Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

"System Fix" infection [Solved]


  • This topic is locked This topic is locked

#1
drewdreworld

drewdreworld

    Member

  • Member
  • PipPip
  • 90 posts
Hey, I seem to have gotten an infection last night when I was trying to stream a show for free online >.> From googling, I think I found a guide for my particular infection done by bleepingcomputer (http://www.bleepingc...move-system-fix), they said it's called "system fix". The virus will have tons and tons of error msg's pop up (like, it keeps making more error windows until the pc crashes basically). The error msg from the virus mentions hard disk errors or something. I've run rkill.exe, tdskilled.exe, and mbam.exe a few times to try and fix it.. they always return with having found something but they say they need to reboot to fix the issue and when I reboot back into safe mode, the virus scan doesn't return--and when I reboot into normal mode, the virus returns.. Will post my mbam and OTL.exe log. Thanks so much for any help in advance =)

Also, I've been using these Auslogics Disk Defragmenter and Auslogics Registry Fix (They're free, and haven't seemed to harm my computer over the last month so I don't think they're dangerous either..) and I use the registry fix after I was infected. Just fyi.

Just finished an mbam scan..

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.08.02

Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.6001.18702
Owner :: DREW [administrator]

2/10/2012 1:53:49 PM
mbam-log-2012-02-10 (13-53-49).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 214629
Time elapsed: 5 minute(s), 28 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 6
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowControlPanel (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyDocs (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowRun (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

OTL log

OTL logfile created on: 2/10/2012 2:02:19 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.40 Gb Available Physical Memory | 69.91% Memory free
2.60 Gb Paging File | 2.22 Gb Available in Paging File | 85.41% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 185.45 Gb Total Space | 49.06 Gb Free Space | 26.45% Space Free | Partition Type: NTFS
Drive D: | 4.45 Gb Total Space | 0.62 Gb Free Space | 13.90% Space Free | Partition Type: FAT32

Computer Name: DREW | User Name: Owner | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/10 14:01:52 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2012/02/02 18:13:31 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/01/13 14:53:16 | 000,981,680 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/02 18:13:30 | 001,911,768 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/11/24 09:37:56 | 000,037,888 | ---- | M] () -- C:\WINDOWS\system32\ntusbw32.dll
MOD - [2011/09/13 13:16:19 | 006,277,280 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (intelusb3)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - File not found [Auto | Stopped] -- -- (6to4)
SRV - [2011/10/07 23:50:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/03/16 09:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/08/16 22:38:13 | 001,029,456 | ---- | M] (Lavasoft) [On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/08/11 21:10:51 | 000,266,240 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\CSHelper.exe -- (CSHelper)
SRV - [2008/04/13 19:12:36 | 000,005,632 | ---- | M] (Oak Technology Inc.) [Auto | Stopped] -- C:\WINDOWS\system32\clisvc.dll -- (BcmSqlStartupSvc)
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Stopped] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2003/08/27 09:27:44 | 000,065,536 | ---- | M] (America Online, Inc.) [Auto | Stopped] -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService) WAN Miniport (ATW)
SRV - [2003/02/04 07:22:30 | 000,181,312 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\ScsiAccess.EXE -- (ScsiAccess)


========== Driver Services (SafeList) ==========

DRV - [2012/02/10 13:53:04 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/10/03 19:07:55 | 000,052,352 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\volsnap.sys -- (VolSnap)
DRV - [2010/11/09 13:56:12 | 000,098,392 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2009/07/03 09:49:08 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2008/04/13 19:12:36 | 000,005,632 | ---- | M] (Oak Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\wdica.dll -- (WDICA)
DRV - [2008/04/13 14:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\changer.sys -- (Changer)
DRV - [2008/04/13 14:40:26 | 000,034,688 | ---- | M] (Toshiba Corp.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\lbrtfdc.sys -- (lbrtfdc)
DRV - [2008/04/13 13:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2007/01/11 16:09:13 | 000,016,224 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2005/11/10 09:54:56 | 000,402,944 | ---- | M] (Belkin Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BLKWGU.sys -- (BLKWGU(Belkin)) Belkin Wireless G USB Network Adapter(Belkin)
DRV - [2005/08/17 14:43:20 | 000,330,240 | ---- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\zd1211bu.sys -- (ZD1211BU(ZyDAS)) ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS)
DRV - [2005/06/08 18:44:20 | 000,020,608 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\brgsp50.sys -- (BRGSp50)
DRV - [2005/04/13 12:34:02 | 000,414,464 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvapu.sys -- (nvnforce) Service for NVIDIA® nForce™
DRV - [2005/04/13 12:32:42 | 000,053,376 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvax.sys -- (nvax) Service for NVIDIA® nForce™
DRV - [2004/10/25 13:40:58 | 000,017,664 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZDPSp50.sys -- (ZDPSp50)
DRV - [2004/05/06 13:19:30 | 000,083,181 | ---- | M] (McAfee Security) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\MpFirewall.sys -- (MPFIREWL)
DRV - [2003/12/12 11:06:44 | 000,538,236 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2003/12/12 09:54:14 | 000,391,424 | ---- | M] (Sensaura Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcxsens.sys -- (ALCXSENS)
DRV - [2003/12/06 05:13:42 | 000,429,440 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2003/12/05 19:25:54 | 000,011,392 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2003/12/02 21:23:20 | 000,142,336 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\fasttx2k.sys -- (fasttx2k)
DRV - [2003/11/10 10:24:24 | 000,039,532 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sunkfilt.sys -- (SunkFilt)
DRV - [2003/11/07 22:00:00 | 000,035,328 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2003/09/02 16:51:00 | 000,021,120 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\nv_agp.sys -- (nv_agp)
DRV - [2003/07/18 19:58:20 | 000,036,992 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\SISAGPX.sys -- (SISAGP)
DRV - [2003/07/02 14:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [2003/07/02 02:33:00 | 000,652,497 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2003/04/22 00:18:00 | 000,054,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENET.sys -- (NVENET)
DRV - [2003/01/10 16:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2003/01/09 00:12:46 | 000,068,672 | R--- | M] (2Wire, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\2wirepcp.sys -- (2WIREPCP)
DRV - [2002/10/04 20:04:10 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\r8139n51.sys -- (rtl8139)
DRV - [2001/06/04 16:00:00 | 000,014,112 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://exchange.georgiaemc.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3A 9C 3A 3C BE 85 CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {77868449-f49d-d6ec-3145-e651161b1ff8}:1.4

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@artistscope.com/ArtistScope DRM plugin 1,version=1.1.0.0: C:\Program Files\Mozilla Firefox\plugins\npArtistScopeDRM11.dll (ArtistScope)
FF - HKLM\Software\MozillaPlugins\@artistscope.com/ArtistScope plugin 42,version=4.2.0.0: C:\Program Files\Mozilla Firefox\plugins\npArtistScope42.dll (ArtistScope)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2240: C:\Program Files\Real\RealOne Player\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2298: C:\Program Files\Real\RealOne Player\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1348: C:\Program Files\Real\RealOne Player\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@artistscope.com/ArtistScope DRM plugin 1,version=1.1.0.0: C:\Program Files\Mozilla Firefox\plugins\npArtistScopeDRM11.dll (ArtistScope)
FF - HKCU\Software\MozillaPlugins\@artistscope.com/ArtistScope plugin 42,version=4.2.0.0: C:\Program Files\Mozilla Firefox\plugins\npArtistScope42.dll (ArtistScope)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/02 18:13:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/27 04:17:41 | 000,000,000 | ---D | M]

[2010/02/06 04:17:30 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2010/02/06 04:17:30 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\[email protected]
[2012/02/04 09:39:19 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\znjby5yg.default\extensions
[2011/10/02 21:58:00 | 000,000,000 | -H-D | M] (Temp Installer) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\znjby5yg.default\extensions\{77868449-f49d-d6ec-3145-e651161b1ff8}
[2009/04/03 18:07:47 | 000,000,000 | -H-D | M] (Move Media Player) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\znjby5yg.default\extensions\[email protected]
[2011/12/27 04:17:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/27 15:27:40 | 000,000,000 | ---D | M] (Keynote Connector Extension) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2010/07/27 15:27:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]\components
[2010/03/08 06:15:15 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2012/02/02 18:13:31 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/01/15 12:53:03 | 000,616,448 | ---- | M] (ArtistScope) -- C:\Program Files\mozilla firefox\plugins\npArtistScope42.dll
[2009/02/02 00:06:56 | 000,211,456 | ---- | M] (ArtistScope) -- C:\Program Files\mozilla firefox\plugins\npArtistScopeDRM11.dll
[2008/01/23 01:20:30 | 000,491,520 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
[2006/05/16 16:54:15 | 000,114,688 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npmozax.dll
[2007/04/16 12:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
[2011/12/20 23:30:41 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/20 23:30:41 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

Hosts file not found
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKLM\..\Toolbar: (HP View) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\ShellBrowser: (HP View) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\WebBrowser: (HP View) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [IFEvuifXpHuouiv.exe] C:\Documents and Settings\All Users\Application Data\IFEvuifXpHuouiv.exe (Mioft)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVMixerTray] C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML File not found
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: microsoft.com ([www.update] http in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} https://www-secure.s...sa/LSSupCtl.cab (LSSupCtl Class)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplane...DC_2.2.1.87.cab (Reg Error: Key error.)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ontent/opuc.cab (Office Update Installation Engine)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitd...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate...b?1316033239015 (WUWebControl Class)
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} http://housecall65.t...ivex/hcImpl.cab (Housecall ActiveX 6.5)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {7E9522CF-6B95-46D6-8E2F-7638F507313F} http://www.fastacces...bls_speedop.cab (BLS_SpeedOP.systemcheck)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} http://messenger.msn...pDownloader.cab (MsnMessengerSetupDownloadControl Class)
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://www.windowsec...scan/axscan.cab (ASquaredScanForm Element)
O16 - DPF: {C2CFE28D-36EA-4E38-A9E6-092E3C95070C} https://www.info1onl...asp?LOSType=151 (I1POINT.BorrowerList)
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} http://www.stopzilla...ller/dwnldr.cab (Downloader Class)
O16 - DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_06)
O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_01)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} https://www-secure.s...sa/SymAData.cab (ActiveDataInfo Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 97.81.22.195 71.92.29.130 24.217.201.67
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1967BB82-6900-4069-8EC3-9CFC77204697}: DhcpNameServer = 97.81.22.195 24.177.176.38 24.178.162.3
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4745F59C-FBD1-4DED-BD5E-E2E880676947}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{862A2386-C4D8-4F0A-A9DA-897045846BFD}: DhcpNameServer = 97.81.22.195 24.177.176.38 24.178.162.3
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A2DD7C30-9B36-4063-A810-761B60749F00}: DhcpNameServer = 97.81.22.195 71.92.29.130 24.217.201.67
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\intelsusb: DllName - (ntusbw32.dll) - C:\WINDOWS\System32\ntusbw32.dll ()
O20 - Winlogon\Notify\ntusbw32: DllName - (ntusbw32.dll) - C:\WINDOWS\System32\ntusbw32.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/01/20 20:16:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/10 14:01:55 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2012/02/10 13:53:04 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/02/10 13:35:29 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2012/02/10 02:09:46 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/02/10 00:49:38 | 000,450,560 | -H-- | C] (Mioft) -- C:\Documents and Settings\All Users\Application Data\IFEvuifXpHuouiv.exe
[2012/02/06 00:51:50 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/01/17 15:03:34 | 005,160,600 | -H-- | C] (Auslogics Software Pty Ltd ) -- C:\Documents and Settings\Owner\Desktop\registry-cleaner-setup.exe
[2012/01/17 14:57:39 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Owner\Application Data\Auslogics
[2012/01/17 14:57:37 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Auslogics
[2012/01/17 14:57:36 | 000,000,000 | ---D | C] -- C:\Program Files\Auslogics
[2012/01/17 14:55:26 | 005,044,592 | -H-- | C] (Auslogics Software Pty Ltd ) -- C:\Documents and Settings\Owner\Desktop\disk-defrag-setup.exe
[2012/01/17 02:35:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\HeroBlade Logs
[2012/01/17 00:09:18 | 000,000,000 | ---D | C] -- C:\Program Files\Electronic Arts
[2012/01/17 00:09:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\BioWare
[2010/08/11 21:09:56 | 001,715,904 | ---- | C] (ArtistScope) -- C:\Program Files\Synapse_FX_42.exe
[2006/01/08 16:42:31 | 004,057,200 | ---- | C] (Microsoft Corporation) -- C:\Program Files\wmfdist.exe
[2005/11/28 17:07:13 | 034,412,848 | ---- | C] (Apple Computer, Inc. ) -- C:\Program Files\iTunesSetup.exe
[2005/08/10 09:56:15 | 015,591,520 | ---- | C] (ACD Systems Ltd. ) -- C:\Program Files\acdsee.exe
[2005/07/04 22:47:38 | 002,439,339 | ---- | C] (SoftTech InterCorp ) -- C:\Program Files\imgconvert.exe

========== Files - Modified Within 30 Days ==========

[2012/02/10 14:01:52 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2012/02/10 13:53:04 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/02/10 13:45:04 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/02/10 13:44:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/02/10 13:40:49 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[2012/02/10 02:08:19 | 002,059,824 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner\Desktop\tdsskiller.exe
[2012/02/10 02:05:59 | 001,008,141 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\rkill.com
[2012/02/10 00:49:28 | 000,450,560 | -H-- | M] (Mioft) -- C:\Documents and Settings\All Users\Application Data\IFEvuifXpHuouiv.exe
[2012/02/09 19:46:53 | 000,000,686 | -H-- | M] () -- C:\Documents and Settings\Owner\Desktop\World of Warcraft.lnk
[2012/02/07 18:10:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2012/02/07 07:13:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/02/04 03:03:54 | 000,286,052 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2012/02/04 03:03:54 | 000,286,052 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2012/02/04 03:03:54 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2012/01/17 16:06:47 | 000,000,945 | -H-- | M] () -- C:\Documents and Settings\Owner\Desktop\Auslogics Registry Cleaner.lnk
[2012/01/17 15:03:29 | 005,160,600 | -H-- | M] (Auslogics Software Pty Ltd ) -- C:\Documents and Settings\Owner\Desktop\registry-cleaner-setup.exe
[2012/01/17 14:57:37 | 000,000,910 | -H-- | M] () -- C:\Documents and Settings\Owner\Desktop\Auslogics Disk Defrag.lnk
[2012/01/17 14:55:25 | 005,044,592 | -H-- | M] (Auslogics Software Pty Ltd ) -- C:\Documents and Settings\Owner\Desktop\disk-defrag-setup.exe
[2012/01/17 07:03:59 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/01/17 02:47:56 | 000,434,464 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/17 02:47:56 | 000,068,624 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

========== Files Created - No Company Name ==========

[2012/02/10 00:50:45 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[2012/01/17 16:06:47 | 000,000,945 | -H-- | C] () -- C:\Documents and Settings\Owner\Desktop\Auslogics Registry Cleaner.lnk
[2012/01/17 14:57:37 | 000,000,910 | -H-- | C] () -- C:\Documents and Settings\Owner\Desktop\Auslogics Disk Defrag.lnk
[2012/01/03 03:31:17 | 000,003,522 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\dwm040ms2amk03bg2q380l2aiyoku0je3fton
[2012/01/03 03:31:17 | 000,003,522 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\dwm040ms2amk03bg2q380l2aiyoku0je3fton
[2011/11/25 06:57:33 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/11/24 09:41:50 | 000,100,926 | ---- | C] () -- C:\WINDOWS\System32\itusbcore.dat
[2011/11/24 09:41:50 | 000,000,196 | ---- | C] () -- C:\WINDOWS\System32\itlsvc.dat
[2011/11/24 09:37:56 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\ntusbw32.dll
[2011/11/18 04:47:42 | 000,004,608 | -H-- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/24 13:51:30 | 002,130,002 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2011/10/24 13:44:54 | 000,286,052 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/10/24 13:44:44 | 000,286,052 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/10/24 13:44:44 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/10/03 00:37:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\SBRC.dat
[2011/09/12 14:37:02 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS7I.DLL
[2011/06/02 20:08:38 | 002,293,194 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2011/01/06 16:33:23 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/08/11 21:10:51 | 000,266,240 | ---- | C] () -- C:\WINDOWS\System32\CSHelper.exe
[2010/04/23 02:00:03 | 000,000,005 | ---- | C] () -- C:\WINDOWS\treeskp.sys
[2010/04/23 02:00:03 | 000,000,005 | ---- | C] () -- C:\WINDOWS\sbacknt.bin
[2009/12/16 06:27:40 | 000,037,576 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/09/02 01:37:26 | 000,015,688 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/06/30 21:14:21 | 000,055,726 | ---- | C] () -- C:\WINDOWS\DIIUnin.dat
[2008/03/07 01:11:25 | 000,002,560 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE
[2007/03/16 01:36:36 | 000,146,839 | -H-- | C] () -- C:\Documents and Settings\Owner\Application Data\Cosmos Prefs
[2006/05/09 23:14:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pestpatrol5.INI
[2006/04/28 18:03:52 | 000,012,486 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/04/06 12:16:20 | 000,004,212 | ---- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2006/02/13 17:47:43 | 010,284,336 | ---- | C] () -- C:\Program Files\Avast Setup.exe
[2006/02/11 18:24:15 | 001,847,742 | ---- | C] () -- C:\Program Files\InstallSB.exe
[2006/01/22 21:59:28 | 000,045,540 | ---- | C] () -- C:\Program Files\untitled image
[2006/01/08 16:40:15 | 011,284,970 | ---- | C] () -- C:\Program Files\cdbxp_setup_3.0.116.zip
[2005/12/11 23:53:42 | 000,937,001 | ---- | C] () -- C:\Program Files\slsk156c.exe
[2005/12/10 22:19:28 | 001,014,477 | ---- | C] () -- C:\Program Files\wrar351.exe
[2005/12/10 15:41:58 | 003,620,864 | ---- | C] () -- C:\Program Files\Final_Fantasy_7_TurksInPursuit_OC_ReMix.mp3
[2005/12/10 15:40:40 | 004,630,453 | ---- | C] () -- C:\Program Files\Final_Fantasy_7_FightOn_OC_ReMix.mp3
[2005/12/10 15:34:10 | 004,168,636 | ---- | C] () -- C:\Program Files\zelda.mp3
[2005/11/30 17:39:07 | 000,001,755 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/11/15 23:38:00 | 000,647,168 | ---- | C] () -- C:\WINDOWS\System32\pqdvdb.dll
[2005/11/06 14:28:04 | 000,010,930 | ---- | C] () -- C:\Program Files\mariel's senior outlne.htm
[2005/11/04 21:47:35 | 000,001,619 | ---- | C] () -- C:\Program Files\Baja.jpg
[2005/10/31 19:10:12 | 002,298,775 | ---- | C] () -- C:\Program Files\jcrea350.zip
[2005/08/20 13:07:12 | 000,001,125 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2005/08/17 23:07:05 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2005/08/12 22:24:54 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2005/03/31 10:52:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2005/03/04 14:10:36 | 000,106,496 | ---- | C] () -- C:\WINDOWS\bdoscandel.exe
[2005/03/01 15:30:20 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2004/12/18 22:12:27 | 000,007,376 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2004/12/17 13:51:03 | 000,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.dll
[2004/12/14 14:33:41 | 000,000,335 | ---- | C] () -- C:\WINDOWS\IN1LOS151.ini
[2004/12/12 16:09:01 | 000,000,181 | ---- | C] () -- C:\WINDOWS\upst.ini
[2004/12/12 16:09:01 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2004/12/10 11:36:59 | 000,000,047 | ---- | C] () -- C:\WINDOWS\winhlp32.ini
[2004/12/10 11:35:48 | 000,017,552 | ---- | C] () -- C:\WINDOWS\System32\TTYTWIN.DRV
[2004/12/10 11:35:33 | 000,117,760 | ---- | C] () -- C:\WINDOWS\System32\NCSPI8EN.DLL
[2004/12/10 11:35:23 | 000,022,480 | ---- | C] () -- C:\WINDOWS\System32\PFMAPI16.DLL
[2004/12/10 11:35:23 | 000,020,992 | ---- | C] () -- C:\WINDOWS\System32\PFMAPI32.DLL
[2004/12/10 11:21:44 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\EmbeddedDX.dll
[2004/12/10 11:21:44 | 000,010,875 | ---- | C] () -- C:\WINDOWS\ESOA.INI
[2004/12/10 11:21:44 | 000,003,679 | ---- | C] () -- C:\WINDOWS\GrAddrBk.ini
[2004/12/10 11:21:44 | 000,000,995 | ---- | C] () -- C:\WINDOWS\GRACE.INI
[2004/12/10 11:21:44 | 000,000,053 | ---- | C] () -- C:\WINDOWS\PRSRVDLL.INI
[2004/12/10 11:21:11 | 000,001,315 | ---- | C] () -- C:\WINDOWS\winpoint.ini
[2004/11/14 19:44:43 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/10/26 17:39:05 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2004/09/20 21:10:28 | 000,000,019 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2004/09/19 09:41:34 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\3dfx_3d.dll
[2004/08/26 21:02:59 | 000,000,227 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2004/08/26 21:02:55 | 000,045,568 | ---- | C] () -- C:\WINDOWS\UniFish3.exe
[2004/08/17 17:47:21 | 000,000,490 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2004/08/15 20:57:30 | 000,000,281 | ---- | C] () -- C:\WINDOWS\EReg072.dat
[2004/08/05 16:49:12 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2004/08/05 16:49:12 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2004/07/10 18:55:38 | 000,252,416 | ---- | C] () -- C:\WINDOWS\System32\wsiShared.dll
[2004/06/09 19:08:54 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.Owner.ini
[2004/05/09 00:47:37 | 000,035,382 | ---- | C] () -- C:\WINDOWS\scunin.dat
[2004/04/29 21:22:45 | 000,199,168 | ---- | C] () -- C:\WINDOWS\Uninstall.exe
[2004/04/26 19:13:35 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2004/04/26 16:21:34 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\BJAXSecurityManager.dll
[2004/04/26 16:21:33 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\BJInstaller.dll
[2004/04/26 16:13:25 | 000,007,287 | ---- | C] () -- C:\WINDOWS\hpdj5100.ini
[2004/04/26 16:12:59 | 000,000,470 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2004/03/30 15:47:44 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\nl_msgs.dll
[2004/03/30 15:47:41 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\nl_msgc.dll
[2004/02/26 13:20:16 | 000,065,588 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[2004/02/12 15:45:55 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/02/12 15:45:55 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/02/12 15:45:04 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/02/12 15:45:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/02/12 15:23:34 | 000,052,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\volsnap.sys
[2004/02/12 15:21:33 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/02/12 15:21:33 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/02/12 15:21:29 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/02/12 15:21:24 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/02/12 15:21:17 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/01/22 11:00:28 | 000,012,635 | ---- | C] () -- C:\WINDOWS\System32\DAntivirus.ini
[2004/01/22 04:26:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2004/01/22 04:26:02 | 000,000,451 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini
[2004/01/21 05:04:38 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/01/21 04:52:52 | 000,000,051 | ---- | C] () -- C:\WINDOWS\System32\mshrml.ini
[2004/01/20 23:04:56 | 000,000,128 | -H-- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2004/01/20 23:02:24 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll
[2004/01/20 22:59:54 | 000,090,112 | R--- | C] () -- C:\WINDOWS\bwUnin-6.2.3.66.exe
[2004/01/20 22:56:41 | 000,030,197 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2004/01/20 22:56:16 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\syscontr.dll
[2004/01/20 22:55:38 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2004/01/20 22:42:36 | 000,000,600 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/01/20 22:34:02 | 000,000,907 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2004/01/20 21:54:01 | 000,006,848 | ---- | C] () -- C:\WINDOWS\System32\hphmon05.dat
[2004/01/20 21:53:56 | 000,018,341 | ---- | C] () -- C:\WINDOWS\HPHins01.dat
[2004/01/20 21:53:56 | 000,004,308 | ---- | C] () -- C:\WINDOWS\hphmdl01.dat
[2004/01/20 21:47:44 | 000,034,468 | ---- | C] () -- C:\WINDOWS\hpomdl03.dat
[2004/01/20 21:47:44 | 000,028,885 | ---- | C] () -- C:\WINDOWS\hpoins03.dat
[2004/01/20 21:39:28 | 000,015,415 | ---- | C] () -- C:\WINDOWS\hpdins01.dat
[2004/01/20 21:39:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpzmdl01.dat
[2004/01/20 21:30:23 | 000,016,306 | ---- | C] () -- C:\WINDOWS\hpqins01.dat
[2004/01/20 21:30:23 | 000,002,673 | ---- | C] () -- C:\WINDOWS\hpimdl01.dat
[2004/01/20 21:21:37 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/01/20 21:14:41 | 000,001,040 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat
[2004/01/20 21:10:22 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis760.bin
[2004/01/20 21:10:22 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis741.bin
[2004/01/20 21:10:22 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis660.bin
[2004/01/20 20:47:52 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/01/20 20:38:07 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2004/01/20 20:38:07 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2004/01/20 20:37:39 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2004/01/20 20:20:37 | 000,000,802 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/01/20 20:18:59 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/01/20 20:14:17 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/01/20 19:05:12 | 000,000,549 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/01/20 19:04:38 | 000,434,464 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/01/20 19:04:38 | 000,068,624 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/01/20 12:09:43 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/01/20 12:08:48 | 000,215,264 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/05/16 00:15:18 | 000,225,209 | ---- | C] () -- C:\WINDOWS\System32\C9930A.bin
[2003/03/27 14:28:44 | 000,004,955 | ---- | C] () -- C:\WINDOWS\System32\DProg.ini
[2003/03/07 01:53:16 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\hpnvr82.dll
[2003/02/04 07:22:30 | 000,181,312 | ---- | C] () -- C:\WINDOWS\System32\ScsiAccess.EXE
[2003/01/08 01:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/12/05 17:51:00 | 000,059,392 | R--- | C] () -- C:\WINDOWS\streamhlp.dll
[2000/09/08 15:53:50 | 000,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll

========== LOP Check ==========

[2009/07/29 16:19:05 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2009/03/14 18:29:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\avg7
[2011/10/02 23:44:24 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2006/05/09 23:10:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CA
[2011/09/12 14:37:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2008/02/28 02:23:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Last.fm
[2007/03/15 16:49:06 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2012/02/06 15:45:32 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/07/29 16:19:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/07/17 03:30:27 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/07/08 02:09:20 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data\.minecraft
[2005/12/05 20:24:11 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data\acccore
[2005/08/10 09:58:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data\ACD Systems
[2005/12/05 21:01:38 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data\Aim
[2012/02/06 01:04:33 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data\Auslogics
[2009/03/14 18:29:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data\AVG7
[2011/10/02 07:16:13 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data\Babylon
[2011/08/03 04:19:33 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data\Crayon Physics Deluxe
[2007/03/13 23:36:42 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data\Helios
[2006/05/25 23:28:27 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data\interMute
[2004/04/26 20:04:04 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data\InterVideo
[2010/07/27 15:27:11 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data\Keynote Systems
[2004/06/25 01:13:58 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2005/01/23 16:03:51 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data\LockTime
[2005/09/24 08:31:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data\Lycos
[2008/07/30 02:00:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data\NCH Swift Sound
[2006/09/27 22:16:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data\ourTunes
[2007/03/15 16:49:05 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data\RecordPad
[2011/11/15 18:38:45 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data\RIFT
[2004/01/20 23:29:05 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView
[2008/06/04 03:19:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data\SoundSpectrum
[2010/08/22 05:03:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data\StealthBot
[2004/05/01 15:07:20 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data\STOPzilla!
[2010/01/27 19:24:19 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data\Subversion
[2010/06/03 18:57:16 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data\SystemRequirementsLab
[2005/11/14 00:27:29 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data\Template
[2008/06/01 15:21:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data\Uniblue
[2011/10/07 14:54:57 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data\uTorrent
[2007/06/15 07:11:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data\Viewpoint
[2011/06/14 03:19:52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data\wsInspector
[2012/02/07 18:10:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2011/12/22 06:00:00 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\shutdown.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07BF512B

< End of report >

Ty so much!!
  • 0

Advertisements


#2
drewdreworld

drewdreworld

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts
Just noticed this "Extras.txt" popped up with the OTL.txt log as well.. Extras.txt:

OTL Extras logfile created on: 2/10/2012 2:02:19 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.40 Gb Available Physical Memory | 69.91% Memory free
2.60 Gb Paging File | 2.22 Gb Available in Paging File | 85.41% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 185.45 Gb Total Space | 49.06 Gb Free Space | 26.45% Space Free | Partition Type: NTFS
Drive D: | 4.45 Gb Total Space | 0.62 Gb Free Space | 13.90% Space Free | Partition Type: FAT32

Computer Name: DREW | User Name: Owner | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"20:TCP" = 20:TCP:*:Disabled:BitComet 20 TCP
"20:UDP" = 20:UDP:*:Disabled:BitComet 20 UDP
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"11274:TCP" = 11274:TCP:*:Disabled:BitComet 11274 TCP
"11274:UDP" = 11274:UDP:*:Disabled:BitComet 11274 UDP
"1119:TCP" = 1119:TCP:*:Enabled:TCP SC2
"1119:UDP" = 1119:UDP:*:Enabled:UDP SC2
"6113:UDP" = 6113:UDP:*:Enabled:SC2
"1120:TCP" = 1120:TCP:*:Enabled:SC2 TCP
"3724:TCP" = 3724:TCP:*:Enabled:SC2 DLer
"6881:TCP" = 6881:TCP:*:Enabled:TCP

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Support.com\bin\tgcmd.exe" = C:\Program Files\Support.com\bin\tgcmd.exe:*:Disabled:BellSouth Bulletin and Job processor -- (BellSouth)
"C:\Program Files\Java\j2re1.4.2_06\bin\javaw.exe" = C:\Program Files\Java\j2re1.4.2_06\bin\javaw.exe:*:Enabled:javaw -- ()
"C:\Program Files\Starcraft\starcraft.exe" = C:\Program Files\Starcraft\starcraft.exe:*:Enabled:Starcraft -- (Blizzard Entertainment)
"C:\Program Files\Common Files\AOL\1102887009\EE\aim6.exe" = C:\Program Files\Common Files\AOL\1102887009\EE\aim6.exe:*:Enabled:AIM -- (America Online, Inc.)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Disabled:AOL -- (America Online Inc.)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Disabled:AOL -- (AOL LLC)
"C:\Program Files\Common Files\AOL\1102887009\EE\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1102887009\EE\AOLServiceHost.exe:*:Disabled:AOL -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Disabled:AOL Application Loader -- (AOL LLC)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Disabled:AOL Instant Messenger -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\1102887009\EE\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1102887009\EE\aolsoftware.exe:*:Disabled:AOL Services -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Disabled:AOLTopSpeed -- (America Online Inc)
"C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe" = C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe:*:Enabled:Belkin Wireless USB Utility -- (Belkin Corporation)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Documents and Settings\Owner\Desktop\utorrent.exe" = C:\Documents and Settings\Owner\Desktop\utorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)
"C:\Program Files\GRETECH\GomTVStreamer\GomTVStreamerLive.exe" = C:\Program Files\GRETECH\GomTVStreamer\GomTVStreamerLive.exe:*:Enabled:GomTVStreamerLive -- ()
"C:\Program Files\StarCraft II\StarCraft II.exe" = C:\Program Files\StarCraft II\StarCraft II.exe:*:Enabled:StarCraft II.exe -- (Blizzard Entertainment)
"C:\Program Files\Real\RealOne Player\realplay.exe" = C:\Program Files\Real\RealOne Player\realplay.exe:*:Disabled:RealOne Player -- (RealNetworks, Inc.)
"C:\Program Files\World of Warcraft\Launcher.exe" = C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"C:\Program Files\StarCraft II\Versions\Base19132\SC2.exe" = C:\Program Files\StarCraft II\Versions\Base19132\SC2.exe:*:Enabled:StarCraft II -- (Blizzard Entertainment, Inc.)
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Program Files\StarCraft II\Versions\Base19679\SC2.exe" = C:\Program Files\StarCraft II\Versions\Base19679\SC2.exe:*:Enabled:StarCraft II -- (Blizzard Entertainment, Inc.)
"C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe" = C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)
"C:\Program Files\World of Warcraft\BackgroundDownloader.exe" = C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:BackgroundDownloader -- (Blizzard Entertainment)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
"{015E4B8A-29B5-4AE3-BD08-38220FADFF4C}" = aspi
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0861E87B-24D7-4E7C-B11B-54F86E5C5199}" = hpg8200
"{092eeeee-9fdd-4895-a568-0818c96beb6c}" = AiO_Scan
"{14B4E017-ACDF-4DB0-9D94-8988F5F0145A}" = hpg4600
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{15B9DC72-73F9-4d99-9E28-848D66DA8D99}" = HP Photo & Imaging 3.5 - HP Devices
"{1D46A3A0-B37D-423A-91C2-101A49E2FF80}" = Ventrilo Server
"{1D532B73-1812-483C-8720-E3E24B582015}" = POINT
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7473D9-6C0B-4F5A-8FA4-AB8AD78CBE54}" = DocProc
"{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB}" = iPod for Windows 2006-03-23
"{20CF99FC-2CE7-4AA4-966E-A4B11C0662B4}" = hpg3970
"{257EC58E-03FD-472B-A9B6-93F23A3C4CB0}" = Scan
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 18
"{29B39FB2-5ADF-4F94-BC82-13942871DD0D}" = CameraDrivers
"{29B50D30-EAFC-4cea-9F76-3A0E3729E9B0}" = SkinsHP1
"{2A267BC6-F77F-4DD4-825F-7AEB1F68B4B1}" = HpSdpAppCoreApp
"{3248F0A8-6813-11D6-A77B-00B0D0150010}" = J2SE Runtime Environment 5.0 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{32A3A4F4-B792-11D6-A78A-00B0D0150010}" = J2SE Development Kit 5.0 Update 1
"{32CEEDB2-C5FB-40D4-85EC-EA7B6A282F19}" = TextPad 5
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34957B51-9676-41CE-9E52-44AE91B73F1C}" = HP Software Update
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{415B8A4E-0EA2-4C69-975C-EEE07B837FD7}" = Unload
"{432C3720-37BF-4BD7-8E49-F38E090246D0}" = CR2
"{45B6180B-DCAB-4093-8EE8-6164457517F0}" = Photosmart 140,240,7200,7600,7700,7900 Series
"{469730CC-78DF-4CD3-B286-562D459EA619}" = ESSCAM
"{48242276-DB89-42e8-9678-BD4280D7B99A}" = Copy
"{48C82F7A-F100-4DAB-A310-8E18BF2159E1}" = ESSvpot
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8}" = Quicken 2004
"{54e854d5-d5d4-452d-9c75-b39f5625b5fb}" = Readme
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57C7C46A-D35D-492d-A328-4F8C9B5B4B52}" = PrintScreen
"{581CE7EA-A30D-0000-1211-088635773309}" = ZyDAS IEEE 802.11 b+g Wireless LAN - USB
"{5C088418-0D63-4698-B2D0-7A3A171EE339}" = POINT
"{60758250-C8CF-47EB-8CB6-E0C3B84D8207}" = PSShortcutsP
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{69BD6399-3D8F-45B7-81D9-819361F5101D}" = PCDLNCH
"{7148F0A8-6813-11D6-A77B-00B0D0142060}" = Java 2 Runtime Environment, SE v1.4.2_06
"{723C033E-63EA-4227-BAB2-0AA8693C16EB}" = Director
"{745A92AF-53B4-41A7-91C3-9B026B1D5897}" = InstantShare
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{81DD5688-695A-4c1d-AE7D-368BF857725A}" = TrayApp
"{85BC5C08-E73D-11D2-964D-444553540000}" = Point
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{87843A41-7808-4F2E-B13F-25C1E67CF2FD}" = ESShelp
"{896D642C-7125-44F0-AC49-A23ABF82209C}" = CDBurnerXP Pro 3
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" =
"{8D8024F1-2945-49A5-9B78-5AB7B11D7942}_is1" = Auslogics Registry Cleaner
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{91120409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Standard
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{924EAD66-F854-4605-8493-696DD59A113B}" = RollerCoaster Tycoon Deluxe
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD Player
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B03C535-3AEA-4ef2-B326-0A01A2207034}" = CreativeProjects
"{9D1CF8B6-17B3-4832-B062-2C2DD0B57B04}" = CCHelp
"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}" = ESSvpaht
"{A6359CCF-215D-43D9-8366-479D231F2A72}" = Belkin Wireless USB Utility
"{A6F18A67-B771-4191-8A33-36D2E742D6D9}" = ESSANUP
"{ABE068DF-8DC4-4947-ABFC-DD2B40850225}" = SFR2
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{AD17BC8E-4A5D-4E59-8640-10DF36E9EB75}" = hpg5530
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 285.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 285.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.95
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU
"{bb6cac2a-1fa0-471a-bc3c-ade699c39f3c}" = Fax
"{BC339BFD-F550-471a-8D26-4D08126C62F7}" = SkinsHP2
"{C05DEB30-501D-4106-958D-C5E147D2BF7E}" = StealthBot 2.7
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{c330461f-c4a9-4fc7-af5d-c158e0b56aa7}" = AiOSoftware
"{C354C9B6-A4E0-4BB0-A368-6DC6BCA0E314}" = SFR
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C6A7AF96-4EB1-4AAE-8318-1AB393C64F88}" = Microsoft Plus! Digital Media Edition
"{C6C44651-7C66-4b11-92E8-17565D3D22DD}" = HP Image Zone Plus 3.5
"{CA60320D-6A16-49C8-A34F-84EEF4799567}" = ESSTUTOR
"{CBE3E0AF-73BB-4c21-8B96-B09E003EDE7F}" = QuickProjects
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0122362-6333-4DE4-93F6-A5A2F3CC101A}" = HP Organize
"{D15E9DB5-6BEB-4534-901E-80C0A29BAB97}" = ESSAdpt
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D7A6C517-11F2-419F-B5BB-27772B939698}" = NvMixer
"{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A}" = iPod for Windows 2005-10-12
"{DE114695-AE58-4B66-8E0F-2505188602FB}_is1" = Uninstall Startup Inspector
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E8BFBD0A-8002-4dc9-869C-E495FA9DCE7A}" = PhotoGallery
"{ec7d7a6a-31cb-4810-826f-74171bef44f1}" = AIOMinimal
"{ECD092C2-9B78-40E8-90BC-922A16E1101B}" = Kodak EasyShare printer dock
"{ED869D8B-6C7E-44C7-9F2F-BD5436849C61}" = hpg2436
"{EF9967D8-1999-4260-ACC2-86901AA36650}" = Multimedia Card Reader
"{F247869D-3643-4A9F-821B-3534145928E3}" = HPIZ350
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F38FA38A-7E5A-4209-88ED-4DE21CD20EEF}" = HP PSC & OfficeJet 3.0
"{F419D20A-7719-4639-8E30-C073A040D878}" = HP Deskjet Preloaded Printer Drivers
"{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}" = OTtBP
"{FBBF532A-47AC-457d-AC06-0D3163D8911E}" = WebReg
"{FCE14E89-E472-4501-A87F-784CB7128AAB}" = POINT
"{FEDA56C4-82F3-46DD-8B50-FC592BBE1C0D}" = hp deskjet 5100
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AIM_6" = AIM 6
"AOL Instant Messenger" = AOL Instant Messenger
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"ArtistScope Plugin FX4.2.0.3" = ArtistScope Plugin FX
"AudioConverter Studio_is1" = AudioConverter Studio 6.0
"AviSynth" = AviSynth 2.5
"BackWeb-137903 Uninstaller" = Updates from HP
"BellSouth" = BellSouth FastAccess DSL Help Center
"CleanUp!" = CleanUp!
"Corel WordPerfect Suite 8" = Corel WordPerfect Suite 8
"GOM Player" = GOM Player
"GomTVStreamer" = GOMTV Streamer
"HP Instant Support" = HP Instant Support
"HPTOOLKIT" = Toolkit View(HP)
"ie8" = Windows Internet Explorer 8
"InstallShield_{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB}" = iPod for Windows 2006-03-23
"InstallShield_{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8}" = Quicken 2004
"InstallShield_{A6359CCF-215D-43D9-8366-479D231F2A72}" = Belkin Wireless USB Utility
"InstallShield_{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A}" = iPod for Windows 2005-10-12
"InstallShield_{EF9967D8-1999-4260-ACC2-86901AA36650}" = Multimedia Card Reader
"LastFM_is1" = Last.fm 1.5.1.29527
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 10.0 (x86 en-US)" = Mozilla Firefox 10.0 (x86 en-US)
"MSN Music Assistant" = MSN Music Assistant
"Need2FindBar Uninstall" = Need2Find Bar
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA Ethernet Driver" = NVIDIA Ethernet Driver
"Port Magic" = Pure Networks Port Magic
"Python 2.2 combined Win32 extensions" = Python 2.2 combined Win32 extensions
"RealPlayer 6.0" = RealPlayer
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.3
"Starcraft" = Starcraft
"StarCraft II" = StarCraft II
"Steam App 400" = Portal
"SystemRequirementsLab" = System Requirements Lab
"uTorrent" = µTorrent
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 0.9.8a
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"World of Warcraft" = World of Warcraft

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/3/2011 6:04:49 AM | Computer Name = DREW | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 10/3/2011 6:04:49 AM | Computer Name = DREW | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 10/3/2011 9:51:46 PM | Computer Name = DREW | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/19/2011 1:56:36 PM | Computer Name = DREW | Source = Application Hang | ID = 1002
Description = Hanging application Wow.exe, version 4.2.2.14545, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/24/2011 2:46:50 PM | Computer Name = DREW | Source = MsiInstaller | ID = 11904
Description = Product: NVIDIA Control Panel -- Error 1904.Module C:\WINDOWS\system32\nvcpl.dll
failed to register. HRESULT -2147024770. Contact your support personnel.

Error - 10/26/2011 10:21:34 PM | Computer Name = DREW | Source = Application Error | ID = 1000
Description = Faulting application aim.exe, version 5.9.3861.0, faulting module
unknown, version 0.0.0.0, fault address 0x1221254f.

Error - 11/25/2011 8:03:52 AM | Computer Name = DREW | Source = Application Error | ID = 1000
Description = Faulting application ping.exe, version 5.1.2600.5512, faulting module
mswsock.dll, version 5.1.2600.5625, fault address 0x00010000.

Error - 11/25/2011 10:42:58 AM | Computer Name = DREW | Source = Application Error | ID = 1000
Description = Faulting application ping.exe, version 5.1.2600.5512, faulting module
mswsock.dll, version 0.0.0.0, fault address 0x000100f0.

Error - 11/25/2011 12:19:32 PM | Computer Name = DREW | Source = Application Error | ID = 1000
Description = Faulting application ping.exe, version 5.1.2600.5512, faulting module
mswsock.dll, version 0.0.0.0, fault address 0x00010000.

Error - 12/26/2011 9:33:52 PM | Computer Name = DREW | Source = Application Error | ID = 1000
Description = Faulting application services.exe, version 5.1.2600.5755, faulting
module ntdll.dll, version 5.1.2600.6055, fault address 0x00017867.

[ Application Events ]
Error - 10/3/2011 6:04:49 AM | Computer Name = DREW | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 10/3/2011 6:04:49 AM | Computer Name = DREW | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 10/3/2011 9:51:46 PM | Computer Name = DREW | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/19/2011 1:56:36 PM | Computer Name = DREW | Source = Application Hang | ID = 1002
Description = Hanging application Wow.exe, version 4.2.2.14545, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/24/2011 2:46:50 PM | Computer Name = DREW | Source = MsiInstaller | ID = 11904
Description = Product: NVIDIA Control Panel -- Error 1904.Module C:\WINDOWS\system32\nvcpl.dll
failed to register. HRESULT -2147024770. Contact your support personnel.

Error - 10/26/2011 10:21:34 PM | Computer Name = DREW | Source = Application Error | ID = 1000
Description = Faulting application aim.exe, version 5.9.3861.0, faulting module
unknown, version 0.0.0.0, fault address 0x1221254f.

Error - 11/25/2011 8:03:52 AM | Computer Name = DREW | Source = Application Error | ID = 1000
Description = Faulting application ping.exe, version 5.1.2600.5512, faulting module
mswsock.dll, version 5.1.2600.5625, fault address 0x00010000.

Error - 11/25/2011 10:42:58 AM | Computer Name = DREW | Source = Application Error | ID = 1000
Description = Faulting application ping.exe, version 5.1.2600.5512, faulting module
mswsock.dll, version 0.0.0.0, fault address 0x000100f0.

Error - 11/25/2011 12:19:32 PM | Computer Name = DREW | Source = Application Error | ID = 1000
Description = Faulting application ping.exe, version 5.1.2600.5512, faulting module
mswsock.dll, version 0.0.0.0, fault address 0x00010000.

Error - 12/26/2011 9:33:52 PM | Computer Name = DREW | Source = Application Error | ID = 1000
Description = Faulting application services.exe, version 5.1.2600.5755, faulting
module ntdll.dll, version 5.1.2600.6055, fault address 0x00017867.

[ System Events ]
Error - 2/10/2012 2:37:44 PM | Computer Name = DREW | Source = Service Control Manager | ID = 7023
Description = The Intel USB3 Device Service service terminated with the following
error: %%126

Error - 2/10/2012 2:37:54 PM | Computer Name = DREW | Source = Service Control Manager | ID = 7023
Description = The Intel USB3 Device Service service terminated with the following
error: %%126

Error - 2/10/2012 2:41:11 PM | Computer Name = DREW | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 2/10/2012 2:41:41 PM | Computer Name = DREW | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AmdK8 Fips SASDIFSV SASKUTIL

Error - 2/10/2012 2:42:21 PM | Computer Name = DREW | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 2/10/2012 2:43:50 PM | Computer Name = DREW | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 2/10/2012 2:44:59 PM | Computer Name = DREW | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring
the volume.

Error - 2/10/2012 2:45:11 PM | Computer Name = DREW | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 2/10/2012 2:46:28 PM | Computer Name = DREW | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AmdK8 fasttx2k Fips ohci1394 SASDIFSV SASKUTIL SISAGP viaagp1

Error - 2/10/2012 2:56:36 PM | Computer Name = DREW | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}


< End of report >

Edit: My first mbam report was a "quick scan", just finished a "full scan" while in safe mode..

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.08.02

Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.6001.18702
Owner :: DREW [administrator]

2/10/2012 2:17:54 PM
mbam-log-2012-02-10 (14-17-54).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 367031
Time elapsed: 1 hour(s), 1 minute(s), 49 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 10
C:\Documents and Settings\Owner\My Documents\2K5yjM8e.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1624\A0514515.exe (Trojan.Agent.CoXGen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1627\A0515546.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1627\A0515559.dll (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1627\A0515560.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1627\A0515575.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1627\A0515576.dll (Trojan.Wimpixo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1664\A0525893.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1702\A0540466.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\10.02.2012_13.43.04\rtkt0000\svc0000\tsk0000.dta (Rootkit.0Access) -> Quarantined and deleted successfully.

(end)

No matter what I do, though, when I reboot for any purpose (except maybe into safe mode), it comes right back. Even though the scans say deleted successfully and what not.

Edited by drewdreworld, 10 February 2012 - 02:35 PM.

  • 0

#3
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there you have a rootkit infection

First I will need to determine the variant before I start killing

Download aswMBR.exe ( 4.1mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image
  • 0

#4
drewdreworld

drewdreworld

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts
Hi, thanks for your help! Just wanted to say my mbam or tdsskiller usually finds and quarantines something when I reboot it (including this time), in case it has something quarantined that this might have missed.. not that I know how this program works.. :)

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-12 10:54:30
-----------------------------
10:54:30.093 OS Version: Windows 5.1.2600 Service Pack 3
10:54:30.093 Number of processors: 1 586 0x408
10:54:30.093 ComputerName: DREW UserName:
10:54:33.890 Initialize success
10:54:50.140 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
10:54:50.140 Disk 0 Vendor: Maxtor_6Y200P0 YAR41BW0 Size: 194481MB BusType: 3
10:54:50.187 Disk 0 MBR read successfully
10:54:50.187 Disk 0 MBR scan
10:54:50.187 Disk 0 unknown MBR code
10:54:50.203 Disk 0 Partition 1 00 0B FAT32 RECOVERY 4569 MB offset 63
10:54:50.234 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 189900 MB offset 9359280
10:54:50.281 Disk 0 scanning sectors +398275920
10:54:50.437 Disk 0 scanning C:\WINDOWS\system32\drivers
10:55:08.906 Service scanning
10:55:10.250 Service ECSIoDriver_1_1_0_0 F:\ECSIoDriver.sys **LOCKED** 21
10:55:10.437 Service IPSec C:\WINDOWS\system32\drivers\tsk1.tmp **LOCKED** 32
10:55:11.453 Modules scanning
10:55:25.078 Module: C:\WINDOWS\System32\DRIVERS\ipsec.sys **SUSPICIOUS**
10:55:46.187 Disk 0 trace - called modules:
10:55:46.218 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xb826bfc0]<<
10:55:46.218 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8aaddab8]
10:55:46.218 3 CLASSPNP.SYS[b80e8fd7] -> nt!IofCallDriver -> [0x8a9b3f08]
10:55:46.218 \Driver\00001946[0x8a9fb4c0] -> IRP_MJ_CREATE -> 0xb826bfc0
10:55:46.218 Scan finished successfully
10:56:24.671 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
10:56:24.671 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"

Edit: i've been up a long time, will be taking a nap/going to sleep now, and will be ready to work on it when I return =)

Edited by drewdreworld, 12 February 2012 - 10:31 AM.

  • 0

#5
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK I can see the variant now.. TDSSKiller is taking out the main infection but not killing the respawning driver. I will take that out after this next run

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks
  • Also allow the installation of the recovery console

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#6
drewdreworld

drewdreworld

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts
Everything appears to be pretty much back to normal--when combofix finally produced a log, I had to reboot it to access the internet (it warned me I might have to, I'm not concerned, just informing you ^.^) I haven't used it that much yet but at a glance it seems a LOT better

ComboFix 12-02-12.01 - Owner 02/12/2012 13:42:27.5.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1685 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\IFEvuifXpHuouiv.exe
c:\documents and settings\All Users\Application Data\TEMP
c:\windows\$NtUninstallKB61552$\3458711172
c:\windows\$NtUninstallKB61552$\983354092\@
c:\windows\$NtUninstallKB61552$\983354092\cfg.ini
c:\windows\$NtUninstallKB61552$\983354092\Desktop.ini
c:\windows\$NtUninstallKB61552$\983354092\L\jagjohea
c:\windows\system32\certstore.dat
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\Ipripv32.dll
c:\windows\$NtUninstallKB61552$\983354092\cfg.ini . . . . Failed to delete
.


.
Infected copy of c:\windows\system32\drivers\netbt.sys was found and disinfected
Restored copy from - The cat found it :)
c:\windows\system32\drivers\Serial.sys was missing
Restored copy from - c:\windows\ServicePackFiles\i386\serial.sys
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_6TO4
-------\Legacy_IAS
-------\Legacy_NETWORKLOG
-------\Legacy_NPF
-------\Service_6to4
-------\Service_Ias
-------\Legacy_Iprip
-------\Service_Iprip
.
.
((((((((((((((((((((((((( Files Created from 2012-01-12 to 2012-02-12 )))))))))))))))))))))))))))))))
.
.
2012-02-12 18:56 . 2008-04-13 19:15 64512 ----a-w- c:\windows\system32\drivers\Serial.sys
2012-02-12 18:38 . 2012-02-10 20:40 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-02-12 18:02 . 2012-02-12 18:02 37888 ----a-w- c:\windows\system32\USB3Sw32.dll
2012-02-12 18:02 . 2012-02-12 18:02 156672 ----a-w- c:\windows\system32\NCUSBw32.dll
2012-02-11 21:44 . 2012-02-11 21:44 57600 ---ha-w- c:\windows\system32\drivers\tsk3.tmp
2012-02-11 20:25 . 2012-02-11 20:25 -------- d--h--w- c:\windows\PIF
2012-02-10 07:09 . 2012-02-12 11:36 -------- dc----w- C:\TDSSKiller_Quarantine
2012-02-10 05:50 . 2012-02-12 18:41 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-01-17 19:57 . 2012-02-06 06:04 -------- d--h--w- c:\documents and settings\Owner\Application Data\Auslogics
2012-01-17 19:57 . 2012-02-06 20:45 -------- d--h--w- c:\program files\Auslogics
2012-01-17 05:09 . 2012-01-17 19:56 -------- d--h--w- c:\program files\Common Files\BioWare
2012-01-17 05:09 . 2012-01-17 05:09 -------- d--h--w- c:\program files\Electronic Arts
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-12 18:24 . 2004-02-12 20:45 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys
2012-02-11 21:25 . 2004-02-12 20:44 138496 ---ha-w- c:\windows\system32\drivers\afd.sys
2012-02-11 20:34 . 2004-01-21 00:04 456320 ---ha-w- c:\windows\system32\drivers\mrxsmb.sys
2012-02-10 18:44 . 2011-10-03 07:46 62976 ---ha-w- c:\windows\system32\drivers\cdrom.sys
2011-12-10 20:24 . 2011-10-04 11:58 20464 ---ha-w- c:\windows\system32\drivers\mbam.sys
2011-11-25 21:57 . 2004-01-21 00:04 293376 ---ha-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2004-01-21 00:04 1859584 ---ha-w- c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2004-02-12 20:21 60416 ---ha-w- c:\windows\system32\packager.exe
2011-11-16 14:21 . 2004-07-18 00:34 354816 ---ha-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2004-02-12 20:21 152064 ---ha-w- c:\windows\system32\schannel.dll
2010-08-12 02:10 . 2010-08-12 02:09 1715904 ---ha-w- c:\program files\Synapse_FX_42.exe
2006-02-13 22:47 . 2006-02-13 22:47 10284336 ---ha-w- c:\program files\Avast Setup.exe
2006-02-11 23:24 . 2006-02-11 23:24 1847742 ---ha-w- c:\program files\InstallSB.exe
2006-01-08 21:42 . 2006-01-08 21:42 4057200 ---ha-w- c:\program files\wmfdist.exe
2005-12-12 04:53 . 2005-12-12 04:53 937001 ---ha-w- c:\program files\slsk156c.exe
2005-12-11 03:19 . 2005-12-11 03:19 1014477 ---ha-w- c:\program files\wrar351.exe
2005-11-28 22:07 . 2005-11-28 22:07 34412848 ---ha-w- c:\program files\iTunesSetup.exe
2005-08-10 14:56 . 2005-08-10 14:56 15591520 ---ha-w- c:\program files\acdsee.exe
2005-07-05 03:47 . 2005-07-05 03:47 2439339 ---ha-w- c:\program files\imgconvert.exe
2012-02-10 23:42 . 2011-12-27 09:17 134104 ---ha-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2003-11-04 221184]
"NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-20 131072]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-10-08 16744256]
"NvMediaCenter"="NvMCTray.dll" [2011-10-08 203072]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2011-10-08 1632360]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\NecUsb3Sevices]
2012-02-12 18:02 37888 ----a-w- c:\windows\system32\USB3Sw32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\USB3Sw32]
2012-02-12 18:02 37888 ----a-w- c:\windows\system32\USB3Sw32.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Support.com\\bin\\tgcmd.exe"=
"c:\\Program Files\\Java\\j2re1.4.2_06\\bin\\javaw.exe"=
"c:\\Program Files\\Starcraft\\starcraft.exe"=
"c:\\Program Files\\Common Files\\AOL\\1102887009\\EE\\aim6.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\1102887009\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Common Files\\AOL\\1102887009\\EE\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Belkin\\USB F5D7050\\Wireless Utility\\Belkinwcui.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\Owner\\Desktop\\utorrent.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\GRETECH\\GomTVStreamer\\GomTVStreamerLive.exe"=
"c:\\Program Files\\StarCraft II\\StarCraft II.exe"=
"c:\\Program Files\\Real\\RealOne Player\\realplay.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\StarCraft II\\Versions\\Base19132\\SC2.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\StarCraft II\\Versions\\Base19679\\SC2.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"20:TCP"= 20:TCP:*:Disabled:BitComet 20 TCP
"20:UDP"= 20:UDP:*:Disabled:BitComet 20 UDP
"11274:TCP"= 11274:TCP:*:Disabled:BitComet 11274 TCP
"11274:UDP"= 11274:UDP:*:Disabled:BitComet 11274 UDP
"1119:TCP"= 1119:TCP:TCP SC2
"1119:UDP"= 1119:UDP:UDP SC2
"6113:UDP"= 6113:UDP:SC2
"1120:TCP"= 1120:TCP:SC2 TCP
"3724:TCP"= 3724:TCP:SC2 DLer
"6881:TCP"= 6881:TCP:TCP
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [9/1/2009 5:10 PM 64160]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [10/3/2011 12:37 AM 98392]
R2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [8/11/2010 9:10 PM 266240]
R2 NecUsb3;USB3 Service;c:\windows\System32\svchost.exe -k NecUsb3Sevic [2/12/2004 3:22 PM 14336]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [7/29/2009 4:19 PM 24652]
S0 49076043;49076043;c:\windows\system32\drivers\52437583.sys --> c:\windows\system32\drivers\52437583.sys [?]
S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\Owner\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\Owner\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\Owner\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS --> c:\docume~1\Owner\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS [?]
S2 mrtRate;mrtRate; [x]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [10/24/2011 1:52 PM 2253120]
S3 ECSIoDriver_1_1_0_0;ECSIoDriver_1_1_0_0;\??\f:\ecsiodriver.sys --> f:\ECSIoDriver.sys [?]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 9:49 AM 1029456]
S4 ADBLOCK.DLL;Outpost Firewall PlugIn (ADBLOCK.DLL);\??\c:\progra~1\Agnitum\OUTPOS~1.0\kernel\ADBLOCK.DLL --> c:\progra~1\Agnitum\OUTPOS~1.0\kernel\ADBLOCK.DLL [?]
S4 CONTENT.DLL;Outpost Firewall PlugIn (CONTENT.DLL);\??\c:\progra~1\Agnitum\OUTPOS~1.0\kernel\CONTENT.DLL --> c:\progra~1\Agnitum\OUTPOS~1.0\kernel\CONTENT.DLL [?]
S4 DNSCACHE.DLL;Outpost Firewall PlugIn (DNSCACHE.DLL);\??\c:\progra~1\Agnitum\OUTPOS~1.0\kernel\DNSCACHE.DLL --> c:\progra~1\Agnitum\OUTPOS~1.0\kernel\DNSCACHE.DLL [?]
S4 FTPFILT.DLL;Outpost Firewall PlugIn (FTPFILT.DLL);\??\c:\progra~1\Agnitum\OUTPOS~1.0\kernel\FTPFILT.DLL --> c:\progra~1\Agnitum\OUTPOS~1.0\kernel\FTPFILT.DLL [?]
S4 HTMLFILT.DLL;Outpost Firewall PlugIn (HTMLFILT.DLL);\??\c:\progra~1\Agnitum\OUTPOS~1.0\kernel\HTMLFILT.DLL --> c:\progra~1\Agnitum\OUTPOS~1.0\kernel\HTMLFILT.DLL [?]
S4 HTTPFILT.DLL;Outpost Firewall PlugIn (HTTPFILT.DLL);\??\c:\progra~1\Agnitum\OUTPOS~1.0\kernel\HTTPFILT.DLL --> c:\progra~1\Agnitum\OUTPOS~1.0\kernel\HTTPFILT.DLL [?]
S4 IMAPFILT.DLL;Outpost Firewall PlugIn (IMAPFILT.DLL);\??\c:\progra~1\Agnitum\OUTPOS~1.0\kernel\IMAPFILT.DLL --> c:\progra~1\Agnitum\OUTPOS~1.0\kernel\IMAPFILT.DLL [?]
S4 MAILFILT.DLL;Outpost Firewall PlugIn (MAILFILT.DLL);\??\c:\progra~1\Agnitum\OUTPOS~1.0\kernel\MAILFILT.DLL --> c:\progra~1\Agnitum\OUTPOS~1.0\kernel\MAILFILT.DLL [?]
S4 NNTPFILT.DLL;Outpost Firewall PlugIn (NNTPFILT.DLL);\??\c:\progra~1\Agnitum\OUTPOS~1.0\kernel\NNTPFILT.DLL --> c:\progra~1\Agnitum\OUTPOS~1.0\kernel\NNTPFILT.DLL [?]
S4 POP3FILT.DLL;Outpost Firewall PlugIn (POP3FILT.DLL);\??\c:\progra~1\Agnitum\OUTPOS~1.0\kernel\POP3FILT.DLL --> c:\progra~1\Agnitum\OUTPOS~1.0\kernel\POP3FILT.DLL [?]
S4 PROTECT.DLL;Outpost Firewall PlugIn (PROTECT.DLL);\??\c:\progra~1\Agnitum\OUTPOS~1.0\kernel\PROTECT.DLL --> c:\progra~1\Agnitum\OUTPOS~1.0\kernel\PROTECT.DLL [?]
S4 VFILT;Outpost Firewall Kernel Driver;\??\c:\progra~1\Agnitum\OUTPOS~1.0\kernel\2000\FILTNT.SYS --> c:\progra~1\Agnitum\OUTPOS~1.0\kernel\2000\FILTNT.SYS [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
NecUsb3Sevic REG_MULTI_SZ NecUsb3
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
belgium_id_card_service
swmsflt
ibmfilter
tvalz
USA49W2KP
s7otranx
DCamUSBEMPIA
SE2Bmgmt
BcmSqlStartupSvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-07 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 03:38]
.
2012-02-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 17:34]
.
2011-12-22 c:\windows\Tasks\shutdown.job
- c:\windows\system32\shutdown.exe [2004-02-12 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = https://exchange.georgiaemc.com/
uDefault_Search_URL = hxxp://srch-us10.hpwis.com/
mSearch Bar =
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
Trusted Zone: microsoft.com\www.update
TCP: DhcpNameServer = 97.81.22.195 71.92.29.130 24.217.201.67
TCP: Interfaces\{4745F59C-FBD1-4DED-BD5E-E2E880676947}: NameServer = 192.168.1.1
DPF: {C2CFE28D-36EA-4E38-A9E6-092E3C95070C} - hxxps://www.info1online.com/screens/GetLOSCab.asp?LOSType=151
DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} - hxxp://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\znjby5yg.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-IFEvuifXpHuouiv.exe - c:\documents and settings\All Users\Application Data\IFEvuifXpHuouiv.exe
Notify-intelsusb - ntusbw32.dll
SafeBoot-15621248.sys
SafeBoot-25295437.sys
SafeBoot-46626877.sys
SafeBoot-49076043.sys
SafeBoot-52979183.sys
SafeBoot-53498591.sys
SafeBoot-53831827.sys
SafeBoot-65127578.sys
SafeBoot-65481124.sys
SafeBoot-80413612.sys
SafeBoot-95614649.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-12 14:05
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\windows\$NtUninstallKB61552$:SummaryInformation 0 bytes hidden from API
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\redbook]
"ImagePath"="system32\drivers\tsk3.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ee,b9,34,d9,6e,a8,b7,4b,85,76,7b,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ee,b9,34,d9,6e,a8,b7,4b,85,76,7b,\
.
[HKEY_USERS\S-1-5-21-3688595327-2197772989-1471239438-1003\Software\SecuROM\License information*]
"datasecu"=hex:74,25,fe,4b,ba,d5,b6,6b,4d,be,58,f3,72,a7,30,bb,b9,bd,dd,bf,1b,
ef,80,dc,2a,e8,54,8a,88,0e,d1,da,e6,2d,91,b5,d0,3b,f3,7c,16,42,2a,a2,af,a2,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(524)
c:\windows\system32\USB3Sw32.dll
.
- - - - - - - > 'explorer.exe'(2600)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\RunDLL32.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\System32\ScsiAccess.EXE
c:\windows\system32\wdfmgr.exe
c:\windows\wanmpsvc.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2012-02-12 14:22:22 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-12 19:22
.
Pre-Run: 49,989,951,488 bytes free
Post-Run: 50,732,240,896 bytes free
.
- - End Of File - - 22298656F4D67C596FED0C19F2D955B7

Edit: After messing with it a few minutes, I don't believe it's fully "cleaned" or "back to normal". Sometimes I hear this like error message ding but I see no box pop up or anything like I would expect. I've only noticed this sound with no error message happening since I got infected.

Edited by drewdreworld, 12 February 2012 - 02:17 PM.

  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yep now we need to take out the respawner

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\WINDOWS\system32\clisvc.dll

Folder::
c:\windows\$NtUninstallKB61552$

NetSvc::
BcmSqlStartupSvc

Driver::
BcmSqlStartupSvc

Save this as CFScript.txt, in the same location as ComboFix.exe
Posted Image

Refering to the picture above, drag CFScript into ComboFix.exeWhen finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
  • 0

#8
drewdreworld

drewdreworld

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts
ComboFix 12-02-12.01 - Owner 02/12/2012 17:33:41.6.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1684 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
* Created a new restore point
.
FILE ::
"c:\windows\system32\clisvc.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\$NtUninstallKB61552$
c:\windows\$NtUninstallKB61552$\2074363647
c:\windows\$NtUninstallKB61552$\983354092\@
c:\windows\$NtUninstallKB61552$\983354092\cfg.ini
c:\windows\$NtUninstallKB61552$\983354092\Desktop.ini
c:\windows\$NtUninstallKB61552$\983354092\L\jagjohea
c:\windows\$NtUninstallKB61552$\983354092\U\[email protected]
c:\windows\$NtUninstallKB61552$\983354092\U\[email protected]
c:\windows\$NtUninstallKB61552$\983354092\U\[email protected]
c:\windows\$NtUninstallKB61552$\983354092\U\[email protected]
c:\windows\$NtUninstallKB61552$\983354092\U\[email protected]
c:\windows\$NtUninstallKB61552$\983354092\U\[email protected]
c:\windows\$NtUninstallKB61552$\983354092\version
c:\windows\system32\6to4v32.dll
c:\windows\system32\certstore.dat
c:\windows\system32\clisvc.dll
c:\windows\system32\drivers\etc\hosts.ics
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_6TO4
-------\Legacy_BCMSQLSTARTUPSVC
-------\Service_6to4
-------\Service_BcmSqlStartupSvc
.
.
((((((((((((((((((((((((( Files Created from 2012-01-12 to 2012-02-12 )))))))))))))))))))))))))))))))
.
.
2012-02-12 18:56 . 2008-04-13 19:15 64512 ----a-w- c:\windows\system32\drivers\Serial.sys
2012-02-12 18:02 . 2012-02-12 19:47 37888 ----a-w- c:\windows\system32\USB3Sw32.dll
2012-02-12 18:02 . 2012-02-12 19:47 156672 ----a-w- c:\windows\system32\NCUSBw32.dll
2012-02-11 21:44 . 2012-02-11 21:44 57600 ----a-w- c:\windows\system32\drivers\tsk3.tmp
2012-02-11 20:25 . 2012-02-11 20:25 -------- d-----w- c:\windows\PIF
2012-02-10 07:09 . 2012-02-12 11:36 -------- dc----w- C:\TDSSKiller_Quarantine
2012-02-10 05:50 . 2012-02-12 19:37 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-01-17 19:57 . 2012-02-06 06:04 -------- d-----w- c:\documents and settings\Owner\Application Data\Auslogics
2012-01-17 19:57 . 2012-02-06 20:45 -------- d-----w- c:\program files\Auslogics
2012-01-17 05:09 . 2012-01-17 19:56 -------- d-----w- c:\program files\Common Files\BioWare
2012-01-17 05:09 . 2012-01-17 05:09 -------- d-----w- c:\program files\Electronic Arts
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-11 21:25 . 2004-02-12 20:44 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-11 20:34 . 2004-01-21 00:04 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2012-02-10 18:44 . 2011-10-03 07:46 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
2011-12-10 20:24 . 2011-10-04 11:58 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-25 21:57 . 2004-01-21 00:04 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2004-01-21 00:04 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2004-02-12 20:21 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21 . 2004-07-18 00:34 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2004-02-12 20:21 152064 ----a-w- c:\windows\system32\schannel.dll
2010-08-12 02:10 . 2010-08-12 02:09 1715904 ----a-w- c:\program files\Synapse_FX_42.exe
2006-02-13 22:47 . 2006-02-13 22:47 10284336 ----a-w- c:\program files\Avast Setup.exe
2006-02-11 23:24 . 2006-02-11 23:24 1847742 ----a-w- c:\program files\InstallSB.exe
2006-01-08 21:42 . 2006-01-08 21:42 4057200 ----a-w- c:\program files\wmfdist.exe
2005-12-12 04:53 . 2005-12-12 04:53 937001 ----a-w- c:\program files\slsk156c.exe
2005-12-11 03:19 . 2005-12-11 03:19 1014477 ----a-w- c:\program files\wrar351.exe
2005-11-28 22:07 . 2005-11-28 22:07 34412848 ----a-w- c:\program files\iTunesSetup.exe
2005-08-10 14:56 . 2005-08-10 14:56 15591520 ----a-w- c:\program files\acdsee.exe
2005-07-05 03:47 . 2005-07-05 03:47 2439339 ----a-w- c:\program files\imgconvert.exe
2012-02-10 23:42 . 2011-12-27 09:17 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( [email protected]_19.03.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-02-12 22:50 . 2012-02-12 22:50 16384 c:\windows\temp\Perflib_Perfdata_60c.dat
+ 2004-08-04 06:14 . 2008-04-13 19:19 75264 c:\windows\system32\drivers\ipsec.sys
+ 2004-08-04 06:14 . 2008-04-13 19:19 75264 c:\windows\system32\dllcache\ipsec.sys
+ 2011-11-24 19:44 . 2012-02-12 19:51 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2011-11-24 19:44 . 2011-11-25 14:06 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-08-19 16:22 . 2012-02-12 19:51 65536 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-08-19 16:22 . 2011-11-25 14:06 65536 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2012-02-12 21:09 . 2012-02-12 19:51 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2011-11-24 14:41 . 2012-02-12 19:41 103733 c:\windows\system32\itusbcore.dat
- 2012-02-12 18:38 . 2012-02-10 20:40 162816 c:\windows\system32\drivers\netbt.sys
+ 2004-08-04 06:14 . 2008-04-13 19:21 162816 c:\windows\system32\drivers\netbt.sys
+ 2004-08-04 06:14 . 2008-04-13 19:21 162816 c:\windows\system32\dllcache\netbt.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2003-11-04 221184]
"NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-20 131072]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-10-08 16744256]
"NvMediaCenter"="NvMCTray.dll" [2011-10-08 203072]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2011-10-08 1632360]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\NecUsb3Sevices]
2012-02-12 19:47 37888 ----a-w- c:\windows\system32\USB3Sw32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\USB3Sw32]
2012-02-12 19:47 37888 ----a-w- c:\windows\system32\USB3Sw32.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Support.com\\bin\\tgcmd.exe"=
"c:\\Program Files\\Java\\j2re1.4.2_06\\bin\\javaw.exe"=
"c:\\Program Files\\Starcraft\\starcraft.exe"=
"c:\\Program Files\\Common Files\\AOL\\1102887009\\EE\\aim6.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\1102887009\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Common Files\\AOL\\1102887009\\EE\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Belkin\\USB F5D7050\\Wireless Utility\\Belkinwcui.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\Owner\\Desktop\\utorrent.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\GRETECH\\GomTVStreamer\\GomTVStreamerLive.exe"=
"c:\\Program Files\\StarCraft II\\StarCraft II.exe"=
"c:\\Program Files\\Real\\RealOne Player\\realplay.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\StarCraft II\\Versions\\Base19132\\SC2.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\StarCraft II\\Versions\\Base19679\\SC2.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"20:TCP"= 20:TCP:*:Disabled:BitComet 20 TCP
"20:UDP"= 20:UDP:*:Disabled:BitComet 20 UDP
"11274:TCP"= 11274:TCP:*:Disabled:BitComet 11274 TCP
"11274:UDP"= 11274:UDP:*:Disabled:BitComet 11274 UDP
"1119:TCP"= 1119:TCP:TCP SC2
"1119:UDP"= 1119:UDP:UDP SC2
"6113:UDP"= 6113:UDP:SC2
"1120:TCP"= 1120:TCP:SC2 TCP
"3724:TCP"= 3724:TCP:SC2 DLer
"6881:TCP"= 6881:TCP:TCP
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [9/1/2009 5:10 PM 64160]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [10/3/2011 12:37 AM 98392]
R2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [8/11/2010 9:10 PM 266240]
R2 NecUsb3;USB3 Service;c:\windows\System32\svchost.exe -k NecUsb3Sevic [2/12/2004 3:22 PM 14336]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [10/24/2011 1:52 PM 2253120]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [7/29/2009 4:19 PM 24652]
S0 49076043;49076043;c:\windows\system32\drivers\52437583.sys --> c:\windows\system32\drivers\52437583.sys [?]
S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\Owner\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\Owner\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\Owner\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS --> c:\docume~1\Owner\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS [?]
S2 mrtRate;mrtRate; [x]
S3 ECSIoDriver_1_1_0_0;ECSIoDriver_1_1_0_0;\??\f:\ecsiodriver.sys --> f:\ECSIoDriver.sys [?]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 9:49 AM 1029456]
S4 ADBLOCK.DLL;Outpost Firewall PlugIn (ADBLOCK.DLL);\??\c:\progra~1\Agnitum\OUTPOS~1.0\kernel\ADBLOCK.DLL --> c:\progra~1\Agnitum\OUTPOS~1.0\kernel\ADBLOCK.DLL [?]
S4 CONTENT.DLL;Outpost Firewall PlugIn (CONTENT.DLL);\??\c:\progra~1\Agnitum\OUTPOS~1.0\kernel\CONTENT.DLL --> c:\progra~1\Agnitum\OUTPOS~1.0\kernel\CONTENT.DLL [?]
S4 DNSCACHE.DLL;Outpost Firewall PlugIn (DNSCACHE.DLL);\??\c:\progra~1\Agnitum\OUTPOS~1.0\kernel\DNSCACHE.DLL --> c:\progra~1\Agnitum\OUTPOS~1.0\kernel\DNSCACHE.DLL [?]
S4 FTPFILT.DLL;Outpost Firewall PlugIn (FTPFILT.DLL);\??\c:\progra~1\Agnitum\OUTPOS~1.0\kernel\FTPFILT.DLL --> c:\progra~1\Agnitum\OUTPOS~1.0\kernel\FTPFILT.DLL [?]
S4 HTMLFILT.DLL;Outpost Firewall PlugIn (HTMLFILT.DLL);\??\c:\progra~1\Agnitum\OUTPOS~1.0\kernel\HTMLFILT.DLL --> c:\progra~1\Agnitum\OUTPOS~1.0\kernel\HTMLFILT.DLL [?]
S4 HTTPFILT.DLL;Outpost Firewall PlugIn (HTTPFILT.DLL);\??\c:\progra~1\Agnitum\OUTPOS~1.0\kernel\HTTPFILT.DLL --> c:\progra~1\Agnitum\OUTPOS~1.0\kernel\HTTPFILT.DLL [?]
S4 IMAPFILT.DLL;Outpost Firewall PlugIn (IMAPFILT.DLL);\??\c:\progra~1\Agnitum\OUTPOS~1.0\kernel\IMAPFILT.DLL --> c:\progra~1\Agnitum\OUTPOS~1.0\kernel\IMAPFILT.DLL [?]
S4 MAILFILT.DLL;Outpost Firewall PlugIn (MAILFILT.DLL);\??\c:\progra~1\Agnitum\OUTPOS~1.0\kernel\MAILFILT.DLL --> c:\progra~1\Agnitum\OUTPOS~1.0\kernel\MAILFILT.DLL [?]
S4 NNTPFILT.DLL;Outpost Firewall PlugIn (NNTPFILT.DLL);\??\c:\progra~1\Agnitum\OUTPOS~1.0\kernel\NNTPFILT.DLL --> c:\progra~1\Agnitum\OUTPOS~1.0\kernel\NNTPFILT.DLL [?]
S4 POP3FILT.DLL;Outpost Firewall PlugIn (POP3FILT.DLL);\??\c:\progra~1\Agnitum\OUTPOS~1.0\kernel\POP3FILT.DLL --> c:\progra~1\Agnitum\OUTPOS~1.0\kernel\POP3FILT.DLL [?]
S4 PROTECT.DLL;Outpost Firewall PlugIn (PROTECT.DLL);\??\c:\progra~1\Agnitum\OUTPOS~1.0\kernel\PROTECT.DLL --> c:\progra~1\Agnitum\OUTPOS~1.0\kernel\PROTECT.DLL [?]
S4 VFILT;Outpost Firewall Kernel Driver;\??\c:\progra~1\Agnitum\OUTPOS~1.0\kernel\2000\FILTNT.SYS --> c:\progra~1\Agnitum\OUTPOS~1.0\kernel\2000\FILTNT.SYS [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
NecUsb3Sevic REG_MULTI_SZ NecUsb3
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
belgium_id_card_service
swmsflt
ibmfilter
tvalz
USA49W2KP
s7otranx
DCamUSBEMPIA
SE2Bmgmt
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-07 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 03:38]
.
2012-02-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 17:34]
.
2011-12-22 c:\windows\Tasks\shutdown.job
- c:\windows\system32\shutdown.exe [2004-02-12 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = https://exchange.georgiaemc.com/
uDefault_Search_URL = hxxp://srch-us10.hpwis.com/
mSearch Bar =
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
Trusted Zone: microsoft.com\www.update
TCP: DhcpNameServer = 97.81.22.195 71.92.29.130 24.217.201.67
TCP: Interfaces\{4745F59C-FBD1-4DED-BD5E-E2E880676947}: NameServer = 192.168.1.1
DPF: {C2CFE28D-36EA-4E38-A9E6-092E3C95070C} - hxxps://www.info1online.com/screens/GetLOSCab.asp?LOSType=151
DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} - hxxp://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\znjby5yg.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-12 17:50
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\redbook]
"ImagePath"="system32\drivers\tsk3.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ee,b9,34,d9,6e,a8,b7,4b,85,76,7b,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ee,b9,34,d9,6e,a8,b7,4b,85,76,7b,\
.
[HKEY_USERS\S-1-5-21-3688595327-2197772989-1471239438-1003\Software\SecuROM\License information*]
"datasecu"=hex:74,25,fe,4b,ba,d5,b6,6b,4d,be,58,f3,72,a7,30,bb,b9,bd,dd,bf,1b,
ef,80,dc,2a,e8,54,8a,88,0e,d1,da,e6,2d,91,b5,d0,3b,f3,7c,16,42,2a,a2,af,a2,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(680)
c:\windows\system32\USB3Sw32.dll
.
- - - - - - - > 'explorer.exe'(644)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\RunDLL32.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\System32\ScsiAccess.EXE
c:\windows\system32\wdfmgr.exe
c:\windows\wanmpsvc.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2012-02-12 17:54:36 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-12 22:54
ComboFix2.txt 2012-02-12 19:22
.
Pre-Run: 50,482,999,296 bytes free
Post-Run: 50,688,933,888 bytes free
.
- - End Of File - - 399A5891C2479ED4605EC71CB4139695
  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
How is it behaving now ?

Any problems ?
  • 0

#10
drewdreworld

drewdreworld

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts
It seems to be pretty much all back to normal, thanks a lot!! =D =D =D I haven't had any issues the last 12 hours or so.. I had a google redirect sometime yesterday but I believe that was before our ComboFix fixes
  • 0

Advertisements


#11
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK a final sweep for orphans

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
  • 0

#12
drewdreworld

drewdreworld

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts
My mbam (or my computer, whichever) sometimes pretty much freezes partway thru scanning and it won't let me pause or abort it. If I don't do anything to it, sometimes it'll take like 3 hours to scan. However, sometimes I'll open my task manager and end the mbam.exe and start the scan over (the same kind of scan) and it'll only take like 3-5 minutes. Is this a virus symptom? or just part of still using a pc from 2004? =P

Edit: Scanning now, log on the way when finished

Edited by drewdreworld, 13 February 2012 - 11:38 PM.

  • 0

#13
drewdreworld

drewdreworld

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.15.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: DREW [administrator]

2/15/2012 3:25:05 AM
mbam-log-2012-02-15 (03-25-05).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 216625
Time elapsed: 1 hour(s), 33 minute(s), 53 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 1
C:\WINDOWS\system32\NCUSBw32.dll (Trojan.Dropper) -> Delete on reboot.

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 8
C:\WINDOWS\system32\NCUSBw32.dll (Trojan.Dropper) -> Delete on reboot.
C:\WINDOWS\system32\amdk8.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\avidstartup.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mail2ec.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\o2flash.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\p1131vid.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tb2launch.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wdica.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

(end)
  • 0

#14
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Is it still being slow on you ?
  • 0

#15
drewdreworld

drewdreworld

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts
The mbam was the last few scans. I haven't run it since I cleaned the last batch of infections though.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP