Jump to content

Fright

Honorary Members
 View Profile  See their activity

  • Posts

    35

  • Joined

  • Last visited

Reputation

0 Neutral
  1. Fright
    Good to hear! My computer seems to be flying now lol. I downloaded SpywareBlaster and will be updating any Windows files I can next. Once I receive my taxes back I'll be sure to spread some of the wealth! Thank you for your time and help!
  2. Fright
    C:\Documents and Settings\bobbileigh\Application Data\Sun\Java\Deployment\cache\6.0\35\1fab4ba3-203ff183 multiple threats deleted - quarantined
  3. Fright
    Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 5683 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 2/6/2011 12:43:57 AM mbam-log-2011-02-06 (00-43-56).txt Scan type: Full scan (C:\|) Objects scanned: 344769 Time elapsed: 3 hour(s), 42 minute(s), 41 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Well after almost 4 hours lol it looks like Malwarebytes has given my PC a clean bill of health! I removed 2 older versions of Java as well.
  4. Fright
    ComboFix 11-01-31.02 - bobbileigh 02/05/2011 3:48.13.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.991.514 [GMT -6:00] Running from: c:\documents and settings\bobbileigh\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Enabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF} . ((((((((((((((((((((((((( Files Created from 2011-01-05 to 2011-02-05 ))))))))))))))))))))))))))))))) . 2011-02-05 09:34 . 2011-02-05 09:34 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7E757961-EDFC-4932-BEFC-835ACFB1E654}\MpKsl3a478d19.sys 2011-02-05 09:32 . 2011-01-13 09:41 5890896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7E757961-EDFC-4932-BEFC-835ACFB1E654}\mpengine.dll 2011-01-06 18:32 . 2011-01-06 18:32 -------- d-----w- c:\documents and settings\matt\Local Settings\Application Data\ArcSoft 2011-01-06 18:32 . 2011-01-06 18:32 -------- d-----w- c:\documents and settings\matt\Application Data\Skinux 2011-01-06 18:31 . 2011-01-06 18:31 -------- d-----w- c:\documents and settings\matt\Application Data\ArcSoft . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-02-05 09:27 . 2006-11-26 16:33 4224 ----a-w- c:\windows\system32\drivers\avg7rsw.sys 2011-01-13 09:41 . 2010-03-14 03:16 5890896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2010-12-27 21:56 . 2010-12-27 21:56 388096 ----a-r- c:\documents and settings\bobbileigh\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-12-21 00:09 . 2009-12-06 06:23 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-12-21 00:08 . 2009-12-06 06:23 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-12-12 04:09 . 2010-12-12 04:09 134 ----a-w- c:\windows\system32\drivers\etc\hosts-perm.bat 2010-11-29 23:38 . 2010-11-29 23:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2010-11-29 23:38 . 2010-11-29 23:38 69632 ----a-w- c:\windows\system32\QuickTime.qts 2010-11-18 18:12 . 2006-04-30 05:32 81920 ------w- c:\windows\system32\isign32.dll 2010-11-09 14:52 . 2006-04-30 05:11 249856 ----a-w- c:\windows\system32\odbc32.dll 2009-12-10 07:11 . 2009-12-10 07:11 292864 ----a-w- c:\program files\ogi7888l.exe 2007-03-07 00:53 . 2007-03-07 00:53 774144 ------w- c:\program files\RngInterstitial.dll . ((((((((((((((((((((((((((((( SnapShot_2011-02-04_21.47.50 ))))))))))))))))))))))))))))))))))))))))) . + 2011-02-05 09:28 . 2011-02-05 09:28 16384 c:\windows\temp\Perflib_Perfdata_37c.dat + 2011-02-05 09:28 . 2011-02-05 09:28 16384 c:\windows\temp\Perflib_Perfdata_2a0.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AIM"="c:\program files\AIM7\aim.exe" [2010-12-07 4320600] "HijackThis startup scan"="c:\program files\Trend Micro\HijackThis\HijackThis.exe" [2010-03-26 388096] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Mouse Suite 98 Daemon"="ICO.EXE" [2005-04-13 49152] "TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2006-07-15 503808] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920] "LPManager"="c:\progra~1\Lenovo\LENOVO~2\LPMGR.exe" [2006-07-03 110592] "DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-05-18 196696] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-11-11 198160] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-02 7557120] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-08-09 221184] "ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424] "MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160] c:\documents and settings\bobbileigh\Start Menu\Programs\Startup\ Secunia PSI.lnk - c:\program files\Secunia\PSI\psi.exe [2010-7-21 965176] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-11-26 113664] Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696] Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2009-7-10 323584] Play Wireless USB Adapter Utility.lnk - c:\program files\Belkin\F7D4101\V1\PBN.exe [2009-11-25 110592] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader] 2006-01-11 01:01 106496 ------w- c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2008-01-15 09:22 267048 ------w- c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Octoshape Streaming Services] 2009-01-08 13:44 70936 ----a-w- c:\documents and settings\bobbileigh\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"= "c:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"= "c:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"= "c:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"= "c:\\Program Files\\AIM\\aim.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\WINDOWS\\system32\\rtcshare.exe"= "c:\\Program Files\\NetMeeting\\conf.exe"= "c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"= "c:\\Program Files\\Motorola\\Software Update\\msu.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "c:\\Program Files\\Last.fm\\LastFM.exe"= "c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\ThinkVantage\\AMSG\\Amsg.exe"= "c:\\WINDOWS\\system32\\FSRremoS.EXE"= "c:\\Program Files\\Grisoft\\AVG Free\\avgupsvc.exe"= "c:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "c:\\Documents and Settings\\bobbileigh\\Application Data\\Octoshape\\Octoshape Streaming Services\\OctoshapeClient.exe"= "c:\\Program Files\\AIM7\\aim.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "67:UDP"= 67:UDP:DHCP Discovery Service R1 MpKsl3a478d19;MpKsl3a478d19;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7E757961-EDFC-4932-BEFC-835ACFB1E654}\MpKsl3a478d19.sys [2/5/2011 3:34 AM 28752] R2 MotoConnect Service;MotoConnect Service;c:\program files\Motorola\MotoConnectService\MotoConnectService.exe [6/24/2010 1:34 PM 91456] R2 smi2;smi2;c:\program files\SMI2\smi2.sys [7/14/2006 4:55 PM 3968] R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [7/7/2010 8:05 AM 14904] S1 MpKsl70a2501f;MpKsl70a2501f;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AD443F8E-7B6D-47C4-90F0-35F9BC1992B6}\MpKsl70a2501f.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AD443F8E-7B6D-47C4-90F0-35F9BC1992B6}\MpKsl70a2501f.sys [?] S2 WLANBelkinService;Belkin WLAN service;c:\program files\Belkin\F7D4101\V1\wlansrv.exe [12/28/2009 4:25 PM 36864] S3 BCMH43XX;N+ Wireless USB Adapter Driver;c:\windows\system32\drivers\bcmwlhigh5.sys [11/6/2009 7:26 AM 642432] S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys --> c:\windows\system32\DRIVERS\motodrv.sys [?] S3 PsSdk30;PsSdk30;\??\c:\windows\system32\Drivers\PsSdk30.drv --> c:\windows\system32\Drivers\PsSdk30.drv [?] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12/14/2006 10:04 PM 639224] --- Other Services/Drivers In Memory --- *NewlyCreated* - MPKSL3A478D19 *Deregistered* - klmdb [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] getPlusHelper REG_MULTI_SZ getPlusHelper . Contents of the 'Scheduled Tasks' folder 2011-01-25 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34] 2011-02-05 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-26 02:40] . . ------- Supplementary Scan ------- . uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = <local> uSearchURL,(Default) = hxxp://www.google.com/search?q=%s FF - ProfilePath - c:\documents and settings\bobbileigh\Application Data\Mozilla\Firefox\Profiles\u4rcmdu5.default\ FF - prefs.js: browser.startup.homepage - www.facebook.com FF - prefs.js: network.proxy.type - 0 FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\bobbileigh\Application Data\Move Networks FF - user.js: network.protocol-handler.warn-external.dnupdate - false . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-02-05 03:58 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet022\Services\PsSdk30] "ImagePath"="\??\c:\windows\system32\Drivers\PsSdk30.drv" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(3184) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2011-02-05 04:06:13 ComboFix-quarantined-files.txt 2011-02-05 10:06 ComboFix2.txt 2011-02-04 23:12 ComboFix3.txt 2011-02-04 21:53 ComboFix4.txt 2010-12-24 07:33 ComboFix5.txt 2011-02-05 09:46 Pre-Run: 32,010,018,816 bytes free Post-Run: 31,994,015,744 bytes free - - End Of File - - D83966EEA22CF453C68E7EFAA93D995D
  5. Fright
    2011/02/05 03:25:28.0052 222944 TDSS rootkit removing tool 2.4.16.0 Feb 1 2011 10:34:03 2011/02/05 03:25:28.0333 222944 ================================================================================ 2011/02/05 03:25:28.0333 222944 SystemInfo: 2011/02/05 03:25:28.0333 222944 2011/02/05 03:25:28.0333 222944 OS Version: 5.1.2600 ServicePack: 3.0 2011/02/05 03:25:28.0333 222944 Product type: Workstation 2011/02/05 03:25:28.0333 222944 ComputerName: LENOVO-B3862E77 2011/02/05 03:25:28.0349 222944 UserName: bobbileigh 2011/02/05 03:25:28.0349 222944 Windows directory: C:\WINDOWS 2011/02/05 03:25:28.0349 222944 System windows directory: C:\WINDOWS 2011/02/05 03:25:28.0349 222944 Processor architecture: Intel x86 2011/02/05 03:25:28.0349 222944 Number of processors: 2 2011/02/05 03:25:28.0349 222944 Page size: 0x1000 2011/02/05 03:25:28.0349 222944 Boot type: Normal boot 2011/02/05 03:25:28.0349 222944 ================================================================================ 2011/02/05 03:25:28.0989 222944 Initialize success 2011/02/05 03:25:31.0942 222856 ================================================================================ 2011/02/05 03:25:31.0942 222856 Scan started 2011/02/05 03:25:31.0942 222856 Mode: Manual; 2011/02/05 03:25:31.0942 222856 ================================================================================ 2011/02/05 03:25:33.0427 222856 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS 2011/02/05 03:25:33.0489 222856 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2011/02/05 03:25:33.0521 222856 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 2011/02/05 03:25:33.0567 222856 ADIHdAudAddService (45e7a5e6963fa9d69cb85f50a271e3df) C:\WINDOWS\system32\drivers\ADIHdAud.sys 2011/02/05 03:25:33.0864 222856 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys 2011/02/05 03:25:33.0911 222856 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 2011/02/05 03:25:33.0974 222856 AegisP (2f7f3e8da380325866e566f5d5ec23d5) C:\WINDOWS\system32\DRIVERS\AegisP.sys 2011/02/05 03:25:33.0989 222856 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys 2011/02/05 03:25:34.0052 222856 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys 2011/02/05 03:25:34.0067 222856 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys 2011/02/05 03:25:34.0099 222856 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys 2011/02/05 03:25:34.0114 222856 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys 2011/02/05 03:25:34.0130 222856 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys 2011/02/05 03:25:34.0192 222856 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys 2011/02/05 03:25:34.0208 222856 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys 2011/02/05 03:25:34.0239 222856 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys 2011/02/05 03:25:34.0286 222856 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys 2011/02/05 03:25:34.0317 222856 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys 2011/02/05 03:25:34.0333 222856 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys 2011/02/05 03:25:34.0458 222856 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys 2011/02/05 03:25:34.0552 222856 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2011/02/05 03:25:34.0614 222856 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 2011/02/05 03:25:34.0677 222856 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2011/02/05 03:25:34.0692 222856 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2011/02/05 03:25:34.0802 222856 Avg7Core (400e920d2e3f42bf6f1f75dd1b069ce3) C:\WINDOWS\System32\Drivers\avg7core.sys 2011/02/05 03:25:34.0849 222856 Avg7RsW (ed5aea72555cb0c09e918a74ce3113b1) C:\WINDOWS\System32\Drivers\avg7rsw.sys 2011/02/05 03:25:34.0849 222856 Suspicious file (Forged): C:\WINDOWS\System32\Drivers\avg7rsw.sys. Real md5: ed5aea72555cb0c09e918a74ce3113b1, Fake md5: d35863e693832153c157b8f604688197 2011/02/05 03:25:34.0864 222856 Avg7RsW - detected Rootkit.Win32.TDSS.tdl3 (0) 2011/02/05 03:25:34.0880 222856 Avg7RsXP (04d823d681f0d53191a172c3e667fc33) C:\WINDOWS\System32\Drivers\avg7rsxp.sys 2011/02/05 03:25:34.0911 222856 AvgClean (603dc17a48c65c637623a9bb5a5e6008) C:\WINDOWS\System32\Drivers\avgclean.sys 2011/02/05 03:25:35.0005 222856 b57w2k (3a3a82ffd268bcfb7ae6a48cecf00ad9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys 2011/02/05 03:25:35.0083 222856 BCMH43XX (b770039886598aab7cf5eaeec2409e31) C:\WINDOWS\system32\DRIVERS\bcmwlhigh5.sys 2011/02/05 03:25:35.0130 222856 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2011/02/05 03:25:35.0333 222856 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys 2011/02/05 03:25:35.0349 222856 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2011/02/05 03:25:35.0364 222856 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 2011/02/05 03:25:35.0411 222856 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys 2011/02/05 03:25:35.0505 222856 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2011/02/05 03:25:35.0521 222856 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 2011/02/05 03:25:35.0630 222856 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2011/02/05 03:25:35.0739 222856 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys 2011/02/05 03:25:35.0802 222856 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys 2011/02/05 03:25:35.0833 222856 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys 2011/02/05 03:25:35.0849 222856 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys 2011/02/05 03:25:35.0911 222856 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 2011/02/05 03:25:35.0989 222856 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 2011/02/05 03:25:36.0036 222856 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 2011/02/05 03:25:36.0052 222856 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2011/02/05 03:25:36.0114 222856 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 2011/02/05 03:25:36.0161 222856 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys 2011/02/05 03:25:36.0177 222856 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 2011/02/05 03:25:36.0208 222856 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys 2011/02/05 03:25:36.0317 222856 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 2011/02/05 03:25:36.0427 222856 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 2011/02/05 03:25:36.0458 222856 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 2011/02/05 03:25:36.0505 222856 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 2011/02/05 03:25:36.0536 222856 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 2011/02/05 03:25:36.0661 222856 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2011/02/05 03:25:36.0724 222856 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2011/02/05 03:25:36.0786 222856 G400 (36feb2ddce5f84128c2a8dbc60538dad) C:\WINDOWS\system32\DRIVERS\G400m.sys 2011/02/05 03:25:36.0849 222856 GEARAspiWDM (4ac51459805264affd5f6fdfb9d9235f) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys 2011/02/05 03:25:36.0896 222856 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2011/02/05 03:25:36.0958 222856 HdAudAddService (2a013e7530beab6e569faa83f517e836) C:\WINDOWS\system32\drivers\HdAudio.sys 2011/02/05 03:25:37.0021 222856 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 2011/02/05 03:25:37.0052 222856 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2011/02/05 03:25:37.0083 222856 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys 2011/02/05 03:25:37.0146 222856 HSFHWBS2 (ed81914394cbafbe5cf41f1e043822f8) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys 2011/02/05 03:25:37.0192 222856 HSF_DP (3f0ffa294544ed92e962a4e3057fb5ac) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys 2011/02/05 03:25:37.0271 222856 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 2011/02/05 03:25:37.0302 222856 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys 2011/02/05 03:25:37.0349 222856 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys 2011/02/05 03:25:37.0380 222856 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2011/02/05 03:25:37.0427 222856 iaStor (309c4d86d989fb1fcf64bd30dc81c51b) C:\WINDOWS\system32\DRIVERS\iaStor.sys 2011/02/05 03:25:37.0599 222856 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 2011/02/05 03:25:37.0661 222856 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys 2011/02/05 03:25:37.0692 222856 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys 2011/02/05 03:25:37.0739 222856 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 2011/02/05 03:25:37.0755 222856 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2011/02/05 03:25:37.0817 222856 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2011/02/05 03:25:37.0833 222856 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2011/02/05 03:25:37.0880 222856 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2011/02/05 03:25:37.0927 222856 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 2011/02/05 03:25:37.0989 222856 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2011/02/05 03:25:38.0021 222856 Iviaspi (f59c3569a2f2c464bb78cb1bdcdca55e) C:\WINDOWS\system32\drivers\iviaspi.sys 2011/02/05 03:25:38.0067 222856 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2011/02/05 03:25:38.0099 222856 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 2011/02/05 03:25:38.0146 222856 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 2011/02/05 03:25:38.0192 222856 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 2011/02/05 03:25:38.0286 222856 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 2011/02/05 03:25:38.0333 222856 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2011/02/05 03:25:38.0380 222856 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 2011/02/05 03:25:38.0458 222856 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2011/02/05 03:25:38.0489 222856 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2011/02/05 03:25:38.0521 222856 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 2011/02/05 03:25:38.0567 222856 MpFilter (c98301ad8173a2235a9ab828955c32bb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys 2011/02/05 03:25:38.0739 222856 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys 2011/02/05 03:25:38.0786 222856 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2011/02/05 03:25:38.0817 222856 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2011/02/05 03:25:38.0849 222856 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 2011/02/05 03:25:38.0927 222856 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2011/02/05 03:25:38.0989 222856 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2011/02/05 03:25:39.0036 222856 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 2011/02/05 03:25:39.0067 222856 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2011/02/05 03:25:39.0130 222856 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys 2011/02/05 03:25:39.0161 222856 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 2011/02/05 03:25:39.0208 222856 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 2011/02/05 03:25:39.0271 222856 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 2011/02/05 03:25:39.0317 222856 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 2011/02/05 03:25:39.0349 222856 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2011/02/05 03:25:39.0364 222856 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2011/02/05 03:25:39.0380 222856 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2011/02/05 03:25:39.0442 222856 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 2011/02/05 03:25:39.0458 222856 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 2011/02/05 03:25:39.0489 222856 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 2011/02/05 03:25:39.0567 222856 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys 2011/02/05 03:25:39.0583 222856 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 2011/02/05 03:25:39.0630 222856 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 2011/02/05 03:25:39.0692 222856 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys 2011/02/05 03:25:39.0755 222856 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2011/02/05 03:25:39.0911 222856 nv (1ce7d93aef58e902ee392e093ce012e0) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 2011/02/05 03:25:40.0114 222856 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2011/02/05 03:25:40.0161 222856 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2011/02/05 03:25:40.0208 222856 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 2011/02/05 03:25:40.0239 222856 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 2011/02/05 03:25:40.0271 222856 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 2011/02/05 03:25:40.0302 222856 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 2011/02/05 03:25:40.0333 222856 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 2011/02/05 03:25:40.0380 222856 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 2011/02/05 03:25:40.0505 222856 pelmouse (e541a80cdffd6077c761b4578efc0450) C:\WINDOWS\system32\DRIVERS\pelmouse.sys 2011/02/05 03:25:40.0552 222856 pelusblf (6432858a4493e906a7d61b9b17a0672a) C:\WINDOWS\system32\DRIVERS\pelusblf.sys 2011/02/05 03:25:40.0583 222856 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys 2011/02/05 03:25:40.0614 222856 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys 2011/02/05 03:25:40.0708 222856 pfc (6c1618a07b49e3873582b6449e744088) C:\WINDOWS\system32\drivers\pfc.sys 2011/02/05 03:25:40.0771 222856 pmem (dedef40e1d05842639491365cb2c069e) C:\WINDOWS\System32\drivers\pmemnt.sys 2011/02/05 03:25:40.0786 222856 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2011/02/05 03:25:40.0817 222856 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys 2011/02/05 03:25:40.0880 222856 psadd (fb4c54f3a168b178dabf15eebaed8276) C:\WINDOWS\system32\Drivers\psadd.sys 2011/02/05 03:25:40.0896 222856 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 2011/02/05 03:25:40.0942 222856 PSI (1df21f001f3a94eba4a2950c70cc358f) C:\WINDOWS\system32\DRIVERS\psi_mf.sys 2011/02/05 03:25:41.0005 222856 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2011/02/05 03:25:41.0036 222856 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys 2011/02/05 03:25:41.0067 222856 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys 2011/02/05 03:25:41.0099 222856 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys 2011/02/05 03:25:41.0130 222856 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys 2011/02/05 03:25:41.0161 222856 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys 2011/02/05 03:25:41.0192 222856 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys 2011/02/05 03:25:41.0224 222856 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2011/02/05 03:25:41.0255 222856 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2011/02/05 03:25:41.0286 222856 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2011/02/05 03:25:41.0333 222856 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2011/02/05 03:25:41.0505 222856 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2011/02/05 03:25:41.0614 222856 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2011/02/05 03:25:41.0661 222856 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 2011/02/05 03:25:41.0692 222856 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 2011/02/05 03:25:41.0724 222856 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 2011/02/05 03:25:41.0802 222856 RT73 (bf4709c002d632170dc15a282813d6b3) C:\WINDOWS\system32\DRIVERS\rt73.sys 2011/02/05 03:25:41.0880 222856 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2011/02/05 03:25:41.0911 222856 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 2011/02/05 03:25:41.0974 222856 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 2011/02/05 03:25:42.0005 222856 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 2011/02/05 03:25:42.0083 222856 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys 2011/02/05 03:25:42.0099 222856 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys 2011/02/05 03:25:42.0177 222856 smi2 (3ba9d0c8a0fbd9fb4029b6cd87c8ce0b) C:\Program Files\SMI2\smi2.sys 2011/02/05 03:25:42.0224 222856 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys 2011/02/05 03:25:42.0255 222856 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 2011/02/05 03:25:42.0317 222856 sptd (73205bd9a388639c210636793fe3fd61) C:\WINDOWS\system32\Drivers\sptd.sys 2011/02/05 03:25:42.0380 222856 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 2011/02/05 03:25:42.0442 222856 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys 2011/02/05 03:25:42.0489 222856 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 2011/02/05 03:25:42.0552 222856 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 2011/02/05 03:25:42.0567 222856 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 2011/02/05 03:25:42.0692 222856 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys 2011/02/05 03:25:42.0724 222856 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys 2011/02/05 03:25:42.0771 222856 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys 2011/02/05 03:25:42.0786 222856 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys 2011/02/05 03:25:42.0817 222856 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 2011/02/05 03:25:42.0864 222856 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2011/02/05 03:25:42.0927 222856 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 2011/02/05 03:25:42.0974 222856 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 2011/02/05 03:25:43.0021 222856 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 2011/02/05 03:25:43.0083 222856 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys 2011/02/05 03:25:43.0161 222856 tvtfilter (dd957007df98aecffaaa2656d4b981e4) C:\WINDOWS\system32\drivers\tvtfilter.sys 2011/02/05 03:25:43.0208 222856 TVTPktFilter (0727cce3ff1a4446f4a1d507361567ab) C:\WINDOWS\system32\DRIVERS\tvtpktfilter.sys 2011/02/05 03:25:43.0239 222856 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 2011/02/05 03:25:43.0255 222856 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys 2011/02/05 03:25:43.0333 222856 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 2011/02/05 03:25:43.0380 222856 USBAAPL (f340199e8cb097e1acd58a967c665919) C:\WINDOWS\system32\Drivers\usbaapl.sys 2011/02/05 03:25:43.0396 222856 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2011/02/05 03:25:43.0442 222856 USBCM (d21cde1c635bcc5053463579eee453cf) C:\WINDOWS\system32\DRIVERS\Sacm2A.sys 2011/02/05 03:25:43.0489 222856 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2011/02/05 03:25:43.0521 222856 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2011/02/05 03:25:43.0567 222856 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys 2011/02/05 03:25:43.0583 222856 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 2011/02/05 03:25:43.0614 222856 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 2011/02/05 03:25:43.0661 222856 usbsermpt (caad3467fbfae8a380f67e9c7150a85e) C:\WINDOWS\system32\DRIVERS\usbsermpt.sys 2011/02/05 03:25:43.0755 222856 usbsermptxp (49106ee29074e6a3d3ac9e24c6d791d8) C:\WINDOWS\system32\DRIVERS\usbsermptxp.sys 2011/02/05 03:25:43.0802 222856 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2011/02/05 03:25:43.0817 222856 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 2011/02/05 03:25:43.0849 222856 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 2011/02/05 03:25:43.0864 222856 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys 2011/02/05 03:25:43.0911 222856 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys 2011/02/05 03:25:43.0958 222856 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 2011/02/05 03:25:44.0005 222856 vsdatant (fa05489771db33572a79316942163388) C:\WINDOWS\system32\vsdatant.sys 2011/02/05 03:25:44.0083 222856 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2011/02/05 03:25:44.0130 222856 wceusbsh (46a247f6617526afe38b6f12f5512120) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys 2011/02/05 03:25:44.0192 222856 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 2011/02/05 03:25:44.0255 222856 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 2011/02/05 03:25:44.0317 222856 WIBUKEY (09ebc00530cc3493df55219d0da5e03a) C:\WINDOWS\system32\DRIVERS\Wibukey.sys 2011/02/05 03:25:44.0396 222856 winachsf (6f25b08ebbac9e02e6a0829f2c28999b) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 2011/02/05 03:25:44.0552 222856 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 2011/02/05 03:25:44.0583 222856 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 2011/02/05 03:25:44.0614 222856 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 2011/02/05 03:25:44.0755 222856 xusb21 (ee9144207ee0211eb5656ba6808ac4a0) C:\WINDOWS\system32\DRIVERS\xusb21.sys 2011/02/05 03:25:44.0817 222856 zumbus (21a96535dd0a118d5663e5adc5c90f9e) C:\WINDOWS\system32\DRIVERS\zumbus.sys 2011/02/05 03:25:45.0021 222856 ================================================================================ 2011/02/05 03:25:45.0021 222856 Scan finished 2011/02/05 03:25:45.0021 222856 ================================================================================ 2011/02/05 03:25:45.0036 222740 Detected object count: 1 2011/02/05 03:26:24.0036 222740 Avg7RsW (ed5aea72555cb0c09e918a74ce3113b1) C:\WINDOWS\System32\Drivers\avg7rsw.sys 2011/02/05 03:26:24.0036 222740 Suspicious file (Forged): C:\WINDOWS\System32\Drivers\avg7rsw.sys. Real md5: ed5aea72555cb0c09e918a74ce3113b1, Fake md5: d35863e693832153c157b8f604688197 2011/02/05 03:26:26.0255 222740 Backup copy not found, trying to cure infected file.. 2011/02/05 03:26:26.0255 222740 Cure success, using it.. 2011/02/05 03:26:26.0317 222740 C:\WINDOWS\System32\Drivers\avg7rsw.sys - will be cured after reboot 2011/02/05 03:26:26.0317 222740 Rootkit.Win32.TDSS.tdl3(Avg7RsW) - User select action: Cure 2011/02/05 03:26:29.0771 221376 Deinitialize success
  6. Fright
    Now the bar where the start button is all grey, like the older version of Windows. I'm assuming there's more to do, so I'll just wait for your reply before I jump the gun lol. Just thought I'd let you know.
  7. Fright
    ComboFix 11-01-31.02 - bobbileigh 02/04/2011 16:46:05.12.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.991.545 [GMT -6:00] Running from: c:\documents and settings\bobbileigh\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\bobbileigh\Desktop\CFScript.txt AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\bobbileigh\Local Settings\Application Data\{EAA8183D-4C08-43C4-8103-FE3DD862B05E} c:\documents and settings\bobbileigh\Local Settings\Application Data\{EAA8183D-4C08-43C4-8103-FE3DD862B05E}\chrome.manifest c:\documents and settings\bobbileigh\Local Settings\Application Data\{EAA8183D-4C08-43C4-8103-FE3DD862B05E}\chrome\content\_cfg.js c:\documents and settings\bobbileigh\Local Settings\Application Data\{EAA8183D-4C08-43C4-8103-FE3DD862B05E}\chrome\content\overlay.xul c:\documents and settings\bobbileigh\Local Settings\Application Data\{EAA8183D-4C08-43C4-8103-FE3DD862B05E}\install.rdf c:\windows\system32\Drivers\avg7rsw.sys . . . is infected!! . . . Failed to find a valid replacement. . ((((((((((((((((((((((((( Files Created from 2011-01-04 to 2011-02-04 ))))))))))))))))))))))))))))))) . 2011-02-04 20:48 . 2011-02-04 20:48 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4FB9178F-7D71-4EE3-B8A3-2178E0D6419A}\MpKsl410873b0.sys 2011-02-03 22:05 . 2011-01-13 09:41 5890896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4FB9178F-7D71-4EE3-B8A3-2178E0D6419A}\mpengine.dll 2011-01-06 18:32 . 2011-01-06 18:32 -------- d-----w- c:\documents and settings\matt\Local Settings\Application Data\ArcSoft 2011-01-06 18:32 . 2011-01-06 18:32 -------- d-----w- c:\documents and settings\matt\Application Data\Skinux 2011-01-06 18:31 . 2011-01-06 18:31 -------- d-----w- c:\documents and settings\matt\Application Data\ArcSoft . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-01-13 09:41 . 2010-03-14 03:16 5890896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2010-12-27 21:56 . 2010-12-27 21:56 388096 ----a-r- c:\documents and settings\bobbileigh\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-12-21 00:09 . 2009-12-06 06:23 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-12-21 00:08 . 2009-12-06 06:23 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-12-12 04:09 . 2010-12-12 04:09 134 ----a-w- c:\windows\system32\drivers\etc\hosts-perm.bat 2010-11-29 23:38 . 2010-11-29 23:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2010-11-29 23:38 . 2010-11-29 23:38 69632 ----a-w- c:\windows\system32\QuickTime.qts 2010-11-18 18:12 . 2006-04-30 05:32 81920 ------w- c:\windows\system32\isign32.dll 2010-11-09 14:52 . 2006-04-30 05:11 249856 ----a-w- c:\windows\system32\odbc32.dll 2009-12-10 07:11 . 2009-12-10 07:11 292864 ----a-w- c:\program files\ogi7888l.exe 2007-03-07 00:53 . 2007-03-07 00:53 774144 ------w- c:\program files\RngInterstitial.dll . ((((((((((((((((((((((((((((( SnapShot_2011-02-04_21.47.50 ))))))))))))))))))))))))))))))))))))))))) . + 2011-02-04 22:41 . 2011-02-04 22:41 16384 c:\windows\temp\Perflib_Perfdata_598.dat + 2011-02-04 22:41 . 2011-02-04 22:41 16384 c:\windows\temp\Perflib_Perfdata_39c.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AIM"="c:\program files\AIM7\aim.exe" [2010-12-07 4320600] "HijackThis startup scan"="c:\program files\Trend Micro\HijackThis\HijackThis.exe" [2010-03-26 388096] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Mouse Suite 98 Daemon"="ICO.EXE" [2005-04-13 49152] "TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2006-07-15 503808] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920] "LPManager"="c:\progra~1\Lenovo\LENOVO~2\LPMGR.exe" [2006-07-03 110592] "DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-05-18 196696] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-11-11 198160] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-02 7557120] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-08-09 221184] "ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424] "MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160] c:\documents and settings\bobbileigh\Start Menu\Programs\Startup\ Secunia PSI.lnk - c:\program files\Secunia\PSI\psi.exe [2010-7-21 965176] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-11-26 113664] Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696] Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2009-7-10 323584] Play Wireless USB Adapter Utility.lnk - c:\program files\Belkin\F7D4101\V1\PBN.exe [2009-11-25 110592] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader] 2006-01-11 01:01 106496 ------w- c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2008-01-15 09:22 267048 ------w- c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Octoshape Streaming Services] 2009-01-08 13:44 70936 ----a-w- c:\documents and settings\bobbileigh\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"= "c:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"= "c:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"= "c:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"= "c:\\Program Files\\AIM\\aim.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\WINDOWS\\system32\\rtcshare.exe"= "c:\\Program Files\\NetMeeting\\conf.exe"= "c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"= "c:\\Program Files\\Motorola\\Software Update\\msu.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "c:\\Program Files\\Last.fm\\LastFM.exe"= "c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\ThinkVantage\\AMSG\\Amsg.exe"= "c:\\WINDOWS\\system32\\FSRremoS.EXE"= "c:\\Program Files\\Grisoft\\AVG Free\\avgupsvc.exe"= "c:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "c:\\Documents and Settings\\bobbileigh\\Application Data\\Octoshape\\Octoshape Streaming Services\\OctoshapeClient.exe"= "c:\\Program Files\\AIM7\\aim.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "67:UDP"= 67:UDP:DHCP Discovery Service R2 MotoConnect Service;MotoConnect Service;c:\program files\Motorola\MotoConnectService\MotoConnectService.exe [6/24/2010 1:34 PM 91456] R2 smi2;smi2;c:\program files\SMI2\smi2.sys [7/14/2006 4:55 PM 3968] S1 MpKsl70a2501f;MpKsl70a2501f;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AD443F8E-7B6D-47C4-90F0-35F9BC1992B6}\MpKsl70a2501f.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AD443F8E-7B6D-47C4-90F0-35F9BC1992B6}\MpKsl70a2501f.sys [?] S2 WLANBelkinService;Belkin WLAN service;c:\program files\Belkin\F7D4101\V1\wlansrv.exe [12/28/2009 4:25 PM 36864] S3 BCMH43XX;N+ Wireless USB Adapter Driver;c:\windows\system32\drivers\bcmwlhigh5.sys [11/6/2009 7:26 AM 642432] S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys --> c:\windows\system32\DRIVERS\motodrv.sys [?] S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [7/7/2010 8:05 AM 14904] S3 PsSdk30;PsSdk30;\??\c:\windows\system32\Drivers\PsSdk30.drv --> c:\windows\system32\Drivers\PsSdk30.drv [?] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12/14/2006 10:04 PM 639224] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] getPlusHelper REG_MULTI_SZ getPlusHelper . Contents of the 'Scheduled Tasks' folder 2011-01-25 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34] 2011-02-04 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-26 02:40] . . ------- Supplementary Scan ------- . uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = <local> uSearchURL,(Default) = hxxp://www.google.com/search?q=%s FF - ProfilePath - c:\documents and settings\bobbileigh\Application Data\Mozilla\Firefox\Profiles\u4rcmdu5.default\ FF - prefs.js: browser.startup.homepage - www.facebook.com FF - prefs.js: network.proxy.type - 0 FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\bobbileigh\Application Data\Move Networks FF - user.js: network.protocol-handler.warn-external.dnupdate - false . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-02-04 17:06 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 5.1.2600 Disk: WDC_WD2500JS-08NCB1 rev.10.02E01 -> Harddisk0\DR0 -> \Device\Ide\IdePort2 P2T0L0-e device: opened successfully user: MBR read successfully Disk trace: called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86A9EEC5]<< c:\docume~1\BOBBIL~1\LOCALS~1\Temp\catchme.sys _asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x1c; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0x85e48872; SUB DWORD [EBP-0x4], 0x85e4812e; PUSH EDI; CALL 0xffffffffffffdf33; } 1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x86F57AB8] 3 CLASSPNP[0xF7580FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\0000007d[0x86F7DF18] 5 ACPI[0xF7417620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x86FC5030] [0x86BC8C60] -> IRP_MJ_CREATE -> 0x86A9EEC5 kernel: MBR read successfully _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [bP+0x0], CH; JL 0x2e; JNZ 0x3a; } detected disk devices: \Device\Ide\IdeDeviceP2T0L0-e -> \??\IDE#DiskWDC_WD2500JS-08NCB1_____________________10.02E01#5&1e8838a0&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found detected hooks: \Driver\atapi DriverStartIo -> 0x86A9EAEA user & kernel MBR OK sectors 488397166 (+255): user != kernel Warning: possible TDL3 rootkit infection ! ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet022\Services\PsSdk30] "ImagePath"="\??\c:\windows\system32\Drivers\PsSdk30.drv" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . Completion time: 2011-02-04 17:12:06 ComboFix-quarantined-files.txt 2011-02-04 23:11 ComboFix2.txt 2011-02-04 21:53 ComboFix3.txt 2010-12-24 07:33 ComboFix4.txt 2010-12-21 06:43 ComboFix5.txt 2011-02-04 22:33 Pre-Run: 32,066,396,160 bytes free Post-Run: 32,052,183,040 bytes free - - End Of File - - CE01657F670D0D921579479622EEFC9E
  8. Fright
    ComboFix 11-01-31.02 - bobbileigh 02/04/2011 15:27:07.11.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.991.546 [GMT -6:00] Running from: c:\documents and settings\bobbileigh\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Enabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\bobbileigh\Application Data\Adobe\AdobeUpdate .exe c:\documents and settings\bobbileigh\Application Data\Adobe\plugs c:\windows\system32\twunk_32.exe c:\windows\system32\Drivers\avg7rsw.sys . . . is infected!! . . . Failed to find a valid replacement. . ((((((((((((((((((((((((( Files Created from 2011-01-04 to 2011-02-04 ))))))))))))))))))))))))))))))) . 2011-02-04 20:48 . 2011-02-04 20:48 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4FB9178F-7D71-4EE3-B8A3-2178E0D6419A}\MpKsl410873b0.sys 2011-02-03 22:05 . 2011-01-13 09:41 5890896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4FB9178F-7D71-4EE3-B8A3-2178E0D6419A}\mpengine.dll 2011-01-06 18:32 . 2011-01-06 18:32 -------- d-----w- c:\documents and settings\matt\Local Settings\Application Data\ArcSoft 2011-01-06 18:32 . 2011-01-06 18:32 -------- d-----w- c:\documents and settings\matt\Application Data\Skinux 2011-01-06 18:31 . 2011-01-06 18:31 -------- d-----w- c:\documents and settings\matt\Application Data\ArcSoft . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-01-13 09:41 . 2010-03-14 03:16 5890896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2010-12-27 21:56 . 2010-12-27 21:56 388096 ----a-r- c:\documents and settings\bobbileigh\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-12-21 00:09 . 2009-12-06 06:23 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-12-21 00:08 . 2009-12-06 06:23 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-12-12 04:09 . 2010-12-12 04:09 134 ----a-w- c:\windows\system32\drivers\etc\hosts-perm.bat 2010-11-29 23:38 . 2010-11-29 23:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2010-11-29 23:38 . 2010-11-29 23:38 69632 ----a-w- c:\windows\system32\QuickTime.qts 2010-11-18 18:12 . 2006-04-30 05:32 81920 ------w- c:\windows\system32\isign32.dll 2010-11-09 14:52 . 2006-04-30 05:11 249856 ----a-w- c:\windows\system32\odbc32.dll 2009-12-10 07:11 . 2009-12-10 07:11 292864 ----a-w- c:\program files\ogi7888l.exe 2007-03-07 00:53 . 2007-03-07 00:53 774144 ------w- c:\program files\RngInterstitial.dll . ((((((((((((((((((((((((((((( SnapShot_2010-12-18_18.12.23 ))))))))))))))))))))))))))))))))))))))))) . + 2007-11-07 07:19 . 2007-11-07 07:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll + 2007-11-07 07:19 . 2007-11-07 07:19 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90kor.dll + 2007-11-07 07:19 . 2007-11-07 07:19 47104 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90jpn.dll + 2007-11-07 07:19 . 2007-11-07 07:19 59392 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90ita.dll + 2007-11-07 07:19 . 2007-11-07 07:19 60416 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90fra.dll + 2007-11-07 07:19 . 2007-11-07 07:19 59392 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90esp.dll + 2007-11-07 07:19 . 2007-11-07 07:19 59392 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90esn.dll + 2007-11-07 07:19 . 2007-11-07 07:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90enu.dll + 2007-11-07 07:19 . 2007-11-07 07:19 60928 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90deu.dll + 2007-11-07 07:19 . 2007-11-07 07:19 41984 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90cht.dll + 2007-11-07 07:19 . 2007-11-07 07:19 41472 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90chs.dll + 2007-11-07 04:51 . 2007-11-07 04:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_a173767a\mfcm90u.dll + 2007-11-07 04:51 . 2007-11-07 04:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_a173767a\mfcm90.dll + 2011-02-04 21:23 . 2011-02-04 21:23 16384 c:\windows\temp\Perflib_Perfdata_728.dat + 2011-02-04 21:23 . 2011-02-04 21:23 16384 c:\windows\temp\Perflib_Perfdata_5a4.dat + 2009-07-07 19:15 . 2010-12-22 07:50 35412 c:\windows\system32\Restore\rstrlog.dat + 2010-12-19 07:50 . 2008-12-11 19:26 60273 c:\windows\system32\pthreadGC2.dll + 2006-07-28 12:10 . 2009-12-21 20:42 15616 c:\windows\system32\mot_ci.dll + 2010-12-19 07:50 . 2008-12-18 01:22 57344 c:\windows\system32\ff_vfw.dll + 2010-12-19 07:44 . 2010-06-18 21:09 23936 c:\windows\system32\DRVSTORE\motport_4F4CBE1DF24686697EA24297424DF8E347630C56\motport.sys + 2010-12-19 07:44 . 2010-04-01 20:31 23424 c:\windows\system32\DRVSTORE\motousbnet_770BC1026CC54C2F3EBB8D43C100E1BE013A9284\Motousbnet.sys + 2010-12-19 07:44 . 2009-05-08 17:56 42752 c:\windows\system32\DRVSTORE\motodrv_9E3D9A40BFFF73BAD5B052681D43BC931352E639\motodrv.sys + 2010-12-19 07:44 . 2009-12-21 20:42 15616 c:\windows\system32\DRVSTORE\motodrv_9E3D9A40BFFF73BAD5B052681D43BC931352E639\mot_ci.dll + 2010-12-19 07:44 . 2009-07-10 19:01 25856 c:\windows\system32\DRVSTORE\motoandroi_281A0D1CF14FCFFB1B61021B981311BFDC53E1D2\motoandroid.sys + 2010-12-19 07:44 . 2010-06-18 21:09 23936 c:\windows\system32\DRVSTORE\motmodem_339FBB9A886D234C861F36407D0E4F9AF978E6CD\motmodem.sys + 2010-12-19 07:44 . 2010-06-18 20:41 19968 c:\windows\system32\DRVSTORE\motccgp_7B90A2F86B8D63041DA9D597F8E5A9C44922CD15\motccgp.sys + 2006-04-30 05:10 . 2010-08-17 13:17 58880 c:\windows\system32\dllcache\spoolsv.exe - 2010-08-17 13:17 . 2010-08-17 13:17 58880 c:\windows\system32\dllcache\spoolsv.exe + 2010-06-24 08:10 . 2011-01-06 09:01 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll - 2010-06-24 08:10 . 2010-09-29 08:01 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll + 2010-12-19 07:43 . 2010-12-19 07:43 85182 c:\windows\Installer\{7BB493F6-1E56-4748-B3A3-D7B1FB6EE2FE}\_7A8DFDDA16A557B2C4B697.exe + 2010-12-19 07:44 . 2010-01-26 01:56 9472 c:\windows\system32\DRVSTORE\motusbdevi_E42DBACAEBCECEBA9A8B12194BB5736D07B623F9\motusbdevice.sys + 2010-12-19 07:44 . 2007-11-02 21:51 6400 c:\windows\system32\DRVSTORE\motousbnet_770BC1026CC54C2F3EBB8D43C100E1BE013A9284\motswch.sys + 2010-12-19 07:44 . 2009-01-29 23:11 6016 c:\windows\system32\DRVSTORE\motousbnet_770BC1026CC54C2F3EBB8D43C100E1BE013A9284\motfilt.sys + 2010-12-19 07:44 . 2007-11-02 21:51 6400 c:\windows\system32\DRVSTORE\motccgp_7B90A2F86B8D63041DA9D597F8E5A9C44922CD15\motswch.sys + 2010-12-19 07:44 . 2009-01-29 23:18 8320 c:\windows\system32\DRVSTORE\motccgp_7B90A2F86B8D63041DA9D597F8E5A9C44922CD15\motccgpfl.sys + 2010-12-19 07:43 . 2010-12-19 07:43 7278 c:\windows\Installer\{7BB493F6-1E56-4748-B3A3-D7B1FB6EE2FE}\_6FEFF9B68218417F98F549.exe + 2010-12-19 07:43 . 2010-12-19 07:43 7278 c:\windows\Installer\{7BB493F6-1E56-4748-B3A3-D7B1FB6EE2FE}\_1C4C258407FCD759F84E91.exe + 2009-07-12 06:02 . 2009-07-12 06:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll + 2007-11-07 07:19 . 2007-11-07 07:19 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_312cf0e9\atl90.dll + 2010-12-19 07:44 . 2009-03-02 15:00 103552 c:\windows\system32\DRVSTORE\Moser_D7089C7835F0E7ECEC244A670740F4C8336E0FA1\Mousbser.sys + 2010-12-19 07:44 . 2009-03-02 15:00 103552 c:\windows\system32\DRVSTORE\Momdm_D7089C7835F0E7ECEC244A670740F4C8336E0FA1\Mousbser.sys + 2010-11-09 14:52 . 2010-11-09 14:52 249856 c:\windows\system32\dllcache\odbc32.dll + 2010-11-09 14:52 . 2010-11-09 14:52 102400 c:\windows\system32\dllcache\msjro.dll + 2010-11-09 14:52 . 2010-11-09 14:52 200704 c:\windows\system32\dllcache\msadox.dll + 2010-11-09 14:52 . 2010-11-09 14:52 180224 c:\windows\system32\dllcache\msadomd.dll + 2010-11-09 14:52 . 2010-11-09 14:52 536576 c:\windows\system32\dllcache\msado15.dll + 2010-11-09 14:52 . 2010-11-09 14:52 143360 c:\windows\system32\dllcache\msadco.dll + 2010-12-20 09:00 . 2010-12-20 09:00 195584 c:\windows\Installer\792f0f9.msi + 2010-12-19 07:51 . 2010-12-19 07:51 228352 c:\windows\Installer\2262462.msi + 2010-12-19 07:43 . 2010-12-19 07:43 212480 c:\windows\Installer\2262457.msi + 2007-11-07 07:19 . 2007-11-07 07:19 1162744 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_a173767a\mfc90u.dll + 2007-11-07 07:19 . 2007-11-07 07:19 1156600 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_a173767a\mfc90.dll + 2010-12-19 07:44 . 2008-03-27 23:49 1112288 c:\windows\system32\DRVSTORE\motusbdevi_E42DBACAEBCECEBA9A8B12194BB5736D07B623F9\wdfcoinstaller01007.dll + 2010-12-19 07:44 . 2008-03-27 23:49 1112288 c:\windows\system32\DRVSTORE\motport_4F4CBE1DF24686697EA24297424DF8E347630C56\wdfcoinstaller01007.dll + 2010-12-19 07:44 . 2008-03-27 23:49 1112288 c:\windows\system32\DRVSTORE\motousbnet_770BC1026CC54C2F3EBB8D43C100E1BE013A9284\wdfcoinstaller01007.dll + 2010-12-19 07:44 . 2008-03-27 23:49 1112288 c:\windows\system32\DRVSTORE\motoandroi_281A0D1CF14FCFFB1B61021B981311BFDC53E1D2\wdfcoinstaller01007.dll + 2010-12-19 07:44 . 2008-03-27 23:49 1112288 c:\windows\system32\DRVSTORE\motmodem_339FBB9A886D234C861F36407D0E4F9AF978E6CD\wdfcoinstaller01007.dll + 2010-12-19 07:44 . 2008-03-27 23:49 1112288 c:\windows\system32\DRVSTORE\motccgp_7B90A2F86B8D63041DA9D597F8E5A9C44922CD15\wdfcoinstaller01007.dll + 2010-12-27 21:56 . 2010-12-27 21:56 1094656 c:\windows\Installer\ac7b9.msi + 2010-12-12 05:45 . 2011-01-13 09:01 37403080 c:\windows\system32\MRT.exe + 2011-01-06 09:00 . 2011-01-06 09:00 20304384 c:\windows\Installer\caf408b.msp . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AIM"="c:\program files\AIM7\aim.exe" [2010-12-07 4320600] "HijackThis startup scan"="c:\program files\Trend Micro\HijackThis\HijackThis.exe" [2010-03-26 388096] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Mouse Suite 98 Daemon"="ICO.EXE" [2005-04-13 49152] "TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2006-07-15 503808] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920] "LPManager"="c:\progra~1\Lenovo\LENOVO~2\LPMGR.exe" [2006-07-03 110592] "DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-05-18 196696] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-11-11 198160] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-02 7557120] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-08-09 221184] "ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424] "MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160] c:\documents and settings\bobbileigh\Start Menu\Programs\Startup\ Secunia PSI.lnk - c:\program files\Secunia\PSI\psi.exe [2010-7-21 965176] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-11-26 113664] Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696] Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2009-7-10 323584] Play Wireless USB Adapter Utility.lnk - c:\program files\Belkin\F7D4101\V1\PBN.exe [2009-11-25 110592] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader] 2006-01-11 01:01 106496 ------w- c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2008-01-15 09:22 267048 ------w- c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Octoshape Streaming Services] 2009-01-08 13:44 70936 ----a-w- c:\documents and settings\bobbileigh\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"= "c:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"= "c:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"= "c:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"= "c:\\Program Files\\AIM\\aim.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\WINDOWS\\system32\\rtcshare.exe"= "c:\\Program Files\\NetMeeting\\conf.exe"= "c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"= "c:\\Program Files\\Motorola\\Software Update\\msu.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "c:\\Program Files\\Last.fm\\LastFM.exe"= "c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\ThinkVantage\\AMSG\\Amsg.exe"= "c:\\WINDOWS\\system32\\FSRremoS.EXE"= "c:\\Program Files\\Grisoft\\AVG Free\\avgupsvc.exe"= "c:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "c:\\Documents and Settings\\bobbileigh\\Application Data\\Octoshape\\Octoshape Streaming Services\\OctoshapeClient.exe"= "c:\\Program Files\\AIM7\\aim.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "67:UDP"= 67:UDP:DHCP Discovery Service R2 MotoConnect Service;MotoConnect Service;c:\program files\Motorola\MotoConnectService\MotoConnectService.exe [6/24/2010 1:34 PM 91456] R2 smi2;smi2;c:\program files\SMI2\smi2.sys [7/14/2006 4:55 PM 3968] S1 MpKsl70a2501f;MpKsl70a2501f;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AD443F8E-7B6D-47C4-90F0-35F9BC1992B6}\MpKsl70a2501f.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AD443F8E-7B6D-47C4-90F0-35F9BC1992B6}\MpKsl70a2501f.sys [?] S2 WLANBelkinService;Belkin WLAN service;c:\program files\Belkin\F7D4101\V1\wlansrv.exe [12/28/2009 4:25 PM 36864] S3 BCMH43XX;N+ Wireless USB Adapter Driver;c:\windows\system32\drivers\bcmwlhigh5.sys [11/6/2009 7:26 AM 642432] S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys --> c:\windows\system32\DRIVERS\motodrv.sys [?] S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [7/7/2010 8:05 AM 14904] S3 PsSdk30;PsSdk30;\??\c:\windows\system32\Drivers\PsSdk30.drv --> c:\windows\system32\Drivers\PsSdk30.drv [?] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12/14/2006 10:04 PM 639224] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] getPlusHelper REG_MULTI_SZ getPlusHelper . Contents of the 'Scheduled Tasks' folder 2011-01-25 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34] 2011-02-04 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-26 02:40] . . ------- Supplementary Scan ------- . uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = <local> uInternet Settings,ProxyServer = http=127.0.0.1:5577 uSearchURL,(Default) = hxxp://www.google.com/search?q=%s FF - ProfilePath - c:\documents and settings\bobbileigh\Application Data\Mozilla\Firefox\Profiles\u4rcmdu5.default\ FF - prefs.js: browser.startup.homepage - www.facebook.com FF - prefs.js: network.proxy.http - 127.0.0.1 FF - prefs.js: network.proxy.http_port - 5577 FF - prefs.js: network.proxy.type - 0 FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - Ext: XULRunner: {EAA8183D-4C08-43C4-8103-FE3DD862B05E} - c:\documents and settings\bobbileigh\Local Settings\Application Data\{EAA8183D-4C08-43C4-8103-FE3DD862B05E} FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\bobbileigh\Application Data\Move Networks FF - user.js: network.protocol-handler.warn-external.dnupdate - false . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-02-04 15:47 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 5.1.2600 Disk: WDC_WD2500JS-08NCB1 rev.10.02E01 -> Harddisk0\DR0 -> \Device\Ide\IdePort2 P2T0L0-e device: opened successfully user: MBR read successfully Disk trace: called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86AAAEC5]<< c:\docume~1\BOBBIL~1\LOCALS~1\Temp\catchme.sys _asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x1c; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0x85e48872; SUB DWORD [EBP-0x4], 0x85e4812e; PUSH EDI; CALL 0xffffffffffffdf33; } 1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x86F57AB8] 3 CLASSPNP[0xF7580FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\0000007d[0x86FDE2D8] 5 ACPI[0xF7417620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x86FC5030] [0x86CFD4C0] -> IRP_MJ_CREATE -> 0x86AAAEC5 kernel: MBR read successfully _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [bP+0x0], CH; JL 0x2e; JNZ 0x3a; } detected disk devices: \Device\Ide\IdeDeviceP2T0L0-e -> \??\IDE#DiskWDC_WD2500JS-08NCB1_____________________10.02E01#5&1e8838a0&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found detected hooks: \Driver\atapi DriverStartIo -> 0x86AAAAEA user & kernel MBR OK sectors 488397166 (+255): user != kernel Warning: possible TDL3 rootkit infection ! ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet022\Services\PsSdk30] "ImagePath"="\??\c:\windows\system32\Drivers\PsSdk30.drv" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . Completion time: 2011-02-04 15:53:34 ComboFix-quarantined-files.txt 2011-02-04 21:53 ComboFix2.txt 2010-12-24 07:33 ComboFix3.txt 2010-12-21 06:43 ComboFix4.txt 2010-12-18 18:15 ComboFix5.txt 2011-02-04 08:33 Pre-Run: 32,060,919,808 bytes free Post-Run: 32,067,661,824 bytes free - - End Of File - - 12A8916DD62DC2B4A52880A3ABF5172D
  9. Fright
    OTL Extras logfile created on: 2/4/2011 2:25:53 AM - Run 4 OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\bobbileigh\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 991.00 Mb Total Physical Memory | 397.00 Mb Available Physical Memory | 40.00% Memory free 2.00 Gb Paging File | 1.00 Gb Available in Paging File | 63.00% Paging File free Paging file location(s): C:\pagefile.sys 1488 2976 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 228.49 Gb Total Space | 29.91 Gb Free Space | 13.09% Space Free | Partition Type: NTFS Computer Name: LENOVO-B3862E77 | User Name: bobbileigh | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusOverride" = 0 "FirewallOverride" = 0 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10244:TCP" = 10244:TCP:LocalSubNet:Enabled:Zune Network Sharing Service "10285:UDP" = 10285:UDP:LocalSubNet:Enabled:Zune Network Sharing Service "10286:UDP" = 10286:UDP:LocalSubNet:Enabled:Zune Network Sharing Service "10287:UDP" = 10287:UDP:LocalSubNet:Enabled:Zune Network Sharing Service "10288:UDP" = 10288:UDP:LocalSubNet:Enabled:Zune Network Sharing Service "10289:UDP" = 10289:UDP:LocalSubNet:Enabled:Zune Network Sharing Service "26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002 "10244:TCP" = 10244:TCP:LocalSubNet:Enabled:Zune Network Sharing Service "10285:UDP" = 10285:UDP:LocalSubNet:Enabled:Zune Network Sharing Service "10286:UDP" = 10286:UDP:LocalSubNet:Enabled:Zune Network Sharing Service "10287:UDP" = 10287:UDP:LocalSubNet:Enabled:Zune Network Sharing Service "10288:UDP" = 10288:UDP:LocalSubNet:Enabled:Zune Network Sharing Service "10289:UDP" = 10289:UDP:LocalSubNet:Enabled:Zune Network Sharing Service "26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service "3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009 "67:UDP" = 67:UDP:*:Enabled:DHCP Discovery Service ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) "C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation) "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation) "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Grisoft\AVG Free\avginet.exe" = C:\Program Files\Grisoft\AVG Free\avginet.exe:*:Enabled:avginet.exe -- (GRISOFT, s.r.o.) "C:\Program Files\Grisoft\AVG Free\avgamsvr.exe" = C:\Program Files\Grisoft\AVG Free\avgamsvr.exe:*:Enabled:avgamsvr.exe -- (GRISOFT, s.r.o.) "C:\Program Files\Grisoft\AVG Free\avgcc.exe" = C:\Program Files\Grisoft\AVG Free\avgcc.exe:*:Enabled:avgcc.exe -- (GRISOFT, s.r.o.) "C:\Program Files\Grisoft\AVG Free\avgemc.exe" = C:\Program Files\Grisoft\AVG Free\avgemc.exe:*:Enabled:avgemc.exe -- (GRISOFT, s.r.o.) "C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.) "C:\WINDOWS\system32\rtcshare.exe" = C:\WINDOWS\system32\rtcshare.exe:*:Enabled:RTC App Sharing -- (Microsoft Corporation) "C:\Program Files\NetMeeting\conf.exe" = C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows
  10. Fright
    I do not see a extra.txt
  11. Fright
    OTL logfile created on: 2/3/2011 4:02:10 PM - Run 3 OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\bobbileigh\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 991.00 Mb Total Physical Memory | 292.00 Mb Available Physical Memory | 29.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 67.00% Paging File free Paging file location(s): C:\pagefile.sys 1488 2976 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 228.49 Gb Total Space | 29.61 Gb Free Space | 12.96% Space Free | Partition Type: NTFS Computer Name: LENOVO-B3862E77 | User Name: bobbileigh | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\bobbileigh\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\AIM7\aim.exe (AOL Inc.) PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) PRC - C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation) PRC - C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe () PRC - C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe (Motorola) PRC - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation) PRC - c:\Program Files\Microsoft Security Essentials\MpCmdRun.exe (Microsoft Corporation) PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) PRC - C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\Belkin\F7D4101\V1\PBN.exe () PRC - c:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) PRC - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Grisoft\AVG Free\avgupsvc.exe (GRISOFT, s.r.o.) PRC - C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft ActiveSync\rapimgr.exe (Microsoft Corporation) PRC - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation) PRC - C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited) PRC - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe (Lenovo Group Limited) PRC - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe (Lenovo Group Limited) PRC - C:\Program Files\Common Files\Lenovo\Logger\logmon.exe () PRC - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe () PRC - c:\Program Files\Lenovo\System Update\SUService.exe ( ) PRC - C:\Program Files\Lenovo\LenovoCare\LPMGR.EXE (Lenovo Group Limited) PRC - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation) PRC - C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation) PRC - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe () PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation) PRC - C:\WINDOWS\system32\ico.exe (Primax Electronics Ltd.) PRC - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe () PRC - C:\WINDOWS\system32\FSRremoS.EXE () ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\bobbileigh\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\msvbvm60.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\dinput.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- File not found SRV - (KodakCCS) -- File not found SRV - (AppMgmt) -- File not found SRV - (MotoConnect Service) -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe () SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation) SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (WLANBelkinService) -- C:\Program Files\Belkin\F7D4101\V1\wlansrv.exe () SRV - (getPlusHelper) getPlus® -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.) SRV - (AVGEMS) -- C:\Program Files\Grisoft\AVG Free\avgemc.exe (GRISOFT, s.r.o.) SRV - (Avg7Alrt) -- C:\Program Files\Grisoft\AVG Free\avgamsvr.exe (GRISOFT, s.r.o.) SRV - (Avg7UpdSvc) -- C:\Program Files\Grisoft\AVG Free\avgupsvc.exe (GRISOFT, s.r.o.) SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE (Symantec Corporation) SRV - (Automatic LiveUpdate Scheduler) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation) SRV - (TVT Scheduler) -- C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe (Lenovo Group Limited) SRV - (TVT Backup Service) -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe (Lenovo Group Limited) SRV - (ThinkVantage Registry Monitor Service) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe () SRV - (SUService) -- c:\Program Files\Lenovo\System Update\SUService.exe ( ) SRV - (PsaSrv) -- C:\WINDOWS\system32\psasrv.exe () SRV - (Diskeeper) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation) SRV - (lxcf_device) -- C:\WINDOWS\System32\lxcfcoms.exe ( ) SRV - (Belkin Wireless USB Network Adapter Service) -- C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe () SRV - (MSSQL$SONY_MEDIAMGR) -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (Microsoft Corporation) SRV - (SQLAgent$SONY_MEDIAMGR) -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (MpKsl0e103f17) -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AD443F8E-7B6D-47C4-90F0-35F9BC1992B6}\MpKsl0e103f17.sys (Microsoft Corporation) DRV - (MpKsl70a2501f) -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AD443F8E-7B6D-47C4-90F0-35F9BC1992B6}\MpKsl70a2501f.sys (Microsoft Corporation) DRV - (PSI) -- C:\WINDOWS\system32\drivers\psi_mf.sys (Secunia) DRV - (psadd) -- C:\WINDOWS\system32\drivers\psadd.sys (Lenovo) DRV - (BCMH43XX) -- C:\WINDOWS\system32\drivers\bcmwlhigh5.sys (Broadcom Corporation) DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation) DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.) DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider) DRV - (AvgClean) -- C:\WINDOWS\System32\Drivers\avgclean.sys (GRISOFT, s.r.o.) DRV - (usbsermpt) -- C:\WINDOWS\system32\drivers\usbsermpt.sys (Microsoft Corporation) DRV - (Avg7Core) -- C:\WINDOWS\System32\Drivers\avg7core.sys (GRISOFT, s.r.o.) DRV - (xusb21) -- C:\WINDOWS\system32\drivers\xusb21.sys (Microsoft Corporation) DRV - (Avg7RsXP) -- C:\WINDOWS\System32\Drivers\avg7rsxp.sys (GRISOFT, s.r.o.) DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Zone Labs, LLC) DRV - (sptd) -- C:\WINDOWS\system32\drivers\sptd.sys (Duplex Secure Ltd.) DRV - (AvgTdi) -- C:\WINDOWS\System32\Drivers\avgtdi.sys (GRISOFT, s.r.o.) DRV - (Avg7RsW) -- C:\WINDOWS\System32\Drivers\avg7rsw.sys () DRV - (pmem) -- C:\WINDOWS\system32\drivers\pmemnt.sys (Microsoft Corporation) DRV - (tvtfilter) -- C:\WINDOWS\system32\drivers\tvtfilter.sys (Lenovo) DRV - (TVTPktFilter) -- C:\WINDOWS\system32\drivers\tvtpktfilter.sys (Lenovo Group Limited) DRV - (smi2) -- C:\Program Files\SMI2\smi2.sys (IBM Corp.) DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.) DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.) DRV - (ADIHdAudAddService) -- C:\WINDOWS\system32\drivers\ADIHdAud.sys (Analog Devices, Inc.) DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation) DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation) DRV - (iaStor) -- C:\WINDOWS\system32\DRIVERS\iaStor.sys (Intel Corporation) DRV - (RT73) -- C:\WINDOWS\system32\drivers\rt73.sys (Ralink Technology, Corp.) DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\Hdaudio.sys (Windows ® Server 2003 DDK provider) DRV - (USBCM) -- C:\WINDOWS\system32\drivers\Sacm2A.sys ( ) DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.) DRV - (Iviaspi) -- C:\WINDOWS\system32\drivers\iviaspi.sys (InterVideo, Inc.) DRV - (pelusblf) -- C:\WINDOWS\system32\drivers\PELUSBLF.SYS (Primax Electronics Ltd.) DRV - (pelmouse) -- C:\WINDOWS\system32\drivers\PELMOUSE.SYS (Primax Electronics Ltd.) DRV - (WIBUKEY) -- C:\WINDOWS\system32\drivers\Wibukey.sys (WIBU-SYSTEMS AG) DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.) DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic) DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic) DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic) DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.) DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.) DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation) DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation) DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation) DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation) DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.) DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.) DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.) DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (G400) -- C:\WINDOWS\system32\drivers\G400m.sys (Matrox Graphics Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-296326354-2807299508-1748536991-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/ IE - HKU\S-1-5-21-296326354-2807299508-1748536991-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-296326354-2807299508-1748536991-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-21-296326354-2807299508-1748536991-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "www.facebook.com" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7 FF - prefs.js..extensions.enabledItems: {EAA8183D-4C08-43C4-8103-FE3DD862B05E}:1.9.1 FF - prefs.js..network.proxy.http: "127.0.0.1" FF - prefs.js..network.proxy.http_port: 5577 FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1" FF - prefs.js..network.proxy.type: 0 FF - HKLM\software\mozilla\Firefox\Extensions\\{EAA8183D-4C08-43C4-8103-FE3DD862B05E}: C:\Documents and Settings\bobbileigh\Local Settings\Application Data\{EAA8183D-4C08-43C4-8103-FE3DD862B05E} [2010/12/27 15:40:08 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/13 18:05:37 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/11 22:51:55 | 000,000,000 | ---D | M] [2010/12/05 00:19:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\bobbileigh\Application Data\Mozilla\Extensions [2010/12/05 00:19:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\bobbileigh\Application Data\Mozilla\Firefox\Profiles\u4rcmdu5.default\extensions [2011/01/30 23:26:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010/06/27 17:47:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010/02/17 22:43:15 | 000,000,000 | ---D | M] (Move Media Player) -- C:\DOCUMENTS AND SETTINGS\BOBBILEIGH\APPLICATION DATA\MOVE NETWORKS [2010/12/27 15:40:08 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\BOBBILEIGH\LOCAL SETTINGS\APPLICATION DATA\{EAA8183D-4C08-43C4-8103-FE3DD862B05E} [2010/06/27 17:47:06 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2010/06/27 17:47:05 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2007/03/06 18:53:21 | 000,024,576 | ---- | M] (RealNetworks) -- C:\Program Files\Mozilla Firefox\plugins\npgcplug.dll [2005/12/05 22:31:00 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll [2005/04/27 14:10:49 | 000,102,400 | ---- | M] (RealNetworks) -- C:\Program Files\Mozilla Firefox\plugins\npracplug.dll O1 HOSTS File: ([2010/12/21 00:36:27 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [DiskeeperSystray] C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation) O4 - HKLM..\Run: [iSUSPM Startup] c:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [iSUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [LPManager] C:\Program Files\Lenovo\LenovoCare\LPMGR.EXE (Lenovo Group Limited) O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\WINDOWS\System32\ico.exe (Primax Electronics Ltd.) O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited) O4 - HKU\S-1-5-21-296326354-2807299508-1748536991-1006..\Run: [AIM] C:\Program Files\AIM7\aim.exe (AOL Inc.) O4 - HKU\S-1-5-21-296326354-2807299508-1748536991-1006..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-296326354-2807299508-1748536991-1006..\Run: [HijackThis startup scan] C:\Program Files\Trend Micro\HijackThis\HijackThis.exe (Trend Micro Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Play Wireless USB Adapter Utility.lnk = C:\Program Files\Belkin\F7D4101\V1\PBN.exe () O4 - Startup: C:\Documents and Settings\bobbileigh\Start Menu\Programs\Startup\Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe (Secunia) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-296326354-2807299508-1748536991-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-296326354-2807299508-1748536991-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-296326354-2807299508-1748536991-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-296326354-2807299508-1748536991-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.) O9 - Extra Button: System Update - {DA320635-F48C-4613-8325-D75A933C549E} - C:\Program Files\Lenovo\System Update\sulauncher.exe () O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase6087.cab (Windows Live Safety Center Base Module) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photo...ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Documents and Settings\bobbileigh\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\bobbileigh\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/04/29 23:36:18 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011/02/03 16:01:44 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\bobbileigh\Desktop\OTL.exe [2011/01/28 22:25:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bobbileigh\Desktop\Mixfortheroad [2011/01/10 08:26:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bobbileigh\Desktop\Paul_Wall-Politics_As_Usual-2011-FiH [2011/01/06 17:18:53 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\bobbileigh\Recent [2007/03/06 18:53:25 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll [2007/02/03 17:25:41 | 001,183,744 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcfserv.dll [2007/02/03 17:25:41 | 001,134,592 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcfusb1.dll [2007/02/03 17:25:41 | 000,155,648 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcfprox.dll [2007/02/03 17:25:40 | 000,114,688 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcfpplc.dll [2007/02/03 17:25:39 | 000,704,512 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcfcomc.dll [2007/02/03 17:25:39 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcfcomm.dll [2007/02/03 17:25:38 | 000,483,328 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcflmpm.dll [2006/11/25 18:18:56 | 000,015,429 | R--- | C] ( ) -- C:\WINDOWS\System32\drivers\Sacm2A.sys [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011/02/03 16:01:29 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\bobbileigh\Desktop\OTL.exe [2011/02/03 15:59:46 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job [2011/02/03 15:55:42 | 000,050,257 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2011/02/03 15:54:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011/02/03 15:54:16 | 1038,790,656 | -HS- | M] () -- C:\hiberfil.sys [2011/02/03 15:31:30 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011/01/30 22:46:19 | 000,002,425 | ---- | M] () -- C:\Documents and Settings\bobbileigh\Desktop\Paint Shop Pro 7.lnk [2011/01/28 03:02:24 | 000,041,043 | ---- | M] () -- C:\Documents and Settings\bobbileigh\Desktop\adda0565e9ffb13033a33d952517103c.jpg [2011/01/28 02:20:28 | 000,164,986 | ---- | M] () -- C:\Documents and Settings\bobbileigh\Desktop\VonMax_VM4_51710_LG.jpg [2011/01/27 12:59:52 | 000,053,248 | ---- | M] () -- C:\Documents and Settings\bobbileigh\Desktop\Matts Resume.doc [2011/01/26 01:46:04 | 000,287,085 | ---- | M] () -- C:\Documents and Settings\bobbileigh\Desktop\testgrille.jpg [2011/01/26 01:30:45 | 000,091,388 | ---- | M] () -- C:\Documents and Settings\bobbileigh\Desktop\chargerpics025.jpg [2011/01/25 16:49:19 | 001,014,550 | ---- | M] () -- C:\Documents and Settings\bobbileigh\Desktop\2011-01-25_16-30-58_979.jpg [2011/01/25 16:47:47 | 001,207,876 | ---- | M] () -- C:\Documents and Settings\bobbileigh\Desktop\2011-01-25_16-31-06_895.jpg [2011/01/25 16:47:27 | 001,018,063 | ---- | M] () -- C:\Documents and Settings\bobbileigh\Desktop\2011-01-25_16-31-15_153.jpg [2011/01/25 11:37:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2011/01/22 22:44:38 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\bobbileigh\Desktop\ArenaSeason5.xls [2011/01/13 12:47:43 | 000,012,990 | ---- | M] () -- C:\Documents and Settings\bobbileigh\Desktop\438.gif [2011/01/13 03:05:02 | 000,000,175 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI [2011/01/12 23:31:08 | 000,088,576 | ---- | M] () -- C:\Documents and Settings\bobbileigh\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/01/11 00:43:21 | 000,002,457 | ---- | M] () -- C:\Documents and Settings\bobbileigh\Desktop\HiJackThis.lnk [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2011/01/28 03:02:24 | 000,041,043 | ---- | C] () -- C:\Documents and Settings\bobbileigh\Desktop\adda0565e9ffb13033a33d952517103c.jpg [2011/01/28 02:20:27 | 000,164,986 | ---- | C] () -- C:\Documents and Settings\bobbileigh\Desktop\VonMax_VM4_51710_LG.jpg [2011/01/27 12:59:51 | 000,053,248 | ---- | C] () -- C:\Documents and Settings\bobbileigh\Desktop\Matts Resume.doc [2011/01/26 01:44:10 | 000,287,085 | ---- | C] () -- C:\Documents and Settings\bobbileigh\Desktop\testgrille.jpg [2011/01/26 01:30:44 | 000,091,388 | ---- | C] () -- C:\Documents and Settings\bobbileigh\Desktop\chargerpics025.jpg [2011/01/25 16:49:18 | 001,014,550 | ---- | C] () -- C:\Documents and Settings\bobbileigh\Desktop\2011-01-25_16-30-58_979.jpg [2011/01/25 16:47:51 | 001,207,876 | ---- | C] () -- C:\Documents and Settings\bobbileigh\Desktop\2011-01-25_16-31-06_895.jpg [2011/01/25 16:47:26 | 001,018,063 | ---- | C] () -- C:\Documents and Settings\bobbileigh\Desktop\2011-01-25_16-31-15_153.jpg [2011/01/22 05:23:42 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\bobbileigh\Desktop\ArenaSeason5.xls [2011/01/13 12:48:19 | 000,012,990 | ---- | C] () -- C:\Documents and Settings\bobbileigh\Desktop\438.gif [2011/01/11 01:16:26 | 1038,790,656 | -HS- | C] () -- C:\hiberfil.sys [2010/12/19 01:50:29 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2010/12/11 23:49:16 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI [2010/05/23 18:05:00 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\bobbileigh\Local Settings\Application Data\housecall.guid.cache [2010/03/02 20:16:24 | 000,016,030 | -HS- | C] () -- C:\Documents and Settings\bobbileigh\Local Settings\Application Data\6ENTSxRMA8c1v3wk4Gosy8f4p7 [2010/03/02 20:10:24 | 000,011,264 | -HS- | C] () -- C:\Documents and Settings\bobbileigh\Local Settings\Application Data\U4E5P2rdp [2010/03/02 19:57:21 | 000,013,132 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\U4E5P2rdp [2009/12/10 01:11:19 | 000,292,864 | ---- | C] () -- C:\Program Files\ogi7888l.exe [2009/11/11 08:44:10 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2009/10/06 00:13:30 | 030,925,707 | -HS- | C] () -- C:\WINDOWS\System32\acelpdecs.sys [2009/10/04 15:02:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\1031r.sys [2008/03/14 21:55:59 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\bobbileigh\Application Data\$_hpcst$.hpc [2007/05/26 19:55:23 | 000,077,895 | ---- | C] () -- C:\WINDOWS\System32\unibus_tcutil.dll [2007/03/23 00:19:23 | 000,088,576 | ---- | C] () -- C:\Documents and Settings\bobbileigh\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007/02/03 17:25:42 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxcfvs.dll [2006/12/26 22:49:40 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll [2006/12/26 22:48:25 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll [2006/12/26 22:48:25 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll [2006/12/26 22:48:25 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll [2006/12/19 02:10:48 | 000,001,359 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache [2006/12/14 20:52:37 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2006/12/14 20:42:55 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll [2006/12/10 22:38:12 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\bobbileigh\Application Data\PFP120JPR.{PB [2006/12/10 22:38:12 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\bobbileigh\Application Data\PFP120JCM.{PB [2006/11/26 10:33:47 | 000,004,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\avg7rsw.sys [2006/11/26 10:22:53 | 000,006,580 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys [2006/11/26 10:22:53 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\E59962D3AE.sys [2006/11/25 21:18:17 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini [2006/11/25 20:11:25 | 000,000,518 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\tvt_userinfo.ini [2006/11/25 19:38:13 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\B11gUSB.dll [2006/11/25 19:38:12 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll [2006/11/25 18:18:56 | 000,053,693 | R--- | C] () -- C:\WINDOWS\UNDPX2A.sys [2006/11/25 18:01:43 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\bobbileigh\Local Settings\Application Data\fusioncache.dat [2006/10/13 18:07:49 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2006/10/13 17:53:12 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys [2006/10/13 17:50:32 | 000,000,970 | ---- | C] () -- C:\WINDOWS\WININIT.INI [2006/10/13 17:49:03 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2006/10/13 17:49:03 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2006/10/13 17:49:03 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2006/10/13 17:49:03 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2006/10/13 17:49:03 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2006/10/13 17:49:03 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll [2006/10/13 17:44:37 | 000,005,528 | ---- | C] () -- C:\WINDOWS\System32\Setup2k.ini [2006/10/13 17:44:37 | 000,000,296 | ---- | C] () -- C:\WINDOWS\System32\presetup.ini [2006/10/13 17:44:36 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\FSRremoC.DLL [2006/10/13 17:38:03 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2006/10/13 17:38:03 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2006/10/13 17:38:03 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2006/10/13 17:38:03 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2006/10/13 17:38:03 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll [2006/07/26 20:05:58 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2006/04/30 00:05:41 | 000,004,670 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2006/04/29 23:48:13 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini [2006/04/29 23:11:32 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll [2006/04/29 23:11:32 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll [2006/04/29 23:11:32 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll [2006/04/29 23:11:32 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll [2006/04/29 23:11:32 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll [2006/04/29 16:24:50 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI ========== LOP Check ========== [2006/11/25 20:13:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.LENOVO-B3862E77\Application Data\Lenovo [2006/10/13 18:06:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.LENOVO-B3862E77\Application Data\ThinkVantage [2008/10/01 18:31:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore [2010/12/11 22:35:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM [2007/06/10 18:54:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Aliasworlds [2009/12/13 19:53:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Artist Colony [2009/11/08 20:27:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg7 [2010/12/11 21:43:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\bImBg06301 [2009/11/08 20:27:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Borland [2007/12/04 20:06:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software [2009/01/18 15:50:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DivoGames [2007/02/22 16:11:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\element5 [2007/08/27 17:49:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Escape From Paradise [2008/08/23 14:01:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreshGames [2007/11/15 18:49:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fugazo [2007/06/04 12:07:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse [2009/03/09 17:31:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii [2009/11/08 21:19:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft [2007/09/10 15:15:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HipSoft [2007/03/05 21:04:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InterVideo [2009/03/15 14:16:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin Games [2007/11/02 16:25:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Legacy Interactive [2009/11/08 20:39:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lenovo [2008/06/07 20:10:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ludia [2009/09/24 19:21:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Merscom [2007/12/13 19:59:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo [2007/06/29 16:34:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Games [2010/03/18 14:01:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst [2010/03/13 22:11:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games [2009/03/16 16:33:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Shockwave [2009/02/15 10:39:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SugarGames [2010/03/18 14:14:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2008/01/31 20:05:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Valusoft [2010/06/27 17:27:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint [2009/11/08 21:19:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom [2006/11/25 23:13:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bobbileigh\Application Data\acccore [2009/11/09 14:22:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bobbileigh\Application Data\Aim [2008/08/11 23:08:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bobbileigh\Application Data\Alien Skin [2010/03/13 22:09:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bobbileigh\Application Data\Amazon [2009/11/08 20:27:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bobbileigh\Application Data\AVG7 [2009/11/08 20:22:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bobbileigh\Application Data\BitTorrent [2010/01/15 17:14:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bobbileigh\Application Data\BlamGames [2009/03/23 13:50:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bobbileigh\Application Data\Burdaloo [2009/12/08 18:57:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bobbileigh\Application Data\DNA [2009/03/07 21:44:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bobbileigh\Application Data\EleFun Games [2010/03/13 22:10:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bobbileigh\Application Data\eMusic [2007/10/14 12:58:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bobbileigh\Application Data\funkitron [2007/07/15 15:53:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bobbileigh\Application Data\Gamelab [2007/12/22 20:01:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bobbileigh\Application Data\Home Sweet Home [2008/09/06 21:33:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bobbileigh\Application Data\Home Sweet Home 2 [2007/03/05 21:00:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bobbileigh\Application Data\Intervideo [2007/03/03 19:29:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bobbileigh\Application Data\iWin [2009/11/08 20:23:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bobbileigh\Application Data\Jane s Hotel [2007/05/30 15:29:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bobbileigh\Application Data\Jasc [2006/12/14 16:55:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bobbileigh\Application Data\Leadertech [2010/06/27 17:44:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bobbileigh\Application Data\Lenovo [2008/06/07 20:10:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bobbileigh\Application Data\Ludia [2008/02/23 15:50:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bobbileigh\Application Data\Magic Seeds [2009/09/24 19:21:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bobbileigh\Application Data\Merscom [2007/06/06 17:51:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bobbileigh\Application Data\MysteryStudio [2010/01/08 19:13:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bobbileigh\Application Data\Octoshape [2008/11/21 20:55:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bobbileigh\Application Data\Pi Eye Games [2010/03/18 14:01:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bobbileigh\Application Data\PlayFirst [2007/10/31 19:36:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bobbileigh\Application Data\Pogo Games [2007/06/28 01:36:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bobbileigh\Application Data\Publish Providers [2007/06/07 09:31:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bobbileigh\Application Data\Sandlot Games [2007/10/13 18:44:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bobbileigh\Application Data\SecondLife [2009/03/16 16:33:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bobbileigh\Application Data\Shockwave [2009/12/19 00:29:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bobbileigh\Application Data\Skinux [2007/06/28 01:35:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bobbileigh\Application Data\Sony [2006/10/13 18:06:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bobbileigh\Application Data\ThinkVantage [2008/01/31 20:05:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bobbileigh\Application Data\Valusoft [2009/02/24 17:34:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bobbileigh\Application Data\ViquaSoft [2006/11/25 20:13:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Lenovo [2006/10/13 18:06:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\ThinkVantage [2006/11/26 10:33:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\AVG7 [2009/11/08 20:27:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\matt\Application Data\AVG7 [2010/06/27 17:44:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\matt\Application Data\Lenovo [2011/01/06 12:32:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\matt\Application Data\Skinux [2006/10/13 18:06:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\matt\Application Data\ThinkVantage [2007/09/03 07:12:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\AVG7 [2010/03/12 08:43:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Skinux [2011/02/03 15:59:46 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job ========== Purity Check ========== < End of report >
  12. Fright
    Never mind. I see the instructions for the XP disk were the same. It worked!! My computer booted up normally once I changed the boot order. Thank you thank you thank you. Do you know what might have caused this? Also, what live malware/virus protection would you recommend? I always seem to get it no matter what I have to protect my computer!
  13. Fright
    Woohoo. That worked. I assumed I wanted to run recovery console since you mentioned to earlier from the XP disk so I started that. Now it's asking what windows installation would you like to log onto?
  14. Fright
    I just seen your new post. I'll try that real quick.
  15. Fright
    I found an ISO of recovery console and tried to run it, but it keeps coming up as a black screen. Yes I have changed the boot to CD ROM first and I have tried to burn the disk twice just to see if it was that, still just a black screen. It sounds like the cd is being read, but it just sits there and then stops this time with out restarting.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.