Jump to content

oogee

Members
 View Profile  See their activity

  • Posts

    4

  • Joined

  • Last visited

Reputation

0 Neutral
  1. oogee
    I know it's a lot to read, but any insight on how I can fix the API locked applications would be great if they're something that I should actually worry about or not...the rootkit did some odd damage after it was removed.
  2. oogee
    DSS Log DDS (Ver_09-07-30.01) - NTFSx86 Run by Owner at 11:13:40.96 on 12/09/2009 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3582.2929 [GMT -7:00] AV: avast! antivirus 4.8.1351 [VPS 090912-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} ============== Running Processes =============== C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\TortoiseSVN\bin\TSVNCache.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE svchost.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\Program Files\Webroot\Washer\WasherSvc.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Owner\My Documents\Downloads\Security + Protetion\RootRepeal.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Owner\My Documents\Downloads\dds.scr ============== Pseudo HJT Report =============== uStart Page = about:blank uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - BHO: 1 (0x1): {02478d38-c3f9-4efb-9b51-7695eca05670} - Yahoo! Toolbar Helper BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll TB: Zend Studio: {95188727-288f-4581-a48d-eab3bd027314} - c:\progra~1\zend\zendst~1.2\toolbars\ZENDIE~1.DLL EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /install mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [EVGAPrecision] "c:\program files\evga precision\EVGAPrecision.exe" /s mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000 IE: Open using &Advanced JPEG Compressor - c:\program files\advanced jpeg compressor\ajcieex.htm IE: Sothink SWF Catcher - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm IE: Zend Studio - Debug current page - c:\program files\zend\zend studio for eclipse - 6.1.2\toolbars\ZendIEToolbar.dll/DebugCurrent.html IE: Zend Studio - Debug next page - c:\program files\zend\zend studio for eclipse - 6.1.2\toolbars\ZendIEToolbar.dll/DebugNext.html IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - c:\program files\winhttrack\WinHTTrackIEBar.dll IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL IE: {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - {95188727-288F-4581-A48D-EAB3BD027314} - c:\progra~1\zend\zendst~1.2\toolbars\ZENDIE~1.DLL DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} - hxxp://www.creative.com/su/ocx/15031/CTSUEng.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204 DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.srtest.com/srl_bin/sysreqlab3.cab DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} - hxxp://webserver.dyyno.com/tng/dyyno-client/DyynoCAB.CAB DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.systemrequirementslab.com/sysreqlab2.cab DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab DPF: {6CE31B8D-8340-4DBD-B78E-BF59620924DC} - hxxp://www.quest3d.com/webplugin/download/quest3dactivex2.cab DPF: {7D4733C0-C43B-4A81-AF43-F9B20D1F8348} - hxxp://www.octoshape.com/test/ax/octoshape.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://crucial.com/controls/cpcScanner.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/softwareupdate/su/ocx/15106/CTPID.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll AppInit_DLLs: c:\windows\system32\acaptuser32.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\pnpftflf.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2272238&SearchSource=3&q={searchTerms} FF - plugin: c:\documents and settings\owner\application data\mozilla\plugins\npoctoshape.dll FF - plugin: c:\documents and settings\owner\local settings\application data\google\update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\program files\dyyno\dyyno player\npvlc.dll FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll FF - plugin: c:\program files\octoshape streaming services\owner\octoprogram-l03-nms0806260_sua_000\npoctoshape.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ ---- FIREFOX POLICIES ---- FF - user.js: zend.ZDE_Path - c:\program files\zend\zend studio for eclipse - 6.1.2\ZendStudio.exe c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false); c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200); c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess"); c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120); c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3); c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true); c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true); c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0); c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072); c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json"); ============= SERVICES / DRIVERS =============== R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-8-29 28544] R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2009-8-29 22024] R0 pxsec;pxsec;c:\windows\system32\drivers\pxsec.sys [2009-8-29 27656] R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-9-6 114768] R1 PsSdk41;PsSdk41;c:\windows\system32\drivers\pssdk41.sys [2008-7-6 36928] R1 PsSdkLBF;PsSdkLBF;c:\windows\system32\drivers\pssdklbf.sys [2008-7-6 53312] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-8-5 74480] R1 ts_lb;ts_lb;c:\windows\system32\drivers\ts_lb.sys [2008-7-6 24096] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-9-6 20560] R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-9-6 138680] R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2009-3-7 10384] R2 wwEngineSvc;Window Washer Engine;c:\program files\webroot\washer\WasherSvc.exe [2008-4-13 598856] R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-9-6 352920] R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2008-8-21 99352] R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2008-8-21 555032] R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2008-8-21 566296] S2 uhjm;uhjm;c:\windows\system32\drivers\kmgfbnxb.sys --> c:\windows\system32\drivers\kmgfbnxb.sys [?] S3 9e21E;9e21E;c:\windows\system32\9e21E.sys [2009-8-30 54624] S3 Apache2.2;Apache2.2;c:\www\apache22\bin\httpd.exe [2008-1-14 24631] S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-9-6 254040] S3 b2849;b2849;c:\windows\system32\b2849.sys [2009-8-30 54624] S3 c0119;c0119;c:\windows\system32\c0119.sys [2009-8-30 54624] S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2008-8-21 99352] S3 copy2ofrp;copy2ofrp;c:\windows\system32\drivers\copy2ofrp.sys [2009-8-30 34816] S3 copy3ofrp;copy3ofrp;c:\windows\system32\drivers\copy3ofrp.sys [2009-8-30 34816] S3 copy4ofrp;copy4ofrp;c:\windows\system32\drivers\copy4ofrp.sys [2009-8-30 34816] S3 copy5ofrp;copy5ofrp;c:\windows\system32\drivers\copy5ofrp.sys [2009-8-30 34816] S3 copyofrp;copyofrp;c:\windows\system32\drivers\copyofrp.sys [2009-8-30 34816] S3 cpuz129;cpuz129;\??\c:\docume~1\owner\locals~1\temp\cpuz_x32.sys --> c:\docume~1\owner\locals~1\temp\cpuz_x32.sys [?] S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2008-8-21 555032] S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2008-8-21 100888] S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2008-8-21 100888] S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2008-8-21 566296] S3 CV2K1;CommView Network Monitor;c:\windows\system32\drivers\cv2k1.sys [2008-7-6 19240] S3 foot;foot;c:\windows\system32\drivers\foot.sys [2009-8-30 34816] S3 LtcyCfgWDM;PCI Latency Tool Driver Service;c:\windows\system32\drivers\LtcyCfgWDM.sys [2005-12-26 6656] S3 MarkFun_NT;MarkFun_NT;c:\program files\gigabyte\et5\MARKFUN.W32 [2009-1-10 17912] S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\10.tmp --> c:\windows\system32\10.tmp [?] S3 rspSanity;rspSanity;c:\windows\system32\drivers\rspSanity32.sys [2009-8-30 30136] S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-8-5 7408] S3 SecureSrv;SecureSrv;c:\program files\hide my ip 2009\SecureSrv.exe [2009-3-8 536896] S4 ATZO;ATZO;c:\docume~1\owner\locals~1\temp\atzo.exe --> c:\docume~1\owner\locals~1\temp\ATZO.exe [?] S4 AVYTBJJMCCA;AVYTBJJMCCA;c:\docume~1\owner\locals~1\temp\avytbjjmcca.exe --> c:\docume~1\owner\locals~1\temp\AVYTBJJMCCA.exe [?] S4 CSIScanner;CSIScanner;"c:\program files\prevx\prevx.exe" /service --> c:\program files\prevx\prevx.exe [?] S4 D;D;c:\docume~1\owner\locals~1\temp\d.exe --> c:\docume~1\owner\locals~1\temp\D.exe [?] S4 DPUK;DPUK;c:\docume~1\owner\locals~1\temp\dpuk.exe --> c:\docume~1\owner\locals~1\temp\DPUK.exe [?] S4 KIG;KIG;c:\docume~1\owner\locals~1\temp\kig.exe --> c:\docume~1\owner\locals~1\temp\KIG.exe [?] S4 QLEOLYTKCKZRF;QLEOLYTKCKZRF;c:\docume~1\owner\locals~1\temp\qleolytkckzrf.exe --> c:\docume~1\owner\locals~1\temp\QLEOLYTKCKZRF.exe [?] S4 QPKTDICDANJA;QPKTDICDANJA;c:\docume~1\owner\locals~1\temp\qpktdicdanja.exe --> c:\docume~1\owner\locals~1\temp\QPKTDICDANJA.exe [?] S4 RVQDJY;RVQDJY;c:\docume~1\owner\locals~1\temp\rvqdjy.exe --> c:\docume~1\owner\locals~1\temp\RVQDJY.exe [?] S4 SB;SB;c:\docume~1\owner\locals~1\temp\sb.exe --> c:\docume~1\owner\locals~1\temp\SB.exe [?] S4 SUVGMVQKALG;SUVGMVQKALG;c:\docume~1\owner\locals~1\temp\suvgmvqkalg.exe --> c:\docume~1\owner\locals~1\temp\SUVGMVQKALG.exe [?] S4 WKBFSJCQH;WKBFSJCQH;c:\docume~1\owner\locals~1\temp\wkbfsjcqh.exe --> c:\docume~1\owner\locals~1\temp\WKBFSJCQH.exe [?] =============== Created Last 30 ================ 2009-09-12 09:50 230,912 a------- c:\windows\PEV.exe 2009-09-12 09:50 161,792 a------- c:\windows\SWREG.exe 2009-09-12 09:50 98,816 a------- c:\windows\sed.exe 2009-09-11 15:20 8,447,846 a------- c:\windows\Warsong_.scr 2009-09-11 15:20 348,940 a------- c:\windows\uninstall Warsong_.exe 2009-09-11 06:46 <DIR> --d----- c:\program files\common files\DivX Shared 2009-09-06 17:34 111,992 a------- c:\windows\system32\acaptuser32.dll 2009-09-06 11:25 <DIR> --d----- c:\program files\SmartFTP Client 2009-08-30 22:19 <DIR> --d----- c:\program files\Trend Micro 2009-08-30 22:09 <DIR> --d----- c:\program files\SUPERAntiSpyware 2009-08-30 21:58 <DIR> --d----- c:\program files\SanityCheck 2009-08-30 21:48 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-30 21:48 19,160 a------- c:\windows\system32\drivers\mbam.sys 2009-08-30 21:48 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware 2009-08-30 21:39 128,352 a------- c:\windows\system32\b2849.dll 2009-08-30 21:39 54,624 a------- c:\windows\system32\b2849.sys 2009-08-30 21:39 16,068,777 a------- c:\windows\system32\MKIQWHEKO 2009-08-30 21:39 2,335,270 a------- c:\windows\system32\32048.mht 2009-08-30 19:48 167,936 -------- c:\windows\system32\appmgmts.dll 2009-08-30 19:47 180,224 ac------ c:\windows\system32\dllcache\scecli.dll 2009-08-30 19:47 180,224 -------- c:\windows\system32\scecli.dll 2009-08-30 18:35 <DIR> a-dshr-- C:\cmdcons 2009-08-30 18:25 175,616 a------- c:\windows\system32\strings.exe 2009-08-30 18:25 39,184 a------- c:\windows\system32\Ntrights.exe 2009-08-30 18:25 16,384 a------- c:\windows\system32\restart.exe 2009-08-30 18:25 11,254 a------- c:\windows\system32\locate.com 2009-08-30 17:56 34,816 a------- c:\windows\system32\drivers\foot.sys 2009-08-30 17:56 34,816 a------- c:\windows\system32\drivers\copy4ofrp.sys 2009-08-30 17:56 34,816 a------- c:\windows\system32\drivers\copy5ofrp.sys 2009-08-30 17:56 34,816 a------- c:\windows\system32\drivers\copyofrp.sys 2009-08-30 17:55 34,816 a------- c:\windows\system32\drivers\copy3ofrp.sys 2009-08-30 17:55 7,012,352 a------- c:\windows\system32\VX 2009-08-30 17:53 7,012,352 a------- c:\windows\system32\WQDWTZYKT 2009-08-30 17:45 34,816 a------- c:\windows\system32\drivers\copy2ofrp.sys 2009-08-30 14:54 714,752 a------- c:\windows\system32\a131A.tmp 2009-08-30 14:54 128,352 a------- c:\windows\system32\c0119.dll 2009-08-30 14:54 54,624 a------- c:\windows\system32\c0119.sys 2009-08-30 14:54 2,335,270 a------- c:\windows\system32\8d518.mht 2009-08-30 11:51 7,000,064 a------- c:\windows\system32\ER 2009-08-30 10:30 7,016,448 a------- c:\windows\system32\BZASACLRSI 2009-08-30 01:52 30,136 a------- c:\windows\system32\drivers\rspSanity32.sys 2009-08-30 01:47 128,352 a------- c:\windows\system32\9e21E.dll 2009-08-30 01:47 714,752 a------- c:\windows\system32\2b41F.tmp 2009-08-30 01:47 54,624 a------- c:\windows\system32\9e21E.sys 2009-08-30 01:46 2,335,270 a------- c:\windows\system32\c7f1D.mht 2009-08-30 01:38 52,269,056 a------- c:\windows\system32\TAA 2009-08-30 01:26 0 a------- c:\windows\system32\IONRPSU 2009-08-30 01:23 2,312,871 a------- c:\windows\system32\KPGS 2009-08-30 01:16 0 a------- c:\windows\system32\DNQZHCQ 2009-08-29 17:11 28,544 a------- c:\windows\system32\drivers\pavboot.sys 2009-08-29 16:50 6,967,296 a------- c:\windows\system32\ME 2009-08-29 16:47 6,967,296 a------- c:\windows\system32\NIIIAHSTWXNDKX 2009-08-29 16:43 6,967,296 a------- c:\windows\system32\YCNL 2009-08-29 16:26 1,304,608 a--sh--- c:\windows\system32\drivers\fidbox.dat 2009-08-29 16:26 34,592 a--sh--- c:\windows\system32\drivers\fidbox2.dat 2009-08-29 16:26 18,548 a--sh--- c:\windows\system32\drivers\fidbox.idx 2009-08-29 16:26 4,316 a--sh--- c:\windows\system32\drivers\fidbox2.idx 2009-08-29 16:21 <DIR> --d----- c:\docume~1\alluse~1\applic~1\ParetoLogic 2009-08-29 10:26 27,656 a------- c:\windows\system32\drivers\pxsec.sys 2009-08-29 10:26 22,024 a------- c:\windows\system32\drivers\pxscan.sys 2009-08-29 10:26 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PrevxCSI 2009-08-29 10:26 64 a------- c:\windows\wininit.ini 2009-08-29 09:55 411,368 a------- c:\windows\system32\deploytk.dll 2009-08-29 09:29 <DIR> --d----- C:\spoolerlogs 2009-08-28 22:09 86,016 a------- c:\windows\system32\frapsvid.dll 2009-08-25 21:47 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Blizzard Entertainment 2009-08-25 20:33 <DIR> --d----- c:\program files\World of Warcraft Public Test 2009-08-22 21:03 349,156 a------- c:\windows\uninstall Deathwin.exe 2009-08-22 21:03 8,655,167 a------- c:\windows\Deathwin.scr ==================== Find3M ==================== 2009-08-30 01:46 153,104 a------- c:\windows\system32\drivers\tmcomm.sys 2009-08-11 17:31 13,016,513 a------- c:\windows\Ignis_th.scr 2009-08-05 02:01 204,800 a------- c:\windows\system32\mswebdvd.dll 2009-07-20 12:26 84,496 a------- c:\windows\system32\KemXML.dll 2009-07-20 12:26 117,264 a------- c:\windows\system32\KemWnd.dll 2009-07-20 12:26 145,936 a------- c:\windows\system32\KemUtil.dll 2009-07-20 12:26 170,512 a------- c:\windows\system32\kemutb.dll 2009-07-20 12:25 301,656 a------- c:\windows\system32\BtCoreIf.dll 2009-07-18 11:38 119,796 a---h--- c:\windows\system32\mlfcache.dat 2009-07-17 12:01 58,880 a------- c:\windows\system32\atl.dll 2009-07-14 13:35 2,173,472 a------- c:\windows\system32\nvcplui.exe 2009-07-14 13:35 81,920 a------- c:\windows\system32\nvwddi.dll 2009-07-14 13:35 4,026,368 a------- c:\windows\system32\nvvitvs.dll 2009-07-14 13:35 3,170,304 a------- c:\windows\system32\nvwss.dll 2009-07-14 13:34 13,877,248 a------- c:\windows\system32\nvcpl.dll 2009-07-14 13:34 4,923,392 a------- c:\windows\system32\nvdisps.dll 2009-07-14 13:34 3,547,136 a------- c:\windows\system32\nvgames.dll 2009-07-14 13:34 1,286,144 a------- c:\windows\system32\nvmobls.dll 2009-07-14 13:34 188,416 a------- c:\windows\system32\nvmccss.dll 2009-07-14 13:34 168,004 a------- c:\windows\system32\nvsvc32.exe 2009-07-14 13:34 143,360 a------- c:\windows\system32\nvcolor.exe 2009-07-14 13:34 86,016 a------- c:\windows\system32\nvmctray.dll 2009-07-14 13:34 229,376 a------- c:\windows\system32\nvmccs.dll 2009-07-14 11:54 10,457,088 a------- c:\windows\system32\nvoglnt.dll 2009-07-14 11:54 7,741,664 a------- c:\windows\system32\drivers\nv4_mini.sys 2009-07-14 11:54 5,842,816 a------- c:\windows\system32\nv4_disp.dll 2009-07-14 11:54 2,189,856 a------- c:\windows\system32\nvcuvid.dll 2009-07-14 11:54 2,002,944 a------- c:\windows\system32\nvcuda.dll 2009-07-14 11:54 1,706,528 a------- c:\windows\system32\nvcuvenc.dll 2009-07-14 11:54 1,597,690 a------- c:\windows\system32\nvdata.bin 2009-07-14 11:54 868,352 a------- c:\windows\system32\nvapi.dll 2009-07-14 11:54 485,920 a------- c:\windows\system32\nvudisp.exe 2009-07-14 11:54 151,552 a------- c:\windows\system32\nvcodins.dll 2009-07-14 11:54 151,552 a------- c:\windows\system32\nvcod.dll 2009-07-13 23:43 286,208 -------- c:\windows\system32\wmpdxm.dll 2009-07-10 07:01 485,920 a------- c:\windows\system32\NVUNINST.EXE 2009-07-03 10:09 915,456 -------- c:\windows\system32\wininet.dll 2009-06-17 09:55 55,824 a------- c:\windows\KHALMNPR.Exe 2009-06-16 07:36 119,808 a------- c:\windows\system32\t2embed.dll 2009-06-16 07:36 81,920 a------- c:\windows\system32\fontsub.dll 2008-04-20 11:30 22,328 a------- c:\docume~1\owner\applic~1\PnkBstrK.sys ============= FINISH: 11:13:51.87 ===============
  3. oogee
    Ok just finished hte RootRepeal scan, these are the locked API's i'm not sure how to fix this so they're not locked anymore. RootRepeal Log: ROOTREPEAL (c) AD, 2007-2009 ================================================== Scan Start Time: 2009/09/12 11:24 Program Version: Version 1.3.5.0 Windows Version: Windows XP SP3 ================================================== Hidden/Locked Files ------------------- Path: C:\WINDOWS\mui\mui Status: Locked to the Windows API! Path: C:\WINDOWS\nvidia icons\nvidia icons Status: Locked to the Windows API! Path: C:\WINDOWS\SxsCaPendDel\SxsCaPendDel Status: Locked to the Windows API! Path: C:\WINDOWS\PIF\PIF Status: Locked to the Windows API! Path: C:\WINDOWS\security\logs\logs Status: Locked to the Windows API! Path: C:\WINDOWS\WinSxS\InstallTemp\InstallTemp Status: Locked to the Windows API! Path: C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2 Status: Locked to the Windows API! Path: C:\WINDOWS\system32\1025\1025 Status: Locked to the Windows API! Path: C:\WINDOWS\system32\1028\1028 Status: Locked to the Windows API! Path: C:\WINDOWS\system32\1031\1031 Status: Locked to the Windows API! Path: C:\WINDOWS\system32\1037\1037 Status: Locked to the Windows API! Path: C:\WINDOWS\system32\1041\1041 Status: Locked to the Windows API! Path: C:\WINDOWS\system32\1042\1042 Status: Locked to the Windows API! Path: C:\WINDOWS\system32\1054\1054 Status: Locked to the Windows API! Path: C:\WINDOWS\system32\2052\2052 Status: Locked to the Windows API! Path: C:\WINDOWS\system32\3076\3076 Status: Locked to the Windows API! Path: C:\WINDOWS\system32\3com_dmi\3com_dmi Status: Locked to the Windows API! Path: C:\WINDOWS\system32\export\export Status: Locked to the Windows API! Path: C:\WINDOWS\system32\inetsrv\inetsrv Status: Locked to the Windows API! Path: C:\WINDOWS\system32\dhcp\dhcp Status: Locked to the Windows API! Path: C:\WINDOWS\system32\ShellExt\ShellExt Status: Locked to the Windows API! Path: C:\WINDOWS\system32\wins\wins Status: Locked to the Windows API! Path: C:\WINDOWS\system32\xircom\xircom Status: Locked to the Windows API! Path: C:\WINDOWS\Registration\CRMLog\CRMLog Status: Locked to the Windows API! Path: C:\Program Files\Alwil Software\Avast4\DATA\aswAr.run Status: Visible to the Windows API, but not on disk. Path: C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded Status: Locked to the Windows API! Path: C:\WINDOWS\SQL9_KB948109_ENU\hotfixas\files\files Status: Locked to the Windows API! Path: C:\WINDOWS\SQL9_KB948109_ENU\hotfixdts\files\files Status: Locked to the Windows API! Path: C:\WINDOWS\SQL9_KB948109_ENU\hotfixns\files\files Status: Locked to the Windows API! Path: C:\WINDOWS\SQL9_KB948109_ENU\hotfixrs\files\files Status: Locked to the Windows API! Path: C:\WINDOWS\SQL9_KB948109_ENU\hotfixsql\files\files Status: Locked to the Windows API! Path: C:\WINDOWS\SQL9_KB948109_ENU\hotfixtools\files\files Status: Locked to the Windows API! Path: C:\WINDOWS\SQL9_KB960089_ENU\hotfixas\files\files Status: Locked to the Windows API! Path: C:\WINDOWS\SQL9_KB960089_ENU\hotfixdts\files\files Status: Locked to the Windows API! Path: C:\WINDOWS\SQL9_KB960089_ENU\hotfixns\files\files Status: Locked to the Windows API! Path: C:\WINDOWS\SQL9_KB960089_ENU\hotfixrs\files\files Status: Locked to the Windows API! Path: C:\WINDOWS\SQL9_KB960089_ENU\hotfixsql\files\files Status: Locked to the Windows API! Path: C:\WINDOWS\SQL9_KB960089_ENU\hotfixtools\files\files Status: Locked to the Windows API! Path: C:\WINDOWS\SQLTools9_KB948109_ENU\hotfixas\files\files Status: Locked to the Windows API! Path: C:\WINDOWS\SQLTools9_KB948109_ENU\hotfixdts\files\files Status: Locked to the Windows API! Path: C:\WINDOWS\SQLTools9_KB948109_ENU\hotfixns\files\files Status: Locked to the Windows API! Path: C:\WINDOWS\SQLTools9_KB948109_ENU\hotfixrs\files\files Status: Locked to the Windows API! Path: C:\WINDOWS\SQLTools9_KB948109_ENU\hotfixsql\files\files Status: Locked to the Windows API! Path: C:\WINDOWS\SQLTools9_KB948109_ENU\hotfixtools\files\files Status: Locked to the Windows API! Path: C:\WINDOWS\SQLTools9_KB960089_ENU\hotfixas\files\files Status: Locked to the Windows API! Path: C:\WINDOWS\SQLTools9_KB960089_ENU\hotfixdts\files\files Status: Locked to the Windows API! Path: C:\WINDOWS\SQLTools9_KB960089_ENU\hotfixns\files\files Status: Locked to the Windows API! Path: C:\WINDOWS\SQLTools9_KB960089_ENU\hotfixrs\files\files Status: Locked to the Windows API! Path: C:\WINDOWS\SQLTools9_KB960089_ENU\hotfixsql\files\files Status: Locked to the Windows API! Path: C:\WINDOWS\SQLTools9_KB960089_ENU\hotfixtools\files\files Status: Locked to the Windows API! Path: C:\WINDOWS\Sun\Java\Deployment\Deployment Status: Locked to the Windows API! Path: C:\WINDOWS\system32\Adobe\update\update Status: Locked to the Windows API! Path: C:\WINDOWS\system32\LogFiles\WUDF\WUDF Status: Locked to the Windows API! Path: C:\WINDOWS\system32\oobe\sample\sample Status: Locked to the Windows API! Path: C:\WINDOWS\system32\wbem\snmp\snmp Status: Locked to the Windows API! Path: C:\WINDOWS\system32\drivers\disdn\disdn Status: Locked to the Windows API! Path: C:\WINDOWS\system32\spool\PRINTERS\PRINTERS Status: Locked to the Windows API! Path: C:\WINDOWS\system32\mui\dispspec\dispspec Status: Locked to the Windows API! Path: C:\WINDOWS\system32\Macromed\update\update Status: Locked to the Windows API! Path: C:\WINDOWS\system32\IME\CINTLGNT\CINTLGNT Status: Locked to the Windows API! Path: C:\WINDOWS\system32\IME\PINTLGNT\PINTLGNT Status: Locked to the Windows API! Path: C:\WINDOWS\system32\IME\TINTLGNT\TINTLGNT Status: Locked to the Windows API! Path: C:\WINDOWS\PCHealth\ERRORREP\QHEADLES\QHEADLES Status: Locked to the Windows API! Path: C:\WINDOWS\PCHealth\ERRORREP\QSIGNOFF\QSIGNOFF Status: Locked to the Windows API! Path: C:\WINDOWS\PCHealth\HelpCtr\BATCH\BATCH Status: Locked to the Windows API! Path: C:\WINDOWS\PCHealth\HelpCtr\HelpFiles\HelpFiles Status: Locked to the Windows API! Path: C:\WINDOWS\PCHealth\HelpCtr\InstalledSKUs\InstalledSKUs Status: Locked to the Windows API! Path: C:\WINDOWS\PCHealth\HelpCtr\System_OEM\System_OEM Status: Locked to the Windows API! Path: C:\WINDOWS\PCHealth\HelpCtr\Temp\Temp Status: Locked to the Windows API! Path: C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\backup\backup Status: Locked to the Windows API! Path: C:\WINDOWS\system32\oobe\html\ispsgnup\ispsgnup Status: Locked to the Windows API! Path: C:\WINDOWS\system32\oobe\html\oemcust\oemcust Status: Locked to the Windows API! Path: C:\WINDOWS\system32\oobe\html\oemhw\oemhw Status: Locked to the Windows API! Path: C:\WINDOWS\system32\oobe\html\oemreg\oemreg Status: Locked to the Windows API! Path: C:\WINDOWS\system32\wbem\mof\bad\bad Status: Locked to the Windows API! Path: C:\WINDOWS\system32\wbem\mof\good\good Status: Locked to the Windows API! Path: C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\TempDir\TempDir Status: Locked to the Windows API! Path: C:\WINDOWS\system32\spool\drivers\IA64\IA64 Status: Locked to the Windows API! Path: C:\WINDOWS\system32\spool\drivers\WIN40\WIN40 Status: Locked to the Windows API! Path: C:\WINDOWS\system32\spool\drivers\x64\x64 Status: Locked to the Windows API! Path: C:\WINDOWS\system32\config\systemprofile\Desktop\Desktop Status: Locked to the Windows API! Path: C:\WINDOWS\system32\config\systemprofile\Favorites\Favorites Status: Locked to the Windows API! Path: C:\WINDOWS\system32\config\systemprofile\My Documents\My Documents Status: Locked to the Windows API! Path: C:\WINDOWS\system32\config\systemprofile\NetHood\NetHood Status: Locked to the Windows API! Path: C:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood Status: Locked to the Windows API! Path: C:\WINDOWS\system32\config\systemprofile\Recent\Recent Status: Locked to the Windows API! Path: C:\WINDOWS\PCHealth\HelpCtr\Config\CheckPoint\CheckPoint Status: Locked to the Windows API! Path: C:\WINDOWS\PCHealth\HelpCtr\System\DFS\DFS Status: Locked to the Windows API! Path: C:\WINDOWS\PCHealth\HelpCtr\System\News\News Status: Locked to the Windows API! Path: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\pnpftflf.default\sessionstore.js Status: Could not get file information (Error 0xc0000008) Path: C:\Documents and Settings\Owner\Local Settings\Apps\2.0\JWOH8PVO.55W\P5KR2PX0.X8Q\manifests\clickonce_bootstrap.exe.cdf-ms Status: Locked to the Windows API! Path: C:\Documents and Settings\Owner\Local Settings\Apps\2.0\JWOH8PVO.55W\P5KR2PX0.X8Q\manifests\clickonce_bootstrap.exe.manifest Status: Locked to the Windows API! Path: C:\Documents and Settings\Owner\Local Settings\Apps\2.0\JWOH8PVO.55W\P5KR2PX0.X8Q\manifests\CodeCompare.exe.cdf-ms Status: Locked to the Windows API! Path: C:\Documents and Settings\Owner\Local Settings\Apps\2.0\JWOH8PVO.55W\P5KR2PX0.X8Q\manifests\CodeCompare.exe.manifest Status: Locked to the Windows API! Path: C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\CD Burning\CD Burning Status: Locked to the Windows API! Path: C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates Status: Locked to the Windows API! Path: C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs Status: Locked to the Windows API! Path: C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs Status: Locked to the Windows API! OTL Log: OTL logfile created on: 12/09/2009 11:19:46 AM - Run 1 OTL by OldTimer - Version 3.0.11.0 Folder = C:\Documents and Settings\Owner\My Documents\Downloads\Security + Protetion Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy 2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free 4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free Paging file location(s): C:\pagefile.sys 6144 12288 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 232.88 Gb Total Space | 28.72 Gb Free Space | 12.33% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: OWNER Current User Name: Owner Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2009/07/14 13:34:58 | 00,168,004 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe PRC - [2009/08/17 08:58:55 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe PRC - [2009/08/17 09:07:17 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe PRC - [2008/04/13 17:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE PRC - [2009/08/06 17:51:54 | 00,613,128 | ---- | M] (http://tortoisesvn.net) -- C:\Program Files\TortoiseSVN\bin\TSVNCache.exe PRC - [2009/08/17 09:07:23 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe PRC - [2009/07/20 12:30:50 | 00,813,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe PRC - [2009/07/10 12:42:32 | 00,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE PRC - [2008/11/24 23:31:08 | 00,239,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe PRC - [2008/11/24 23:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe PRC - [2007/11/26 14:47:40 | 00,598,856 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Washer\WasherSvc.exe PRC - [2009/08/17 09:04:21 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe PRC - [2009/08/13 11:14:18 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Owner\My Documents\Downloads\Security + Protetion\RootRepeal.exe PRC - [2009/09/09 21:17:36 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2009/09/12 11:19:16 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\Downloads\Security + Protetion\OTL.exe ========== Win32 Services (SafeList) ========== SRV - [2007/09/20 14:13:36 | 00,024,631 | ---- | M] (Apache Software Foundation) -- C:\www\Apache22\bin\httpd.exe -- (Apache2.2 [On_Demand | Stopped]) SRV - [2008/07/25 12:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped]) SRV - [2009/08/17 08:58:55 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running]) SRV - File not found -- -- (ATZO [Disabled | Stopped]) SRV - [2009/08/17 09:07:17 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running]) SRV - [2009/08/17 09:07:01 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Stopped]) SRV - [2009/08/17 09:04:21 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running]) SRV - File not found -- -- (AVYTBJJMCCA [Disabled | Stopped]) SRV - [2006/02/28 12:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Disabled | Stopped]) SRV - [2008/07/25 12:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) SRV - [1999/12/13 02:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTsvcCDA.exe -- (Creative Service for CDROM Access [Auto | Stopped]) SRV - File not found -- -- (CSIScanner [Disabled | Stopped]) SRV - File not found -- -- (D [Disabled | Stopped]) SRV - File not found -- -- (DPUK [Disabled | Stopped]) SRV - [2009/09/11 19:11:33 | 00,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped]) SRV - [2008/07/29 22:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped]) SRV - [2008/04/13 17:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running]) SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped]) SRV - [2008/07/29 20:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [unknown | Stopped]) SRV - File not found -- -- (KIG [Disabled | Stopped]) SRV - [2009/07/20 12:28:10 | 00,121,360 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ [On_Demand | Stopped]) SRV - [2008/10/25 11:44:08 | 00,065,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped]) SRV - [2008/11/24 23:31:10 | 29,263,712 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS [On_Demand | Stopped]) SRV - [2008/11/24 23:31:08 | 00,045,408 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper [Disabled | Stopped]) SRV - [2007/11/07 08:58:18 | 03,004,416 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon90 [Disabled | Stopped]) SRV - [2009/04/01 15:53:18 | 06,574,720 | ---- | M] () -- C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe -- (MySQL [Disabled | Stopped]) SRV - [2008/07/29 20:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped]) SRV - [2009/07/14 13:34:58 | 00,168,004 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (nvsvc [Auto | Running]) SRV - [2008/11/04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped]) SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped]) SRV - [2008/04/20 11:28:30 | 00,066,872 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrA.exe -- (PnkBstrA [Disabled | Stopped]) SRV - [2008/04/20 11:29:55 | 00,103,736 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.exe -- (PnkBstrB [Disabled | Stopped]) SRV - File not found -- -- (QLEOLYTKCKZRF [Disabled | Stopped]) SRV - File not found -- -- (QPKTDICDANJA [Disabled | Stopped]) SRV - File not found -- -- (RVQDJY [Disabled | Stopped]) SRV - File not found -- -- (SB [Disabled | Stopped]) SRV - [2009/02/07 03:08:16 | 00,536,896 | ---- | M] (My Privacy Tools, Inc.) -- C:\Program Files\Hide My IP 2009\SecureSrv.exe -- (SecureSrv [On_Demand | Stopped]) SRV - [2008/11/24 23:31:08 | 00,239,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser [Auto | Running]) SRV - [2008/11/24 23:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter [Auto | Running]) SRV - File not found -- -- (SUVGMVQKALG [Disabled | Stopped]) SRV - File not found -- -- (UserAccess7 [Disabled | Stopped]) SRV - [2008/01/18 01:37:26 | 00,024,635 | ---- | M] (Apache Software Foundation) -- c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe -- (wampapache [On_Demand | Stopped]) SRV - [2008/04/17 19:13:44 | 05,750,784 | ---- | M] () -- c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe -- (wampmysqld [On_Demand | Stopped]) SRV - File not found -- -- (WKBFSJCQH [Disabled | Stopped]) SRV - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped]) SRV - [2007/11/26 14:47:40 | 00,598,856 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Washer\WasherSvc.exe -- (wwEngineSvc [Auto | Running]) ========== Driver Services (SafeList) ========== DRV - [2009/08/30 01:47:11 | 00,054,624 | ---- | M] () -- C:\WINDOWS\System32\9e21E.sys -- (9e21E [On_Demand | Stopped]) DRV - [2009/08/17 09:03:21 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4 [system | Running]) DRV - [2001/08/17 13:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\drivers\aliide.sys -- (AliIde [Disabled | Stopped]) DRV - [2009/08/17 09:05:37 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\DRIVERS\aswFsBlk.sys -- (aswFsBlk [Auto | Running]) DRV - [2009/08/17 09:06:43 | 00,094,160 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2 [Auto | Running]) DRV - [2009/08/17 09:04:29 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr [On_Demand | Running]) DRV - [2009/08/17 09:05:52 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP [system | Running]) DRV - [2009/08/17 09:04:40 | 00,051,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi [system | Running]) DRV - [2006/11/10 06:08:50 | 00,024,064 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\ATITool.sys -- (ATITool [system | Running]) DRV - [2009/08/30 21:39:34 | 00,054,624 | ---- | M] () -- C:\WINDOWS\System32\b2849.sys -- (b2849 [On_Demand | Stopped]) DRV - [2009/08/30 14:54:54 | 00,054,624 | ---- | M] () -- C:\WINDOWS\System32\c0119.sys -- (c0119 [On_Demand | Stopped]) DRV - [2001/08/17 13:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\System32\drivers\cmdide.sys -- (CmdIde [Disabled | Stopped]) DRV - [2008/08/21 14:55:10 | 00,099,352 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\COMMONFX.SYS -- (COMMONFX [On_Demand | Stopped]) DRV - [2008/08/21 14:55:10 | 00,099,352 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\COMMONFX.SYS -- (COMMONFX.SYS [On_Demand | Running]) DRV - [2009/08/30 17:45:23 | 00,034,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\copy2ofrp.sys -- (copy2ofrp [On_Demand | Stopped]) DRV - [2009/08/30 17:55:57 | 00,034,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\copy3ofrp.sys -- (copy3ofrp [On_Demand | Stopped]) DRV - [2009/08/30 17:56:09 | 00,034,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\copy4ofrp.sys -- (copy4ofrp [On_Demand | Stopped]) DRV - [2009/08/30 17:56:06 | 00,034,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\copy5ofrp.sys -- (copy5ofrp [On_Demand | Stopped]) DRV - [2009/08/30 17:56:22 | 00,034,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\copyofrp.sys -- (copyofrp [On_Demand | Stopped]) DRV - [2007/04/12 09:10:26 | 00,164,608 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\CT20XUT.DLL -- (CT20XUT.DLL [On_Demand | Stopped]) DRV - [2008/08/21 15:02:40 | 00,511,000 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctac32k.sys -- (ctac32k [On_Demand | Running]) DRV - [2008/08/21 15:03:18 | 00,532,888 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctaud2k.sys -- (ctaud2k [On_Demand | Running]) DRV - [2008/08/21 14:55:38 | 00,555,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\CTAUDFX.SYS -- (CTAUDFX [On_Demand | Stopped]) DRV - [2008/08/21 14:55:38 | 00,555,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\CTAUDFX.SYS -- (CTAUDFX.SYS [On_Demand | Running]) DRV - [2008/08/21 15:04:28 | 00,347,080 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctdvda2k.sys -- (ctdvda2k [On_Demand | Stopped]) DRV - [2007/04/12 09:10:18 | 00,168,192 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTEAPSFX.DLL -- (CTEAPSFX.DLL [On_Demand | Stopped]) DRV - [2007/04/12 09:10:20 | 00,280,320 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTEDSPFX.DLL -- (CTEDSPFX.DLL [On_Demand | Stopped]) DRV - [2007/04/12 09:10:22 | 00,128,768 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTEDSPIO.DLL -- (CTEDSPIO.DLL [On_Demand | Stopped]) DRV - [2007/04/12 09:10:22 | 00,323,328 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTEDSPSY.DLL -- (CTEDSPSY.DLL [On_Demand | Stopped]) DRV - [2008/08/21 14:56:52 | 00,100,888 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\CTERFXFX.SYS -- (CTERFXFX [On_Demand | Stopped]) DRV - [2008/08/21 14:56:52 | 00,100,888 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\CTERFXFX.SYS -- (CTERFXFX.SYS [On_Demand | Stopped]) DRV - [2007/04/12 09:10:24 | 01,317,632 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\CTEXFIFX.DLL -- (CTEXFIFX.DLL [On_Demand | Stopped]) DRV - [2007/04/12 09:10:26 | 00,066,816 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\CTHWIUT.DLL -- (CTHWIUT.DLL [On_Demand | Stopped]) DRV - [2008/08/21 15:06:40 | 00,014,360 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctprxy2k.sys -- (ctprxy2k [On_Demand | Running]) DRV - [2008/08/21 14:56:18 | 00,566,296 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\CTSBLFX.SYS -- (CTSBLFX [On_Demand | Stopped]) DRV - [2008/08/21 14:56:18 | 00,566,296 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\CTSBLFX.SYS -- (CTSBLFX.SYS [On_Demand | Running]) DRV - [2008/08/21 15:07:06 | 00,157,208 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctsfm2k.sys -- (ctsfm2k [On_Demand | Running]) DRV - [2006/12/07 22:04:48 | 00,019,240 | ---- | M] (TamoSoft) -- C:\WINDOWS\System32\DRIVERS\cv2k1.sys -- (CV2K1 [On_Demand | Stopped]) DRV - [2008/08/21 15:08:06 | 00,092,696 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\emupia2k.sys -- (emupia [On_Demand | Running]) DRV - [2006/11/24 15:47:50 | 00,040,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Drivers\ET5Drv.sys -- (ET5Drv [On_Demand | Stopped]) DRV - [2009/08/30 17:56:38 | 00,034,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\foot.sys -- (foot [On_Demand | Stopped]) DRV - [2009/01/10 14:48:26 | 00,016,608 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\gdrv.sys -- (gdrv [On_Demand | Stopped]) DRV - [1996/04/03 12:33:26 | 00,005,248 | ---- | M] () -- C:\WINDOWS\system32\giveio.sys -- (giveio [boot | Running]) DRV - [2008/08/21 15:08:56 | 00,797,720 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ha10kx2k.sys -- (ha10kx2k [On_Demand | Running]) DRV - [2008/08/21 15:09:26 | 00,162,840 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\hap16v2k.sys -- (hap16v2k [On_Demand | Stopped]) DRV - [2008/08/21 15:09:56 | 00,189,464 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\hap17v2k.sys -- (hap17v2k [On_Demand | Running]) DRV - [2005/01/07 18:07:18 | 00,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running]) DRV - [2007/09/29 16:03:12 | 00,308,248 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor [boot | Running]) DRV - [2008/04/13 16:04:15 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Stopped]) DRV - [2009/06/17 09:55:18 | 00,020,240 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\DRIVERS\L8042Kbd.sys -- (L8042Kbd [On_Demand | Running]) DRV - [2009/06/17 09:55:26 | 00,063,248 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\DRIVERS\L8042mou.Sys -- (L8042mou [On_Demand | Running]) DRV - [2008/12/19 00:43:18 | 00,010,384 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\Drivers\LBeepKE.sys -- (LBeepKE [Auto | Running]) DRV - [2008/04/13 11:40:26 | 00,034,688 | ---- | M] (Toshiba Corp.) -- C:\WINDOWS\System32\drivers\lbrtfdc.sys -- (lbrtfdc [system | Stopped]) DRV - [2009/06/17 09:56:24 | 00,079,248 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\DRIVERS\LMouKE.Sys -- (LMouKE [On_Demand | Running]) DRV - [2005/12/26 01:24:00 | 00,006,656 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\LtcyCfgWDM.sys -- (LtcyCfgWDM [On_Demand | Stopped]) DRV - [2007/08/21 12:49:28 | 00,017,912 | ---- | M] (Windows ® 2000 DDK provider) -- C:\Program Files\Gigabyte\ET5\markfun.w32 -- (MarkFun_NT [On_Demand | Stopped]) DRV - [2008/07/13 21:10:44 | 00,101,120 | ---- | M] (MagicISO, Inc.) -- C:\WINDOWS\System32\DRIVERS\mcdbus.sys -- (mcdbus [On_Demand | Running]) DRV - [2009/07/14 11:54:00 | 07,741,664 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running]) DRV - [2008/08/21 15:06:14 | 00,127,512 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\ctoss2k.sys -- (ossrv [On_Demand | Running]) DRV - [2008/06/19 17:24:30 | 00,028,544 | ---- | M] (Panda Security, S.L.) -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot [boot | Running]) DRV - [2008/07/06 13:57:28 | 00,036,928 | ---- | M] (microOLAP Technologies LTD) -- C:\WINDOWS\System32\Drivers\pssdk41.sys -- (PsSdk41 [system | Running]) DRV - [2008/07/06 13:57:29 | 00,053,312 | ---- | M] (microOLAP Technologies LTD) -- C:\WINDOWS\System32\Drivers\pssdklbf.sys -- (PsSdkLBF [system | Running]) DRV - [2003/03/31 12:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running]) DRV - [2007/03/07 16:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [boot | Running]) DRV - [2009/08/29 16:37:18 | 00,022,024 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxscan.sys -- (pxscan [boot | Running]) DRV - [2009/08/29 16:37:18 | 00,027,656 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxsec.sys -- (pxsec [boot | Running]) DRV - [2009/03/07 21:23:54 | 00,030,136 | ---- | M] (Resplendence Software Projects Sp.) -- C:\WINDOWS\System32\DRIVERS\rspSanity32.sys -- (rspSanity [On_Demand | Stopped]) DRV - [2008/07/01 11:27:44 | 00,108,800 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System32\DRIVERS\Rtenicxp.sys -- (RTLE8023xp [On_Demand | Running]) DRV - [2009/08/05 16:06:30 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Stopped]) DRV - [2009/08/05 16:06:28 | 00,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys -- (SASKUTIL [system | Running]) DRV - [2007/11/13 03:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped]) DRV - [2001/08/17 14:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped]) DRV - [2006/09/24 06:28:46 | 00,005,248 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\system32\speedfan.sys -- (speedfan [boot | Running]) DRV - [2007/06/19 23:35:40 | 00,024,096 | ---- | M] (TamoSoft) -- C:\WINDOWS\System32\drivers\ts_lb.sys -- (ts_lb [system | Running]) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-329068152-436374069-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch IE - HKU\S-1-5-21-329068152-436374069-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm IE - HKU\S-1-5-21-329068152-436374069-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch IE - HKU\S-1-5-21-329068152-436374069-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found IE - HKU\S-1-5-21-329068152-436374069-839522115-1003\S-1-5-21-329068152-436374069-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "WallpaperWarp Customized Web Search" FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2272238&SearchSource=3&q={searchTerms}" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1 FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1 FF - prefs.js..extensions.enabledItems: {9c51bd27-6ed8-4000-a2bf-36cb95c0c947}:10.1.0 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3 FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/23 19:23:39 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/09/09 21:17:43 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/09/11 06:48:36 | 00,000,000 | ---D | M] [2009/06/07 18:21:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Extensions [2008/07/12 10:18:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009/06/07 18:21:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Extensions\mozswing@mozswing.org [2009/09/12 11:18:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\pnpftflf.default\extensions [2009/06/24 22:30:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\pnpftflf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009/07/24 08:19:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\pnpftflf.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74} [2009/05/04 17:39:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\pnpftflf.default\extensions\{3c9761ad-a43d-4447-b924-f5d83cb48063} [2008/08/13 10:11:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\pnpftflf.default\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947} [2009/05/14 19:28:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\pnpftflf.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB} [2009/08/12 21:48:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\pnpftflf.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2009/07/19 23:25:10 | 00,000,888 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\FireFox\Profiles\pnpftflf.default\searchplugins\conduit.xml [2009/09/12 11:18:45 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions [2009/09/09 21:17:34 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009/03/08 19:09:37 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\staff@hide-my-ip.com [2009/09/09 21:17:34 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll [2009/09/09 21:17:34 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll [2009/05/01 14:02:48 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\libdivx.dll [2008/11/11 00:38:54 | 00,663,552 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll [2009/08/30 21:37:20 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll [2009/05/12 11:46:20 | 01,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll [2009/05/18 15:41:32 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll [2009/09/09 21:17:38 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll [2006/10/26 20:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2009/02/27 12:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2009/05/28 22:25:07 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2009/05/28 22:25:07 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2009/05/28 22:25:07 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2009/05/28 22:25:07 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2009/05/28 22:25:07 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2009/05/28 22:25:07 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2009/05/28 22:25:07 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2005/08/09 11:42:53 | 00,057,344 | ---- | M] (America Online, Inc.) -- C:\Program Files\mozilla firefox\plugins\npunagi2.dll [2009/05/01 14:02:48 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\ssldivx.dll [2009/07/30 00:24:20 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml [2009/07/30 00:24:20 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml [2009/07/30 00:24:20 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml [2009/07/30 00:24:20 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml [2009/07/30 00:24:20 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml [2009/07/30 00:24:20 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Zend Studio) - {95188727-288F-4581-A48D-EAB3BD027314} - C:\Program Files\Zend\Zend Studio for Eclipse - 6.1.2\toolbars\ZendIEToolbar.dll (Zend Technologies Ltd) O3 - HKU\S-1-5-21-329068152-436374069-839522115-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software) O4 - HKLM..\Run: [EVGAPrecision] C:\Program Files\EVGA Precision\EVGAPrecision.exe () O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.EXE (Logitech, Inc.) O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.EXE (Logitech, Inc.) O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe () O4 - HKLM..\RunOnce: [Cleanup] C:\cleanup.exe () O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-329068152-436374069-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-329068152-436374069-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-329068152-436374069-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-329068152-436374069-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-329068152-436374069-839522115-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Open using &Advanced JPEG Compressor - C:\Program Files\Advanced JPEG Compressor\ajcieex.htm () O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm () O8 - Extra context menu item: Zend Studio - Debug current page - C:\Program Files\Zend\Zend Studio for Eclipse - 6.1.2\toolbars\ZendIEToolbar.dll (Zend Technologies Ltd) O8 - Extra context menu item: Zend Studio - Debug next page - C:\Program Files\Zend\Zend Studio for Eclipse - 6.1.2\toolbars\ZendIEToolbar.dll (Zend Technologies Ltd) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll () O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll () O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Zend Studio Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\Program Files\Zend\Zend Studio for Eclipse - 6.1.2\toolbars\ZendIEToolbar.dll (Zend Technologies Ltd) O9 - Extra 'Tools' menuitem : Zend Studio - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - Reg Error: Value error. File not found O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.) O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm () O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm () O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation) O15 - HKU\.DEFAULT\..Trusted Domains: 40 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKU\S-1-5-18\..Trusted Domains: 40 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} http://www.creative.com/su/ocx/15031/CTSUEng.cab (Creative Software AutoUpdate) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shock...director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.srtest.com/srl_bin/sysreqlab3.cab (System Requirements Lab Class) O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class) O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support) O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.5.0.cab (DLM Control) O16 - DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} http://webserver.dyyno.com/tng/dyyno-client/DyynoCAB.CAB (DyynoX Class) O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (Symantec RuFSI Utility Class) O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.systemrequirementslab.com/sysreqlab2.cab (Reg Error: Key error.) O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://www.creative.com/softwareupdate/su/...101/CTSUEng.cab (Creative Software AutoUpdate) O16 - DPF: {6CE31B8D-8340-4DBD-B78E-BF59620924DC} http://www.quest3d.com/webplugin/download/...t3dactivex2.cab (Quest3DCtlr2 Class) O16 - DPF: {7D4733C0-C43B-4A81-AF43-F9B20D1F8348} http://www.octoshape.com/test/ax/octoshape.cab (Reg Error: Key error.) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://crucial.com/controls/cpcScanner.cab (Crucial cpcScan) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.adobe.com/pub/shockwave/...ash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://www.creative.com/softwareupdate/su/...15106/CTPID.cab (Creative Software AutoUpdate Support Package) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation) O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\WINDOWS\system32\acaptuser32.dll) - C:\WINDOWS\System32\acaptuser32.dll (Adobe Systems, Inc.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/01/12 23:53:53 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - File not found ========== Files/Folders - Created Within 30 Days ========== [5 C:\WINDOWS\*.tmp files] [2009/09/12 11:18:25 | 00,135,168 | ---- | C] () -- C:\zip.exe [2009/09/12 11:18:25 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\ljehbttk.sys [2009/09/12 11:18:25 | 00,019,286 | ---- | C] () -- C:\cleanup.exe [2009/09/12 11:18:25 | 00,000,574 | ---- | C] () -- C:\cleanup.bat [2009/09/12 11:15:38 | 00,000,000 | -HSD | C] -- C:\RECYCLER [2009/09/12 10:51:11 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2009/09/12 09:50:44 | 00,230,912 | ---- | C] () -- C:\WINDOWS\PEV.exe [2009/09/12 09:50:44 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2009/09/12 09:50:44 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2009/09/12 09:50:44 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2009/09/12 09:50:44 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2009/09/12 09:50:44 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2009/09/12 09:50:44 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2009/09/12 09:50:27 | 00,000,000 | ---D | C] -- C:\Qoobox [2009/09/11 19:44:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Adobe [2009/09/11 19:18:34 | 00,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player [2009/09/11 17:42:00 | 08,527,160 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\tahma.swf [2009/09/11 15:20:39 | 00,001,343 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Preview Warsong Hold - v1.0.lnk [2009/09/11 15:20:38 | 08,447,846 | ---- | C] () -- C:\WINDOWS\Warsong_.scr [2009/09/11 15:20:38 | 00,348,940 | ---- | C] () -- C:\WINDOWS\uninstall Warsong_.exe [2009/09/11 06:49:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Leadertech [2009/09/11 06:46:10 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared [2009/09/11 06:40:49 | 00,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk [2009/09/11 06:37:52 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR [2009/09/08 14:20:43 | 00,025,174 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\jinx_160x600.jpg [2009/09/07 21:16:42 | 01,204,889 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Thuder_Bluff_by_wowculture.jpg [2009/09/07 21:16:26 | 01,129,497 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\The_Exodar_by_wowculture.jpg [2009/09/07 19:59:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\My Fragments [2009/09/07 08:30:38 | 00,022,975 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\jinx_728x90.jpg [2009/09/06 17:34:30 | 00,111,992 | ---- | C] (Adobe Systems, Inc.) -- C:\WINDOWS\System32\acaptuser32.dll [2009/09/06 11:26:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SmartFTP [2009/09/06 11:25:54 | 00,001,844 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SmartFTP Client.lnk [2009/09/06 11:25:51 | 00,000,000 | ---D | C] -- C:\Program Files\SmartFTP Client [2009/09/06 10:21:44 | 00,051,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys [2009/09/06 10:21:44 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys [2009/09/06 10:21:44 | 00,001,709 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk [2009/09/06 10:21:43 | 00,026,944 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys [2009/09/06 10:21:41 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys [2009/09/06 10:21:41 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr [2009/09/06 10:21:41 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys [2009/09/06 10:21:40 | 00,094,160 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys [2009/09/06 10:21:40 | 00,093,392 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys [2009/09/06 10:21:27 | 01,279,456 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe [2009/09/06 10:21:25 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software [2009/08/30 22:21:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS [2009/08/30 22:19:20 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\HijackThis.lnk [2009/08/30 22:19:19 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2009/08/30 22:09:11 | 00,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk [2009/08/30 22:09:10 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2009/08/30 21:58:36 | 00,000,000 | ---D | C] -- C:\Program Files\SanityCheck [2009/08/30 21:48:16 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009/08/30 21:48:12 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009/08/30 21:48:11 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009/08/30 21:48:11 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2009/08/30 21:39:37 | 00,128,352 | ---- | C] () -- C:\WINDOWS\System32\b2849.dll [2009/08/30 21:39:34 | 00,054,624 | ---- | C] () -- C:\WINDOWS\System32\b2849.sys [2009/08/30 21:39:32 | 16,068,777 | ---- | C] () -- C:\WINDOWS\System32\MKIQWHEKO [2009/08/30 21:39:25 | 02,335,270 | ---- | C] () -- C:\WINDOWS\System32\32048.mht [2009/08/30 21:35:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Downloads [2009/08/30 19:48:42 | 00,167,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\appmgmts.dll [2009/08/30 19:47:22 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\scecli.dll [2009/08/30 19:47:22 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scecli.dll [2009/08/30 19:41:42 | 00,036,714 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Windows_Vista_Ultimate_64bit_(x64)_Final_English_DVD_Image.3560993.TPB.torr ent [2009/08/30 18:36:01 | 00,000,211 | ---- | C] () -- C:\Boot.bak [2009/08/30 18:35:58 | 00,260,272 | ---- | C] () -- C:\cmldr [2009/08/30 18:35:53 | 00,000,000 | RHSD | C] -- C:\cmdcons [2009/08/30 18:25:22 | 00,175,616 | ---- | C] () -- C:\WINDOWS\System32\strings.exe [2009/08/30 18:25:22 | 00,039,184 | ---- | C] () -- C:\WINDOWS\System32\Ntrights.exe [2009/08/30 18:25:22 | 00,016,384 | ---- | C] (WareSoft Software) -- C:\WINDOWS\System32\restart.exe [2009/08/30 18:25:22 | 00,011,254 | ---- | C] () -- C:\WINDOWS\System32\locate.com [2009/08/30 17:56:37 | 00,034,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\foot.sys [2009/08/30 17:56:09 | 00,034,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\copy4ofrp.sys [2009/08/30 17:56:05 | 00,034,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\copy5ofrp.sys [2009/08/30 17:56:03 | 00,034,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\copyofrp.sys [2009/08/30 17:55:57 | 00,034,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\copy3ofrp.sys [2009/08/30 17:55:52 | 07,012,352 | ---- | C] () -- C:\WINDOWS\System32\VX [2009/08/30 17:53:18 | 07,012,352 | ---- | C] () -- C:\WINDOWS\System32\WQDWTZYKT [2009/08/30 17:45:23 | 00,034,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\copy2ofrp.sys [2009/08/30 14:54:55 | 00,128,352 | ---- | C] () -- C:\WINDOWS\System32\c0119.dll [2009/08/30 14:54:54 | 00,054,624 | ---- | C] () -- C:\WINDOWS\System32\c0119.sys [2009/08/30 14:54:49 | 02,335,270 | ---- | C] () -- C:\WINDOWS\System32\8d518.mht [2009/08/30 11:51:48 | 07,000,064 | ---- | C] () -- C:\WINDOWS\System32\ER [2009/08/30 10:43:56 | 00,000,000 | ---D | C] -- C:\Config.Msi [2009/08/30 10:41:45 | 00,107,814 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\cc_20090830_104143.reg [2009/08/30 10:30:17 | 07,016,448 | ---- | C] () -- C:\WINDOWS\System32\BZASACLRSI [2009/08/30 01:52:39 | 00,030,136 | ---- | C] (Resplendence Software Projects Sp.) -- C:\WINDOWS\System32\drivers\rspSanity32.sys [2009/08/30 01:47:14 | 00,128,352 | ---- | C] () -- C:\WINDOWS\System32\9e21E.dll [2009/08/30 01:47:11 | 00,054,624 | ---- | C] () -- C:\WINDOWS\System32\9e21E.sys [2009/08/30 01:46:53 | 02,335,270 | ---- | C] () -- C:\WINDOWS\System32\c7f1D.mht [2009/08/30 01:38:42 | 52,269,056 | ---- | C] () -- C:\WINDOWS\System32\TAA [2009/08/30 01:26:28 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\IONRPSU [2009/08/30 01:23:30 | 02,312,871 | ---- | C] () -- C:\WINDOWS\System32\KPGS [2009/08/30 01:16:05 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\DNQZHCQ [2009/08/29 17:11:50 | 00,028,544 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys [2009/08/29 16:50:56 | 06,967,296 | ---- | C] () -- C:\WINDOWS\System32\ME [2009/08/29 16:47:06 | 06,967,296 | ---- | C] () -- C:\WINDOWS\System32\NIIIAHSTWXNDKX [2009/08/29 16:43:00 | 06,967,296 | ---- | C] () -- C:\WINDOWS\System32\YCNL [2009/08/29 16:26:44 | 01,304,608 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat [2009/08/29 16:26:44 | 00,034,592 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.dat [2009/08/29 16:26:44 | 00,018,548 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.idx [2009/08/29 16:26:44 | 00,004,316 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.idx [2009/08/29 16:21:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic [2009/08/29 13:25:55 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2009/08/29 10:26:55 | 00,027,656 | ---- | C] (Prevx) -- C:\WINDOWS\System32\drivers\pxsec.sys [2009/08/29 10:26:55 | 00,022,024 | ---- | C] (Prevx) -- C:\WINDOWS\System32\drivers\pxscan.sys [2009/08/29 10:26:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PrevxCSI [2009/08/29 10:26:42 | 00,000,064 | ---- | C] () -- C:\WINDOWS\wininit.ini [2009/08/29 09:55:38 | 00,000,036 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache [2009/08/29 09:55:10 | 00,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll [2009/08/29 09:29:30 | 00,000,000 | ---D | C] -- C:\spoolerlogs [2009/08/28 22:09:28 | 00,086,016 | ---- | C] (Beepa P/L) -- C:\WINDOWS\System32\frapsvid.dll [2009/08/25 21:47:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Blizzard Entertainment [2009/08/25 20:33:52 | 00,000,000 | ---D | C] -- C:\Program Files\World of Warcraft Public Test [2009/08/22 21:03:47 | 00,349,156 | ---- | C] () -- C:\WINDOWS\uninstall Deathwin.exe [2009/08/22 21:03:46 | 08,655,167 | ---- | C] () -- C:\WINDOWS\Deathwin.scr [2009/08/21 22:01:40 | 11,023,8230 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\WOWX3-Cataclysm_Trailer_en_US_ESRB.avi [2009/08/19 18:39:19 | 08,117,024 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Flexibility-flexsqueeze_theme_multiple_use.zip [2009/08/19 18:39:18 | 00,905,162 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\aats3748233.zip [2009/08/19 18:37:47 | 06,649,944 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\imperial_themeforest.zip [2009/08/19 18:35:53 | 00,471,323 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Headway1.0.rar [2009/08/19 18:35:52 | 00,176,640 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\arthemia-premium.rar [2009/08/19 18:35:49 | 05,357,159 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\edir7.rar [2009/08/19 18:35:43 | 07,594,256 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\eSyndiCat.Pro.v2.1.02.NULL.MST-www.p2cmonitor.com.rar [2009/08/09 01:24:51 | 00,000,912 | ---- | C] () -- C:\WINDOWS\my.ini [2009/08/09 01:24:51 | 00,000,912 | ---- | C] () -- C:\WINDOWS\Copy of my.ini [2009/06/08 01:00:55 | 01,111,142 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll [2009/06/08 01:00:55 | 00,789,962 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2009/06/08 01:00:55 | 00,466,432 | ---- | C] () -- C:\WINDOWS\System32\ffavisynth.dll [2009/06/08 01:00:55 | 00,185,344 | ---- | C] () -- C:\WINDOWS\System32\FLT_ffdshow.dll [2009/06/08 01:00:54 | 01,430,136 | ---- | C] () -- C:\WINDOWS\System32\ffmpegmt.dll [2009/05/31 20:03:43 | 00,076,288 | ---- | C] () -- C:\WINDOWS\System32\OneWaySerial.dll [2009/05/28 20:00:03 | 00,000,480 | ---- | C] () -- C:\WINDOWS\w32demo8.ini [2009/05/27 21:20:47 | 00,000,464 | ---- | C] () -- C:\WINDOWS\iScreensaver.ini [2009/05/27 21:18:28 | 00,000,793 | ---- | C] () -- C:\WINDOWS\iScreensaver Designer.ini [2009/05/23 23:23:06 | 00,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI [2009/05/23 00:43:56 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\AVEQT.dll [2009/05/22 22:50:21 | 01,712,128 | ---- | C] () -- C:\WINDOWS\System32\libmysql_d.dll [2009/02/27 23:44:59 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2009/01/12 00:59:28 | 00,043,492 | ---- | C] () -- C:\WINDOWS\System32\e10kxwdm.ini [2008/12/28 11:00:50 | 00,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini [2008/10/07 09:13:30 | 00,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll [2008/10/07 09:13:22 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll [2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll [2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll [2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll [2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll [2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll [2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll [2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll [2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll [2008/08/21 13:17:46 | 00,049,567 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini [2008/08/21 13:17:44 | 00,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini [2008/08/21 12:40:28 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll [2008/08/21 12:38:22 | 00,010,752 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll [2008/07/12 10:12:48 | 02,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll [2008/07/11 22:14:22 | 00,000,172 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2008/06/23 19:10:53 | 00,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini [2008/06/12 10:36:38 | 00,618,496 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2008/05/04 02:19:56 | 00,000,912 | ---- | C] () -- C:\WINDOWS\my.ini.old [2008/05/04 02:06:35 | 01,073,152 | ---- | C] () -- C:\WINDOWS\System32\libmysql_c.dll [2008/04/19 19:39:47 | 00,000,319 | ---- | C] () -- C:\WINDOWS\game.ini [2008/04/13 16:04:15 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\rtkhdaud.sys [2008/04/13 16:03:05 | 00,000,012 | ---- | C] () -- C:\WINDOWS\clocked.ini [2008/04/05 20:47:12 | 00,024,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\GVTDrv.sys [2008/01/15 00:48:11 | 00,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2008/01/13 01:53:20 | 00,003,072 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL [2007/08/13 21:45:02 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\ctmmactl.dll [2007/08/07 19:22:22 | 00,141,180 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat [2007/07/10 08:10:12 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2007/04/12 09:10:28 | 00,105,728 | ---- | C] () -- C:\WINDOWS\System32\APOMgrH.dll [2006/11/10 06:08:50 | 00,024,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\ATITool.sys [2006/10/02 18:25:18 | 00,000,307 | ---- | C] () -- C:\WINDOWS\System32\kill.ini [2005/12/26 01:24:00 | 00,006,656 | ---- | C] () -- C:\WINDOWS\System32\drivers\LtcyCfgWDM.sys [2004/11/24 11:25:52 | 00,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll [2004/10/11 23:42:59 | 00,045,568 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll [2004/10/11 23:42:45 | 00,047,616 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll [2004/10/11 23:42:42 | 00,151,552 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll [2004/10/11 23:42:40 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll [2004/10/11 23:42:39 | 00,249,856 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll [2004/10/11 23:42:30 | 00,034,816 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll [2004/10/11 23:42:29 | 00,262,144 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll [2004/10/11 23:40:56 | 02,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll [2004/10/11 23:39:47 | 00,028,160 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll [2004/10/11 23:39:06 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll [2004/10/11 23:38:47 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll [2004/10/05 01:16:07 | 00,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll [2004/10/03 10:59:29 | 00,228,352 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll [2004/10/03 10:50:53 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll [2004/10/03 10:50:25 | 00,112,640 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll [2003/03/31 12:00:00 | 00,000,881 | ---- | C] () -- C:\WINDOWS\win.ini [2003/03/31 12:00:00 | 00,000,284 | ---- | C] () -- C:\WINDOWS\system.ini [2002/10/29 16:04:54 | 00,012,288 | ---- | C] () -- C:\WINDOWS\Impborl.dll [2002/09/16 12:59:46 | 00,005,515 | ---- | C] () -- C:\WINDOWS\System32\ENSDEF.INI [1996/04/03 12:33:26 | 00,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys ========== Files - Modified Within 30 Days ========== [6 C:\WINDOWS\System32\*.tmp files] [5 C:\WINDOWS\*.tmp files] [2009/09/12 11:18:25 | 00,135,168 | ---- | M] () -- C:\zip.exe [2009/09/12 11:18:25 | 00,061,440 | ---- | M] () -- C:\WINDOWS\System32\drivers\ljehbttk.sys [2009/09/12 11:18:25 | 00,019,286 | ---- | M] () -- C:\cleanup.exe [2009/09/12 11:18:25 | 00,000,574 | ---- | M] () -- C:\cleanup.bat [2009/09/12 11:06:57 | 00,243,457 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml [2009/09/12 11:06:55 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009/09/12 11:06:53 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009/09/12 11:06:00 | 00,030,624 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000005-00000000-00000001-00001102-00000008-10011102}.rfx [2009/09/12 11:06:00 | 00,030,624 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000005-00000000-00000001-00001102-00000008-10011102}.rfx [2009/09/12 11:06:00 | 00,029,772 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000005-00000000-00000001-00001102-00000008-10011102}.rfx [2009/09/12 11:06:00 | 00,029,772 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000005-00000000-00000001-00001102-00000008-10011102}.rfx [2009/09/12 11:06:00 | 00,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000005-00000000-00000001-00001102-00000008-10011102}.rfx [2009/09/12 11:00:06 | 00,000,284 | ---- | M] () -- C:\WINDOWS\system.ini [2009/09/12 10:05:47 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2009/09/11 19:56:31 | 00,247,808 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/09/11 19:34:01 | 03,068,904 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2009/09/11 19:31:37 | 00,183,264 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2009/09/11 18:00:33 | 08,527,160 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\tahma.swf [2009/09/11 15:20:39 | 00,348,940 | ---- | M] () -- C:\WINDOWS\uninstall Warsong_.exe [2009/09/11 15:20:39 | 00,001,343 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Preview Warsong Hold - v1.0.lnk [2009/09/11 15:20:38 | 08,447,846 | ---- | M] () -- C:\WINDOWS\Warsong_.scr [2009/09/11 07:14:14 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\CCleaner.lnk [2009/09/11 06:48:47 | 00,000,478 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Fraps.lnk [2009/09/11 06:47:55 | 00,001,681 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Logitech Mouse and Keyboard Settings.lnk [2009/09/11 06:47:54 | 00,001,687 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk [2009/09/11 06:47:39 | 00,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Player.lnk [2009/09/11 06:47:05 | 00,000,831 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Converter.lnk [2009/09/11 06:46:08 | 00,001,469 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\DivX Movies.lnk [2009/09/11 06:40:49 | 00,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk [2009/09/10 14:54:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009/09/10 14:53:50 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009/09/09 17:24:24 | 00,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009/09/08 14:20:43 | 00,025,174 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\jinx_160x600.jpg [2009/09/07 21:16:42 | 01,204,889 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Thuder_Bluff_by_wowculture.jpg [2009/09/07 21:16:26 | 01,129,497 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\The_Exodar_by_wowculture.jpg [2009/09/07 17:36:37 | 00,001,742 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Acrobat 9 Pro Extended.lnk [2009/09/07 08:30:41 | 00,022,975 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\jinx_728x90.jpg [2009/09/06 11:25:54 | 00,001,844 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SmartFTP Client.lnk [2009/09/06 10:50:45 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2009/09/06 10:21:44 | 00,001,709 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk [2009/09/03 22:25:22 | 00,230,912 | ---- | M] () -- C:\WINDOWS\PEV.exe [2009/08/30 23:03:15 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk [2009/08/30 22:19:20 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\HijackThis.lnk [2009/08/30 22:12:35 | 00,000,069 | ---- | M] () -- C:\WINDOWS\RunSC.bat [2009/08/30 22:09:11 | 00,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk [2009/08/30 21:48:16 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009/08/30 21:40:35 | 16,068,777 | ---- | M] () -- C:\WINDOWS\System32\MKIQWHEKO [2009/08/30 21:39:37 | 00,128,352 | ---- | M] () -- C:\WINDOWS\System32\b2849.dll [2009/08/30 21:39:34 | 00,054,624 | ---- | M] () -- C:\WINDOWS\System32\b2849.sys [2009/08/30 21:39:25 | 02,335,270 | ---- | M] () -- C:\WINDOWS\System32\32048.mht [2009/08/30 21:37:19 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll [2009/08/30 19:48:43 | 00,167,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\appmgmts.dll [2009/08/30 19:47:23 | 00,180,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\scecli.dll [2009/08/30 19:47:23 | 00,180,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scecli.dll [2009/08/30 19:41:43 | 00,036,714 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Windows_Vista_Ultimate_64bit_(x64)_Final_English_DVD_Image.3560993.TPB.torr ent [2009/08/30 18:36:01 | 00,000,281 | RHS- | M] () -- C:\boot.ini [2009/08/30 17:56:38 | 00,034,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\foot.sys [2009/08/30 17:56:22 | 00,034,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\copyofrp.sys [2009/08/30 17:56:09 | 00,034,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\copy4ofrp.sys [2009/08/30 17:56:06 | 00,034,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\copy5ofrp.sys [2009/08/30 17:55:57 | 00,034,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\copy3ofrp.sys [2009/08/30 17:55:54 | 07,012,352 | ---- | M] () -- C:\WINDOWS\System32\VX [2009/08/30 17:53:23 | 07,012,352 | ---- | M] () -- C:\WINDOWS\System32\WQDWTZYKT [2009/08/30 17:45:23 | 00,034,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\copy2ofrp.sys [2009/08/30 14:54:55 | 00,128,352 | ---- | M] () -- C:\WINDOWS\System32\c0119.dll [2009/08/30 14:54:54 | 00,054,624 | ---- | M] () -- C:\WINDOWS\System32\c0119.sys [2009/08/30 14:54:50 | 02,335,270 | ---- | M] () -- C:\WINDOWS\System32\8d518.mht [2009/08/30 11:51:50 | 07,000,064 | ---- | M] () -- C:\WINDOWS\System32\ER [2009/08/30 11:07:29 | 01,304,608 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat [2009/08/30 11:07:29 | 00,034,592 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat [2009/08/30 11:07:29 | 00,018,548 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx [2009/08/30 11:07:29 | 00,004,316 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx [2009/08/30 10:42:31 | 00,107,814 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\cc_20090830_104143.reg [2009/08/30 10:30:18 | 07,016,448 | ---- | M] () -- C:\WINDOWS\System32\BZASACLRSI [2009/08/30 01:47:14 | 00,128,352 | ---- | M] () -- C:\WINDOWS\System32\9e21E.dll [2009/08/30 01:47:11 | 00,054,624 | ---- | M] () -- C:\WINDOWS\System32\9e21E.sys [2009/08/30 01:46:53 | 02,335,270 | ---- | M] () -- C:\WINDOWS\System32\c7f1D.mht [2009/08/30 01:46:10 | 00,153,104 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys [2009/08/30 01:40:20 | 52,269,056 | ---- | M] () -- C:\WINDOWS\System32\TAA [2009/08/30 01:26:28 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\IONRPSU [2009/08/30 01:24:09 | 02,312,871 | ---- | M] () -- C:\WINDOWS\System32\KPGS [2009/08/30 01:16:05 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\DNQZHCQ [2009/08/29 17:31:27 | 00,000,881 | ---- | M] () -- C:\WINDOWS\win.ini [2009/08/29 16:50:59 | 06,967,296 | ---- | M] () -- C:\WINDOWS\System32\ME [2009/08/29 16:47:09 | 06,967,296 | ---- | M] () -- C:\WINDOWS\System32\NIIIAHSTWXNDKX [2009/08/29 16:43:03 | 06,967,296 | ---- | M] () -- C:\WINDOWS\System32\YCNL [2009/08/29 16:37:18 | 00,027,656 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxsec.sys [2009/08/29 16:37:18 | 00,022,024 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxscan.sys [2009/08/29 16:37:13 | 00,000,064 | ---- | M] () -- C:\WINDOWS\wininit.ini [2009/08/29 15:23:03 | 00,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk [2009/08/29 15:12:17 | 00,012,540 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak [2009/08/29 12:58:13 | 00,000,708 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\PE Explorer.lnk [2009/08/29 12:00:42 | 03,773,284 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db [2009/08/29 09:55:38 | 00,000,036 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache [2009/08/28 22:09:28 | 00,086,016 | ---- | M] (Beepa P/L) -- C:\WINDOWS\System32\frapsvid.dll [2009/08/28 18:14:25 | 00,002,284 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Google Chrome.lnk [2009/08/23 09:09:27 | 00,000,749 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\EVGA Precision.lnk [2009/08/22 21:03:48 | 00,349,156 | ---- | M] () -- C:\WINDOWS\uninstall Deathwin.exe [2009/08/22 21:03:46 | 08,655,167 | ---- | M] () -- C:\WINDOWS\Deathwin.scr [2009/08/21 22:05:47 | 11,023,8230 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\WOWX3-Cataclysm_Trailer_en_US_ESRB.avi [2009/08/19 18:20:03 | 05,357,159 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\edir7.rar [2009/08/19 18:09:40 | 07,594,256 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\eSyndiCat.Pro.v2.1.02.NULL.MST-www.p2cmonitor.com.rar [2009/08/17 09:10:20 | 01,279,456 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe [2009/08/17 09:06:54 | 00,093,392 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys [2009/08/17 09:06:43 | 00,094,160 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys [2009/08/17 09:05:52 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys [2009/08/17 09:05:37 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys [2009/08/17 09:04:40 | 00,051,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys [2009/08/17 09:04:29 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys [2009/08/17 09:03:21 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys [2009/08/17 09:02:50 | 00,097,480 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr ========== Alternate Data Streams ========== @Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DA868A70 @Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:888AFB86 < End of report >
  4. oogee
    Hello, A few weeks ago I got hit by some Java exploiting malware/virus *Win32/Cryptor* that installed nasty viruses and rootkits all over my PC and did so by exploiting Java *which I have uinstalled now* and turning off my firewall. I unhooked my modem as fast as I saw this happen but it was too late it had already installed all the junk in the computer. After A LOT of work I was able to remove the rootkit/virus and everything off my computer, however, a slight issue I've noticed now. It appears some folders etc are locked now and "Access Denied" so avast can't even scan them. I already know the drill of the logs after weeks of trying to remove the nasty rootkit/virus so here's the most current logs: Win32KDiag Log Log file is located at: C:\Documents and Settings\Owner\Desktop\Win32kDiag.txt WARNING: Could not get backup privileges! Searching 'C:\WINDOWS'... Found mount point : C:\WINDOWS\mui\mui Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\nvidia icons\nvidia icons Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\PCHealth\ERRORREP\QHEADLES\QHEADLES Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\PCHealth\ERRORREP\QSIGNOFF\QSIGNOFF Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\PCHealth\HelpCtr\BATCH\BATCH Mount point destination : \Device\__max++>\^ Cannot access: C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpsvc.exe [1] 2004-08-04 01:56:52 743936 C:\WINDOWS\$NtServicePackUninstall$\helpsvc.exe (Microsoft Corporation) [1] 2008-04-13 17:12:21 744448 C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpsvc.exe () [1] 2008-04-13 17:12:21 744448 C:\WINDOWS\ServicePackFiles\i386\helpsvc.exe (Microsoft Corporation) Found mount point : C:\WINDOWS\PCHealth\HelpCtr\Config\CheckPoint\CheckPoint Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\PCHealth\HelpCtr\HelpFiles\HelpFiles Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\PCHealth\HelpCtr\InstalledSKUs\InstalledSKUs Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\PCHealth\HelpCtr\System\DFS\DFS Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\PCHealth\HelpCtr\System\News\News Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\PCHealth\HelpCtr\System_OEM\System_OEM Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\PCHealth\HelpCtr\Temp\Temp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\PIF\PIF Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\security\logs\logs Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\backup\backup Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SQL9_KB948109_ENU\hotfixas\files\files Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SQL9_KB948109_ENU\hotfixdts\files\files Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SQL9_KB948109_ENU\hotfixns\files\files Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SQL9_KB948109_ENU\hotfixrs\files\files Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SQL9_KB948109_ENU\hotfixsql\files\files Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SQL9_KB948109_ENU\hotfixtools\files\files Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SQL9_KB960089_ENU\hotfixas\files\files Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SQL9_KB960089_ENU\hotfixdts\files\files Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SQL9_KB960089_ENU\hotfixns\files\files Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SQL9_KB960089_ENU\hotfixrs\files\files Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SQL9_KB960089_ENU\hotfixsql\files\files Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SQL9_KB960089_ENU\hotfixtools\files\files Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SQLTools9_KB948109_ENU\hotfixas\files\files Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SQLTools9_KB948109_ENU\hotfixdts\files\files Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SQLTools9_KB948109_ENU\hotfixns\files\files Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SQLTools9_KB948109_ENU\hotfixrs\files\files Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SQLTools9_KB948109_ENU\hotfixsql\files\files Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SQLTools9_KB948109_ENU\hotfixtools\files\files Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SQLTools9_KB960089_ENU\hotfixas\files\files Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SQLTools9_KB960089_ENU\hotfixdts\files\files Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SQLTools9_KB960089_ENU\hotfixns\files\files Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SQLTools9_KB960089_ENU\hotfixrs\files\files Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SQLTools9_KB960089_ENU\hotfixsql\files\files Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SQLTools9_KB960089_ENU\hotfixtools\files\files Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SxsCaPendDel\SxsCaPendDel Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\1025\1025 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\1028\1028 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\1031\1031 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\1037\1037 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\1041\1041 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\1042\1042 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\1054\1054 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\2052\2052 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\3076\3076 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\3com_dmi\3com_dmi Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\Adobe\update\update Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\TempDir\TempDir Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\Desktop\Desktop Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\Favorites\Favorites Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\CD Burning\CD Burning Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\My Documents\My Documents Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\NetHood\NetHood Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\Recent\Recent Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\dhcp\dhcp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\drivers\disdn\disdn Mount point destination : \Device\__max++>\^ Cannot access: C:\WINDOWS\system32\dumprep.exe [1] 2004-08-04 01:56:50 10752 C:\WINDOWS\$NtServicePackUninstall$\dumprep.exe (Microsoft Corporation) [1] 2008-04-13 17:12:18 10752 C:\WINDOWS\ServicePackFiles\i386\dumprep.exe (Microsoft Corporation) [1] 2008-04-13 17:12:18 10752 C:\WINDOWS\system32\dumprep.exe () Found mount point : C:\WINDOWS\system32\export\export Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\IME\CINTLGNT\CINTLGNT Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\IME\PINTLGNT\PINTLGNT Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\IME\TINTLGNT\TINTLGNT Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\inetsrv\inetsrv Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\LogFiles\WUDF\WUDF Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\Macromed\update\update Mount point destination : \Device\__max++>\^ Cannot access: C:\WINDOWS\system32\MRT.exe [1] 2009-07-29 17:49:16 24281536 C:\WINDOWS\system32\MRT.exe () Found mount point : C:\WINDOWS\system32\mui\dispspec\dispspec Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\oobe\html\ispsgnup\ispsgnup Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\oobe\html\oemcust\oemcust Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\oobe\html\oemhw\oemhw Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\oobe\html\oemreg\oemreg Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\oobe\sample\sample Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\ShellExt\ShellExt Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\spool\drivers\IA64\IA64 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\spool\drivers\WIN40\WIN40 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\spool\drivers\x64\x64 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\spool\PRINTERS\PRINTERS Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\wbem\mof\bad\bad Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\wbem\mof\good\good Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\wbem\snmp\snmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\wins\wins Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\xircom\xircom Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2 Mount point destination : \Device\__max++>\^ Finished! SecurityCheck.exe Log: Results of screen317's Security Check version 0.98.9 Windows XP Service Pack 3 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! avast! Antivirus Windows Live OneCare safety scanner Windows Live OneCare safety scanner ProxyFirewall 1.0.4 Beta avast! updated! `````````````````````````````` Anti-malware/Other Utilities Check: SUPERAntiSpyware Free Edition Malwarebytes' Anti-Malware HijackThis 2.0.2 CCleaner (remove only) DH Driver Cleaner Professional Edition Adobe Flash Player 10 Adobe Reader 9.1 `````````````````````````````` Process Check: objlist.exe by Laurent Alwil Software Avast4 aswUpdSv.exe Alwil Software Avast4 ashServ.exe Alwil Software Avast4 ashDisp.exe Alwil Software Avast4 ashWebSv.exe `````````````````````````````` DNS Vulnerability Check: GREAT! (Not vulnerable to DNS cache poisoning) `````````End of Log``````````` ComboFix Log: ComboFix 09-09-11.05 - Owner 12/09/2009 9:51.1.4 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3582.2908 [GMT -7:00] Running from: c:\documents and settings\Owner\My Documents\Downloads\ComboFix.exe AV: avast! antivirus 4.8.1351 [VPS 090912-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} . [i] ADS - system32: deleted 12 bytes in 1 streams. [/i] ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Owner\My Documents\freshreg.reg c:\windows\a3kebook.ini c:\windows\akebook.ini c:\windows\ANS2000.INI c:\windows\Installer\149154.msi c:\windows\system32\images c:\windows\system32\images\toolbar\calendar.gif c:\windows\system32\images\toolbar\crlogo.gif c:\windows\system32\images\toolbar\export.gif c:\windows\system32\images\toolbar\export_over.gif c:\windows\system32\images\toolbar\exportd.gif c:\windows\system32\images\toolbar\First.gif c:\windows\system32\images\toolbar\first_over.gif c:\windows\system32\images\toolbar\Firstd.gif c:\windows\system32\images\toolbar\gotopage.gif c:\windows\system32\images\toolbar\gotopage_over.gif c:\windows\system32\images\toolbar\gotopaged.gif c:\windows\system32\images\toolbar\grouptree.gif c:\windows\system32\images\toolbar\grouptree_over.gif c:\windows\system32\images\toolbar\grouptreed.gif c:\windows\system32\images\toolbar\grouptreepressed.gif c:\windows\system32\images\toolbar\Last.gif c:\windows\system32\images\toolbar\last_over.gif c:\windows\system32\images\toolbar\Lastd.gif c:\windows\system32\images\toolbar\Next.gif c:\windows\system32\images\toolbar\next_over.gif c:\windows\system32\images\toolbar\Nextd.gif c:\windows\system32\images\toolbar\Prev.gif c:\windows\system32\images\toolbar\prev_over.gif c:\windows\system32\images\toolbar\Prevd.gif c:\windows\system32\images\toolbar\print.gif c:\windows\system32\images\toolbar\print_over.gif c:\windows\system32\images\toolbar\printd.gif c:\windows\system32\images\toolbar\Refresh.gif c:\windows\system32\images\toolbar\refresh_over.gif c:\windows\system32\images\toolbar\refreshd.gif c:\windows\system32\images\toolbar\Search.gif c:\windows\system32\images\toolbar\search_over.gif c:\windows\system32\images\toolbar\searchd.gif c:\windows\system32\images\toolbar\up.gif c:\windows\system32\images\toolbar\up_over.gif c:\windows\system32\images\toolbar\upd.gif c:\windows\system32\images\tree\begindots.gif c:\windows\system32\images\tree\beginminus.gif c:\windows\system32\images\tree\beginplus.gif c:\windows\system32\images\tree\blank.gif c:\windows\system32\images\tree\blankdots.gif c:\windows\system32\images\tree\dots.gif c:\windows\system32\images\tree\lastdots.gif c:\windows\system32\images\tree\lastminus.gif c:\windows\system32\images\tree\lastplus.gif c:\windows\system32\images\tree\Magnify.gif c:\windows\system32\images\tree\minus.gif c:\windows\system32\images\tree\minusbox.gif c:\windows\system32\images\tree\plus.gif c:\windows\system32\images\tree\plusbox.gif c:\windows\system32\images\tree\singleminus.gif c:\windows\system32\images\tree\singleplus.gif c:\windows\system32\uninstall.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED} -------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE} ((((((((((((((((((((((((( Files Created from 2009-08-12 to 2009-09-12 ))))))))))))))))))))))))))))))) . 2009-09-12 02:18 . 2009-09-12 02:18 -------- d-----w- c:\program files\Adobe Media Player 2009-09-11 22:20 . 2009-09-11 22:20 348940 ----a-w- c:\windows\uninstall Warsong_.exe 2009-09-11 22:20 . 2009-09-11 22:20 8447846 ----a-w- c:\windows\Warsong_.scr 2009-09-11 13:49 . 2009-09-11 13:49 -------- d-----w- c:\documents and settings\Owner\Application Data\Leadertech 2009-09-11 13:46 . 2009-09-11 13:46 -------- d-----w- c:\program files\Common Files\DivX Shared 2009-09-11 13:37 . 2009-09-11 13:37 -------- d-----w- c:\program files\Common Files\Adobe AIR 2009-09-07 00:34 . 2009-02-27 19:55 111992 ----a-w- c:\windows\system32\acaptuser32.dll 2009-09-06 18:26 . 2009-09-06 18:26 -------- d-----w- c:\documents and settings\Owner\Application Data\SmartFTP 2009-09-06 18:25 . 2009-09-06 18:25 -------- d-----w- c:\program files\SmartFTP Client 2009-09-06 17:21 . 2009-08-17 16:04 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2009-09-06 17:21 . 2009-08-17 16:04 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2009-09-06 17:21 . 2009-08-17 16:03 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2009-09-06 17:21 . 2009-08-17 16:05 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys 2009-09-06 17:21 . 2009-08-17 16:05 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2009-09-06 17:21 . 2009-08-17 16:02 97480 ----a-w- c:\windows\system32\AvastSS.scr 2009-09-06 17:21 . 2009-08-17 16:06 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys 2009-09-06 17:21 . 2009-08-17 16:06 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2009-09-06 17:21 . 2009-08-17 16:10 1279456 ----a-w- c:\windows\system32\aswBoot.exe 2009-09-06 17:21 . 2009-09-06 17:21 -------- d-----w- c:\program files\Alwil Software 2009-08-31 05:21 . 2009-09-11 13:48 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS 2009-08-31 05:19 . 2009-08-31 05:19 -------- d-----w- c:\program files\Trend Micro 2009-08-31 05:09 . 2009-09-11 14:19 -------- d-----w- c:\program files\SUPERAntiSpyware 2009-08-31 04:58 . 2009-08-31 04:58 -------- d-----w- c:\program files\SanityCheck 2009-08-31 04:48 . 2009-09-10 21:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-31 04:48 . 2009-09-11 13:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-08-31 04:48 . 2009-09-10 21:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-08-31 04:39 . 2009-08-31 04:39 128352 ----a-w- c:\windows\system32\b2849.dll 2009-08-31 04:39 . 2009-08-31 04:39 54624 ----a-w- c:\windows\system32\b2849.sys 2009-08-31 02:48 . 2009-08-31 02:48 167936 ----a-w- c:\windows\system32\appmgmts.dll 2009-08-31 02:47 . 2009-08-31 02:47 180224 -c--a-w- c:\windows\system32\dllcache\scecli.dll 2009-08-31 02:47 . 2009-08-31 02:47 180224 ----a-w- c:\windows\system32\scecli.dll 2009-08-31 01:25 . 2005-10-20 01:50 16384 ----a-w- c:\windows\system32\restart.exe 2009-08-31 01:25 . 2005-01-20 20:47 175616 ----a-w- c:\windows\system32\strings.exe 2009-08-31 01:25 . 2005-01-14 04:41 39184 ----a-w- c:\windows\system32\Ntrights.exe 2009-08-31 01:25 . 2005-01-14 04:41 11254 ----a-w- c:\windows\system32\locate.com 2009-08-31 00:56 . 2009-08-31 00:56 34816 ----a-w- c:\windows\system32\drivers\foot.sys 2009-08-31 00:56 . 2009-08-31 00:56 34816 ----a-w- c:\windows\system32\drivers\copy4ofrp.sys 2009-08-31 00:56 . 2009-08-31 00:56 34816 ----a-w- c:\windows\system32\drivers\copy5ofrp.sys 2009-08-31 00:56 . 2009-08-31 00:56 34816 ----a-w- c:\windows\system32\drivers\copyofrp.sys 2009-08-31 00:55 . 2009-08-31 00:55 34816 ----a-w- c:\windows\system32\drivers\copy3ofrp.sys 2009-08-31 00:45 . 2009-08-31 00:45 34816 ----a-w- c:\windows\system32\drivers\copy2ofrp.sys 2009-08-30 21:54 . 2009-08-30 21:54 128352 ----a-w- c:\windows\system32\c0119.dll 2009-08-30 21:54 . 2009-08-30 21:54 54624 ----a-w- c:\windows\system32\c0119.sys 2009-08-30 08:52 . 2009-03-08 04:23 30136 ----a-w- c:\windows\system32\drivers\rspSanity32.sys 2009-08-30 08:47 . 2009-08-30 08:47 128352 ----a-w- c:\windows\system32\9e21E.dll 2009-08-30 08:47 . 2009-08-30 08:47 54624 ----a-w- c:\windows\system32\9e21E.sys 2009-08-30 00:11 . 2008-06-20 00:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys 2009-08-29 23:26 . 2009-08-30 18:07 34592 --sha-w- c:\windows\system32\drivers\fidbox2.dat 2009-08-29 23:26 . 2009-08-30 18:07 1304608 --sha-w- c:\windows\system32\drivers\fidbox.dat 2009-08-29 23:21 . 2009-08-30 17:44 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic 2009-08-29 20:35 . 2009-08-29 20:35 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla 2009-08-29 19:03 . 2009-08-29 19:03 -------- d-----w- c:\documents and settings\Administrator\Application Data\Subversion 2009-08-29 19:02 . 2009-08-29 19:02 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache 2009-08-29 17:26 . 2009-08-29 23:37 27656 ----a-w- c:\windows\system32\drivers\pxsec.sys 2009-08-29 17:26 . 2009-08-29 23:37 22024 ----a-w- c:\windows\system32\drivers\pxscan.sys 2009-08-29 17:26 . 2009-08-29 17:26 -------- d-----w- c:\documents and settings\All Users\Application Data\PrevxCSI 2009-08-29 16:55 . 2009-08-31 04:37 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-08-29 16:29 . 2009-08-29 16:29 -------- d-----w- C:\spoolerlogs 2009-08-29 16:29 . 2009-08-29 16:29 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2009-08-29 05:09 . 2009-08-29 05:09 86016 ----a-w- c:\windows\system32\frapsvid.dll 2009-08-26 04:47 . 2009-08-26 04:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment 2009-08-26 03:33 . 2009-09-11 03:36 -------- d-----w- c:\program files\World of Warcraft Public Test 2009-08-23 04:03 . 2009-08-23 04:03 349156 ----a-w- c:\windows\uninstall Deathwin.exe 2009-08-23 04:03 . 2009-08-23 04:03 8655167 ----a-w- c:\windows\Deathwin.scr 2009-08-17 05:22 . 2009-08-17 05:22 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Microsoft . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-12 03:38 . 2008-04-27 00:55 -------- d-----w- c:\program files\iCall 2009-09-12 02:31 . 2008-01-13 08:23 183264 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-09-12 02:21 . 2008-01-14 21:15 -------- d-----w- c:\program files\Common Files\Adobe 2009-09-12 02:02 . 2008-08-18 17:47 -------- d-----w- c:\documents and settings\Owner\Application Data\Download Manager 2009-09-11 14:10 . 2009-05-26 03:47 -------- d-----w- c:\program files\PeerGuardian2 2009-09-11 13:49 . 2008-01-13 21:03 -------- d-----w- c:\program files\Common Files\Logishrd 2009-09-11 13:49 . 2008-01-13 21:04 -------- d-----w- c:\documents and settings\All Users\Application Data\LogiShrd 2009-09-11 13:47 . 2008-01-13 10:47 -------- d-----w- c:\program files\DivX 2009-09-11 13:42 . 2008-08-20 17:08 -------- d-----w- c:\program files\BitComet 2009-09-07 17:40 . 2008-01-13 10:16 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-09-06 23:27 . 2008-03-10 21:40 -------- d-----w- c:\documents and settings\Owner\Application Data\Publish Providers 2009-09-06 16:55 . 2008-04-06 08:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Avg8 2009-08-31 05:55 . 2009-05-23 07:22 -------- d-----w- c:\program files\Common Files\DVDVideoSoft 2009-08-31 05:53 . 2008-05-25 03:28 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-08-31 05:53 . 2008-05-25 03:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-08-31 05:12 . 2008-04-13 18:26 69 ----a-w- c:\windows\RunSC.bat 2009-08-31 04:29 . 2008-05-19 05:09 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-08-30 18:07 . 2009-08-29 23:26 4316 --sha-w- c:\windows\system32\drivers\fidbox2.idx 2009-08-30 18:07 . 2009-08-29 23:26 18548 --sha-w- c:\windows\system32\drivers\fidbox.idx 2009-08-30 08:46 . 2008-08-18 18:47 153104 ----a-w- c:\windows\system32\drivers\tmcomm.sys 2009-08-29 19:58 . 2009-05-28 05:43 -------- d-----w- c:\program files\PE Explorer 2009-08-29 16:57 . 2008-04-13 18:05 -------- d-----w- c:\program files\SmartScan 2009-08-29 16:34 . 2008-01-14 09:39 -------- d-----w- c:\documents and settings\Owner\Application Data\Azureus 2009-08-29 02:00 . 2009-03-04 07:43 -------- d-----w- c:\documents and settings\Owner\Application Data\tor 2009-08-29 01:57 . 2009-03-04 07:42 -------- d-----w- c:\documents and settings\Owner\Application Data\Vidalia 2009-08-29 01:50 . 2009-03-04 07:14 -------- d-----w- c:\program files\ProxyFirewall 2009-08-26 03:52 . 2008-01-13 08:44 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment 2009-08-23 16:09 . 2008-05-04 08:56 -------- d-----w- c:\program files\EVGA Precision 2009-08-18 00:36 . 2008-07-12 04:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-08-16 16:54 . 2009-04-26 18:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Watermark Factory 2009-08-12 00:31 . 2009-08-12 00:31 13016513 ----a-w- c:\windows\Ignis_th.scr 2009-08-09 22:23 . 2008-04-06 05:51 -------- d-----w- c:\program files\PC Wizard 2008 2009-08-09 21:39 . 2008-01-13 08:44 -------- d-----w- c:\program files\World of Warcraft 2009-08-09 21:39 . 2009-05-07 21:32 -------- d-----w- c:\program files\WinHTTrack 2009-08-09 21:38 . 2008-01-13 10:26 -------- d-----w- c:\program files\Winamp 2009-08-09 21:38 . 2009-04-26 18:59 -------- d-----w- c:\program files\Watermark Factory 2 2009-08-09 21:38 . 2009-05-31 07:03 -------- d-----w- c:\program files\VB Decompiler Lite 2009-08-09 21:37 . 2008-04-06 02:33 -------- d-----w- c:\program files\SpeedFan 2009-08-09 21:33 . 2009-07-18 18:38 -------- d-----w- c:\program files\Safari 2009-08-09 21:31 . 2009-05-15 05:28 -------- d-----w- c:\program files\PADGen 2009-08-09 21:19 . 2009-06-08 08:06 -------- d-----w- c:\program files\megui 2009-08-09 21:19 . 2008-01-13 07:25 -------- d-----w- c:\program files\MagicISO 2009-08-09 21:19 . 2008-07-27 02:25 -------- d-----w- c:\program files\MagicDisc 2009-08-09 21:15 . 2008-07-06 21:02 -------- d-----w- c:\program files\CommView 2009-08-09 21:15 . 2008-04-13 21:33 -------- d-----w- c:\program files\Common Files\Webroot Shared 2009-08-09 21:07 . 2008-01-14 09:39 -------- d-----w- c:\program files\Azureus 2009-08-09 21:07 . 2008-01-16 06:50 -------- d-----w- c:\program files\ATITool 2009-08-09 21:06 . 2008-06-24 02:13 -------- d-----w- c:\program files\AIM6 2009-08-09 21:06 . 2008-06-11 02:07 -------- d-----w- c:\program files\AIM 2009-08-09 21:04 . 2009-05-06 04:24 -------- d-----w- c:\program files\Advanced JPEG Compressor 2009-08-09 20:15 . 2008-07-09 08:28 -------- d-----w- c:\program files\XP Codec Pack 2009-08-09 19:26 . 2008-02-07 22:43 -------- d-----w- c:\program files\SystemRequirementsLab 2009-08-09 19:24 . 2009-05-31 16:07 -------- d-----w- c:\program files\Screensaver Factory 5 Enterprise 2009-08-09 19:24 . 2008-07-09 06:55 -------- d-----w- c:\program files\ReNamer 2009-08-09 19:14 . 2008-03-30 21:46 -------- d-----w- c:\program files\Driver Cleaner Pro 2009-08-09 07:49 . 2009-05-31 19:20 -------- d-----w- c:\documents and settings\Owner\Application Data\TortoiseSVN 2009-08-09 06:56 . 2009-08-09 06:56 -------- d-----w- c:\program files\Common Files\TortoiseOverlays 2009-08-09 06:56 . 2009-08-09 06:56 -------- d-----w- c:\program files\TortoiseSVN 2009-08-09 04:02 . 2009-08-09 04:02 -------- d-----w- c:\program files\Sony 2009-08-09 03:48 . 2009-05-28 03:57 -------- d-----w- c:\documents and settings\Owner\Application Data\4Media Software Studio 2009-08-09 03:48 . 2009-05-28 03:56 -------- d-----w- c:\program files\4Media 2009-08-05 09:01 . 2003-03-31 19:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-08-04 00:49 . 2008-12-28 07:25 -------- d-----w- c:\program files\Windows Live Safety Center 2009-08-01 21:38 . 2009-08-01 21:02 -------- d-----w- c:\documents and settings\Owner\Application Data\Eltima Software 2009-08-01 17:13 . 2009-08-01 17:13 -------- d-----w- c:\program files\AGEIA Technologies 2009-08-01 17:13 . 2009-08-01 17:13 -------- d-----w- c:\program files\NVIDIA Corporation 2009-08-01 17:13 . 2009-08-01 17:13 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation 2009-07-29 16:15 . 2008-07-12 05:00 -------- d-----w- c:\program files\Common Files\Merge Modules 2009-07-20 19:26 . 2009-03-07 17:15 84496 ----a-w- c:\windows\system32\KemXML.dll 2009-07-20 19:26 . 2009-03-07 17:15 117264 ----a-w- c:\windows\system32\KemWnd.dll 2009-07-20 19:26 . 2009-03-07 17:15 145936 ----a-w- c:\windows\system32\KemUtil.dll 2009-07-20 19:26 . 2009-03-07 17:15 170512 ----a-w- c:\windows\system32\kemutb.dll 2009-07-20 19:25 . 2009-03-07 17:15 301656 ----a-w- c:\windows\system32\BtCoreIf.dll 2009-07-18 18:38 . 2009-07-18 18:38 119796 ---ha-w- c:\windows\system32\mlfcache.dat 2009-07-18 18:38 . 2009-05-29 05:24 -------- d-----w- c:\documents and settings\Owner\Application Data\Apple Computer 2009-07-17 19:01 . 2003-03-31 19:00 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-14 20:35 . 2009-07-14 20:35 2173472 ----a-w- c:\windows\system32\nvcplui.exe 2009-07-14 20:35 . 2009-07-14 20:35 81920 ----a-w- c:\windows\system32\nvwddi.dll 2009-07-14 20:35 . 2009-07-14 20:35 4026368 ----a-w- c:\windows\system32\nvvitvs.dll 2009-07-14 20:35 . 2009-07-14 20:35 3170304 ----a-w- c:\windows\system32\nvwss.dll 2009-07-14 20:34 . 2009-07-14 20:34 86016 ----a-w- c:\windows\system32\nvmctray.dll 2009-07-14 20:34 . 2009-07-14 20:34 4923392 ----a-w- c:\windows\system32\nvdisps.dll 2009-07-14 20:34 . 2009-07-14 20:34 3547136 ----a-w- c:\windows\system32\nvgames.dll 2009-07-14 20:34 . 2009-07-14 20:34 188416 ----a-w- c:\windows\system32\nvmccss.dll 2009-07-14 20:34 . 2009-07-14 20:34 168004 ----a-w- c:\windows\system32\nvsvc32.exe 2009-07-14 20:34 . 2009-07-14 20:34 143360 ----a-w- c:\windows\system32\nvcolor.exe 2009-07-14 20:34 . 2009-07-14 20:34 13877248 ----a-w- c:\windows\system32\nvcpl.dll 2009-07-14 20:34 . 2009-07-14 20:34 1286144 ----a-w- c:\windows\system32\nvmobls.dll 2009-07-14 20:34 . 2009-07-14 20:34 229376 ----a-w- c:\windows\system32\nvmccs.dll 2009-07-14 18:54 . 2009-08-01 17:12 485920 ----a-w- c:\windows\system32\nvudisp.exe 2009-07-14 18:54 . 2009-08-01 17:12 7741664 ----a-w- c:\windows\system32\drivers\nv4_mini.sys 2009-07-14 18:54 . 2009-08-01 17:09 2189856 ----a-w- c:\windows\system32\nvcuvid.dll 2009-07-14 18:54 . 2009-08-01 17:09 1706528 ----a-w- c:\windows\system32\nvcuvenc.dll 2009-07-14 18:54 . 2009-08-01 17:09 10457088 ----a-w- c:\windows\system32\nvoglnt.dll 2009-07-14 18:54 . 2009-08-01 17:09 868352 ----a-w- c:\windows\system32\nvapi.dll 2009-07-14 18:54 . 2009-08-01 17:09 2002944 ----a-w- c:\windows\system32\nvcuda.dll 2009-07-14 18:54 . 2009-08-01 17:09 1597690 ----a-w- c:\windows\system32\nvdata.bin 2009-07-14 18:54 . 2009-08-01 17:09 151552 ----a-w- c:\windows\system32\nvcodins.dll 2009-07-14 18:54 . 2009-08-01 17:09 151552 ----a-w- c:\windows\system32\nvcod.dll 2009-07-14 18:54 . 2008-10-03 03:12 5842816 ----a-w- c:\windows\system32\nv4_disp.dll 2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll . ------- Sigcheck ------- [-] 2008-09-02 . 3CF3A7B11E4A1DF6CD13B41A76E8B53E . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys [-] 2008-09-02 . 3CF3A7B11E4A1DF6CD13B41A76E8B53E . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys [7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys [7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys [7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys [-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtServicePackUninstall$\tcpip.sys [-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys [7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB941644$\tcpip.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal] @="{C5994560-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}] 2009-08-04 16:13 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified] @="{C5994561-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}] 2009-08-04 16:13 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict] @="{C5994562-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}] 2009-08-04 16:13 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked] @="{C5994563-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}] 2009-08-04 16:13 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly] @="{C5994564-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}] 2009-08-04 16:13 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted] @="{C5994565-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}] 2009-08-04 16:13 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded] @="{C5994566-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}] 2009-08-04 16:13 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored] @="{C5994567-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}] 2009-08-04 16:13 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned] @="{C5994568-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}] 2009-08-04 16:13 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-07-09 1657376] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-14 13877248] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-07-14 86016] "EVGAPrecision"="c:\program files\EVGA Precision\EVGAPrecision.exe" [2009-08-18 273424] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000] "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-02-27 38768] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2009-06-17 55824] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2009-06-17 55824] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-3-7 813584] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2009-07-20 19:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\system32\acaptuser32.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Privoxy.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Privoxy.lnk backup=c:\windows\pss\Privoxy.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Keylogger Hunter.lnk] path=c:\documents and settings\Owner\Start Menu\Programs\Startup\Keylogger Hunter.lnk backup=c:\windows\pss\Keylogger Hunter.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Logitech . Product Registration.lnk] path=c:\documents and settings\Owner\Start Menu\Programs\Startup\Logitech . Product Registration.lnk backup=c:\windows\pss\Logitech . Product Registration.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^MagicDisc.lnk] path=c:\documents and settings\Owner\Start Menu\Programs\Startup\MagicDisc.lnk backup=c:\windows\pss\MagicDisc.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^WinMySQLadmin.lnk] path=c:\documents and settings\Owner\Start Menu\Programs\Startup\WinMySQLadmin.lnk backup=c:\windows\pss\WinMySQLadmin.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "AntiKeyloggers"=2 (0x2) "PnkBstrB"=2 (0x2) "PnkBstrA"=2 (0x2) "idsvc"=3 (0x3) "Bonjour Service"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" "iCall Internet Phone"="c:\program files\iCall\iCall.exe" /startup [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\Azureus\\Azureus.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"= "c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"= "c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"= "c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"= "c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"= "c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"= "c:\\Program Files\\iCall\\iCall.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\AIM\\aim.exe"= "c:\\Program Files\\Octoshape Streaming Services\\Owner\\OctoshapeClient.exe"= "c:\\Program Files\\mIRC\\mirc.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= "c:\\wamp\\bin\\apache\\apache2.2.8\\bin\\httpd.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\GIGABYTE\\@BIOS\\GBTUpd.exe"= "c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"= "c:\\Program Files\\GIGABYTE\\@BIOS\\UpdExe.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\BitComet\\BitComet.exe"= "c:\\Program Files\\Ventrilo\\Ventrilo.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Documents and Settings\\Owner\\Local Settings\\Application Data\\Dyyno Receiver\\DPPM.exe"= "c:\\Program Files\\World of Warcraft\\WoW-3.0.8.9506-to-3.0.9.9551-enUS-downloader.exe"= "c:\\Program Files\\World of Warcraft Public Test\\Launcher.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\World of Warcraft\\Launcher.exe"= "c:\\Program Files\\World of Warcraft\\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe"= "c:\\Program Files\\Zend\\Zend Studio for Eclipse - 6.1.2\\ZendStudio.exe"= "c:\\ROFL (Blizz-Like) V2.0.0.1\\ROFL (Blizz-Like) V2.0.0.1\\Realm\\hearthstone-world.exe"= "c:\\Program Files\\4Media\\HD Video Converter\\vcloader.exe"= "c:\\Program Files\\4Media\\SWF Converter\\vcloader.exe"= "c:\\AC Web Ultimate Repack\\trincore\\TrinityCore.exe"= "c:\\AC Web Ultimate Repack\\Server\\apache\\bin\\apache.exe"= "c:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"= "c:\\AC Web MaNGOS Hybrid\\MaNGOS\\mangosd.exe"= "c:\\Program Files\\World of Warcraft Public Test\\WoW-0.2.2.10257-enUS-ptr-downloader.exe"= "c:\\Program Files\\World of Warcraft Public Test\\WoW-0.2.2.10257-to-0.2.2.10357-enUS-ptr-downloader.exe"= "c:\\Program Files\\World of Warcraft Public Test\\WoW-0.2.2.10357-to-0.2.2.10371-enUS-ptr-downloader.exe"= "c:\\Program Files\\GIGABYTE\\ET5\\update.exe"= "c:\\Program Files\\GIGABYTE\\@BIOS\\gwflash.exe"= "c:\\Program Files\\GlobalSCAPE\\CuteFTP 8 Professional\\ftpte.exe"= "c:\\Program Files\\World of Warcraft Public Test\\WoW-0.2.2.10371-to-0.2.2.10392-enUS-ptr-downloader.exe"= "c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"= "c:\\Program Files\\World of Warcraft Public Test\\WoW-0.2.2.10392-to-0.2.2.10433-enUS-ptr-downloader.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "6112:TCP"= 6112:TCP:Blizz Downloader 2: 6112 "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 "12802:TCP"= 12802:TCP:BitComet 12802 TCP "12802:UDP"= 12802:UDP:BitComet 12802 UDP "3306:TCP"= 3306:TCP:*:Disabled:mysql "3306:UDP"= 3306:UDP:*:Disabled:mysql R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [29/08/2009 5:11 PM 28544] R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [29/08/2009 10:26 AM 22024] R0 pxsec;pxsec;c:\windows\system32\drivers\pxsec.sys [29/08/2009 10:26 AM 27656] R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [06/09/2009 10:21 AM 114768] R1 PsSdk41;PsSdk41;c:\windows\system32\drivers\pssdk41.sys [06/07/2008 1:57 PM 36928] R1 PsSdkLBF;PsSdkLBF;c:\windows\system32\drivers\pssdklbf.sys [06/07/2008 1:57 PM 53312] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [05/08/2009 4:06 PM 74480] R1 ts_lb;ts_lb;c:\windows\system32\drivers\ts_lb.sys [06/07/2008 2:02 PM 24096] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [06/09/2009 10:21 AM 20560] R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [07/03/2009 10:16 AM 10384] R2 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [13/04/2008 2:20 PM 598856] R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [21/08/2008 2:55 PM 99352] R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [21/08/2008 2:55 PM 555032] R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [21/08/2008 2:56 PM 566296] S2 uhjm;uhjm;c:\windows\system32\drivers\kmgfbnxb.sys --> c:\windows\system32\drivers\kmgfbnxb.sys [?] S3 9e21E;9e21E;c:\windows\system32\9e21E.sys [30/08/2009 1:47 AM 54624] S3 Apache2.2;Apache2.2;c:\www\Apache22\bin\httpd.exe [14/01/2008 2:49 AM 24631] S3 b2849;b2849;c:\windows\system32\b2849.sys [30/08/2009 9:39 PM 54624] S3 c0119;c0119;c:\windows\system32\c0119.sys [30/08/2009 2:54 PM 54624] S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [21/08/2008 2:55 PM 99352] S3 copy2ofrp;copy2ofrp;c:\windows\system32\drivers\copy2ofrp.sys [30/08/2009 5:45 PM 34816] S3 copy3ofrp;copy3ofrp;c:\windows\system32\drivers\copy3ofrp.sys [30/08/2009 5:55 PM 34816] S3 copy4ofrp;copy4ofrp;c:\windows\system32\drivers\copy4ofrp.sys [30/08/2009 5:56 PM 34816] S3 copy5ofrp;copy5ofrp;c:\windows\system32\drivers\copy5ofrp.sys [30/08/2009 5:56 PM 34816] S3 copyofrp;copyofrp;c:\windows\system32\drivers\copyofrp.sys [30/08/2009 5:56 PM 34816] S3 cpuz129;cpuz129;\??\c:\docume~1\Owner\LOCALS~1\Temp\cpuz_x32.sys --> c:\docume~1\Owner\LOCALS~1\Temp\cpuz_x32.sys [?] S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [21/08/2008 2:55 PM 555032] S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [21/08/2008 2:56 PM 100888] S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [21/08/2008 2:56 PM 100888] S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [21/08/2008 2:56 PM 566296] S3 CV2K1;CommView Network Monitor;c:\windows\system32\drivers\cv2k1.sys [06/07/2008 2:02 PM 19240] S3 foot;foot;c:\windows\system32\drivers\foot.sys [30/08/2009 5:56 PM 34816] S3 LtcyCfgWDM;PCI Latency Tool Driver Service;c:\windows\system32\drivers\LtcyCfgWDM.sys [26/12/2005 1:24 AM 6656] S3 MarkFun_NT;MarkFun_NT;c:\program files\GIGABYTE\ET5\MARKFUN.W32 [10/01/2009 3:23 PM 17912] S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\10.tmp --> c:\windows\system32\10.tmp [?] S3 rspSanity;rspSanity;c:\windows\system32\drivers\rspSanity32.sys [30/08/2009 1:52 AM 30136] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [05/08/2009 4:06 PM 7408] S3 SecureSrv;SecureSrv;c:\program files\Hide My IP 2009\SecureSrv.exe [08/03/2009 7:09 PM 536896] S4 ATZO;ATZO;c:\docume~1\Owner\LOCALS~1\Temp\ATZO.exe --> c:\docume~1\Owner\LOCALS~1\Temp\ATZO.exe [?] S4 AVYTBJJMCCA;AVYTBJJMCCA;c:\docume~1\Owner\LOCALS~1\Temp\AVYTBJJMCCA.exe --> c:\docume~1\Owner\LOCALS~1\Temp\AVYTBJJMCCA.exe [?] S4 CSIScanner;CSIScanner;"c:\program files\Prevx\prevx.exe" /service --> c:\program files\Prevx\prevx.exe [?] S4 D;D;c:\docume~1\Owner\LOCALS~1\Temp\D.exe --> c:\docume~1\Owner\LOCALS~1\Temp\D.exe [?] S4 DPUK;DPUK;c:\docume~1\Owner\LOCALS~1\Temp\DPUK.exe --> c:\docume~1\Owner\LOCALS~1\Temp\DPUK.exe [?] S4 KIG;KIG;c:\docume~1\Owner\LOCALS~1\Temp\KIG.exe --> c:\docume~1\Owner\LOCALS~1\Temp\KIG.exe [?] S4 QLEOLYTKCKZRF;QLEOLYTKCKZRF;c:\docume~1\Owner\LOCALS~1\Temp\QLEOLYTKCKZRF.exe --> c:\docume~1\Owner\LOCALS~1\Temp\QLEOLYTKCKZRF.exe [?] S4 QPKTDICDANJA;QPKTDICDANJA;c:\docume~1\Owner\LOCALS~1\Temp\QPKTDICDANJA.exe --> c:\docume~1\Owner\LOCALS~1\Temp\QPKTDICDANJA.exe [?] S4 RVQDJY;RVQDJY;c:\docume~1\Owner\LOCALS~1\Temp\RVQDJY.exe --> c:\docume~1\Owner\LOCALS~1\Temp\RVQDJY.exe [?] S4 SB;SB;c:\docume~1\Owner\LOCALS~1\Temp\SB.exe --> c:\docume~1\Owner\LOCALS~1\Temp\SB.exe [?] S4 SUVGMVQKALG;SUVGMVQKALG;c:\docume~1\Owner\LOCALS~1\Temp\SUVGMVQKALG.exe --> c:\docume~1\Owner\LOCALS~1\Temp\SUVGMVQKALG.exe [?] S4 WKBFSJCQH;WKBFSJCQH;c:\docume~1\Owner\LOCALS~1\Temp\WKBFSJCQH.exe --> c:\docume~1\Owner\LOCALS~1\Temp\WKBFSJCQH.exe [?] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . . ------- Supplementary Scan ------- . uStart Page = about:blank IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000 IE: Open using &Advanced JPEG Compressor - c:\program files\Advanced JPEG Compressor\ajcieex.htm IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm IE: Zend Studio - Debug current page - c:\program files\Zend\Zend Studio for Eclipse - 6.1.2\toolbars\ZendIEToolbar.dll/DebugCurrent.html IE: Zend Studio - Debug next page - c:\program files\Zend\Zend Studio for Eclipse - 6.1.2\toolbars\ZendIEToolbar.dll/DebugNext.html DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} - hxxp://webserver.dyyno.com/tng/dyyno-client/DyynoCAB.CAB DPF: {6CE31B8D-8340-4DBD-B78E-BF59620924DC} - hxxp://www.quest3d.com/webplugin/download/quest3dactivex2.cab DPF: {7D4733C0-C43B-4A81-AF43-F9B20D1F8348} - hxxp://www.octoshape.com/test/ax/octoshape.cab FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\pnpftflf.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2272238&SearchSource=3&q={searchTerms} FF - plugin: c:\documents and settings\Owner\Application Data\Mozilla\plugins\npoctoshape.dll FF - plugin: c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\program files\Dyyno\Dyyno Player\npvlc.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll FF - plugin: c:\program files\Octoshape Streaming Services\Owner\octoprogram-L03-NMS0806060_SUA_900\npoctoshape.dll FF - plugin: c:\program files\Octoshape Streaming Services\Owner\octoprogram-L03-NMS0806260_SUA_000\npoctoshape.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- FF - user.js: zend.ZDE_Path - c:\program files\Zend\Zend Studio for Eclipse - 6.1.2\ZendStudio.exe . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-12 10:05 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MarkFun_NT] "ImagePath"="\??\c:\program files\Gigabyte\ET5\markfun.w32" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2] "ImagePath"="\??\c:\windows\system32\10.tmp" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL] "ImagePath"="\"c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\System32\\Macromed\\Flash\\FlashUtil10c.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32] @="c:\\WINDOWS\\System32\\Macromed\\Flash\\FlashUtil10c.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @Denied: (A 2) (Everyone) @="IFlashBroker3" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(488) c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll c:\program files\common files\logishrd\bluetooth\LBTServ.dll - - - - - - - > 'explorer.exe'(2828) c:\windows\system32\WININET.dll c:\program files\Logitech\SetPoint\GameHook.dll c:\program files\Logitech\SetPoint\lgscroll.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll c:\program files\TortoiseSVN\bin\TortoiseStub.dll c:\program files\TortoiseSVN\bin\TortoiseSVN.dll c:\program files\TortoiseSVN\bin\intl3_tsvn.dll c:\program files\SmartFTP Client\en-US\sfShellTools.dll.mui c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\hnetcfg.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\nvsvc32.exe c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\windows\system32\CTSVCCDA.EXE c:\program files\TortoiseSVN\bin\TSVNCache.exe c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\windows\system32\rundll32.exe c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2009-09-12 10:11 - machine was rebooted ComboFix-quarantined-files.txt 2009-09-12 17:11 Pre-Run: 30,948,806,656 bytes free Post-Run: 30,812,549,120 bytes free 566 --- E O F --- 2009-08-26 05:46 Will be posting RootRepeal log soon...I want to be able to remove the access denided to all these folders/files as it appears that based on Malwarebytes' Anti-Malware/SuperAntiSpyware and Avast Antivirus no viruses/trojans/rootkits are found. Thank you in advance.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.