Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

multiple malware...strange symptoms

Started by btcm , Mar 29 2009 11:09 AM

  • Please log in to reply

#1
btcm
Posted 29 March 2009 - 11:09 AM

btcm

    New Member

  • Member
  • Pip
  • 6 posts
Hi to all of you experts out there:

Last week I was infected with malware but I didn't have the time to fix it/disinfect it myself until the weekend. However, now the problem has gotten out of control to a point where I seriously require assistance. Here's what I've done so far and some of the problems that I'm still seeing.

I started with annoying popups, so I ran HJT, identified a couple malicious files, realized that they could not be deleted in XP, got my boot disc, and deleted them in DOS. Afterwards, I ran regedit in safe mode, and deleted all the keys associated with those malicious files. This has worked before in the past, but this is when I knew I was in over my head...

Problems I see now:
1. My administrator access in safemode is now password protected; I can't log in as administrator.
2. Editing of my registry has been "disabled by my administrator"
3. Copy paste does not work, which is VERY annoying. This includes drag and drop off of flash drives and CDs.
4. my taskbar (the little blue bar on the bottom which shows all the open windows) does not work. I have to alt-tab to jump from window to window.
5. Several anti-malware programs fail to launch/fail to install
6. My computer takes a long time to start up currently doesn't want to shut down (it freezes at the "Saving Your Settings" screen)
7. Task Manager identifies no users associated with the processes. I tried enabling the service, but at the moment, it will not allow me to do so.

I've tried my best to carry out all the steps listed in the "Malware and Spyware Cleaning Guide", but there were some steps I could not do. Malware Bytes had a problem launching, even after .exe file/install file rename. I ran Dr. Web's Cure It in its place. The free anti viruses won't install and rooter.exe is currently unavailable for download because of bandwidth issues.

Thanks in advance for all of your help.

Edited by btcm, 29 March 2009 - 11:18 AM.

  • 0

Advertisements

#2
kahdah
Posted 05 April 2009 - 09:42 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello btcm

Welcome to G2Go. :)
=====================
  • Download OTListIt2 to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

  • 0

#3
btcm
Posted 05 April 2009 - 11:10 AM

btcm

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hi kahdah, thanks for the help and the welcome.

OTListIt logfile created on: 4/5/2009 9:53:34 AM - Run 4
OTListIt2 by OldTimer - Version 2.0.7.2 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.80 Mb Total Physical Memory | 136.76 Mb Available Physical Memory | 26.77% Memory free
1.07 Gb Paging File | 0.79 Gb Available in Paging File | 73.25% Paging File free
Paging file location(s): C:\pagefile.sys 20 150;G:\pagefile.sys 600 1000;

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 37.27 Gb Total Space | 8.86 Gb Free Space | 23.78% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 58.59 Gb Total Space | 22.93 Gb Free Space | 39.13% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BIGTALCHINEZMAN
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\WINNT\system32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
PRC - C:\WINNT\system32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\WINNT\Explorer.EXE (Microsoft Corporation)
PRC - C:\WINNT\system32\SK9910DM.EXE (Silitek Corporation)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\WINNT\system32\LEXBCES.EXE (Lexmark International, Inc.)
PRC - C:\WINNT\system32\LEXPPS.EXE (Lexmark International, Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe (Raxco Software, Inc.)
PRC - C:\WINNT\system32\wdfmgr.exe (Microsoft Corporation)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe (Raxco Software, Inc.)
PRC - C:\WINNT\System32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\WINNT\system32\wscntfy.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\Owner\Desktop\OTListIt2.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Win32 Services (SafeList) ==========

SRV - (aawservice [Auto | Running]) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
SRV - (Adobe LM Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (Ati HotKey Poller [Auto | Running]) -- C:\WINNT\system32\Ati2evxx.exe (ATI Technologies Inc.)
SRV - (ATI Smart [Disabled | Stopped]) -- C:\WINNT\system32\ati2sgag.exe ()
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (CVPND [Auto | Running]) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINNT\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (LexBceS [Auto | Running]) -- C:\WINNT\system32\LEXBCES.EXE (Lexmark International, Inc.)
SRV - (Macromedia Licensing Service [Disabled | Stopped]) -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe ()
SRV - (NMSSvc [Auto | Stopped]) -- C:\WINNT\System32\NMSSvc.exe (Intel Corporation)
SRV - (NVSvc [Auto | Stopped]) -- C:\WINNT\system32\nvsvc32.exe (NVIDIA Corporation)
SRV - (PDAgent [Auto | Running]) -- C:\Program Files\Raxco\PerfectDisk\PDAgent.exe (Raxco Software, Inc.)
SRV - (PDEngine [On_Demand | Running]) -- C:\Program Files\Raxco\PerfectDisk\PDEngine.exe (Raxco Software, Inc.)
SRV - (PictureTaker [Disabled | Stopped]) -- File not found
SRV - (UMWdf [Auto | Running]) -- C:\WINNT\system32\wdfmgr.exe (Microsoft Corporation)
SRV - (WANMiniportService [Disabled | Stopped]) -- File not found

========== Driver Services (SafeList) ==========

DRV - (ac97intc [On_Demand | Stopped]) -- C:\WINNT\system32\drivers\ac97intc.sys (Intel Corporation)
DRV - (ati2mtag [On_Demand | Running]) -- C:\WINNT\system32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (BCMModem [On_Demand | Stopped]) -- C:\WINNT\System32\DRIVERS\BCMDM.sys (BCM)
DRV - (Cdr4_xp [System | Running]) -- C:\WINNT\System32\drivers\cdr4_xp.sys (Sonic Solutions)
DRV - (Cdralw2k [System | Running]) -- C:\WINNT\System32\drivers\cdralw2k.sys (Sonic Solutions)
DRV - (cdudf_xp [System | Running]) -- C:\WINNT\System32\drivers\cdudf_xp.sys (Roxio)
DRV - (ctac32k [On_Demand | Running]) -- C:\WINNT\System32\drivers\ctac32k.sys (Creative Technology Ltd)
DRV - (ctaud2k [On_Demand | Running]) -- C:\WINNT\system32\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV - (ctljystk [On_Demand | Stopped]) -- C:\WINNT\system32\DRIVERS\ctljystk.sys (Creative Technology Ltd.)
DRV - (ctprxy2k [On_Demand | Running]) -- C:\WINNT\System32\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV - (ctsfm2k [On_Demand | Running]) -- C:\WINNT\System32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (CVirtA [On_Demand | Stopped]) -- C:\WINNT\system32\DRIVERS\CVirtA.sys (Cisco Systems, Inc.)
DRV - (CVPNDRVA [Auto | Running]) -- C:\WINNT\system32\Drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (DefragFS [Boot | Running]) -- C:\WINNT\System32\drivers\DefragFs.sys (Raxco Software, Inc.)
DRV - (DNE [On_Demand | Running]) -- C:\WINNT\system32\DRIVERS\dne2000.sys (Deterministic Networks, Inc.)
DRV - (dvd_2K [On_Demand | Running]) -- C:\WINNT\System32\drivers\Dvd_2k.sys (Roxio)
DRV - (E100B [On_Demand | Running]) -- C:\WINNT\System32\DRIVERS\e100b325.sys (Intel Corporation)
DRV - (EL90XBC [On_Demand | Stopped]) -- C:\WINNT\System32\DRIVERS\el90xbc5.sys (3Com Corporation)
DRV - (emupia [On_Demand | Running]) -- C:\WINNT\System32\drivers\emupia2k.sys (Creative Technology Ltd)
DRV - (gameenum [On_Demand | Running]) -- C:\WINNT\system32\DRIVERS\gameenum.sys (Microsoft Corporation)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINNT\SYSTEM32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (GTWModem [On_Demand | Stopped]) -- C:\WINNT\System32\DRIVERS\GWMDM.sys (GTW)
DRV - (ha10kx2k [On_Demand | Running]) -- C:\WINNT\system32\drivers\ha10kx2k.sys (Creative Technology Ltd)
DRV - (hamachi [On_Demand | Stopped]) -- C:\WINNT\system32\DRIVERS\hamachi.sys (LogMeIn, Inc.)
DRV - (mmc_2K [On_Demand | Running]) -- C:\WINNT\System32\drivers\Mmc_2k.sys (Roxio)
DRV - (MODEMCSA [On_Demand | Stopped]) -- C:\WINNT\system32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (MxlW2k [On_Demand | Running]) -- C:\WINNT\System32\drivers\MxlW2k.sys (MusicMatch, Inc.)
DRV - (ndiscm [On_Demand | Stopped]) -- C:\WINNT\system32\DRIVERS\NetMotCM.sys (Motorola Inc.)
DRV - (nv [On_Demand | Stopped]) -- C:\WINNT\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (nv4 [On_Demand | Stopped]) -- C:\WINNT\System32\DRIVERS\nv4.sys (NVIDIA Corporation)
DRV - (ossrv [On_Demand | Running]) -- C:\WINNT\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (pavboot [Boot | Running]) -- C:\WINNT\system32\drivers\pavboot.sys (Panda Security, S.L.)
DRV - (PcdrNt [On_Demand | Stopped]) -- C:\WINNT\System32\drivers\PcdrNt.sys (PC-Doctor Inc.)
DRV - (PfModNT [Auto | Running]) -- C:\WINNT\system32\PfModNT.sys (Creative Technology Ltd.)
DRV - (PRISM_USB [On_Demand | Stopped]) -- C:\WINNT\system32\DRIVERS\PRISMUSB.sys (Intersil Americas Inc.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINNT\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (pwd_2k [System | Running]) -- C:\WINNT\System32\drivers\pwd_2K.sys (Roxio)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINNT\System32\DRIVERS\PxHelp20.sys (Sonic Solutions)
DRV - (QV2KUX [On_Demand | Stopped]) -- C:\WINNT\System32\DRIVERS\qv2kux.sys (Microsoft Corporation)
DRV - (RioPNP [Auto | Running]) -- C:\WINNT\System32\drivers\RioPnP.sys (RioPort.com)
DRV - (Secdrv [Auto | Running]) -- C:\WINNT\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (Sk99202k [On_Demand | Running]) -- C:\WINNT\System32\DRIVERS\Sk99202k.sys (Silitek Corp.)
DRV - (Sk9920nt [System | Running]) -- C:\WINNT\System32\DRIVERS\Sk9920nt.sys (Silitek Corp.)
DRV - (smwdm [On_Demand | Stopped]) -- C:\WINNT\system32\drivers\smwdm.sys (Analog Devices, Inc.)
DRV - (SYMIDS [On_Demand | Stopped]) -- C:\WINNT\System32\Drivers\SYMIDS.SYS (Symantec Corporation)
DRV - (tmcomm [Auto | Running]) -- C:\WINNT\system32\drivers\tmcomm.sys (Trend Micro Inc.)
DRV - (UdfReadr_xp [System | Running]) -- C:\WINNT\System32\drivers\udfreadr_xp.sys (Roxio)
DRV - (ultra [Boot | Running]) -- C:\WINNT\System32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\WINNT\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (vsdatant [On_Demand | Stopped]) -- C:\WINNT\system32\vsdatant.sys (Zone Labs Inc.)
DRV - (wanatw [On_Demand | Running]) -- C:\WINNT\System32\DRIVERS\wanatw4.sys (America Online, Inc.)
DRV - (WmBEnum [On_Demand | Running]) -- C:\WINNT\system32\drivers\WmBEnum.sys (Logitech Inc.)
DRV - (WmFilter [On_Demand | Stopped]) -- C:\WINNT\system32\drivers\WmFilter.sys (Logitech Inc.)
DRV - (WmVirHid [On_Demand | Stopped]) -- C:\WINNT\system32\drivers\WmVirHid.sys (Logitech Inc.)
DRV - (WmXlCore [On_Demand | Running]) -- C:\WINNT\system32\drivers\WmXlCore.sys (Logitech Inc.)

========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/01/21 20:53:43 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/03/28 20:12:06 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/03/28 20:12:06 | 00,000,000 | ---D | M]

[2008/07/16 10:56:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Extensions
[2008/07/16 10:56:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2007/09/16 13:17:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\eo0yty30.Default User\extensions
[2006/05/17 20:37:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\xvuwlzka.default\extensions
[2006/05/17 20:37:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\xvuwlzka.default\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/04/02 16:46:26 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/03/28 20:11:50 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/05/09 22:34:53 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
[2007/08/07 17:08:23 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
[2007/10/11 22:39:17 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008/03/08 23:36:12 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2008/09/13 07:29:32 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/01/21 20:54:10 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/03/28 20:11:50 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/03/28 20:11:50 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/10/29 23:00:50 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/10/29 23:00:50 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/10/29 23:00:50 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/10/29 23:00:50 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/10/29 23:00:50 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/10/29 23:00:50 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/10/29 23:00:50 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (27 bytes) - C:\WINNT\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - Reg Error: Key error. File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINNT\System32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINNT\system32\SHELL32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll (Google Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINNT\System32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINNT\system32\SHELL32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE (Silitek Corporation)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 (DT Soft Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINNT\Installer\{6DC47739-3BB0-4494-A43D-193BF54070AE}\Icon3E5562ED7.ico ()
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe (America Online, Inc.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [Tcpip] - C:\WINNT\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [NTDS] - C:\WINNT\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [Network Location Awareness (NLA) Namespace] - C:\WINNT\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINNT\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINNT\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINNT\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINNT\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINNT\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINNT\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINNT\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINNT\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINNT\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINNT\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINNT\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINNT\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINNT\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINNT\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINNT\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINNT\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINNT\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINNT\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINNT\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINNT\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINNT\system32\mswsock.dll (Microsoft Corporation)
O12 - Plugin for: .spop - Reg Error: Value error. File not found
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Sites: ([]msn in My Computer)
O16 - DPF: {00000161-0000-0010-8000-00AA00389B71} http://codecs.micros...386/msaudio.cab (Reg Error: Key error.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} http://www.creative....031/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} http://a1540.g.akama...meInstaller.exe (Reg Error: Key error.)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebo...otoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {68BCE50A-DC9B-4519-A118-6FDA19DB450D} http://www.blizzard....des/cabs/si.cab (Info Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.1_02)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: ActiveGS.cab http://www.virtualap...rg/activegs.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINNT\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Filter: - Class Install Handler - C:\WINNT\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\WINNT\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\WINNT\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - lzdhtml - C:\WINNT\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/webviewhtml - C:\WINNT\system32\SHELL32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINNT\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINNT\system32\userinit.exe) - C:\WINNT\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINNT\system32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINNT\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINNT\system32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINNT\system32\Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINNT\system32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINNT\system32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINNT\system32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINNT\System32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINNT\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINNT\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINNT\system32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINNT\system32\WlNotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINNT\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINNT\system32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINNT\system32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINNT\system32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINNT\system32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINNT\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINNT\system32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINNT\System32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINNT\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O27 - HKLM IFEO\Your Image File Name Here without a path: Debugger - C:\WINNT\System32\ntsd.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINNT\system32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINNT\system32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - ( schannel.dll) - C:\WINNT\system32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - ( digest.dll) - C:\WINNT\system32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - ( msnsspc.dll) - C:\WINNT\system32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINNT\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINNT\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINNT\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINNT\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINNT\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (PDBoot.exe) - C:\WINNT\system32\PDBoot.exe (Raxco Software, Inc.)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINNT\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[9 C:\WINNT\*.tmp files]
[2009/04/04 11:09:59 | 00,014,720 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\dac960nt.sys
[2009/04/04 11:09:51 | 00,049,792 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\cyzport.sys
[2009/04/04 11:09:51 | 00,027,648 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\cyzports.dll
[2009/04/04 11:09:50 | 00,027,648 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\cyyports.dll
[2009/04/04 11:09:50 | 00,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\cyzcoins.dll
[2009/04/04 11:09:49 | 00,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\cyyport.sys
[2009/04/04 11:09:49 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\cyycoins.dll
[2009/04/04 11:09:48 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\cyclom-y.sys
[2009/04/04 11:09:47 | 00,048,640 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINNT\System32\dllcache\cwrwdm.sys
[2009/04/04 11:09:47 | 00,017,152 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\cyclad-z.sys
[2009/04/04 11:09:46 | 00,111,872 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINNT\System32\dllcache\cwcspud.sys
[2009/04/04 11:09:46 | 00,093,952 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINNT\System32\dllcache\cwcwdm.sys
[2009/04/04 11:09:45 | 00,072,832 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINNT\System32\dllcache\cwbwdm.sys
[2009/04/04 11:09:45 | 00,003,584 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINNT\System32\dllcache\cwcosnt5.sys
[2009/04/04 11:09:44 | 00,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINNT\System32\dllcache\cwbmidi.sys
[2009/04/04 11:09:43 | 00,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINNT\System32\dllcache\cwbase.sys
[2009/04/04 11:09:42 | 00,249,856 | ---- | C] (Comtrol® Corporation) -- C:\WINNT\System32\dllcache\ctmasetp.dll
[2009/04/04 11:09:38 | 00,175,104 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\csamsp.dll
[2009/04/04 11:09:35 | 00,216,064 | ---- | C] (COMPAQ Inc.) -- C:\WINNT\System32\dllcache\cpscan.dll
[2009/04/04 11:09:34 | 00,060,970 | ---- | C] (Compaq Computer Corp.) -- C:\WINNT\System32\dllcache\cpqtrnd5.sys
[2009/04/04 11:09:34 | 00,021,533 | ---- | C] (Compaq Computer Corporation) -- C:\WINNT\System32\dllcache\cpqndis5.sys
[2009/04/04 11:09:33 | 00,014,976 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\cpqarray.sys
[2009/04/04 11:09:27 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\compbatt.sys
[2009/04/04 11:09:25 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\cnusd.dll
[2009/04/04 11:09:23 | 00,020,736 | ---- | C] (OMNIKEY AG) -- C:\WINNT\System32\dllcache\cmbp0wdm.sys
[2009/04/04 11:09:23 | 00,013,952 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\cmbatt.sys
[2009/04/04 11:09:22 | 00,248,064 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\cl546xm.sys
[2009/04/04 11:09:21 | 00,170,880 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\cl546x.dll
[2009/04/04 11:09:21 | 00,111,232 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\cl5465.dll
[2009/04/04 11:09:20 | 00,045,696 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\cirrus.sys
[2009/04/04 11:09:19 | 00,091,264 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\cirrus.dll
[2009/04/04 11:09:18 | 00,272,640 | ---- | C] (RAVISENT Technologies Inc.) -- C:\WINNT\System32\dllcache\cinemclc.sys
[2009/04/04 11:09:17 | 00,980,034 | ---- | C] (Xircom) -- C:\WINNT\System32\dllcache\cicap.sys
[2009/04/04 11:09:15 | 00,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\chtbrkr.dll
[2009/04/04 11:09:14 | 01,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\chsbrkr.dll
[2009/04/04 11:09:11 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\changer.sys
[2009/04/04 11:09:09 | 00,049,182 | ---- | C] (Xircom, Inc.) -- C:\WINNT\System32\dllcache\cem56n5.sys
[2009/04/04 11:09:09 | 00,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINNT\System32\dllcache\cem33n5.sys
[2009/04/04 11:09:08 | 00,027,164 | ---- | C] (Xircom, Inc.) -- C:\WINNT\System32\dllcache\ce3n5.sys
[2009/04/04 11:09:08 | 00,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINNT\System32\dllcache\cem28n5.sys
[2009/04/04 11:09:07 | 00,021,530 | ---- | C] (Xircom, Inc.) -- C:\WINNT\System32\dllcache\ce2n5.sys
[2009/04/04 11:09:06 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\cd20xrnt.sys
[2009/04/04 11:09:05 | 00,714,698 | ---- | C] (Xircom, Inc.) -- C:\WINNT\System32\dllcache\cbmdmkxx.sys
[2009/04/04 11:09:04 | 00,046,108 | ---- | C] (Xircom, Inc.) -- C:\WINNT\System32\dllcache\cben5.sys
[2009/04/04 11:09:04 | 00,039,680 | ---- | C] (Silicom Ltd.) -- C:\WINNT\System32\dllcache\cb325.sys
[2009/04/04 11:09:03 | 00,037,916 | ---- | C] (Fast Ethernet Controller Provider) -- C:\WINNT\System32\dllcache\cb102.sys
[2009/04/04 11:09:02 | 00,164,923 | ---- | C] (Eicon Technology) -- C:\WINNT\System32\dllcache\diapi2.sys
[2009/04/04 11:09:02 | 00,032,256 | ---- | C] (Eicon Technology Corporation) -- C:\WINNT\System32\dllcache\diapi2NT.dll
[2009/04/04 11:09:00 | 00,121,856 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\camext30.dll
[2009/04/04 11:09:00 | 00,116,736 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\camext30.ax
[2009/04/04 11:08:59 | 00,236,032 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\camext20.dll
[2009/04/04 11:08:58 | 00,244,224 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\camext20.ax
[2009/04/04 11:08:58 | 00,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\camexo20.dll
[2009/04/04 11:08:57 | 00,171,264 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\camdrv30.sys
[2009/04/04 11:08:57 | 00,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\camexo20.ax
[2009/04/04 11:08:56 | 00,314,752 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\camdro21.sys
[2009/04/04 11:08:56 | 00,223,232 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\camdrv21.sys
[2009/04/04 11:08:53 | 00,066,594 | ---- | C] () -- C:\WINNT\System32\dllcache\c_864.nls
[2009/04/04 11:08:53 | 00,066,082 | ---- | C] () -- C:\WINNT\System32\dllcache\c_870.nls
[2009/04/04 11:08:52 | 00,066,594 | ---- | C] () -- C:\WINNT\System32\dllcache\c_862.nls
[2009/04/04 11:08:52 | 00,066,594 | ---- | C] () -- C:\WINNT\System32\dllcache\c_858.nls
[2009/04/04 11:08:51 | 00,066,594 | ---- | C] () -- C:\WINNT\System32\dllcache\c_720.nls
[2009/04/04 11:08:50 | 00,066,082 | ---- | C] () -- C:\WINNT\System32\dllcache\c_708.nls
[2009/04/04 11:08:50 | 00,066,082 | ---- | C] () -- C:\WINNT\System32\dllcache\c_28596.nls
[2009/04/04 11:08:49 | 00,066,082 | ---- | C] () -- C:\WINNT\System32\dllcache\c_21027.nls
[2009/04/04 11:08:49 | 00,066,082 | ---- | C] () -- C:\WINNT\System32\dllcache\c_21025.nls
[2009/04/04 11:08:48 | 00,177,698 | ---- | C] () -- C:\WINNT\System32\dllcache\c_20949.nls
[2009/04/04 11:08:48 | 00,173,602 | ---- | C] () -- C:\WINNT\System32\dllcache\c_20936.nls
[2009/04/04 11:08:47 | 00,180,770 | ---- | C] () -- C:\WINNT\System32\dllcache\c_20932.nls
[2009/04/04 11:08:47 | 00,066,082 | ---- | C] () -- C:\WINNT\System32\dllcache\c_20924.nls
[2009/04/04 11:08:46 | 00,066,082 | ---- | C] () -- C:\WINNT\System32\dllcache\c_20880.nls
[2009/04/04 11:08:46 | 00,066,082 | ---- | C] () -- C:\WINNT\System32\dllcache\c_20871.nls
[2009/04/04 11:08:45 | 00,066,082 | ---- | C] () -- C:\WINNT\System32\dllcache\c_20838.nls
[2009/04/04 11:08:45 | 00,066,082 | ---- | C] () -- C:\WINNT\System32\dllcache\c_20833.nls
[2009/04/04 11:08:44 | 00,066,082 | ---- | C] () -- C:\WINNT\System32\dllcache\c_20424.nls
[2009/04/04 11:08:44 | 00,066,082 | ---- | C] () -- C:\WINNT\System32\dllcache\c_20423.nls
[2009/04/04 11:08:43 | 00,066,082 | ---- | C] () -- C:\WINNT\System32\dllcache\c_20420.nls
[2009/04/04 11:08:43 | 00,066,082 | ---- | C] () -- C:\WINNT\System32\dllcache\c_20297.nls
[2009/04/04 11:08:42 | 00,066,082 | ---- | C] () -- C:\WINNT\System32\dllcache\c_20290.nls
[2009/04/04 11:08:42 | 00,066,082 | ---- | C] () -- C:\WINNT\System32\dllcache\c_20285.nls
[2009/04/04 11:08:41 | 00,066,082 | ---- | C] () -- C:\WINNT\System32\dllcache\c_20284.nls
[2009/04/04 11:08:41 | 00,066,082 | ---- | C] () -- C:\WINNT\System32\dllcache\c_20280.nls
[2009/04/04 11:08:41 | 00,066,082 | ---- | C] () -- C:\WINNT\System32\dllcache\c_20278.nls
[2009/04/04 11:08:40 | 00,066,082 | ---- | C] () -- C:\WINNT\System32\dllcache\c_20277.nls
[2009/04/04 11:08:40 | 00,066,082 | ---- | C] () -- C:\WINNT\System32\dllcache\c_20273.nls
[2009/04/04 11:08:39 | 00,066,082 | ---- | C] () -- C:\WINNT\System32\dllcache\c_20269.nls
[2009/04/04 11:08:39 | 00,066,082 | ---- | C] () -- C:\WINNT\System32\dllcache\c_20108.nls
[2009/04/04 11:08:38 | 00,066,082 | ---- | C] () -- C:\WINNT\System32\dllcache\c_20107.nls
[2009/04/04 11:08:38 | 00,066,082 | ---- | C] () -- C:\WINNT\System32\dllcache\c_20106.nls
[2009/04/04 11:08:37 | 00,187,938 | ---- | C] () -- C:\WINNT\System32\dllcache\c_20005.nls
[2009/04/04 11:08:37 | 00,066,082 | ---- | C] () -- C:\WINNT\System32\dllcache\c_20105.nls
[2009/04/04 11:08:36 | 00,185,378 | ---- | C] () -- C:\WINNT\System32\dllcache\c_20003.nls
[2009/04/04 11:08:36 | 00,180,258 | ---- | C] () -- C:\WINNT\System32\dllcache\c_20004.nls
[2009/04/04 11:08:35 | 00,186,402 | ---- | C] () -- C:\WINNT\System32\dllcache\c_20001.nls
[2009/04/04 11:08:35 | 00,173,602 | ---- | C] () -- C:\WINNT\System32\dllcache\c_20002.nls
[2009/04/04 11:08:34 | 00,189,986 | ---- | C] () -- C:\WINNT\System32\dllcache\c_1361.nls
[2009/04/04 11:08:34 | 00,180,258 | ---- | C] () -- C:\WINNT\System32\dllcache\c_20000.nls
[2009/04/04 11:08:33 | 00,066,082 | ---- | C] () -- C:\WINNT\System32\dllcache\c_1149.nls
[2009/04/04 11:08:32 | 00,066,082 | ---- | C] () -- C:\WINNT\System32\dllcache\c_1148.nls
[2009/04/04 11:08:32 | 00,066,082 | ---- | C] () -- C:\WINNT\System32\dllcache\c_1147.nls
[2009/04/04 11:08:31 | 00,066,082 | ---- | C] () -- C:\WINNT\System32\dllcache\c_1146.nls
[2009/04/04 11:08:31 | 00,066,082 | ---- | C] () -- C:\WINNT\System32\dllcache\c_1145.nls
[2009/04/04 11:08:30 | 00,066,082 | ---- | C] () -- C:\WINNT\System32\dllcache\c_1144.nls
[2009/04/04 11:08:30 | 00,066,082 | ---- | C] () -- C:\WINNT\System32\dllcache\c_1143.nls
[2009/04/04 11:08:29 | 00,066,082 | ---- | C] () -- C:\WINNT\System32\dllcache\c_1142.nls
[2009/04/04 11:08:29 | 00,066,082 | ---- | C] () -- C:\WINNT\System32\dllcache\c_1141.nls
[2009/04/04 11:08:28 | 00,066,082 | ---- | C] () -- C:\WINNT\System32\dllcache\c_1140.nls
[2009/04/04 11:08:28 | 00,066,082 | ---- | C] () -- C:\WINNT\System32\dllcache\c_1047.nls
[2009/04/04 11:08:27 | 00,173,602 | ---- | C] () -- C:\WINNT\System32\dllcache\c_10008.nls
[2009/04/04 11:08:27 | 00,066,082 | ---- | C] () -- C:\WINNT\System32\dllcache\c_10021.nls
[2009/04/04 11:08:26 | 00,066,082 | ---- | C] () -- C:\WINNT\System32\dllcache\c_10005.nls
[2009/04/04 11:08:26 | 00,066,082 | ---- | C] () -- C:\WINNT\System32\dllcache\c_10004.nls
[2009/04/04 11:08:25 | 00,195,618 | ---- | C] () -- C:\WINNT\System32\dllcache\c_10002.nls
[2009/04/04 11:08:25 | 00,177,698 | ---- | C] () -- C:\WINNT\System32\dllcache\c_10003.nls
[2009/04/04 11:08:24 | 00,162,850 | ---- | C] () -- C:\WINNT\System32\dllcache\c_10001.nls
[2009/04/04 11:08:24 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\bulltlp3.sys
[2009/04/04 11:08:23 | 00,031,529 | ---- | C] (BreezeCOM) -- C:\WINNT\System32\dllcache\brzwlan.sys
[2009/04/04 11:08:22 | 00,011,008 | ---- | C] (Brother Industries Ltd.) -- C:\WINNT\System32\dllcache\brusbmdm.sys
[2009/04/04 11:08:22 | 00,010,368 | ---- | C] (Brother Industries Ltd.) -- C:\WINNT\System32\dllcache\brusbscn.sys
[2009/04/04 11:08:21 | 00,060,416 | ---- | C] (Brother Industries Ltd.) -- C:\WINNT\System32\dllcache\brserwdm.sys
[2009/04/04 11:08:21 | 00,009,728 | ---- | C] (Brother Industries, Ltd.) -- C:\WINNT\System32\dllcache\brserif.dll
[2009/04/04 11:08:20 | 00,005,120 | ---- | C] (Brother Industries,Ltd.) -- C:\WINNT\System32\dllcache\brscnrsm.dll
[2009/04/04 11:08:19 | 00,039,552 | ---- | C] (Brother Industries Ltd.) -- C:\WINNT\System32\dllcache\brparwdm.sys
[2009/04/04 11:08:19 | 00,003,168 | ---- | C] (Brother Industries Ltd.) -- C:\WINNT\System32\dllcache\brparimg.sys
[2009/04/04 11:08:18 | 00,041,472 | ---- | C] (Brother Industries, Ltd.) -- C:\WINNT\System32\dllcache\brmfusb.dll
[2009/04/04 11:08:17 | 00,032,256 | ---- | C] (Brother Industries, Ltd.) -- C:\WINNT\System32\dllcache\brmfrsmg.exe
[2009/04/04 11:08:17 | 00,029,696 | ---- | C] (Brother Industries, Ltd.) -- C:\WINNT\System32\dllcache\brmflpt.dll
[2009/04/04 11:08:16 | 00,081,408 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\brmfcwia.dll
[2009/04/04 11:08:16 | 00,015,360 | ---- | C] (Brother Industries, Ltd.) -- C:\WINNT\System32\dllcache\brmfbidi.dll
[2009/04/04 11:08:15 | 00,012,160 | ---- | C] (Brother Industries, Ltd.) -- C:\WINNT\System32\dllcache\brfiltlo.sys
[2009/04/04 11:08:15 | 00,003,968 | ---- | C] (Brother Industries, Ltd.) -- C:\WINNT\System32\dllcache\brfiltup.sys
[2009/04/04 11:08:14 | 00,002,944 | ---- | C] (Brother Industries Ltd.) -- C:\WINNT\System32\dllcache\brfilt.sys
[2009/04/04 11:08:13 | 00,012,800 | ---- | C] (Brother Industries, Ltd.) -- C:\WINNT\System32\dllcache\brevif.dll
[2009/04/04 11:08:13 | 00,009,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINNT\System32\dllcache\brcoinst.dll
[2009/04/04 11:08:12 | 00,082,172 | ---- | C] () -- C:\WINNT\System32\dllcache\bopomofo.nls
[2009/04/04 11:08:12 | 00,019,456 | ---- | C] (Brother Industries, Ltd.) -- C:\WINNT\System32\dllcache\brbidiif.dll
[2009/04/04 11:08:11 | 00,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\binlsvc.dll
[2009/04/04 11:08:10 | 00,066,728 | ---- | C] () -- C:\WINNT\System32\dllcache\big5.nls
[2009/04/04 11:08:07 | 00,036,128 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINNT\System32\dllcache\banshee.sys
[2009/04/04 11:08:07 | 00,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\battc.sys
[2009/04/04 11:08:06 | 00,342,336 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINNT\System32\dllcache\banshee.dll
[2009/04/04 11:08:05 | 00,089,952 | ---- | C] (AVM GmbH) -- C:\WINNT\System32\dllcache\b1cbase.sys
[2009/04/04 11:08:04 | 00,037,568 | ---- | C] (AVM GmbH) -- C:\WINNT\System32\dllcache\avmwan.sys
[2009/04/04 11:08:04 | 00,036,992 | ---- | C] (Aztech Systems Ltd) -- C:\WINNT\System32\dllcache\aztw2320.sys
[2009/04/04 11:08:03 | 00,144,384 | ---- | C] (AVM GmbH) -- C:\WINNT\System32\dllcache\avmenum.dll
[2009/04/04 11:08:03 | 00,087,552 | ---- | C] (AVM GmbH) -- C:\WINNT\System32\dllcache\avmcoxp.dll
[2009/04/04 11:08:02 | 00,013,696 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\avcstrm.sys
[2009/04/04 11:08:01 | 00,036,096 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\avcaudio.sys
[2009/04/04 11:08:00 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\avc.sys
[2009/04/04 11:07:59 | 00,023,552 | ---- | C] () -- C:\WINNT\System32\dllcache\atixbar.sys
[2009/04/04 11:07:58 | 00,026,624 | ---- | C] () -- C:\WINNT\System32\dllcache\ativxbar.sys
[2009/04/04 11:07:58 | 00,019,456 | ---- | C] () -- C:\WINNT\System32\dllcache\ativttxx.sys
[2009/04/04 11:07:57 | 00,009,472 | ---- | C] () -- C:\WINNT\System32\dllcache\ativmdcd.sys
[2009/04/04 11:07:56 | 00,017,152 | ---- | C] () -- C:\WINNT\System32\dllcache\atitvsnd.sys
[2009/04/04 11:07:56 | 00,017,152 | ---- | C] () -- C:\WINNT\System32\dllcache\atitunep.sys
[2009/04/04 11:07:55 | 00,049,920 | ---- | C] () -- C:\WINNT\System32\dllcache\atirtcap.sys
[2009/04/04 11:07:55 | 00,026,880 | ---- | C] () -- C:\WINNT\System32\dllcache\atirtsnd.sys
[2009/04/04 11:07:53 | 00,010,240 | ---- | C] () -- C:\WINNT\System32\dllcache\atipcxxx.sys
[2009/04/04 11:07:51 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\atievxx.exe
[2009/04/04 11:07:49 | 00,046,464 | ---- | C] () -- C:\WINNT\System32\dllcache\atibt829.sys
[2009/04/04 11:07:46 | 00,077,568 | ---- | C] (ATI Technologies, Inc.) -- C:\WINNT\System32\dllcache\ati.sys
[2009/04/04 11:07:45 | 00,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINNT\System32\dllcache\aspndis3.sys
[2009/04/04 11:07:45 | 00,096,128 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\ati.dll
[2009/04/04 11:07:44 | 00,022,400 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\asc3350p.sys
[2009/04/04 11:07:41 | 00,006,272 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\apmbatt.sys
[2009/04/04 11:07:40 | 00,012,032 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\amsint.sys
[2009/04/04 11:07:39 | 00,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINNT\System32\dllcache\amb8002.sys
[2009/04/04 11:07:36 | 00,056,960 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\aic78xx.sys
[2009/04/04 11:07:36 | 00,055,168 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\aic78u2.sys
[2009/04/04 11:07:35 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\aha154x.sys
[2009/04/04 11:07:30 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\agcgauge.ax
[2009/04/04 11:06:47 | 00,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINNT\System32\dllcache\adptsf50.sys
[2009/04/04 11:06:46 | 00,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINNT\System32\dllcache\admjoy.sys
[2009/04/04 11:06:45 | 00,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINNT\System32\dllcache\adm8830.sys
[2009/04/04 11:06:45 | 00,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINNT\System32\dllcache\adm8820.sys
[2009/04/04 11:06:44 | 00,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINNT\System32\dllcache\adm8810.sys
[2009/04/04 11:06:44 | 00,020,160 | ---- | C] (ADMtek Incorporated) -- C:\WINNT\System32\dllcache\adm8511.sys
[2009/04/04 11:06:43 | 00,007,424 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\adicvls.sys
[2009/04/04 11:06:42 | 00,061,440 | ---- | C] (Color Flatbed Scanner) -- C:\WINNT\System32\dllcache\acerscad.dll
[2009/04/04 11:06:41 | 00,297,728 | ---- | C] (Silicon Integrated Systems Corp.) -- C:\WINNT\System32\dllcache\ac97sis.sys
[2009/04/04 11:06:40 | 00,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\abp480n5.sys
[2009/04/04 11:06:39 | 00,462,848 | ---- | C] (Aureal Inc.) -- C:\WINNT\System32\dllcache\a3dapi.dll
[2009/04/04 11:06:38 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\61883.sys
[2009/04/04 11:06:38 | 00,038,400 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\8514a.dll
[2009/04/04 11:06:38 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\4mmdat.sys
[2009/04/04 11:06:37 | 00,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINNT\System32\dllcache\3dfxvs.dll
[2009/04/04 11:06:37 | 00,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINNT\System32\dllcache\3dfxvsm.sys
[2009/04/04 11:06:36 | 00,762,780 | ---- | C] (3Com, Inc.) -- C:\WINNT\System32\dllcache\3cwmcru.sys
[2009/04/04 11:06:35 | 00,053,376 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\1394bus.sys
[2009/04/04 11:06:35 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\1394vdbg.sys
[2009/04/04 11:06:21 | 00,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\s3legacy.dll
[2009/04/02 16:24:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2009/04/01 16:52:31 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/03/31 21:40:25 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINNT\SWXCACLS.exe
[2009/03/31 21:40:25 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINNT\SWREG.exe
[2009/03/31 21:40:25 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINNT\SWSC.exe
[2009/03/31 21:40:25 | 00,098,816 | ---- | C] () -- C:\WINNT\sed.exe
[2009/03/31 21:40:25 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\WINNT\fdsv.exe
[2009/03/31 21:40:25 | 00,080,412 | ---- | C] () -- C:\WINNT\grep.exe
[2009/03/31 21:40:25 | 00,068,096 | ---- | C] () -- C:\WINNT\zip.exe
[2009/03/31 21:40:25 | 00,049,152 | ---- | C] () -- C:\WINNT\VFIND.exe
[2009/03/31 21:40:25 | 00,029,696 | ---- | C] (NirSoft) -- C:\WINNT\NIRCMD.exe
[2009/03/31 21:39:37 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/03/31 21:10:10 | 03,067,000 | R--- | C] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2009/03/31 21:07:08 | 00,000,207 | RHS- | C] () -- C:\BOOT.BAK
[2009/03/31 21:07:04 | 00,260,272 | RHS- | C] () -- C:\cmldr
[2009/03/31 21:07:01 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/03/31 21:06:59 | 00,000,000 | ---D | C] -- C:\WINNT\setup.pss
[2009/03/31 21:06:38 | 00,000,000 | ---D | C] -- C:\WINNT\setupupd
[2009/03/31 20:18:18 | 27,892,7592 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Owner\Desktop\WindowsXP-KB835935-SP2-ENU.exe
[2009/03/31 20:10:45 | 00,000,000 | ---D | C] -- C:\XPSP2
[2009/03/31 20:10:12 | 00,000,000 | ---D | C] -- C:\XPCD
[2009/03/29 20:43:28 | 00,000,000 | ---D | C] -- C:\rsit
[2009/03/29 18:15:16 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/03/29 18:15:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg8
[2009/03/29 09:51:32 | 62,729,728 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Owner\Desktop\avg_free_stf_en_85_283a1450.exe
[2009/03/29 09:17:39 | 30,001,096 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\avira_antivir_personal_ens.exe
[2009/03/29 09:12:50 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbam.sys
[2009/03/29 09:12:50 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/03/29 09:12:47 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbamswissarmy.sys
[2009/03/29 09:12:46 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/03/29 09:12:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/03/29 09:11:27 | 00,000,000 | ---D | C] -- C:\WINNT\ERDNT
[2009/03/29 09:11:06 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/03/29 09:05:54 | 00,498,688 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTListIt2.exe
[2009/03/29 09:05:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Malware-Spyware-Cleaning-Guide-t2852_files
[2009/03/29 09:05:43 | 00,080,813 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Malware-Spyware-Cleaning-Guide-t2852.html
[2009/03/28 20:33:16 | 53,567,8976 | -HS- | C] () -- C:\hiberfil.sys
[2009/03/28 17:14:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\HouseCall 6.6
[2009/03/26 14:45:27 | 00,074,240 | ---- | C] () -- C:\WINNT\System32\zlib.dll
[2009/03/24 15:37:01 | 00,037,376 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\lessonreflection4.doc
[2009/03/24 15:30:53 | 00,038,400 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\lessonreflection3.doc
[2009/03/24 15:22:07 | 00,031,232 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\lessonreflection.doc
[2009/03/23 19:52:50 | 00,029,184 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Exemplary observation.doc
[2009/03/22 17:04:03 | 08,603,776 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\01 - Hitohira no Hanabira.mp3
[2009/03/22 16:33:47 | 06,275,072 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\01.mp3
[2009/03/15 17:50:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\btsa crap
[2009/03/09 22:23:25 | 00,021,504 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\SmallWonders.doc

========== Files - Modified Within 30 Days ==========

[1 C:\WINNT\System32\drivers\*.tmp files]
[471 C:\WINNT\System32\*.tmp files]
[9 C:\WINNT\*.tmp files]
[1 C:\Documents and Settings\Owner\My Documents\*.tmp files]
[2009/04/05 09:46:37 | 00,372,822 | ---- | M] () -- C:\WINNT\System32\PerfStringBackup.INI
[2009/04/05 09:46:37 | 00,323,478 | ---- | M] () -- C:\WINNT\System32\perfh009.dat
[2009/04/05 09:46:37 | 00,045,308 | ---- | M] () -- C:\WINNT\System32\perfc009.dat
[2009/04/05 09:43:01 | 00,001,158 | ---- | M] () -- C:\WINNT\System32\wpa.dbl
[2009/04/05 09:42:10 | 00,000,006 | -H-- | M] () -- C:\WINNT\tasks\SA.DAT
[2009/04/05 09:42:03 | 00,002,443 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2009/04/05 09:41:49 | 00,002,048 | --S- | M] () -- C:\WINNT\bootstat.dat
[2009/04/05 09:41:47 | 53,567,8976 | -HS- | M] () -- C:\hiberfil.sys
[2009/04/04 13:06:43 | 00,025,296 | ---- | M] () -- C:\WINNT\System32\BMXCtrlState-{00000002-00000000-00000001-00001102-00000002-80651102}.rfx
[2009/04/04 13:06:43 | 00,025,296 | ---- | M] () -- C:\WINNT\System32\BMXBkpCtrlState-{00000002-00000000-00000001-00001102-00000002-80651102}.rfx
[2009/04/04 13:06:43 | 00,016,516 | ---- | M] () -- C:\WINNT\System32\BMXStateBkp-{00000002-00000000-00000001-00001102-00000002-80651102}.rfx
[2009/04/04 13:06:43 | 00,016,516 | ---- | M] () -- C:\WINNT\System32\BMXState-{00000002-00000000-00000001-00001102-00000002-80651102}.rfx
[2009/04/04 13:06:43 | 00,001,080 | ---- | M] () -- C:\WINNT\System32\settingsbkup.sfm
[2009/04/04 13:06:43 | 00,001,080 | ---- | M] () -- C:\WINNT\System32\settings.sfm
[2009/04/04 13:06:43 | 00,000,024 | ---- | M] () -- C:\WINNT\System32\DVCStateBkp-{00000002-00000000-00000001-00001102-00000002-80651102}.dat
[2009/04/04 13:06:43 | 00,000,024 | ---- | M] () -- C:\WINNT\System32\DVCState-{00000002-00000000-00000001-00001102-00000002-80651102}.dat
[2009/04/04 10:43:22 | 03,374,908 | ---- | M] () -- C:\WINNT\{00000002-00000000-00000001-00001102-00000002-80651102}.CDF
[2009/04/04 10:43:22 | 03,374,845 | ---- | M] () -- C:\WINNT\{00000002-00000000-00000001-00001102-00000002-80651102}.BAK
[2009/04/01 16:32:50 | 00,000,227 | ---- | M] () -- C:\WINNT\system.ini
[2009/04/01 16:32:03 | 00,000,027 | ---- | M] () -- C:\WINNT\System32\drivers\etc\hosts
[2009/04/01 16:24:51 | 00,182,656 | ---- | M] (Microsoft Corporation) -- C:\WINNT\System32\drivers\ndis.sys
[2009/04/01 16:24:19 | 03,067,000 | R--- | M] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2009/03/31 21:07:08 | 00,000,278 | RHS- | M] () -- C:\boot.ini
[2009/03/31 20:53:20 | 27,892,7592 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Owner\Desktop\WindowsXP-KB835935-SP2-ENU.exe
[2009/03/29 10:23:14 | 62,729,728 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Owner\Desktop\avg_free_stf_en_85_283a1450.exe
[2009/03/29 09:24:44 | 30,001,096 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\avira_antivir_personal_ens.exe
[2009/03/29 09:14:06 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/03/29 09:05:55 | 00,498,688 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTListIt2.exe
[2009/03/29 09:05:46 | 00,080,813 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Malware-Spyware-Cleaning-Guide-t2852.html
[2009/03/26 16:49:56 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbamswissarmy.sys
[2009/03/26 16:49:50 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbam.sys
[2009/03/26 15:53:58 | 00,000,937 | ---- | M] () -- C:\WINNT\win.ini
[2009/03/26 15:53:58 | 00,000,207 | RHS- | M] () -- C:\BOOT.BAK
[2009/03/26 14:59:50 | 00,011,168 | -H-- | M] () -- C:\WINNT\System32\teguvema
[2009/03/26 14:45:27 | 00,074,240 | ---- | M] () -- C:\WINNT\System32\zlib.dll
[2009/03/24 15:37:01 | 00,037,376 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\lessonreflection4.doc
[2009/03/24 15:30:54 | 00,038,400 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\lessonreflection3.doc
[2009/03/24 15:22:11 | 00,031,232 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\lessonreflection.doc
[2009/03/23 19:52:53 | 00,029,184 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Exemplary observation.doc
[2009/03/22 19:06:29 | 00,029,696 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Monthly payments.xls
[2009/03/22 17:08:31 | 06,275,072 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\01.mp3
[2009/03/21 16:04:31 | 00,081,632 | ---- | M] () -- C:\WINNT\War3Unin.dat
[2009/03/14 14:54:39 | 00,081,920 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/12 16:12:00 | 00,275,760 | ---- | M] () -- C:\WINNT\System32\FNTCACHE.DAT
[2009/03/12 16:10:53 | 00,001,374 | ---- | M] () -- C:\WINNT\imsins.BAK
[2009/03/09 22:23:26 | 00,021,504 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\SmallWonders.doc

========== LOP Check ==========

[2009/03/29 18:15:16 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2008/12/24 20:14:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2007/08/14 17:00:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2007/08/14 17:02:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe Systems
[2007/03/04 21:14:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL
[2007/03/04 21:12:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL Downloads
[2007/03/04 21:14:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL OCP
[2007/07/28 11:56:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2007/07/02 21:24:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2009/03/29 18:16:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg8
[2006/11/05 22:06:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google
[2008/12/20 23:46:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2006/07/11 22:35:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Macrovision
[2009/03/29 09:12:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/12/20 23:44:50 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2002/09/21 18:38:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN6
[2007/07/14 02:04:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\nView_Profiles
[2003/01/10 18:14:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QuickTime
[2007/11/04 18:04:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Raxco
[2007/10/26 15:21:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Real
[2001/10/09 11:10:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2007/11/03 09:07:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2004/06/09 16:40:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2004/09/10 13:03:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2006/02/26 20:32:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\winamp
[2006/06/05 14:23:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2008/04/29 18:05:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2009/04/02 16:24:22 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Owner\Application Data
[2004/09/28 00:10:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\3M
[2007/03/04 21:15:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\acccore
[2008/04/29 18:05:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Adobe
[2008/11/27 11:49:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AdobeUM
[2004/10/12 01:27:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Aim
[2008/10/30 20:06:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Apple Computer
[2006/11/06 22:08:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Google
[2008/07/10 09:01:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Hamachi
[2002/09/27 01:08:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Help
[2009/03/28 17:19:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\HouseCall 6.6
[2001/10/09 10:57:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Identities
[2002/09/12 05:11:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterTrust
[2003/10/02 17:08:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Kazaa Lite
[2008/12/20 23:44:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Lavasoft
[2004/12/11 18:38:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2006/07/11 22:38:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Macromedia
[2009/04/02 16:24:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2007/10/26 15:10:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Media Player Classic
[2005/04/10 21:04:13 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Owner\Application Data\Microsoft
[2002/09/18 23:09:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Microsoft Web Folders
[2006/05/17 20:37:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla
[2002/09/27 19:03:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MSN6
[2007/10/26 15:22:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Real
[2003/12/11 22:15:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SSH
[2006/07/17 19:16:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Sun
[2002/11/22 08:57:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Symantec
[2006/05/17 20:37:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Talkback
[2009/03/22 17:09:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\uTorrent
[2007/04/02 00:42:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Viewpoint
[2006/11/07 22:11:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\WeatherBug
[2001/08/18 10:00:00 | 00,000,065 | RH-- | M] () -- C:\WINNT\Tasks\desktop.ini
[2002/09/18 22:08:48 | 00,000,254 | ---- | M] () -- C:\WINNT\Tasks\ISP signup reminder 2.job
[2009/04/05 09:42:10 | 00,000,006 | -H-- | M] () -- C:\WINNT\Tasks\SA.DAT
[2004/06/09 16:39:57 | 00,000,412 | ---- | M] () -- C:\WINNT\Tasks\Symantec NetDetect.job

========== Purity Check ==========

< End of report >


OTListIt Extras logfile created on: 4/5/2009 9:53:34 AM - Run 4
OTListIt2 by OldTimer - Version 2.0.7.2 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.80 Mb Total Physical Memory | 136.76 Mb Available Physical Memory | 26.77% Memory free
1.07 Gb Paging File | 0.79 Gb Available in Paging File | 73.25% Paging File free
Paging file location(s): C:\pagefile.sys 20 150;G:\pagefile.sys 600 1000;

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 37.27 Gb Total Space | 8.86 Gb Free Space | 23.78% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 58.59 Gb Total Space | 22.93 Gb Free Space | 39.13% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BIGTALCHINEZMAN
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.js [@ = JSFile] -- C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe (Macromedia, Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 (Microsoft Corporation)
C:\Program Files\AIM95\aim.exe:*:Enabled:AOL Instant Messenger (America Online, Inc.)
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 (Microsoft Corporation)
C:\Program Files\Warcraft III\war3.exe:*:Enabled:Warcraft III (Blizzard Entertainment)
C:\Program Files\AIM95\aim.exe:*:Enabled:AOL Instant Messenger (America Online, Inc.)
C:\Program Files\TetriNET\TETRINET.EXE:*:Enabled:TETRINET ()
C:\Program Files\Starcraft\starcraft.exe:*:Enabled:Starcraft (Blizzard Entertainment)
C:\Program Files\DC++\DCPlusPlus.exe:*:Enabled:DC++ ()
C:\Program Files\BitTorrent\btdownloadgui.exe:*:Enabled:btdownloadgui ()
C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent (BitTorrent, Inc.)
C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe:*:Enabled:Dreamweaver MX 2004 (Macromedia, Inc.)
C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader (AOL LLC)
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger (Yahoo! Inc.)
C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server (Yahoo! Inc.)
C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour (Apple Inc.)
C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes (Apple Inc.)
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01001202-823E-46CD-A70E-BEE818F97169}" = Microsoft Encarta Encyclopedia Standard 2002
"{01A4AEDE-F219-49A2-B855-16A016EAF9A4}" = Intel® PROSet II
"{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}" = Macromedia Dreamweaver MX 2004
"{0DB166EE-3AC6-41A0-9E28-96736223B9E7}" = ToolBook Neuron
"{12BDDF23-B1DB-49C8-92D3-3E6841CCED61}" = Microsoft Streets and Trips 2002
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F7CCFA3-D926-4882-B2A5-A0217ED25597}" = PC-Doctor for Windows
"{212F5777-1190-4DEF-8E4D-6B2F313B45E7}" = PerfectDisk
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes
"{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{39DA87A1-0B26-4562-A70C-2A6147366E47}" = PC-Doctor Services
"{3FCAADB8-EB1B-11D6-AB2D-0090271A23A2}" = Sound Blaster Live!
"{457B00DC-314C-48E8-870E-BE04B2DCC1E9}" = Dolet Light for Finale
"{514DF7BB-D192-417C-BB60-58BF1FD34253}" = S500/S600 USB Driver
"{59354E6C-B36F-49EF-9419-D904B86C9C57}" = USB Game Pad
"{609F7AC8-C510-11D4-A788-009027ABA5D0}" = Easy CD Creator 5 Basic
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6DC47739-3BB0-4494-A43D-193BF54070AE}" = Cisco Systems VPN Client 4.6.00.0049
"{75C023EC-64A0-44F7-9D99-C6F6E21EB6F0}" = Do More 5.0
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{7CE0803C-CA6A-4D7A-8FB8-055EBB4AF141}" = The Typing of The Dead US
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8C19F391-A225-4F32-8681-EDB8AFE6E436}" = ML-1200 Series
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{9F765BD0-B900-4EDE-A90B-61C8A9E95C42}" = PC-Doctor Consumer UI
"{A1B7B9B3-E1D2-41CA-9B4A-F18DC2710704}" = Microsoft Works 6.0
"{A2756524-E9F9-4AC1-AF4E-15F3460ACB3E}" = Kazaa Media Desktop 2.0.2
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1
"{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}" = Digimax Master
"{B6ACFF51-248A-4290-B50B-E50C81F25B97}" = iPod for Windows 2005-02-22
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{BAD59025-5B73-4E12-B789-0028C5A573C2}" = PC-Doctor Diagnostics
"{BD3DCAB0-3FE5-44FB-90DA-EFB0A2CD1387}" = Works Synchronization
"{C3A439E4-7303-491F-A678-CEA36A87D517}" = Microsoft Works Suite Add-in for Microsoft Word
"{C769A271-7E1C-48F9-B331-474600DD4C06}" = Microsoft Picture It! Photo 2002
"{CF5193F7-6B37-11D5-B7D2-00AA00A204F1}" = Microsoft Money 2002 System Pack
"{DC19E750-988B-4005-A355-85EF66055EFE}" = Works Suite OS Pack
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E3895A22-3B18-41BE-846B-1E265BADE6B5}" = Mirar
"{E7298FD5-1386-11D5-8D6C-0050DAD32D95}" = Microsoft Money 2002
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{EFCE5837-FC21-11D6-9D24-00010240CE95}" = Java 2 Runtime Environment, SE v1.4.1_02
"{F1FBF021-B965-42D3-BF63-D7A121B5490D}" = HelpSpot
"{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime
"{FAAA508A-05C0-488B-BFC2-F9217E545A81}" = Logitech Gaming Software
"7-Zip" = 7-Zip 4.42
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"AIM_6.0" = AIM 6.0
"All ATI Software" = ATI - Software Uninstall Utility
"AOL Instant Messenger" = AOL Instant Messenger
"AOL Toolbar" = AOL Toolbar 2.0
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"AolCoach" = AOL Coach Version 1.0(Build:20011028.1)
"ATI Display Driver" = ATI Display Driver
"BitTorrent" = BitTorrent 3.3
"BroadJump Client Foundation" = BroadJump Client Foundation
"Chipamp" = Chipamp
"Creative Jukebox Driver" = Creative Jukebox Driver
"Creative NOMAD II Driver" = Creative NOMAD II Driver
"DC++" = DC++ 0.674
"Dell Photo Printer 720" = Dell Photo Printer 720
"Dwarf Campaign" = Dwarf Campaign
"eMusic Promotion" = eMusic - 50 Free MP3 offer
"EPSON Printer and Utilities" = EPSON Printer Software
"ERUNT_is1" = ERUNT 1.1j
"GoogleVideoPlayer" = Google Video Player
"GTW V.92 Voicemodem" = GTW V.92 Voicemodem
"HijackThis" = HijackThis 2.0.2
"HyperLoad" = HyperLoad
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{B6ACFF51-248A-4290-B50B-E50C81F25B97}" = iPod for Windows 2005-02-22
"Java Web Start" = Java Web Start
"KLiteCodecPack_is1" = K-Lite Codec Pack 3.6.5 Standard
"LiveUpdate" = LiveUpdate 2.0 (Symantec Corporation)
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaLoads Enhanced" = Enhanced MediaLoads
"mIRC" = mIRC
"Mozilla Firefox (3.0.8)" = Mozilla Firefox (3.0.8)
"MUSICMATCH Jukebox" = MUSICMATCH Jukebox
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NOMAD Jukebox 3 Driver" = NOMAD Jukebox 3 Driver
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"Panda ActiveScan" = Panda ActiveScan
"PROSet" = Intel® PRO Network Connections Drivers
"Puzzle Quest1.01" = Puzzle Quest
"Quicken 2002 New User Edition" = Quicken 2002 New User Edition
"RealAlt_is1" = Real Alternative 1.60
"Shockwave" = Shockwave
"SK_PS2MillenniumKeyboard" = PS/2 Millennium Keyboard
"Starcraft" = Starcraft
"uTorrent" = µTorrent
"Verizon High Speed Internet_is1" = Verizon High Speed Internet
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"WildTangent CDA" = WildTangent Web Driver
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"Works2002Setup" = Microsoft Works 2002 Setup Launcher
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Warcraft III" = Warcraft III: All Products

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/12/2009 10:30:49 PM | Computer Name = BIGTALCHINEZMAN | Source = Application Error | ID = 1000
Description = Faulting application aim.exe, version 5.9.3861.0, faulting module
unknown, version 0.0.0.0, fault address 0x1221254f.

Error - 3/2/2009 1:49:19 AM | Computer Name = BIGTALCHINEZMAN | Source = Application Error | ID = 1000
Description = Faulting application aim.exe, version 5.9.3861.0, faulting module
unknown, version 0.0.0.0, fault address 0x1221254f.

Error - 3/22/2009 11:26:03 PM | Computer Name = BIGTALCHINEZMAN | Source = Application Error | ID = 1000
Description = Faulting application aim.exe, version 5.9.3861.0, faulting module
unknown, version 0.0.0.0, fault address 0x1221254f.

Error - 3/24/2009 1:03:27 AM | Computer Name = BIGTALCHINEZMAN | Source = Application Error | ID = 1000
Description = Faulting application ctfmon.exe, version 5.1.2600.5512, faulting module
unknown, version 0.0.0.0, fault address 0x77124ba2.

Error - 3/26/2009 12:57:56 AM | Computer Name = BIGTALCHINEZMAN | Source = Application Error | ID = 1000
Description = Faulting application aim.exe, version 5.9.3861.0, faulting module
unknown, version 0.0.0.0, fault address 0x1221254f.

Error - 3/26/2009 5:43:34 PM | Computer Name = BIGTALCHINEZMAN | Source = Application Error | ID = 1000
Description = Faulting application ajtbyh.exe, version 0.0.0.0, faulting module
ajtbyh.exe, version 0.0.0.0, fault address 0x0000371b.

Error - 3/26/2009 5:45:02 PM | Computer Name = BIGTALCHINEZMAN | Source = Application Error | ID = 1004
Description = Faulting application ajtbyh.exe, version 0.0.0.0, faulting module
ajtbyh.exe, version 0.0.0.0, fault address 0x0000371b.

Error - 3/26/2009 5:47:16 PM | Computer Name = BIGTALCHINEZMAN | Source = Application Error | ID = 1000
Description = Faulting application vaybq.exe, version 0.0.0.0, faulting module vaybq.exe,
version 0.0.0.0, fault address 0x0000371b.

Error - 4/2/2009 7:46:10 PM | Computer Name = BIGTALCHINEZMAN | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16791, faulting
module unknown, version 0.0.0.0, fault address 0x5b5e5f08.

Error - 4/2/2009 7:46:17 PM | Computer Name = BIGTALCHINEZMAN | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

[ System Events ]
Error - 4/4/2009 4:30:09 AM | Computer Name = BIGTALCHINEZMAN | Source = Service Control Manager | ID = 7028
Description = The wuauserv Registry key denied access to SYSTEM account programs
so the Service Control Manager took ownership of the Registry key.

Error - 4/4/2009 1:39:13 PM | Computer Name = BIGTALCHINEZMAN | Source = Service Control Manager | ID = 7000
Description = The Background Intelligent Transfer Service service failed to start
due to the following error: %%2

Error - 4/4/2009 1:39:13 PM | Computer Name = BIGTALCHINEZMAN | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
sptd

Error - 4/4/2009 1:43:39 PM | Computer Name = BIGTALCHINEZMAN | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 4/4/2009 1:50:25 PM | Computer Name = BIGTALCHINEZMAN | Source = Service Control Manager | ID = 7028
Description = The wuauserv Registry key denied access to SYSTEM account programs
so the Service Control Manager took ownership of the Registry key.

Error - 4/4/2009 2:01:42 PM | Computer Name = BIGTALCHINEZMAN | Source = DCOM | ID = 10010
Description = The server {222F1C6D-F430-4B76-B3F1-1FE92E214AD3} did not register
with DCOM within the required timeout.

Error - 4/4/2009 2:13:44 PM | Computer Name = BIGTALCHINEZMAN | Source = Service Control Manager | ID = 7000
Description = The Background Intelligent Transfer Service service failed to start
due to the following error: %%2

Error - 4/4/2009 2:13:44 PM | Computer Name = BIGTALCHINEZMAN | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
sptd

Error - 4/5/2009 12:42:46 PM | Computer Name = BIGTALCHINEZMAN | Source = Service Control Manager | ID = 7000
Description = The Background Intelligent Transfer Service service failed to start
due to the following error: %%2

Error - 4/5/2009 12:42:46 PM | Computer Name = BIGTALCHINEZMAN | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
sptd


< End of report >
  • 0

#4
kahdah
Posted 06 April 2009 - 05:31 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hi Download the GMER Rootkit Scanner.
Click the Download exe button and save the randomly named file to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click randomlynamed.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
  • Click NO
  • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
  • Now click the Scan button.
    Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  • Save it where you can easily find it, such as your desktop.
Post the contents of GMER.txt in your next reply.
  • 0

#5
btcm
Posted 06 April 2009 - 12:54 PM

btcm

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Much of my symptoms have changed since I think most of the malware has been removed (as my post in the waiting room stated). My symptoms now include spontaneous program crashing and disabled automatic updates (it says "access is denied" when i try to turn the service back on). here's the log from the gmer scan, in case you do see anything funny:

GMER 1.0.15.14966 - http://www.gmer.net
Rootkit scan 2009-04-06 11:51:54
Windows 5.1.2600 Service Pack 3


---- Kernel code sections - GMER 1.0.15 ----

? System32\Drivers\sfc.SYS The system cannot find the path specified. !

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINNT\Explorer.EXE[1656] @ C:\WINNT\Explorer.EXE [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1656] @ C:\WINNT\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1656] @ C:\WINNT\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1656] @ C:\WINNT\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1656] @ C:\WINNT\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1656] @ C:\WINNT\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1656] @ C:\WINNT\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1656] @ C:\WINNT\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1656] @ C:\WINNT\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1656] @ C:\WINNT\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1656] @ C:\WINNT\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1656] @ C:\WINNT\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1656] @ C:\WINNT\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1656] @ C:\WINNT\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1656] @ C:\WINNT\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1656] @ C:\WINNT\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1656] @ C:\WINNT\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1656] @ C:\WINNT\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe[2504] @ C:\WINNT\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 01253E90
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\SyncServer.exe[2868] @ C:\WINNT\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 017125E8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0x8D 0x1B 0x98 0x90 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\0[email protected] 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\0[email protected] 0x1E 0xB6 0x77 0x1D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0[email protected] 0xFF 0x2B 0x2C 0x4D ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected] 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected] 0x8D 0x1B 0x98 0x90 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\0[email protected] 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\0[email protected] 0x1E 0xB6 0x77 0x1D ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0[email protected] 0xFF 0x2B 0x2C 0x4D ...
Reg HKLM\SYSTEM\ControlSet002\Services\SysmonLog\Log Queries\{7865ad55-3688-47ed-ba8f-f91e72d05cc0}@Current State 0
Reg HKLM\SYSTEM\ControlSet002\Services\SysmonLog\Log Queries\{7865ad55-3688-47ed-ba8f-f91e72d05cc0}@Log Type 0
Reg HKLM\SYSTEM\ControlSet002\Services\SysmonLog\Log Queries\{7865ad55-3688-47ed-ba8f-f91e72d05cc0}@Collection Name System Overview
Reg HKLM\SYSTEM\ControlSet002\Services\SysmonLog\Log Queries\{7865ad55-3688-47ed-ba8f-f91e72d05cc0}@Collection Name Indirect @C:\WINNT\System32\smlogcfg.dll,-731
Reg HKLM\SYSTEM\ControlSet002\Services\SysmonLog\Log Queries\{7865ad55-3688-47ed-ba8f-f91e72d05cc0}@Counter List \Processor(_Total)\% Processor Time?\Memory\Pages/sec?\PhysicalDisk(_Total)\Avg. Disk Queue Length?
Reg HKLM\SYSTEM\ControlSet002\Services\SysmonLog\Log Queries\{7865ad55-3688-47ed-ba8f-f91e72d05cc0}@Comment This sample log provides an overview of system performance.
Reg HKLM\SYSTEM\ControlSet002\Services\SysmonLog\Log Queries\{7865ad55-3688-47ed-ba8f-f91e72d05cc0}@Comment Indirect @C:\WINNT\System32\smlogcfg.dll,-735
Reg HKLM\SYSTEM\ControlSet002\Services\SysmonLog\Log Queries\{7865ad55-3688-47ed-ba8f-f91e72d05cc0}@RealTime DataSource 1
Reg HKLM\SYSTEM\ControlSet002\Services\SysmonLog\Log Queries\{7865ad55-3688-47ed-ba8f-f91e72d05cc0}@Log File Max Size -1
Reg HKLM\SYSTEM\ControlSet002\Services\SysmonLog\Log Queries\{7865ad55-3688-47ed-ba8f-f91e72d05cc0}@Data Store Attributes 33
Reg HKLM\SYSTEM\ControlSet002\Services\SysmonLog\Log Queries\{7865ad55-3688-47ed-ba8f-f91e72d05cc0}@Log File Base Name System_Overview
Reg HKLM\SYSTEM\ControlSet002\Services\SysmonLog\Log Queries\{7865ad55-3688-47ed-ba8f-f91e72d05cc0}@Log File Base Name Indirect @C:\WINNT\System32\smlogcfg.dll,-744
Reg HKLM\SYSTEM\ControlSet002\Services\SysmonLog\Log Queries\{7865ad55-3688-47ed-ba8f-f91e72d05cc0}@Sql Log Base Name SQL:!System Overview
Reg HKLM\SYSTEM\ControlSet002\Services\SysmonLog\Log Queries\{7865ad55-3688-47ed-ba8f-f91e72d05cc0}@Log File Serial Number 1
Reg HKLM\SYSTEM\ControlSet002\Services\SysmonLog\Log Queries\{7865ad55-3688-47ed-ba8f-f91e72d05cc0}@Log File Folder C:\PerfLogs
Reg HKLM\SYSTEM\ControlSet002\Services\SysmonLog\Log Queries\{7865ad55-3688-47ed-ba8f-f91e72d05cc0}@Log File Auto Format -1
Reg HKLM\SYSTEM\ControlSet002\Services\SysmonLog\Log Queries\{7865ad55-3688-47ed-ba8f-f91e72d05cc0}@Log File Type 2
Reg HKLM\SYSTEM\ControlSet002\Services\SysmonLog\Log Queries\{7865ad55-3688-47ed-ba8f-f91e72d05cc0}@ExecuteOnly 1
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\[email protected] 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\[email protected] 0x8D 0x1B 0x98 0x90 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\0[email protected] 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\0[email protected] 0x1E 0xB6 0x77 0x1D ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0[email protected] 0xFF 0x2B 0x2C 0x4D ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\[email protected] 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\[email protected] 0x8D 0x1B 0x98 0x90 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\0[email protected] 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\0[email protected] 0x1E 0xB6 0x77 0x1D ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0[email protected] 0xFF 0x2B 0x2C 0x4D ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\[email protected] 0
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\[email protected] 0x8D 0x1B 0x98 0x90 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\0[email protected] 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\0[email protected] 0x1E 0xB6 0x77 0x1D ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0[email protected] 0xFF 0x2B 0x2C 0x4D ...

---- EOF - GMER 1.0.15 ----
  • 0

#6
kahdah
Posted 07 April 2009 - 05:37 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.
  • 0

#7
btcm
Posted 07 April 2009 - 10:02 AM

btcm

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
combofix log:

ComboFix 09-04-04.01 - Owner 2009-04-07 8:50:34.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.221 [GMT -7:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-03-07 to 2009-04-07 )))))))))))))))))))))))))))))))
.

2009-04-04 11:08 . 2001-08-17 14:56 342,336 --a------ c:\winnt\system32\dllcache\banshee.dll
2009-04-04 11:07 . 2001-08-17 14:55 382,592 --a------ c:\winnt\system32\dllcache\atidrab.dll
2009-04-04 11:06 . 2001-08-17 13:28 762,780 --a------ c:\winnt\system32\dllcache\3cwmcru.sys
2009-04-02 16:24 . 2009-04-02 16:24 <DIR> d-------- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-03-31 20:10 . 2009-03-31 20:58 <DIR> d-------- C:\XPSP2
2009-03-31 20:10 . 2009-03-31 21:03 <DIR> d-------- C:\XPCD
2009-03-29 20:43 . 2009-03-29 20:43 <DIR> d-------- C:\rsit
2009-03-29 18:15 . 2009-03-29 18:15 <DIR> d-------- c:\program files\AVG
2009-03-29 18:15 . 2009-03-29 18:16 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2009-03-29 09:12 . 2009-03-29 09:19 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-29 09:12 . 2009-03-29 09:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-29 09:12 . 2009-03-26 16:49 38,496 --a------ c:\winnt\system32\drivers\mbamswissarmy.sys
2009-03-29 09:12 . 2009-03-26 16:49 15,504 --a------ c:\winnt\system32\drivers\mbam.sys
2009-03-29 09:11 . 2009-03-29 09:11 <DIR> d-------- c:\program files\ERUNT
2009-03-28 20:46 . 2009-03-28 20:57 <DIR> d-------- c:\documents and settings\Owner\DoctorWeb
2009-03-28 17:14 . 2009-03-28 17:19 <DIR> d-------- c:\documents and settings\Owner\Application Data\HouseCall 6.6
2009-03-26 14:45 . 2009-03-26 14:45 74,240 --a------ c:\winnt\system32\zlib.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-04 19:54 --------- d-----w c:\program files\Warcraft III
2009-04-01 23:24 182,656 ----a-w c:\winnt\system32\drivers\ndis.sys
2009-03-26 22:48 --------- d-----w c:\program files\Trend Micro
2009-03-23 00:09 --------- d-----w c:\documents and settings\Owner\Application Data\uTorrent
2009-02-09 11:13 1,846,784 ----a-w c:\winnt\system32\win32k.sys
2009-02-09 11:13 1,846,784 ------w c:\winnt\system32\dllcache\win32k.sys
2009-01-22 03:53 410,984 ----a-w c:\winnt\system32\deploytk.dll
2009-01-20 10:36 63,432 ----a-w c:\documents and settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
2009-01-17 05:35 3,594,752 ----a-w c:\winnt\system32\dllcache\mshtml.dll
2006-07-24 02:20 784 ----a-w c:\documents and settings\Owner\Application Data\mpauth.dat
2003-03-06 00:47 13,052 ----a-w c:\documents and settings\Owner\ZGUICFG.DAT
2002-10-04 23:09 204,800 ----a-w c:\winnt\inf\FXPlugin.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-08-16 167368]
"ctfmon.exe"="c:\winnt\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-21 136600]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"Hot Key Kbd 9910 Daemon"="SK9910DM.EXE" [2001-01-03 c:\winnt\system32\SK9910DM.EXE]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
VPN Client.lnk - c:\winnt\Installer\{6DC47739-3BB0-4494-A43D-193BF54070AE}\Icon3E5562ED7.ico [2004-10-03 6144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.mxmc"= MimicICM.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *\0lsdelete

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 17:12 15360 c:\winnt\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus C42 Series]
--a------ 2002-02-19 04:03 74240 c:\winnt\system32\spool\drivers\w32x86\3\E_S10IC1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio]
--a------ 2001-08-23 14:52 331830 c:\program files\Microsoft Works\wkssb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
--a------ 2001-08-16 21:41 28738 c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyStartUp10.0]
--a------ 2001-07-25 08:00 241714 c:\program files\Microsoft Money\System\Activation.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2005-12-10 03:06 7311360 c:\winnt\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wcmdmgr]
--a------ 2005-09-02 13:50 9168 c:\winnt\wt\updater\wcmdmgrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD]
--a------ 2001-10-05 17:34 24576 c:\program files\Microsoft Works\wkfud.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GWMDMMSG]
--a------ 2002-05-06 17:12 65536 c:\winnt\GWMDMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Warcraft III\\war3.exe"=
"c:\\Program Files\\AIM95\\aim.exe"=
"c:\\Program Files\\TetriNET\\TETRINET.EXE"=
"c:\\Program Files\\Starcraft\\starcraft.exe"=
"c:\\Program Files\\DC++\\DCPlusPlus.exe"=
"c:\\Program Files\\BitTorrent\\btdownloadgui.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Macromedia\\Dreamweaver MX 2004\\Dreamweaver.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 pavboot;pavboot;c:\winnt\system32\drivers\pavboot.sys [2008-12-20 28544]
R2 RioPNP;RioPNP;c:\winnt\system32\drivers\RioPnP.sys [2002-09-12 6736]
S1 WmXlCoree;WmXlCoree;c:\winnt\system32\drivers\WmXlCoree.sys --> c:\winnt\system32\drivers\WmXlCoree.sys [?]
S3 PCDRDRV;Pcdr Helper Driver;\??\c:\atf\Qctest\PCDoc\PCDRDRV.sys --> c:\atf\Qctest\PCDoc\PCDRDRV.sys [?]
S3 PRISM_USB;D-Link Air DWL-122 Wireless USB Adapter Driver;c:\winnt\system32\drivers\PRISMUSB.sys [2006-07-21 636416]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - NMSSVC
*NewlyCreated* - SYMTDI
*Deregistered* - SYMTDI
.
Contents of the 'Scheduled Tasks' folder

2002-09-19 c:\winnt\Tasks\ISP signup reminder 2.job
- c:\winnt\System32\OOBE\oobebaln.exe [2008-04-13 17:12]

2004-06-09 c:\winnt\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-01-02 15:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyServer = webproxy.ucsd.edu:3128
uInternet Settings,ProxyOverride = <local>;*.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
DPF: ActiveGS.cab - hxxp://www.virtualapple.org/activegs.cab
DPF: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\eo0yty30.Default User\
FF - plugin: c:\program files\Mozilla Firefox\plugins\np32neur.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-07 08:54:19
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(648)
c:\winnt\system32\Ati2evxx.dll
c:\program files\Bonjour\mdnsNSP.dll
.
Completion time: 2009-04-07 8:58:10
ComboFix-quarantined-files.txt 2009-04-07 15:57:05
ComboFix2.txt 2009-04-01 23:39:04
ComboFix3.txt 2009-04-01 05:08:34

Pre-Run: 9,729,703,936 bytes free
Post-Run: 9,739,907,072 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5
151 --- E O F --- 2009-03-15 16:26:43
  • 0

#8
kahdah
Posted 07 April 2009 - 11:52 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please download ATF Cleaner by Atribune.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
==============================================
Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0

#9
btcm
Posted 08 April 2009 - 09:49 AM

btcm

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Unfortunately, my browsers crash and spontaneously close within the first 10 minutes of the scan. I can't carry it out. Both IE and Firefox crash.
  • 0

#10
kahdah
Posted 08 April 2009 - 11:49 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please click here to download AVP Tool by Kaspersky.
  • Save it to your desktop.
  • Reboot your computer into SafeMode.

    You can do this by restarting your computer and continually tapping the F8 key until a menu appears.
    Use your up arrow key to highlight SafeMode then hit enter    .

  • Double click the setup file to run it.
  • Click Next to continue.
  • It will by default install it to your desktop folder.Click Next.
  • Hit ok at the prompt for scanning in Safe Mode.
  • It will then open a box There will be a tab that says Automatic scan.
  • Under Automatic scan make sure these are checked.

  • System Memory
  • Startup Objects
  • Disk Boot Sectors.
  • My Computer.
  • Also any other drives (Removable that you may have)


After that click on Security level then choose Customize then click on the tab that says Heuristic Analyzer then choose Enable Deep rootkit search then choose ok.
Then choose OK again then you are back to the main screen.

  • Then click on Scan at the to right hand Corner.
  • It will automatically Neutralize any objects found.
  • If some objects are left un-neutralized then click the button that says Neutralize all
  • If it says it cannot be Neutralized then chooose The delete option when prompted.
  • After that is done click on the reports button at the bottom and save it to file name it Kas.
  • Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

    Note: This tool will self uninstall when you close it so please save the log before closing it.


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP