oogee
Members-
Posts
4 -
Joined
-
Last visited
Reputation
0 Neutral-
Need quick help after malware clean up please...
oogee replied to oogee's topic in Resolved Malware Removal Logs
I know it's a lot to read, but any insight on how I can fix the API locked applications would be great if they're something that I should actually worry about or not...the rootkit did some odd damage after it was removed. -
Need quick help after malware clean up please...
oogee replied to oogee's topic in Resolved Malware Removal Logs
DSS Log DDS (Ver_09-07-30.01) - NTFSx86 Run by Owner at 11:13:40.96 on 12/09/2009 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3582.2929 [GMT -7:00] AV: avast! antivirus 4.8.1351 [VPS 090912-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} ============== Running Processes =============== C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\TortoiseSVN\bin\TSVNCache.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE svchost.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\Program Files\Webroot\Washer\WasherSvc.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Owner\My Documents\Downloads\Security + Protetion\RootRepeal.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Owner\My Documents\Downloads\dds.scr ============== Pseudo HJT Report =============== uStart Page = about:blank uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - BHO: 1 (0x1): {02478d38-c3f9-4efb-9b51-7695eca05670} - Yahoo! Toolbar Helper BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll TB: Zend Studio: {95188727-288f-4581-a48d-eab3bd027314} - c:\progra~1\zend\zendst~1.2\toolbars\ZENDIE~1.DLL EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /install mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [EVGAPrecision] "c:\program files\evga precision\EVGAPrecision.exe" /s mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000 IE: Open using &Advanced JPEG Compressor - c:\program files\advanced jpeg compressor\ajcieex.htm IE: Sothink SWF Catcher - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm IE: Zend Studio - Debug current page - c:\program files\zend\zend studio for eclipse - 6.1.2\toolbars\ZendIEToolbar.dll/DebugCurrent.html IE: Zend Studio - Debug next page - c:\program files\zend\zend studio for eclipse - 6.1.2\toolbars\ZendIEToolbar.dll/DebugNext.html IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - c:\program files\winhttrack\WinHTTrackIEBar.dll IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL IE: {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - {95188727-288F-4581-A48D-EAB3BD027314} - c:\progra~1\zend\zendst~1.2\toolbars\ZENDIE~1.DLL DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} - hxxp://www.creative.com/su/ocx/15031/CTSUEng.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204 DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.srtest.com/srl_bin/sysreqlab3.cab DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} - hxxp://webserver.dyyno.com/tng/dyyno-client/DyynoCAB.CAB DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.systemrequirementslab.com/sysreqlab2.cab DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab DPF: {6CE31B8D-8340-4DBD-B78E-BF59620924DC} - hxxp://www.quest3d.com/webplugin/download/quest3dactivex2.cab DPF: {7D4733C0-C43B-4A81-AF43-F9B20D1F8348} - hxxp://www.octoshape.com/test/ax/octoshape.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://crucial.com/controls/cpcScanner.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/softwareupdate/su/ocx/15106/CTPID.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll AppInit_DLLs: c:\windows\system32\acaptuser32.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\pnpftflf.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2272238&SearchSource=3&q={searchTerms} FF - plugin: c:\documents and settings\owner\application data\mozilla\plugins\npoctoshape.dll FF - plugin: c:\documents and settings\owner\local settings\application data\google\update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\program files\dyyno\dyyno player\npvlc.dll FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll FF - plugin: c:\program files\octoshape streaming services\owner\octoprogram-l03-nms0806260_sua_000\npoctoshape.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ ---- FIREFOX POLICIES ---- FF - user.js: zend.ZDE_Path - c:\program files\zend\zend studio for eclipse - 6.1.2\ZendStudio.exe c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false); c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200); c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess"); c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120); c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3); c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true); c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true); c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0); c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072); c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json"); ============= SERVICES / DRIVERS =============== R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-8-29 28544] R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2009-8-29 22024] R0 pxsec;pxsec;c:\windows\system32\drivers\pxsec.sys [2009-8-29 27656] R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-9-6 114768] R1 PsSdk41;PsSdk41;c:\windows\system32\drivers\pssdk41.sys [2008-7-6 36928] R1 PsSdkLBF;PsSdkLBF;c:\windows\system32\drivers\pssdklbf.sys [2008-7-6 53312] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-8-5 74480] R1 ts_lb;ts_lb;c:\windows\system32\drivers\ts_lb.sys [2008-7-6 24096] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-9-6 20560] R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-9-6 138680] R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2009-3-7 10384] R2 wwEngineSvc;Window Washer Engine;c:\program files\webroot\washer\WasherSvc.exe [2008-4-13 598856] R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-9-6 352920] R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2008-8-21 99352] R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2008-8-21 555032] R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2008-8-21 566296] S2 uhjm;uhjm;c:\windows\system32\drivers\kmgfbnxb.sys --> c:\windows\system32\drivers\kmgfbnxb.sys [?] S3 9e21E;9e21E;c:\windows\system32\9e21E.sys [2009-8-30 54624] S3 Apache2.2;Apache2.2;c:\www\apache22\bin\httpd.exe [2008-1-14 24631] S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-9-6 254040] S3 b2849;b2849;c:\windows\system32\b2849.sys [2009-8-30 54624] S3 c0119;c0119;c:\windows\system32\c0119.sys [2009-8-30 54624] S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2008-8-21 99352] S3 copy2ofrp;copy2ofrp;c:\windows\system32\drivers\copy2ofrp.sys [2009-8-30 34816] S3 copy3ofrp;copy3ofrp;c:\windows\system32\drivers\copy3ofrp.sys [2009-8-30 34816] S3 copy4ofrp;copy4ofrp;c:\windows\system32\drivers\copy4ofrp.sys [2009-8-30 34816] S3 copy5ofrp;copy5ofrp;c:\windows\system32\drivers\copy5ofrp.sys [2009-8-30 34816] S3 copyofrp;copyofrp;c:\windows\system32\drivers\copyofrp.sys [2009-8-30 34816] S3 cpuz129;cpuz129;\??\c:\docume~1\owner\locals~1\temp\cpuz_x32.sys --> c:\docume~1\owner\locals~1\temp\cpuz_x32.sys [?] S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2008-8-21 555032] S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2008-8-21 100888] S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2008-8-21 100888] S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2008-8-21 566296] S3 CV2K1;CommView Network Monitor;c:\windows\system32\drivers\cv2k1.sys [2008-7-6 19240] S3 foot;foot;c:\windows\system32\drivers\foot.sys [2009-8-30 34816] S3 LtcyCfgWDM;PCI Latency Tool Driver Service;c:\windows\system32\drivers\LtcyCfgWDM.sys [2005-12-26 6656] S3 MarkFun_NT;MarkFun_NT;c:\program files\gigabyte\et5\MARKFUN.W32 [2009-1-10 17912] S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\10.tmp --> c:\windows\system32\10.tmp [?] S3 rspSanity;rspSanity;c:\windows\system32\drivers\rspSanity32.sys [2009-8-30 30136] S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-8-5 7408] S3 SecureSrv;SecureSrv;c:\program files\hide my ip 2009\SecureSrv.exe [2009-3-8 536896] S4 ATZO;ATZO;c:\docume~1\owner\locals~1\temp\atzo.exe --> c:\docume~1\owner\locals~1\temp\ATZO.exe [?] S4 AVYTBJJMCCA;AVYTBJJMCCA;c:\docume~1\owner\locals~1\temp\avytbjjmcca.exe --> c:\docume~1\owner\locals~1\temp\AVYTBJJMCCA.exe [?] S4 CSIScanner;CSIScanner;"c:\program files\prevx\prevx.exe" /service --> c:\program files\prevx\prevx.exe [?] S4 D;D;c:\docume~1\owner\locals~1\temp\d.exe --> c:\docume~1\owner\locals~1\temp\D.exe [?] S4 DPUK;DPUK;c:\docume~1\owner\locals~1\temp\dpuk.exe --> c:\docume~1\owner\locals~1\temp\DPUK.exe [?] S4 KIG;KIG;c:\docume~1\owner\locals~1\temp\kig.exe --> c:\docume~1\owner\locals~1\temp\KIG.exe [?] S4 QLEOLYTKCKZRF;QLEOLYTKCKZRF;c:\docume~1\owner\locals~1\temp\qleolytkckzrf.exe --> c:\docume~1\owner\locals~1\temp\QLEOLYTKCKZRF.exe [?] S4 QPKTDICDANJA;QPKTDICDANJA;c:\docume~1\owner\locals~1\temp\qpktdicdanja.exe --> c:\docume~1\owner\locals~1\temp\QPKTDICDANJA.exe [?] S4 RVQDJY;RVQDJY;c:\docume~1\owner\locals~1\temp\rvqdjy.exe --> c:\docume~1\owner\locals~1\temp\RVQDJY.exe [?] S4 SB;SB;c:\docume~1\owner\locals~1\temp\sb.exe --> c:\docume~1\owner\locals~1\temp\SB.exe [?] S4 SUVGMVQKALG;SUVGMVQKALG;c:\docume~1\owner\locals~1\temp\suvgmvqkalg.exe --> c:\docume~1\owner\locals~1\temp\SUVGMVQKALG.exe [?] S4 WKBFSJCQH;WKBFSJCQH;c:\docume~1\owner\locals~1\temp\wkbfsjcqh.exe --> c:\docume~1\owner\locals~1\temp\WKBFSJCQH.exe [?] =============== Created Last 30 ================ 2009-09-12 09:50 230,912 a------- c:\windows\PEV.exe 2009-09-12 09:50 161,792 a------- c:\windows\SWREG.exe 2009-09-12 09:50 98,816 a------- c:\windows\sed.exe 2009-09-11 15:20 8,447,846 a------- c:\windows\Warsong_.scr 2009-09-11 15:20 348,940 a------- c:\windows\uninstall Warsong_.exe 2009-09-11 06:46 <DIR> --d----- c:\program files\common files\DivX Shared 2009-09-06 17:34 111,992 a------- c:\windows\system32\acaptuser32.dll 2009-09-06 11:25 <DIR> --d----- c:\program files\SmartFTP Client 2009-08-30 22:19 <DIR> --d----- c:\program files\Trend Micro 2009-08-30 22:09 <DIR> --d----- c:\program files\SUPERAntiSpyware 2009-08-30 21:58 <DIR> --d----- c:\program files\SanityCheck 2009-08-30 21:48 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-30 21:48 19,160 a------- c:\windows\system32\drivers\mbam.sys 2009-08-30 21:48 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware 2009-08-30 21:39 128,352 a------- c:\windows\system32\b2849.dll 2009-08-30 21:39 54,624 a------- c:\windows\system32\b2849.sys 2009-08-30 21:39 16,068,777 a------- c:\windows\system32\MKIQWHEKO 2009-08-30 21:39 2,335,270 a------- c:\windows\system32\32048.mht 2009-08-30 19:48 167,936 -------- c:\windows\system32\appmgmts.dll 2009-08-30 19:47 180,224 ac------ c:\windows\system32\dllcache\scecli.dll 2009-08-30 19:47 180,224 -------- c:\windows\system32\scecli.dll 2009-08-30 18:35 <DIR> a-dshr-- C:\cmdcons 2009-08-30 18:25 175,616 a------- c:\windows\system32\strings.exe 2009-08-30 18:25 39,184 a------- c:\windows\system32\Ntrights.exe 2009-08-30 18:25 16,384 a------- c:\windows\system32\restart.exe 2009-08-30 18:25 11,254 a------- c:\windows\system32\locate.com 2009-08-30 17:56 34,816 a------- c:\windows\system32\drivers\foot.sys 2009-08-30 17:56 34,816 a------- c:\windows\system32\drivers\copy4ofrp.sys 2009-08-30 17:56 34,816 a------- c:\windows\system32\drivers\copy5ofrp.sys 2009-08-30 17:56 34,816 a------- c:\windows\system32\drivers\copyofrp.sys 2009-08-30 17:55 34,816 a------- c:\windows\system32\drivers\copy3ofrp.sys 2009-08-30 17:55 7,012,352 a------- c:\windows\system32\VX 2009-08-30 17:53 7,012,352 a------- c:\windows\system32\WQDWTZYKT 2009-08-30 17:45 34,816 a------- c:\windows\system32\drivers\copy2ofrp.sys 2009-08-30 14:54 714,752 a------- c:\windows\system32\a131A.tmp 2009-08-30 14:54 128,352 a------- c:\windows\system32\c0119.dll 2009-08-30 14:54 54,624 a------- c:\windows\system32\c0119.sys 2009-08-30 14:54 2,335,270 a------- c:\windows\system32\8d518.mht 2009-08-30 11:51 7,000,064 a------- c:\windows\system32\ER 2009-08-30 10:30 7,016,448 a------- c:\windows\system32\BZASACLRSI 2009-08-30 01:52 30,136 a------- c:\windows\system32\drivers\rspSanity32.sys 2009-08-30 01:47 128,352 a------- c:\windows\system32\9e21E.dll 2009-08-30 01:47 714,752 a------- c:\windows\system32\2b41F.tmp 2009-08-30 01:47 54,624 a------- c:\windows\system32\9e21E.sys 2009-08-30 01:46 2,335,270 a------- c:\windows\system32\c7f1D.mht 2009-08-30 01:38 52,269,056 a------- c:\windows\system32\TAA 2009-08-30 01:26 0 a------- c:\windows\system32\IONRPSU 2009-08-30 01:23 2,312,871 a------- c:\windows\system32\KPGS 2009-08-30 01:16 0 a------- c:\windows\system32\DNQZHCQ 2009-08-29 17:11 28,544 a------- c:\windows\system32\drivers\pavboot.sys 2009-08-29 16:50 6,967,296 a------- c:\windows\system32\ME 2009-08-29 16:47 6,967,296 a------- c:\windows\system32\NIIIAHSTWXNDKX 2009-08-29 16:43 6,967,296 a------- c:\windows\system32\YCNL 2009-08-29 16:26 1,304,608 a--sh--- c:\windows\system32\drivers\fidbox.dat 2009-08-29 16:26 34,592 a--sh--- c:\windows\system32\drivers\fidbox2.dat 2009-08-29 16:26 18,548 a--sh--- c:\windows\system32\drivers\fidbox.idx 2009-08-29 16:26 4,316 a--sh--- c:\windows\system32\drivers\fidbox2.idx 2009-08-29 16:21 <DIR> --d----- c:\docume~1\alluse~1\applic~1\ParetoLogic 2009-08-29 10:26 27,656 a------- c:\windows\system32\drivers\pxsec.sys 2009-08-29 10:26 22,024 a------- c:\windows\system32\drivers\pxscan.sys 2009-08-29 10:26 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PrevxCSI 2009-08-29 10:26 64 a------- c:\windows\wininit.ini 2009-08-29 09:55 411,368 a------- c:\windows\system32\deploytk.dll 2009-08-29 09:29 <DIR> --d----- C:\spoolerlogs 2009-08-28 22:09 86,016 a------- c:\windows\system32\frapsvid.dll 2009-08-25 21:47 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Blizzard Entertainment 2009-08-25 20:33 <DIR> --d----- c:\program files\World of Warcraft Public Test 2009-08-22 21:03 349,156 a------- c:\windows\uninstall Deathwin.exe 2009-08-22 21:03 8,655,167 a------- c:\windows\Deathwin.scr ==================== Find3M ==================== 2009-08-30 01:46 153,104 a------- c:\windows\system32\drivers\tmcomm.sys 2009-08-11 17:31 13,016,513 a------- c:\windows\Ignis_th.scr 2009-08-05 02:01 204,800 a------- c:\windows\system32\mswebdvd.dll 2009-07-20 12:26 84,496 a------- c:\windows\system32\KemXML.dll 2009-07-20 12:26 117,264 a------- c:\windows\system32\KemWnd.dll 2009-07-20 12:26 145,936 a------- c:\windows\system32\KemUtil.dll 2009-07-20 12:26 170,512 a------- c:\windows\system32\kemutb.dll 2009-07-20 12:25 301,656 a------- c:\windows\system32\BtCoreIf.dll 2009-07-18 11:38 119,796 a---h--- c:\windows\system32\mlfcache.dat 2009-07-17 12:01 58,880 a------- c:\windows\system32\atl.dll 2009-07-14 13:35 2,173,472 a------- c:\windows\system32\nvcplui.exe 2009-07-14 13:35 81,920 a------- c:\windows\system32\nvwddi.dll 2009-07-14 13:35 4,026,368 a------- c:\windows\system32\nvvitvs.dll 2009-07-14 13:35 3,170,304 a------- c:\windows\system32\nvwss.dll 2009-07-14 13:34 13,877,248 a------- c:\windows\system32\nvcpl.dll 2009-07-14 13:34 4,923,392 a------- c:\windows\system32\nvdisps.dll 2009-07-14 13:34 3,547,136 a------- c:\windows\system32\nvgames.dll 2009-07-14 13:34 1,286,144 a------- c:\windows\system32\nvmobls.dll 2009-07-14 13:34 188,416 a------- c:\windows\system32\nvmccss.dll 2009-07-14 13:34 168,004 a------- c:\windows\system32\nvsvc32.exe 2009-07-14 13:34 143,360 a------- c:\windows\system32\nvcolor.exe 2009-07-14 13:34 86,016 a------- c:\windows\system32\nvmctray.dll 2009-07-14 13:34 229,376 a------- c:\windows\system32\nvmccs.dll 2009-07-14 11:54 10,457,088 a------- c:\windows\system32\nvoglnt.dll 2009-07-14 11:54 7,741,664 a------- c:\windows\system32\drivers\nv4_mini.sys 2009-07-14 11:54 5,842,816 a------- c:\windows\system32\nv4_disp.dll 2009-07-14 11:54 2,189,856 a------- c:\windows\system32\nvcuvid.dll 2009-07-14 11:54 2,002,944 a------- c:\windows\system32\nvcuda.dll 2009-07-14 11:54 1,706,528 a------- c:\windows\system32\nvcuvenc.dll 2009-07-14 11:54 1,597,690 a------- c:\windows\system32\nvdata.bin 2009-07-14 11:54 868,352 a------- c:\windows\system32\nvapi.dll 2009-07-14 11:54 485,920 a------- c:\windows\system32\nvudisp.exe 2009-07-14 11:54 151,552 a------- c:\windows\system32\nvcodins.dll 2009-07-14 11:54 151,552 a------- c:\windows\system32\nvcod.dll 2009-07-13 23:43 286,208 -------- c:\windows\system32\wmpdxm.dll 2009-07-10 07:01 485,920 a------- c:\windows\system32\NVUNINST.EXE 2009-07-03 10:09 915,456 -------- c:\windows\system32\wininet.dll 2009-06-17 09:55 55,824 a------- c:\windows\KHALMNPR.Exe 2009-06-16 07:36 119,808 a------- c:\windows\system32\t2embed.dll 2009-06-16 07:36 81,920 a------- c:\windows\system32\fontsub.dll 2008-04-20 11:30 22,328 a------- c:\docume~1\owner\applic~1\PnkBstrK.sys ============= FINISH: 11:13:51.87 =============== -
Need quick help after malware clean up please...
oogee replied to oogee's topic in Resolved Malware Removal Logs
Ok just finished hte RootRepeal scan, these are the locked API's i'm not sure how to fix this so they're not locked anymore. RootRepeal Log: ROOTREPEAL (c) AD, 2007-2009 ================================================== Scan Start Time: 2009/09/12 11:24 Program Version: Version 1.3.5.0 Windows Version: Windows XP SP3 ================================================== Hidden/Locked Files ------------------- Path: C:\WINDOWS\mui\mui Status: Locked to the Windows API! Path: C:\WINDOWS\nvidia icons\nvidia icons Status: Locked to the Windows API! Path: C:\WINDOWS\SxsCaPendDel\SxsCaPendDel Status: Locked to the Windows API! Path: C:\WINDOWS\PIF\PIF Status: Locked to the Windows API! Path: C:\WINDOWS\security\logs\logs Status: Locked to the Windows API! Path: C:\WINDOWS\WinSxS\InstallTemp\InstallTemp Status: Locked to the Windows API! Path: C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2 Status: Locked to the Windows API! Path: C:\WINDOWS\system32\1025\1025 Status: Locked to the Windows API! Path: C:\WINDOWS\system32\1028\1028 Status: Locked to the Windows API! Path: C:\WINDOWS\system32\1031\1031 Status: Locked to the Windows API! Path: C:\WINDOWS\system32\1037\1037 Status: Locked to the Windows API! Path: C:\WINDOWS\system32\1041\1041 Status: Locked to the Windows API! Path: C:\WINDOWS\system32\1042\1042 Status: Locked to the Windows API! Path: C:\WINDOWS\system32\1054\1054 Status: Locked to the Windows API! Path: C:\WINDOWS\system32\2052\2052 Status: Locked to the Windows API! Path: C:\WINDOWS\system32\3076\3076 Status: Locked to the Windows API! Path: C:\WINDOWS\system32\3com_dmi\3com_dmi Status: Locked to the Windows API! Path: C:\WINDOWS\system32\export\export Status: Locked to the Windows API! Path: C:\WINDOWS\system32\inetsrv\inetsrv Status: Locked to the Windows API! Path: C:\WINDOWS\system32\dhcp\dhcp Status: Locked to the Windows API! Path: C:\WINDOWS\system32\ShellExt\ShellExt Status: Locked to the Windows API! Path: C:\WINDOWS\system32\wins\wins Status: Locked to the Windows API! Path: C:\WINDOWS\system32\xircom\xircom Status: Locked to the Windows API! Path: C:\WINDOWS\Registration\CRMLog\CRMLog Status: Locked to the Windows API! Path: C:\Program Files\Alwil Software\Avast4\DATA\aswAr.run Status: Visible to the Windows API, but not on disk. Path: C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded Status: Locked to the Windows API! Path: C:\WINDOWS\SQL9_KB948109_ENU\hotfixas\files\files Status: Locked to the Windows API! Path: C:\WINDOWS\SQL9_KB948109_ENU\hotfixdts\files\files Status: Locked to the Windows API! Path: C:\WINDOWS\SQL9_KB948109_ENU\hotfixns\files\files Status: Locked to the Windows API! Path: C:\WINDOWS\SQL9_KB948109_ENU\hotfixrs\files\files Status: Locked to the Windows API! Path: C:\WINDOWS\SQL9_KB948109_ENU\hotfixsql\files\files Status: Locked to the Windows API! Path: C:\WINDOWS\SQL9_KB948109_ENU\hotfixtools\files\files Status: Locked to the Windows API! Path: C:\WINDOWS\SQL9_KB960089_ENU\hotfixas\files\files Status: Locked to the Windows API! Path: C:\WINDOWS\SQL9_KB960089_ENU\hotfixdts\files\files Status: Locked to the Windows API! Path: C:\WINDOWS\SQL9_KB960089_ENU\hotfixns\files\files Status: Locked to the Windows API! Path: C:\WINDOWS\SQL9_KB960089_ENU\hotfixrs\files\files Status: Locked to the Windows API! Path: C:\WINDOWS\SQL9_KB960089_ENU\hotfixsql\files\files Status: Locked to the Windows API! Path: C:\WINDOWS\SQL9_KB960089_ENU\hotfixtools\files\files Status: Locked to the Windows API! Path: C:\WINDOWS\SQLTools9_KB948109_ENU\hotfixas\files\files Status: Locked to the Windows API! Path: C:\WINDOWS\SQLTools9_KB948109_ENU\hotfixdts\files\files Status: Locked to the Windows API! Path: C:\WINDOWS\SQLTools9_KB948109_ENU\hotfixns\files\files Status: Locked to the Windows API! Path: C:\WINDOWS\SQLTools9_KB948109_ENU\hotfixrs\files\files Status: Locked to the Windows API! Path: C:\WINDOWS\SQLTools9_KB948109_ENU\hotfixsql\files\files Status: Locked to the Windows API! Path: C:\WINDOWS\SQLTools9_KB948109_ENU\hotfixtools\files\files Status: Locked to the Windows API! Path: C:\WINDOWS\SQLTools9_KB960089_ENU\hotfixas\files\files Status: Locked to the Windows API! Path: C:\WINDOWS\SQLTools9_KB960089_ENU\hotfixdts\files\files Status: Locked to the Windows API! Path: C:\WINDOWS\SQLTools9_KB960089_ENU\hotfixns\files\files Status: Locked to the Windows API! Path: C:\WINDOWS\SQLTools9_KB960089_ENU\hotfixrs\files\files Status: Locked to the Windows API! Path: C:\WINDOWS\SQLTools9_KB960089_ENU\hotfixsql\files\files Status: Locked to the Windows API! Path: C:\WINDOWS\SQLTools9_KB960089_ENU\hotfixtools\files\files Status: Locked to the Windows API! Path: C:\WINDOWS\Sun\Java\Deployment\Deployment Status: Locked to the Windows API! Path: C:\WINDOWS\system32\Adobe\update\update Status: Locked to the Windows API! Path: C:\WINDOWS\system32\LogFiles\WUDF\WUDF Status: Locked to the Windows API! Path: C:\WINDOWS\system32\oobe\sample\sample Status: Locked to the Windows API! Path: C:\WINDOWS\system32\wbem\snmp\snmp Status: Locked to the Windows API! Path: C:\WINDOWS\system32\drivers\disdn\disdn Status: Locked to the Windows API! Path: C:\WINDOWS\system32\spool\PRINTERS\PRINTERS Status: Locked to the Windows API! Path: C:\WINDOWS\system32\mui\dispspec\dispspec Status: Locked to the Windows API! Path: C:\WINDOWS\system32\Macromed\update\update Status: Locked to the Windows API! Path: C:\WINDOWS\system32\IME\CINTLGNT\CINTLGNT Status: Locked to the Windows API! Path: C:\WINDOWS\system32\IME\PINTLGNT\PINTLGNT Status: Locked to the Windows API! Path: C:\WINDOWS\system32\IME\TINTLGNT\TINTLGNT Status: Locked to the Windows API! Path: C:\WINDOWS\PCHealth\ERRORREP\QHEADLES\QHEADLES Status: Locked to the Windows API! Path: C:\WINDOWS\PCHealth\ERRORREP\QSIGNOFF\QSIGNOFF Status: Locked to the Windows API! Path: C:\WINDOWS\PCHealth\HelpCtr\BATCH\BATCH Status: Locked to the Windows API! Path: C:\WINDOWS\PCHealth\HelpCtr\HelpFiles\HelpFiles Status: Locked to the Windows API! Path: C:\WINDOWS\PCHealth\HelpCtr\InstalledSKUs\InstalledSKUs Status: Locked to the Windows API! Path: C:\WINDOWS\PCHealth\HelpCtr\System_OEM\System_OEM Status: Locked to the Windows API! Path: C:\WINDOWS\PCHealth\HelpCtr\Temp\Temp Status: Locked to the Windows API! Path: C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\backup\backup Status: Locked to the Windows API! Path: C:\WINDOWS\system32\oobe\html\ispsgnup\ispsgnup Status: Locked to the Windows API! Path: C:\WINDOWS\system32\oobe\html\oemcust\oemcust Status: Locked to the Windows API! Path: C:\WINDOWS\system32\oobe\html\oemhw\oemhw Status: Locked to the Windows API! Path: C:\WINDOWS\system32\oobe\html\oemreg\oemreg Status: Locked to the Windows API! Path: C:\WINDOWS\system32\wbem\mof\bad\bad Status: Locked to the Windows API! Path: C:\WINDOWS\system32\wbem\mof\good\good Status: Locked to the Windows API! Path: C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\TempDir\TempDir Status: Locked to the Windows API! Path: C:\WINDOWS\system32\spool\drivers\IA64\IA64 Status: Locked to the Windows API! Path: C:\WINDOWS\system32\spool\drivers\WIN40\WIN40 Status: Locked to the Windows API! Path: C:\WINDOWS\system32\spool\drivers\x64\x64 Status: Locked to the Windows API! Path: C:\WINDOWS\system32\config\systemprofile\Desktop\Desktop Status: Locked to the Windows API! Path: C:\WINDOWS\system32\config\systemprofile\Favorites\Favorites Status: Locked to the Windows API! Path: C:\WINDOWS\system32\config\systemprofile\My Documents\My Documents Status: Locked to the Windows API! Path: C:\WINDOWS\system32\config\systemprofile\NetHood\NetHood Status: Locked to the Windows API! Path: C:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood Status: Locked to the Windows API! Path: C:\WINDOWS\system32\config\systemprofile\Recent\Recent Status: Locked to the Windows API! Path: C:\WINDOWS\PCHealth\HelpCtr\Config\CheckPoint\CheckPoint Status: Locked to the Windows API! Path: C:\WINDOWS\PCHealth\HelpCtr\System\DFS\DFS Status: Locked to the Windows API! Path: C:\WINDOWS\PCHealth\HelpCtr\System\News\News Status: Locked to the Windows API! Path: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\pnpftflf.default\sessionstore.js Status: Could not get file information (Error 0xc0000008) Path: C:\Documents and Settings\Owner\Local Settings\Apps\2.0\JWOH8PVO.55W\P5KR2PX0.X8Q\manifests\clickonce_bootstrap.exe.cdf-ms Status: Locked to the Windows API! Path: C:\Documents and Settings\Owner\Local Settings\Apps\2.0\JWOH8PVO.55W\P5KR2PX0.X8Q\manifests\clickonce_bootstrap.exe.manifest Status: Locked to the Windows API! Path: C:\Documents and Settings\Owner\Local Settings\Apps\2.0\JWOH8PVO.55W\P5KR2PX0.X8Q\manifests\CodeCompare.exe.cdf-ms Status: Locked to the Windows API! Path: C:\Documents and Settings\Owner\Local Settings\Apps\2.0\JWOH8PVO.55W\P5KR2PX0.X8Q\manifests\CodeCompare.exe.manifest Status: Locked to the Windows API! Path: C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\CD Burning\CD Burning Status: Locked to the Windows API! Path: C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates Status: Locked to the Windows API! Path: C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs Status: Locked to the Windows API! Path: C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs Status: Locked to the Windows API! OTL Log: OTL logfile created on: 12/09/2009 11:19:46 AM - Run 1 OTL by OldTimer - Version 3.0.11.0 Folder = C:\Documents and Settings\Owner\My Documents\Downloads\Security + Protetion Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy 2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free 4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free Paging file location(s): C:\pagefile.sys 6144 12288 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 232.88 Gb Total Space | 28.72 Gb Free Space | 12.33% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: OWNER Current User Name: Owner Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2009/07/14 13:34:58 | 00,168,004 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe PRC - [2009/08/17 08:58:55 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe PRC - [2009/08/17 09:07:17 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe PRC - [2008/04/13 17:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE PRC - [2009/08/06 17:51:54 | 00,613,128 | ---- | M] (http://tortoisesvn.net) -- C:\Program Files\TortoiseSVN\bin\TSVNCache.exe PRC - [2009/08/17 09:07:23 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe PRC - [2009/07/20 12:30:50 | 00,813,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe PRC - [2009/07/10 12:42:32 | 00,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE PRC - [2008/11/24 23:31:08 | 00,239,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe PRC - [2008/11/24 23:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe PRC - [2007/11/26 14:47:40 | 00,598,856 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Washer\WasherSvc.exe PRC - [2009/08/17 09:04:21 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe PRC - [2009/08/13 11:14:18 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Owner\My Documents\Downloads\Security + Protetion\RootRepeal.exe PRC - [2009/09/09 21:17:36 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2009/09/12 11:19:16 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\Downloads\Security + Protetion\OTL.exe ========== Win32 Services (SafeList) ========== SRV - [2007/09/20 14:13:36 | 00,024,631 | ---- | M] (Apache Software Foundation) -- C:\www\Apache22\bin\httpd.exe -- (Apache2.2 [On_Demand | Stopped]) SRV - [2008/07/25 12:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped]) SRV - [2009/08/17 08:58:55 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running]) SRV - File not found -- -- (ATZO [Disabled | Stopped]) SRV - [2009/08/17 09:07:17 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running]) SRV - [2009/08/17 09:07:01 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Stopped]) SRV - [2009/08/17 09:04:21 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running]) SRV - File not found -- -- (AVYTBJJMCCA [Disabled | Stopped]) SRV - [2006/02/28 12:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Disabled | Stopped]) SRV - [2008/07/25 12:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) SRV - [1999/12/13 02:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTsvcCDA.exe -- (Creative Service for CDROM Access [Auto | Stopped]) SRV - File not found -- -- (CSIScanner [Disabled | Stopped]) SRV - File not found -- -- (D [Disabled | Stopped]) SRV - File not found -- -- (DPUK [Disabled | Stopped]) SRV - [2009/09/11 19:11:33 | 00,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped]) SRV - [2008/07/29 22:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped]) SRV - [2008/04/13 17:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running]) SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped]) SRV - [2008/07/29 20:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [unknown | Stopped]) SRV - File not found -- -- (KIG [Disabled | Stopped]) SRV - [2009/07/20 12:28:10 | 00,121,360 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ [On_Demand | Stopped]) SRV - [2008/10/25 11:44:08 | 00,065,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped]) SRV - [2008/11/24 23:31:10 | 29,263,712 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS [On_Demand | Stopped]) SRV - [2008/11/24 23:31:08 | 00,045,408 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper [Disabled | Stopped]) SRV - [2007/11/07 08:58:18 | 03,004,416 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon90 [Disabled | Stopped]) SRV - [2009/04/01 15:53:18 | 06,574,720 | ---- | M] () -- C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe -- (MySQL [Disabled | Stopped]) SRV - [2008/07/29 20:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped]) SRV - [2009/07/14 13:34:58 | 00,168,004 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (nvsvc [Auto | Running]) SRV - [2008/11/04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped]) SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped]) SRV - [2008/04/20 11:28:30 | 00,066,872 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrA.exe -- (PnkBstrA [Disabled | Stopped]) SRV - [2008/04/20 11:29:55 | 00,103,736 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.exe -- (PnkBstrB [Disabled | Stopped]) SRV - File not found -- -- (QLEOLYTKCKZRF [Disabled | Stopped]) SRV - File not found -- -- (QPKTDICDANJA [Disabled | Stopped]) SRV - File not found -- -- (RVQDJY [Disabled | Stopped]) SRV - File not found -- -- (SB [Disabled | Stopped]) SRV - [2009/02/07 03:08:16 | 00,536,896 | ---- | M] (My Privacy Tools, Inc.) -- C:\Program Files\Hide My IP 2009\SecureSrv.exe -- (SecureSrv [On_Demand | Stopped]) SRV - [2008/11/24 23:31:08 | 00,239,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser [Auto | Running]) SRV - [2008/11/24 23:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter [Auto | Running]) SRV - File not found -- -- (SUVGMVQKALG [Disabled | Stopped]) SRV - File not found -- -- (UserAccess7 [Disabled | Stopped]) SRV - [2008/01/18 01:37:26 | 00,024,635 | ---- | M] (Apache Software Foundation) -- c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe -- (wampapache [On_Demand | Stopped]) SRV - [2008/04/17 19:13:44 | 05,750,784 | ---- | M] () -- c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe -- (wampmysqld [On_Demand | Stopped]) SRV - File not found -- -- (WKBFSJCQH [Disabled | Stopped]) SRV - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped]) SRV - [2007/11/26 14:47:40 | 00,598,856 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Washer\WasherSvc.exe -- (wwEngineSvc [Auto | Running]) ========== Driver Services (SafeList) ========== DRV - [2009/08/30 01:47:11 | 00,054,624 | ---- | M] () -- C:\WINDOWS\System32\9e21E.sys -- (9e21E [On_Demand | Stopped]) DRV - [2009/08/17 09:03:21 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4 [system | Running]) DRV - [2001/08/17 13:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\drivers\aliide.sys -- (AliIde [Disabled | Stopped]) DRV - [2009/08/17 09:05:37 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\DRIVERS\aswFsBlk.sys -- (aswFsBlk [Auto | Running]) DRV - [2009/08/17 09:06:43 | 00,094,160 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2 [Auto | Running]) DRV - [2009/08/17 09:04:29 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr [On_Demand | Running]) DRV - [2009/08/17 09:05:52 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP [system | Running]) DRV - [2009/08/17 09:04:40 | 00,051,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi [system | Running]) DRV - [2006/11/10 06:08:50 | 00,024,064 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\ATITool.sys -- (ATITool [system | Running]) DRV - [2009/08/30 21:39:34 | 00,054,624 | ---- | M] () -- C:\WINDOWS\System32\b2849.sys -- (b2849 [On_Demand | Stopped]) DRV - [2009/08/30 14:54:54 | 00,054,624 | ---- | M] () -- C:\WINDOWS\System32\c0119.sys -- (c0119 [On_Demand | Stopped]) DRV - [2001/08/17 13:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\System32\drivers\cmdide.sys -- (CmdIde [Disabled | Stopped]) DRV - [2008/08/21 14:55:10 | 00,099,352 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\COMMONFX.SYS -- (COMMONFX [On_Demand | Stopped]) DRV - [2008/08/21 14:55:10 | 00,099,352 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\COMMONFX.SYS -- (COMMONFX.SYS [On_Demand | Running]) DRV - [2009/08/30 17:45:23 | 00,034,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\copy2ofrp.sys -- (copy2ofrp [On_Demand | Stopped]) DRV - [2009/08/30 17:55:57 | 00,034,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\copy3ofrp.sys -- (copy3ofrp [On_Demand | Stopped]) DRV - [2009/08/30 17:56:09 | 00,034,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\copy4ofrp.sys -- (copy4ofrp [On_Demand | Stopped]) DRV - [2009/08/30 17:56:06 | 00,034,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\copy5ofrp.sys -- (copy5ofrp [On_Demand | Stopped]) DRV - [2009/08/30 17:56:22 | 00,034,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\copyofrp.sys -- (copyofrp [On_Demand | Stopped]) DRV - [2007/04/12 09:10:26 | 00,164,608 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\CT20XUT.DLL -- (CT20XUT.DLL [On_Demand | Stopped]) DRV - [2008/08/21 15:02:40 | 00,511,000 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctac32k.sys -- (ctac32k [On_Demand | Running]) DRV - [2008/08/21 15:03:18 | 00,532,888 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctaud2k.sys -- (ctaud2k [On_Demand | Running]) DRV - [2008/08/21 14:55:38 | 00,555,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\CTAUDFX.SYS -- (CTAUDFX [On_Demand | Stopped]) DRV - [2008/08/21 14:55:38 | 00,555,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\CTAUDFX.SYS -- (CTAUDFX.SYS [On_Demand | Running]) DRV - [2008/08/21 15:04:28 | 00,347,080 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctdvda2k.sys -- (ctdvda2k [On_Demand | Stopped]) DRV - [2007/04/12 09:10:18 | 00,168,192 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTEAPSFX.DLL -- (CTEAPSFX.DLL [On_Demand | Stopped]) DRV - [2007/04/12 09:10:20 | 00,280,320 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTEDSPFX.DLL -- (CTEDSPFX.DLL [On_Demand | Stopped]) DRV - [2007/04/12 09:10:22 | 00,128,768 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTEDSPIO.DLL -- (CTEDSPIO.DLL [On_Demand | Stopped]) DRV - [2007/04/12 09:10:22 | 00,323,328 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTEDSPSY.DLL -- (CTEDSPSY.DLL [On_Demand | Stopped]) DRV - [2008/08/21 14:56:52 | 00,100,888 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\CTERFXFX.SYS -- (CTERFXFX [On_Demand | Stopped]) DRV - [2008/08/21 14:56:52 | 00,100,888 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\CTERFXFX.SYS -- (CTERFXFX.SYS [On_Demand | Stopped]) DRV - [2007/04/12 09:10:24 | 01,317,632 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\CTEXFIFX.DLL -- (CTEXFIFX.DLL [On_Demand | Stopped]) DRV - [2007/04/12 09:10:26 | 00,066,816 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\CTHWIUT.DLL -- (CTHWIUT.DLL [On_Demand | Stopped]) DRV - [2008/08/21 15:06:40 | 00,014,360 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctprxy2k.sys -- (ctprxy2k [On_Demand | Running]) DRV - [2008/08/21 14:56:18 | 00,566,296 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\CTSBLFX.SYS -- (CTSBLFX [On_Demand | Stopped]) DRV - [2008/08/21 14:56:18 | 00,566,296 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\CTSBLFX.SYS -- (CTSBLFX.SYS [On_Demand | Running]) DRV - [2008/08/21 15:07:06 | 00,157,208 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctsfm2k.sys -- (ctsfm2k [On_Demand | Running]) DRV - [2006/12/07 22:04:48 | 00,019,240 | ---- | M] (TamoSoft) -- C:\WINDOWS\System32\DRIVERS\cv2k1.sys -- (CV2K1 [On_Demand | Stopped]) DRV - [2008/08/21 15:08:06 | 00,092,696 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\emupia2k.sys -- (emupia [On_Demand | Running]) DRV - [2006/11/24 15:47:50 | 00,040,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Drivers\ET5Drv.sys -- (ET5Drv [On_Demand | Stopped]) DRV - [2009/08/30 17:56:38 | 00,034,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\foot.sys -- (foot [On_Demand | Stopped]) DRV - [2009/01/10 14:48:26 | 00,016,608 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\gdrv.sys -- (gdrv [On_Demand | Stopped]) DRV - [1996/04/03 12:33:26 | 00,005,248 | ---- | M] () -- C:\WINDOWS\system32\giveio.sys -- (giveio [boot | Running]) DRV - [2008/08/21 15:08:56 | 00,797,720 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ha10kx2k.sys -- (ha10kx2k [On_Demand | Running]) DRV - [2008/08/21 15:09:26 | 00,162,840 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\hap16v2k.sys -- (hap16v2k [On_Demand | Stopped]) DRV - [2008/08/21 15:09:56 | 00,189,464 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\hap17v2k.sys -- (hap17v2k [On_Demand | Running]) DRV - [2005/01/07 18:07:18 | 00,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running]) DRV - [2007/09/29 16:03:12 | 00,308,248 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor [boot | Running]) DRV - [2008/04/13 16:04:15 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Stopped]) DRV - [2009/06/17 09:55:18 | 00,020,240 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\DRIVERS\L8042Kbd.sys -- (L8042Kbd [On_Demand | Running]) DRV - [2009/06/17 09:55:26 | 00,063,248 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\DRIVERS\L8042mou.Sys -- (L8042mou [On_Demand | Running]) DRV - [2008/12/19 00:43:18 | 00,010,384 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\Drivers\LBeepKE.sys -- (LBeepKE [Auto | Running]) DRV - [2008/04/13 11:40:26 | 00,034,688 | ---- | M] (Toshiba Corp.) -- C:\WINDOWS\System32\drivers\lbrtfdc.sys -- (lbrtfdc [system | Stopped]) DRV - [2009/06/17 09:56:24 | 00,079,248 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\DRIVERS\LMouKE.Sys -- (LMouKE [On_Demand | Running]) DRV - [2005/12/26 01:24:00 | 00,006,656 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\LtcyCfgWDM.sys -- (LtcyCfgWDM [On_Demand | Stopped]) DRV - [2007/08/21 12:49:28 | 00,017,912 | ---- | M] (Windows ® 2000 DDK provider) -- C:\Program Files\Gigabyte\ET5\markfun.w32 -- (MarkFun_NT [On_Demand | Stopped]) DRV - [2008/07/13 21:10:44 | 00,101,120 | ---- | M] (MagicISO, Inc.) -- C:\WINDOWS\System32\DRIVERS\mcdbus.sys -- (mcdbus [On_Demand | Running]) DRV - [2009/07/14 11:54:00 | 07,741,664 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running]) DRV - [2008/08/21 15:06:14 | 00,127,512 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\ctoss2k.sys -- (ossrv [On_Demand | Running]) DRV - [2008/06/19 17:24:30 | 00,028,544 | ---- | M] (Panda Security, S.L.) -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot [boot | Running]) DRV - [2008/07/06 13:57:28 | 00,036,928 | ---- | M] (microOLAP Technologies LTD) -- C:\WINDOWS\System32\Drivers\pssdk41.sys -- (PsSdk41 [system | Running]) DRV - [2008/07/06 13:57:29 | 00,053,312 | ---- | M] (microOLAP Technologies LTD) -- C:\WINDOWS\System32\Drivers\pssdklbf.sys -- (PsSdkLBF [system | Running]) DRV - [2003/03/31 12:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running]) DRV - [2007/03/07 16:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [boot | Running]) DRV - [2009/08/29 16:37:18 | 00,022,024 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxscan.sys -- (pxscan [boot | Running]) DRV - [2009/08/29 16:37:18 | 00,027,656 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxsec.sys -- (pxsec [boot | Running]) DRV - [2009/03/07 21:23:54 | 00,030,136 | ---- | M] (Resplendence Software Projects Sp.) -- C:\WINDOWS\System32\DRIVERS\rspSanity32.sys -- (rspSanity [On_Demand | Stopped]) DRV - [2008/07/01 11:27:44 | 00,108,800 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System32\DRIVERS\Rtenicxp.sys -- (RTLE8023xp [On_Demand | Running]) DRV - [2009/08/05 16:06:30 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Stopped]) DRV - [2009/08/05 16:06:28 | 00,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys -- (SASKUTIL [system | Running]) DRV - [2007/11/13 03:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped]) DRV - [2001/08/17 14:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped]) DRV - [2006/09/24 06:28:46 | 00,005,248 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\system32\speedfan.sys -- (speedfan [boot | Running]) DRV - [2007/06/19 23:35:40 | 00,024,096 | ---- | M] (TamoSoft) -- C:\WINDOWS\System32\drivers\ts_lb.sys -- (ts_lb [system | Running]) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-329068152-436374069-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch IE - HKU\S-1-5-21-329068152-436374069-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm IE - HKU\S-1-5-21-329068152-436374069-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch IE - HKU\S-1-5-21-329068152-436374069-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found IE - HKU\S-1-5-21-329068152-436374069-839522115-1003\S-1-5-21-329068152-436374069-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "WallpaperWarp Customized Web Search" FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2272238&SearchSource=3&q={searchTerms}" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1 FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1 FF - prefs.js..extensions.enabledItems: {9c51bd27-6ed8-4000-a2bf-36cb95c0c947}:10.1.0 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3 FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/23 19:23:39 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/09/09 21:17:43 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/09/11 06:48:36 | 00,000,000 | ---D | M] [2009/06/07 18:21:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Extensions [2008/07/12 10:18:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009/06/07 18:21:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Extensions\mozswing@mozswing.org [2009/09/12 11:18:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\pnpftflf.default\extensions [2009/06/24 22:30:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\pnpftflf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009/07/24 08:19:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\pnpftflf.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74} [2009/05/04 17:39:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\pnpftflf.default\extensions\{3c9761ad-a43d-4447-b924-f5d83cb48063} [2008/08/13 10:11:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\pnpftflf.default\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947} [2009/05/14 19:28:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\pnpftflf.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB} [2009/08/12 21:48:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\pnpftflf.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2009/07/19 23:25:10 | 00,000,888 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\FireFox\Profiles\pnpftflf.default\searchplugins\conduit.xml [2009/09/12 11:18:45 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions [2009/09/09 21:17:34 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009/03/08 19:09:37 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\staff@hide-my-ip.com [2009/09/09 21:17:34 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll [2009/09/09 21:17:34 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll [2009/05/01 14:02:48 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\libdivx.dll [2008/11/11 00:38:54 | 00,663,552 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll [2009/08/30 21:37:20 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll [2009/05/12 11:46:20 | 01,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll [2009/05/18 15:41:32 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll [2009/09/09 21:17:38 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll [2006/10/26 20:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2009/02/27 12:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2009/05/28 22:25:07 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2009/05/28 22:25:07 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2009/05/28 22:25:07 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2009/05/28 22:25:07 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2009/05/28 22:25:07 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2009/05/28 22:25:07 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2009/05/28 22:25:07 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2005/08/09 11:42:53 | 00,057,344 | ---- | M] (America Online, Inc.) -- C:\Program Files\mozilla firefox\plugins\npunagi2.dll [2009/05/01 14:02:48 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\ssldivx.dll [2009/07/30 00:24:20 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml [2009/07/30 00:24:20 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml [2009/07/30 00:24:20 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml [2009/07/30 00:24:20 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml [2009/07/30 00:24:20 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml [2009/07/30 00:24:20 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Zend Studio) - {95188727-288F-4581-A48D-EAB3BD027314} - C:\Program Files\Zend\Zend Studio for Eclipse - 6.1.2\toolbars\ZendIEToolbar.dll (Zend Technologies Ltd) O3 - HKU\S-1-5-21-329068152-436374069-839522115-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software) O4 - HKLM..\Run: [EVGAPrecision] C:\Program Files\EVGA Precision\EVGAPrecision.exe () O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.EXE (Logitech, Inc.) O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.EXE (Logitech, Inc.) O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe () O4 - HKLM..\RunOnce: [Cleanup] C:\cleanup.exe () O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-329068152-436374069-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-329068152-436374069-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-329068152-436374069-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-329068152-436374069-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-329068152-436374069-839522115-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Open using &Advanced JPEG Compressor - C:\Program Files\Advanced JPEG Compressor\ajcieex.htm () O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm () O8 - Extra context menu item: Zend Studio - Debug current page - C:\Program Files\Zend\Zend Studio for Eclipse - 6.1.2\toolbars\ZendIEToolbar.dll (Zend Technologies Ltd) O8 - Extra context menu item: Zend Studio - Debug next page - C:\Program Files\Zend\Zend Studio for Eclipse - 6.1.2\toolbars\ZendIEToolbar.dll (Zend Technologies Ltd) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll () O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll () O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Zend Studio Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\Program Files\Zend\Zend Studio for Eclipse - 6.1.2\toolbars\ZendIEToolbar.dll (Zend Technologies Ltd) O9 - Extra 'Tools' menuitem : Zend Studio - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - Reg Error: Value error. File not found O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.) O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm () O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm () O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation) O15 - HKU\.DEFAULT\..Trusted Domains: 40 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKU\S-1-5-18\..Trusted Domains: 40 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} http://www.creative.com/su/ocx/15031/CTSUEng.cab (Creative Software AutoUpdate) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shock...director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.srtest.com/srl_bin/sysreqlab3.cab (System Requirements Lab Class) O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class) O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support) O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.5.0.cab (DLM Control) O16 - DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} http://webserver.dyyno.com/tng/dyyno-client/DyynoCAB.CAB (DyynoX Class) O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (Symantec RuFSI Utility Class) O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.systemrequirementslab.com/sysreqlab2.cab (Reg Error: Key error.) O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://www.creative.com/softwareupdate/su/...101/CTSUEng.cab (Creative Software AutoUpdate) O16 - DPF: {6CE31B8D-8340-4DBD-B78E-BF59620924DC} http://www.quest3d.com/webplugin/download/...t3dactivex2.cab (Quest3DCtlr2 Class) O16 - DPF: {7D4733C0-C43B-4A81-AF43-F9B20D1F8348} http://www.octoshape.com/test/ax/octoshape.cab (Reg Error: Key error.) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://crucial.com/controls/cpcScanner.cab (Crucial cpcScan) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.adobe.com/pub/shockwave/...ash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://www.creative.com/softwareupdate/su/...15106/CTPID.cab (Creative Software AutoUpdate Support Package) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation) O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\WINDOWS\system32\acaptuser32.dll) - C:\WINDOWS\System32\acaptuser32.dll (Adobe Systems, Inc.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/01/12 23:53:53 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - File not found ========== Files/Folders - Created Within 30 Days ========== [5 C:\WINDOWS\*.tmp files] [2009/09/12 11:18:25 | 00,135,168 | ---- | C] () -- C:\zip.exe [2009/09/12 11:18:25 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\ljehbttk.sys [2009/09/12 11:18:25 | 00,019,286 | ---- | C] () -- C:\cleanup.exe [2009/09/12 11:18:25 | 00,000,574 | ---- | C] () -- C:\cleanup.bat [2009/09/12 11:15:38 | 00,000,000 | -HSD | C] -- C:\RECYCLER [2009/09/12 10:51:11 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2009/09/12 09:50:44 | 00,230,912 | ---- | C] () -- C:\WINDOWS\PEV.exe [2009/09/12 09:50:44 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2009/09/12 09:50:44 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2009/09/12 09:50:44 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2009/09/12 09:50:44 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2009/09/12 09:50:44 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2009/09/12 09:50:44 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2009/09/12 09:50:27 | 00,000,000 | ---D | C] -- C:\Qoobox [2009/09/11 19:44:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Adobe [2009/09/11 19:18:34 | 00,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player [2009/09/11 17:42:00 | 08,527,160 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\tahma.swf [2009/09/11 15:20:39 | 00,001,343 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Preview Warsong Hold - v1.0.lnk [2009/09/11 15:20:38 | 08,447,846 | ---- | C] () -- C:\WINDOWS\Warsong_.scr [2009/09/11 15:20:38 | 00,348,940 | ---- | C] () -- C:\WINDOWS\uninstall Warsong_.exe [2009/09/11 06:49:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Leadertech [2009/09/11 06:46:10 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared [2009/09/11 06:40:49 | 00,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk [2009/09/11 06:37:52 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR [2009/09/08 14:20:43 | 00,025,174 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\jinx_160x600.jpg [2009/09/07 21:16:42 | 01,204,889 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Thuder_Bluff_by_wowculture.jpg [2009/09/07 21:16:26 | 01,129,497 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\The_Exodar_by_wowculture.jpg [2009/09/07 19:59:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\My Fragments [2009/09/07 08:30:38 | 00,022,975 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\jinx_728x90.jpg [2009/09/06 17:34:30 | 00,111,992 | ---- | C] (Adobe Systems, Inc.) -- C:\WINDOWS\System32\acaptuser32.dll [2009/09/06 11:26:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SmartFTP [2009/09/06 11:25:54 | 00,001,844 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SmartFTP Client.lnk [2009/09/06 11:25:51 | 00,000,000 | ---D | C] -- C:\Program Files\SmartFTP Client [2009/09/06 10:21:44 | 00,051,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys [2009/09/06 10:21:44 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys [2009/09/06 10:21:44 | 00,001,709 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk [2009/09/06 10:21:43 | 00,026,944 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys [2009/09/06 10:21:41 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys [2009/09/06 10:21:41 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr [2009/09/06 10:21:41 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys [2009/09/06 10:21:40 | 00,094,160 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys [2009/09/06 10:21:40 | 00,093,392 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys [2009/09/06 10:21:27 | 01,279,456 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe [2009/09/06 10:21:25 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software [2009/08/30 22:21:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS [2009/08/30 22:19:20 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\HijackThis.lnk [2009/08/30 22:19:19 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2009/08/30 22:09:11 | 00,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk [2009/08/30 22:09:10 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2009/08/30 21:58:36 | 00,000,000 | ---D | C] -- C:\Program Files\SanityCheck [2009/08/30 21:48:16 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009/08/30 21:48:12 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009/08/30 21:48:11 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009/08/30 21:48:11 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2009/08/30 21:39:37 | 00,128,352 | ---- | C] () -- C:\WINDOWS\System32\b2849.dll [2009/08/30 21:39:34 | 00,054,624 | ---- | C] () -- C:\WINDOWS\System32\b2849.sys [2009/08/30 21:39:32 | 16,068,777 | ---- | C] () -- C:\WINDOWS\System32\MKIQWHEKO [2009/08/30 21:39:25 | 02,335,270 | ---- | C] () -- C:\WINDOWS\System32\32048.mht [2009/08/30 21:35:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Downloads [2009/08/30 19:48:42 | 00,167,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\appmgmts.dll [2009/08/30 19:47:22 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\scecli.dll [2009/08/30 19:47:22 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scecli.dll [2009/08/30 19:41:42 | 00,036,714 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Windows_Vista_Ultimate_64bit_(x64)_Final_English_DVD_Image.3560993.TPB.torr ent [2009/08/30 18:36:01 | 00,000,211 | ---- | C] () -- C:\Boot.bak [2009/08/30 18:35:58 | 00,260,272 | ---- | C] () -- C:\cmldr [2009/08/30 18:35:53 | 00,000,000 | RHSD | C] -- C:\cmdcons [2009/08/30 18:25:22 | 00,175,616 | ---- | C] () -- C:\WINDOWS\System32\strings.exe [2009/08/30 18:25:22 | 00,039,184 | ---- | C] () -- C:\WINDOWS\System32\Ntrights.exe [2009/08/30 18:25:22 | 00,016,384 | ---- | C] (WareSoft Software) -- C:\WINDOWS\System32\restart.exe [2009/08/30 18:25:22 | 00,011,254 | ---- | C] () -- C:\WINDOWS\System32\locate.com [2009/08/30 17:56:37 | 00,034,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\foot.sys [2009/08/30 17:56:09 | 00,034,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\copy4ofrp.sys [2009/08/30 17:56:05 | 00,034,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\copy5ofrp.sys [2009/08/30 17:56:03 | 00,034,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\copyofrp.sys [2009/08/30 17:55:57 | 00,034,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\copy3ofrp.sys [2009/08/30 17:55:52 | 07,012,352 | ---- | C] () -- C:\WINDOWS\System32\VX [2009/08/30 17:53:18 | 07,012,352 | ---- | C] () -- C:\WINDOWS\System32\WQDWTZYKT [2009/08/30 17:45:23 | 00,034,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\copy2ofrp.sys [2009/08/30 14:54:55 | 00,128,352 | ---- | C] () -- C:\WINDOWS\System32\c0119.dll [2009/08/30 14:54:54 | 00,054,624 | ---- | C] () -- C:\WINDOWS\System32\c0119.sys [2009/08/30 14:54:49 | 02,335,270 | ---- | C] () -- C:\WINDOWS\System32\8d518.mht [2009/08/30 11:51:48 | 07,000,064 | ---- | C] () -- C:\WINDOWS\System32\ER [2009/08/30 10:43:56 | 00,000,000 | ---D | C] -- C:\Config.Msi [2009/08/30 10:41:45 | 00,107,814 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\cc_20090830_104143.reg [2009/08/30 10:30:17 | 07,016,448 | ---- | C] () -- C:\WINDOWS\System32\BZASACLRSI [2009/08/30 01:52:39 | 00,030,136 | ---- | C] (Resplendence Software Projects Sp.) -- C:\WINDOWS\System32\drivers\rspSanity32.sys [2009/08/30 01:47:14 | 00,128,352 | ---- | C] () -- C:\WINDOWS\System32\9e21E.dll [2009/08/30 01:47:11 | 00,054,624 | ---- | C] () -- C:\WINDOWS\System32\9e21E.sys [2009/08/30 01:46:53 | 02,335,270 | ---- | C] () -- C:\WINDOWS\System32\c7f1D.mht [2009/08/30 01:38:42 | 52,269,056 | ---- | C] () -- C:\WINDOWS\System32\TAA [2009/08/30 01:26:28 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\IONRPSU [2009/08/30 01:23:30 | 02,312,871 | ---- | C] () -- C:\WINDOWS\System32\KPGS [2009/08/30 01:16:05 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\DNQZHCQ [2009/08/29 17:11:50 | 00,028,544 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys [2009/08/29 16:50:56 | 06,967,296 | ---- | C] () -- C:\WINDOWS\System32\ME [2009/08/29 16:47:06 | 06,967,296 | ---- | C] () -- C:\WINDOWS\System32\NIIIAHSTWXNDKX [2009/08/29 16:43:00 | 06,967,296 | ---- | C] () -- C:\WINDOWS\System32\YCNL [2009/08/29 16:26:44 | 01,304,608 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat [2009/08/29 16:26:44 | 00,034,592 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.dat [2009/08/29 16:26:44 | 00,018,548 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.idx [2009/08/29 16:26:44 | 00,004,316 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.idx [2009/08/29 16:21:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic [2009/08/29 13:25:55 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2009/08/29 10:26:55 | 00,027,656 | ---- | C] (Prevx) -- C:\WINDOWS\System32\drivers\pxsec.sys [2009/08/29 10:26:55 | 00,022,024 | ---- | C] (Prevx) -- C:\WINDOWS\System32\drivers\pxscan.sys [2009/08/29 10:26:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PrevxCSI [2009/08/29 10:26:42 | 00,000,064 | ---- | C] () -- C:\WINDOWS\wininit.ini [2009/08/29 09:55:38 | 00,000,036 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache [2009/08/29 09:55:10 | 00,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll [2009/08/29 09:29:30 | 00,000,000 | ---D | C] -- C:\spoolerlogs [2009/08/28 22:09:28 | 00,086,016 | ---- | C] (Beepa P/L) -- C:\WINDOWS\System32\frapsvid.dll [2009/08/25 21:47:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Blizzard Entertainment [2009/08/25 20:33:52 | 00,000,000 | ---D | C] -- C:\Program Files\World of Warcraft Public Test [2009/08/22 21:03:47 | 00,349,156 | ---- | C] () -- C:\WINDOWS\uninstall Deathwin.exe [2009/08/22 21:03:46 | 08,655,167 | ---- | C] () -- C:\WINDOWS\Deathwin.scr [2009/08/21 22:01:40 | 11,023,8230 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\WOWX3-Cataclysm_Trailer_en_US_ESRB.avi [2009/08/19 18:39:19 | 08,117,024 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Flexibility-flexsqueeze_theme_multiple_use.zip [2009/08/19 18:39:18 | 00,905,162 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\aats3748233.zip [2009/08/19 18:37:47 | 06,649,944 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\imperial_themeforest.zip [2009/08/19 18:35:53 | 00,471,323 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Headway1.0.rar [2009/08/19 18:35:52 | 00,176,640 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\arthemia-premium.rar [2009/08/19 18:35:49 | 05,357,159 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\edir7.rar [2009/08/19 18:35:43 | 07,594,256 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\eSyndiCat.Pro.v2.1.02.NULL.MST-www.p2cmonitor.com.rar [2009/08/09 01:24:51 | 00,000,912 | ---- | C] () -- C:\WINDOWS\my.ini [2009/08/09 01:24:51 | 00,000,912 | ---- | C] () -- C:\WINDOWS\Copy of my.ini [2009/06/08 01:00:55 | 01,111,142 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll [2009/06/08 01:00:55 | 00,789,962 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2009/06/08 01:00:55 | 00,466,432 | ---- | C] () -- C:\WINDOWS\System32\ffavisynth.dll [2009/06/08 01:00:55 | 00,185,344 | ---- | C] () -- C:\WINDOWS\System32\FLT_ffdshow.dll [2009/06/08 01:00:54 | 01,430,136 | ---- | C] () -- C:\WINDOWS\System32\ffmpegmt.dll [2009/05/31 20:03:43 | 00,076,288 | ---- | C] () -- C:\WINDOWS\System32\OneWaySerial.dll [2009/05/28 20:00:03 | 00,000,480 | ---- | C] () -- C:\WINDOWS\w32demo8.ini [2009/05/27 21:20:47 | 00,000,464 | ---- | C] () -- C:\WINDOWS\iScreensaver.ini [2009/05/27 21:18:28 | 00,000,793 | ---- | C] () -- C:\WINDOWS\iScreensaver Designer.ini [2009/05/23 23:23:06 | 00,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI [2009/05/23 00:43:56 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\AVEQT.dll [2009/05/22 22:50:21 | 01,712,128 | ---- | C] () -- C:\WINDOWS\System32\libmysql_d.dll [2009/02/27 23:44:59 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2009/01/12 00:59:28 | 00,043,492 | ---- | C] () -- C:\WINDOWS\System32\e10kxwdm.ini [2008/12/28 11:00:50 | 00,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini [2008/10/07 09:13:30 | 00,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll [2008/10/07 09:13:22 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll [2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll [2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll [2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll [2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll [2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll [2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll [2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll [2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll [2008/08/21 13:17:46 | 00,049,567 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini [2008/08/21 13:17:44 | 00,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini [2008/08/21 12:40:28 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll [2008/08/21 12:38:22 | 00,010,752 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll [2008/07/12 10:12:48 | 02,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll [2008/07/11 22:14:22 | 00,000,172 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2008/06/23 19:10:53 | 00,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini [2008/06/12 10:36:38 | 00,618,496 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2008/05/04 02:19:56 | 00,000,912 | ---- | C] () -- C:\WINDOWS\my.ini.old [2008/05/04 02:06:35 | 01,073,152 | ---- | C] () -- C:\WINDOWS\System32\libmysql_c.dll [2008/04/19 19:39:47 | 00,000,319 | ---- | C] () -- C:\WINDOWS\game.ini [2008/04/13 16:04:15 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\rtkhdaud.sys [2008/04/13 16:03:05 | 00,000,012 | ---- | C] () -- C:\WINDOWS\clocked.ini [2008/04/05 20:47:12 | 00,024,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\GVTDrv.sys [2008/01/15 00:48:11 | 00,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2008/01/13 01:53:20 | 00,003,072 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL [2007/08/13 21:45:02 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\ctmmactl.dll [2007/08/07 19:22:22 | 00,141,180 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat [2007/07/10 08:10:12 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2007/04/12 09:10:28 | 00,105,728 | ---- | C] () -- C:\WINDOWS\System32\APOMgrH.dll [2006/11/10 06:08:50 | 00,024,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\ATITool.sys [2006/10/02 18:25:18 | 00,000,307 | ---- | C] () -- C:\WINDOWS\System32\kill.ini [2005/12/26 01:24:00 | 00,006,656 | ---- | C] () -- C:\WINDOWS\System32\drivers\LtcyCfgWDM.sys [2004/11/24 11:25:52 | 00,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll [2004/10/11 23:42:59 | 00,045,568 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll [2004/10/11 23:42:45 | 00,047,616 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll [2004/10/11 23:42:42 | 00,151,552 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll [2004/10/11 23:42:40 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll [2004/10/11 23:42:39 | 00,249,856 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll [2004/10/11 23:42:30 | 00,034,816 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll [2004/10/11 23:42:29 | 00,262,144 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll [2004/10/11 23:40:56 | 02,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll [2004/10/11 23:39:47 | 00,028,160 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll [2004/10/11 23:39:06 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll [2004/10/11 23:38:47 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll [2004/10/05 01:16:07 | 00,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll [2004/10/03 10:59:29 | 00,228,352 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll [2004/10/03 10:50:53 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll [2004/10/03 10:50:25 | 00,112,640 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll [2003/03/31 12:00:00 | 00,000,881 | ---- | C] () -- C:\WINDOWS\win.ini [2003/03/31 12:00:00 | 00,000,284 | ---- | C] () -- C:\WINDOWS\system.ini [2002/10/29 16:04:54 | 00,012,288 | ---- | C] () -- C:\WINDOWS\Impborl.dll [2002/09/16 12:59:46 | 00,005,515 | ---- | C] () -- C:\WINDOWS\System32\ENSDEF.INI [1996/04/03 12:33:26 | 00,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys ========== Files - Modified Within 30 Days ========== [6 C:\WINDOWS\System32\*.tmp files] [5 C:\WINDOWS\*.tmp files] [2009/09/12 11:18:25 | 00,135,168 | ---- | M] () -- C:\zip.exe [2009/09/12 11:18:25 | 00,061,440 | ---- | M] () -- C:\WINDOWS\System32\drivers\ljehbttk.sys [2009/09/12 11:18:25 | 00,019,286 | ---- | M] () -- C:\cleanup.exe [2009/09/12 11:18:25 | 00,000,574 | ---- | M] () -- C:\cleanup.bat [2009/09/12 11:06:57 | 00,243,457 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml [2009/09/12 11:06:55 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009/09/12 11:06:53 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009/09/12 11:06:00 | 00,030,624 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000005-00000000-00000001-00001102-00000008-10011102}.rfx [2009/09/12 11:06:00 | 00,030,624 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000005-00000000-00000001-00001102-00000008-10011102}.rfx [2009/09/12 11:06:00 | 00,029,772 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000005-00000000-00000001-00001102-00000008-10011102}.rfx [2009/09/12 11:06:00 | 00,029,772 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000005-00000000-00000001-00001102-00000008-10011102}.rfx [2009/09/12 11:06:00 | 00,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000005-00000000-00000001-00001102-00000008-10011102}.rfx [2009/09/12 11:00:06 | 00,000,284 | ---- | M] () -- C:\WINDOWS\system.ini [2009/09/12 10:05:47 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2009/09/11 19:56:31 | 00,247,808 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/09/11 19:34:01 | 03,068,904 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2009/09/11 19:31:37 | 00,183,264 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2009/09/11 18:00:33 | 08,527,160 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\tahma.swf [2009/09/11 15:20:39 | 00,348,940 | ---- | M] () -- C:\WINDOWS\uninstall Warsong_.exe [2009/09/11 15:20:39 | 00,001,343 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Preview Warsong Hold - v1.0.lnk [2009/09/11 15:20:38 | 08,447,846 | ---- | M] () -- C:\WINDOWS\Warsong_.scr [2009/09/11 07:14:14 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\CCleaner.lnk [2009/09/11 06:48:47 | 00,000,478 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Fraps.lnk [2009/09/11 06:47:55 | 00,001,681 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Logitech Mouse and Keyboard Settings.lnk [2009/09/11 06:47:54 | 00,001,687 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk [2009/09/11 06:47:39 | 00,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Player.lnk [2009/09/11 06:47:05 | 00,000,831 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Converter.lnk [2009/09/11 06:46:08 | 00,001,469 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\DivX Movies.lnk [2009/09/11 06:40:49 | 00,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk [2009/09/10 14:54:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009/09/10 14:53:50 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009/09/09 17:24:24 | 00,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009/09/08 14:20:43 | 00,025,174 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\jinx_160x600.jpg [2009/09/07 21:16:42 | 01,204,889 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Thuder_Bluff_by_wowculture.jpg [2009/09/07 21:16:26 | 01,129,497 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\The_Exodar_by_wowculture.jpg [2009/09/07 17:36:37 | 00,001,742 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Acrobat 9 Pro Extended.lnk [2009/09/07 08:30:41 | 00,022,975 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\jinx_728x90.jpg [2009/09/06 11:25:54 | 00,001,844 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SmartFTP Client.lnk [2009/09/06 10:50:45 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2009/09/06 10:21:44 | 00,001,709 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk [2009/09/03 22:25:22 | 00,230,912 | ---- | M] () -- C:\WINDOWS\PEV.exe [2009/08/30 23:03:15 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk [2009/08/30 22:19:20 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\HijackThis.lnk [2009/08/30 22:12:35 | 00,000,069 | ---- | M] () -- C:\WINDOWS\RunSC.bat [2009/08/30 22:09:11 | 00,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk [2009/08/30 21:48:16 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009/08/30 21:40:35 | 16,068,777 | ---- | M] () -- C:\WINDOWS\System32\MKIQWHEKO [2009/08/30 21:39:37 | 00,128,352 | ---- | M] () -- C:\WINDOWS\System32\b2849.dll [2009/08/30 21:39:34 | 00,054,624 | ---- | M] () -- C:\WINDOWS\System32\b2849.sys [2009/08/30 21:39:25 | 02,335,270 | ---- | M] () -- C:\WINDOWS\System32\32048.mht [2009/08/30 21:37:19 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll [2009/08/30 19:48:43 | 00,167,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\appmgmts.dll [2009/08/30 19:47:23 | 00,180,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\scecli.dll [2009/08/30 19:47:23 | 00,180,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scecli.dll [2009/08/30 19:41:43 | 00,036,714 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Windows_Vista_Ultimate_64bit_(x64)_Final_English_DVD_Image.3560993.TPB.torr ent [2009/08/30 18:36:01 | 00,000,281 | RHS- | M] () -- C:\boot.ini [2009/08/30 17:56:38 | 00,034,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\foot.sys [2009/08/30 17:56:22 | 00,034,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\copyofrp.sys [2009/08/30 17:56:09 | 00,034,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\copy4ofrp.sys [2009/08/30 17:56:06 | 00,034,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\copy5ofrp.sys [2009/08/30 17:55:57 | 00,034,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\copy3ofrp.sys [2009/08/30 17:55:54 | 07,012,352 | ---- | M] () -- C:\WINDOWS\System32\VX [2009/08/30 17:53:23 | 07,012,352 | ---- | M] () -- C:\WINDOWS\System32\WQDWTZYKT [2009/08/30 17:45:23 | 00,034,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\copy2ofrp.sys [2009/08/30 14:54:55 | 00,128,352 | ---- | M] () -- C:\WINDOWS\System32\c0119.dll [2009/08/30 14:54:54 | 00,054,624 | ---- | M] () -- C:\WINDOWS\System32\c0119.sys [2009/08/30 14:54:50 | 02,335,270 | ---- | M] () -- C:\WINDOWS\System32\8d518.mht [2009/08/30 11:51:50 | 07,000,064 | ---- | M] () -- C:\WINDOWS\System32\ER [2009/08/30 11:07:29 | 01,304,608 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat [2009/08/30 11:07:29 | 00,034,592 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat [2009/08/30 11:07:29 | 00,018,548 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx [2009/08/30 11:07:29 | 00,004,316 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx [2009/08/30 10:42:31 | 00,107,814 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\cc_20090830_104143.reg [2009/08/30 10:30:18 | 07,016,448 | ---- | M] () -- C:\WINDOWS\System32\BZASACLRSI [2009/08/30 01:47:14 | 00,128,352 | ---- | M] () -- C:\WINDOWS\System32\9e21E.dll [2009/08/30 01:47:11 | 00,054,624 | ---- | M] () -- C:\WINDOWS\System32\9e21E.sys [2009/08/30 01:46:53 | 02,335,270 | ---- | M] () -- C:\WINDOWS\System32\c7f1D.mht [2009/08/30 01:46:10 | 00,153,104 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys [2009/08/30 01:40:20 | 52,269,056 | ---- | M] () -- C:\WINDOWS\System32\TAA [2009/08/30 01:26:28 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\IONRPSU [2009/08/30 01:24:09 | 02,312,871 | ---- | M] () -- C:\WINDOWS\System32\KPGS [2009/08/30 01:16:05 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\DNQZHCQ [2009/08/29 17:31:27 | 00,000,881 | ---- | M] () -- C:\WINDOWS\win.ini [2009/08/29 16:50:59 | 06,967,296 | ---- | M] () -- C:\WINDOWS\System32\ME [2009/08/29 16:47:09 | 06,967,296 | ---- | M] () -- C:\WINDOWS\System32\NIIIAHSTWXNDKX [2009/08/29 16:43:03 | 06,967,296 | ---- | M] () -- C:\WINDOWS\System32\YCNL [2009/08/29 16:37:18 | 00,027,656 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxsec.sys [2009/08/29 16:37:18 | 00,022,024 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxscan.sys [2009/08/29 16:37:13 | 00,000,064 | ---- | M] () -- C:\WINDOWS\wininit.ini [2009/08/29 15:23:03 | 00,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk [2009/08/29 15:12:17 | 00,012,540 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak [2009/08/29 12:58:13 | 00,000,708 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\PE Explorer.lnk [2009/08/29 12:00:42 | 03,773,284 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db [2009/08/29 09:55:38 | 00,000,036 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache [2009/08/28 22:09:28 | 00,086,016 | ---- | M] (Beepa P/L) -- C:\WINDOWS\System32\frapsvid.dll [2009/08/28 18:14:25 | 00,002,284 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Google Chrome.lnk [2009/08/23 09:09:27 | 00,000,749 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\EVGA Precision.lnk [2009/08/22 21:03:48 | 00,349,156 | ---- | M] () -- C:\WINDOWS\uninstall Deathwin.exe [2009/08/22 21:03:46 | 08,655,167 | ---- | M] () -- C:\WINDOWS\Deathwin.scr [2009/08/21 22:05:47 | 11,023,8230 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\WOWX3-Cataclysm_Trailer_en_US_ESRB.avi [2009/08/19 18:20:03 | 05,357,159 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\edir7.rar [2009/08/19 18:09:40 | 07,594,256 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\eSyndiCat.Pro.v2.1.02.NULL.MST-www.p2cmonitor.com.rar [2009/08/17 09:10:20 | 01,279,456 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe [2009/08/17 09:06:54 | 00,093,392 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys [2009/08/17 09:06:43 | 00,094,160 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys [2009/08/17 09:05:52 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys [2009/08/17 09:05:37 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys [2009/08/17 09:04:40 | 00,051,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys [2009/08/17 09:04:29 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys [2009/08/17 09:03:21 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys [2009/08/17 09:02:50 | 00,097,480 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr ========== Alternate Data Streams ========== @Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DA868A70 @Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:888AFB86 < End of report > -
Hello, A few weeks ago I got hit by some Java exploiting malware/virus *Win32/Cryptor* that installed nasty viruses and rootkits all over my PC and did so by exploiting Java *which I have uinstalled now* and turning off my firewall. I unhooked my modem as fast as I saw this happen but it was too late it had already installed all the junk in the computer. After A LOT of work I was able to remove the rootkit/virus and everything off my computer, however, a slight issue I've noticed now. It appears some folders etc are locked now and "Access Denied" so avast can't even scan them. I already know the drill of the logs after weeks of trying to remove the nasty rootkit/virus so here's the most current logs: Win32KDiag Log Log file is located at: C:\Documents and Settings\Owner\Desktop\Win32kDiag.txt WARNING: Could not get backup privileges! Searching 'C:\WINDOWS'... Found mount point : C:\WINDOWS\mui\mui Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\nvidia icons\nvidia icons Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\PCHealth\ERRORREP\QHEADLES\QHEADLES Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\PCHealth\ERRORREP\QSIGNOFF\QSIGNOFF Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\PCHealth\HelpCtr\BATCH\BATCH Mount point destination : \Device\__max++>\^ Cannot access: C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpsvc.exe [1] 2004-08-04 01:56:52 743936 C:\WINDOWS\$NtServicePackUninstall$\helpsvc.exe (Microsoft Corporation) [1] 2008-04-13 17:12:21 744448 C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpsvc.exe () [1] 2008-04-13 17:12:21 744448 C:\WINDOWS\ServicePackFiles\i386\helpsvc.exe (Microsoft Corporation) Found mount point : C:\WINDOWS\PCHealth\HelpCtr\Config\CheckPoint\CheckPoint Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\PCHealth\HelpCtr\HelpFiles\HelpFiles Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\PCHealth\HelpCtr\InstalledSKUs\InstalledSKUs Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\PCHealth\HelpCtr\System\DFS\DFS Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\PCHealth\HelpCtr\System\News\News Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\PCHealth\HelpCtr\System_OEM\System_OEM Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\PCHealth\HelpCtr\Temp\Temp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\PIF\PIF Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\security\logs\logs Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\backup\backup Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SQL9_KB948109_ENU\hotfixas\files\files Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SQL9_KB948109_ENU\hotfixdts\files\files Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SQL9_KB948109_ENU\hotfixns\files\files Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SQL9_KB948109_ENU\hotfixrs\files\files Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SQL9_KB948109_ENU\hotfixsql\files\files Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SQL9_KB948109_ENU\hotfixtools\files\files Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SQL9_KB960089_ENU\hotfixas\files\files Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SQL9_KB960089_ENU\hotfixdts\files\files Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SQL9_KB960089_ENU\hotfixns\files\files Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SQL9_KB960089_ENU\hotfixrs\files\files Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SQL9_KB960089_ENU\hotfixsql\files\files Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SQL9_KB960089_ENU\hotfixtools\files\files Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SQLTools9_KB948109_ENU\hotfixas\files\files Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SQLTools9_KB948109_ENU\hotfixdts\files\files Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SQLTools9_KB948109_ENU\hotfixns\files\files Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SQLTools9_KB948109_ENU\hotfixrs\files\files Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SQLTools9_KB948109_ENU\hotfixsql\files\files Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SQLTools9_KB948109_ENU\hotfixtools\files\files Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SQLTools9_KB960089_ENU\hotfixas\files\files Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SQLTools9_KB960089_ENU\hotfixdts\files\files Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SQLTools9_KB960089_ENU\hotfixns\files\files Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SQLTools9_KB960089_ENU\hotfixrs\files\files Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SQLTools9_KB960089_ENU\hotfixsql\files\files Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SQLTools9_KB960089_ENU\hotfixtools\files\files Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SxsCaPendDel\SxsCaPendDel Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\1025\1025 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\1028\1028 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\1031\1031 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\1037\1037 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\1041\1041 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\1042\1042 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\1054\1054 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\2052\2052 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\3076\3076 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\3com_dmi\3com_dmi Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\Adobe\update\update Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\TempDir\TempDir Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\Desktop\Desktop Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\Favorites\Favorites Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\CD Burning\CD Burning Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\My Documents\My Documents Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\NetHood\NetHood Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\Recent\Recent Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\dhcp\dhcp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\drivers\disdn\disdn Mount point destination : \Device\__max++>\^ Cannot access: C:\WINDOWS\system32\dumprep.exe [1] 2004-08-04 01:56:50 10752 C:\WINDOWS\$NtServicePackUninstall$\dumprep.exe (Microsoft Corporation) [1] 2008-04-13 17:12:18 10752 C:\WINDOWS\ServicePackFiles\i386\dumprep.exe (Microsoft Corporation) [1] 2008-04-13 17:12:18 10752 C:\WINDOWS\system32\dumprep.exe () Found mount point : C:\WINDOWS\system32\export\export Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\IME\CINTLGNT\CINTLGNT Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\IME\PINTLGNT\PINTLGNT Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\IME\TINTLGNT\TINTLGNT Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\inetsrv\inetsrv Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\LogFiles\WUDF\WUDF Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\Macromed\update\update Mount point destination : \Device\__max++>\^ Cannot access: C:\WINDOWS\system32\MRT.exe [1] 2009-07-29 17:49:16 24281536 C:\WINDOWS\system32\MRT.exe () Found mount point : C:\WINDOWS\system32\mui\dispspec\dispspec Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\oobe\html\ispsgnup\ispsgnup Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\oobe\html\oemcust\oemcust Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\oobe\html\oemhw\oemhw Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\oobe\html\oemreg\oemreg Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\oobe\sample\sample Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\ShellExt\ShellExt Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\spool\drivers\IA64\IA64 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\spool\drivers\WIN40\WIN40 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\spool\drivers\x64\x64 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\spool\PRINTERS\PRINTERS Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\wbem\mof\bad\bad Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\wbem\mof\good\good Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\wbem\snmp\snmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\wins\wins Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\xircom\xircom Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2 Mount point destination : \Device\__max++>\^ Finished! SecurityCheck.exe Log: Results of screen317's Security Check version 0.98.9 Windows XP Service Pack 3 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! avast! Antivirus Windows Live OneCare safety scanner Windows Live OneCare safety scanner ProxyFirewall 1.0.4 Beta avast! updated! `````````````````````````````` Anti-malware/Other Utilities Check: SUPERAntiSpyware Free Edition Malwarebytes' Anti-Malware HijackThis 2.0.2 CCleaner (remove only) DH Driver Cleaner Professional Edition Adobe Flash Player 10 Adobe Reader 9.1 `````````````````````````````` Process Check: objlist.exe by Laurent Alwil Software Avast4 aswUpdSv.exe Alwil Software Avast4 ashServ.exe Alwil Software Avast4 ashDisp.exe Alwil Software Avast4 ashWebSv.exe `````````````````````````````` DNS Vulnerability Check: GREAT! (Not vulnerable to DNS cache poisoning) `````````End of Log``````````` ComboFix Log: ComboFix 09-09-11.05 - Owner 12/09/2009 9:51.1.4 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3582.2908 [GMT -7:00] Running from: c:\documents and settings\Owner\My Documents\Downloads\ComboFix.exe AV: avast! antivirus 4.8.1351 [VPS 090912-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} . [i] ADS - system32: deleted 12 bytes in 1 streams. [/i] ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Owner\My Documents\freshreg.reg c:\windows\a3kebook.ini c:\windows\akebook.ini c:\windows\ANS2000.INI c:\windows\Installer\149154.msi c:\windows\system32\images c:\windows\system32\images\toolbar\calendar.gif c:\windows\system32\images\toolbar\crlogo.gif c:\windows\system32\images\toolbar\export.gif c:\windows\system32\images\toolbar\export_over.gif c:\windows\system32\images\toolbar\exportd.gif c:\windows\system32\images\toolbar\First.gif c:\windows\system32\images\toolbar\first_over.gif c:\windows\system32\images\toolbar\Firstd.gif c:\windows\system32\images\toolbar\gotopage.gif c:\windows\system32\images\toolbar\gotopage_over.gif c:\windows\system32\images\toolbar\gotopaged.gif c:\windows\system32\images\toolbar\grouptree.gif c:\windows\system32\images\toolbar\grouptree_over.gif c:\windows\system32\images\toolbar\grouptreed.gif c:\windows\system32\images\toolbar\grouptreepressed.gif c:\windows\system32\images\toolbar\Last.gif c:\windows\system32\images\toolbar\last_over.gif c:\windows\system32\images\toolbar\Lastd.gif c:\windows\system32\images\toolbar\Next.gif c:\windows\system32\images\toolbar\next_over.gif c:\windows\system32\images\toolbar\Nextd.gif c:\windows\system32\images\toolbar\Prev.gif c:\windows\system32\images\toolbar\prev_over.gif c:\windows\system32\images\toolbar\Prevd.gif c:\windows\system32\images\toolbar\print.gif c:\windows\system32\images\toolbar\print_over.gif c:\windows\system32\images\toolbar\printd.gif c:\windows\system32\images\toolbar\Refresh.gif c:\windows\system32\images\toolbar\refresh_over.gif c:\windows\system32\images\toolbar\refreshd.gif c:\windows\system32\images\toolbar\Search.gif c:\windows\system32\images\toolbar\search_over.gif c:\windows\system32\images\toolbar\searchd.gif c:\windows\system32\images\toolbar\up.gif c:\windows\system32\images\toolbar\up_over.gif c:\windows\system32\images\toolbar\upd.gif c:\windows\system32\images\tree\begindots.gif c:\windows\system32\images\tree\beginminus.gif c:\windows\system32\images\tree\beginplus.gif c:\windows\system32\images\tree\blank.gif c:\windows\system32\images\tree\blankdots.gif c:\windows\system32\images\tree\dots.gif c:\windows\system32\images\tree\lastdots.gif c:\windows\system32\images\tree\lastminus.gif c:\windows\system32\images\tree\lastplus.gif c:\windows\system32\images\tree\Magnify.gif c:\windows\system32\images\tree\minus.gif c:\windows\system32\images\tree\minusbox.gif c:\windows\system32\images\tree\plus.gif c:\windows\system32\images\tree\plusbox.gif c:\windows\system32\images\tree\singleminus.gif c:\windows\system32\images\tree\singleplus.gif c:\windows\system32\uninstall.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED} -------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE} ((((((((((((((((((((((((( Files Created from 2009-08-12 to 2009-09-12 ))))))))))))))))))))))))))))))) . 2009-09-12 02:18 . 2009-09-12 02:18 -------- d-----w- c:\program files\Adobe Media Player 2009-09-11 22:20 . 2009-09-11 22:20 348940 ----a-w- c:\windows\uninstall Warsong_.exe 2009-09-11 22:20 . 2009-09-11 22:20 8447846 ----a-w- c:\windows\Warsong_.scr 2009-09-11 13:49 . 2009-09-11 13:49 -------- d-----w- c:\documents and settings\Owner\Application Data\Leadertech 2009-09-11 13:46 . 2009-09-11 13:46 -------- d-----w- c:\program files\Common Files\DivX Shared 2009-09-11 13:37 . 2009-09-11 13:37 -------- d-----w- c:\program files\Common Files\Adobe AIR 2009-09-07 00:34 . 2009-02-27 19:55 111992 ----a-w- c:\windows\system32\acaptuser32.dll 2009-09-06 18:26 . 2009-09-06 18:26 -------- d-----w- c:\documents and settings\Owner\Application Data\SmartFTP 2009-09-06 18:25 . 2009-09-06 18:25 -------- d-----w- c:\program files\SmartFTP Client 2009-09-06 17:21 . 2009-08-17 16:04 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2009-09-06 17:21 . 2009-08-17 16:04 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2009-09-06 17:21 . 2009-08-17 16:03 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2009-09-06 17:21 . 2009-08-17 16:05 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys 2009-09-06 17:21 . 2009-08-17 16:05 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2009-09-06 17:21 . 2009-08-17 16:02 97480 ----a-w- c:\windows\system32\AvastSS.scr 2009-09-06 17:21 . 2009-08-17 16:06 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys 2009-09-06 17:21 . 2009-08-17 16:06 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2009-09-06 17:21 . 2009-08-17 16:10 1279456 ----a-w- c:\windows\system32\aswBoot.exe 2009-09-06 17:21 . 2009-09-06 17:21 -------- d-----w- c:\program files\Alwil Software 2009-08-31 05:21 . 2009-09-11 13:48 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS 2009-08-31 05:19 . 2009-08-31 05:19 -------- d-----w- c:\program files\Trend Micro 2009-08-31 05:09 . 2009-09-11 14:19 -------- d-----w- c:\program files\SUPERAntiSpyware 2009-08-31 04:58 . 2009-08-31 04:58 -------- d-----w- c:\program files\SanityCheck 2009-08-31 04:48 . 2009-09-10 21:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-31 04:48 . 2009-09-11 13:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-08-31 04:48 . 2009-09-10 21:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-08-31 04:39 . 2009-08-31 04:39 128352 ----a-w- c:\windows\system32\b2849.dll 2009-08-31 04:39 . 2009-08-31 04:39 54624 ----a-w- c:\windows\system32\b2849.sys 2009-08-31 02:48 . 2009-08-31 02:48 167936 ----a-w- c:\windows\system32\appmgmts.dll 2009-08-31 02:47 . 2009-08-31 02:47 180224 -c--a-w- c:\windows\system32\dllcache\scecli.dll 2009-08-31 02:47 . 2009-08-31 02:47 180224 ----a-w- c:\windows\system32\scecli.dll 2009-08-31 01:25 . 2005-10-20 01:50 16384 ----a-w- c:\windows\system32\restart.exe 2009-08-31 01:25 . 2005-01-20 20:47 175616 ----a-w- c:\windows\system32\strings.exe 2009-08-31 01:25 . 2005-01-14 04:41 39184 ----a-w- c:\windows\system32\Ntrights.exe 2009-08-31 01:25 . 2005-01-14 04:41 11254 ----a-w- c:\windows\system32\locate.com 2009-08-31 00:56 . 2009-08-31 00:56 34816 ----a-w- c:\windows\system32\drivers\foot.sys 2009-08-31 00:56 . 2009-08-31 00:56 34816 ----a-w- c:\windows\system32\drivers\copy4ofrp.sys 2009-08-31 00:56 . 2009-08-31 00:56 34816 ----a-w- c:\windows\system32\drivers\copy5ofrp.sys 2009-08-31 00:56 . 2009-08-31 00:56 34816 ----a-w- c:\windows\system32\drivers\copyofrp.sys 2009-08-31 00:55 . 2009-08-31 00:55 34816 ----a-w- c:\windows\system32\drivers\copy3ofrp.sys 2009-08-31 00:45 . 2009-08-31 00:45 34816 ----a-w- c:\windows\system32\drivers\copy2ofrp.sys 2009-08-30 21:54 . 2009-08-30 21:54 128352 ----a-w- c:\windows\system32\c0119.dll 2009-08-30 21:54 . 2009-08-30 21:54 54624 ----a-w- c:\windows\system32\c0119.sys 2009-08-30 08:52 . 2009-03-08 04:23 30136 ----a-w- c:\windows\system32\drivers\rspSanity32.sys 2009-08-30 08:47 . 2009-08-30 08:47 128352 ----a-w- c:\windows\system32\9e21E.dll 2009-08-30 08:47 . 2009-08-30 08:47 54624 ----a-w- c:\windows\system32\9e21E.sys 2009-08-30 00:11 . 2008-06-20 00:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys 2009-08-29 23:26 . 2009-08-30 18:07 34592 --sha-w- c:\windows\system32\drivers\fidbox2.dat 2009-08-29 23:26 . 2009-08-30 18:07 1304608 --sha-w- c:\windows\system32\drivers\fidbox.dat 2009-08-29 23:21 . 2009-08-30 17:44 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic 2009-08-29 20:35 . 2009-08-29 20:35 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla 2009-08-29 19:03 . 2009-08-29 19:03 -------- d-----w- c:\documents and settings\Administrator\Application Data\Subversion 2009-08-29 19:02 . 2009-08-29 19:02 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache 2009-08-29 17:26 . 2009-08-29 23:37 27656 ----a-w- c:\windows\system32\drivers\pxsec.sys 2009-08-29 17:26 . 2009-08-29 23:37 22024 ----a-w- c:\windows\system32\drivers\pxscan.sys 2009-08-29 17:26 . 2009-08-29 17:26 -------- d-----w- c:\documents and settings\All Users\Application Data\PrevxCSI 2009-08-29 16:55 . 2009-08-31 04:37 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-08-29 16:29 . 2009-08-29 16:29 -------- d-----w- C:\spoolerlogs 2009-08-29 16:29 . 2009-08-29 16:29 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2009-08-29 05:09 . 2009-08-29 05:09 86016 ----a-w- c:\windows\system32\frapsvid.dll 2009-08-26 04:47 . 2009-08-26 04:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment 2009-08-26 03:33 . 2009-09-11 03:36 -------- d-----w- c:\program files\World of Warcraft Public Test 2009-08-23 04:03 . 2009-08-23 04:03 349156 ----a-w- c:\windows\uninstall Deathwin.exe 2009-08-23 04:03 . 2009-08-23 04:03 8655167 ----a-w- c:\windows\Deathwin.scr 2009-08-17 05:22 . 2009-08-17 05:22 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Microsoft . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-12 03:38 . 2008-04-27 00:55 -------- d-----w- c:\program files\iCall 2009-09-12 02:31 . 2008-01-13 08:23 183264 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-09-12 02:21 . 2008-01-14 21:15 -------- d-----w- c:\program files\Common Files\Adobe 2009-09-12 02:02 . 2008-08-18 17:47 -------- d-----w- c:\documents and settings\Owner\Application Data\Download Manager 2009-09-11 14:10 . 2009-05-26 03:47 -------- d-----w- c:\program files\PeerGuardian2 2009-09-11 13:49 . 2008-01-13 21:03 -------- d-----w- c:\program files\Common Files\Logishrd 2009-09-11 13:49 . 2008-01-13 21:04 -------- d-----w- c:\documents and settings\All Users\Application Data\LogiShrd 2009-09-11 13:47 . 2008-01-13 10:47 -------- d-----w- c:\program files\DivX 2009-09-11 13:42 . 2008-08-20 17:08 -------- d-----w- c:\program files\BitComet 2009-09-07 17:40 . 2008-01-13 10:16 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-09-06 23:27 . 2008-03-10 21:40 -------- d-----w- c:\documents and settings\Owner\Application Data\Publish Providers 2009-09-06 16:55 . 2008-04-06 08:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Avg8 2009-08-31 05:55 . 2009-05-23 07:22 -------- d-----w- c:\program files\Common Files\DVDVideoSoft 2009-08-31 05:53 . 2008-05-25 03:28 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-08-31 05:53 . 2008-05-25 03:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-08-31 05:12 . 2008-04-13 18:26 69 ----a-w- c:\windows\RunSC.bat 2009-08-31 04:29 . 2008-05-19 05:09 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-08-30 18:07 . 2009-08-29 23:26 4316 --sha-w- c:\windows\system32\drivers\fidbox2.idx 2009-08-30 18:07 . 2009-08-29 23:26 18548 --sha-w- c:\windows\system32\drivers\fidbox.idx 2009-08-30 08:46 . 2008-08-18 18:47 153104 ----a-w- c:\windows\system32\drivers\tmcomm.sys 2009-08-29 19:58 . 2009-05-28 05:43 -------- d-----w- c:\program files\PE Explorer 2009-08-29 16:57 . 2008-04-13 18:05 -------- d-----w- c:\program files\SmartScan 2009-08-29 16:34 . 2008-01-14 09:39 -------- d-----w- c:\documents and settings\Owner\Application Data\Azureus 2009-08-29 02:00 . 2009-03-04 07:43 -------- d-----w- c:\documents and settings\Owner\Application Data\tor 2009-08-29 01:57 . 2009-03-04 07:42 -------- d-----w- c:\documents and settings\Owner\Application Data\Vidalia 2009-08-29 01:50 . 2009-03-04 07:14 -------- d-----w- c:\program files\ProxyFirewall 2009-08-26 03:52 . 2008-01-13 08:44 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment 2009-08-23 16:09 . 2008-05-04 08:56 -------- d-----w- c:\program files\EVGA Precision 2009-08-18 00:36 . 2008-07-12 04:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-08-16 16:54 . 2009-04-26 18:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Watermark Factory 2009-08-12 00:31 . 2009-08-12 00:31 13016513 ----a-w- c:\windows\Ignis_th.scr 2009-08-09 22:23 . 2008-04-06 05:51 -------- d-----w- c:\program files\PC Wizard 2008 2009-08-09 21:39 . 2008-01-13 08:44 -------- d-----w- c:\program files\World of Warcraft 2009-08-09 21:39 . 2009-05-07 21:32 -------- d-----w- c:\program files\WinHTTrack 2009-08-09 21:38 . 2008-01-13 10:26 -------- d-----w- c:\program files\Winamp 2009-08-09 21:38 . 2009-04-26 18:59 -------- d-----w- c:\program files\Watermark Factory 2 2009-08-09 21:38 . 2009-05-31 07:03 -------- d-----w- c:\program files\VB Decompiler Lite 2009-08-09 21:37 . 2008-04-06 02:33 -------- d-----w- c:\program files\SpeedFan 2009-08-09 21:33 . 2009-07-18 18:38 -------- d-----w- c:\program files\Safari 2009-08-09 21:31 . 2009-05-15 05:28 -------- d-----w- c:\program files\PADGen 2009-08-09 21:19 . 2009-06-08 08:06 -------- d-----w- c:\program files\megui 2009-08-09 21:19 . 2008-01-13 07:25 -------- d-----w- c:\program files\MagicISO 2009-08-09 21:19 . 2008-07-27 02:25 -------- d-----w- c:\program files\MagicDisc 2009-08-09 21:15 . 2008-07-06 21:02 -------- d-----w- c:\program files\CommView 2009-08-09 21:15 . 2008-04-13 21:33 -------- d-----w- c:\program files\Common Files\Webroot Shared 2009-08-09 21:07 . 2008-01-14 09:39 -------- d-----w- c:\program files\Azureus 2009-08-09 21:07 . 2008-01-16 06:50 -------- d-----w- c:\program files\ATITool 2009-08-09 21:06 . 2008-06-24 02:13 -------- d-----w- c:\program files\AIM6 2009-08-09 21:06 . 2008-06-11 02:07 -------- d-----w- c:\program files\AIM 2009-08-09 21:04 . 2009-05-06 04:24 -------- d-----w- c:\program files\Advanced JPEG Compressor 2009-08-09 20:15 . 2008-07-09 08:28 -------- d-----w- c:\program files\XP Codec Pack 2009-08-09 19:26 . 2008-02-07 22:43 -------- d-----w- c:\program files\SystemRequirementsLab 2009-08-09 19:24 . 2009-05-31 16:07 -------- d-----w- c:\program files\Screensaver Factory 5 Enterprise 2009-08-09 19:24 . 2008-07-09 06:55 -------- d-----w- c:\program files\ReNamer 2009-08-09 19:14 . 2008-03-30 21:46 -------- d-----w- c:\program files\Driver Cleaner Pro 2009-08-09 07:49 . 2009-05-31 19:20 -------- d-----w- c:\documents and settings\Owner\Application Data\TortoiseSVN 2009-08-09 06:56 . 2009-08-09 06:56 -------- d-----w- c:\program files\Common Files\TortoiseOverlays 2009-08-09 06:56 . 2009-08-09 06:56 -------- d-----w- c:\program files\TortoiseSVN 2009-08-09 04:02 . 2009-08-09 04:02 -------- d-----w- c:\program files\Sony 2009-08-09 03:48 . 2009-05-28 03:57 -------- d-----w- c:\documents and settings\Owner\Application Data\4Media Software Studio 2009-08-09 03:48 . 2009-05-28 03:56 -------- d-----w- c:\program files\4Media 2009-08-05 09:01 . 2003-03-31 19:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-08-04 00:49 . 2008-12-28 07:25 -------- d-----w- c:\program files\Windows Live Safety Center 2009-08-01 21:38 . 2009-08-01 21:02 -------- d-----w- c:\documents and settings\Owner\Application Data\Eltima Software 2009-08-01 17:13 . 2009-08-01 17:13 -------- d-----w- c:\program files\AGEIA Technologies 2009-08-01 17:13 . 2009-08-01 17:13 -------- d-----w- c:\program files\NVIDIA Corporation 2009-08-01 17:13 . 2009-08-01 17:13 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation 2009-07-29 16:15 . 2008-07-12 05:00 -------- d-----w- c:\program files\Common Files\Merge Modules 2009-07-20 19:26 . 2009-03-07 17:15 84496 ----a-w- c:\windows\system32\KemXML.dll 2009-07-20 19:26 . 2009-03-07 17:15 117264 ----a-w- c:\windows\system32\KemWnd.dll 2009-07-20 19:26 . 2009-03-07 17:15 145936 ----a-w- c:\windows\system32\KemUtil.dll 2009-07-20 19:26 . 2009-03-07 17:15 170512 ----a-w- c:\windows\system32\kemutb.dll 2009-07-20 19:25 . 2009-03-07 17:15 301656 ----a-w- c:\windows\system32\BtCoreIf.dll 2009-07-18 18:38 . 2009-07-18 18:38 119796 ---ha-w- c:\windows\system32\mlfcache.dat 2009-07-18 18:38 . 2009-05-29 05:24 -------- d-----w- c:\documents and settings\Owner\Application Data\Apple Computer 2009-07-17 19:01 . 2003-03-31 19:00 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-14 20:35 . 2009-07-14 20:35 2173472 ----a-w- c:\windows\system32\nvcplui.exe 2009-07-14 20:35 . 2009-07-14 20:35 81920 ----a-w- c:\windows\system32\nvwddi.dll 2009-07-14 20:35 . 2009-07-14 20:35 4026368 ----a-w- c:\windows\system32\nvvitvs.dll 2009-07-14 20:35 . 2009-07-14 20:35 3170304 ----a-w- c:\windows\system32\nvwss.dll 2009-07-14 20:34 . 2009-07-14 20:34 86016 ----a-w- c:\windows\system32\nvmctray.dll 2009-07-14 20:34 . 2009-07-14 20:34 4923392 ----a-w- c:\windows\system32\nvdisps.dll 2009-07-14 20:34 . 2009-07-14 20:34 3547136 ----a-w- c:\windows\system32\nvgames.dll 2009-07-14 20:34 . 2009-07-14 20:34 188416 ----a-w- c:\windows\system32\nvmccss.dll 2009-07-14 20:34 . 2009-07-14 20:34 168004 ----a-w- c:\windows\system32\nvsvc32.exe 2009-07-14 20:34 . 2009-07-14 20:34 143360 ----a-w- c:\windows\system32\nvcolor.exe 2009-07-14 20:34 . 2009-07-14 20:34 13877248 ----a-w- c:\windows\system32\nvcpl.dll 2009-07-14 20:34 . 2009-07-14 20:34 1286144 ----a-w- c:\windows\system32\nvmobls.dll 2009-07-14 20:34 . 2009-07-14 20:34 229376 ----a-w- c:\windows\system32\nvmccs.dll 2009-07-14 18:54 . 2009-08-01 17:12 485920 ----a-w- c:\windows\system32\nvudisp.exe 2009-07-14 18:54 . 2009-08-01 17:12 7741664 ----a-w- c:\windows\system32\drivers\nv4_mini.sys 2009-07-14 18:54 . 2009-08-01 17:09 2189856 ----a-w- c:\windows\system32\nvcuvid.dll 2009-07-14 18:54 . 2009-08-01 17:09 1706528 ----a-w- c:\windows\system32\nvcuvenc.dll 2009-07-14 18:54 . 2009-08-01 17:09 10457088 ----a-w- c:\windows\system32\nvoglnt.dll 2009-07-14 18:54 . 2009-08-01 17:09 868352 ----a-w- c:\windows\system32\nvapi.dll 2009-07-14 18:54 . 2009-08-01 17:09 2002944 ----a-w- c:\windows\system32\nvcuda.dll 2009-07-14 18:54 . 2009-08-01 17:09 1597690 ----a-w- c:\windows\system32\nvdata.bin 2009-07-14 18:54 . 2009-08-01 17:09 151552 ----a-w- c:\windows\system32\nvcodins.dll 2009-07-14 18:54 . 2009-08-01 17:09 151552 ----a-w- c:\windows\system32\nvcod.dll 2009-07-14 18:54 . 2008-10-03 03:12 5842816 ----a-w- c:\windows\system32\nv4_disp.dll 2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll . ------- Sigcheck ------- [-] 2008-09-02 . 3CF3A7B11E4A1DF6CD13B41A76E8B53E . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys [-] 2008-09-02 . 3CF3A7B11E4A1DF6CD13B41A76E8B53E . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys [7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys [7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys [7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys [-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtServicePackUninstall$\tcpip.sys [-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys [7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB941644$\tcpip.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal] @="{C5994560-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}] 2009-08-04 16:13 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified] @="{C5994561-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}] 2009-08-04 16:13 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict] @="{C5994562-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}] 2009-08-04 16:13 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked] @="{C5994563-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}] 2009-08-04 16:13 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly] @="{C5994564-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}] 2009-08-04 16:13 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted] @="{C5994565-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}] 2009-08-04 16:13 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded] @="{C5994566-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}] 2009-08-04 16:13 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored] @="{C5994567-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}] 2009-08-04 16:13 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned] @="{C5994568-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}] 2009-08-04 16:13 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-07-09 1657376] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-14 13877248] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-07-14 86016] "EVGAPrecision"="c:\program files\EVGA Precision\EVGAPrecision.exe" [2009-08-18 273424] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000] "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-02-27 38768] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2009-06-17 55824] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2009-06-17 55824] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-3-7 813584] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2009-07-20 19:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\system32\acaptuser32.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Privoxy.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Privoxy.lnk backup=c:\windows\pss\Privoxy.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Keylogger Hunter.lnk] path=c:\documents and settings\Owner\Start Menu\Programs\Startup\Keylogger Hunter.lnk backup=c:\windows\pss\Keylogger Hunter.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Logitech . Product Registration.lnk] path=c:\documents and settings\Owner\Start Menu\Programs\Startup\Logitech . Product Registration.lnk backup=c:\windows\pss\Logitech . Product Registration.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^MagicDisc.lnk] path=c:\documents and settings\Owner\Start Menu\Programs\Startup\MagicDisc.lnk backup=c:\windows\pss\MagicDisc.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^WinMySQLadmin.lnk] path=c:\documents and settings\Owner\Start Menu\Programs\Startup\WinMySQLadmin.lnk backup=c:\windows\pss\WinMySQLadmin.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "AntiKeyloggers"=2 (0x2) "PnkBstrB"=2 (0x2) "PnkBstrA"=2 (0x2) "idsvc"=3 (0x3) "Bonjour Service"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" "iCall Internet Phone"="c:\program files\iCall\iCall.exe" /startup [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\Azureus\\Azureus.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"= "c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"= "c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"= "c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"= "c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"= "c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"= "c:\\Program Files\\iCall\\iCall.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\AIM\\aim.exe"= "c:\\Program Files\\Octoshape Streaming Services\\Owner\\OctoshapeClient.exe"= "c:\\Program Files\\mIRC\\mirc.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= "c:\\wamp\\bin\\apache\\apache2.2.8\\bin\\httpd.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\GIGABYTE\\@BIOS\\GBTUpd.exe"= "c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"= "c:\\Program Files\\GIGABYTE\\@BIOS\\UpdExe.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\BitComet\\BitComet.exe"= "c:\\Program Files\\Ventrilo\\Ventrilo.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Documents and Settings\\Owner\\Local Settings\\Application Data\\Dyyno Receiver\\DPPM.exe"= "c:\\Program Files\\World of Warcraft\\WoW-3.0.8.9506-to-3.0.9.9551-enUS-downloader.exe"= "c:\\Program Files\\World of Warcraft Public Test\\Launcher.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\World of Warcraft\\Launcher.exe"= "c:\\Program Files\\World of Warcraft\\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe"= "c:\\Program Files\\Zend\\Zend Studio for Eclipse - 6.1.2\\ZendStudio.exe"= "c:\\ROFL (Blizz-Like) V2.0.0.1\\ROFL (Blizz-Like) V2.0.0.1\\Realm\\hearthstone-world.exe"= "c:\\Program Files\\4Media\\HD Video Converter\\vcloader.exe"= "c:\\Program Files\\4Media\\SWF Converter\\vcloader.exe"= "c:\\AC Web Ultimate Repack\\trincore\\TrinityCore.exe"= "c:\\AC Web Ultimate Repack\\Server\\apache\\bin\\apache.exe"= "c:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"= "c:\\AC Web MaNGOS Hybrid\\MaNGOS\\mangosd.exe"= "c:\\Program Files\\World of Warcraft Public Test\\WoW-0.2.2.10257-enUS-ptr-downloader.exe"= "c:\\Program Files\\World of Warcraft Public Test\\WoW-0.2.2.10257-to-0.2.2.10357-enUS-ptr-downloader.exe"= "c:\\Program Files\\World of Warcraft Public Test\\WoW-0.2.2.10357-to-0.2.2.10371-enUS-ptr-downloader.exe"= "c:\\Program Files\\GIGABYTE\\ET5\\update.exe"= "c:\\Program Files\\GIGABYTE\\@BIOS\\gwflash.exe"= "c:\\Program Files\\GlobalSCAPE\\CuteFTP 8 Professional\\ftpte.exe"= "c:\\Program Files\\World of Warcraft Public Test\\WoW-0.2.2.10371-to-0.2.2.10392-enUS-ptr-downloader.exe"= "c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"= "c:\\Program Files\\World of Warcraft Public Test\\WoW-0.2.2.10392-to-0.2.2.10433-enUS-ptr-downloader.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "6112:TCP"= 6112:TCP:Blizz Downloader 2: 6112 "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 "12802:TCP"= 12802:TCP:BitComet 12802 TCP "12802:UDP"= 12802:UDP:BitComet 12802 UDP "3306:TCP"= 3306:TCP:*:Disabled:mysql "3306:UDP"= 3306:UDP:*:Disabled:mysql R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [29/08/2009 5:11 PM 28544] R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [29/08/2009 10:26 AM 22024] R0 pxsec;pxsec;c:\windows\system32\drivers\pxsec.sys [29/08/2009 10:26 AM 27656] R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [06/09/2009 10:21 AM 114768] R1 PsSdk41;PsSdk41;c:\windows\system32\drivers\pssdk41.sys [06/07/2008 1:57 PM 36928] R1 PsSdkLBF;PsSdkLBF;c:\windows\system32\drivers\pssdklbf.sys [06/07/2008 1:57 PM 53312] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [05/08/2009 4:06 PM 74480] R1 ts_lb;ts_lb;c:\windows\system32\drivers\ts_lb.sys [06/07/2008 2:02 PM 24096] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [06/09/2009 10:21 AM 20560] R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [07/03/2009 10:16 AM 10384] R2 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [13/04/2008 2:20 PM 598856] R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [21/08/2008 2:55 PM 99352] R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [21/08/2008 2:55 PM 555032] R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [21/08/2008 2:56 PM 566296] S2 uhjm;uhjm;c:\windows\system32\drivers\kmgfbnxb.sys --> c:\windows\system32\drivers\kmgfbnxb.sys [?] S3 9e21E;9e21E;c:\windows\system32\9e21E.sys [30/08/2009 1:47 AM 54624] S3 Apache2.2;Apache2.2;c:\www\Apache22\bin\httpd.exe [14/01/2008 2:49 AM 24631] S3 b2849;b2849;c:\windows\system32\b2849.sys [30/08/2009 9:39 PM 54624] S3 c0119;c0119;c:\windows\system32\c0119.sys [30/08/2009 2:54 PM 54624] S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [21/08/2008 2:55 PM 99352] S3 copy2ofrp;copy2ofrp;c:\windows\system32\drivers\copy2ofrp.sys [30/08/2009 5:45 PM 34816] S3 copy3ofrp;copy3ofrp;c:\windows\system32\drivers\copy3ofrp.sys [30/08/2009 5:55 PM 34816] S3 copy4ofrp;copy4ofrp;c:\windows\system32\drivers\copy4ofrp.sys [30/08/2009 5:56 PM 34816] S3 copy5ofrp;copy5ofrp;c:\windows\system32\drivers\copy5ofrp.sys [30/08/2009 5:56 PM 34816] S3 copyofrp;copyofrp;c:\windows\system32\drivers\copyofrp.sys [30/08/2009 5:56 PM 34816] S3 cpuz129;cpuz129;\??\c:\docume~1\Owner\LOCALS~1\Temp\cpuz_x32.sys --> c:\docume~1\Owner\LOCALS~1\Temp\cpuz_x32.sys [?] S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [21/08/2008 2:55 PM 555032] S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [21/08/2008 2:56 PM 100888] S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [21/08/2008 2:56 PM 100888] S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [21/08/2008 2:56 PM 566296] S3 CV2K1;CommView Network Monitor;c:\windows\system32\drivers\cv2k1.sys [06/07/2008 2:02 PM 19240] S3 foot;foot;c:\windows\system32\drivers\foot.sys [30/08/2009 5:56 PM 34816] S3 LtcyCfgWDM;PCI Latency Tool Driver Service;c:\windows\system32\drivers\LtcyCfgWDM.sys [26/12/2005 1:24 AM 6656] S3 MarkFun_NT;MarkFun_NT;c:\program files\GIGABYTE\ET5\MARKFUN.W32 [10/01/2009 3:23 PM 17912] S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\10.tmp --> c:\windows\system32\10.tmp [?] S3 rspSanity;rspSanity;c:\windows\system32\drivers\rspSanity32.sys [30/08/2009 1:52 AM 30136] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [05/08/2009 4:06 PM 7408] S3 SecureSrv;SecureSrv;c:\program files\Hide My IP 2009\SecureSrv.exe [08/03/2009 7:09 PM 536896] S4 ATZO;ATZO;c:\docume~1\Owner\LOCALS~1\Temp\ATZO.exe --> c:\docume~1\Owner\LOCALS~1\Temp\ATZO.exe [?] S4 AVYTBJJMCCA;AVYTBJJMCCA;c:\docume~1\Owner\LOCALS~1\Temp\AVYTBJJMCCA.exe --> c:\docume~1\Owner\LOCALS~1\Temp\AVYTBJJMCCA.exe [?] S4 CSIScanner;CSIScanner;"c:\program files\Prevx\prevx.exe" /service --> c:\program files\Prevx\prevx.exe [?] S4 D;D;c:\docume~1\Owner\LOCALS~1\Temp\D.exe --> c:\docume~1\Owner\LOCALS~1\Temp\D.exe [?] S4 DPUK;DPUK;c:\docume~1\Owner\LOCALS~1\Temp\DPUK.exe --> c:\docume~1\Owner\LOCALS~1\Temp\DPUK.exe [?] S4 KIG;KIG;c:\docume~1\Owner\LOCALS~1\Temp\KIG.exe --> c:\docume~1\Owner\LOCALS~1\Temp\KIG.exe [?] S4 QLEOLYTKCKZRF;QLEOLYTKCKZRF;c:\docume~1\Owner\LOCALS~1\Temp\QLEOLYTKCKZRF.exe --> c:\docume~1\Owner\LOCALS~1\Temp\QLEOLYTKCKZRF.exe [?] S4 QPKTDICDANJA;QPKTDICDANJA;c:\docume~1\Owner\LOCALS~1\Temp\QPKTDICDANJA.exe --> c:\docume~1\Owner\LOCALS~1\Temp\QPKTDICDANJA.exe [?] S4 RVQDJY;RVQDJY;c:\docume~1\Owner\LOCALS~1\Temp\RVQDJY.exe --> c:\docume~1\Owner\LOCALS~1\Temp\RVQDJY.exe [?] S4 SB;SB;c:\docume~1\Owner\LOCALS~1\Temp\SB.exe --> c:\docume~1\Owner\LOCALS~1\Temp\SB.exe [?] S4 SUVGMVQKALG;SUVGMVQKALG;c:\docume~1\Owner\LOCALS~1\Temp\SUVGMVQKALG.exe --> c:\docume~1\Owner\LOCALS~1\Temp\SUVGMVQKALG.exe [?] S4 WKBFSJCQH;WKBFSJCQH;c:\docume~1\Owner\LOCALS~1\Temp\WKBFSJCQH.exe --> c:\docume~1\Owner\LOCALS~1\Temp\WKBFSJCQH.exe [?] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . . ------- Supplementary Scan ------- . uStart Page = about:blank IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000 IE: Open using &Advanced JPEG Compressor - c:\program files\Advanced JPEG Compressor\ajcieex.htm IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm IE: Zend Studio - Debug current page - c:\program files\Zend\Zend Studio for Eclipse - 6.1.2\toolbars\ZendIEToolbar.dll/DebugCurrent.html IE: Zend Studio - Debug next page - c:\program files\Zend\Zend Studio for Eclipse - 6.1.2\toolbars\ZendIEToolbar.dll/DebugNext.html DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} - hxxp://webserver.dyyno.com/tng/dyyno-client/DyynoCAB.CAB DPF: {6CE31B8D-8340-4DBD-B78E-BF59620924DC} - hxxp://www.quest3d.com/webplugin/download/quest3dactivex2.cab DPF: {7D4733C0-C43B-4A81-AF43-F9B20D1F8348} - hxxp://www.octoshape.com/test/ax/octoshape.cab FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\pnpftflf.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2272238&SearchSource=3&q={searchTerms} FF - plugin: c:\documents and settings\Owner\Application Data\Mozilla\plugins\npoctoshape.dll FF - plugin: c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\program files\Dyyno\Dyyno Player\npvlc.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll FF - plugin: c:\program files\Octoshape Streaming Services\Owner\octoprogram-L03-NMS0806060_SUA_900\npoctoshape.dll FF - plugin: c:\program files\Octoshape Streaming Services\Owner\octoprogram-L03-NMS0806260_SUA_000\npoctoshape.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- FF - user.js: zend.ZDE_Path - c:\program files\Zend\Zend Studio for Eclipse - 6.1.2\ZendStudio.exe . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-12 10:05 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MarkFun_NT] "ImagePath"="\??\c:\program files\Gigabyte\ET5\markfun.w32" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2] "ImagePath"="\??\c:\windows\system32\10.tmp" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL] "ImagePath"="\"c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\System32\\Macromed\\Flash\\FlashUtil10c.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32] @="c:\\WINDOWS\\System32\\Macromed\\Flash\\FlashUtil10c.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @Denied: (A 2) (Everyone) @="IFlashBroker3" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(488) c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll c:\program files\common files\logishrd\bluetooth\LBTServ.dll - - - - - - - > 'explorer.exe'(2828) c:\windows\system32\WININET.dll c:\program files\Logitech\SetPoint\GameHook.dll c:\program files\Logitech\SetPoint\lgscroll.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll c:\program files\TortoiseSVN\bin\TortoiseStub.dll c:\program files\TortoiseSVN\bin\TortoiseSVN.dll c:\program files\TortoiseSVN\bin\intl3_tsvn.dll c:\program files\SmartFTP Client\en-US\sfShellTools.dll.mui c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\hnetcfg.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\nvsvc32.exe c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\windows\system32\CTSVCCDA.EXE c:\program files\TortoiseSVN\bin\TSVNCache.exe c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\windows\system32\rundll32.exe c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2009-09-12 10:11 - machine was rebooted ComboFix-quarantined-files.txt 2009-09-12 17:11 Pre-Run: 30,948,806,656 bytes free Post-Run: 30,812,549,120 bytes free 566 --- E O F --- 2009-08-26 05:46 Will be posting RootRepeal log soon...I want to be able to remove the access denided to all these folders/files as it appears that based on Malwarebytes' Anti-Malware/SuperAntiSpyware and Avast Antivirus no viruses/trojans/rootkits are found. Thank you in advance.