Insect\ModText.dll
2011-11-05 02:21 . 2010-07-07 01:36 301696 ----a-w- c:\windows\system32\UCI32A59.dll
2011-11-05 01:57 . 2011-11-05 01:57 -------- d-----w- c:\documents and settings\user1\TruePianos Settings
2011-11-05 01:55 . 2011-11-05 01:56 -------- d-----w- c:\documents and settings\user1\Application Data\Cakewalk
2011-11-05 01:53 . 2011-11-05 01:53 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{D69A48BF-7653-4AA8-94BC-5847522A4573}
2011-11-05 01:51 . 2011-11-05 01:51 -------- d-----w- c:\program files\Common Files\Digidesign
2011-11-05 01:51 . 2011-11-05 01:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Native Instruments
2011-11-05 01:51 . 2011-11-05 01:51 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{0CC51CB2-911C-40BB-BC1B-BD3CAC590222}
2011-11-05 01:50 . 2011-11-05 01:50 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{D7CFB71A-972A-44FF-AE44-8780EB53ABB2}
2011-11-05 01:50 . 2011-11-05 01:51 -------- d-----w- c:\program files\Common Files\Native Instruments
2011-11-05 01:50 . 2011-11-05 01:51 -------- d-----w- c:\program files\Native Instruments
2011-11-05 01:21 . 2006-02-24 14:00 344064 ----a-w- c:\windows\system32\msvcr70.dll
2011-11-05 01:21 . 2006-02-24 14:00 487424 ----a-w- c:\windows\system32\msvcp70.dll
2011-11-05 01:04 . 2011-11-15 18:25 -------- d-----w- c:\program files\Cakewalk
2011-11-05 01:04 . 2011-11-15 18:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Cakewalk
2011-11-04 22:59 . 2011-11-04 23:18 -------- d-----w- c:\documents and settings\user1\Application Data\ImgBurn
2011-11-04 22:50 . 2011-11-04 22:50 -------- d-----w- c:\program files\ImgBurn
2011-11-03 03:18 . 2011-11-03 03:18 -------- d-----w- c:\documents and settings\user1\Application Data\Voxatron
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-23 18:17 . 2011-09-20 17:19 102400 ----a-w- c:\windows\RegBootClean.exe
2011-11-29 03:29 . 2011-10-18 03:08 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-10-17 . BA3D691CBA9DFDB3D50C16F6AA62F18B . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
[-] 2008-04-14 09:42 . 022A00180AE900C90AA9BA5DE8BD961C . 185856 . . [------] . . c:\windows\system32\upnphost.dll
[7] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\upnphost.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\user1\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\user1\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\user1\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\user1\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-05-18 196696]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-09-11 143360]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-04 1323008]
"OfficeScanNT Monitor"="c:\program files\Trend Micro\OfficeScan Client\pccntmon.exe" [2010-12-30 874832]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3776512]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-04-28 307768]
"QuickTime Task"="c:\program files\QuickTime Alternative\qttask.exe" [2011-07-05 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2009-03-08 128512]
.
c:\documents and settings\user1\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\user1\Application Data\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ATFUS]
2009-03-19 08:55 180224 ----a-w- c:\windows\system32\FpWinlogonNp.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-4027829005-1107895287-290554039-19765\Scripts\Logon\0\0]
"Script"=\\corp.local\netlogon\teamviewer\corp-teamviewerinstall.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-4027829005-1107895287-290554039-19765\Scripts\Logon\1\0]
"Script"=\\corp.local\NETLOGON\CABEL\KIX32.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-4027829005-1107895287-290554039-19765\Scripts\Logon\2\0]
"Script"=\\corp.local\NETLOGON\admpwupd.exe
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Install Pending Files.LNK]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Install Pending Files.LNK
backup=c:\windows\pss\Install Pending Files.LNKCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-09-11 15:17 172032 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntivirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Live Meeting 8\\Console\\PWConsole.exe"=
"c:\\Program Files\\Teamviewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\Teamviewer\\Version5\\TeamViewer_Service.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Documents and Settings\\user1\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\LeapFTP\\LeapFTP.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4899:TCP"= 4899:TCP:RAdmin
"48900:UDP"= 48900:UDP:RAdmin-UDP
"54601:TCP"= 54601:TCP:Trend Micro OfficeScan Listener
"6112:TCP"= 6112:TCP:Blizzard Downloader
.
R0 42497254;42497254;c:\windows\system32\drivers\42497254.sys [11/16/2011 8:42 AM 133208]
R0 54562378;54562378;c:\windows\system32\drivers\54562378.sys [11/17/2011 8:24 AM 133208]
R0 95894635;95894635;c:\windows\system32\drivers\95894635.sys [11/29/2011 11:02 PM 133208]
R1 82388117;82388117;c:\windows\system32\drivers\82388117.sys [11/16/2011 9:14 AM 133208]
R2 ATService;AuthenTec Fingerprint Service;c:\windows\system32\AtService.exe [3/19/2009 2:48 AM 1680632]
R2 DB2MGMTSVC_TAEVAL10;DB2 Management Service (TAEVAL10);c:\program files\Quest Software\Toad for Data Analysis Trial 1.0\DB2 Client\BIN\db2mgmtsvc.exe [11/6/2006 6:33 PM 35880]
R2 dtsvc;Data Transfer Service;c:\windows\system32\DTS.exe [3/19/2009 2:53 AM 98304]
R2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [7/17/2009 7:32 AM 3576320]
R2 TeamViewer5;TeamViewer 5;c:\program files\Teamviewer\Version5\TeamViewer_Service.exe [12/21/2010 12:05 PM 2002728]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [4/2/2010 12:19 PM 57424]
R2 TmFilter;Trend Micro Filter;c:\program files\Trend Micro\OfficeScan Client\tmxpflt.sys [11/26/2008 7:42 PM 262416]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files\Trend Micro\OfficeScan Client\tmpreflt.sys [11/26/2008 7:42 PM 36624]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [10/17/2008 8:34 AM 243856]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.2;c:\windows\system32\drivers\libusb0.sys [12/23/2010 3:25 PM 28160]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [1/23/2009 7:21 AM 341584]
R3 TmPfw;OfficeScan NT Firewall;c:\program files\Trend Micro\OfficeScan Client\TmPfw.exe [1/23/2009 7:17 AM 497080]
R3 TmProxy;OfficeScan NT Proxy Service;c:\program files\Trend Micro\OfficeScan Client\TmProxy.exe [1/23/2009 7:17 AM 689416]
R3 urvpndrv;F5 Networks VPN Adapter;c:\windows\system32\drivers\covpndrv.sys [5/14/2009 4:19 PM 33920]
S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\user1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\user1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\user1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS --> c:\docume~1\user1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/24/2010 7:03 PM 136176]
S2 SessionLauncher;SessionLauncher;c:\docume~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe [?]
S3 ADMonitor;AD Monitor;c:\windows\system32\ADMonitor.exe [3/19/2009 2:52 AM 106496]
S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [5/7/2009 2:26 AM 482176]
S3 DB2NTSECSERVER_TAEVAL10;DB2 Security Server (TAEVAL10);c:\program files\Quest Software\Toad for Data Analysis Trial 1.0\DB2 Client\BIN\db2sec.exe [11/6/2006 6:35 PM 14376]
S3 f5ipfw;F5 Networks StoneWall Filter;c:\windows\system32\drivers\urfltw2k.sys [5/8/2009 10:01 AM 10752]
S3 FingerprintServer;Fingerprint Server;c:\windows\system32\FpLogonServ.exe [3/19/2009 2:55 AM 118784]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12/24/2010 7:03 PM 136176]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [11/16/2011 8:24 PM 41272]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [4/25/2008 6:15 AM 1120752]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S4 PuranDefrag;PuranDefrag;c:\windows\system32\PuranDefragS.exe [8/10/2011 10:53 PM 229376]
S4 r_server;Remote Administrator Service;"c:\windows\system32\r_server.exe" /service --> c:\windows\system32\r_server.exe [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 0974751DRV
*NewlyCreated* - 95894635
*NewlyCreated* - CWBNETNT
*NewlyCreated* - MDM
*NewlyCreated* - OSE
*NewlyCreated* - TEAMVIEWER5
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 19:34]
.
2011-11-30 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-12-20 20:43]
.
2011-11-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-25 01:03]
.
2011-11-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-25 01:03]
.
2011-11-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4027829005-1107895287-290554039-19765Core.job
- c:\documents and settings\user1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-28 02:13]
.
2011-11-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4027829005-1107895287-290554039-19765UA.job
- c:\documents and settings\user1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-28 02:13]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://www.hyperionics.com/index.asp?Page=hsdx/changelog.asp
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} - hxxp://kitchenplanner.ikea.com/US/Core/Player/2020PlayerAX_IKEA_Win32.cab
FF - ProfilePath - c:\documents and settings\user1\Application Data\Mozilla\Firefox\Profiles\slul1wop.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-uTorrent - c:\program files\uTorrent\uTorrent.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-30 11:35
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,44,1f,00,69,bf,c2,56,49,84,a3,d0,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,44,1f,00,69,bf,c2,56,49,84,a3,d0,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1528)
c:\windows\system32\FpWinLogonNp.dll
c:\program files\Lenovo Fingerprint Software\ATCSSINT.dll
c:\program files\Lenovo Fingerprint Software\SharedResources.dll
c:\program files\Lenovo Fingerprint Software\FPResource.dll
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3872)
c:\documents and settings\user1\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
.
Completion time: 2011-11-30 11:37:47
ComboFix-quarantined-files.txt 2011-11-30 17:37
ComboFix2.txt 2011-11-27 01:31
.
Pre-Run: 95,244,980,224 bytes free
Post-Run: 95,379,914,752 bytes free
.
- - End Of File - - 385E497424BFAA434B26FEF013B1E2FC
  • 0

#67
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi Maxihup,

Step 1

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::

Folder::

FCopy::
c:\windows\system32\dllcache\upnphost.dll | c:\windows\system32\upnphost.dll


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Step 2

If you have Windows XP Service Pack 3 installation disk please prepare it for this step.

We are going to run System File Checker, to make sure all of your protected files are not corrupt. The scan will automatically replace any corrupt files that it finds.

Click Start
Select Run
At the prompt type sfc /scannow Please note that there is a single space between sfc and /scannow.

Typing this will start the program, and a box should appear telling you how much longer the process should take.

Sometimes the scan will prompt you for your Windows XP disc upon starting the scan. if this happens please make sure that you can view protected files:
  • My Computer
  • Tools
  • Folder Options
  • View
  • "Uncheck" Hide protected operating system files.
Then rerun the scan. If this still asks you to put in your windows XP CD, and you do not have the CD (If you bought it preinstalled) post back for more tips, otherwise insert Windows CD.

Once the scan is complete:

Check your Windows Updates! After using the File Protection Service, you might need to reapply some updates.

Please reboot, and let me know if anything has changed.

Also, please rehide the protected files:
  • My Computer
  • Tools
  • Folder Options
  • View
  • "Check" Hide protected operating system files.

Step 3

Please don't forget to include these items in your reply:

  • Combofix log
It would be helpful if you could post each log in separate post
  • 0

#68
Maxihup

Maxihup

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
Could not run file checker as it kept asking for the cd which I do not have.

Here is the combofix log:

ComboFix 11-12-04.02 - user1 12/04/2011 9:28.9.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1976.1090 [GMT -6:00]
Running from: c:\documents and settings\user1\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\user1\Desktop\CFScript.txt
AV: Trend Micro OfficeScan Antivirus *Enabled/Updated* {4CA5B9AB-4295-4D4C-9664-0EBE85AE0525}
FW: Trend Micro Personal Firewall *Enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
--------------- FCopy ---------------
.
c:\windows\system32\dllcache\upnphost.dll --> c:\windows\system32\upnphost.dll
.
((((((((((((((((((((((((( Files Created from 2011-11-04 to 2011-12-04 )))))))))))))))))))))))))))))))
.
.
2067-05-27 20:16 . 2011-11-08 15:56 1249280 ----a-w- c:\program files\Microsoft Games\Impossible Creatures\InsectMod.dll
2067-05-22 03:35 . 2003-06-05 22:40 106496 ----a-w- c:\program files\Microsoft Games\Impossible Creatures\Filesystem.dll
2011-11-28 22:12 . 2011-11-28 22:12 309320 ----a-w- c:\windows\system32\drivers\TrufosAlt.sys
2011-11-26 12:22 . 2011-11-26 12:23 -------- d-----w- c:\windows\system32\config\systemprofile\Tracing
2011-11-25 22:30 . 2011-11-25 22:30 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2011-11-25 16:01 . 2011-11-25 17:36 -------- d-----w- c:\documents and settings\user1\DoctorWeb
2011-11-23 15:06 . 2011-11-23 15:06 -------- d-----w- C:\_OTL
2011-11-22 19:08 . 2004-03-09 22:45 224016 ----a-w- c:\windows\system32\TABCTL32.OCX
2011-11-21 14:34 . 2011-11-21 14:34 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2011-11-21 14:32 . 2011-11-21 14:32 -------- d-----w- c:\documents and settings\user1\Application Data\Itsth
2011-11-21 14:31 . 2011-11-21 14:31 -------- d-----w- c:\program files\Easy2Sync for Outlook
2011-11-21 14:26 . 2011-11-21 14:26 3584 ----a-r- c:\documents and settings\user1\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2011-11-21 14:26 . 2011-11-21 14:26 -------- d-----w- c:\program files\Windows Installer Clean Up
2011-11-17 14:24 . 2011-11-16 23:58 133208 ----a-w- c:\windows\system32\drivers\54562378.sys
2011-11-17 02:24 . 2011-11-17 02:24 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-11-16 23:06 . 2011-11-16 23:06 -------- d-sh--w- c:\documents and settings\user1\IECompatCache
2011-11-16 15:14 . 2011-11-16 23:58 133208 ----a-w- c:\windows\system32\drivers\82388117.sys
2011-11-16 14:42 . 2011-11-16 23:58 133208 ----a-w- c:\windows\system32\drivers\42497254.sys
2011-11-14 21:38 . 2010-02-24 11:57 457216 -c--a-w- c:\windows\system32\dllcache\mrxsmb.sys
2011-11-14 21:38 . 2010-02-24 11:57 457216 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-11-10 20:18 . 2011-11-10 20:18 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2011-11-10 20:18 . 2011-11-10 20:26 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer
2011-11-10 20:04 . 2011-11-10 20:04 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-11-09 03:30 . 2011-11-25 15:41 -------- d-----w- c:\documents and settings\user1\Application Data\Skype
2011-11-09 03:29 . 2011-11-09 03:29 -------- d-----w- c:\program files\Common Files\Skype
2011-11-09 03:29 . 2011-11-09 03:29 -------- d-----r- c:\program files\Skype
2011-11-09 03:13 . 2011-11-09 03:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2011-11-08 15:56 . 2011-11-08 15:56 442368 ----a-w- c:\program files\Microsoft Games\Impossible Creatures\Locale\German\Insect\ModText.dll
2011-11-08 15:56 . 2011-11-08 15:56 442368 ----a-w- c:\program files\Microsoft Games\Impossible Creatures\Locale\French\Insect\ModText.dll
2011-11-08 15:56 . 2011-11-08 15:56 389120 ----a-w- c:\program files\Microsoft Games\Impossible Creatures\Locale\english\Insect\ModText.dll
2011-11-05 02:21 . 2010-07-07 01:36 301696 ----a-w- c:\windows\system32\UCI32A59.dll
2011-11-05 01:57 . 2011-11-05 01:57 -------- d-----w- c:\documents and settings\user1\TruePianos Settings
2011-11-05 01:55 . 2011-11-05 01:56 -------- d-----w- c:\documents and settings\user1\Application Data\Cakewalk
2011-11-05 01:53 . 2011-11-05 01:53 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{D69A48BF-7653-4AA8-94BC-5847522A4573}
2011-11-05 01:51 . 2011-11-05 01:51 -------- d-----w- c:\program files\Common Files\Digidesign
2011-11-05 01:51 . 2011-11-05 01:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Native Instruments
2011-11-05 01:51 . 2011-11-05 01:51 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{0CC51CB2-911C-40BB-BC1B-BD3CAC590222}
2011-11-05 01:50 . 2011-11-05 01:50 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{D7CFB71A-972A-44FF-AE44-8780EB53ABB2}
2011-11-05 01:50 . 2011-11-05 01:51 -------- d-----w- c:\program files\Common Files\Native Instruments
2011-11-05 01:50 . 2011-11-05 01:51 -------- d-----w- c:\program files\Native Instruments
2011-11-05 01:21 . 2006-02-24 14:00 344064 ----a-w- c:\windows\system32\msvcr70.dll
2011-11-05 01:21 . 2006-02-24 14:00 487424 ----a-w- c:\windows\system32\msvcp70.dll
2011-11-05 01:04 . 2011-11-15 18:25 -------- d-----w- c:\program files\Cakewalk
2011-11-05 01:04 . 2011-11-15 18:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Cakewalk
2011-11-04 22:59 . 2011-11-04 23:18 -------- d-----w- c:\documents and settings\user1\Application Data\ImgBurn
2011-11-04 22:50 . 2011-11-04 22:50 -------- d-----w- c:\program files\ImgBurn
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-23 18:17 . 2011-09-20 17:19 102400 ----a-w- c:\windows\RegBootClean.exe
2011-11-29 03:29 . 2011-10-18 03:08 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-10-17 . BA3D691CBA9DFDB3D50C16F6AA62F18B . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( [email protected]_01.16.47 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-12-04 01:29 . 2011-12-04 01:29 16384 c:\windows\temp\Perflib_Perfdata_b4.dat
+ 2011-12-04 01:29 . 2011-12-04 01:29 16384 c:\windows\temp\Perflib_Perfdata_594.dat
+ 2001-08-23 12:00 . 2011-11-30 16:14 87716 c:\windows\system32\perfc009.dat
- 2001-08-23 12:00 . 2011-11-21 16:20 87716 c:\windows\system32\perfc009.dat
+ 2001-08-23 12:00 . 2011-11-30 16:14 467832 c:\windows\system32\perfh009.dat
- 2001-08-23 12:00 . 2011-11-21 16:20 467832 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\user1\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\user1\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\user1\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\user1\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-05-18 196696]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-09-11 143360]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-04 1323008]
"OfficeScanNT Monitor"="c:\program files\Trend Micro\OfficeScan Client\pccntmon.exe" [2010-12-30 874832]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3776512]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-04-28 307768]
"QuickTime Task"="c:\program files\QuickTime Alternative\qttask.exe" [2011-07-05 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2009-03-08 128512]
.
c:\documents and settings\user1\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\user1\Application Data\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ATFUS]
2009-03-19 08:55 180224 ----a-w- c:\windows\system32\FpWinlogonNp.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-4027829005-1107895287-290554039-19765\Scripts\Logon\0\0]
"Script"=\\corp.local\netlogon\teamviewer\corp-teamviewerinstall.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-4027829005-1107895287-290554039-19765\Scripts\Logon\1\0]
"Script"=\\corp.local\NETLOGON\CABEL\KIX32.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-4027829005-1107895287-290554039-19765\Scripts\Logon\2\0]
"Script"=\\corp.local\NETLOGON\admpwupd.exe
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Install Pending Files.LNK]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Install Pending Files.LNK
backup=c:\windows\pss\Install Pending Files.LNKCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-09-11 15:17 172032 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntivirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Live Meeting 8\\Console\\PWConsole.exe"=
"c:\\Program Files\\Teamviewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\Teamviewer\\Version5\\TeamViewer_Service.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Documents and Settings\\user1\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\LeapFTP\\LeapFTP.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4899:TCP"= 4899:TCP:RAdmin
"48900:UDP"= 48900:UDP:RAdmin-UDP
"54601:TCP"= 54601:TCP:Trend Micro OfficeScan Listener
"6112:TCP"= 6112:TCP:Blizzard Downloader
.
R0 42497254;42497254;c:\windows\system32\drivers\42497254.sys [11/16/2011 8:42 AM 133208]
R0 54562378;54562378;c:\windows\system32\drivers\54562378.sys [11/17/2011 8:24 AM 133208]
R1 82388117;82388117;c:\windows\system32\drivers\82388117.sys [11/16/2011 9:14 AM 133208]
R2 ATService;AuthenTec Fingerprint Service;c:\windows\system32\AtService.exe [3/19/2009 2:48 AM 1680632]
R2 DB2MGMTSVC_TAEVAL10;DB2 Management Service (TAEVAL10);c:\program files\Quest Software\Toad for Data Analysis Trial 1.0\DB2 Client\BIN\db2mgmtsvc.exe [11/6/2006 6:33 PM 35880]
R2 dtsvc;Data Transfer Service;c:\windows\system32\DTS.exe [3/19/2009 2:53 AM 98304]
R2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [7/17/2009 7:32 AM 3576320]
R2 TeamViewer5;TeamViewer 5;c:\program files\Teamviewer\Version5\TeamViewer_Service.exe [12/21/2010 12:05 PM 2002728]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [4/2/2010 12:19 PM 57424]
R2 TmFilter;Trend Micro Filter;c:\program files\Trend Micro\OfficeScan Client\tmxpflt.sys [11/26/2008 7:42 PM 262416]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files\Trend Micro\OfficeScan Client\tmpreflt.sys [11/26/2008 7:42 PM 36624]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [10/17/2008 8:34 AM 243856]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.2;c:\windows\system32\drivers\libusb0.sys [12/23/2010 3:25 PM 28160]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [1/23/2009 7:21 AM 341584]
R3 TmPfw;OfficeScan NT Firewall;c:\program files\Trend Micro\OfficeScan Client\TmPfw.exe [1/23/2009 7:17 AM 497080]
R3 TmProxy;OfficeScan NT Proxy Service;c:\program files\Trend Micro\OfficeScan Client\TmProxy.exe [1/23/2009 7:17 AM 689416]
R3 urvpndrv;F5 Networks VPN Adapter;c:\windows\system32\drivers\covpndrv.sys [5/14/2009 4:19 PM 33920]
S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\user1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\user1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\user1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS --> c:\docume~1\user1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/24/2010 7:03 PM 136176]
S2 SessionLauncher;SessionLauncher;c:\docume~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe [?]
S3 ADMonitor;AD Monitor;c:\windows\system32\ADMonitor.exe [3/19/2009 2:52 AM 106496]
S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [5/7/2009 2:26 AM 482176]
S3 DB2NTSECSERVER_TAEVAL10;DB2 Security Server (TAEVAL10);c:\program files\Quest Software\Toad for Data Analysis Trial 1.0\DB2 Client\BIN\db2sec.exe [11/6/2006 6:35 PM 14376]
S3 f5ipfw;F5 Networks StoneWall Filter;c:\windows\system32\drivers\urfltw2k.sys [5/8/2009 10:01 AM 10752]
S3 FingerprintServer;Fingerprint Server;c:\windows\system32\FpLogonServ.exe [3/19/2009 2:55 AM 118784]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12/24/2010 7:03 PM 136176]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [11/16/2011 8:24 PM 41272]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [4/25/2008 6:15 AM 1120752]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S4 PuranDefrag;PuranDefrag;c:\windows\system32\PuranDefragS.exe [8/10/2011 10:53 PM 229376]
S4 r_server;Remote Administrator Service;"c:\windows\system32\r_server.exe" /service --> c:\windows\system32\r_server.exe [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - CWBNETNT
*NewlyCreated* - MDM
*NewlyCreated* - OSE
*NewlyCreated* - TEAMVIEWER5
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 19:34]
.
2011-12-04 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-12-20 20:43]
.
2011-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-25 01:03]
.
2011-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-25 01:03]
.
2011-12-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4027829005-1107895287-290554039-19765Core.job
- c:\documents and settings\user1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-28 02:13]
.
2011-12-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4027829005-1107895287-290554039-19765UA.job
- c:\documents and settings\user1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-28 02:13]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://www.hyperionics.com/index.asp?Page=hsdx/changelog.asp
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 68.87.72.134 68.87.77.134
DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} - hxxp://kitchenplanner.ikea.com/US/Core/Player/2020PlayerAX_IKEA_Win32.cab
FF - ProfilePath - c:\documents and settings\user1\Application Data\Mozilla\Firefox\Profiles\slul1wop.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-04 09:34
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,44,1f,00,69,bf,c2,56,49,84,a3,d0,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,44,1f,00,69,bf,c2,56,49,84,a3,d0,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1472)
c:\windows\system32\FpWinLogonNp.dll
c:\program files\Lenovo Fingerprint Software\ATCSSINT.dll
c:\program files\Lenovo Fingerprint Software\SharedResources.dll
c:\program files\Lenovo Fingerprint Software\FPResource.dll
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(5476)
c:\documents and settings\user1\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
.
Completion time: 2011-12-04 09:35:59
ComboFix-quarantined-files.txt 2011-12-04 15:35
ComboFix2.txt 2011-12-04 15:17
ComboFix3.txt 2011-11-30 17:37
ComboFix4.txt 2011-11-27 01:31
.
Pre-Run: 95,132,192,768 bytes free
Post-Run: 95,096,664,064 bytes free
.
- - End Of File - - 76C12DA6BF1F4721DDA506F545A0D7BE
  • 0

#69
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
How is your system now? Problems?

Run OTL again
Double click on the icon to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
  • . Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in
/md5start
sfcfiles.dll
/md5stop

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open OTL.Txt. This file is also saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it here to me

  • 0

#70
Maxihup

Maxihup

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
IE still sometimes does weird stuff. Flickers and has page errors on command bar(shows desktop through for a few seconds)

Here is the OTL log:

OTL logfile created on: 12/6/2011 7:48:24 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\user1\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.93 Gb Total Physical Memory | 1.09 Gb Available Physical Memory | 56.43% Memory free
3.77 Gb Paging File | 2.00 Gb Available in Paging File | 53.02% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 88.29 Gb Free Space | 59.24% Space Free | Partition Type: NTFS

Computer Name: L1 | User Name: user1 | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/30 08:55:07 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user1\Desktop\OTL.exe
PRC - [2011/10/12 12:45:24 | 000,458,904 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
PRC - [2011/05/25 14:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\user1\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2010/12/30 04:23:20 | 000,874,832 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe
PRC - [2010/12/21 12:05:52 | 000,548,864 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PrismXL.sys
PRC - [2010/12/16 19:14:52 | 001,597,120 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\TmListen.exe
PRC - [2010/12/16 19:09:54 | 001,509,312 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\NTRtScan.exe
PRC - [2010/12/15 01:54:24 | 000,445,048 | ---- | M] () -- C:\WINDOWS\Downloaded Program Files\TunnelServer.exe
PRC - [2010/10/06 05:56:16 | 002,002,728 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\Teamviewer\Version5\TeamViewer_Service.exe
PRC - [2010/10/06 05:56:12 | 006,265,640 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\Teamviewer\Version5\TeamViewer.exe
PRC - [2010/06/29 11:20:40 | 000,497,080 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe
PRC - [2010/06/15 11:34:30 | 000,345,424 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe
PRC - [2010/04/25 00:36:36 | 000,689,416 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
PRC - [2009/07/17 07:32:00 | 003,576,320 | ---- | M] (Native Instruments GmbH) -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
PRC - [2009/03/19 02:53:02 | 000,098,304 | ---- | M] () -- C:\WINDOWS\system32\DTS.exe
PRC - [2009/03/19 02:48:34 | 001,680,632 | ---- | M] (AuthenTec, Inc.) -- C:\WINDOWS\system32\AtService.exe
PRC - [2008/10/17 08:32:35 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/08/18 16:45:42 | 000,346,720 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
PRC - [2008/07/03 21:17:00 | 000,118,784 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2008/06/15 13:34:20 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2007/01/04 17:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2007/01/01 15:22:02 | 003,776,512 | ---- | M] (Google) -- C:\Program Files\Google\Google Talk\googletalk.exe
PRC - [2006/11/06 18:33:56 | 000,035,880 | ---- | M] (International Business Machines Corporation) -- C:\Program Files\Quest Software\Toad for Data Analysis Trial 1.0\DB2 Client\BIN\db2mgmtsvc.exe
PRC - [2006/05/23 19:08:06 | 000,622,700 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2006/05/18 14:24:06 | 000,196,696 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
PRC - [2003/05/05 20:30:22 | 000,065,536 | ---- | M] (Brother Industries, Ltd.) -- C:\WINDOWS\system32\Brmfrmps.exe


========== Modules (No Company Name) ==========

MOD - [2010/12/15 01:54:24 | 000,445,048 | ---- | M] () -- C:\WINDOWS\Downloaded Program Files\TunnelServer.exe
MOD - [2010/12/15 01:54:24 | 000,254,584 | ---- | M] () -- C:\WINDOWS\Downloaded Program Files\TunnelServerX.dll
MOD - [2009/12/12 15:12:03 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2009/09/05 00:15:06 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/03/19 02:53:02 | 000,098,304 | ---- | M] () -- C:\WINDOWS\system32\DTS.exe
MOD - [2009/03/19 02:51:48 | 000,634,880 | ---- | M] () -- C:\Program Files\Lenovo Fingerprint Software\SharedResources.dll
MOD - [2008/06/15 13:34:20 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
MOD - [2008/04/14 03:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 03:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2005/04/22 08:45:06 | 000,007,680 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 922\dlbtmcro.dll
MOD - [2005/04/22 08:43:32 | 000,065,536 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 922\JetScan.dll
MOD - [2005/04/22 08:42:36 | 000,065,536 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 922\JetImage.dll
MOD - [2005/04/22 08:42:18 | 000,028,672 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 922\JetPDF.dll
MOD - [2005/04/22 08:42:00 | 000,036,864 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 922\JetFunc.dll
MOD - [2005/02/28 15:57:40 | 000,075,264 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\DLBTPP5C.DLL
MOD - [2004/03/10 10:36:24 | 000,061,440 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 922\ConvDIB.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (SessionLauncher)
SRV - File not found [Disabled | Stopped] -- -- (r_server)
SRV - [2010/12/21 12:05:52 | 000,548,864 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PrismXL.sys -- (PrismXL)
SRV - [2010/12/16 19:14:52 | 001,597,120 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe -- (tmlisten)
SRV - [2010/12/16 19:09:54 | 001,509,312 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe -- (ntrtscan)
SRV - [2010/10/06 05:56:16 | 002,002,728 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\Teamviewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2010/06/29 11:20:40 | 000,497,080 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe -- (TmPfw)
SRV - [2010/06/15 11:34:30 | 000,345,424 | ---- | M] () [On_Demand | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\..\BM\TMBMSRV.exe -- (TMBMServer)
SRV - [2010/04/25 00:36:36 | 000,689,416 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe -- (TmProxy)
SRV - [2009/07/17 07:32:00 | 003,576,320 | ---- | M] (Native Instruments GmbH) [Auto | Running] -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService)
SRV - [2009/05/07 12:52:30 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/03/19 02:55:36 | 000,118,784 | ---- | M] (AuthenTec,Inc) [On_Demand | Stopped] -- C:\WINDOWS\system32\FpLogonServ.exe -- (FingerprintServer)
SRV - [2009/03/19 02:53:02 | 000,098,304 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\DTS.exe -- (dtsvc)
SRV - [2009/03/19 02:52:56 | 000,106,496 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\ADMonitor.exe -- (ADMonitor)
SRV - [2009/03/19 02:48:34 | 001,680,632 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\WINDOWS\system32\AtService.exe -- (ATService)
SRV - [2008/08/18 16:45:42 | 000,346,720 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2008/06/15 13:34:20 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2008/04/25 06:15:24 | 001,120,752 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2007/01/04 17:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/11/06 18:35:10 | 000,014,376 | ---- | M] (International Business Machines Corporation) [On_Demand | Stopped] -- C:\Program Files\Quest Software\Toad for Data Analysis Trial 1.0\DB2 Client\BIN\db2sec.exe -- (DB2NTSECSERVER_TAEVAL10) DB2 Security Server (TAEVAL10)
SRV - [2006/11/06 18:33:56 | 000,035,880 | ---- | M] (International Business Machines Corporation) [Auto | Running] -- C:\Program Files\Quest Software\Toad for Data Analysis Trial 1.0\DB2 Client\BIN\db2mgmtsvc.exe -- (DB2MGMTSVC_TAEVAL10) DB2 Management Service (TAEVAL10)
SRV - [2006/05/23 19:08:06 | 000,622,700 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2005/03/03 18:11:32 | 000,466,944 | ---- | M] (Dell) [On_Demand | Stopped] -- C:\WINDOWS\System32\dlbtcoms.exe -- (dlbt_device)
SRV - [2003/05/05 20:30:22 | 000,065,536 | ---- | M] (Brother Industries, Ltd.) [Auto | Running] -- C:\WINDOWS\System32\Brmfrmps.exe -- (brmfrmps)


========== Driver Services (SafeList) ==========

DRV - [2011/11/16 20:24:57 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/11/16 17:58:15 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\82388117.sys -- (82388117)
DRV - [2011/11/16 17:58:15 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\54562378.sys -- (54562378)
DRV - [2011/11/16 17:58:15 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\42497254.sys -- (42497254)
DRV - [2011/07/12 11:44:10 | 000,262,416 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\tmxpflt.sys -- (TmFilter)
DRV - [2011/07/12 11:43:58 | 000,036,624 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\tmpreflt.sys -- (TmPreFilter)
DRV - [2011/07/12 11:09:32 | 001,405,720 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\VsapiNT.sys -- (VSApiNt)
DRV - [2010/12/14 10:34:14 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2010/12/14 10:34:14 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010/12/07 14:54:52 | 000,177,232 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2010/12/07 14:54:52 | 000,067,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2010/12/07 14:54:52 | 000,057,424 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2010/11/08 20:05:38 | 000,090,448 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2010/07/21 15:47:00 | 000,341,584 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TM_CFW.sys -- (tmcfw)
DRV - [2010/07/18 20:58:34 | 000,822,400 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAU32.sys -- (CnxtHdAudService)
DRV - [2009/08/20 10:19:18 | 000,033,920 | ---- | M] (F5 Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\covpndrv.sys -- (urvpndrv)
DRV - [2009/08/20 10:19:15 | 000,010,752 | ---- | M] (F5 Networks) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\urfltw2k.sys -- (f5ipfw)
DRV - [2009/07/07 18:53:02 | 000,028,160 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\libusb0.sys -- (libusb0)
DRV - [2009/03/19 19:09:40 | 000,482,176 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/09/25 05:22:02 | 003,634,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel®
DRV - [2008/09/24 22:49:52 | 000,031,680 | R--- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2008/09/19 21:29:54 | 000,243,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1y5132.sys -- (e1yexpress) Intel®
DRV - [2008/08/19 19:15:06 | 000,991,656 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2008/08/19 19:15:04 | 000,047,272 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2008/04/09 17:16:48 | 000,985,472 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2008/04/09 17:16:48 | 000,731,264 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2008/04/09 17:16:48 | 000,210,560 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2008/03/26 12:21:06 | 000,013,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tpm.sys -- (tpm)
DRV - [2008/03/26 12:12:56 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2008/02/15 16:01:00 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008/01/03 12:32:52 | 002,782,208 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007/07/30 09:54:00 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/30 08:42:00 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..keyword.URL: "http://www.google.co...ient&gfns=1&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll ()
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\user1\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\user1\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\user1\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/28 21:29:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/14 08:37:09 | 000,000,000 | ---D | M]

[2009/06/01 16:23:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user1\Application Data\Mozilla\Extensions
[2011/11/28 21:29:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user1\Application Data\Mozilla\Firefox\Profiles\slul1wop.default\extensions
[2011/11/04 20:58:57 | 000,002,572 | ---- | M] () -- C:\Documents and Settings\user1\Application Data\Mozilla\Firefox\Profiles\slul1wop.default\searchplugins\askcom.xml
[2011/11/28 21:29:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\user1\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\SLUL1WOP.DEFAULT\EXTENSIONS\{C0C9A2C7-2E5C-4447-BC53-97718BC91E1B}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\user1\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\SLUL1WOP.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\DOCUMENTS AND SETTINGS\user1\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\SLUL1WOP.DEFAULT\EXTENSIONS\[email protected]_EASIESTYOUTUBE.XPI
[2011/11/28 21:29:26 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/08/01 09:03:51 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2007/03/09 17:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\mozilla firefox\plugins\npyaxmpb.dll
[2011/10/17 21:08:11 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/28 21:29:26 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/12/06 19:47:22 | 000,000,025 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [DiskeeperSystray] C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime Alternative\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4 - Startup: C:\Documents and Settings\user1\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\user1\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} http://kitchenplanne..._IKEA_Win32.cab (20-20 3D Viewer for IKEA)
O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} http://kitchenplanne...yerAX_Win32.cab (20-20 3D Viewer)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} https://www-307.ibm....ntent/AcpIR.cab (IASRunner Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://freetrial.we...bex/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail....ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O18 - Protocol\Handler\qrev {9DE24BAC-FC3C-42c4-9FC4-76B3FAFDBD90} - C:\Program Files\Quest Software\Toad for Oracle\RNetPin.dll ()
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ATFUS: DllName - (C:\WINDOWS\system32\FpWinLogonNp.dll) - C:\WINDOWS\system32\FpWinlogonNp.dll (AuthenTec,Inc)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/10/17 21:01:45 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/04 09:26:35 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/11/30 08:55:02 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\user1\Desktop\OTL.exe
[2011/11/29 16:07:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\My Documents\Production Reports
[2011/11/28 16:12:30 | 000,309,320 | ---- | C] (BitDefender S.R.L.) -- C:\WINDOWS\System32\drivers\TrufosAlt.sys
[2011/11/28 16:08:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Desktop\tdsskiller
[2011/11/28 16:08:04 | 006,525,112 | ---- | C] (BitDefender LLC) -- C:\Documents and Settings\user1\Desktop\BDRemovalTool_TDSS-Clones_x32.exe
[2011/11/26 17:06:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/11/26 17:06:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/11/26 16:19:08 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/11/26 16:19:07 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/11/26 16:19:07 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/11/26 16:19:07 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/11/26 16:17:21 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/26 16:16:58 | 004,326,668 | R--- | C] (Swearware) -- C:\Documents and Settings\user1\Desktop\ComboFix.exe
[2011/11/25 10:01:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\DoctorWeb
[2011/11/23 09:06:43 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/11/22 13:08:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Desktop\EmailForwarder
[2011/11/21 08:36:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2011/11/21 08:32:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Application Data\Itsth
[2011/11/21 08:31:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Easy2Sync for Outlook
[2011/11/21 08:31:54 | 000,000,000 | ---D | C] -- C:\Program Files\Easy2Sync for Outlook
[2011/11/21 08:26:31 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Installer Clean Up
[2011/11/21 02:28:20 | 006,168,064 | ---- | C] (i-Funbox.com) -- C:\Documents and Settings\user1\Desktop\iFunBox.exe
[2011/11/18 08:05:41 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\user1\Desktop\aswMBR.exe
[2011/11/17 08:24:24 | 000,133,208 | ---- | C] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\54562378.sys
[2011/11/16 20:24:57 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/11/16 19:23:31 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\user1\Recent
[2011/11/16 17:06:51 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\user1\IECompatCache
[2011/11/16 16:54:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\My Documents\New Folder
[2011/11/16 09:14:01 | 000,133,208 | ---- | C] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\82388117.sys
[2011/11/16 08:42:12 | 000,133,208 | ---- | C] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\42497254.sys
[2011/11/15 10:42:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/11/14 15:26:46 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/11/10 14:54:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/11/10 14:18:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
[2011/11/10 14:18:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Apple Computer
[2011/11/10 14:04:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/11/10 13:16:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/11/10 13:15:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/11/08 21:30:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Application Data\Skype
[2011/11/08 21:29:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2011/11/08 21:29:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2011/11/08 21:29:50 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2011/11/08 21:13:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2011/11/08 09:21:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Games

========== Files - Modified Within 30 Days ==========

[2011/12/06 19:47:32 | 000,779,264 | ---- | M] () -- C:\Documents and Settings\user1\Desktop\transfer.pst
[2011/12/06 19:47:22 | 000,000,025 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/12/06 19:44:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/12/06 19:40:00 | 000,000,990 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4027829005-1107895287-290554039-19765UA.job
[2011/12/06 19:33:00 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/06 10:40:00 | 000,000,938 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4027829005-1107895287-290554039-19765Core.job
[2011/12/06 09:44:11 | 000,009,446 | ---- | M] () -- C:\WINDOWS\cfgall.ini
[2011/12/06 09:31:19 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/06 09:31:11 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/06 09:29:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/05 16:32:21 | 000,521,616 | ---- | M] () -- C:\Documents and Settings\user1\Desktop\Amendment To Purchase.pdf
[2011/12/05 09:34:39 | 000,000,704 | ---- | M] () -- C:\Documents and Settings\user1\Desktop\Email Forwarder.lnk
[2011/12/04 09:03:14 | 004,326,668 | R--- | M] (Swearware) -- C:\Documents and Settings\user1\Desktop\ComboFix.exe
[2011/12/01 09:57:15 | 000,002,337 | ---- | M] () -- C:\Documents and Settings\user1\Application Data\Microsoft\Internet Explorer\Quick Launch\Excel 2007.lnk
[2011/11/30 12:14:41 | 000,002,347 | ---- | M] () -- C:\Documents and Settings\user1\Application Data\Microsoft\Internet Explorer\Quick Launch\Word 2007.lnk
[2011/11/30 10:14:49 | 000,467,832 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/30 10:14:49 | 000,087,716 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/30 08:55:07 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user1\Desktop\OTL.exe
[2011/11/30 08:31:42 | 000,003,418 | -HS- | M] () -- C:\WINDOWS\0974751drv.spi
[2011/11/29 19:54:08 | 104,118,768 | ---- | M] () -- C:\Documents and Settings\user1\Desktop\setup_11.0.0.1245.x01_2011_11_30_04_06.exe
[2011/11/28 16:54:38 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\user1\Desktop\MBR.dat
[2011/11/28 16:12:32 | 000,309,320 | ---- | M] (BitDefender S.R.L.) -- C:\WINDOWS\System32\drivers\TrufosAlt.sys
[2011/11/28 16:08:26 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\user1\Desktop\aswMBR.exe
[2011/11/28 16:08:25 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\user1\Desktop\MBRCheck.exe
[2011/11/28 16:08:18 | 006,525,112 | ---- | M] (BitDefender LLC) -- C:\Documents and Settings\user1\Desktop\BDRemovalTool_TDSS-Clones_x32.exe
[2011/11/28 16:07:49 | 001,547,774 | ---- | M] () -- C:\Documents and Settings\user1\Desktop\tdsskiller.zip
[2011/11/26 16:14:10 | 000,001,984 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/11/25 16:02:20 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\qvuiy5IX.exe.b
[2011/11/25 16:01:56 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\C71mN8.dat
[2011/11/25 09:53:53 | 082,305,216 | ---- | M] () -- C:\Documents and Settings\user1\Desktop\drweb-cureit.exe
[2011/11/25 09:43:19 | 002,044,928 | ---- | M] () -- C:\Documents and Settings\user1\My Documents\qkmz.exe
[2011/11/23 12:17:04 | 000,102,400 | ---- | M] () -- C:\WINDOWS\RegBootClean.exe
[2011/11/23 09:20:02 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/11/21 14:33:13 | 000,337,568 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/11/21 09:13:30 | 000,271,360 | ---- | M] () -- C:\Documents and Settings\user1\My Documents\Bridge.pst
[2011/11/18 13:16:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/11/16 20:24:57 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/11/16 17:58:15 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\82388117.sys
[2011/11/16 17:58:15 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\54562378.sys
[2011/11/16 17:58:15 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\42497254.sys
[2011/11/15 12:21:23 | 000,000,064 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2011/11/12 20:59:30 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\user1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/08 13:32:26 | 000,000,155 | ---- | M] () -- C:\WINDOWS\winamp.ini
[2011/11/08 09:25:41 | 000,000,027 | ---- | M] () -- C:\WINDOWS\ic.ini
[2011/11/07 09:42:30 | 000,068,928 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat

========== Files Created - No Company Name ==========

[2011/12/06 15:28:58 | 000,146,684 | ---- | C] () -- C:\Documents and Settings\user1\Desktop\DSC05778.JPG
[2011/12/06 15:25:07 | 000,146,951 | ---- | C] () -- C:\Documents and Settings\user1\Desktop\992a6bcd-0660-4c89-bc32-2ce55a9e47cf_0256.jpg
[2011/12/06 15:23:46 | 000,145,176 | ---- | C] () -- C:\Documents and Settings\user1\Desktop\db3d4aae-b941-492a-8487-58ae627781ab_0257.jpg
[2011/12/06 15:22:09 | 000,143,400 | ---- | C] () -- C:\Documents and Settings\user1\Desktop\bba069a8-d53b-4479-bee0-feacdf8def11_0477.jpg
[2011/12/06 15:18:57 | 000,143,653 | ---- | C] () -- C:\Documents and Settings\user1\Desktop\a4511915-1471-4321-a61e-aee05d888db9_0473.jpg
[2011/12/06 15:03:09 | 005,254,001 | ---- | C] () -- C:\Documents and Settings\user1\Desktop\7a76ab67-973c-4880-ab04-4ace732dd7ca_0120.jpg
[2011/12/06 15:02:36 | 005,102,290 | ---- | C] () -- C:\Documents and Settings\user1\Desktop\5a1e429d-be38-460c-8b21-be81d2b6d25f_0137.jpg
[2011/12/06 15:01:08 | 000,149,209 | ---- | C] () -- C:\Documents and Settings\user1\Desktop\756f18a4-51b2-469a-8d70-25e8642b08c6_0247.jpg
[2011/12/05 16:32:21 | 000,521,616 | ---- | C] () -- C:\Documents and Settings\user1\Desktop\Amendment To Purchase.pdf
[2011/11/29 23:28:09 | 000,003,418 | -HS- | C] () -- C:\WINDOWS\0974751drv.spi
[2011/11/29 19:53:51 | 104,118,768 | ---- | C] () -- C:\Documents and Settings\user1\Desktop\setup_11.0.0.1245.x01_2011_11_30_04_06.exe
[2011/11/28 16:54:38 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\user1\Desktop\MBR.dat
[2011/11/28 16:08:25 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\user1\Desktop\MBRCheck.exe
[2011/11/28 16:07:43 | 001,547,774 | ---- | C] () -- C:\Documents and Settings\user1\Desktop\tdsskiller.zip
[2011/11/26 16:19:08 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/11/26 16:19:07 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/11/26 16:19:07 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/11/26 16:19:07 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/11/26 16:19:07 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/11/25 16:02:20 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\qvuiy5IX.exe.b
[2011/11/25 15:59:33 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\C71mN8.dat
[2011/11/25 09:53:44 | 082,305,216 | ---- | C] () -- C:\Documents and Settings\user1\Desktop\drweb-cureit.exe
[2011/11/25 09:43:07 | 002,044,928 | ---- | C] () -- C:\Documents and Settings\user1\My Documents\qkmz.exe
[2011/11/21 12:51:58 | 000,053,714 | ---- | C] () -- C:\Documents and Settings\user1\My Documents\gotmail08.wav
[2011/11/21 12:51:58 | 000,009,946 | ---- | C] () -- C:\Documents and Settings\user1\My Documents\gotmail00.wav
[2011/11/21 09:46:34 | 000,779,264 | ---- | C] () -- C:\Documents and Settings\user1\Desktop\transfer.pst
[2011/11/21 09:13:30 | 000,271,360 | ---- | C] () -- C:\Documents and Settings\user1\My Documents\Bridge.pst
[2011/11/21 08:26:32 | 000,002,333 | ---- | C] () -- C:\Documents and Settings\user1\Start Menu\Programs\Windows Install Clean Up.lnk
[2011/11/14 15:27:02 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/11/14 15:26:50 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/11/08 09:25:41 | 000,000,027 | ---- | C] () -- C:\WINDOWS\ic.ini
[2011/10/25 08:16:15 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2011/09/20 11:19:02 | 000,102,400 | ---- | C] () -- C:\WINDOWS\RegBootClean.exe
[2011/08/12 11:20:14 | 000,015,896 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2011/04/24 13:26:40 | 000,238,936 | ---- | C] () -- C:\WINDOWS\System32\xactengine3_5.dll
[2011/03/25 10:24:44 | 000,186,616 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/02/22 20:45:27 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\user1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/30 13:55:52 | 000,314,070 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2010/12/14 10:34:14 | 000,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2010/12/14 10:34:14 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2010/12/01 13:21:43 | 000,010,579 | ---- | C] () -- C:\WINDOWS\cfgwtp.ini
[2010/07/16 14:30:12 | 000,000,205 | ---- | C] () -- C:\WINDOWS\Hop.ini
[2010/07/14 11:49:55 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\user1\Application Data\winscp.rnd
[2010/07/09 13:55:03 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2010/06/15 13:52:41 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010/05/18 12:44:31 | 000,000,067 | ---- | C] () -- C:\WINDOWS\ERK.INI
[2010/03/29 08:12:32 | 000,003,530 | ---- | C] () -- C:\Documents and Settings\user1\Local Settings\Application Data\springsettings.cfg
[2010/01/22 14:19:21 | 000,000,571 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2010/01/22 14:15:32 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlbtinsb.dll
[2010/01/22 14:15:32 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\dlbtcub.dll
[2010/01/22 14:15:31 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\dlbtins.dll
[2010/01/22 14:15:31 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\dlbtinsr.dll
[2010/01/22 14:15:31 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbtvs.dll
[2010/01/22 14:15:29 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\dlbtcu.dll
[2010/01/22 14:15:29 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\dlbtcur.dll
[2010/01/22 14:15:28 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlbtcoin.dll
[2010/01/22 14:15:28 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\dlbtsnls.dll
[2010/01/22 14:15:27 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\dlbtjswr.dll
[2010/01/22 14:15:22 | 000,397,312 | ---- | C] () -- C:\WINDOWS\System32\dlbtutil.dll
[2009/12/31 15:07:02 | 000,000,051 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2009/12/31 15:07:02 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_2460.ini
[2009/12/10 18:47:59 | 000,068,928 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/06/27 13:50:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2009/06/27 13:47:28 | 000,000,236 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2009/06/27 13:47:28 | 000,000,092 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2009/06/27 13:47:28 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRIDF04A.dat
[2009/06/27 13:47:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2009/06/27 00:06:22 | 000,000,463 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009/06/27 00:06:22 | 000,000,079 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2009/06/27 00:06:22 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2009/06/24 10:03:55 | 000,000,073 | ---- | C] () -- C:\WINDOWS\EurekaLog.ini
[2009/06/01 16:23:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/05/28 11:21:58 | 000,378,880 | ---- | C] () -- C:\WINDOWS\System32\KXauth.dll
[2009/05/15 17:17:40 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\pxhpinst.exe
[2009/05/15 17:17:19 | 000,000,155 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2009/05/07 13:16:20 | 000,009,446 | ---- | C] () -- C:\WINDOWS\cfgall.ini
[2009/05/07 01:46:42 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2009/05/07 01:46:42 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2009/05/07 01:46:42 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2009/05/07 01:46:42 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2009/05/07 01:46:42 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2009/05/07 01:46:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2009/04/23 06:56:40 | 002,026,604 | ---- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2009/04/23 06:56:40 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4990.dll
[2009/04/23 06:56:38 | 000,442,964 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2009/03/19 02:53:02 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\DTS.exe
[2009/03/19 02:52:56 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\ADMonitor.exe
[2009/01/05 07:27:08 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2009/01/05 07:27:08 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2009/01/05 07:27:08 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2009/01/05 07:27:07 | 000,158,080 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2009/01/05 07:25:24 | 000,000,064 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2008/12/30 06:45:13 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/12/30 06:45:12 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/12/30 06:45:12 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/12/30 06:45:12 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/12/30 06:45:10 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/10/20 07:27:51 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/10/17 21:03:46 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/10/17 20:59:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/10/17 16:55:48 | 000,004,392 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/10/17 16:54:36 | 000,337,568 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/10/17 09:36:53 | 000,060,928 | ---- | C] () -- C:\WINDOWS\unleap.exe
[2008/10/17 09:29:31 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/10/17 09:25:30 | 000,001,984 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/10/17 09:22:46 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\cwbrw.dll
[2008/10/17 09:22:46 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\cwbsv.dll
[2008/10/17 09:22:46 | 000,020,533 | ---- | C] () -- C:\WINDOWS\System32\cwbunplp.exe
[2008/10/17 09:22:46 | 000,020,528 | ---- | C] () -- C:\WINDOWS\System32\cwbwiz.dll
[2008/10/17 09:22:46 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\cwbsy.dll
[2008/10/17 09:22:46 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\cwbnl.dll
[2008/10/17 09:22:46 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\cwbnldlg.dll
[2008/10/17 09:22:46 | 000,000,251 | ---- | C] () -- C:\WINDOWS\System32\drivers\hlldrvr.sys
[2008/10/17 09:22:45 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\cwbco.dll
[2008/10/17 09:22:45 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\cwbad.dll
[2008/10/17 08:32:36 | 000,199,680 | ---- | C] () -- C:\WINDOWS\System32\gptext.dll
[2008/10/17 08:31:04 | 000,394,240 | ---- | C] () -- C:\WINDOWS\System32\HMTCD.dll
[2008/10/17 08:31:03 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\cabarc.exe
[2008/10/07 08:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 08:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/08/18 16:44:34 | 002,854,912 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2008/05/26 20:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 20:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/04/14 03:55:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2007/09/27 09:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 09:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 09:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/12/31 05:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2001/11/14 11:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2001/08/23 06:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 06:00:00 | 000,467,832 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 06:00:00 | 000,087,716 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 06:00:00 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\CopyToSendTo.dll
[2001/08/23 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 06:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2010/10/13 14:07:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
[2011/11/15 12:25:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cakewalk
[2009/12/31 15:03:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2009/12/10 15:13:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DS Development
[2011/11/04 19:51:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Native Instruments
[2011/04/10 21:10:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2010/05/17 15:52:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCB Artist
[2009/05/28 11:23:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Quest Software
[2011/10/21 19:42:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2011/09/08 17:42:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TmForever
[2009/05/07 01:51:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2011/11/04 19:51:05 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{0CC51CB2-911C-40BB-BC1B-BD3CAC590222}
[2011/09/19 15:02:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/10/23 14:40:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2011/11/04 19:53:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{D69A48BF-7653-4AA8-94BC-5847522A4573}
[2011/11/04 19:50:32 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{D7CFB71A-972A-44FF-AE44-8780EB53ABB2}
[2010/09/21 11:58:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\.minecraft
[2009/12/07 22:05:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\Amazon
[2011/11/04 19:56:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\Cakewalk
[2008/10/17 09:51:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\Canneverbe_Limited
[2011/04/10 19:17:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\DriverCure
[2011/12/06 15:29:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\Dropbox
[2009/12/10 15:13:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\DS Development
[2011/12/06 11:59:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\emf
[2011/11/04 17:18:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\ImgBurn
[2011/04/04 09:04:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\Immunet
[2009/06/01 21:18:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\InterVideo
[2011/11/21 08:32:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\Itsth
[2010/12/29 10:50:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\Jeskola
[2009/12/10 14:25:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\MAPILab Ltd
[2011/11/15 12:30:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\OnLive App
[2011/04/10 19:17:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\ParetoLogic
[2011/09/23 10:44:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\redsn0w
[2009/05/18 13:25:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\Software
[2010/03/29 08:12:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\springsettings
[2010/07/14 11:54:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\SSH
[2010/12/21 12:05:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\TeamViewer
[2010/12/14 10:38:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\Ubisoft
[2011/11/28 10:50:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\uTorrent
[2011/11/02 21:18:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\Voxatron
[2011/04/24 13:51:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\wargaming.net
[2010/04/05 12:57:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\WarZone
[2011/09/30 10:35:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\webex
[2010/08/23 12:38:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\Windows Desktop Search
[2010/08/23 13:02:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\Windows Search
[2011/03/15 13:58:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\Wizards of the Coast
[2011/03/25 10:25:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\Xtranormal

========== Purity Check ==========



========== Custom Scans ==========



< MD5 for: SFCFILES.DLL >
[2008/10/17 08:39:00 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=BA3D691CBA9DFDB3D50C16F6AA62F18B -- C:\WINDOWS\system32\sfcfiles.dll

< End of report >

Edited by Maxihup, 06 December 2011 - 08:07 PM.

  • 0

Advertisements


#71
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Please download

Attached File  sfcfiles.zip   187.3KB   31 downloads

to your desktop and unzip it to C:\. Please make sure you have C:\sfcfiles.dll after this step.

Next...

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::

Folder::

FCopy::
C:\sfcfiles.dll | C:\WINDOWS\system32\sfcfiles.dll


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
  • 0

#72
Maxihup

Maxihup

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
Have not done the above step yet, but I just wanted to note that I just got somw warnings about JAVA_AGENT.BAQO
  • 0

#73
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
OK. Run last step first (Combofix) then run VRT tools after it. Post logs after the scans.

Run Virus Removal Tool again (if you removed it the download it from Here to your desktop=

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow Virus Removal Tool to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post
  • 0

#74
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP