Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

kaspersky internet security 2010 stops working everytime i boot and in

Started by blink10 , Sep 08 2009 08:53 AM

  • Please log in to reply

#1
blink10
Posted 08 September 2009 - 08:53 AM

blink10

    Member

  • Member
  • PipPipPip
  • 225 posts
It all started 5 days ago when my computer was lagging and i opened windows task manager to find thses 2 files ( svchost and sndvol32) copying themselves hundreds of times in the proccess window.

So i restarted and used backup recovery, and i tried to use combofix (I know you dont like using it without supervision but i thought i wouldnt be able to connect the internet, please fogive me) but the version was old so i didnt continue the installation.

After that i got the message that boot.ini is invalid and that Kaspersky is corrupted, and by that i mean every part of it is not working.

I solved the missing boot file with the aid of microsoft but the kaspersky problem is still there.
i tried to uninstall and reinstall but still no luck.

The invalid boot file message is back again
I uninstalled combofix and fixed the boot file for the second time but it became invalid again.
Kaspersky refuses to work.
Icons are disappearing from my desktop everytime i open my pc. i dont know what is going on


i ran an updated version of combofix and i got the log
Here it is



ComboFix 09-09-07.05 - winter 09/08/2009 17:15.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.20.1033.18.383.151 [GMT 3:00]
Running from: c:\documents and settings\winter\My Documents\Downloads\Programs\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\winter\Local Settings\Temporary Internet Files\ijjistarter_verinfo.dat
c:\program files\AskSearch\bin\DefaultSearch.dll
c:\windows\Installer\108333.msi
c:\windows\Installer\108404.msp
c:\windows\Installer\18a450.msi
c:\windows\Installer\28ba6.msi
c:\windows\Installer\4acfc.msi
c:\windows\Installer\4ad02.msi
c:\windows\Installer\4bc5da.msi
c:\windows\Installer\6515a1.msi
c:\windows\Installer\7dc26.msi
c:\windows\Installer\8d6850.msi
c:\windows\Installer\8d6856.msi
c:\windows\Installer\93fa31.msp
c:\windows\Installer\93fa32.msp
c:\windows\Installer\db8f51.msi
c:\windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job

.
((((((((((((((((((((((((( Files Created from 2009-08-08 to 2009-09-08 )))))))))))))))))))))))))))))))
.

2009-09-07 16:19 . 2009-09-07 16:19 604140 --sha-w- c:\windows\system32\drivers\ISwift3.dat
2009-09-07 16:14 . 2009-09-07 16:14 105395 ----a-w- c:\windows\system32\drivers\klin.dat
2009-09-07 16:14 . 2009-09-07 16:14 94643 ----a-w- c:\windows\system32\drivers\klick.dat
2009-09-07 16:13 . 2009-09-08 14:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-09-07 16:13 . 2009-09-07 16:13 -------- d-----w- c:\program files\Kaspersky Lab
2009-09-07 16:11 . 2009-09-07 16:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-09-07 13:22 . 2009-09-07 13:22 -------- d-sh--w- c:\documents and settings\winter\PrivacIE
2009-09-07 13:20 . 2009-09-07 13:20 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-09-07 08:39 . 2009-09-07 08:39 -------- d-sh--w- c:\documents and settings\winter\IETldCache
2009-09-07 02:33 . 2009-09-08 13:34 -------- dc-h--w- c:\windows\ie8
2009-09-07 02:13 . 2009-09-07 02:13 -------- d-----w- C:\Local Settings
2009-09-06 23:34 . 2009-03-26 15:35 210352 ----a-w- c:\windows\system32\idmmbc.dll
2009-09-06 23:34 . 2009-09-07 17:09 -------- d-----w- c:\documents and settings\winter\Application Data\IDM
2009-09-06 23:29 . 2009-09-07 02:08 -------- d-----w- c:\program files\Internet Download Manager
2009-09-06 12:08 . 2009-09-06 12:08 -------- d-----w- c:\documents and settings\winter\Local Settings\Application Data\Opera
2009-09-06 12:07 . 2009-09-06 12:07 -------- d-----w- c:\program files\Opera
2009-09-04 00:06 . 2009-09-04 00:06 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-09-04 00:06 . 2009-09-05 23:36 -------- d-----w- c:\documents and settings\winter\Application Data\skypePM
2009-09-03 20:48 . 2009-09-08 14:11 -------- d-----w- c:\documents and settings\winter\Application Data\Skype
2009-09-03 20:43 . 2009-09-03 20:43 -------- d-----w- c:\program files\Common Files\Skype
2009-09-03 20:43 . 2009-09-03 20:45 -------- d-----r- c:\program files\Skype
2009-09-03 20:42 . 2009-09-03 20:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-08-31 01:43 . 2009-08-31 02:09 -------- d-----w- c:\documents and settings\winter\Application Data\mIRC
2009-08-29 17:44 . 2009-08-29 17:44 -------- d-----w- c:\program files\MSECache
2009-08-28 18:06 . 2009-09-08 13:37 -------- d-----w- c:\windows\nview
2009-08-28 18:06 . 2006-11-17 14:29 208896 ----a-w- c:\windows\system32\nvudisp.exe
2009-08-28 18:05 . 2006-11-17 16:21 208896 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-08-28 18:03 . 2009-08-28 18:03 -------- d-----w- C:\NVIDIA
2009-08-27 17:12 . 2004-08-03 21:56 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2009-08-27 17:12 . 2004-08-03 21:56 21504 ----a-w- c:\windows\system32\hidserv.dll
2009-08-27 17:12 . 2001-08-17 11:02 9600 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2009-08-27 17:12 . 2001-08-17 11:02 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys
2009-08-27 17:12 . 2004-08-03 20:08 31616 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2009-08-27 17:12 . 2004-08-03 20:08 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2009-08-27 14:49 . 2009-08-27 14:49 -------- d-----w- c:\program files\RAR Password Cracker
2009-08-27 10:38 . 2009-08-27 17:13 -------- d-----w- c:\documents and settings\winter\Application Data\U3
2009-08-26 17:49 . 2009-08-25 14:04 75264 ----a-w- c:\windows\system32\uc_holybeast_launching.dll
2009-08-26 11:24 . 2009-07-01 07:25 61440 ----a-w- c:\windows\system32\uc_atlantica_launching.dll
2009-08-26 11:24 . 2009-06-23 10:21 64000 ----a-w- c:\windows\system32\uc_sfighters_launching.dll
2009-08-26 11:24 . 2009-03-31 14:43 53248 ----a-w- c:\windows\system32\uc_luminary_launching.dll
2009-08-26 11:24 . 2009-03-11 15:20 208384 ----a-w- c:\windows\system32\uc_rohan_launching.dll
2009-08-26 11:24 . 2009-01-29 08:53 87472 ----a-w- c:\windows\system32\ijjiChannelingPlugin.dll
2009-08-23 18:44 . 2009-08-23 19:00 -------- d-----w- c:\documents and settings\winter\Application Data\GuiltyGearIsuka
2009-08-20 19:22 . 2009-08-20 19:22 -------- d-----w- c:\documents and settings\winter\Application Data\The Learning Company
2009-08-20 19:20 . 1999-11-10 09:05 86016 ----a-w- c:\windows\unvise32qt.exe
2009-08-20 19:19 . 2009-08-20 19:20 -------- d-----w- c:\windows\system32\QuickTime
2009-08-20 19:19 . 2009-08-20 19:20 -------- d-----w- c:\program files\QuickTime
2009-08-20 19:19 . 2009-08-20 19:20 -------- d-----w- c:\documents and settings\All Users\Application Data\QuickTime
2009-08-20 19:17 . 2009-08-20 19:17 -------- d-----w- c:\program files\Common Files\The Learning Company
2009-08-18 23:42 . 2009-08-18 23:55 -------- d-----w- c:\documents and settings\winter\Application Data\DriverCure
2009-08-15 21:20 . 2009-08-15 21:20 -------- d-----w- c:\documents and settings\winter\Application Data\Disney Interactive Studios
2009-08-15 16:21 . 2009-08-15 16:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia
2009-08-12 18:41 . 2009-08-12 18:41 -------- d-----w- c:\windows\Sun
2009-08-12 08:32 . 2009-08-12 08:32 21840 ----atw- c:\windows\system32\SIntfNT.dll
2009-08-12 08:32 . 2009-08-12 08:32 17212 ----atw- c:\windows\system32\SIntf32.dll
2009-08-12 08:32 . 2009-08-12 08:32 12067 ----atw- c:\windows\system32\SIntf16.dll
2009-08-10 18:44 . 2009-08-10 18:44 4096 ----a-w- c:\windows\d3dx.dat
2009-08-10 07:23 . 2009-08-10 07:23 -------- d-----w- c:\program files\Common Files\DirectX

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-08 14:11 . 2009-07-25 18:11 -------- d-----w- c:\documents and settings\winter\Application Data\uTorrent
2009-09-08 14:11 . 2009-07-25 15:55 -------- d-----w- c:\documents and settings\winter\Application Data\DMCache
2009-09-08 14:09 . 2009-07-29 19:26 -------- d-----w- c:\program files\cFosSpeed
2009-09-07 16:29 . 2009-05-24 12:30 128016 ----a-w- c:\windows\system32\drivers\kl1.sys
2009-09-06 09:10 . 2009-07-25 15:53 78472 ----a-w- c:\documents and settings\winter\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-26 17:51 . 2009-07-30 13:36 -------- d--h--w- c:\documents and settings\winter\Application Data\ijjigame
2009-08-26 11:24 . 2009-07-30 13:31 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-23 12:14 . 2009-07-26 22:05 -------- d-----w- c:\documents and settings\winter\Application Data\Yahoo!
2009-08-20 19:15 . 2009-08-08 22:28 -------- d-----w- c:\program files\Common Files\InstallShield
2009-08-17 04:48 . 2009-07-30 13:31 158952 ----a-w- c:\windows\system32\PubPlugin.dll
2009-08-14 08:51 . 2009-07-25 18:11 -------- d-----w- c:\program files\AskBarDis
2009-08-09 15:00 . 2009-08-08 02:48 -------- d-----w- c:\documents and settings\winter\Application Data\cald3
2009-08-06 18:48 . 2009-08-06 18:49 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-08-06 18:47 . 2009-08-06 18:47 -------- d-----w- c:\program files\Java
2009-08-06 17:35 . 2009-07-26 17:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-08-06 10:34 . 2009-08-06 10:34 685816 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-08-06 07:52 . 2009-07-31 12:52 -------- d-----w- c:\documents and settings\winter\Application Data\Ahead
2009-08-05 21:49 . 2009-08-05 21:43 -------- d-----w- c:\program files\Free FLV Converter
2009-08-05 21:40 . 2009-07-31 12:54 -------- d-----w- c:\program files\Common Files\LightScribe
2009-08-04 19:22 . 2009-08-04 19:22 169128 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-08-04 19:20 . 2009-08-04 19:20 -------- d-----w- c:\program files\MSBuild
2009-08-04 19:16 . 2009-08-04 19:16 -------- d-----w- c:\program files\Reference Assemblies
2009-08-04 18:52 . 2009-08-04 18:52 -------- d-----w- c:\program files\MSXML 6.0
2009-08-03 20:38 . 2009-07-25 15:55 -------- d-----w- c:\program files\MSN Messenger
2009-07-31 12:53 . 2009-07-31 12:49 -------- d-----w- c:\program files\Common Files\Ahead
2009-07-31 12:49 . 2009-07-31 12:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2009-07-31 12:49 . 2009-07-31 12:49 -------- d-----w- c:\program files\Nero
2009-07-30 15:03 . 2009-07-30 15:03 -------- d-----w- c:\program files\Common Files\INCA Shared
2009-07-30 13:31 . 2009-07-30 13:31 -------- d-----w- c:\program files\NHN USA
2009-07-30 07:51 . 2009-07-29 15:14 -------- d-----w- c:\program files\Microsoft Works
2009-07-30 07:41 . 2009-07-30 07:41 -------- d-----w- c:\program files\Microsoft.NET
2009-07-30 07:36 . 2009-07-30 07:36 -------- d-----w- c:\program files\Windows Media Connect 2
2009-07-29 15:15 . 2009-07-29 15:15 -------- d-----w- c:\program files\Common Files\L&H
2009-07-29 15:14 . 2009-07-29 15:14 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-07-26 22:05 . 2009-07-26 22:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-07-26 21:02 . 2009-07-26 21:00 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-26 21:00 . 2009-07-26 20:58 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-07-26 17:48 . 2009-07-26 17:38 -------- d-----w- c:\program files\Yahoo!
2009-07-26 17:38 . 2009-07-26 17:38 -------- d-----w- c:\program files\Common Files\xing shared
2009-07-26 17:38 . 2009-07-26 17:36 -------- d-----w- c:\program files\Common Files\Real
2009-07-26 17:36 . 2009-07-26 17:36 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-07-26 17:36 . 2009-07-26 17:36 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-07-26 17:36 . 2009-07-26 17:36 -------- d-----w- c:\program files\Real
2009-07-25 18:11 . 2009-07-25 18:11 -------- d-----w- c:\program files\AskSearch
2009-07-25 18:11 . 2009-07-25 18:11 -------- d-----w- c:\program files\uTorrent
2009-07-25 16:16 . 2009-07-25 16:16 0 ----a-w- c:\windows\nsreg.dat
2009-07-25 12:53 . 2009-07-25 12:53 -------- d-----w- c:\program files\microsoft frontpage
2009-07-25 12:48 . 2009-07-25 12:48 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-07-06 08:13 . 2009-07-29 19:26 1019608 ----a-w- c:\windows\system32\drivers\cfosspeed.sys
2009-07-06 08:13 . 2009-07-29 19:26 288472 ----a-w- c:\windows\system32\cfosspeed.dll
2009-07-02 21:34 . 2009-07-30 13:31 58800 ----a-w- c:\windows\system32\ijjiPlugin2.dll
2009-07-02 21:34 . 2009-07-30 13:31 710064 ----a-w- c:\windows\system32\ijjiSetup.exe
2009-07-02 21:34 . 2009-07-30 13:31 58800 ----a-w- c:\windows\system32\ijjiProcessRestarter.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2009-04-02 09:47 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-07-25 288048]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]
"DAEMON Tools"="d:\program files\DAEMON Tools\daemon.exe" [2007-08-16 167368]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-08-18 5137648]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-09-02 25623336]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-06-22 2815408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-07-26 185896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-06 148888]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2009-05-25 303376]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-11-17 7700480]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-11-17 86016]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-11-17 1622016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-02-28 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [12/15/2008 8:41 PM 33808]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [5/13/2009 5:46 PM 31760]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [5/16/2009 8:59 PM 19472]
R3 slnt;RTL8139D PCI Fast Ethernet Adapter;c:\windows\system32\drivers\slnt.sys [7/25/2009 4:09 PM 18004]
S2 {09BB444F-B2E2-4009-BAF2-7B727681223E};BuddyVM;\??\d:\program files\VMLaunch\BuddyVM.sys --> d:\program files\VMLaunch\BuddyVM.sys [?]
S2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [7/25/2009 9:12 PM 234888]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-07-27 c:\windows\Tasks\backing up.job
- c:\windows\system32\ntbackup.exe [2006-02-28 12:00]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-DriverCure - c:\program files\ParetoLogic\DriverCure\DriverCure.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com/?o=13928&l=dis
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q=%s
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\idmmbc.dll
FF - ProfilePath - c:\documents and settings\winter\Application Data\Mozilla\Firefox\Profiles\yb45xr2t.default\
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q=
FF - prefs.js: network.proxy.type - 1
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\program files\Mozilla Firefox\extensions\browserhighlighter@ebay.com\components\Shim.dll
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-08 17:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(1076)
c:\windows\system32\idmmbc.dll
.
Completion time: 2009-09-08 17:30
ComboFix-quarantined-files.txt 2009-09-08 14:30

Pre-Run: 4,612,214,784 bytes free
Post-Run: 6,227,660,800 bytes free

245

Edited by blink10, 08 September 2009 - 03:59 PM.

  • 0

Advertisements

#2
azarl
Posted 12 September 2009 - 09:57 AM

azarl

    GeekU Admin

  • Community Leader
  • 25,310 posts
Hi

Welcome to Geekstogo. I'm Azarl and I'll be helping you. Please be patient, I'm still in training so my actions need to be checked before I reply to you.

Please read all of my response through at least once before attempting to follow the procedures described. I would recommend printing them out, if you can, as you can check off each step as you complete it. If there's anything you don't understand or isn't totally clear, please come back to me for clarifiation.

Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you


Step 1
Posted ImageRootRepeal
Rootkits can generally be removed effectively, but they need to be removed before other malware can be cleaned, and they sometimes interfere with some of the tools we use
  • Download RootRepeal.
  • Double click RootRepeal.exe to start the program
  • Click on the Report tab at the bottom of the program window
  • Click the Scan button
  • In the Select Scan dialog, check:
    • Drivers
    • Processes
    • SSDT
    • Hidden Services
  • Click the OK button
  • In the next dialog, select all drives showing
  • Click OK to start the scan
    Note: The scan should not take very long. DO NOT run any other programs while the scan is running
  • When the scan is complete, the Save Report button will become available
  • Click this and save the report to your Desktop as RootRepeal.txt
  • Go to File, then Exit to close the program

Step 2
Posted Image OTL
OTL is currently our primary tool for searching key areas of the registry and other system locations for the telltale signs of malware. It generates a comprehensive log, and offers an initial diagnosis.

Important note: HijackThis has been replaced by OTL in this guide. Since being acquired by TrendMicro, HijackThis has not been regularly updated. Many infections are now able to hide partly, or completely from a HijackThis scan. OTL is authored by one of our staff members (OldTimer). It includes all the scan locations of HijackThis and more. It's not only a more comprehensive scan tool, but also offers more powerful removal features.

  • Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in:

    netsvcs
    %SYSTEMDRIVE%\*.exe
    %systemroot%\system32\eventlog.dll
    %systemroot%\system32\scecli.dll
    %systemroot%\netlogon.dll
    %systemroot%\system32\cngaudit.dll
    %systemroot%\system32\sceclt.dll
    %systemroot%\ntelogon.dll
    %systemroot%\system32\logevent.dll


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and paste them into your reply.
  • 0

#3
blink10
Posted 12 September 2009 - 12:17 PM

blink10

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 225 posts
OTl.txt

OTL logfile created on: 9/12/2009 9:02:55 PM - Run 1
OTL by OldTimer - Version 3.0.11.0 Folder = C:\Documents and Settings\King\My Documents\Downloads\Programs
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

383.48 Mb Total Physical Memory | 155.21 Mb Available Physical Memory | 40.47% Memory free
920.01 Mb Paging File | 700.95 Mb Available in Paging File | 76.19% Paging File free
Paging file location(s): C:\pagefile.sys 576 1152 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 19.54 Gb Total Space | 11.79 Gb Free Space | 60.35% Space Free | Partition Type: NTFS
Drive D: | 54.98 Gb Total Space | 10.68 Gb Free Space | 19.43% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 230.58 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive H: | 514.04 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
I: Drive not present or media not loaded

Computer Name: KING-334DBFDB9F
Current User Name: King
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2008/04/14 03:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\windows\Explorer.EXE
PRC - [2009/04/09 15:19:08 | 00,731,840 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2009/07/25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/04/09 15:17:56 | 02,029,640 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2009/09/10 23:47:19 | 00,077,824 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\QuickTime\qttask.exe
PRC - [2006/10/19 13:52:24 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2007/08/16 14:24:39 | 00,167,368 | ---- | M] (DT Soft Ltd.) -- C:\Program Files\DAEMON Tools\daemon.exe
PRC - [2006/12/23 18:05:20 | 00,143,360 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2005/11/11 13:47:00 | 00,131,139 | ---- | M] (NVIDIA Corporation) -- C:\windows\System32\nvsvc32.exe
PRC - [2006/12/23 18:04:42 | 00,905,216 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2006/12/23 17:54:04 | 00,262,144 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
PRC - [2008/02/18 16:01:01 | 00,251,312 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IEMonitor.exe
PRC - [2009/09/12 21:00:24 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\King\My Documents\Downloads\Programs\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/04/02 12:47:04 | 00,234,888 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe -- (ASKUpgrade [Auto | Stopped])
SRV - [2009/04/09 15:29:20 | 00,020,680 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv [On_Demand | Stopped])
SRV - [2009/04/09 15:19:08 | 00,731,840 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn [Auto | Running])
SRV - [2009/09/10 05:11:33 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1ca31bc17d0c9f0 [Auto | Stopped])
SRV - [2008/04/14 03:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\windows\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2009/07/25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2006/10/19 13:52:24 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
SRV - [2007/01/05 13:41:10 | 00,774,144 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService [On_Demand | Stopped])
SRV - [2006/12/23 17:54:04 | 00,262,144 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Running])
SRV - [2005/11/11 13:47:00 | 00,131,139 | ---- | M] (NVIDIA Corporation) -- C:\windows\System32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.c...c...amp;gc=1&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=13928&l=dis
IE - URLSearchHook: {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord\firefox\ext [2009/09/10 05:09:17 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/09/10 04:14:49 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird


O1 HOSTS File: (734 bytes) - C:\windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Tonec Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [NodEnabler] C:\Program Files\ESET\ESET Smart Security\NodEnabler\NodEnabler.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [DAEMON Tools] C:\Program Files\DAEMON Tools\daemon.exe (DT Soft Ltd.)
O4 - HKCU..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\windows\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\windows\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\windows\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\windows\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\windows\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\windows\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\windows\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\windows\System32\idmmbc.dll (Tonec Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1252710032326 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\Explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/07/05 23:45:07 | 00,090,662 | RH-- | M] () - G:\Autorun.EXE -- [ CDFS ]
O32 - AutoRun File - [2001/08/30 19:19:33 | 00,000,043 | RH-- | M] () - G:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2003/09/17 02:20:25 | 00,000,049 | R--- | M] () - H:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2001/06/20 02:04:36 | 00,040,960 | R--- | M] () - H:\Autodisable.exe -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

NetSvcs: 6to4 - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: helpsvc - C:\windows\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 14 Days ==========

[1 C:\windows\System32\*.tmp files]
[5 C:\windows\*.tmp files]
[2009/09/12 21:00:57 | 00,406,931 | ---- | C] () -- C:\Documents and Settings\King\Desktop\kaspersky internet security 2010 stops working everytime i boot and in.mht
[2009/09/12 18:29:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/09/12 17:14:46 | 00,000,000 | ---D | C] -- C:\windows\pss
[2009/09/12 12:18:21 | 00,048,607 | ---- | C] () -- C:\Documents and Settings\King\Desktop\[torrents.ru].t1421258.torrent
[2009/09/12 04:00:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\King\Local Settings\Application Data\Ahead
[2009/09/12 03:59:24 | 00,000,000 | ---D | C] -- C:\windows\Prefetch
[2009/09/12 03:34:55 | 00,000,000 | ---D | C] -- C:\windows\System32\scripting
[2009/09/12 03:34:52 | 00,000,000 | ---D | C] -- C:\windows\l2schemas
[2009/09/12 03:34:51 | 00,000,000 | ---D | C] -- C:\windows\System32\en
[2009/09/12 03:34:50 | 00,000,000 | ---D | C] -- C:\windows\System32\bits
[2009/09/12 03:23:25 | 00,000,000 | ---D | C] -- C:\windows\network diagnostic
[2009/09/12 03:14:31 | 00,000,000 | -H-D | C] -- C:\windows\$NtServicePackUninstall$
[2009/09/12 02:49:45 | 00,067,866 | ---- | C] () -- C:\windows\System32\drivers\netwlan5.img
[2009/09/12 02:49:05 | 00,129,045 | ---- | C] () -- C:\windows\System32\drivers\cxthsfs2.cty
[2009/09/12 02:47:09 | 00,064,352 | ---- | C] () -- C:\windows\System32\drivers\ativmc20.cod
[2009/09/12 02:24:43 | 00,198,219 | ---- | C] () -- C:\Documents and Settings\King\My Documents\HalfDayMar20B-Tx.pdf
[2009/09/12 02:21:29 | 00,266,007 | ---- | C] () -- C:\Documents and Settings\King\My Documents\Aortic valve replacement for active infectious endocarditis in 108 patients. A comparison of freehand allograft valves with mechanical prostheses and bioprostheses .mht
[2009/09/12 02:19:33 | 00,714,076 | ---- | C] () -- C:\Documents and Settings\King\My Documents\Diagnosis and Management of Infective Endocarditis and Its Complications -- Bayer et al. 98 (25)_ 2936 -- Circulation.mht
[2009/09/12 02:18:05 | 00,579,649 | ---- | C] () -- C:\Documents and Settings\King\My Documents\Prosthetic valve endocarditis_ clinicopathologic a...[Am J Cardiol. 1976] - PubMed Result.mht
[2009/09/12 02:15:03 | 00,258,875 | ---- | C] () -- C:\Documents and Settings\King\My Documents\Infective Endocarditis in Adults -- Medical Progress article from New England Journal of Medicine.mht
[2009/09/12 02:07:48 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\LightScribe
[2009/09/12 02:07:31 | 00,301,712 | ---- | C] () -- C:\Documents and Settings\King\My Documents\Wiley InterScience JOURNALS Australian Dental Journal.mht
[2009/09/12 02:06:00 | 00,475,875 | ---- | C] () -- C:\Documents and Settings\King\My Documents\Infective endocarditis, dentistry and antibiotic prophylaxis; time for a rethink Abstract British Dental Journal.mht
[2009/09/12 02:05:02 | 00,002,361 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nero StartSmart Essentials.lnk
[2009/09/12 02:05:02 | 00,002,261 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nero Home Essentials SE.lnk
[2009/09/12 02:05:02 | 00,001,879 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nero Online Upgrade.lnk
[2009/09/12 02:02:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\King\Application Data\Ahead
[2009/09/12 01:55:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nero
[2009/09/12 01:55:08 | 00,000,000 | ---D | C] -- C:\Program Files\Nero
[2009/09/12 01:55:08 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Ahead
[2009/09/12 01:52:00 | 00,179,972 | ---- | C] () -- C:\Documents and Settings\King\My Documents\Infective Endocarditis (previously referred to as bacterial endocarditis).mht
[2009/09/12 01:47:25 | 00,143,316 | ---- | C] () -- C:\Documents and Settings\King\My Documents\New guidelines regarding antibiotics to prevent infective endocarditis.mht
[2009/09/12 01:46:14 | 00,114,987 | ---- | C] () -- C:\Documents and Settings\King\My Documents\ADA_org A-Z Topics Infective Endocarditis.mht
[2009/09/12 01:11:36 | 00,000,000 | ---D | C] -- C:\windows\ie8updates
[2009/09/12 01:09:37 | 00,000,000 | ---D | C] -- C:\windows\WBEM
[2009/09/12 01:07:35 | 00,000,000 | -H-D | C] -- C:\windows\ie8
[2009/09/12 01:07:35 | 00,000,000 | ---D | C] -- C:\windows\System32\en-US
[2009/09/11 22:45:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\King\Application Data\GuiltyGearIsuka
[2009/09/11 14:23:47 | 00,057,344 | ---- | C] (Beiks, LLC) -- C:\windows\ResENU.dll
[2009/09/11 00:16:01 | 00,000,000 | -H-D | C] -- C:\windows\PIF
[2009/09/10 23:52:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\King\Application Data\The Learning Company
[2009/09/10 23:47:07 | 00,086,016 | ---- | C] (MindVision) -- C:\windows\unvise32qt.exe
[2009/09/10 23:46:59 | 00,054,156 | -H-- | C] () -- C:\windows\QTFont.qfn
[2009/09/10 23:46:59 | 00,001,409 | ---- | C] () -- C:\windows\QTFont.for
[2009/09/10 23:46:57 | 00,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2009/09/10 23:46:52 | 00,000,000 | ---D | C] -- C:\windows\System32\QuickTime
[2009/09/10 23:46:51 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/09/10 23:46:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\QuickTime
[2009/09/10 23:46:38 | 00,002,327 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Learn to Speak French Deluxe 9.lnk
[2009/09/10 23:46:38 | 00,001,713 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Visit Broderbund.com.lnk
[2009/09/10 23:45:34 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\The Learning Company
[2009/09/10 21:25:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\King\Local Settings\Application Data\cald3
[2009/09/10 21:25:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\King\Application Data\cald3
[2009/09/10 21:24:24 | 00,000,640 | ---- | C] () -- C:\Documents and Settings\King\Desktop\Shortcut to cald3.lnk
[2009/09/10 17:33:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\King\Local Settings\Application Data\Adobe
[2009/09/10 17:32:02 | 00,001,606 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Cambridge Practice.lnk
[2009/09/10 17:31:59 | 00,000,000 | ---D | C] -- C:\Program Files\Cambridge Practice
[2009/09/10 17:05:08 | 00,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/09/10 17:04:29 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2009/09/10 17:04:29 | 00,000,000 | ---D | C] -- C:\Program Files\Adobe
[2009/09/10 16:59:56 | 00,000,260 | ---- | C] () -- C:\windows\tasks\WGASetup.job
[2009/09/10 16:59:56 | 00,000,000 | ---D | C] -- C:\windows\System32\KB905474
[2009/09/10 16:57:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\King\Local Settings\Application Data\ESET
[2009/09/10 16:57:45 | 00,000,698 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DAEMON Tools.lnk
[2009/09/10 16:57:34 | 00,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools
[2009/09/10 16:24:49 | 00,685,816 | ---- | C] () -- C:\windows\System32\drivers\sptd.sys
[2009/09/10 10:41:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\King\Local Settings\Application Data\Temp
[2009/09/10 10:38:03 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/09/10 05:55:42 | 00,000,000 | ---D | C] -- C:\windows\ServicePackFiles
[2009/09/10 05:53:03 | 04,803,928 | -H-- | C] () -- C:\Documents and Settings\King\Local Settings\Application Data\IconCache.db
[2009/09/10 05:36:28 | 00,000,886 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2009/09/10 05:36:27 | 00,000,882 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2009/09/10 05:21:58 | 00,178,176 | ---- | C] () -- C:\windows\System32\unrar.dll
[2009/09/10 05:21:55 | 00,000,038 | ---- | C] () -- C:\windows\avisplitter.ini
[2009/09/10 05:21:33 | 00,839,680 | ---- | C] (http://www.mp3dev.org/) -- C:\windows\System32\lameACM.acm
[2009/09/10 05:21:33 | 00,000,414 | ---- | C] () -- C:\windows\System32\lame_acm.xml
[2009/09/10 05:21:32 | 00,217,088 | ---- | C] (www.helixcommunity.org) -- C:\windows\System32\yv12vfw.dll
[2009/09/10 05:21:32 | 00,118,784 | ---- | C] (fccHandler) -- C:\windows\System32\ac3acm.acm
[2009/09/10 05:21:31 | 00,881,664 | ---- | C] () -- C:\windows\System32\xvidcore.dll
[2009/09/10 05:21:31 | 00,205,824 | ---- | C] () -- C:\windows\System32\xvidvfw.dll
[2009/09/10 05:21:22 | 00,000,547 | ---- | C] () -- C:\windows\System32\ff_vfw.dll.manifest
[2009/09/10 05:21:21 | 00,085,504 | ---- | C] () -- C:\windows\System32\ff_vfw.dll
[2009/09/10 05:21:14 | 00,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2009/09/10 05:12:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\King\Local Settings\Application Data\Real
[2009/09/10 05:12:39 | 00,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2009/09/10 05:11:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\King\Local Settings\Application Data\Google
[2009/09/10 05:11:23 | 00,000,000 | ---D | C] -- C:\Program Files\Google
[2009/09/10 05:09:18 | 00,000,897 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer SP.lnk
[2009/09/10 05:08:48 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2009/09/10 05:08:18 | 00,278,528 | ---- | C] (Real Networks, Inc) -- C:\windows\System32\pncrt.dll
[2009/09/10 05:08:14 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Real
[2009/09/10 05:08:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Real
[2009/09/10 05:08:03 | 00,000,000 | ---D | C] -- C:\Program Files\Real
[2009/09/10 05:07:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\King\Application Data\Real
[2009/09/10 05:05:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\King\Desktop\RealPlayer%20SP%201.0%20Build%2012.0.0.297%20Offline%20Installer
[2009/09/10 04:22:18 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2009/09/10 04:22:17 | 00,000,000 | ---D | C] -- C:\Program Files\AskSearch
[2009/09/10 04:22:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\King\Application Data\Mozilla
[2009/09/10 04:22:15 | 00,000,000 | ---D | C] -- C:\Program Files\AskBarDis
[2009/09/10 04:21:30 | 00,000,630 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2009/09/10 04:21:21 | 00,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2009/09/10 04:21:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\King\Application Data\uTorrent
[2009/09/10 04:19:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\King\Application Data\U3
[2009/09/10 04:14:35 | 00,000,000 | ---D | C] -- C:\Program Files\Java
[2009/09/10 04:08:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\King\Application Data\Sun
[2009/09/10 03:30:08 | 00,066,082 | ---- | C] () -- C:\windows\System32\dllcache\c_20420.nls
[2009/09/10 03:30:08 | 00,066,082 | ---- | C] () -- C:\windows\System32\c_20420.nls
[2009/09/10 03:30:04 | 00,066,594 | ---- | C] () -- C:\windows\System32\dllcache\c_864.nls
[2009/09/10 03:30:04 | 00,066,594 | ---- | C] () -- C:\windows\System32\dllcache\c_720.nls
[2009/09/10 03:30:04 | 00,066,594 | ---- | C] () -- C:\windows\System32\c_864.nls
[2009/09/10 03:30:04 | 00,066,594 | ---- | C] () -- C:\windows\System32\c_720.nls
[2009/09/10 03:30:04 | 00,066,082 | ---- | C] () -- C:\windows\System32\dllcache\c_708.nls
[2009/09/10 03:30:04 | 00,066,082 | ---- | C] () -- C:\windows\System32\dllcache\c_28596.nls
[2009/09/10 03:30:04 | 00,066,082 | ---- | C] () -- C:\windows\System32\dllcache\c_10004.nls
[2009/09/10 03:30:04 | 00,066,082 | ---- | C] () -- C:\windows\System32\c_708.nls
[2009/09/10 03:30:04 | 00,066,082 | ---- | C] () -- C:\windows\System32\C_28596.NLS
[2009/09/10 03:30:04 | 00,066,082 | ---- | C] () -- C:\windows\System32\c_10004.nls
[2009/09/10 03:30:01 | 00,066,594 | ---- | C] () -- C:\windows\System32\dllcache\c_862.nls
[2009/09/10 03:30:01 | 00,066,594 | ---- | C] () -- C:\windows\System32\c_862.nls
[2009/09/10 03:30:01 | 00,066,082 | ---- | C] () -- C:\windows\System32\dllcache\c_10005.nls
[2009/09/10 03:30:01 | 00,066,082 | ---- | C] () -- C:\windows\System32\c_10005.nls
[2009/09/10 03:29:57 | 00,066,082 | ---- | C] () -- C:\windows\System32\dllcache\c_10021.nls
[2009/09/10 03:29:57 | 00,066,082 | ---- | C] () -- C:\windows\System32\c_10021.nls
[2009/09/10 03:26:45 | 00,041,237 | ---- | C] () -- C:\windows\System32\nvapps.xml
[2009/09/10 03:26:35 | 00,016,356 | ---- | C] () -- C:\windows\System32\nvdisp.nvu
[2009/09/10 03:26:35 | 00,000,000 | ---D | C] -- C:\windows\nview
[2009/09/10 03:26:18 | 00,000,000 | ---D | C] -- C:\windows\System32\ReinstallBackups
[2009/09/10 03:25:47 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2009/09/10 03:25:16 | 00,000,000 | ---D | C] -- C:\NVIDIA
[2009/09/10 03:11:38 | 00,011,776 | ---- | C] () -- C:\Documents and Settings\King\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/10 03:06:42 | 00,000,000 | -H-D | C] -- C:\windows\$MSI31Uninstall_KB893803v2$
[2009/09/10 03:06:11 | 00,000,000 | ---D | C] -- C:\windows\System32\PreInstall
[2009/09/10 03:05:40 | 00,000,524 | ---- | C] () -- C:\Documents and Settings\King\Desktop\CDisplay.lnk
[2009/09/10 03:02:55 | 00,000,000 | R--D | C] -- C:\Documents and Settings\King\My Documents\My Videos
[2009/09/10 03:00:11 | 00,001,374 | ---- | C] () -- C:\windows\imsins.BAK
[2009/09/10 03:00:07 | 00,000,000 | -HSD | C] -- C:\windows\Installer
[2009/09/10 03:00:07 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2009/09/10 03:00:04 | 01,685,606 | ---- | C] () -- C:\windows\System32\dllcache\sam.spd
[2009/09/10 03:00:04 | 00,000,888 | ---- | C] () -- C:\windows\System32\dllcache\sam.sdf
[2009/09/10 03:00:03 | 00,643,717 | ---- | C] () -- C:\windows\System32\dllcache\ltts1033.lxa
[2009/09/10 03:00:03 | 00,605,050 | ---- | C] () -- C:\windows\System32\dllcache\r1033tts.lxa
[2009/09/10 03:00:03 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
[2009/09/10 03:00:02 | 00,000,000 | R--D | C] -- C:\Program Files
[2009/09/10 03:00:02 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2009/09/10 03:00:02 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files
[2009/09/10 03:00:00 | 00,066,082 | ---- | C] () -- C:\windows\System32\dllcache\c_28603.nls
[2009/09/10 03:00:00 | 00,066,082 | ---- | C] () -- C:\windows\System32\c_28603.nls
[2009/09/10 02:59:58 | 00,066,594 | ---- | C] () -- C:\windows\System32\dllcache\c_857.nls
[2009/09/10 02:59:58 | 00,066,594 | ---- | C] () -- C:\windows\System32\c_857.nls
[2009/09/10 02:59:58 | 00,066,082 | ---- | C] () -- C:\windows\System32\dllcache\c_28599.nls
[2009/09/10 02:59:58 | 00,066,082 | ---- | C] () -- C:\windows\System32\dllcache\c_10081.nls
[2009/09/10 02:59:58 | 00,066,082 | ---- | C] () -- C:\windows\System32\c_28599.nls
[2009/09/10 02:59:58 | 00,066,082 | ---- | C] () -- C:\windows\System32\c_10081.nls
[2009/09/10 02:59:56 | 00,066,082 | ---- | C] () -- C:\windows\System32\dllcache\c_28595.nls
[2009/09/10 02:59:56 | 00,066,082 | ---- | C] () -- C:\windows\System32\dllcache\c_10017.nls
[2009/09/10 02:59:56 | 00,066,082 | ---- | C] () -- C:\windows\System32\dllcache\c_10007.nls
[2009/09/10 02:59:56 | 00,066,082 | ---- | C] () -- C:\windows\System32\C_28595.NLS
[2009/09/10 02:59:56 | 00,066,082 | ---- | C] () -- C:\windows\System32\c_10017.nls
[2009/09/10 02:59:56 | 00,066,082 | ---- | C] () -- C:\windows\System32\c_10007.nls
[2009/09/10 02:59:54 | 00,066,082 | ---- | C] () -- C:\windows\System32\dllcache\c_28597.nls
[2009/09/10 02:59:54 | 00,066,082 | ---- | C] () -- C:\windows\System32\dllcache\c_10006.nls
[2009/09/10 02:59:54 | 00,066,082 | ---- | C] () -- C:\windows\System32\C_28597.NLS
[2009/09/10 02:59:54 | 00,066,082 | ---- | C] () -- C:\windows\System32\c_10006.nls
[2009/09/10 02:59:53 | 00,066,594 | ---- | C] () -- C:\windows\System32\dllcache\c_869.nls
[2009/09/10 02:59:53 | 00,066,594 | ---- | C] () -- C:\windows\System32\dllcache\c_737.nls
[2009/09/10 02:59:53 | 00,066,594 | ---- | C] () -- C:\windows\System32\c_869.nls
[2009/09/10 02:59:53 | 00,066,594 | ---- | C] () -- C:\windows\System32\c_737.nls
[2009/09/10 02:59:53 | 00,066,082 | ---- | C] () -- C:\windows\System32\dllcache\c_875.nls
[2009/09/10 02:59:53 | 00,066,082 | ---- | C] () -- C:\windows\System32\c_875.nls
[2009/09/10 02:59:52 | 00,066,594 | ---- | C] () -- C:\windows\System32\dllcache\c_866.nls
[2009/09/10 02:59:52 | 00,066,594 | ---- | C] () -- C:\windows\System32\dllcache\c_855.nls
[2009/09/10 02:59:52 | 00,066,594 | ---- | C] () -- C:\windows\System32\c_866.nls
[2009/09/10 02:59:52 | 00,066,594 | ---- | C] () -- C:\windows\System32\c_855.nls
[2009/09/10 02:59:52 | 00,066,082 | ---- | C] () -- C:\windows\System32\dllcache\c_28594.nls
[2009/09/10 02:59:52 | 00,066,082 | ---- | C] () -- C:\windows\System32\C_28594.NLS
[2009/09/10 02:59:52 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2009/09/10 02:59:50 | 00,066,082 | ---- | C] () -- C:\windows\System32\dllcache\c_10082.nls
[2009/09/10 02:59:50 | 00,066,082 | ---- | C] () -- C:\windows\System32\dllcache\c_10029.nls
[2009/09/10 02:59:50 | 00,066,082 | ---- | C] () -- C:\windows\System32\dllcache\c_10010.nls
[2009/09/10 02:59:50 | 00,066,082 | ---- | C] () -- C:\windows\System32\c_10082.nls
[2009/09/10 02:59:50 | 00,066,082 | ---- | C] () -- C:\windows\System32\c_10029.nls
[2009/09/10 02:59:50 | 00,066,082 | ---- | C] () -- C:\windows\System32\c_10010.nls
[2009/09/10 02:59:49 | 00,066,594 | ---- | C] () -- C:\windows\System32\dllcache\c_852.nls
[2009/09/10 02:59:49 | 00,066,594 | ---- | C] () -- C:\windows\System32\c_852.nls
[2009/09/10 02:59:47 | 00,066,082 | ---- | C] () -- C:\windows\System32\dllcache\c_20127.nls
[2009/09/10 02:59:47 | 00,066,082 | ---- | C] () -- C:\windows\System32\c_20127.nls
[2009/09/10 02:59:43 | 00,001,688 | ---- | C] () -- C:\windows\System32\AUTOEXEC.NT
[2009/09/10 02:59:30 | 00,037,484 | ---- | C] () -- C:\windows\System32\dllcache\MW770.CAT
[2009/09/10 02:59:30 | 00,013,472 | ---- | C] () -- C:\windows\System32\dllcache\HPCRDP.CAT
[2009/09/10 02:59:30 | 00,008,574 | ---- | C] () -- C:\windows\System32\dllcache\IASNT4.CAT
[2009/09/10 02:59:30 | 00,007,382 | ---- | C] () -- C:\windows\System32\dllcache\OEMBIOS.CAT
[2009/09/10 02:59:30 | 00,007,334 | ---- | C] () -- C:\windows\System32\dllcache\wmerrenu.cat
[2009/09/10 02:59:29 | 01,042,903 | ---- | C] () -- C:\windows\System32\dllcache\SP2.CAT
[2009/09/10 02:59:29 | 00,797,189 | ---- | C] () -- C:\windows\System32\dllcache\NT5IIS.CAT
[2009/09/10 02:59:29 | 00,399,645 | ---- | C] () -- C:\windows\System32\dllcache\MAPIMIG.CAT
[2009/09/10 02:59:15 | 00,000,000 | ---D | C] -- C:\windows\System32\CatRoot2
[2009/09/10 02:59:15 | 00,000,000 | ---D | C] -- C:\windows\System32\CatRoot
[2009/09/10 02:59:09 | 00,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2009/09/10 02:58:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings
[2009/09/10 02:58:42 | 00,151,584 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2009/09/10 02:57:58 | 00,000,261 | ---- | C] () -- C:\windows\System32\$winnt$.inf
[2009/09/10 02:57:26 | 00,000,000 | -HSD | C] -- C:\System Volume Information
[2009/09/10 02:56:36 | 00,000,000 | -H-- | C] () -- C:\windows\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2009/09/10 02:56:13 | 00,000,000 | ---D | C] -- C:\windows\System32\LogFiles
[2009/09/10 02:56:13 | 00,000,000 | ---D | C] -- C:\windows\System32\drivers\UMDF
[2009/09/10 02:54:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2009/09/10 02:51:02 | 00,025,600 | ---- | C] () -- C:\Documents and Settings\King\Desktop\tedata.doc
[2009/09/10 02:49:14 | 00,000,000 | R-SD | C] -- C:\windows\Fonts
[2009/09/10 02:49:14 | 00,000,000 | RHSD | C] -- C:\windows\System32\dllcache
[2009/09/10 02:49:14 | 00,000,000 | R--D | C] -- C:\windows\Web
[2009/09/10 02:49:14 | 00,000,000 | -H-D | C] -- C:\windows\inf
[2009/09/10 02:49:14 | 00,000,000 | ---D | C] -- C:\windows\WinSxS
[2009/09/10 02:49:14 | 00,000,000 | ---D | C] -- C:\windows\twain_32
[2009/09/10 02:49:14 | 00,000,000 | ---D | C] -- C:\windows\Temp
[2009/09/10 02:49:14 | 00,000,000 | ---D | C] -- C:\windows\System32\wins
[2009/09/10 02:49:14 | 00,000,000 | ---D | C] -- C:\windows\System32\wbem
[2009/09/10 02:49:14 | 00,000,000 | ---D | C] -- C:\windows\System32\usmt
[2009/09/10 02:49:14 | 00,000,000 | ---D | C] -- C:\windows\System32\spool
[2009/09/10 02:49:14 | 00,000,000 | ---D | C] -- C:\windows\System32\ShellExt
[2009/09/10 02:49:14 | 00,000,000 | ---D | C] -- C:\windows\System32\Setup
[2009/09/10 02:49:14 | 00,000,000 | ---D | C] -- C:\windows\System32\ras
[2009/09/10 02:49:14 | 00,000,000 | ---D | C] -- C:\windows\System32\oobe
[2009/09/10 02:49:14 | 00,000,000 | ---D | C] -- C:\windows\System32\npp
[2009/09/10 02:49:14 | 00,000,000 | ---D | C] -- C:\windows\System32\mui
[2009/09/10 02:49:14 | 00,000,000 | ---D | C] -- C:\windows\System32\inetsrv
[2009/09/10 02:49:14 | 00,000,000 | ---D | C] -- C:\windows\System32\IME
[2009/09/10 02:49:14 | 00,000,000 | ---D | C] -- C:\windows\System32\icsxml
[2009/09/10 02:49:14 | 00,000,000 | ---D | C] -- C:\windows\System32\ias
[2009/09/10 02:49:14 | 00,000,000 | ---D | C] -- C:\windows\System32\export
[2009/09/10 02:49:14 | 00,000,000 | ---D | C] -- C:\windows\System32\drivers\etc
[2009/09/10 02:49:14 | 00,000,000 | ---D | C] -- C:\windows\System32\drivers\disdn
[2009/09/10 02:49:14 | 00,000,000 | ---D | C] -- C:\windows\System32\drivers
[2009/09/10 02:49:14 | 00,000,000 | ---D | C] -- C:\windows\System32\dhcp
[2009/09/10 02:49:14 | 00,000,000 | ---D | C] -- C:\windows\System32\config
[2009/09/10 02:49:14 | 00,000,000 | ---D | C] -- C:\windows\System32\3com_dmi
[2009/09/10 02:49:14 | 00,000,000 | ---D | C] -- C:\windows\System32\3076
[2009/09/10 02:49:14 | 00,000,000 | ---D | C] -- C:\windows\System32\2052
[2009/09/10 02:49:14 | 00,000,000 | ---D | C] -- C:\windows\System32\1054
[2009/09/10 02:49:14 | 00,000,000 | ---D | C] -- C:\windows\System32\1042
[2009/09/10 02:49:14 | 00,000,000 | ---D | C] -- C:\windows\System32\1041
[2009/09/10 02:49:14 | 00,000,000 | ---D | C] -- C:\windows\System32\1037
[2009/09/10 02:49:14 | 00,000,000 | ---D | C] -- C:\windows\System32\1033
[2009/09/10 02:49:14 | 00,000,000 | ---D | C] -- C:\windows\System32\1031
[2009/09/10 02:49:14 | 00,000,000 | ---D | C] -- C:\windows\System32\1028
[2009/09/10 02:49:14 | 00,000,000 | ---D | C] -- C:\windows\System32\1025
[2009/09/10 02:49:14 | 00,000,000 | ---D | C] -- C:\windows\system32
[2009/09/10 02:49:14 | 00,000,000 | ---D | C] -- C:\windows\system
[2009/09/10 02:49:14 | 00,000,000 | ---D | C] -- C:\windows\security
[2009/09/10 02:49:14 | 00,000,000 | ---D | C] -- C:\windows\Resources
[2009/09/10 02:49:14 | 00,000,000 | ---D | C] -- C:\windows\repair
[2009/09/10 02:49:14 | 00,000,000 | ---D | C] -- C:\windows\Provisioning
[2009/09/10 02:49:14 | 00,000,000 | ---D | C] -- C:\windows\PeerNet
[2009/09/10 02:49:14 | 00,000,000 | ---D | C] -- C:\windows\pchealth
[2009/09/10 02:49:14 | 00,000,000 | ---D | C] -- C:\windows\mui
[2009/09/10 02:49:14 | 00,000,000 | ---D | C] -- C:\windows\msapps
[2009/09/10 02:49:14 | 00,000,000 | ---D | C] -- C:\windows\msagent
[2009/09/10 02:49:14 | 00,000,000 | ---D | C] -- C:\windows\Media
[2009/09/10 02:49:14 | 00,000,000 | ---D | C] -- C:\windows\java
[2009/09/10 02:49:14 | 00,000,000 | ---D | C] -- C:\windows\ime
[2009/09/10 02:49:14 | 00,000,000 | ---D | C] -- C:\windows\Help
[2009/09/10 02:49:14 | 00,000,000 | ---D | C] -- C:\windows\ehome
[2009/09/10 02:49:14 | 00,000,000 | ---D | C] -- C:\windows\Driver Cache
[2009/09/10 02:49:14 | 00,000,000 | ---D | C] -- C:\windows\Debug
[2009/09/10 02:49:14 | 00,000,000 | ---D | C] -- C:\windows\Cursors
[2009/09/10 02:49:14 | 00,000,000 | ---D | C] -- C:\windows\Connection Wizard
[2009/09/10 02:49:14 | 00,000,000 | ---D | C] -- C:\windows\Config
[2009/09/10 02:49:14 | 00,000,000 | ---D | C] -- C:\windows\AppPatch
[2009/09/10 02:49:14 | 00,000,000 | ---D | C] -- C:\windows\addins
[2009/09/10 02:49:14 | 00,000,000 | ---D | C] -- C:\WINDOWS
[2009/09/10 02:28:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\King\Application Data\Macromedia
[2009/09/10 02:28:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\King\Application Data\Adobe
[2009/09/10 01:58:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\King\Local Settings\Application Data\Opera
[2009/09/10 01:58:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\King\Application Data\Opera
[2009/09/10 01:58:29 | 00,000,638 | ---- | C] () -- C:\Documents and Settings\King\Desktop\Opera.lnk
[2009/09/10 01:58:19 | 00,000,000 | ---D | C] -- C:\Program Files\Opera
[2009/09/10 01:32:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\King\Application Data\ESET
[2009/09/10 01:30:55 | 00,000,000 | ---D | C] -- C:\Program Files\ESET
[2009/09/10 01:30:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ESET
[2009/09/10 01:06:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\King\My Documents\Downloads
[2009/09/10 01:06:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\King\Application Data\IDM
[2009/09/10 01:06:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\King\Application Data\DMCache
[2009/09/10 01:06:14 | 00,000,000 | ---D | C] -- C:\Program Files\Internet Download Manager
[2009/09/10 01:05:24 | 00,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2009/09/10 00:58:22 | 00,000,000 | ---D | C] -- C:\windows\System32\SoftwareDistribution
[2009/09/09 12:52:58 | 00,210,352 | ---- | C] (Tonec Inc.) -- C:\windows\System32\idmmbc.dll
[2009/09/09 10:56:40 | 00,018,004 | ---- | C] (Silan Micro-Electronics Inc.) -- C:\windows\System32\drivers\slnt.sys
[2009/09/09 10:56:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\King\Desktop\RTL8139D
[2009/09/09 10:52:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\King\Desktop\Section_Media_1011290
[2009/09/09 10:49:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\King\Application Data\Identities
[2009/09/09 10:49:22 | 00,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2009/09/09 10:49:21 | 00,000,000 | R--D | C] -- C:\Documents and Settings\King\My Documents\My Music
[2009/09/09 10:49:20 | 00,000,000 | R--D | C] -- C:\Documents and Settings\King\My Documents\My Pictures
[2009/09/09 10:49:15 | 00,000,000 | --SD | C] -- C:\Documents and Settings\King\Application Data\Microsoft
[2009/09/09 10:49:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\King\Local Settings\Application Data\Microsoft
[2009/09/09 10:49:13 | 40,218,2144 | -HS- | C] () -- C:\hiberfil.sys
[2009/09/09 10:47:47 | 00,000,000 | ---D | C] -- C:\windows\SoftwareDistribution
[2009/09/09 10:47:46 | 00,000,006 | -H-- | C] () -- C:\windows\tasks\SA.DAT
[2009/09/09 10:47:45 | 00,000,000 | --SD | C] -- C:\windows\System32\Microsoft
[2009/09/09 10:47:39 | 00,008,192 | ---- | C] () -- C:\windows\REGLOCS.OLD
[2009/09/09 10:46:46 | 00,002,048 | --S- | C] () -- C:\windows\bootstat.dat
[2009/09/09 10:46:30 | 00,028,288 | ---- | C] () -- C:\windows\System32\dllcache\xjis.nls
[2009/09/09 10:45:49 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\windows\System32\dllcache\rwia330.dll
[2009/09/09 10:45:49 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\windows\System32\dllcache\rwia001.dll
[2009/09/09 10:45:41 | 00,083,748 | ---- | C] () -- C:\windows\System32\dllcache\prcp.nls
[2009/09/09 10:45:41 | 00,083,748 | ---- | C] () -- C:\windows\System32\dllcache\prc.nls
[2009/09/09 10:45:39 | 00,175,104 | ---- | C] () -- C:\windows\System32\dllcache\pintlcsa.dll
[2009/09/09 10:45:09 | 00,047,066 | ---- | C] () -- C:\windows\System32\dllcache\ksc.nls
[2009/09/09 10:45:08 | 01,158,818 | ---- | C] () -- C:\windows\System32\dllcache\korwbrkr.lex
[2009/09/09 10:44:59 | 00,059,392 | ---- | C] () -- C:\windows\System32\dllcache\imscinst.exe
[2009/09/09 10:44:57 | 00,196,665 | ---- | C] () -- C:\windows\System32\dllcache\imjpinst.exe
[2009/09/09 10:44:54 | 00,134,339 | ---- | C] () -- C:\windows\System32\dllcache\imekr.lex
[2009/09/09 10:44:42 | 13,463,552 | ---- | C] () -- C:\windows\System32\dllcache\hwxjpn.dll
[2009/09/09 10:44:35 | 00,108,827 | ---- | C] () -- C:\windows\System32\dllcache\hanja.lex
[2009/09/09 10:44:24 | 00,045,056 | ---- | C] (SEIKO EPSON CORP.) -- C:\windows\System32\dllcache\esunid.dll
[2009/09/09 10:44:23 | 00,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\windows\System32\dllcache\esuimgd.dll
[2009/09/09 10:44:23 | 00,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\windows\System32\dllcache\esucmd.dll
[2009/09/09 10:44:09 | 00,173,568 | ---- | C] () -- C:\windows\System32\dllcache\chtskf.dll
[2009/09/09 10:44:05 | 00,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\windows\System32\dllcache\cap7146.sys
[2009/09/09 10:44:04 | 00,066,082 | ---- | C] () -- C:\windows\System32\dllcache\c_870.nls
[2009/09/09 10:44:03 | 00,066,594 | ---- | C] () -- C:\windows\System32\dllcache\c_858.nls
[2009/09/09 10:44:02 | 00,180,770 | ---- | C] () -- C:\windows\System32\dllcache\c_20932.nls
[2009/09/09 10:44:02 | 00,177,698 | ---- | C] () -- C:\windows\System32\dllcache\c_20949.nls
[2009/09/09 10:44:02 | 00,173,602 | ---- | C] () -- C:\windows\System32\dllcache\c_20936.nls
[2009/09/09 10:44:02 | 00,066,082 | ---- | C] () -- C:\windows\System32\dllcache\c_21027.nls
[2009/09/09 10:44:02 | 00,066,082 | ---- | C] () -- C:\windows\System32\dllcache\c_21025.nls
[2009/09/09 10:44:02 | 00,066,082 | ---- | C] () -- C:\windows\System32\dllcache\c_20924.nls
[2009/09/09 10:44:02 | 00,066,082 | ---- | C] () -- C:\windows\System32\dllcache\c_20880.nls
[2009/09/09 10:44:01 | 00,066,082 | ---- | C] () -- C:\windows\System32\dllcache\c_20871.nls
[2009/09/09 10:44:01 | 00,066,082 | ---- | C] () -- C:\windows\System32\dllcache\c_20838.nls
[2009/09/09 10:44:01 | 00,066,082 | ---- | C] () -- C:\windows\System32\dllcache\c_20833.nls
[2009/09/09 10:44:01 | 00,066,082 | ---- | C] () -- C:\windows\System32\dllcache\c_20424.nls
[2009/09/09 10:44:01 | 00,066,082 | ---- | C] () -- C:\windows\System32\dllcache\c_20423.nls
[2009/09/09 10:44:01 | 00,066,082 | ---- | C] () -- C:\windows\System32\dllcache\c_20297.nls
[2009/09/09 10:44:01 | 00,066,082 | ---- | C] () -- C:\windows\System32\dllcache\c_20290.nls
[2009/09/09 10:44:00 | 00,066,082 | ---- | C] () -- C:\windows\System32\dllcache\c_20285.nls
[2009/09/09 10:44:00 | 00,066,082 | ---- | C] () -- C:\windows\System32\dllcache\c_20284.nls
[2009/09/09 10:44:00 | 00,066,082 | ---- | C] () -- C:\windows\System32\dllcache\c_20280.nls
[2009/09/09 10:44:00 | 00,066,082 | ---- | C] () -- C:\windows\System32\dllcache\c_20278.nls
[2009/09/09 10:44:00 | 00,066,082 | ---- | C] () -- C:\windows\System32\dllcache\c_20277.nls
[2009/09/09 10:44:00 | 00,066,082 | ---- | C] () -- C:\windows\System32\dllcache\c_20273.nls
[2009/09/09 10:44:00 | 00,066,082 | ---- | C] () -- C:\windows\System32\dllcache\c_20269.nls
[2009/09/09 10:43:59 | 00,187,938 | ---- | C] () -- C:\windows\System32\dllcache\c_20005.nls
[2009/09/09 10:43:59 | 00,185,378 | ---- | C] () -- C:\windows\System32\dllcache\c_20003.nls
[2009/09/09 10:43:59 | 00,180,258 | ---- | C] () -- C:\windows\System32\dllcache\c_20004.nls
[2009/09/09 10:43:59 | 00,066,082 | ---- | C] () -- C:\windows\System32\dllcache\c_20108.nls
[2009/09/09 10:43:59 | 00,066,082 | ---- | C] () -- C:\windows\System32\dllcache\c_20107.nls
[2009/09/09 10:43:59 | 00,066,082 | ---- | C] () -- C:\windows\System32\dllcache\c_20106.nls
[2009/09/09 10:43:59 | 00,066,082 | ---- | C] () -- C:\windows\System32\dllcache\c_20105.nls
[2009/09/09 10:43:58 | 00,189,986 | ---- | C] () -- C:\windows\System32\dllcache\c_1361.nls
[2009/09/09 10:43:58 | 00,186,402 | ---- | C] () -- C:\windows\System32\dllcache\c_20001.nls
[2009/09/09 10:43:58 | 00,180,258 | ---- | C] () -- C:\windows\System32\dllcache\c_20000.nls
[2009/09/09 10:43:58 | 00,173,602 | ---- | C] () -- C:\windows\System32\dllcache\c_20002.nls
[2009/09/09 10:43:58 | 00,066,082 | ---- | C] () -- C:\windows\System32\dllcache\c_1149.nls
[2009/09/09 10:43:57 | 00,066,082 | ---- | C] () -- C:\windows\System32\dllcache\c_1148.nls
[2009/09/09 10:43:57 | 00,066,082 | ---- | C] () -- C:\windows\System32\dllcache\c_1147.nls
[2009/09/09 10:43:57 | 00,066,082 | ---- | C] () -- C:\windows\System32\dllcache\c_1146.nls
[2009/09/09 10:43:57 | 00,066,082 | ---- | C] () -- C:\windows\System32\dllcache\c_1145.nls
[2009/09/09 10:43:57 | 00,066,082 | ---- | C] () -- C:\windows\System32\dllcache\c_1144.nls
[2009/09/09 10:43:57 | 00,066,082 | ---- | C] () -- C:\windows\System32\dllcache\c_1143.nls
[2009/09/09 10:43:57 | 00,066,082 | ---- | C] () -- C:\windows\System32\dllcache\c_1142.nls
[2009/09/09 10:43:56 | 00,173,602 | ---- | C] () -- C:\windows\System32\dllcache\c_10008.nls
[2009/09/09 10:43:56 | 00,066,082 | ---- | C] () -- C:\windows\System32\dllcache\c_1141.nls
[2009/09/09 10:43:56 | 00,066,082 | ---- | C] () -- C:\windows\System32\dllcache\c_1140.nls
[2009/09/09 10:43:56 | 00,066,082 | ---- | C] () -- C:\windows\System32\dllcache\c_1047.nls
[2009/09/09 10:43:55 | 00,195,618 | ---- | C] () -- C:\windows\System32\dllcache\c_10002.nls
[2009/09/09 10:43:55 | 00,177,698 | ---- | C] () -- C:\windows\System32\dllcache\c_10003.nls
[2009/09/09 10:43:55 | 00,162,850 | ---- | C] () -- C:\windows\System32\dllcache\c_10001.nls
[2009/09/09 10:43:54 | 00,082,172 | ---- | C] () -- C:\windows\System32\dllcache\bopomofo.nls
[2009/09/09 10:43:54 | 00,066,728 | ---- | C] () -- C:\windows\System32\dllcache\big5.nls
[2009/09/09 10:43:19 | 00,000,000 | ---D | C] -- C:\Program Files\xerox
[2009/09/09 10:43:18 | 00,000,000 | ---D | C] -- C:\windows\System32\xircom
[2009/09/09 10:43:18 | 00,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2009/09/09 10:42:52 | 00,000,000 | -H-D | C] -- C:\windows\$hf_mig$
[2009/09/09 10:42:36 | 00,002,577 | ---- | C] () -- C:\windows\System32\CONFIG.NT
[2009/09/09 10:42:35 | 00,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2009/09/09 10:42:35 | 00,000,000 | RHS- | C] () -- C:\IO.SYS
[2009/09/09 10:42:24 | 00,023,392 | ---- | C] () -- C:\windows\System32\nscompat.tlb
[2009/09/09 10:42:24 | 00,016,832 | ---- | C] () -- C:\windows\System32\amcompat.tlb
[2009/09/09 10:42:22 | 00,316,640 | ---- | C] () -- C:\windows\WMSysPr9.prx
[2009/09/09 10:40:51 | 00,000,488 | RH-- | C] () -- C:\windows\System32\WindowsLogon.manifest
[2009/09/09 10:40:51 | 00,000,488 | RH-- | C] () -- C:\windows\System32\logonui.exe.manifest
[2009/09/09 10:40:51 | 00,000,000 | --SD | C] -- C:\windows\Downloaded Program Files
[2009/09/09 10:40:51 | 00,000,000 | R--D | C] -- C:\windows\Offline Web Pages
[2009/09/09 10:40:40 | 00,000,749 | RH-- | C] () -- C:\windows\WindowsShell.Manifest
[2009/09/09 10:40:40 | 00,000,749 | RH-- | C] () -- C:\windows\System32\wuaucpl.cpl.manifest
[2009/09/09 10:40:40 | 00,000,749 | RH-- | C] () -- C:\windows\System32\sapi.cpl.manifest
[2009/09/09 10:40:40 | 00,000,749 | RH-- | C] () -- C:\windows\System32\nwc.cpl.manifest
[2009/09/09 10:40:40 | 00,000,749 | RH-- | C] () -- C:\windows\System32\ncpa.cpl.manifest
[2009/09/09 10:40:40 | 00,000,749 | RH-- | C] () -- C:\windows\System32\cdplayer.exe.manifest
[2009/09/09 10:40:34 | 00,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2009/09/09 10:40:18 | 04,399,505 | ---- | C] () -- C:\windows\System32\dllcache\nls302en.lex
[2009/09/09 10:40:09 | 00,000,000 | ---D | C] -- C:\windows\System32\DirectX
[2009/09/09 10:39:45 | 00,048,680 | -HS- | C] () -- C:\windows\winnt256.bmp
[2009/09/09 10:39:45 | 00,048,680 | -HS- | C] () -- C:\windows\winnt.bmp
[2009/09/09 10:39:38 | 00,000,984 | ---- | C] () -- C:\windows\System32\dllcache\srframe.mmf
[2009/09/09 10:39:36 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2009/09/09 10:39:33 | 00,000,000 | --SD | C] -- C:\windows\Tasks
[2009/09/09 10:39:32 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2009/09/09 10:39:28 | 00,000,000 | ---D | C] -- C:\windows\System32\Macromed
[2009/09/09 10:39:28 | 00,000,000 | ---D | C] -- C:\windows\srchasst
[2009/09/09 10:39:19 | 00,000,000 | ---D | C] -- C:\Program Files\Movie Maker
[2009/09/09 10:39:11 | 00,000,000 | ---D | C] -- C:\windows\System32\Restore
[2009/09/09 10:39:07 | 00,000,000 | ---D | C] -- C:\Program Files\NetMeeting
[2009/09/09 10:39:03 | 00,000,000 | ---D | C] -- C:\Program Files\Outlook Express
[2009/09/09 10:38:56 | 00,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2009/09/09 10:38:56 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2009/09/09 10:38:53 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2009/09/09 10:38:08 | 00,021,640 | ---- | C] () -- C:\windows\System32\emptyregdb.dat
[2009/09/09 10:38:00 | 00,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2009/09/09 10:37:53 | 00,000,000 | ---D | C] -- C:\windows\Registration
[2009/09/09 10:37:46 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2009/09/09 10:37:46 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
[2009/09/09 10:37:46 | 00,000,000 | ---D | C] -- C:\Program Files\Online Services
[2009/09/09 10:37:39 | 00,000,000 | ---D | C] -- C:\Program Files\Messenger
[2009/09/09 10:37:35 | 00,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone
[2009/09/09 10:37:18 | 00,065,954 | ---- | C] () -- C:\windows\Prairie Wind.bmp
[2009/09/09 10:37:18 | 00,065,832 | ---- | C] () -- C:\windows\Santa Fe Stucco.bmp
[2009/09/09 10:37:18 | 00,026,680 | ---- | C] () -- C:\windows\River Sumida.bmp
[2009/09/09 10:37:18 | 00,026,582 | ---- | C] () -- C:\windows\Greenstone.bmp
[2009/09/09 10:37:18 | 00,017,362 | ---- | C] () -- C:\windows\Rhododendron.bmp
[2009/09/09 10:37:18 | 00,009,522 | ---- | C] () -- C:\windows\Zapotec.bmp
[2009/09/09 10:37:17 | 00,093,702 | ---- | C] () -- C:\windows\System32\subrange.uce
[2009/09/09 10:37:17 | 00,065,978 | ---- | C] () -- C:\windows\Soap Bubbles.bmp
[2009/09/09 10:37:17 | 00,017,336 | ---- | C] () -- C:\windows\Gone Fishing.bmp
[2009/09/09 10:37:17 | 00,017,062 | ---- | C] () -- C:\windows\Coffee Bean.bmp
[2009/09/09 10:37:17 | 00,016,740 | ---- | C] () -- C:\windows\System32\shiftjis.uce
[2009/09/09 10:37:17 | 00,016,730 | ---- | C] () -- C:\windows\FeatherTexture.bmp
[2009/09/09 10:37:17 | 00,012,876 | ---- | C] () -- C:\windows\System32\korean.uce
[2009/09/09 10:37:17 | 00,001,272 | ---- | C] () -- C:\windows\Blue Lace 16.bmp
[2009/09/09 10:37:16 | 00,060,458 | ---- | C] () -- C:\windows\System32\ideograf.uce
[2009/09/09 10:37:16 | 00,024,006 | ---- | C] () -- C:\windows\System32\gb2312.uce
[2009/09/09 10:37:16 | 00,022,984 | ---- | C] () -- C:\windows\System32\bopomofo.uce
[2009/09/09 10:37:16 | 00,008,484 | ---- | C] () -- C:\windows\System32\kanji_2.uce
[2009/09/09 10:37:16 | 00,006,948 | ---- | C] () -- C:\windows\System32\kanji_1.uce
[2009/09/09 10:37:14 | 00,003,286 | ---- | C] () -- C:\windows\System32\tslabels.h
[2009/09/09 10:37:14 | 00,001,161 | ---- | C] () -- C:\windows\System32\usrlogon.cmd
[2009/09/09 10:37:13 | 00,000,768 | ---- | C] () -- C:\windows\System32\msdtcprf.h
[2009/09/09 10:37:06 | 00,063,488 | ---- | C] () -- C:\windows\System32\wmimgmt.msc
[2009/09/09 10:36:53 | 00,000,000 | ---D | C] -- C:\Program Files\MSN
[2009/09/09 10:36:50 | 00,000,000 | ---D | C] -- C:\Program Files\Windows NT
[2009/09/09 10:36:47 | 00,000,000 | ---D | C] -- C:\windows\System32\MsDtc
[2009/09/09 10:36:45 | 00,000,000 | ---D | C] -- C:\windows\System32\Com
[2009/09/09 10:36:31 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos

========== Files - Modified Within 14 Days ==========

[1 C:\windows\System32\*.tmp files]
[5 C:\windows\*.tmp files]
[2009/09/12 21:00:58 | 00,406,931 | ---- | M] () -- C:\Documents and Settings\King\Desktop\kaspersky internet security 2010 stops working everytime i boot and in.mht
[2009/09/12 20:41:09 | 00,000,886 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2009/09/12 20:34:13 | 00,054,156 | -H-- | M] () -- C:\windows\QTFont.qfn
[2009/09/12 20:34:10 | 00,000,260 | ---- | M] () -- C:\windows\tasks\WGASetup.job
[2009/09/12 20:34:06 | 00,000,882 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2009/09/12 20:33:56 | 00,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT
[2009/09/12 20:33:48 | 00,002,048 | --S- | M] () -- C:\windows\bootstat.dat
[2009/09/12 20:33:44 | 40,218,2144 | -HS- | M] () -- C:\hiberfil.sys
[2009/09/12 18:50:23 | 04,803,928 | -H-- | M] () -- C:\Documents and Settings\King\Local Settings\Application Data\IconCache.db
[2009/09/12 18:16:41 | 00,001,409 | ---- | M] () -- C:\windows\QTFont.for
[2009/09/12 18:16:40 | 00,000,507 | ---- | M] () -- C:\windows\win.ini
[2009/09/12 18:16:39 | 00,000,227 | ---- | M] () -- C:\windows\system.ini
[2009/09/12 18:15:15 | 00,041,237 | ---- | M] () -- C:\windows\System32\nvapps.xml
[2009/09/12 17:09:15 | 00,011,776 | ---- | M] () -- C:\Documents and Settings\King\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/12 16:47:27 | 00,001,374 | ---- | M] () -- C:\windows\imsins.BAK
[2009/09/12 16:42:51 | 00,002,206 | ---- | M] () -- C:\windows\System32\wpa.dbl
[2009/09/12 12:18:21 | 00,048,607 | ---- | M] () -- C:\Documents and Settings\King\Desktop\[torrents.ru].t1421258.torrent
[2009/09/12 11:28:41 | 00,002,327 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Learn to Speak French Deluxe 9.lnk
[2009/09/12 04:02:08 | 00,311,740 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2009/09/12 04:02:08 | 00,040,128 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2009/09/12 04:02:07 | 00,356,120 | ---- | M] () -- C:\windows\System32\PerfStringBackup.INI
[2009/09/12 03:59:01 | 00,151,584 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2009/09/12 03:22:04 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2009/09/12 02:53:08 | 00,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2009/09/12 02:21:50 | 00,198,219 | ---- | M] () -- C:\Documents and Settings\King\My Documents\HalfDayMar20B-Tx.pdf
[2009/09/12 02:21:31 | 00,266,007 | ---- | M] () -- C:\Documents and Settings\King\My Documents\Aortic valve replacement for active infectious endocarditis in 108 patients. A comparison of freehand allograft valves with mechanical prostheses and bioprostheses .mht
[2009/09/12 02:19:34 | 00,714,076 | ---- | M] () -- C:\Documents and Settings\King\My Documents\Diagnosis and Management of Infective Endocarditis and Its Complications -- Bayer et al. 98 (25)_ 2936 -- Circulation.mht
[2009/09/12 02:18:07 | 00,579,649 | ---- | M] () -- C:\Documents and Settings\King\My Documents\Prosthetic valve endocarditis_ clinicopathologic a...[Am J Cardiol. 1976] - PubMed Result.mht
[2009/09/12 02:15:04 | 00,258,875 | ---- | M] () -- C:\Documents and Settings\King\My Documents\Infective Endocarditis in Adults -- Medical Progress article from New England Journal of Medicine.mht
[2009/09/12 02:07:34 | 00,301,712 | ---- | M] () -- C:\Documents and Settings\King\My Documents\Wiley InterScience JOURNALS Australian Dental Journal.mht
[2009/09/12 02:06:01 | 00,475,875 | ---- | M] () -- C:\Documents and Settings\King\My Documents\Infective endocarditis, dentistry and antibiotic prophylaxis; time for a rethink Abstract British Dental Journal.mht
[2009/09/12 02:05:02 | 00,002,361 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nero StartSmart Essentials.lnk
[2009/09/12 02:05:02 | 00,002,261 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nero Home Essentials SE.lnk
[2009/09/12 02:05:02 | 00,001,879 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nero Online Upgrade.lnk
[2009/09/12 01:52:14 | 00,179,972 | ---- | M] () -- C:\Documents and Settings\King\My Documents\Infective Endocarditis (previously referred to as bacterial endocarditis).mht
[2009/09/12 01:47:32 | 00,143,316 | ---- | M] () -- C:\Documents and Settings\King\My Documents\New guidelines regarding antibiotics to prevent infective endocarditis.mht
[2009/09/12 01:46:16 | 00,114,987 | ---- | M] () -- C:\Documents and Settings\King\My Documents\ADA_org A-Z Topics Infective Endocarditis.mht
[2009/09/10 23:46:57 | 00,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2009/09/10 23:46:38 | 00,001,713 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Visit Broderbund.com.lnk
[2009/09/10 21:24:24 | 00,000,640 | ---- | M] () -- C:\Documents and Settings\King\Desktop\Shortcut to cald3.lnk
[2009/09/10 17:32:02 | 00,001,606 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Cambridge Practice.lnk
[2009/09/10 17:05:08 | 00,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/09/10 16:57:45 | 00,000,698 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DAEMON Tools.lnk
[2009/09/10 16:24:50 | 00,685,816 | ---- | M] () -- C:\windows\System32\drivers\sptd.sys
[2009/09/10 05:09:18 | 00,000,897 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer SP.lnk
[2009/09/10 05:08:18 | 00,278,528 | ---- | M] (Real Networks, Inc) -- C:\windows\System32\pncrt.dll
[2009/09/10 04:21:30 | 00,000,630 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2009/09/10 03:05:40 | 00,000,524 | ---- | M] () -- C:\Documents and Settings\King\Desktop\CDisplay.lnk
[2009/09/10 03:00:58 | 00,023,392 | ---- | M] () -- C:\windows\System32\nscompat.tlb
[2009/09/10 03:00:58 | 00,016,832 | ---- | M] () -- C:\windows\System32\amcompat.tlb
[2009/09/10 02:56:36 | 00,000,000 | -H-- | M] () -- C:\windows\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2009/09/10 01:58:29 | 00,000,638 | ---- | M] () -- C:\Documents and Settings\King\Desktop\Opera.lnk
[2009/09/09 21:55:17 | 00,025,600 | ---- | M] () -- C:\Documents and Settings\King\Desktop\tedata.doc
[2009/09/09 13:43:08 | 00,210,352 | ---- | M] (Tonec Inc.) -- C:\windows\System32\idmmbc.dll
[2009/09/09 10:47:39 | 00,008,192 | ---- | M] () -- C:\windows\REGLOCS.OLD
[2009/09/09 10:46:46 | 00,000,261 | ---- | M] () -- C:\windows\System32\$winnt$.inf
[2009/09/09 10:42:36 | 00,002,577 | ---- | M] () -- C:\windows\System32\CONFIG.NT
[2009/09/09 10:42:35 | 00,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2009/09/09 10:42:35 | 00,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/09/09 10:42:35 | 00,000,000 | ---- | M] () -- C:\windows\control.ini
[2009/09/09 10:42:26 | 00,316,640 | ---- | M] () -- C:\windows\WMSysPr9.prx
[2009/09/09 10:42:12 | 00,004,161 | ---- | M] () -- C:\windows\ODBCINST.INI
[2009/09/09 10:40:51 | 00,000,488 | RH-- | M] () -- C:\windows\System32\WindowsLogon.manifest
[2009/09/09 10:40:51 | 00,000,488 | RH-- | M] () -- C:\windows\System32\logonui.exe.manifest
[2009/09/09 10:40:40 | 00,000,749 | RH-- | M] () -- C:\windows\WindowsShell.Manifest
[2009/09/09 10:40:40 | 00,000,749 | RH-- | M] () -- C:\windows\System32\wuaucpl.cpl.manifest
[2009/09/09 10:40:40 | 00,000,749 | RH-- | M] () -- C:\windows\System32\sapi.cpl.manifest
[2009/09/09 10:40:40 | 00,000,749 | RH-- | M] () -- C:\windows\System32\nwc.cpl.manifest
[2009/09/09 10:40:40 | 00,000,749 | RH-- | M] () -- C:\windows\System32\ncpa.cpl.manifest
[2009/09/09 10:40:40 | 00,000,749 | RH-- | M] () -- C:\windows\System32\cdplayer.exe.manifest
[2009/09/09 10:38:08 | 00,021,640 | ---- | M] () -- C:\windows\System32\emptyregdb.dat
[2009/09/09 10:37:58 | 00,000,037 | ---- | M] () -- C:\windows\vbaddin.ini
[2009/09/09 10:37:58 | 00,000,036 | ---- | M] () -- C:\windows\vb.ini

========== LOP Check ==========

[2009/09/12 18:29:59 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/09/10 01:30:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2009/09/12 18:33:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/09/12 02:02:46 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\King\Application Data
[2009/09/12 04:02:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\King\Application Data\Ahead
[2009/09/10 21:25:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\King\Application Data\cald3
[2009/09/12 21:02:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\King\Application Data\DMCache
[2009/09/10 01:32:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\King\Application Data\ESET
[2009/09/11 22:45:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\King\Application Data\GuiltyGearIsuka
[2009/09/12 20:40:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\King\Application Data\IDM
[2009/09/10 01:58:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\King\Application Data\Opera
[2009/09/10 23:52:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\King\Application Data\The Learning Company
[2009/09/10 04:34:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\King\Application Data\U3
[2009/09/12 21:02:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\King\Application Data\uTorrent
[2006/02/28 15:00:00 | 00,000,065 | RH-- | M] () -- C:\windows\Tasks\desktop.ini
[2009/09/12 20:34:06 | 00,000,882 | ---- | M] () -- C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
[2009/09/12 20:41:09 | 00,000,886 | ---- | M] () -- C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
[2009/09/12 20:33:56 | 00,000,006 | -H-- | M] () -- C:\windows\Tasks\SA.DAT
[2009/09/12 20:34:10 | 00,000,260 | ---- | M] () -- C:\windows\Tasks\WGASetup.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %systemroot%\system32\eventlog.dll >
[2008/04/14 03:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\eventlog.dll
[1 C:\windows\system32\*.tmp files]

< %systemroot%\system32\scecli.dll >
[2008/04/14 03:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\scecli.dll
[1 C:\windows\system32\*.tmp files]

< %systemroot%\netlogon.dll >

< %systemroot%\system32\cngaudit.dll >

< %systemroot%\system32\sceclt.dll >

< %systemroot%\ntelogon.dll >

< %systemroot%\system32\logevent.dll >

========== Alternate Data Streams ==========

@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
< End of report >

Extras.txt


OTL Extras logfile created on: 9/12/2009 9:02:55 PM - Run 1
OTL by OldTimer - Version 3.0.11.0 Folder = C:\Documents and Settings\King\My Documents\Downloads\Programs
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

383.48 Mb Total Physical Memory | 155.21 Mb Available Physical Memory | 40.47% Memory free
920.01 Mb Paging File | 700.95 Mb Available in Paging File | 76.19% Paging File free
Paging file location(s): C:\pagefile.sys 576 1152 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 19.54 Gb Total Space | 11.79 Gb Free Space | 60.35% Space Free | Partition Type: NTFS
Drive D: | 54.98 Gb Total Space | 10.68 Gb Free Space | 19.43% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 230.58 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive H: | 514.04 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
I: Drive not present or media not loaded

Computer Name: KING-334DBFDB9F
Current User Name: King
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\opera.exe (Opera Software)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1C00A3F1-6DA0-49F8-94E4-01AB6FC01033}" = Nero 7 Essentials
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 15
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{B7603DF7-DFD6-4ECD-8AF8-1182EE4BFF9F}" = Learn to Speak French Deluxe 9
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{EDD5DA26-1D0A-4AF4-9B7C-E21ADD578A96}" = ESET Smart Security
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Ask Toolbar_is1" = Ask Toolbar
"CDisplay_is1" = CDisplay 1.8
"Google Chrome" = Google Chrome
"ie8" = Windows Internet Explorer 8
"Internet Download Manager" = Internet Download Manager
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.0.9 (Full) BETA
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NodEnabler" = NodEnabler 3.0
"NVIDIA Drivers" = NVIDIA Drivers
"Opera" = Opera
"QuickTime" = QuickTime
"RealPlayer 12.0" = RealPlayer
"uTorrent" = µTorrent
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/9/2009 6:00:19 PM | Computer Name = KING-334DBFDB9F | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
module flash.ocx, version 6.0.79.0, fault address 0x0001cfd3.

Error - 9/9/2009 6:10:25 PM | Computer Name = KING-334DBFDB9F | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
module mshtml.dll, version 6.0.2900.2853, fault address 0x0023e2ce.

Error - 9/9/2009 6:12:13 PM | Computer Name = KING-334DBFDB9F | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
module mshtml.dll, version 6.0.2900.2853, fault address 0x0023e2ce.

Error - 9/9/2009 6:24:50 PM | Computer Name = KING-334DBFDB9F | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
module mshtml.dll, version 6.0.2900.2853, fault address 0x0023e2ce.

Error - 9/10/2009 9:41:05 AM | Computer Name = KING-334DBFDB9F | Source = Google Update | ID = 20
Description =

Error - 9/11/2009 3:45:17 PM | Computer Name = KING-334DBFDB9F | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting
module explorer.exe, version 6.0.2900.2180, fault address 0x0003eec4.

Error - 9/11/2009 3:45:58 PM | Computer Name = KING-334DBFDB9F | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting
module explorer.exe, version 6.0.2900.2180, fault address 0x0003eec2.

Error - 9/11/2009 3:46:00 PM | Computer Name = KING-334DBFDB9F | Source = Application Error | ID = 1000
Description = Faulting application ggdx.exe, version 1.0.0.1, faulting module d3d8.dll,
version 5.3.2600.2180, fault address 0x0003e435.

[ System Events ]
Error - 9/10/2009 12:42:22 PM | Computer Name = KING-334DBFDB9F | Source = ipnathlp | ID = 32003
Description = The Network Address Translator (NAT) was unable to request an operation
of
the kernel-mode translation module. This may indicate misconfiguration, insufficient
resources, or an internal error. The data is the error code.

Error - 9/10/2009 4:19:22 PM | Computer Name = KING-334DBFDB9F | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
address 00A1B0216C46 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 9/10/2009 8:09:23 PM | Computer Name = KING-334DBFDB9F | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
address 00A1B0216C46 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 9/11/2009 3:33:26 AM | Computer Name = KING-334DBFDB9F | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
address 00A1B0216C46 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 9/11/2009 6:58:34 AM | Computer Name = KING-334DBFDB9F | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
address 00A1B0216C46 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 9/11/2009 11:22:30 AM | Computer Name = KING-334DBFDB9F | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
address 00A1B0216C46 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 9/11/2009 9:00:01 PM | Computer Name = KING-334DBFDB9F | Source = Service Control Manager | ID = 7028
Description = The Cfg Registry key denied access to SYSTEM account programs so the
Service Control Manager took ownership of the Registry key.

Error - 9/12/2009 3:34:59 AM | Computer Name = KING-334DBFDB9F | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
address 00A1B0216C46 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 9/12/2009 7:23:26 AM | Computer Name = KING-334DBFDB9F | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
address 00A1B0216C46 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 9/12/2009 11:15:17 AM | Computer Name = KING-334DBFDB9F | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
address 00A1B0216C46 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).


< End of report >

RootRepeal




ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/09/12 20:59
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: ac97intc.sys
Image Path: C:\windows\system32\drivers\ac97intc.sys
Address: 0xF714A000 Size: 96256 File Visible: - Signed: -
Status: -

Name: ACPI.sys
Image Path: ACPI.sys
Address: 0xF7717000 Size: 187776 File Visible: - Signed: -
Status: -

Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x804D7000 Size: 2189056 File Visible: - Signed: -
Status: -

Name: afd.sys
Image Path: C:\windows\System32\drivers\afd.sys
Address: 0xF5CB1000 Size: 138496 File Visible: - Signed: -
Status: -

Name: agp440.sys
Image Path: agp440.sys
Address: 0xF78B8000 Size: 42368 File Visible: - Signed: -
Status: -

Name: atapi.sys
Image Path: atapi.sys
Address: 0xF76A9000 Size: 98304 File Visible: - Signed: -
Status: -

Name: atapi.sys
Image Path: atapi.sys
Address: 0x00000000 Size: 0 File Visible: - Signed: -
Status: -

Name: ATMFD.DLL
Image Path: C:\windows\System32\ATMFD.DLL
Address: 0xBFFA0000 Size: 286720 File Visible: - Signed: -
Status: -

Name: audstub.sys
Image Path: C:\windows\system32\DRIVERS\audstub.sys
Address: 0xF7EA9000 Size: 3072 File Visible: - Signed: -
Status: -

Name: aw6xexh5.SYS
Image Path: C:\windows\System32\Drivers\aw6xexh5.SYS
Address: 0xF7099000 Size: 421888 File Visible: No Signed: -
Status: -

Name: Beep.SYS
Image Path: C:\windows\System32\Drivers\Beep.SYS
Address: 0xF7DA6000 Size: 4224 File Visible: - Signed: -
Status: -

Name: BOOTVID.dll
Image Path: C:\windows\system32\BOOTVID.dll
Address: 0xF7C78000 Size: 12288 File Visible: - Signed: -
Status: -

Name: Cdfs.SYS
Image Path: C:\windows\System32\Drivers\Cdfs.SYS
Address: 0xF7958000 Size: 63744 File Visible: - Signed: -
Status: -

Name: cdrom.sys
Image Path: C:\windows\system32\DRIVERS\cdrom.sys
Address: 0xF79C8000 Size: 62976 File Visible: - Signed: -
Status: -

Name: CLASSPNP.SYS
Image Path: C:\windows\system32\DRIVERS\CLASSPNP.SYS
Address: 0xF78A8000 Size: 53248 File Visible: - Signed: -
Status: -

Name: disk.sys
Image Path: disk.sys
Address: 0xF7898000 Size: 36352 File Visible: - Signed: -
Status: -

Name: dmio.sys
Image Path: dmio.sys
Address: 0xF76C1000 Size: 153344 File Visible: - Signed: -
Status: -

Name: dmload.sys
Image Path: dmload.sys
Address: 0xF7D6E000 Size: 5888 File Visible: - Signed: -
Status: -

Name: drmk.sys
Image Path: C:\windows\system32\drivers\drmk.sys
Address: 0xF79F8000 Size: 61440 File Visible: - Signed: -
Status: -

Name: dump_atapi.sys
Image Path: C:\windows\System32\Drivers\dump_atapi.sys
Address: 0xF5BB0000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\windows\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7DB4000 Size: 8192 File Visible: No Signed: -
Status: -

Name: Dxapi.sys
Image Path: C:\windows\System32\drivers\Dxapi.sys
Address: 0xF5DBB000 Size: 12288 File Visible: - Signed: -
Status: -

Name: dxg.sys
Image Path: C:\windows\System32\drivers\dxg.sys
Address: 0xBF000000 Size: 73728 File Visible: - Signed: -
Status: -

Name: dxgthk.sys
Image Path: C:\windows\System32\drivers\dxgthk.sys
Address: 0xF7E67000 Size: 4096 File Visible: - Signed: -
Status: -

Name: eamon.sys
Image Path: C:\windows\system32\DRIVERS\eamon.sys
Address: 0xBA4CC000 Size: 770048 File Visible: - Signed: -
Status: -

Name: ehdrv.sys
Image Path: C:\windows\system32\DRIVERS\ehdrv.sys
Address: 0xF5D9A000 Size: 118784 File Visible: - Signed: -
Status: -

Name: epfw.sys
Image Path: C:\windows\system32\DRIVERS\epfw.sys
Address: 0xBA4A9000 Size: 143360 File Visible: - Signed: -
Status: -

Name: Epfwndis.sys
Image Path: C:\windows\system32\DRIVERS\Epfwndis.sys
Address: 0xF7A28000 Size: 45056 File Visible: - Signed: -
Status: -

Name: epfwtdi.sys
Image Path: C:\windows\system32\DRIVERS\epfwtdi.sys
Address: 0xF5CFB000 Size: 77824 File Visible: - Signed: -
Status: -

Name: fdc.sys
Image Path: C:\windows\system32\DRIVERS\fdc.sys
Address: 0xF7BC0000 Size: 27392 File Visible: - Signed: -
Status: -

Name: Fips.SYS
Image Path: C:\windows\System32\Drivers\Fips.SYS
Address: 0xF7918000 Size: 44544 File Visible: - Signed: -
Status: -

Name: flpydisk.sys
Image Path: C:\windows\system32\DRIVERS\flpydisk.sys
Address: 0xF7C08000 Size: 20480 File Visible: - Signed: -
Status: -

Name: fltmgr.sys
Image Path: fltmgr.sys
Address: 0xF7689000 Size: 129792 File Visible: - Signed: -
Status: -

Name: Fs_Rec.SYS
Image Path: C:\windows\System32\Drivers\Fs_Rec.SYS
Address: 0xF7DA4000 Size: 7936 File Visible: - Signed: -
Status: -

Name: ftdisk.sys
Image Path: ftdisk.sys
Address: 0xF76E7000 Size: 125056 File Visible: - Signed: -
Status: -

Name: gameenum.sys
Image Path: C:\windows\system32\DRIVERS\gameenum.sys
Address: 0xF7548000 Size: 10624 File Visible: - Signed: -
Status: -

Name: hal.dll
Image Path: C:\windows\system32\hal.dll
Address: 0x806EE000 Size: 81152 File Visible: - Signed: -
Status: -

Name: HTTP.sys
Image Path: C:\windows\System32\Drivers\HTTP.sys
Address: 0xB7F05000 Size: 264832 File Visible: - Signed: -
Status: -

Name: i8042prt.sys
Image Path: C:\windows\system32\DRIVERS\i8042prt.sys
Address: 0xF79B8000 Size: 52480 File Visible: - Signed: -
Status: -

Name: imapi.sys
Image Path: C:\windows\system32\DRIVERS\imapi.sys
Address: 0xF79E8000 Size: 42112 File Visible: - Signed: -
Status: -

Name: intelide.sys
Image Path: intelide.sys
Address: 0xF7D6C000 Size: 5504 File Visible: - Signed: -
Status: -

Name: ipnat.sys
Image Path: C:\windows\system32\DRIVERS\ipnat.sys
Address: 0xF5BF0000 Size: 152832 File Visible: - Signed: -
Status: -

Name: ipsec.sys
Image Path: C:\windows\system32\DRIVERS\ipsec.sys
Address: 0xF5D67000 Size: 75264 File Visible: - Signed: -
Status: -

Name: isapnp.sys
Image Path: isapnp.sys
Address: 0xF7868000 Size: 37248 File Visible: - Signed: -
Status: -

Name: kbdclass.sys
Image Path: C:\windows\system32\DRIVERS\kbdclass.sys
Address: 0xF7B58000 Size: 24576 File Visible: - Signed: -
Status: -

Name: KDCOM.DLL
Image Path: C:\windows\system32\KDCOM.DLL
Address: 0xF7D68000 Size: 8192 File Visible: - Signed: -
Status: -

Name: kmixer.sys
Image Path: C:\windows\system32\drivers\kmixer.sys
Address: 0xB72A0000 Size: 172416 File Visible: - Signed: -
Status: -

Name: ks.sys
Image Path: C:\windows\system32\DRIVERS\ks.sys
Address: 0xF7186000 Size: 143360 File Visible: - Signed: -
Status: -

Name: KSecDD.sys
Image Path: KSecDD.sys
Address: 0xF7660000 Size: 92928 File Visible: - Signed: -
Status: -

Name: mnmdd.SYS
Image Path: C:\windows\System32\Drivers\mnmdd.SYS
Address: 0xF7DB0000 Size: 4224 File Visible: - Signed: -
Status: -

Name: mouclass.sys
Image Path: C:\windows\system32\DRIVERS\mouclass.sys
Address: 0xF7B50000 Size: 23040 File Visible: - Signed: -
Status: -

Name: MountMgr.sys
Image Path: MountMgr.sys
Address: 0xF7878000 Size: 42368 File Visible: - Signed: -
Status: -

Name: mrxdav.sys
Image Path: C:\windows\system32\DRIVERS\mrxdav.sys
Address: 0xB9984000 Size: 180608 File Visible: - Signed: -
Status: -

Name: mrxsmb.sys
Image Path: C:\windows\system32\DRIVERS\mrxsmb.sys
Address: 0xF5C16000 Size: 455296 File Visible: - Signed: -
Status: -

Name: Msfs.SYS
Image Path: C:\windows\System32\Drivers\Msfs.SYS
Address: 0xF7C20000 Size: 19072 File Visible: - Signed: -
Status: -

Name: msgpc.sys
Image Path: C:\windows\system32\DRIVERS\msgpc.sys
Address: 0xF7A68000 Size: 35072 File Visible: - Signed: -
Status: -

Name: mssmbios.sys
Image Path: C:\windows\system32\DRIVERS\mssmbios.sys
Address: 0xF7528000 Size: 15488 File Visible: - Signed: -
Status: -

Name: Mup.sys
Image Path: Mup.sys
Address: 0xF758C000 Size: 105344 File Visible: - Signed: -
Status: -

Name: NDIS.sys
Image Path: NDIS.sys
Address: 0xF75A6000 Size: 182656 File Visible: - Signed: -
Status: -

Name: ndistapi.sys
Image Path: C:\windows\system32\DRIVERS\ndistapi.sys
Address: 0xF7544000 Size: 10112 File Visible: - Signed: -
Status: -

Name: ndisuio.sys
Image Path: C:\windows\system32\DRIVERS\ndisuio.sys
Address: 0xBA5B4000 Size: 14592 File Visible: - Signed: -
Status: -

Name: ndiswan.sys
Image Path: C:\windows\system32\DRIVERS\ndiswan.sys
Address: 0xF7046000 Size: 91520 File Visible: - Signed: -
Status: -

Name: NDProxy.SYS
Image Path: C:\windows\System32\Drivers\NDProxy.SYS
Address: 0xF7A98000 Size: 40576 File Visible: - Signed: -
Status: -

Name: netbios.sys
Image Path: C:\windows\system32\DRIVERS\netbios.sys
Address: 0xF7908000 Size: 34688 File Visible: - Signed: -
Status: -

Name: netbt.sys
Image Path: C:\windows\system32\DRIVERS\netbt.sys
Address: 0xF5CD3000 Size: 162816 File Visible: - Signed: -
Status: -

Name: Npfs.SYS
Image Path: C:\windows\System32\Drivers\Npfs.SYS
Address: 0xF7C28000 Size: 30848 File Visible: - Signed: -
Status: -

Name: Ntfs.sys
Image Path: Ntfs.sys
Address: 0xF75D3000 Size: 574976 File Visible: - Signed: -
Status: -

Name: ntoskrnl.exe
Image Path: C:\windows\system32\ntoskrnl.exe
Address: 0x804D7000 Size: 2189056 File Visible: - Signed: -
Status: -

Name: Null.SYS
Image Path: C:\windows\System32\Drivers\Null.SYS
Address: 0xF7F5D000 Size: 2944 File Visible: - Signed: -
Status: -

Name: nv4_disp.dll
Image Path: C:\windows\System32\nv4_disp.dll
Address: 0xBF012000 Size: 3928064 File Visible: - Signed: -
Status: -

Name: nv4_mini.sys
Image Path: C:\windows\system32\DRIVERS\nv4_mini.sys
Address: 0xF71BD000 Size: 3532928 File Visible: - Signed: -
Status: -

Name: parport.sys
Image Path: C:\windows\system32\DRIVERS\parport.sys
Address: 0xF705D000 Size: 80128 File Visible: - Signed: -
Status: -

Name: PartMgr.sys
Image Path: PartMgr.sys
Address: 0xF7AF0000 Size: 19712 File Visible: - Signed: -
Status: -

Name: ParVdm.SYS
Image Path: C:\windows\System32\Drivers\ParVdm.SYS
Address: 0xF7D8A000 Size: 6784 File Visible: - Signed: -
Status: -

Name: pci.sys
Image Path: pci.sys
Address: 0xF7706000 Size: 68224 File Visible: - Signed: -
Status: -

Name: PCI_NTPNP2864
Image Path: \Driver\PCI_NTPNP2864
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: PCIIDEX.SYS
Image Path: C:\windows\system32\DRIVERS\PCIIDEX.SYS
Address: 0xF7AE8000 Size: 28672 File Visible: - Signed: -
Status: -

Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x804D7000 Size: 2189056 File Visible: - Signed: -
Status: -

Name: portcls.sys
Image Path: C:\windows\system32\drivers\portcls.sys
Address: 0xF7126000 Size: 147456 File Visible: - Signed: -
Status: -

Name: processr.sys
Image Path: C:\windows\system32\DRIVERS\processr.sys
Address: 0xF79A8000 Size: 35840 File Visible: - Signed: -
Status: -

Name: psched.sys
Image Path: C:\windows\system32\DRIVERS\psched.sys
Address: 0xF7035000 Size: 69120 File Visible: - Signed: -
Status: -

Name: ptilink.sys
Image Path: C:\windows\system32\DRIVERS\ptilink.sys
Address: 0xF7BD8000 Size: 17792 File Visible: - Signed: -
Status: -

Name: rasacd.sys
Image Path: C:\windows\system32\DRIVERS\rasacd.sys
Address: 0xF5DFB000 Size: 8832 File Visible: - Signed: -
Status: -

Name: rasl2tp.sys
Image Path: C:\windows\system32\DRIVERS\rasl2tp.sys
Address: 0xF7A38000 Size: 51328 File Visible: - Signed: -
Status: -

Name: raspppoe.sys
Image Path: C:\windows\system32\DRIVERS\raspppoe.sys
Address: 0xF7A48000 Size: 41472 File Visible: - Signed: -
Status: -

Name: raspptp.sys
Image Path: C:\windows\system32\DRIVERS\raspptp.sys
Address: 0xF7A58000 Size: 48384 File Visible: - Signed: -
Status: -

Name: raspti.sys
Image Path: C:\windows\system32\DRIVERS\raspti.sys
Address: 0xF7BE0000 Size: 16512 File Visible: - Signed: -
Status: -

Name: RAW
Image Path: \FileSystem\RAW
Address: 0x804D7000 Size: 2189056 File Visible: - Signed: -
Status: -

Name: rdbss.sys
Image Path: C:\windows\system32\DRIVERS\rdbss.sys
Address: 0xF5C86000 Size: 175744 File Visible: - Signed: -
Status: -

Name: RDPCDD.sys
Image Path: C:\windows\System32\DRIVERS\RDPCDD.sys
Address: 0xF7DB2000 Size: 4224 File Visible: - Signed: -
Status: -

Name: rdpdr.sys
Image Path: C:\windows\system32\DRIVERS\rdpdr.sys
Address: 0xF6F65000 Size: 196224 File Visible: - Signed: -
Status: -

Name: redbook.sys
Image Path: C:\windows\system32\DRIVERS\redbook.sys
Address: 0xF79D8000 Size: 57600 File Visible: - Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\windows\system32\drivers\rootrepeal.sys
Address: 0xB7230000 Size: 49152 File Visible: No Signed: -
Status: -

Name: SCSIPORT.SYS
Image Path: C:\windows\System32\Drivers\SCSIPORT.SYS
Address: 0xF7745000 Size: 98304 File Visible: - Signed: -
Status: -

Name: serenum.sys
Image Path: C:\windows\system32\DRIVERS\serenum.sys
Address: 0xF754C000 Size: 15744 File Visible: - Signed: -
Status: -

Name: serial.sys
Image Path: C:\windows\system32\DRIVERS\serial.sys
Address: 0xF7A18000 Size: 64512 File Visible: - Signed: -
Status: -

Name: slnt.sys
Image Path: C:\windows\system32\DRIVERS\slnt.sys
Address: 0xF7B48000 Size: 17952 File Visible: - Signed: -
Status: -

Name: sptd.sys
Image Path: sptd.sys
Address: 0xF775D000 Size: 958464 File Visible: - Signed: -
Status: -

Name: sr.sys
Image Path: sr.sys
Address: 0xF7677000 Size: 73472 File Visible: - Signed: -
Status: -

Name: srv.sys
Image Path: C:\windows\system32\DRIVERS\srv.sys
Address: 0xB9557000 Size: 333952 File Visible: - Signed: -
Status: -

Name: swenum.sys
Image Path: C:\windows\system32\DRIVERS\swenum.sys
Address: 0xF7D82000 Size: 4352 File Visible: - Signed: -
Status: -

Name: sysaudio.sys
Image Path: C:\windows\system32\drivers\sysaudio.sys
Address: 0xBA349000 Size: 60800 File Visible: - Signed: -
Status: -

Name: tcpip.sys
Image Path: C:\windows\system32\DRIVERS\tcpip.sys
Address: 0xF5D0E000 Size: 361600 File Visible: - Signed: -
Status: -

Name: TDI.SYS
Image Path: C:\windows\system32\DRIVERS\TDI.SYS
Address: 0xF7BC8000 Size: 20480 File Visible: - Signed: -
Status: -

Name: termdd.sys
Image Path: C:\windows\system32\DRIVERS\termdd.sys
Address: 0xF7A88000 Size: 40704 File Visible: - Signed: -
Status: -

Name: update.sys
Image Path: C:\windows\system32\DRIVERS\update.sys
Address: 0xF6F07000 Size: 384768 File Visible: - Signed: -
Status: -

Name: USBD.SYS
Image Path: C:\windows\system32\DRIVERS\USBD.SYS
Address: 0xF7D96000 Size: 8192 File Visible: - Signed: -
Status: -

Name: usbhub.sys
Image Path: C:\windows\system32\DRIVERS\usbhub.sys
Address: 0xF7AD8000 Size: 59520 File Visible: - Signed: -
Status: -

Name: USBPORT.SYS
Image Path: C:\windows\system32\DRIVERS\USBPORT.SYS
Address: 0xF7162000 Size: 147456 File Visible: - Signed: -
Status: -

Name: usbuhci.sys
Image Path: C:\windows\system32\DRIVERS\usbuhci.sys
Address: 0xF7B60000 Size: 20608 File Visible: - Signed: -
Status: -

Name: vga.sys
Image Path: C:\windows\System32\drivers\vga.sys
Address: 0xF7C18000 Size: 20992 File Visible: - Signed: -
Status: -

Name: VIDEOPRT.SYS
Image Path: C:\windows\system32\DRIVERS\VIDEOPRT.SYS
Address: 0xF71A9000 Size: 81920 File Visible: - Signed: -
Status: -

Name: VolSnap.sys
Image Path: VolSnap.sys
Address: 0xF7888000 Size: 52352 File Visible: - Signed: -
Status: -

Name: wanarp.sys
Image Path: C:\windows\system32\DRIVERS\wanarp.sys
Address: 0xF7938000 Size: 34560 File Visible: - Signed: -
Status: -

Name: watchdog.sys
Image Path: C:\windows\System32\watchdog.sys
Address: 0xF7C38000 Size: 20480 File Visible: - Signed: -
Status: -

Name: wdmaud.sys
Image Path: C:\windows\system32\drivers\wdmaud.sys
Address: 0xB9947000 Size: 83072 File Visible: - Signed: -
Status: -

Name: Win32k
Image Path: \Driver\Win32k
Address: 0xBF800000 Size: 1847296 File Visible: - Signed: -
Status: -

Name: win32k.sys
Image Path: C:\windows\System32\win32k.sys
Address: 0xBF800000 Size: 1847296 File Visible: - Signed: -
Status: -

Name: WMILIB.SYS
Image Path: C:\windows\System32\Drivers\WMILIB.SYS
Address: 0xF7D6A000 Size: 8192 File Visible: - Signed: -
Status: -

Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x804D7000 Size: 2189056 File Visible: - Signed: -
Status: -

Name: ws2ifsl.sys
Image Path: C:\windows\System32\drivers\ws2ifsl.sys
Address: 0xF5DF7000 Size: 12032 File Visible: - Signed: -
Status: -



this is another report from rootreapeal , this one is from the first scan when you told me to click on report.


ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/09/12 21:14
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: aw6xexh5.SYS
Image Path: C:\windows\System32\Drivers\aw6xexh5.SYS
Address: 0xF7099000 Size: 421888 File Visible: No Signed: -
Status: -

Name: dump_atapi.sys
Image Path: C:\windows\System32\Drivers\dump_atapi.sys
Address: 0xF5BB0000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\windows\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7DB4000 Size: 8192 File Visible: No Signed: -
Status: -

Name: PCI_NTPNP2864
Image Path: \Driver\PCI_NTPNP2864
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\windows\system32\drivers\rootrepeal.sys
Address: 0xB749B000 Size: 49152 File Visible: No Signed: -
Status: -

SSDT
-------------------
#: 019 Function Name: NtAssignProcessToJobObject
Status: Hooked by "<unknown>" at address 0x83123630

#: 041 Function Name: NtCreateKey
Status: Hooked by "sptd.sys" at address 0xf775e0d0

#: 071 Function Name: NtEnumerateKey
Status: Hooked by "sptd.sys" at address 0xf7763fb2

#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "sptd.sys" at address 0xf7764340

#: 119 Function Name: NtOpenKey
Status: Hooked by "sptd.sys" at address 0xf775e0b0

#: 122 Function Name: NtOpenProcess
Status: Hooked by "<unknown>" at address 0x83122a60

#: 128 Function Name: NtOpenThread
Status: Hooked by "<unknown>" at address 0x83122e80

#: 160 Function Name: NtQueryKey
Status: Hooked by "sptd.sys" at address 0xf7764418

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "sptd.sys" at address 0xf7764298

#: 247 Function Name: NtSetValueKey
Status: Hooked by "sptd.sys" at address 0xf77644aa

#: 253 Function Name: NtSuspendProcess
Status: Hooked by "<unknown>" at address 0x83123460

#: 254 Function Name: NtSuspendThread
Status: Hooked by "<unknown>" at address 0x83123280

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "<unknown>" at address 0x83122c90

#: 258 Function Name: NtTerminateThread
Status: Hooked by "<unknown>" at address 0x831230b0

==EOF==
  • 0

#4
azarl
Posted 13 September 2009 - 05:17 AM

azarl

    GeekU Admin

  • Community Leader
  • 25,310 posts
Hi blink10

A few questions first:
  • When you say you used "backup recovery", could you explain what you did.
  • Where do you get the messages about boot.ini and kaspersky being corrupt? Is there anything to say what application is producing this message?
  • Can you confirm that you still have all the symptoms even after running ComboFix?
  • What Icons disappear? Is the same ones every time?

Step 1
  • Make sure to use Internet Explorer for this
  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:

    • C:\windows\System32\Drivers\aw6xexh5.SYS
  • Click on the Upload button
  • If a pop-up appears saying the file has been scanned already, please select the ReScan button.
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.

Step 2
Download GMER from Here. Note the file's name and save it to your root folder, such as C:\.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "No", save the log and post back the results.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.
Step 3
Download avz4.zip from HERE
  • Unzip it to your desktop to a folder named avz4
  • Double click on AVZ.exe to run it.
  • Run an update by clicking the Auto Update button on the Right of the Log window: Posted Image
  • Click Start to begin the update
Note: If you receive an error message, chose a different source, then click Start again


  • Start AVZ.
  • Choose from the menu "File" => "Standard scripts " and mark the "Advanced System Analysis with malware removal mode enabled" check box.
    Posted Image
  • Click on the “Execute selected scripts”.
  • Automatic scanning, healing and system check will be executed.
  • A logfile (avz_sysinfo.htm) will be created and saved in the LOG folder in the AVZ directory as virusinfo_syscure.zip.
  • It is necessary to reboot your machine, because AVZ might disturb some program operations (like antiviruses and firewall) during the system scan.
  • All applications will work properly after the system restart.

When restarted

  • Start AVZ.
  • Choose from the menu "File" => "Standard scripts " and mark the “Advanced System Analysis" check box.
    Posted Image
  • Click on the "Execute selected scripts".
  • A system check will be automatically performed, and the created logfile (avz_sysinfo.htm) will be saved in the LOG folder in the AVZ directory as virusinfo_syscheck.zip.

Attach both virusinfo_syscure.zip and virusinfo_syscheck.zip to your next post

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post

  • 0

#5
blink10
Posted 13 September 2009 - 08:41 AM

blink10

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 225 posts
The incidents regarding these questions happened before i formatted my C: I currently use Nod ESET security on a service pack 3 and invalid boot.ini message appeared again.

However i will answer your questions


*QUote*
•When you say you used "backup recovery", could you explain what you did.
•Where do you get the messages about boot.ini and kaspersky being corrupt? Is there anything to say what application is producing this message?
•Can you confirm that you still have all the symptoms even after running ComboFix?
•What Icons disappear? Is the same ones every time?

1-I used backup recovery by using a file that created a month before containing system state only. Of course it did nothing

2-invalid boot message comes when i boot my pc i see it against a black background followed by booting from C:\windows and then the windows xp logo appears. As for kaspersky message it came from kaspers itself , he comes saying its components are corrupted and the key is blacklisted eventhough i was on trial.To solve this problem i activated the trial version and updated kaspersky but after a few minutes real time protection stops working and then it quits working. This whole process started everytime I booted.

3- Combofix didnt do a thing about thses symptoms but i have to say i didnt try combofix on this recent version that i am using right now.

4-About 15 shortcuts disappeared from desktop and some of them were Nero 7 files.
I also remeber that kaspersky (when it was working after the update) told me that Nero is trying to shut down the operating system.

The icons that disappeared never came back again and i dont know most of them.


As for your steps , i tried step 1 and it didnt work because:
1-i cant copy file path into the "Suspicious files to scan" and i dont know why.
2-I ran rootreapeal again and realized that file changed its name to as23wudj.sys and i cant search for it or find it using browser and i used rootreappeal to enter properties but it said file is not on disk.

I dont know if i should try the other steps now, what do you think?
  • 0

#6
azarl
Posted 13 September 2009 - 08:50 AM

azarl

    GeekU Admin

  • Community Leader
  • 25,310 posts
Hi blink10

Please continue with steps 2 and 3. Ignore that file for now.

Thanks
  • 0

#7
blink10
Posted 13 September 2009 - 01:02 PM

blink10

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 225 posts
Attached File  virusinfo_syscheck.zip   22.83KB   159 downloadsAttached File  virusinfo_syscure.zip   24.34KB   225 downloads

GMER Reports: it didnt prompt me but there was a report containing a few processes when it opened so here it is:

GMER 1.0.15.15077 [wbj9fpmi.exe] - http://www.gmer.net
Rootkit quick scan 2009-09-13 18:04:34
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

SSDT sptd.sys ZwEnumerateKey [0xF7763FB2]
SSDT sptd.sys ZwEnumerateValueKey [0xF7764340]

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 837DC1E8

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)

Device \FileSystem\Fastfat \Fat 82E3D1E8

AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)

---- Threads - GMER 1.0.15 ----

Thread System [4:576] 8315D790

---- EOF - GMER 1.0.15 ----





Results.log


GMER 1.0.15.15077 [wbj9fpmi.exe] - http://www.gmer.net
Rootkit scan 2009-09-13 21:14:14
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

SSDT 8315F630 ZwAssignProcessToJobObject
SSDT sptd.sys ZwCreateKey [0xF775E0D0]
SSDT sptd.sys ZwEnumerateKey [0xF7763FB2]
SSDT sptd.sys ZwEnumerateValueKey [0xF7764340]
SSDT sptd.sys ZwOpenKey [0xF775E0B0]
SSDT 8315EA60 ZwOpenProcess
SSDT 8315EE80 ZwOpenThread
SSDT sptd.sys ZwQueryKey [0xF7764418]
SSDT sptd.sys ZwQueryValueKey [0xF7764298]
SSDT sptd.sys ZwSetValueKey [0xF77644AA]
SSDT 8315F460 ZwSuspendProcess
SSDT 8315F280 ZwSuspendThread
SSDT 8315EC90 ZwTerminateProcess
SSDT 8315F0B0 ZwTerminateThread

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 234 804E2890 4 Bytes JMP DEF58315
? C:\windows\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
.text USBPORT.SYS!DllUnload F71548AC 5 Bytes JMP 835261C8
? System32\Drivers\as23wudj.SYS The system cannot find the path specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[2032] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 00]

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \windows\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!IoConnectInterrupt] [F777506C] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F7775018] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F77979AE] sptd.sys
IAT atapi.sys[ntoskrnl.exe!IoConnectInterrupt] [F777506C] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F775EAD4] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F775EC1A] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F775EB9C] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F775F748] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F775F61E] sptd.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F777429A] sptd.sys

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 837DC1E8

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)

Device \FileSystem\Fastfat \FatCdrom 82E3D1E8

AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)

Device \Driver\usbuhci \Device\USBPDO-0 835251E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8376C1E8
Device \Driver\dmio \Device\DmControl\DmConfig 8376C1E8
Device \Driver\dmio \Device\DmControl\DmPnP 8376C1E8
Device \Driver\dmio \Device\DmControl\DmInfo 8376C1E8
Device \Driver\usbuhci \Device\USBPDO-1 835251E8

AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)

Device \Driver\Ftdisk \Device\HarddiskVolume1 837DE1E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 837DE1E8
Device \Driver\Cdrom \Device\CdRom0 835B91E8
Device \Driver\Cdrom \Device\CdRom1 835B91E8
Device \Driver\Cdrom \Device\CdRom2 835B91E8
Device \Driver\Cdrom \Device\CdRom3 835B91E8
Device \Driver\NetBT \Device\NetBt_Wins_Export 832F3500
Device \Driver\PCI_NTPNP5248 \Device\0000003e sptd.sys
Device \Driver\NetBT \Device\NetbiosSmb 832F3500

AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)

Device \Driver\usbuhci \Device\USBFDO-0 835251E8
Device \Driver\usbuhci \Device\USBFDO-1 835251E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8353F790
Device \Driver\NetBT \Device\NetBT_Tcpip_{3D4839E1-CFAA-4F93-AE2C-E5150AE37F32} 832F3500
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8353F790
Device \Driver\Ftdisk \Device\FtControl 837DE1E8
Device \Driver\as23wudj \Device\Scsi\as23wudj1 8350E1E8
Device \Driver\as23wudj \Device\Scsi\as23wudj1Port2Path0Target0Lun0 8350E1E8
Device \Driver\as23wudj \Device\Scsi\as23wudj1Port2Path0Target1Lun0 8350E1E8
Device \FileSystem\Fastfat \Fat 82E3D1E8

AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET)

Device \FileSystem\Cdfs \Cdfs 83631388

---- Threads - GMER 1.0.15 ----

Thread System [4:576] 8315D790

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x20 0x12 0xC6 0xB9 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xEC 0x25 0xDC 0xBE ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x26 0xA1 0x03 0x74 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x36 0xCD 0x35 0x13 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x20 0x12 0xC6 0xB9 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xEC 0x25 0xDC 0xBE ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x26 0xA1 0x03 0x74 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x36 0xCD 0x35 0x13 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x20 0x12 0xC6 0xB9 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xEC 0x25 0xDC 0xBE ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x26 0xA1 0x03 0x74 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x36 0xCD 0x35 0x13 ...

---- EOF - GMER 1.0.15 ----
Thanks :)
  • 0

#8
blink10
Posted 14 September 2009 - 09:20 AM

blink10

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 225 posts
could you guys help me a little bit quicker? It started deleting registry files for interent download manager and God knows what else. It reminds me of last time. I dont know if I can keep it together any longer :)
  • 0

#9
azarl
Posted 14 September 2009 - 01:35 PM

azarl

    GeekU Admin

  • Community Leader
  • 25,310 posts
Hi Blink 10

Step 1
Remove Nero
Please go to Start > Control Panel > Add/Remove Programs and remove Nero 7

If you have the install disks or software than you can reinstall it after we've finished with the cleanup. Please ensure that you got this software from a reliable source, if you're not certain, then I would advise against reinstalling

Step 2
Multiple anti-viruses running
You have both Eset and Kaspersky installed on your PC. This will cause conflicts and poor performance. Please select just one to keep and uninstall the other using the Add/Remove programs section of the the Control Panel

Step3
System File Check
Click Start > Run and type Cmd
When the command window opens click in it and type SFC /scannow {enter}
Wait until SFC finishes. this may take some time

Step 4
Kaspersky Scanner
Please do an online scan with Kaspersky WebScanner

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure the following is checked.
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.

Step 5
Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Please let me know how you got on and post the logs from MBAM and Kaspersky
  • 0

#10
blink10
Posted 14 September 2009 - 03:57 PM

blink10

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 225 posts
i did the first 3 steps, as for kasper online scanner, i tried it last time and took 6 hours and found nothing, can i skip that step?
  • 0

Advertisements

#11
azarl
Posted 15 September 2009 - 01:23 AM

azarl

    GeekU Admin

  • Community Leader
  • 25,310 posts

It started deleting registry files for interent download manager and God knows what else.

What files is it actually deleting and how do know it is?



i did the first 3 steps, as for kasper online scanner, i tried it last time and took 6 hours and found nothing, can i skip that step?

I wouldn't advise skipping this step, there's a reason for everything above.
  • 0

#12
blink10
Posted 15 September 2009 - 08:40 AM

blink10

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 225 posts
Malwarebytes' Anti-Malware 1.41
Database version: 2803
Windows 5.1.2600 Service Pack 3

9/15/2009 5:12:12 PM
mbam-log-2009-09-15 (17-12-12).txt

Scan type: Quick Scan
Objects scanned: 87090
Time elapsed: 7 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



As for kaspersky, the scan lagged and stopped completely at 27 percent after it finished scanning c:, no infections were found.

I tried file assaassin in malewarebytes to delete the strange file but it asked for restart and naturally the file changed its name.


IDM registration was deleted somehow like it was never registered.

when I did cmd command , it told me dll files were corrupted and need windows xp cd and it repaired the files. However i think the process of corruption is repeated everytime i restart because thats what happens to boot.ini when i fix it.
  • 0

#13
azarl
Posted 15 September 2009 - 12:42 PM

azarl

    GeekU Admin

  • Community Leader
  • 25,310 posts
Hi blink10,

Please do not attempt to delete any files or run other tools until we get this sorted. We're following a logical process to get your system working. Running other tools could damage, or may even have already damaged, your operating system.

We'll try a different online scanner next, but I think we may be looking at a repair install.

ESET Scanner
Please run a free online scan with the ESET Online Scanner
Note: Use Internet Explorer for this scan. (If you need to use Firefox or Opera, click on the download icon to download the ESET Installer and save to your desktop. When the download is complete double-click on the icon on the desktop.)
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

  • 0

#14
blink10
Posted 16 September 2009 - 09:17 AM

blink10

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 225 posts
Hi AZARL

Here it is



ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=6
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6050
# api_version=3.0.2
# EOSSerial=b534c0067dc255428e42a1c0ff618e17
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-09-16 11:50:54
# local_time=2009-09-16 02:50:54 (+0200, Egypt Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=8202 21 100 100 88685472784
# scanned=97573
# found=0
# cleaned=0
# scan_time=3004
# nod_component=V3 Build:0x30000000
  • 0

#15
azarl
Posted 16 September 2009 - 01:46 PM

azarl

    GeekU Admin

  • Community Leader
  • 25,310 posts
Hi blink10

Whatever was on your system is now gone. We'll clean up what we've used first and then look at other options.

Step 1
Clear Cache/Temp Files
Download TFC by OldTimer to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.
We'll move on to the cleanup now. There's quite A bit to do here, just take your time

Step 2
Follow these steps to uninstall Combofix and tools used in the removal of malware
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    Posted Image

Step 3
A good workman always cleans up after himself so..Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself. MBAM can be uninstalled via control panel add/remove along with ERUNT. But they may be useful tools to keep

Step 4
We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.
Step 5
Create New System Restore Point and Clear Earlier Ones
Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:
  • Select Start > All Programs > Accessories > System tools > System Restore.
  • On the dialogue box that appears select Create a Restore Point
  • Click NEXT
  • Enter a name e.g. Clean
  • Click CREATE
You now have a clean restore point, to get rid of the bad ones:
  • Select Start > All Programs > Accessories > System tools > Disk Cleanup.
  • In the Drop down box that appears select your main drive e.g. C
  • Click OK
  • The System will do some calculation and the display a dialogue box with TABS
  • Select the More Options Tab.
  • At the bottom will be a system restore box with a CLEANUP button click this
  • Accept the Warning and select OK again, the program will close and you are done
Step 6
Java Update
Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

Peer-to-Peer (P2P) programs.
I notice you are running uTorrent, a file sharing, Peer-to-Peer program. Files downloaded in this manner frequently contain security risks such as viruses, spyware, and other unwanted software. Even a file that appears legitimate could be a virus in disguise. It's likely that you have been infected through this method and for this reason, I would recommend you uninstall it. If you decide not to, then please do not use P2P while we are fixing your problem.

If you do decide to take my advice, you can uninstall it through the control panel.

Finally, check your system out. If you are still experiencing problems, it is likely than any infection you had has damaged your system files. We can probably repair these with a repair install. Please come back to me if you are experiencing problems and would like to do that.

Preventing re-infection
Now that your system is clear, there are a number of steps you can take to prevent re-infection

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.Download SpywareBlaster
MVPS Hosts File - Blocks known bad sites by adding them to your Hosts file thereby preventing you from accessing them Download MVPS
Anti Spyware Program - We recommend MalwareBytes Anti-Malware and SUPERAntiSpyware
TFC (Temp File Cleaner)- Cleans an enormous amount of junk held in temporary files and disposes of any malware lurking there. Download TFC
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP