Fright
-
Posts
35 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by Fright
-
-
C:\Documents and Settings\bobbileigh\Application Data\Sun\Java\Deployment\cache\6.0\35\1fab4ba3-203ff183 multiple threats deleted - quarantined
-
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5683
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
2/6/2011 12:43:57 AM
mbam-log-2011-02-06 (00-43-56).txt
Scan type: Full scan (C:\|)
Objects scanned: 344769
Time elapsed: 3 hour(s), 42 minute(s), 41 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Well after almost 4 hours lol it looks like Malwarebytes has given my PC a clean bill of health! I removed 2 older versions of Java as well.
-
ComboFix 11-01-31.02 - bobbileigh 02/05/2011 3:48.13.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.991.514 [GMT -6:00]
Running from: c:\documents and settings\bobbileigh\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
((((((((((((((((((((((((( Files Created from 2011-01-05 to 2011-02-05 )))))))))))))))))))))))))))))))
.
2011-02-05 09:34 . 2011-02-05 09:34 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7E757961-EDFC-4932-BEFC-835ACFB1E654}\MpKsl3a478d19.sys
2011-02-05 09:32 . 2011-01-13 09:41 5890896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7E757961-EDFC-4932-BEFC-835ACFB1E654}\mpengine.dll
2011-01-06 18:32 . 2011-01-06 18:32 -------- d-----w- c:\documents and settings\matt\Local Settings\Application Data\ArcSoft
2011-01-06 18:32 . 2011-01-06 18:32 -------- d-----w- c:\documents and settings\matt\Application Data\Skinux
2011-01-06 18:31 . 2011-01-06 18:31 -------- d-----w- c:\documents and settings\matt\Application Data\ArcSoft
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-05 09:27 . 2006-11-26 16:33 4224 ----a-w- c:\windows\system32\drivers\avg7rsw.sys
2011-01-13 09:41 . 2010-03-14 03:16 5890896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2010-12-27 21:56 . 2010-12-27 21:56 388096 ----a-r- c:\documents and settings\bobbileigh\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-12-21 00:09 . 2009-12-06 06:23 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-21 00:08 . 2009-12-06 06:23 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-12 04:09 . 2010-12-12 04:09 134 ----a-w- c:\windows\system32\drivers\etc\hosts-perm.bat
2010-11-29 23:38 . 2010-11-29 23:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 23:38 . 2010-11-29 23:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-18 18:12 . 2006-04-30 05:32 81920 ------w- c:\windows\system32\isign32.dll
2010-11-09 14:52 . 2006-04-30 05:11 249856 ----a-w- c:\windows\system32\odbc32.dll
2009-12-10 07:11 . 2009-12-10 07:11 292864 ----a-w- c:\program files\ogi7888l.exe
2007-03-07 00:53 . 2007-03-07 00:53 774144 ------w- c:\program files\RngInterstitial.dll
.
((((((((((((((((((((((((((((( SnapShot_2011-02-04_21.47.50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-02-05 09:28 . 2011-02-05 09:28 16384 c:\windows\temp\Perflib_Perfdata_37c.dat
+ 2011-02-05 09:28 . 2011-02-05 09:28 16384 c:\windows\temp\Perflib_Perfdata_2a0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="c:\program files\AIM7\aim.exe" [2010-12-07 4320600]
"HijackThis startup scan"="c:\program files\Trend Micro\HijackThis\HijackThis.exe" [2010-03-26 388096]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Mouse Suite 98 Daemon"="ICO.EXE" [2005-04-13 49152]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2006-07-15 503808]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"LPManager"="c:\progra~1\Lenovo\LENOVO~2\LPMGR.exe" [2006-07-03 110592]
"DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-05-18 196696]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-11-11 198160]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-02 7557120]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-08-09 221184]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
c:\documents and settings\bobbileigh\Start Menu\Programs\Startup\
Secunia PSI.lnk - c:\program files\Secunia\PSI\psi.exe [2010-7-21 965176]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-11-26 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2009-7-10 323584]
Play Wireless USB Adapter Utility.lnk - c:\program files\Belkin\F7D4101\V1\PBN.exe [2009-11-25 110592]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
2006-01-11 01:01 106496 ------w- c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-01-15 09:22 267048 ------w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Octoshape Streaming Services]
2009-01-08 13:44 70936 ----a-w- c:\documents and settings\bobbileigh\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"=
"c:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"=
"c:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"=
"c:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Program Files\\Motorola\\Software Update\\msu.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Last.fm\\LastFM.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\ThinkVantage\\AMSG\\Amsg.exe"=
"c:\\WINDOWS\\system32\\FSRremoS.EXE"=
"c:\\Program Files\\Grisoft\\AVG Free\\avgupsvc.exe"=
"c:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Documents and Settings\\bobbileigh\\Application Data\\Octoshape\\Octoshape Streaming Services\\OctoshapeClient.exe"=
"c:\\Program Files\\AIM7\\aim.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"67:UDP"= 67:UDP:DHCP Discovery Service
R1 MpKsl3a478d19;MpKsl3a478d19;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7E757961-EDFC-4932-BEFC-835ACFB1E654}\MpKsl3a478d19.sys [2/5/2011 3:34 AM 28752]
R2 MotoConnect Service;MotoConnect Service;c:\program files\Motorola\MotoConnectService\MotoConnectService.exe [6/24/2010 1:34 PM 91456]
R2 smi2;smi2;c:\program files\SMI2\smi2.sys [7/14/2006 4:55 PM 3968]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [7/7/2010 8:05 AM 14904]
S1 MpKsl70a2501f;MpKsl70a2501f;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AD443F8E-7B6D-47C4-90F0-35F9BC1992B6}\MpKsl70a2501f.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AD443F8E-7B6D-47C4-90F0-35F9BC1992B6}\MpKsl70a2501f.sys [?]
S2 WLANBelkinService;Belkin WLAN service;c:\program files\Belkin\F7D4101\V1\wlansrv.exe [12/28/2009 4:25 PM 36864]
S3 BCMH43XX;N+ Wireless USB Adapter Driver;c:\windows\system32\drivers\bcmwlhigh5.sys [11/6/2009 7:26 AM 642432]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys --> c:\windows\system32\DRIVERS\motodrv.sys [?]
S3 PsSdk30;PsSdk30;\??\c:\windows\system32\Drivers\PsSdk30.drv --> c:\windows\system32\Drivers\PsSdk30.drv [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12/14/2006 10:04 PM 639224]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - MPKSL3A478D19
*Deregistered* - klmdb
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
2011-01-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]
2011-02-05 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-26 02:40]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
FF - ProfilePath - c:\documents and settings\bobbileigh\Application Data\Mozilla\Firefox\Profiles\u4rcmdu5.default\
FF - prefs.js: browser.startup.homepage - www.facebook.com
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\bobbileigh\Application Data\Move Networks
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-05 03:58
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet022\Services\PsSdk30]
"ImagePath"="\??\c:\windows\system32\Drivers\PsSdk30.drv"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(3184)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-02-05 04:06:13
ComboFix-quarantined-files.txt 2011-02-05 10:06
ComboFix2.txt 2011-02-04 23:12
ComboFix3.txt 2011-02-04 21:53
ComboFix4.txt 2010-12-24 07:33
ComboFix5.txt 2011-02-05 09:46
Pre-Run: 32,010,018,816 bytes free
Post-Run: 31,994,015,744 bytes free
- - End Of File - - D83966EEA22CF453C68E7EFAA93D995D
-
2011/02/05 03:25:28.0052 222944 TDSS rootkit removing tool 2.4.16.0 Feb 1 2011 10:34:03
2011/02/05 03:25:28.0333 222944 ================================================================================
2011/02/05 03:25:28.0333 222944 SystemInfo:
2011/02/05 03:25:28.0333 222944
2011/02/05 03:25:28.0333 222944 OS Version: 5.1.2600 ServicePack: 3.0
2011/02/05 03:25:28.0333 222944 Product type: Workstation
2011/02/05 03:25:28.0333 222944 ComputerName: LENOVO-B3862E77
2011/02/05 03:25:28.0349 222944 UserName: bobbileigh
2011/02/05 03:25:28.0349 222944 Windows directory: C:\WINDOWS
2011/02/05 03:25:28.0349 222944 System windows directory: C:\WINDOWS
2011/02/05 03:25:28.0349 222944 Processor architecture: Intel x86
2011/02/05 03:25:28.0349 222944 Number of processors: 2
2011/02/05 03:25:28.0349 222944 Page size: 0x1000
2011/02/05 03:25:28.0349 222944 Boot type: Normal boot
2011/02/05 03:25:28.0349 222944 ================================================================================
2011/02/05 03:25:28.0989 222944 Initialize success
2011/02/05 03:25:31.0942 222856 ================================================================================
2011/02/05 03:25:31.0942 222856 Scan started
2011/02/05 03:25:31.0942 222856 Mode: Manual;
2011/02/05 03:25:31.0942 222856 ================================================================================
2011/02/05 03:25:33.0427 222856 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/02/05 03:25:33.0489 222856 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/02/05 03:25:33.0521 222856 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/02/05 03:25:33.0567 222856 ADIHdAudAddService (45e7a5e6963fa9d69cb85f50a271e3df) C:\WINDOWS\system32\drivers\ADIHdAud.sys
2011/02/05 03:25:33.0864 222856 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/02/05 03:25:33.0911 222856 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/02/05 03:25:33.0974 222856 AegisP (2f7f3e8da380325866e566f5d5ec23d5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/02/05 03:25:33.0989 222856 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/02/05 03:25:34.0052 222856 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/02/05 03:25:34.0067 222856 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/02/05 03:25:34.0099 222856 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/02/05 03:25:34.0114 222856 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/02/05 03:25:34.0130 222856 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/02/05 03:25:34.0192 222856 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/02/05 03:25:34.0208 222856 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/02/05 03:25:34.0239 222856 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/02/05 03:25:34.0286 222856 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/02/05 03:25:34.0317 222856 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/02/05 03:25:34.0333 222856 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/02/05 03:25:34.0458 222856 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/02/05 03:25:34.0552 222856 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/02/05 03:25:34.0614 222856 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/02/05 03:25:34.0677 222856 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/02/05 03:25:34.0692 222856 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/02/05 03:25:34.0802 222856 Avg7Core (400e920d2e3f42bf6f1f75dd1b069ce3) C:\WINDOWS\System32\Drivers\avg7core.sys
2011/02/05 03:25:34.0849 222856 Avg7RsW (ed5aea72555cb0c09e918a74ce3113b1) C:\WINDOWS\System32\Drivers\avg7rsw.sys
2011/02/05 03:25:34.0849 222856 Suspicious file (Forged): C:\WINDOWS\System32\Drivers\avg7rsw.sys. Real md5: ed5aea72555cb0c09e918a74ce3113b1, Fake md5: d35863e693832153c157b8f604688197
2011/02/05 03:25:34.0864 222856 Avg7RsW - detected Rootkit.Win32.TDSS.tdl3 (0)
2011/02/05 03:25:34.0880 222856 Avg7RsXP (04d823d681f0d53191a172c3e667fc33) C:\WINDOWS\System32\Drivers\avg7rsxp.sys
2011/02/05 03:25:34.0911 222856 AvgClean (603dc17a48c65c637623a9bb5a5e6008) C:\WINDOWS\System32\Drivers\avgclean.sys
2011/02/05 03:25:35.0005 222856 b57w2k (3a3a82ffd268bcfb7ae6a48cecf00ad9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2011/02/05 03:25:35.0083 222856 BCMH43XX (b770039886598aab7cf5eaeec2409e31) C:\WINDOWS\system32\DRIVERS\bcmwlhigh5.sys
2011/02/05 03:25:35.0130 222856 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/02/05 03:25:35.0333 222856 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/02/05 03:25:35.0349 222856 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/02/05 03:25:35.0364 222856 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/02/05 03:25:35.0411 222856 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/02/05 03:25:35.0505 222856 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/02/05 03:25:35.0521 222856 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/02/05 03:25:35.0630 222856 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/02/05 03:25:35.0739 222856 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/02/05 03:25:35.0802 222856 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/02/05 03:25:35.0833 222856 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/02/05 03:25:35.0849 222856 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/02/05 03:25:35.0911 222856 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/02/05 03:25:35.0989 222856 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/02/05 03:25:36.0036 222856 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/02/05 03:25:36.0052 222856 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/02/05 03:25:36.0114 222856 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/02/05 03:25:36.0161 222856 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/02/05 03:25:36.0177 222856 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/02/05 03:25:36.0208 222856 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/02/05 03:25:36.0317 222856 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/02/05 03:25:36.0427 222856 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/02/05 03:25:36.0458 222856 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/02/05 03:25:36.0505 222856 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/02/05 03:25:36.0536 222856 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/02/05 03:25:36.0661 222856 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/02/05 03:25:36.0724 222856 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/02/05 03:25:36.0786 222856 G400 (36feb2ddce5f84128c2a8dbc60538dad) C:\WINDOWS\system32\DRIVERS\G400m.sys
2011/02/05 03:25:36.0849 222856 GEARAspiWDM (4ac51459805264affd5f6fdfb9d9235f) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2011/02/05 03:25:36.0896 222856 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/02/05 03:25:36.0958 222856 HdAudAddService (2a013e7530beab6e569faa83f517e836) C:\WINDOWS\system32\drivers\HdAudio.sys
2011/02/05 03:25:37.0021 222856 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/02/05 03:25:37.0052 222856 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/02/05 03:25:37.0083 222856 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/02/05 03:25:37.0146 222856 HSFHWBS2 (ed81914394cbafbe5cf41f1e043822f8) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
2011/02/05 03:25:37.0192 222856 HSF_DP (3f0ffa294544ed92e962a4e3057fb5ac) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2011/02/05 03:25:37.0271 222856 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/02/05 03:25:37.0302 222856 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/02/05 03:25:37.0349 222856 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/02/05 03:25:37.0380 222856 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/02/05 03:25:37.0427 222856 iaStor (309c4d86d989fb1fcf64bd30dc81c51b) C:\WINDOWS\system32\DRIVERS\iaStor.sys
2011/02/05 03:25:37.0599 222856 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/02/05 03:25:37.0661 222856 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/02/05 03:25:37.0692 222856 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/02/05 03:25:37.0739 222856 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/02/05 03:25:37.0755 222856 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/02/05 03:25:37.0817 222856 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/02/05 03:25:37.0833 222856 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/02/05 03:25:37.0880 222856 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/02/05 03:25:37.0927 222856 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/02/05 03:25:37.0989 222856 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/02/05 03:25:38.0021 222856 Iviaspi (f59c3569a2f2c464bb78cb1bdcdca55e) C:\WINDOWS\system32\drivers\iviaspi.sys
2011/02/05 03:25:38.0067 222856 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/02/05 03:25:38.0099 222856 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/02/05 03:25:38.0146 222856 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/02/05 03:25:38.0192 222856 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/02/05 03:25:38.0286 222856 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/02/05 03:25:38.0333 222856 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/02/05 03:25:38.0380 222856 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/02/05 03:25:38.0458 222856 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/02/05 03:25:38.0489 222856 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/02/05 03:25:38.0521 222856 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/02/05 03:25:38.0567 222856 MpFilter (c98301ad8173a2235a9ab828955c32bb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
2011/02/05 03:25:38.0739 222856 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/02/05 03:25:38.0786 222856 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/02/05 03:25:38.0817 222856 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/02/05 03:25:38.0849 222856 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/02/05 03:25:38.0927 222856 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/02/05 03:25:38.0989 222856 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/02/05 03:25:39.0036 222856 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/02/05 03:25:39.0067 222856 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/02/05 03:25:39.0130 222856 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/02/05 03:25:39.0161 222856 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/02/05 03:25:39.0208 222856 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/02/05 03:25:39.0271 222856 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/02/05 03:25:39.0317 222856 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/02/05 03:25:39.0349 222856 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/02/05 03:25:39.0364 222856 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/02/05 03:25:39.0380 222856 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/02/05 03:25:39.0442 222856 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/02/05 03:25:39.0458 222856 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/02/05 03:25:39.0489 222856 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/02/05 03:25:39.0567 222856 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
2011/02/05 03:25:39.0583 222856 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/02/05 03:25:39.0630 222856 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/02/05 03:25:39.0692 222856 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
2011/02/05 03:25:39.0755 222856 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/02/05 03:25:39.0911 222856 nv (1ce7d93aef58e902ee392e093ce012e0) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/02/05 03:25:40.0114 222856 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/02/05 03:25:40.0161 222856 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/02/05 03:25:40.0208 222856 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/02/05 03:25:40.0239 222856 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/02/05 03:25:40.0271 222856 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/02/05 03:25:40.0302 222856 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/02/05 03:25:40.0333 222856 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/02/05 03:25:40.0380 222856 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/02/05 03:25:40.0505 222856 pelmouse (e541a80cdffd6077c761b4578efc0450) C:\WINDOWS\system32\DRIVERS\pelmouse.sys
2011/02/05 03:25:40.0552 222856 pelusblf (6432858a4493e906a7d61b9b17a0672a) C:\WINDOWS\system32\DRIVERS\pelusblf.sys
2011/02/05 03:25:40.0583 222856 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/02/05 03:25:40.0614 222856 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/02/05 03:25:40.0708 222856 pfc (6c1618a07b49e3873582b6449e744088) C:\WINDOWS\system32\drivers\pfc.sys
2011/02/05 03:25:40.0771 222856 pmem (dedef40e1d05842639491365cb2c069e) C:\WINDOWS\System32\drivers\pmemnt.sys
2011/02/05 03:25:40.0786 222856 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/02/05 03:25:40.0817 222856 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/02/05 03:25:40.0880 222856 psadd (fb4c54f3a168b178dabf15eebaed8276) C:\WINDOWS\system32\Drivers\psadd.sys
2011/02/05 03:25:40.0896 222856 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/02/05 03:25:40.0942 222856 PSI (1df21f001f3a94eba4a2950c70cc358f) C:\WINDOWS\system32\DRIVERS\psi_mf.sys
2011/02/05 03:25:41.0005 222856 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/02/05 03:25:41.0036 222856 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/02/05 03:25:41.0067 222856 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/02/05 03:25:41.0099 222856 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/02/05 03:25:41.0130 222856 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/02/05 03:25:41.0161 222856 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/02/05 03:25:41.0192 222856 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/02/05 03:25:41.0224 222856 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/02/05 03:25:41.0255 222856 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/02/05 03:25:41.0286 222856 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/02/05 03:25:41.0333 222856 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/02/05 03:25:41.0505 222856 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/02/05 03:25:41.0614 222856 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/02/05 03:25:41.0661 222856 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/02/05 03:25:41.0692 222856 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/02/05 03:25:41.0724 222856 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/02/05 03:25:41.0802 222856 RT73 (bf4709c002d632170dc15a282813d6b3) C:\WINDOWS\system32\DRIVERS\rt73.sys
2011/02/05 03:25:41.0880 222856 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/02/05 03:25:41.0911 222856 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/02/05 03:25:41.0974 222856 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/02/05 03:25:42.0005 222856 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/02/05 03:25:42.0083 222856 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/02/05 03:25:42.0099 222856 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/02/05 03:25:42.0177 222856 smi2 (3ba9d0c8a0fbd9fb4029b6cd87c8ce0b) C:\Program Files\SMI2\smi2.sys
2011/02/05 03:25:42.0224 222856 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/02/05 03:25:42.0255 222856 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/02/05 03:25:42.0317 222856 sptd (73205bd9a388639c210636793fe3fd61) C:\WINDOWS\system32\Drivers\sptd.sys
2011/02/05 03:25:42.0380 222856 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/02/05 03:25:42.0442 222856 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/02/05 03:25:42.0489 222856 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/02/05 03:25:42.0552 222856 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/02/05 03:25:42.0567 222856 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/02/05 03:25:42.0692 222856 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/02/05 03:25:42.0724 222856 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/02/05 03:25:42.0771 222856 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/02/05 03:25:42.0786 222856 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/02/05 03:25:42.0817 222856 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/02/05 03:25:42.0864 222856 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/02/05 03:25:42.0927 222856 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/02/05 03:25:42.0974 222856 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/02/05 03:25:43.0021 222856 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/02/05 03:25:43.0083 222856 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/02/05 03:25:43.0161 222856 tvtfilter (dd957007df98aecffaaa2656d4b981e4) C:\WINDOWS\system32\drivers\tvtfilter.sys
2011/02/05 03:25:43.0208 222856 TVTPktFilter (0727cce3ff1a4446f4a1d507361567ab) C:\WINDOWS\system32\DRIVERS\tvtpktfilter.sys
2011/02/05 03:25:43.0239 222856 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/02/05 03:25:43.0255 222856 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/02/05 03:25:43.0333 222856 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/02/05 03:25:43.0380 222856 USBAAPL (f340199e8cb097e1acd58a967c665919) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/02/05 03:25:43.0396 222856 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/02/05 03:25:43.0442 222856 USBCM (d21cde1c635bcc5053463579eee453cf) C:\WINDOWS\system32\DRIVERS\Sacm2A.sys
2011/02/05 03:25:43.0489 222856 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/02/05 03:25:43.0521 222856 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/02/05 03:25:43.0567 222856 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/02/05 03:25:43.0583 222856 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/02/05 03:25:43.0614 222856 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/02/05 03:25:43.0661 222856 usbsermpt (caad3467fbfae8a380f67e9c7150a85e) C:\WINDOWS\system32\DRIVERS\usbsermpt.sys
2011/02/05 03:25:43.0755 222856 usbsermptxp (49106ee29074e6a3d3ac9e24c6d791d8) C:\WINDOWS\system32\DRIVERS\usbsermptxp.sys
2011/02/05 03:25:43.0802 222856 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/02/05 03:25:43.0817 222856 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/02/05 03:25:43.0849 222856 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/02/05 03:25:43.0864 222856 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/02/05 03:25:43.0911 222856 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/02/05 03:25:43.0958 222856 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/02/05 03:25:44.0005 222856 vsdatant (fa05489771db33572a79316942163388) C:\WINDOWS\system32\vsdatant.sys
2011/02/05 03:25:44.0083 222856 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/02/05 03:25:44.0130 222856 wceusbsh (46a247f6617526afe38b6f12f5512120) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
2011/02/05 03:25:44.0192 222856 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/02/05 03:25:44.0255 222856 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/02/05 03:25:44.0317 222856 WIBUKEY (09ebc00530cc3493df55219d0da5e03a) C:\WINDOWS\system32\DRIVERS\Wibukey.sys
2011/02/05 03:25:44.0396 222856 winachsf (6f25b08ebbac9e02e6a0829f2c28999b) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/02/05 03:25:44.0552 222856 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/02/05 03:25:44.0583 222856 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/02/05 03:25:44.0614 222856 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/02/05 03:25:44.0755 222856 xusb21 (ee9144207ee0211eb5656ba6808ac4a0) C:\WINDOWS\system32\DRIVERS\xusb21.sys
2011/02/05 03:25:44.0817 222856 zumbus (21a96535dd0a118d5663e5adc5c90f9e) C:\WINDOWS\system32\DRIVERS\zumbus.sys
2011/02/05 03:25:45.0021 222856 ================================================================================
2011/02/05 03:25:45.0021 222856 Scan finished
2011/02/05 03:25:45.0021 222856 ================================================================================
2011/02/05 03:25:45.0036 222740 Detected object count: 1
2011/02/05 03:26:24.0036 222740 Avg7RsW (ed5aea72555cb0c09e918a74ce3113b1) C:\WINDOWS\System32\Drivers\avg7rsw.sys
2011/02/05 03:26:24.0036 222740 Suspicious file (Forged): C:\WINDOWS\System32\Drivers\avg7rsw.sys. Real md5: ed5aea72555cb0c09e918a74ce3113b1, Fake md5: d35863e693832153c157b8f604688197
2011/02/05 03:26:26.0255 222740 Backup copy not found, trying to cure infected file..
2011/02/05 03:26:26.0255 222740 Cure success, using it..
2011/02/05 03:26:26.0317 222740 C:\WINDOWS\System32\Drivers\avg7rsw.sys - will be cured after reboot
2011/02/05 03:26:26.0317 222740 Rootkit.Win32.TDSS.tdl3(Avg7RsW) - User select action: Cure
2011/02/05 03:26:29.0771 221376 Deinitialize success
-
Now the bar where the start button is all grey, like the older version of Windows. I'm assuming there's more to do, so I'll just wait for your reply before I jump the gun lol. Just thought I'd let you know.
-
ComboFix 11-01-31.02 - bobbileigh 02/04/2011 16:46:05.12.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.991.545 [GMT -6:00]
Running from: c:\documents and settings\bobbileigh\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\bobbileigh\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\bobbileigh\Local Settings\Application Data\{EAA8183D-4C08-43C4-8103-FE3DD862B05E}
c:\documents and settings\bobbileigh\Local Settings\Application Data\{EAA8183D-4C08-43C4-8103-FE3DD862B05E}\chrome.manifest
c:\documents and settings\bobbileigh\Local Settings\Application Data\{EAA8183D-4C08-43C4-8103-FE3DD862B05E}\chrome\content\_cfg.js
c:\documents and settings\bobbileigh\Local Settings\Application Data\{EAA8183D-4C08-43C4-8103-FE3DD862B05E}\chrome\content\overlay.xul
c:\documents and settings\bobbileigh\Local Settings\Application Data\{EAA8183D-4C08-43C4-8103-FE3DD862B05E}\install.rdf
c:\windows\system32\Drivers\avg7rsw.sys . . . is infected!! . . . Failed to find a valid replacement.
.
((((((((((((((((((((((((( Files Created from 2011-01-04 to 2011-02-04 )))))))))))))))))))))))))))))))
.
2011-02-04 20:48 . 2011-02-04 20:48 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4FB9178F-7D71-4EE3-B8A3-2178E0D6419A}\MpKsl410873b0.sys
2011-02-03 22:05 . 2011-01-13 09:41 5890896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4FB9178F-7D71-4EE3-B8A3-2178E0D6419A}\mpengine.dll
2011-01-06 18:32 . 2011-01-06 18:32 -------- d-----w- c:\documents and settings\matt\Local Settings\Application Data\ArcSoft
2011-01-06 18:32 . 2011-01-06 18:32 -------- d-----w- c:\documents and settings\matt\Application Data\Skinux
2011-01-06 18:31 . 2011-01-06 18:31 -------- d-----w- c:\documents and settings\matt\Application Data\ArcSoft
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-13 09:41 . 2010-03-14 03:16 5890896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2010-12-27 21:56 . 2010-12-27 21:56 388096 ----a-r- c:\documents and settings\bobbileigh\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-12-21 00:09 . 2009-12-06 06:23 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-21 00:08 . 2009-12-06 06:23 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-12 04:09 . 2010-12-12 04:09 134 ----a-w- c:\windows\system32\drivers\etc\hosts-perm.bat
2010-11-29 23:38 . 2010-11-29 23:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 23:38 . 2010-11-29 23:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-18 18:12 . 2006-04-30 05:32 81920 ------w- c:\windows\system32\isign32.dll
2010-11-09 14:52 . 2006-04-30 05:11 249856 ----a-w- c:\windows\system32\odbc32.dll
2009-12-10 07:11 . 2009-12-10 07:11 292864 ----a-w- c:\program files\ogi7888l.exe
2007-03-07 00:53 . 2007-03-07 00:53 774144 ------w- c:\program files\RngInterstitial.dll
.
((((((((((((((((((((((((((((( SnapShot_2011-02-04_21.47.50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-02-04 22:41 . 2011-02-04 22:41 16384 c:\windows\temp\Perflib_Perfdata_598.dat
+ 2011-02-04 22:41 . 2011-02-04 22:41 16384 c:\windows\temp\Perflib_Perfdata_39c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="c:\program files\AIM7\aim.exe" [2010-12-07 4320600]
"HijackThis startup scan"="c:\program files\Trend Micro\HijackThis\HijackThis.exe" [2010-03-26 388096]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Mouse Suite 98 Daemon"="ICO.EXE" [2005-04-13 49152]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2006-07-15 503808]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"LPManager"="c:\progra~1\Lenovo\LENOVO~2\LPMGR.exe" [2006-07-03 110592]
"DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-05-18 196696]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-11-11 198160]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-02 7557120]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-08-09 221184]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
c:\documents and settings\bobbileigh\Start Menu\Programs\Startup\
Secunia PSI.lnk - c:\program files\Secunia\PSI\psi.exe [2010-7-21 965176]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-11-26 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2009-7-10 323584]
Play Wireless USB Adapter Utility.lnk - c:\program files\Belkin\F7D4101\V1\PBN.exe [2009-11-25 110592]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
2006-01-11 01:01 106496 ------w- c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-01-15 09:22 267048 ------w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Octoshape Streaming Services]
2009-01-08 13:44 70936 ----a-w- c:\documents and settings\bobbileigh\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"=
"c:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"=
"c:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"=
"c:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Program Files\\Motorola\\Software Update\\msu.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Last.fm\\LastFM.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\ThinkVantage\\AMSG\\Amsg.exe"=
"c:\\WINDOWS\\system32\\FSRremoS.EXE"=
"c:\\Program Files\\Grisoft\\AVG Free\\avgupsvc.exe"=
"c:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Documents and Settings\\bobbileigh\\Application Data\\Octoshape\\Octoshape Streaming Services\\OctoshapeClient.exe"=
"c:\\Program Files\\AIM7\\aim.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"67:UDP"= 67:UDP:DHCP Discovery Service
R2 MotoConnect Service;MotoConnect Service;c:\program files\Motorola\MotoConnectService\MotoConnectService.exe [6/24/2010 1:34 PM 91456]
R2 smi2;smi2;c:\program files\SMI2\smi2.sys [7/14/2006 4:55 PM 3968]
S1 MpKsl70a2501f;MpKsl70a2501f;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AD443F8E-7B6D-47C4-90F0-35F9BC1992B6}\MpKsl70a2501f.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AD443F8E-7B6D-47C4-90F0-35F9BC1992B6}\MpKsl70a2501f.sys [?]
S2 WLANBelkinService;Belkin WLAN service;c:\program files\Belkin\F7D4101\V1\wlansrv.exe [12/28/2009 4:25 PM 36864]
S3 BCMH43XX;N+ Wireless USB Adapter Driver;c:\windows\system32\drivers\bcmwlhigh5.sys [11/6/2009 7:26 AM 642432]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys --> c:\windows\system32\DRIVERS\motodrv.sys [?]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [7/7/2010 8:05 AM 14904]
S3 PsSdk30;PsSdk30;\??\c:\windows\system32\Drivers\PsSdk30.drv --> c:\windows\system32\Drivers\PsSdk30.drv [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12/14/2006 10:04 PM 639224]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
2011-01-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]
2011-02-04 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-26 02:40]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
FF - ProfilePath - c:\documents and settings\bobbileigh\Application Data\Mozilla\Firefox\Profiles\u4rcmdu5.default\
FF - prefs.js: browser.startup.homepage - www.facebook.com
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\bobbileigh\Application Data\Move Networks
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-04 17:06
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD2500JS-08NCB1 rev.10.02E01 -> Harddisk0\DR0 -> \Device\Ide\IdePort2 P2T0L0-e
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86A9EEC5]<<
c:\docume~1\BOBBIL~1\LOCALS~1\Temp\catchme.sys
_asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x1c; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0x85e48872; SUB DWORD [EBP-0x4], 0x85e4812e; PUSH EDI; CALL 0xffffffffffffdf33; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x86F57AB8]
3 CLASSPNP[0xF7580FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\0000007d[0x86F7DF18]
5 ACPI[0xF7417620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x86FC5030]
[0x86BC8C60] -> IRP_MJ_CREATE -> 0x86A9EEC5
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [bP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\Ide\IdeDeviceP2T0L0-e -> \??\IDE#DiskWDC_WD2500JS-08NCB1_____________________10.02E01#5&1e8838a0&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x86A9EAEA
user & kernel MBR OK
sectors 488397166 (+255): user != kernel
Warning: possible TDL3 rootkit infection !
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet022\Services\PsSdk30]
"ImagePath"="\??\c:\windows\system32\Drivers\PsSdk30.drv"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2011-02-04 17:12:06
ComboFix-quarantined-files.txt 2011-02-04 23:11
ComboFix2.txt 2011-02-04 21:53
ComboFix3.txt 2010-12-24 07:33
ComboFix4.txt 2010-12-21 06:43
ComboFix5.txt 2011-02-04 22:33
Pre-Run: 32,066,396,160 bytes free
Post-Run: 32,052,183,040 bytes free
- - End Of File - - CE01657F670D0D921579479622EEFC9E
-
ComboFix 11-01-31.02 - bobbileigh 02/04/2011 15:27:07.11.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.991.546 [GMT -6:00]
Running from: c:\documents and settings\bobbileigh\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\bobbileigh\Application Data\Adobe\AdobeUpdate .exe
c:\documents and settings\bobbileigh\Application Data\Adobe\plugs
c:\windows\system32\twunk_32.exe
c:\windows\system32\Drivers\avg7rsw.sys . . . is infected!! . . . Failed to find a valid replacement.
.
((((((((((((((((((((((((( Files Created from 2011-01-04 to 2011-02-04 )))))))))))))))))))))))))))))))
.
2011-02-04 20:48 . 2011-02-04 20:48 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4FB9178F-7D71-4EE3-B8A3-2178E0D6419A}\MpKsl410873b0.sys
2011-02-03 22:05 . 2011-01-13 09:41 5890896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4FB9178F-7D71-4EE3-B8A3-2178E0D6419A}\mpengine.dll
2011-01-06 18:32 . 2011-01-06 18:32 -------- d-----w- c:\documents and settings\matt\Local Settings\Application Data\ArcSoft
2011-01-06 18:32 . 2011-01-06 18:32 -------- d-----w- c:\documents and settings\matt\Application Data\Skinux
2011-01-06 18:31 . 2011-01-06 18:31 -------- d-----w- c:\documents and settings\matt\Application Data\ArcSoft
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-13 09:41 . 2010-03-14 03:16 5890896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2010-12-27 21:56 . 2010-12-27 21:56 388096 ----a-r- c:\documents and settings\bobbileigh\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-12-21 00:09 . 2009-12-06 06:23 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-21 00:08 . 2009-12-06 06:23 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-12 04:09 . 2010-12-12 04:09 134 ----a-w- c:\windows\system32\drivers\etc\hosts-perm.bat
2010-11-29 23:38 . 2010-11-29 23:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 23:38 . 2010-11-29 23:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-18 18:12 . 2006-04-30 05:32 81920 ------w- c:\windows\system32\isign32.dll
2010-11-09 14:52 . 2006-04-30 05:11 249856 ----a-w- c:\windows\system32\odbc32.dll
2009-12-10 07:11 . 2009-12-10 07:11 292864 ----a-w- c:\program files\ogi7888l.exe
2007-03-07 00:53 . 2007-03-07 00:53 774144 ------w- c:\program files\RngInterstitial.dll
.
((((((((((((((((((((((((((((( SnapShot_2010-12-18_18.12.23 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-07 07:19 . 2007-11-07 07:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
+ 2007-11-07 07:19 . 2007-11-07 07:19 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90kor.dll
+ 2007-11-07 07:19 . 2007-11-07 07:19 47104 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90jpn.dll
+ 2007-11-07 07:19 . 2007-11-07 07:19 59392 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90ita.dll
+ 2007-11-07 07:19 . 2007-11-07 07:19 60416 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90fra.dll
+ 2007-11-07 07:19 . 2007-11-07 07:19 59392 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90esp.dll
+ 2007-11-07 07:19 . 2007-11-07 07:19 59392 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90esn.dll
+ 2007-11-07 07:19 . 2007-11-07 07:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90enu.dll
+ 2007-11-07 07:19 . 2007-11-07 07:19 60928 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90deu.dll
+ 2007-11-07 07:19 . 2007-11-07 07:19 41984 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90cht.dll
+ 2007-11-07 07:19 . 2007-11-07 07:19 41472 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90chs.dll
+ 2007-11-07 04:51 . 2007-11-07 04:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_a173767a\mfcm90u.dll
+ 2007-11-07 04:51 . 2007-11-07 04:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_a173767a\mfcm90.dll
+ 2011-02-04 21:23 . 2011-02-04 21:23 16384 c:\windows\temp\Perflib_Perfdata_728.dat
+ 2011-02-04 21:23 . 2011-02-04 21:23 16384 c:\windows\temp\Perflib_Perfdata_5a4.dat
+ 2009-07-07 19:15 . 2010-12-22 07:50 35412 c:\windows\system32\Restore\rstrlog.dat
+ 2010-12-19 07:50 . 2008-12-11 19:26 60273 c:\windows\system32\pthreadGC2.dll
+ 2006-07-28 12:10 . 2009-12-21 20:42 15616 c:\windows\system32\mot_ci.dll
+ 2010-12-19 07:50 . 2008-12-18 01:22 57344 c:\windows\system32\ff_vfw.dll
+ 2010-12-19 07:44 . 2010-06-18 21:09 23936 c:\windows\system32\DRVSTORE\motport_4F4CBE1DF24686697EA24297424DF8E347630C56\motport.sys
+ 2010-12-19 07:44 . 2010-04-01 20:31 23424 c:\windows\system32\DRVSTORE\motousbnet_770BC1026CC54C2F3EBB8D43C100E1BE013A9284\Motousbnet.sys
+ 2010-12-19 07:44 . 2009-05-08 17:56 42752 c:\windows\system32\DRVSTORE\motodrv_9E3D9A40BFFF73BAD5B052681D43BC931352E639\motodrv.sys
+ 2010-12-19 07:44 . 2009-12-21 20:42 15616 c:\windows\system32\DRVSTORE\motodrv_9E3D9A40BFFF73BAD5B052681D43BC931352E639\mot_ci.dll
+ 2010-12-19 07:44 . 2009-07-10 19:01 25856 c:\windows\system32\DRVSTORE\motoandroi_281A0D1CF14FCFFB1B61021B981311BFDC53E1D2\motoandroid.sys
+ 2010-12-19 07:44 . 2010-06-18 21:09 23936 c:\windows\system32\DRVSTORE\motmodem_339FBB9A886D234C861F36407D0E4F9AF978E6CD\motmodem.sys
+ 2010-12-19 07:44 . 2010-06-18 20:41 19968 c:\windows\system32\DRVSTORE\motccgp_7B90A2F86B8D63041DA9D597F8E5A9C44922CD15\motccgp.sys
+ 2006-04-30 05:10 . 2010-08-17 13:17 58880 c:\windows\system32\dllcache\spoolsv.exe
- 2010-08-17 13:17 . 2010-08-17 13:17 58880 c:\windows\system32\dllcache\spoolsv.exe
+ 2010-06-24 08:10 . 2011-01-06 09:01 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
- 2010-06-24 08:10 . 2010-09-29 08:01 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2010-12-19 07:43 . 2010-12-19 07:43 85182 c:\windows\Installer\{7BB493F6-1E56-4748-B3A3-D7B1FB6EE2FE}\_7A8DFDDA16A557B2C4B697.exe
+ 2010-12-19 07:44 . 2010-01-26 01:56 9472 c:\windows\system32\DRVSTORE\motusbdevi_E42DBACAEBCECEBA9A8B12194BB5736D07B623F9\motusbdevice.sys
+ 2010-12-19 07:44 . 2007-11-02 21:51 6400 c:\windows\system32\DRVSTORE\motousbnet_770BC1026CC54C2F3EBB8D43C100E1BE013A9284\motswch.sys
+ 2010-12-19 07:44 . 2009-01-29 23:11 6016 c:\windows\system32\DRVSTORE\motousbnet_770BC1026CC54C2F3EBB8D43C100E1BE013A9284\motfilt.sys
+ 2010-12-19 07:44 . 2007-11-02 21:51 6400 c:\windows\system32\DRVSTORE\motccgp_7B90A2F86B8D63041DA9D597F8E5A9C44922CD15\motswch.sys
+ 2010-12-19 07:44 . 2009-01-29 23:18 8320 c:\windows\system32\DRVSTORE\motccgp_7B90A2F86B8D63041DA9D597F8E5A9C44922CD15\motccgpfl.sys
+ 2010-12-19 07:43 . 2010-12-19 07:43 7278 c:\windows\Installer\{7BB493F6-1E56-4748-B3A3-D7B1FB6EE2FE}\_6FEFF9B68218417F98F549.exe
+ 2010-12-19 07:43 . 2010-12-19 07:43 7278 c:\windows\Installer\{7BB493F6-1E56-4748-B3A3-D7B1FB6EE2FE}\_1C4C258407FCD759F84E91.exe
+ 2009-07-12 06:02 . 2009-07-12 06:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
+ 2007-11-07 07:19 . 2007-11-07 07:19 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_312cf0e9\atl90.dll
+ 2010-12-19 07:44 . 2009-03-02 15:00 103552 c:\windows\system32\DRVSTORE\Moser_D7089C7835F0E7ECEC244A670740F4C8336E0FA1\Mousbser.sys
+ 2010-12-19 07:44 . 2009-03-02 15:00 103552 c:\windows\system32\DRVSTORE\Momdm_D7089C7835F0E7ECEC244A670740F4C8336E0FA1\Mousbser.sys
+ 2010-11-09 14:52 . 2010-11-09 14:52 249856 c:\windows\system32\dllcache\odbc32.dll
+ 2010-11-09 14:52 . 2010-11-09 14:52 102400 c:\windows\system32\dllcache\msjro.dll
+ 2010-11-09 14:52 . 2010-11-09 14:52 200704 c:\windows\system32\dllcache\msadox.dll
+ 2010-11-09 14:52 . 2010-11-09 14:52 180224 c:\windows\system32\dllcache\msadomd.dll
+ 2010-11-09 14:52 . 2010-11-09 14:52 536576 c:\windows\system32\dllcache\msado15.dll
+ 2010-11-09 14:52 . 2010-11-09 14:52 143360 c:\windows\system32\dllcache\msadco.dll
+ 2010-12-20 09:00 . 2010-12-20 09:00 195584 c:\windows\Installer\792f0f9.msi
+ 2010-12-19 07:51 . 2010-12-19 07:51 228352 c:\windows\Installer\2262462.msi
+ 2010-12-19 07:43 . 2010-12-19 07:43 212480 c:\windows\Installer\2262457.msi
+ 2007-11-07 07:19 . 2007-11-07 07:19 1162744 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_a173767a\mfc90u.dll
+ 2007-11-07 07:19 . 2007-11-07 07:19 1156600 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_a173767a\mfc90.dll
+ 2010-12-19 07:44 . 2008-03-27 23:49 1112288 c:\windows\system32\DRVSTORE\motusbdevi_E42DBACAEBCECEBA9A8B12194BB5736D07B623F9\wdfcoinstaller01007.dll
+ 2010-12-19 07:44 . 2008-03-27 23:49 1112288 c:\windows\system32\DRVSTORE\motport_4F4CBE1DF24686697EA24297424DF8E347630C56\wdfcoinstaller01007.dll
+ 2010-12-19 07:44 . 2008-03-27 23:49 1112288 c:\windows\system32\DRVSTORE\motousbnet_770BC1026CC54C2F3EBB8D43C100E1BE013A9284\wdfcoinstaller01007.dll
+ 2010-12-19 07:44 . 2008-03-27 23:49 1112288 c:\windows\system32\DRVSTORE\motoandroi_281A0D1CF14FCFFB1B61021B981311BFDC53E1D2\wdfcoinstaller01007.dll
+ 2010-12-19 07:44 . 2008-03-27 23:49 1112288 c:\windows\system32\DRVSTORE\motmodem_339FBB9A886D234C861F36407D0E4F9AF978E6CD\wdfcoinstaller01007.dll
+ 2010-12-19 07:44 . 2008-03-27 23:49 1112288 c:\windows\system32\DRVSTORE\motccgp_7B90A2F86B8D63041DA9D597F8E5A9C44922CD15\wdfcoinstaller01007.dll
+ 2010-12-27 21:56 . 2010-12-27 21:56 1094656 c:\windows\Installer\ac7b9.msi
+ 2010-12-12 05:45 . 2011-01-13 09:01 37403080 c:\windows\system32\MRT.exe
+ 2011-01-06 09:00 . 2011-01-06 09:00 20304384 c:\windows\Installer\caf408b.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="c:\program files\AIM7\aim.exe" [2010-12-07 4320600]
"HijackThis startup scan"="c:\program files\Trend Micro\HijackThis\HijackThis.exe" [2010-03-26 388096]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Mouse Suite 98 Daemon"="ICO.EXE" [2005-04-13 49152]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2006-07-15 503808]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"LPManager"="c:\progra~1\Lenovo\LENOVO~2\LPMGR.exe" [2006-07-03 110592]
"DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-05-18 196696]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-11-11 198160]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-02 7557120]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-08-09 221184]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
c:\documents and settings\bobbileigh\Start Menu\Programs\Startup\
Secunia PSI.lnk - c:\program files\Secunia\PSI\psi.exe [2010-7-21 965176]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-11-26 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2009-7-10 323584]
Play Wireless USB Adapter Utility.lnk - c:\program files\Belkin\F7D4101\V1\PBN.exe [2009-11-25 110592]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
2006-01-11 01:01 106496 ------w- c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-01-15 09:22 267048 ------w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Octoshape Streaming Services]
2009-01-08 13:44 70936 ----a-w- c:\documents and settings\bobbileigh\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"=
"c:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"=
"c:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"=
"c:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Program Files\\Motorola\\Software Update\\msu.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Last.fm\\LastFM.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\ThinkVantage\\AMSG\\Amsg.exe"=
"c:\\WINDOWS\\system32\\FSRremoS.EXE"=
"c:\\Program Files\\Grisoft\\AVG Free\\avgupsvc.exe"=
"c:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Documents and Settings\\bobbileigh\\Application Data\\Octoshape\\Octoshape Streaming Services\\OctoshapeClient.exe"=
"c:\\Program Files\\AIM7\\aim.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"67:UDP"= 67:UDP:DHCP Discovery Service
R2 MotoConnect Service;MotoConnect Service;c:\program files\Motorola\MotoConnectService\MotoConnectService.exe [6/24/2010 1:34 PM 91456]
R2 smi2;smi2;c:\program files\SMI2\smi2.sys [7/14/2006 4:55 PM 3968]
S1 MpKsl70a2501f;MpKsl70a2501f;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AD443F8E-7B6D-47C4-90F0-35F9BC1992B6}\MpKsl70a2501f.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AD443F8E-7B6D-47C4-90F0-35F9BC1992B6}\MpKsl70a2501f.sys [?]
S2 WLANBelkinService;Belkin WLAN service;c:\program files\Belkin\F7D4101\V1\wlansrv.exe [12/28/2009 4:25 PM 36864]
S3 BCMH43XX;N+ Wireless USB Adapter Driver;c:\windows\system32\drivers\bcmwlhigh5.sys [11/6/2009 7:26 AM 642432]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys --> c:\windows\system32\DRIVERS\motodrv.sys [?]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [7/7/2010 8:05 AM 14904]
S3 PsSdk30;PsSdk30;\??\c:\windows\system32\Drivers\PsSdk30.drv --> c:\windows\system32\Drivers\PsSdk30.drv [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12/14/2006 10:04 PM 639224]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
2011-01-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]
2011-02-04 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-26 02:40]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5577
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
FF - ProfilePath - c:\documents and settings\bobbileigh\Application Data\Mozilla\Firefox\Profiles\u4rcmdu5.default\
FF - prefs.js: browser.startup.homepage - www.facebook.com
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 5577
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: XULRunner: {EAA8183D-4C08-43C4-8103-FE3DD862B05E} - c:\documents and settings\bobbileigh\Local Settings\Application Data\{EAA8183D-4C08-43C4-8103-FE3DD862B05E}
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\bobbileigh\Application Data\Move Networks
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-04 15:47
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD2500JS-08NCB1 rev.10.02E01 -> Harddisk0\DR0 -> \Device\Ide\IdePort2 P2T0L0-e
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86AAAEC5]<<
c:\docume~1\BOBBIL~1\LOCALS~1\Temp\catchme.sys
_asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x1c; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0x85e48872; SUB DWORD [EBP-0x4], 0x85e4812e; PUSH EDI; CALL 0xffffffffffffdf33; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x86F57AB8]
3 CLASSPNP[0xF7580FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\0000007d[0x86FDE2D8]
5 ACPI[0xF7417620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x86FC5030]
[0x86CFD4C0] -> IRP_MJ_CREATE -> 0x86AAAEC5
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [bP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\Ide\IdeDeviceP2T0L0-e -> \??\IDE#DiskWDC_WD2500JS-08NCB1_____________________10.02E01#5&1e8838a0&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x86AAAAEA
user & kernel MBR OK
sectors 488397166 (+255): user != kernel
Warning: possible TDL3 rootkit infection !
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet022\Services\PsSdk30]
"ImagePath"="\??\c:\windows\system32\Drivers\PsSdk30.drv"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2011-02-04 15:53:34
ComboFix-quarantined-files.txt 2011-02-04 21:53
ComboFix2.txt 2010-12-24 07:33
ComboFix3.txt 2010-12-21 06:43
ComboFix4.txt 2010-12-18 18:15
ComboFix5.txt 2011-02-04 08:33
Pre-Run: 32,060,919,808 bytes free
Post-Run: 32,067,661,824 bytes free
- - End Of File - - 12A8916DD62DC2B4A52880A3ABF5172D
-
OTL Extras logfile created on: 2/4/2011 2:25:53 AM - Run 4
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\bobbileigh\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
991.00 Mb Total Physical Memory | 397.00 Mb Available Physical Memory | 40.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 63.00% Paging File free
Paging file location(s): C:\pagefile.sys 1488 2976 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.49 Gb Total Space | 29.91 Gb Free Space | 13.09% Space Free | Partition Type: NTFS
Computer Name: LENOVO-B3862E77 | User Name: bobbileigh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10244:TCP" = 10244:TCP:LocalSubNet:Enabled:Zune Network Sharing Service
"10285:UDP" = 10285:UDP:LocalSubNet:Enabled:Zune Network Sharing Service
"10286:UDP" = 10286:UDP:LocalSubNet:Enabled:Zune Network Sharing Service
"10287:UDP" = 10287:UDP:LocalSubNet:Enabled:Zune Network Sharing Service
"10288:UDP" = 10288:UDP:LocalSubNet:Enabled:Zune Network Sharing Service
"10289:UDP" = 10289:UDP:LocalSubNet:Enabled:Zune Network Sharing Service
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"10244:TCP" = 10244:TCP:LocalSubNet:Enabled:Zune Network Sharing Service
"10285:UDP" = 10285:UDP:LocalSubNet:Enabled:Zune Network Sharing Service
"10286:UDP" = 10286:UDP:LocalSubNet:Enabled:Zune Network Sharing Service
"10287:UDP" = 10287:UDP:LocalSubNet:Enabled:Zune Network Sharing Service
"10288:UDP" = 10288:UDP:LocalSubNet:Enabled:Zune Network Sharing Service
"10289:UDP" = 10289:UDP:LocalSubNet:Enabled:Zune Network Sharing Service
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"67:UDP" = 67:UDP:*:Enabled:DHCP Discovery Service
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Grisoft\AVG Free\avginet.exe" = C:\Program Files\Grisoft\AVG Free\avginet.exe:*:Enabled:avginet.exe -- (GRISOFT, s.r.o.)
"C:\Program Files\Grisoft\AVG Free\avgamsvr.exe" = C:\Program Files\Grisoft\AVG Free\avgamsvr.exe:*:Enabled:avgamsvr.exe -- (GRISOFT, s.r.o.)
"C:\Program Files\Grisoft\AVG Free\avgcc.exe" = C:\Program Files\Grisoft\AVG Free\avgcc.exe:*:Enabled:avgcc.exe -- (GRISOFT, s.r.o.)
"C:\Program Files\Grisoft\AVG Free\avgemc.exe" = C:\Program Files\Grisoft\AVG Free\avgemc.exe:*:Enabled:avgemc.exe -- (GRISOFT, s.r.o.)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)
"C:\WINDOWS\system32\rtcshare.exe" = C:\WINDOWS\system32\rtcshare.exe:*:Enabled:RTC App Sharing -- (Microsoft Corporation)
"C:\Program Files\NetMeeting\conf.exe" = C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows
-
I do not see a extra.txt
-
OTL logfile created on: 2/3/2011 4:02:10 PM - Run 3
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\bobbileigh\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
991.00 Mb Total Physical Memory | 292.00 Mb Available Physical Memory | 29.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): C:\pagefile.sys 1488 2976 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.49 Gb Total Space | 29.61 Gb Free Space | 12.96% Space Free | Partition Type: NTFS
Computer Name: LENOVO-B3862E77 | User Name: bobbileigh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\bobbileigh\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AIM7\aim.exe (AOL Inc.)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe ()
PRC - C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe (Motorola)
PRC - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Essentials\MpCmdRun.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Belkin\F7D4101\V1\PBN.exe ()
PRC - c:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Grisoft\AVG Free\avgupsvc.exe (GRISOFT, s.r.o.)
PRC - C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft ActiveSync\rapimgr.exe (Microsoft Corporation)
PRC - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
PRC - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe (Lenovo Group Limited)
PRC - C:\Program Files\Common Files\Lenovo\Logger\logmon.exe ()
PRC - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe ()
PRC - c:\Program Files\Lenovo\System Update\SUService.exe ( )
PRC - C:\Program Files\Lenovo\LenovoCare\LPMGR.EXE (Lenovo Group Limited)
PRC - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation)
PRC - C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)
PRC - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe ()
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
PRC - C:\WINDOWS\system32\ico.exe (Primax Electronics Ltd.)
PRC - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe ()
PRC - C:\WINDOWS\system32\FSRremoS.EXE ()
========== Modules (SafeList) ==========
MOD - C:\Documents and Settings\bobbileigh\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msvbvm60.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\dinput.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- File not found
SRV - (KodakCCS) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (MotoConnect Service) -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe ()
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (WLANBelkinService) -- C:\Program Files\Belkin\F7D4101\V1\wlansrv.exe ()
SRV - (getPlusHelper) getPlus® -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (AVGEMS) -- C:\Program Files\Grisoft\AVG Free\avgemc.exe (GRISOFT, s.r.o.)
SRV - (Avg7Alrt) -- C:\Program Files\Grisoft\AVG Free\avgamsvr.exe (GRISOFT, s.r.o.)
SRV - (Avg7UpdSvc) -- C:\Program Files\Grisoft\AVG Free\avgupsvc.exe (GRISOFT, s.r.o.)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE (Symantec Corporation)
SRV - (Automatic LiveUpdate Scheduler) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
SRV - (TVT Scheduler) -- C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe (Lenovo Group Limited)
SRV - (TVT Backup Service) -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe (Lenovo Group Limited)
SRV - (ThinkVantage Registry Monitor Service) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe ()
SRV - (SUService) -- c:\Program Files\Lenovo\System Update\SUService.exe ( )
SRV - (PsaSrv) -- C:\WINDOWS\system32\psasrv.exe ()
SRV - (Diskeeper) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation)
SRV - (lxcf_device) -- C:\WINDOWS\System32\lxcfcoms.exe ( )
SRV - (Belkin Wireless USB Network Adapter Service) -- C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe ()
SRV - (MSSQL$SONY_MEDIAMGR) -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLAgent$SONY_MEDIAMGR) -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (MpKsl0e103f17) -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AD443F8E-7B6D-47C4-90F0-35F9BC1992B6}\MpKsl0e103f17.sys (Microsoft Corporation)
DRV - (MpKsl70a2501f) -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AD443F8E-7B6D-47C4-90F0-35F9BC1992B6}\MpKsl70a2501f.sys (Microsoft Corporation)
DRV - (PSI) -- C:\WINDOWS\system32\drivers\psi_mf.sys (Secunia)
DRV - (psadd) -- C:\WINDOWS\system32\drivers\psadd.sys (Lenovo)
DRV - (BCMH43XX) -- C:\WINDOWS\system32\drivers\bcmwlhigh5.sys (Broadcom Corporation)
DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (AvgClean) -- C:\WINDOWS\System32\Drivers\avgclean.sys (GRISOFT, s.r.o.)
DRV - (usbsermpt) -- C:\WINDOWS\system32\drivers\usbsermpt.sys (Microsoft Corporation)
DRV - (Avg7Core) -- C:\WINDOWS\System32\Drivers\avg7core.sys (GRISOFT, s.r.o.)
DRV - (xusb21) -- C:\WINDOWS\system32\drivers\xusb21.sys (Microsoft Corporation)
DRV - (Avg7RsXP) -- C:\WINDOWS\System32\Drivers\avg7rsxp.sys (GRISOFT, s.r.o.)
DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Zone Labs, LLC)
DRV - (sptd) -- C:\WINDOWS\system32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (AvgTdi) -- C:\WINDOWS\System32\Drivers\avgtdi.sys (GRISOFT, s.r.o.)
DRV - (Avg7RsW) -- C:\WINDOWS\System32\Drivers\avg7rsw.sys ()
DRV - (pmem) -- C:\WINDOWS\system32\drivers\pmemnt.sys (Microsoft Corporation)
DRV - (tvtfilter) -- C:\WINDOWS\system32\drivers\tvtfilter.sys (Lenovo)
DRV - (TVTPktFilter) -- C:\WINDOWS\system32\drivers\tvtpktfilter.sys (Lenovo Group Limited)
DRV - (smi2) -- C:\Program Files\SMI2\smi2.sys (IBM Corp.)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (ADIHdAudAddService) -- C:\WINDOWS\system32\drivers\ADIHdAud.sys (Analog Devices, Inc.)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (iaStor) -- C:\WINDOWS\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (RT73) -- C:\WINDOWS\system32\drivers\rt73.sys (Ralink Technology, Corp.)
DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\Hdaudio.sys (Windows ® Server 2003 DDK provider)
DRV - (USBCM) -- C:\WINDOWS\system32\drivers\Sacm2A.sys ( )
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (Iviaspi) -- C:\WINDOWS\system32\drivers\iviaspi.sys (InterVideo, Inc.)
DRV - (pelusblf) -- C:\WINDOWS\system32\drivers\PELUSBLF.SYS (Primax Electronics Ltd.)
DRV - (pelmouse) -- C:\WINDOWS\system32\drivers\PELMOUSE.SYS (Primax Electronics Ltd.)
DRV - (WIBUKEY) -- C:\WINDOWS\system32\drivers\Wibukey.sys (WIBU-SYSTEMS AG)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (G400) -- C:\WINDOWS\system32\drivers\G400m.sys (Matrox Graphics Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-296326354-2807299508-1748536991-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-296326354-2807299508-1748536991-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-296326354-2807299508-1748536991-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-296326354-2807299508-1748536991-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "www.facebook.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {EAA8183D-4C08-43C4-8103-FE3DD862B05E}:1.9.1
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 5577
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
FF - prefs.js..network.proxy.type: 0
FF - HKLM\software\mozilla\Firefox\Extensions\\{EAA8183D-4C08-43C4-8103-FE3DD862B05E}: C:\Documents and Settings\bobbileigh\Local Settings\Application Data\{EAA8183D-4C08-43C4-8103-FE3DD862B05E} [2010/12/27 15:40:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/13 18:05:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/11 22:51:55 | 000,000,000 | ---D | M]
[2010/12/05 00:19:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\bobbileigh\Application Data\Mozilla\Extensions
[2010/12/05 00:19:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\bobbileigh\Application Data\Mozilla\Firefox\Profiles\u4rcmdu5.default\extensions
[2011/01/30 23:26:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/27 17:47:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/02/17 22:43:15 | 000,000,000 | ---D | M] (Move Media Player) -- C:\DOCUMENTS AND SETTINGS\BOBBILEIGH\APPLICATION DATA\MOVE NETWORKS
[2010/12/27 15:40:08 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\BOBBILEIGH\LOCAL SETTINGS\APPLICATION DATA\{EAA8183D-4C08-43C4-8103-FE3DD862B05E}
[2010/06/27 17:47:06 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/06/27 17:47:05 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/03/06 18:53:21 | 000,024,576 | ---- | M] (RealNetworks) -- C:\Program Files\Mozilla Firefox\plugins\npgcplug.dll
[2005/12/05 22:31:00 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2005/04/27 14:10:49 | 000,102,400 | ---- | M] (RealNetworks) -- C:\Program Files\Mozilla Firefox\plugins\npracplug.dll
O1 HOSTS File: ([2010/12/21 00:36:27 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [DiskeeperSystray] C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)
O4 - HKLM..\Run: [iSUSPM Startup] c:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [iSUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [LPManager] C:\Program Files\Lenovo\LenovoCare\LPMGR.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\WINDOWS\System32\ico.exe (Primax Electronics Ltd.)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
O4 - HKU\S-1-5-21-296326354-2807299508-1748536991-1006..\Run: [AIM] C:\Program Files\AIM7\aim.exe (AOL Inc.)
O4 - HKU\S-1-5-21-296326354-2807299508-1748536991-1006..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-296326354-2807299508-1748536991-1006..\Run: [HijackThis startup scan] C:\Program Files\Trend Micro\HijackThis\HijackThis.exe (Trend Micro Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Play Wireless USB Adapter Utility.lnk = C:\Program Files\Belkin\F7D4101\V1\PBN.exe ()
O4 - Startup: C:\Documents and Settings\bobbileigh\Start Menu\Programs\Startup\Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe (Secunia)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-296326354-2807299508-1748536991-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-296326354-2807299508-1748536991-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-296326354-2807299508-1748536991-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-296326354-2807299508-1748536991-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra Button: System Update - {DA320635-F48C-4613-8325-D75A933C549E} - C:\Program Files\Lenovo\System Update\sulauncher.exe ()
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase6087.cab (Windows Live Safety Center Base Module)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photo...ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\bobbileigh\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\bobbileigh\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/04/29 23:36:18 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/02/03 16:01:44 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\bobbileigh\Desktop\OTL.exe
[2011/01/28 22:25:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bobbileigh\Desktop\Mixfortheroad
[2011/01/10 08:26:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bobbileigh\Desktop\Paul_Wall-Politics_As_Usual-2011-FiH
[2011/01/06 17:18:53 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\bobbileigh\Recent
[2007/03/06 18:53:25 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[2007/02/03 17:25:41 | 001,183,744 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcfserv.dll
[2007/02/03 17:25:41 | 001,134,592 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcfusb1.dll
[2007/02/03 17:25:41 | 000,155,648 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcfprox.dll
[2007/02/03 17:25:40 | 000,114,688 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcfpplc.dll
[2007/02/03 17:25:39 | 000,704,512 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcfcomc.dll
[2007/02/03 17:25:39 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcfcomm.dll
[2007/02/03 17:25:38 | 000,483,328 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcflmpm.dll
[2006/11/25 18:18:56 | 000,015,429 | R--- | C] ( ) -- C:\WINDOWS\System32\drivers\Sacm2A.sys
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/02/03 16:01:29 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\bobbileigh\Desktop\OTL.exe
[2011/02/03 15:59:46 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/02/03 15:55:42 | 000,050,257 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/02/03 15:54:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/02/03 15:54:16 | 1038,790,656 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/03 15:31:30 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/01/30 22:46:19 | 000,002,425 | ---- | M] () -- C:\Documents and Settings\bobbileigh\Desktop\Paint Shop Pro 7.lnk
[2011/01/28 03:02:24 | 000,041,043 | ---- | M] () -- C:\Documents and Settings\bobbileigh\Desktop\adda0565e9ffb13033a33d952517103c.jpg
[2011/01/28 02:20:28 | 000,164,986 | ---- | M] () -- C:\Documents and Settings\bobbileigh\Desktop\VonMax_VM4_51710_LG.jpg
[2011/01/27 12:59:52 | 000,053,248 | ---- | M] () -- C:\Documents and Settings\bobbileigh\Desktop\Matts Resume.doc
[2011/01/26 01:46:04 | 000,287,085 | ---- | M] () -- C:\Documents and Settings\bobbileigh\Desktop\testgrille.jpg
[2011/01/26 01:30:45 | 000,091,388 | ---- | M] () -- C:\Documents and Settings\bobbileigh\Desktop\chargerpics025.jpg
[2011/01/25 16:49:19 | 001,014,550 | ---- | M] () -- C:\Documents and Settings\bobbileigh\Desktop\2011-01-25_16-30-58_979.jpg
[2011/01/25 16:47:47 | 001,207,876 | ---- | M] () -- C:\Documents and Settings\bobbileigh\Desktop\2011-01-25_16-31-06_895.jpg
[2011/01/25 16:47:27 | 001,018,063 | ---- | M] () -- C:\Documents and Settings\bobbileigh\Desktop\2011-01-25_16-31-15_153.jpg
[2011/01/25 11:37:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/01/22 22:44:38 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\bobbileigh\Desktop\ArenaSeason5.xls
[2011/01/13 12:47:43 | 000,012,990 | ---- | M] () -- C:\Documents and Settings\bobbileigh\Desktop\438.gif
[2011/01/13 03:05:02 | 000,000,175 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2011/01/12 23:31:08 | 000,088,576 | ---- | M] () -- C:\Documents and Settings\bobbileigh\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/11 00:43:21 | 000,002,457 | ---- | M] () -- C:\Documents and Settings\bobbileigh\Desktop\HiJackThis.lnk
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/01/28 03:02:24 | 000,041,043 | ---- | C] () -- C:\Documents and Settings\bobbileigh\Desktop\adda0565e9ffb13033a33d952517103c.jpg
[2011/01/28 02:20:27 | 000,164,986 | ---- | C] () -- C:\Documents and Settings\bobbileigh\Desktop\VonMax_VM4_51710_LG.jpg
[2011/01/27 12:59:51 | 000,053,248 | ---- | C] () -- C:\Documents and Settings\bobbileigh\Desktop\Matts Resume.doc
[2011/01/26 01:44:10 | 000,287,085 | ---- | C] () -- C:\Documents and Settings\bobbileigh\Desktop\testgrille.jpg
[2011/01/26 01:30:44 | 000,091,388 | ---- | C] () -- C:\Documents and Settings\bobbileigh\Desktop\chargerpics025.jpg
[2011/01/25 16:49:18 | 001,014,550 | ---- | C] () -- C:\Documents and Settings\bobbileigh\Desktop\2011-01-25_16-30-58_979.jpg
[2011/01/25 16:47:51 | 001,207,876 | ---- | C] () -- C:\Documents and Settings\bobbileigh\Desktop\2011-01-25_16-31-06_895.jpg
[2011/01/25 16:47:26 | 001,018,063 | ---- | C] () -- C:\Documents and Settings\bobbileigh\Desktop\2011-01-25_16-31-15_153.jpg
[2011/01/22 05:23:42 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\bobbileigh\Desktop\ArenaSeason5.xls
[2011/01/13 12:48:19 | 000,012,990 | ---- | C] () -- C:\Documents and Settings\bobbileigh\Desktop\438.gif
[2011/01/11 01:16:26 | 1038,790,656 | -HS- | C] () -- C:\hiberfil.sys
[2010/12/19 01:50:29 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/12/11 23:49:16 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/05/23 18:05:00 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\bobbileigh\Local Settings\Application Data\housecall.guid.cache
[2010/03/02 20:16:24 | 000,016,030 | -HS- | C] () -- C:\Documents and Settings\bobbileigh\Local Settings\Application Data\6ENTSxRMA8c1v3wk4Gosy8f4p7
[2010/03/02 20:10:24 | 000,011,264 | -HS- | C] () -- C:\Documents and Settings\bobbileigh\Local Settings\Application Data\U4E5P2rdp
[2010/03/02 19:57:21 | 000,013,132 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\U4E5P2rdp
[2009/12/10 01:11:19 | 000,292,864 | ---- | C] () -- C:\Program Files\ogi7888l.exe
[2009/11/11 08:44:10 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/10/06 00:13:30 | 030,925,707 | -HS- | C] () -- C:\WINDOWS\System32\acelpdecs.sys
[2009/10/04 15:02:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\1031r.sys
[2008/03/14 21:55:59 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\bobbileigh\Application Data\$_hpcst$.hpc
[2007/05/26 19:55:23 | 000,077,895 | ---- | C] () -- C:\WINDOWS\System32\unibus_tcutil.dll
[2007/03/23 00:19:23 | 000,088,576 | ---- | C] () -- C:\Documents and Settings\bobbileigh\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/02/03 17:25:42 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxcfvs.dll
[2006/12/26 22:49:40 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2006/12/26 22:48:25 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2006/12/26 22:48:25 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2006/12/26 22:48:25 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2006/12/19 02:10:48 | 000,001,359 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/12/14 20:52:37 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/12/14 20:42:55 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2006/12/10 22:38:12 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\bobbileigh\Application Data\PFP120JPR.{PB
[2006/12/10 22:38:12 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\bobbileigh\Application Data\PFP120JCM.{PB
[2006/11/26 10:33:47 | 000,004,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\avg7rsw.sys
[2006/11/26 10:22:53 | 000,006,580 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/11/26 10:22:53 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\E59962D3AE.sys
[2006/11/25 21:18:17 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/11/25 20:11:25 | 000,000,518 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\tvt_userinfo.ini
[2006/11/25 19:38:13 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\B11gUSB.dll
[2006/11/25 19:38:12 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2006/11/25 18:18:56 | 000,053,693 | R--- | C] () -- C:\WINDOWS\UNDPX2A.sys
[2006/11/25 18:01:43 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\bobbileigh\Local Settings\Application Data\fusioncache.dat
[2006/10/13 18:07:49 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/10/13 17:53:12 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2006/10/13 17:50:32 | 000,000,970 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/10/13 17:49:03 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/10/13 17:49:03 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/10/13 17:49:03 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/10/13 17:49:03 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/10/13 17:49:03 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/10/13 17:49:03 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/10/13 17:44:37 | 000,005,528 | ---- | C] () -- C:\WINDOWS\System32\Setup2k.ini
[2006/10/13 17:44:37 | 000,000,296 | ---- | C] () -- C:\WINDOWS\System32\presetup.ini
[2006/10/13 17:44:36 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\FSRremoC.DLL
[2006/10/13 17:38:03 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/10/13 17:38:03 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/10/13 17:38:03 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/10/13 17:38:03 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/10/13 17:38:03 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/07/26 20:05:58 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2006/04/30 00:05:41 | 000,004,670 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/04/29 23:48:13 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/04/29 23:11:32 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2006/04/29 23:11:32 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2006/04/29 23:11:32 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2006/04/29 23:11:32 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2006/04/29 23:11:32 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2006/04/29 16:24:50 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
========== LOP Check ==========
[2006/11/25 20:13:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.LENOVO-B3862E77\Application Data\Lenovo
[2006/10/13 18:06:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.LENOVO-B3862E77\Application Data\ThinkVantage
[2008/10/01 18:31:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2010/12/11 22:35:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2007/06/10 18:54:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Aliasworlds
[2009/12/13 19:53:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Artist Colony
[2009/11/08 20:27:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg7
[2010/12/11 21:43:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\bImBg06301
[2009/11/08 20:27:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Borland
[2007/12/04 20:06:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2009/01/18 15:50:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DivoGames
[2007/02/22 16:11:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\element5
[2007/08/27 17:49:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Escape From Paradise
[2008/08/23 14:01:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreshGames
[2007/11/15 18:49:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fugazo
[2007/06/04 12:07:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2009/03/09 17:31:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii
[2009/11/08 21:19:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2007/09/10 15:15:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HipSoft
[2007/03/05 21:04:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InterVideo
[2009/03/15 14:16:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin Games
[2007/11/02 16:25:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Legacy Interactive
[2009/11/08 20:39:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lenovo
[2008/06/07 20:10:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ludia
[2009/09/24 19:21:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Merscom
[2007/12/13 19:59:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2007/06/29 16:34:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Games
[2010/03/18 14:01:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2010/03/13 22:11:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2009/03/16 16:33:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Shockwave
[2009/02/15 10:39:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SugarGames
[2010/03/18 14:14:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/01/31 20:05:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Valusoft
[2010/06/27 17:27:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/11/08 21:19:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2006/11/25 23:13:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bobbileigh\Application Data\acccore
[2009/11/09 14:22:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bobbileigh\Application Data\Aim
[2008/08/11 23:08:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bobbileigh\Application Data\Alien Skin
[2010/03/13 22:09:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bobbileigh\Application Data\Amazon
[2009/11/08 20:27:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bobbileigh\Application Data\AVG7
[2009/11/08 20:22:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bobbileigh\Application Data\BitTorrent
[2010/01/15 17:14:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bobbileigh\Application Data\BlamGames
[2009/03/23 13:50:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bobbileigh\Application Data\Burdaloo
[2009/12/08 18:57:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bobbileigh\Application Data\DNA
[2009/03/07 21:44:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bobbileigh\Application Data\EleFun Games
[2010/03/13 22:10:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bobbileigh\Application Data\eMusic
[2007/10/14 12:58:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bobbileigh\Application Data\funkitron
[2007/07/15 15:53:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bobbileigh\Application Data\Gamelab
[2007/12/22 20:01:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bobbileigh\Application Data\Home Sweet Home
[2008/09/06 21:33:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bobbileigh\Application Data\Home Sweet Home 2
[2007/03/05 21:00:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bobbileigh\Application Data\Intervideo
[2007/03/03 19:29:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bobbileigh\Application Data\iWin
[2009/11/08 20:23:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bobbileigh\Application Data\Jane s Hotel
[2007/05/30 15:29:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bobbileigh\Application Data\Jasc
[2006/12/14 16:55:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bobbileigh\Application Data\Leadertech
[2010/06/27 17:44:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bobbileigh\Application Data\Lenovo
[2008/06/07 20:10:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bobbileigh\Application Data\Ludia
[2008/02/23 15:50:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bobbileigh\Application Data\Magic Seeds
[2009/09/24 19:21:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bobbileigh\Application Data\Merscom
[2007/06/06 17:51:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bobbileigh\Application Data\MysteryStudio
[2010/01/08 19:13:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bobbileigh\Application Data\Octoshape
[2008/11/21 20:55:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bobbileigh\Application Data\Pi Eye Games
[2010/03/18 14:01:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bobbileigh\Application Data\PlayFirst
[2007/10/31 19:36:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bobbileigh\Application Data\Pogo Games
[2007/06/28 01:36:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bobbileigh\Application Data\Publish Providers
[2007/06/07 09:31:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bobbileigh\Application Data\Sandlot Games
[2007/10/13 18:44:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bobbileigh\Application Data\SecondLife
[2009/03/16 16:33:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bobbileigh\Application Data\Shockwave
[2009/12/19 00:29:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bobbileigh\Application Data\Skinux
[2007/06/28 01:35:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bobbileigh\Application Data\Sony
[2006/10/13 18:06:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bobbileigh\Application Data\ThinkVantage
[2008/01/31 20:05:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bobbileigh\Application Data\Valusoft
[2009/02/24 17:34:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bobbileigh\Application Data\ViquaSoft
[2006/11/25 20:13:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Lenovo
[2006/10/13 18:06:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\ThinkVantage
[2006/11/26 10:33:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\AVG7
[2009/11/08 20:27:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\matt\Application Data\AVG7
[2010/06/27 17:44:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\matt\Application Data\Lenovo
[2011/01/06 12:32:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\matt\Application Data\Skinux
[2006/10/13 18:06:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\matt\Application Data\ThinkVantage
[2007/09/03 07:12:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\AVG7
[2010/03/12 08:43:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Skinux
[2011/02/03 15:59:46 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
========== Purity Check ==========
< End of report >
-
Never mind. I see the instructions for the XP disk were the same.
It worked!! My computer booted up normally once I changed the boot order. Thank you thank you thank you.
Do you know what might have caused this? Also, what live malware/virus protection would you recommend? I always seem to get it no matter what I have to protect my computer!
-
Woohoo. That worked. I assumed I wanted to run recovery console since you mentioned to earlier from the XP disk so I started that. Now it's asking what windows installation would you like to log onto?
-
I just seen your new post. I'll try that real quick.
-
I found an ISO of recovery console and tried to run it, but it keeps coming up as a black screen. Yes I have changed the boot to CD ROM first and I have tried to burn the disk twice just to see if it was that, still just a black screen. It sounds like the cd is being read, but it just sits there and then stops this time with out restarting.
-
I don't have a copy of Windows XP. This is my fiance's computer and she said it never came with a windows disk when she bought it. Is there a way around this or some place I could download recovery console to a disk?
-
Never mind. I got it to show up but I had to copy paste it into a folder in the USB. Here it is.
-
I restarted and tried it again, now after I enter the command it says
1+0 records in
1+0 records out
Still no file saved to USB.
-
Ok I get all the way to typing in the command under open terminal. It seems to do something as it reads off a bunch of stuff, looks like definitions of the command I typed. It seems to stop after a few seconds, but when I remove the USB device (have used 2 already) no file seems to be saved for me to put into a zip. Is there something I'm missing? Is there a way I can type the results instead?
-
As stated in my original post, when I hit F8 it just goes to a black screen, I cannot select any options on the first picture you have posted. Any other options?
-
Hey guys.
I wasn't sure if this was the best place to post, but I'm 99% sure this is some type of virus/malware. My computer was working fine last night and I woke up and noticed microsoft security essentials said my computer needed a restart. So I went to restart my computer and now after the initial boot up it restarts and continues this cycle. As soon as the Lenovo logo is done loading and then should continue into the user sign in page it just loads into a black screen instead, sits there for about 30 seconds and then restarts. I am not able to go into safe mode or any other screen. When I press F8 it just goes to a black screen again and then restarts.
I changed the boot order to CD Rom first and then I ran chkdsk and nothing came back wrong, so this is what has me convinced that it is a virus. I have aslo tried to run recovery console but that continues to just a black screen and just sits there.
I'm thinking this may be a virus as my computer has been running rather slow lately and chkdsk has shown there are no hard drive issues. Please let me know what I can do to get my computer up and running again. Thanks!
-
========== OTL ==========
C:\Documents and Settings\bobbileigh\Local Settings\Application Data\pyku.exe moved successfully.
C:\Documents and Settings\bobbileigh\Local Settings\Application Data\niry.lib moved successfully.
C:\Program Files\Common Files\oharyrex._dl moved successfully.
C:\Documents and Settings\bobbileigh\Application Data\miri.scr moved successfully.
C:\Documents and Settings\All Users\Application Data\gele.pif moved successfully.
C:\Documents and Settings\bobbileigh\Application Data\mode.dl moved successfully.
C:\Documents and Settings\All Users\Application Data\sipixybuk.pif moved successfully.
C:\Documents and Settings\bobbileigh\Local Settings\Application Data\osimit.dl moved successfully.
C:\Program Files\Common Files\macycygi.db moved successfully.
OTL by OldTimer - Version 3.1.14.0 log created on 12122009_174148
Everything seems to be working well. What did the last code do? If you don't mind me asking...
-
-
Glad you didn't jump the gun like I did! It found a few more things.
-
mbam_log_2009_12_11__17_14_20_.txt
It found two files that I noticed were showing in HiJack This also, but they were removed and are no longer showing in HJT. Looks like all is well! Thanks a lot and I appreciate all the people on this forum! Keep using your knowledge for the good!!
Also, if you could recommend a free anti virus program or maybe even a cheap one, I would greatly appreciate it.
XP reboots at start up. Possible virus.
in Resolved Malware Removal Logs
Posted
Good to hear! My computer seems to be flying now lol. I downloaded SpywareBlaster and will be updating any Windows files I can next. Once I receive my taxes back I'll be sure to spread some of the wealth! Thank you for your time and help!