melting22
-
Posts
21 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by melting22
-
-
MBRCheck, version 1.2.3
© 2010, AD
Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x000000fc
Kernel Drivers (total 135):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 isapnp.sys
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA0B8000 MountMgr.sys
0xB9F49000 ftdisk.sys
0xBA5AC000 dmload.sys
0xB9F23000 dmio.sys
0xBA330000 PartMgr.sys
0xBA0C8000 VolSnap.sys
0xB9F0B000 atapi.sys
0xBA0D8000 disk.sys
0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9EEB000 fltmgr.sys
0xB9ED9000 sr.sys
0xBA0F8000 PxHelp20.sys
0xB9EC2000 KSecDD.sys
0xB9E35000 Ntfs.sys
0xB9E08000 NDIS.sys
0xB9DEE000 Mup.sys
0xBA108000 klbg.sys
0xBA198000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB91CB000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xB91B7000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB918F000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xBA430000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB916B000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA438000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB99B8000 \SystemRoot\system32\DRIVERS\imapi.sys
0xB9DB6000 \SystemRoot\system32\drivers\pfc.sys
0xB99A8000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xB9998000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB9148000 \SystemRoot\system32\DRIVERS\ks.sys
0xB912F000 \SystemRoot\system32\DRIVERS\Rtenicxp.sys
0xB9101000 \SystemRoot\system32\drivers\cx88vid.sys
0xB9988000 \SystemRoot\system32\drivers\STREAM.SYS
0xB9978000 \SystemRoot\system32\DRIVERS\serial.sys
0xB9DAA000 \SystemRoot\system32\DRIVERS\serenum.sys
0xB90ED000 \SystemRoot\system32\DRIVERS\parport.sys
0xB9968000 \SystemRoot\system32\DRIVERS\klim5.sys
0xBA7FF000 \SystemRoot\system32\DRIVERS\audstub.sys
0xB9958000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xBA548000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB90D6000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xB9948000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xB9938000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA480000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB90C5000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA1A8000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA490000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA4A0000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB9095000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xBA1B8000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA4B0000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA340000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA1C8000 \SystemRoot\system32\DRIVERS\VClone.sys
0xB907D000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0xBA610000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB901F000 \SystemRoot\system32\DRIVERS\update.sys
0xB9707000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xBA1D8000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xACF93000 \SystemRoot\system32\drivers\AtiHdAud.sys
0xACF6F000 \SystemRoot\system32\drivers\portcls.sys
0xBA208000 \SystemRoot\system32\drivers\drmk.sys
0xBA228000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA61E000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xACAE3000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xB8FF3000 \SystemRoot\system32\drivers\CX88XBAR.sys
0xABA42000 \SystemRoot\system32\DRIVERS\klif.sys
0xBA63E000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA72A000 \SystemRoot\System32\Drivers\Null.SYS
0xBA642000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA3D0000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xBA3D8000 \SystemRoot\System32\drivers\vga.sys
0xBA646000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA64A000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA3E8000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA3F8000 \SystemRoot\System32\Drivers\Npfs.SYS
0xACADF000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xAB4DA000 \??\C:\WINDOWS\system32\drivers\kl1.sys
0xAB4C7000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xACAB3000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xBA268000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xAB446000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xAB41E000 \SystemRoot\system32\DRIVERS\netbt.sys
0xAB3F8000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xBA278000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xAB3D6000 \SystemRoot\System32\drivers\afd.sys
0xBA288000 \SystemRoot\system32\DRIVERS\netbios.sys
0xAB3AB000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xBA770000 \SystemRoot\System32\Drivers\PQNTDrv.SYS
0xAB33B000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xBA298000 \SystemRoot\System32\Drivers\Fips.SYS
0xBA440000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
0xACA93000 \SystemRoot\System32\Drivers\ASPI32.SYS
0xBA458000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xABA36000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xBA470000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
0xBA2D8000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
0xAB202000 \SystemRoot\System32\Drivers\wdf01000.sys
0xABA2E000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xBA488000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
0xBA2E8000 \SystemRoot\system32\DRIVERS\klmouflt.sys
0xBA2F8000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xAB1EA000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xBA660000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xBA5A0000 \SystemRoot\System32\drivers\Dxapi.sys
0xBA3A0000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA685000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF060000 \SystemRoot\System32\ati2cqag.dll
0xBF10C000 \SystemRoot\System32\atikvmag.dll
0xBF1A9000 \SystemRoot\System32\atiok3x2.dll
0xBF20E000 \SystemRoot\System32\ati3duag.dll
0xBF5BF000 \SystemRoot\System32\ativvaxx.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xA8695000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA8364000 \SystemRoot\system32\drivers\wdmaud.sys
0xBA218000 \SystemRoot\system32\drivers\sysaudio.sys
0xA8159000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xBA63C000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xBA6C3000 \SystemRoot\System32\Drivers\LBeepKE.sys
0xA825E000 \SystemRoot\system32\DRIVERS\secdrv.sys
0xA7F77000 \SystemRoot\system32\DRIVERS\srv.sys
0xA7B4E000 \SystemRoot\System32\Drivers\HTTP.sys
0xBA428000 \??\C:\DOCUME~1\Devlish\LOCALS~1\Temp\mbr.sys
0x7C900000 \WINDOWS\system32\ntdll.dll
Processes (total 28):
0 System Idle Process
4 System
1044 C:\WINDOWS\system32\smss.exe
1092 csrss.exe
1124 C:\WINDOWS\system32\winlogon.exe
1172 C:\WINDOWS\system32\services.exe
1188 C:\WINDOWS\system32\lsass.exe
1360 C:\WINDOWS\system32\ati2evxx.exe
1396 C:\WINDOWS\system32\svchost.exe
1496 svchost.exe
1624 C:\WINDOWS\system32\svchost.exe
1724 svchost.exe
1880 svchost.exe
2012 C:\WINDOWS\system32\ati2evxx.exe
188 C:\WINDOWS\system32\spoolsv.exe
536 C:\Program Files\AlienGUIse\wbload.exe
808 C:\WINDOWS\explorer.exe
996 C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
1004 C:\Program Files\Common Files\Java\Java Update\jusched.exe
1012 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
1032 C:\WINDOWS\RTHDCPL.exe
1420 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
1564 C:\Program Files\Java\jre6\bin\jqs.exe
1828 wdfmgr.exe
2252 C:\WINDOWS\system32\wuauclt.exe
3128 alg.exe
3764 C:\WINDOWS\system32\svchost.exe
1428 C:\Documents and Settings\Devlish\Desktop\MBRCheck (1).exe
\\.\C: --> \\.\PhysicalDrive3 at offset 0x00000000`00007e00 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\F: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)
\\.\H: --> \\.\PhysicalDrive2 at offset 0x00000000`007e0000 (NTFS)
PhysicalDrive3 Model Number: SAMSUNGHD501LJ, Rev: CR100-12
PhysicalDrive0 Model Number: Maxtor6Y160P0, Rev: YAR41BW0
PhysicalDrive1 Model Number: Maxtor6L200M0, Rev: BANC1G10
PhysicalDrive2 Model Number: Maxtor7B250S0, Rev: BANC1E00
Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive3 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
152 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 639AC5CDF8A5CF3245975932C6A4215450A7B98F
189 GB \\.\PhysicalDrive1 Legit MBR code detected
SHA1: 317A49A9E93F077F2D004734D2A7B6CA7E7B9495
233 GB \\.\PhysicalDrive2 Legit MBR code detected
SHA1: 317A49A9E93F077F2D004734D2A7B6CA7E7B9495
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Done!
-
ComboFix 10-08-11.02 - Devlish 08/11/2010 14:51:30.6.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1806 [GMT -4:00]
Running from: c:\documents and settings\Devlish\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Devlish\Desktop\CFScript.txt.txt
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
((((((((((((((((((((((((( Files Created from 2010-07-11 to 2010-08-11 )))))))))))))))))))))))))))))))
.
2010-08-08 19:08 . 2010-07-07 01:58 53248 ----a-w- c:\windows\system32\aticalrt.dll
2010-08-08 19:08 . 2010-07-07 01:58 53248 ----a-w- c:\windows\system32\aticalcl.dll
2010-08-08 19:08 . 2010-07-07 01:57 4337664 ----a-w- c:\windows\system32\aticaldd.dll
2010-08-08 19:08 . 2010-07-07 01:53 15499264 ----a-w- c:\windows\system32\atioglxx.dll
2010-08-08 19:08 . 2010-07-07 01:29 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-08-08 19:08 . 2010-07-07 01:24 184320 ----a-w- c:\windows\system32\atiadlxx.dll
2010-08-08 19:08 . 2010-07-07 01:15 65024 ----a-w- c:\windows\system32\atimpc32.dll
2010-08-08 19:08 . 2009-05-11 21:35 118784 ----a-w- c:\windows\system32\atibtmon.exe
2010-08-08 19:08 . 2010-08-08 19:09 -------- d-----w- c:\program files\ATI
2010-08-06 06:19 . 2010-08-06 06:19 503808 ----a-w- c:\documents and settings\Devlish\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5ee28c56-n\msvcp71.dll
2010-08-06 06:19 . 2010-08-06 06:19 499712 ----a-w- c:\documents and settings\Devlish\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5ee28c56-n\jmc.dll
2010-08-06 06:19 . 2010-08-06 06:19 348160 ----a-w- c:\documents and settings\Devlish\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5ee28c56-n\msvcr71.dll
2010-08-06 06:19 . 2010-08-06 06:19 61440 ----a-w- c:\documents and settings\Devlish\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-1b9d670e-n\decora-sse.dll
2010-08-06 06:19 . 2010-08-06 06:19 12800 ----a-w- c:\documents and settings\Devlish\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-1b9d670e-n\decora-d3d.dll
2010-07-29 20:43 . 2008-04-14 09:42 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-07-29 20:36 . 2008-04-14 09:42 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe
2010-07-29 20:35 . 2008-04-14 09:42 1384479 ----a-w- c:\windows\system32\msvbvm60.dll
2010-07-27 18:28 . 2010-07-27 18:28 388096 ----a-r- c:\documents and settings\Devlish\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-07-27 18:28 . 2010-07-27 18:28 -------- d-----w- c:\program files\Trend Micro
2010-07-27 12:21 . 2010-07-27 12:21 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-26 23:24 . 2010-07-27 00:41 -------- d-----w- c:\program files\World of Warcraft
2010-07-26 00:05 . 2010-07-26 00:05 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-26 00:05 . 2010-07-26 00:05 -------- d-----w- c:\program files\Java
2010-07-24 00:41 . 2010-07-24 00:41 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-07-24 00:37 . 2010-07-24 00:37 56458 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-07-24 00:37 . 2010-07-24 00:37 54174 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe
2010-07-24 00:37 . 2010-07-24 00:37 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
2010-07-24 00:37 . 2010-07-24 00:37 54128 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe
2010-07-24 00:37 . 2010-07-24 00:37 54644 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe
2010-07-24 00:37 . 2010-07-24 00:37 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
2010-07-24 00:37 . 2010-07-24 00:37 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe
2010-07-24 00:37 . 2010-07-24 00:37 52963 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-07-24 00:37 . 2010-07-24 00:37 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
2010-07-24 00:37 . 2010-07-24 00:37 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-07-24 00:37 . 2010-07-24 00:37 56969 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe
2010-07-24 00:34 . 2010-07-24 00:41 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-07-23 23:18 . 2010-07-23 23:18 932368 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\profiles-1-6.dll
2010-07-23 23:18 . 2010-07-23 23:18 678416 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\content_interpreter-1-1.dll
2010-07-23 23:18 . 2010-07-23 23:18 604688 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\gsg-3-9.dll
2010-07-23 23:18 . 2010-07-23 23:18 522768 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\database-1-5.dll
2010-07-23 23:18 . 2010-07-23 23:18 1096208 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\filtration-4-6.dll
2010-07-23 23:17 . 2010-07-23 23:17 80400 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\fssync.dll
2010-07-23 23:17 . 2010-07-23 23:17 397328 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\oeas.dll
2010-07-23 23:17 . 2010-07-23 23:17 315408 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\sys\i386\5.1\klif.sys
2010-07-23 23:17 . 2010-07-23 23:17 19472 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\kloehk.dll
2010-07-23 23:02 . 2010-07-23 23:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2010-07-23 17:53 . 2010-07-23 17:53 54016 ----a-w- c:\windows\system32\drivers\xkix.sys
2010-07-22 22:43 . 2010-07-22 22:43 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-07-22 22:38 . 2010-07-22 22:38 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-07-22 22:38 . 2010-07-22 22:39 -------- d-----w- c:\program files\Google
2010-07-22 21:43 . 2010-07-22 21:43 -------- d-----w- c:\program files\FileASSASSIN
2010-07-22 20:49 . 2010-07-22 20:49 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
2010-07-22 20:45 . 2010-07-22 20:45 1025992 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\SecurityScan_Release.exe
2010-07-22 19:37 . 2010-08-03 15:58 13104 ----a-w- c:\documents and settings\Devlish\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-22 19:36 . 2010-07-22 19:36 -------- d-----w- c:\documents and settings\Devlish\Local Settings\Application Data\Sunbelt Software
2010-07-21 21:52 . 2010-07-21 21:52 503808 ----a-w- c:\documents and settings\Devlish\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5f75f42e-n\msvcp71.dll
2010-07-21 21:52 . 2010-07-21 21:52 499712 ----a-w- c:\documents and settings\Devlish\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5f75f42e-n\jmc.dll
2010-07-21 21:52 . 2010-07-21 21:52 348160 ----a-w- c:\documents and settings\Devlish\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5f75f42e-n\msvcr71.dll
2010-07-21 21:52 . 2010-07-21 21:52 61440 ----a-w- c:\documents and settings\Devlish\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-2d409bec-n\decora-sse.dll
2010-07-21 21:52 . 2010-07-21 21:52 12800 ----a-w- c:\documents and settings\Devlish\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-2d409bec-n\decora-d3d.dll
2010-07-21 21:32 . 2010-07-28 19:37 -------- d-----w- c:\documents and settings\Devlish\Local Settings\Application Data\Temp
2010-07-21 21:32 . 2010-07-22 22:39 -------- d-----w- c:\documents and settings\Devlish\Local Settings\Application Data\Google
2010-07-21 19:51 . 2010-07-21 19:51 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2010-07-21 19:51 . 2010-07-21 19:51 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2010-07-21 19:50 . 2010-07-21 19:52 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-07-21 19:13 . 2010-07-21 19:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-07-21 19:13 . 2010-07-21 19:25 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-07-21 18:08 . 2010-07-23 18:41 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-07-21 14:56 . 2010-07-21 14:56 -------- d-s---w- c:\documents and settings\LocalService\UserData
2010-07-21 14:04 . 2008-04-14 04:06 37248 ----a-w- c:\windows\system32\drivers\isapnp.sys
2010-07-21 00:29 . 2010-07-21 00:29 -------- d-s---w- c:\documents and settings\NetworkService\UserData
2010-07-14 17:28 . 2010-07-14 17:28 -------- d-----w- c:\documents and settings\Devlish\Local Settings\Application Data\Fallout3
2010-07-14 17:23 . 2008-09-16 22:20 121064 ------r- c:\documents and settings\All Users\Application Data\Fallout3\setup.exe
2010-07-14 17:23 . 2010-07-14 17:23 -------- d-----w- c:\program files\Bethesda Softworks
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-11 13:28 . 2010-07-23 23:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2010-08-08 19:08 . 2008-02-05 13:43 -------- d-----w- c:\program files\ATI Technologies
2010-08-06 12:43 . 2009-08-04 20:57 -------- d-----w- c:\program files\Trillian
2010-07-29 19:59 . 2010-07-23 23:06 97549 ----a-w- c:\windows\system32\drivers\klick.dat
2010-07-29 19:59 . 2010-07-23 23:06 113933 ----a-w- c:\windows\system32\drivers\klin.dat
2010-07-27 18:43 . 2008-07-26 16:04 -------- d-----w- c:\program files\DivX
2010-07-27 00:41 . 2008-03-25 22:07 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-07-25 23:49 . 2008-04-01 18:36 -------- d-----w- c:\documents and settings\Devlish\Application Data\Orbit
2010-07-25 23:49 . 2008-02-07 01:18 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-07-25 23:47 . 2008-09-01 06:16 -------- d-----w- c:\program files\Common Files\Java
2010-07-24 05:25 . 2010-07-24 00:38 -------- d-----w- c:\documents and settings\Devlish\Application Data\DivX
2010-07-24 00:38 . 2010-07-24 00:38 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-07-24 00:38 . 2010-07-24 00:38 56997 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-07-24 00:38 . 2010-07-24 00:38 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-07-24 00:38 . 2010-07-24 00:38 57715 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-07-24 00:38 . 2010-07-24 00:38 84054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe
2010-07-24 00:38 . 2010-07-24 00:38 57054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe
2010-07-24 00:38 . 2010-07-24 00:38 54166 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe
2010-07-24 00:38 . 2010-07-24 00:38 57532 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe
2010-07-24 00:34 . 2010-07-24 00:38 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-07-24 00:34 . 2010-07-24 00:38 895256 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-07-23 23:17 . 2010-07-23 23:17 133648 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\mmpprtc.dll
2010-07-23 23:17 . 2010-07-23 23:17 109072 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\mzvkbd3.dll
2010-07-23 23:17 . 2010-07-23 23:17 397328 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\oeas.dll
2010-07-23 23:17 . 2010-07-23 23:17 133720 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\mmpprtc.dll
2010-07-23 23:17 . 2010-07-23 23:17 109072 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\mzvkbd3.dll
2010-07-23 23:17 . 2010-07-23 23:17 80400 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\fssync.dll
2010-07-23 23:17 . 2010-07-23 23:17 17936 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\kloehk.dll
2010-07-23 23:17 . 2010-07-23 23:17 315408 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\sys\i386\5.1\klif.sys
2010-07-23 23:05 . 2010-07-23 23:05 -------- d-----w- c:\program files\Kaspersky Lab
2010-07-23 23:03 . 2009-11-21 21:06 -------- d-----w- c:\program files\Lavasoft
2010-07-23 23:03 . 2009-11-21 21:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-07-22 21:55 . 2010-03-23 11:49 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-07-22 18:59 . 2010-03-31 12:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-21 21:07 . 2010-02-09 22:08 -------- d-----w- c:\documents and settings\Devlish\Application Data\Qunuze
2010-07-20 19:29 . 2009-09-03 12:36 -------- d-----w- c:\documents and settings\Devlish\Application Data\Irocka
2010-07-16 11:35 . 2009-06-27 17:12 -------- d-----w- c:\documents and settings\Devlish\Application Data\Edtuag
2010-07-14 17:23 . 2010-04-22 11:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Fallout3
2010-07-14 17:23 . 2008-02-05 13:34 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-07 19:19 . 2010-07-07 11:49 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2010-07-07 11:49 . 2010-07-07 11:48 -------- d-----w- c:\documents and settings\Devlish\Application Data\Logitech
2010-07-07 11:49 . 2010-07-07 11:49 -------- d-----w- c:\documents and settings\Devlish\Application Data\Leadertech
2010-07-07 11:49 . 2010-07-07 11:49 53248 ----a-r- c:\documents and settings\Devlish\Application Data\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2010-07-07 11:49 . 2010-07-07 11:48 -------- d-----w- c:\program files\Common Files\LogiShrd
2010-07-07 11:49 . 2010-07-07 11:49 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-07-07 11:48 . 2010-07-07 11:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Logishrd
2010-07-07 11:48 . 2008-05-28 14:47 -------- d-----w- c:\program files\Logitech
2010-07-07 11:48 . 2010-07-07 11:48 -------- d-----w- c:\documents and settings\Devlish\Application Data\Logishrd
2010-07-07 02:27 . 2007-06-15 01:58 5069312 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2010-07-07 01:50 . 2008-02-05 13:43 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2010-07-07 01:48 . 2008-02-05 13:43 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-07-07 01:47 . 2007-06-15 01:59 299520 ----a-w- c:\windows\system32\ati2dvag.dll
2010-07-07 01:41 . 2007-06-15 01:41 3869952 ----a-w- c:\windows\system32\ati3duag.dll
2010-07-07 01:33 . 2007-06-15 01:52 208896 ----a-w- c:\windows\system32\atipdlxx.dll
2010-07-07 01:32 . 2007-03-23 20:23 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2010-07-07 01:32 . 2007-06-15 01:51 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2010-07-07 01:32 . 2007-06-15 01:51 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-07-07 01:32 . 2007-06-15 01:51 159744 ----a-w- c:\windows\system32\ati2evxx.dll
2010-07-07 01:31 . 2007-06-15 01:50 602112 ----a-w- c:\windows\system32\ati2evxx.exe
2010-07-07 01:29 . 2007-06-15 01:49 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2010-07-07 01:28 . 2007-06-15 01:31 2273920 ----a-w- c:\windows\system32\ativvaxx.dll
2010-07-07 01:27 . 2008-02-05 13:43 887724 ----a-w- c:\windows\system32\ativva6x.dat
2010-07-07 01:27 . 2008-02-05 13:43 3 ----a-w- c:\windows\system32\ativva5x.dat
2010-07-07 01:25 . 2007-06-15 01:18 573440 ----a-w- c:\windows\system32\atikvmag.dll
2010-07-07 01:24 . 2007-06-15 01:14 393216 ----a-w- c:\windows\system32\atiok3x2.dll
2010-07-07 01:23 . 2007-06-15 01:17 17408 ----a-w- c:\windows\system32\atitvo32.dll
2010-07-07 01:19 . 2007-06-15 01:11 704512 ----a-w- c:\windows\system32\ati2cqag.dll
2010-07-07 01:15 . 2007-12-21 02:24 65024 ----a-w- c:\windows\system32\amdpcom32.dll
2010-07-07 01:15 . 2007-06-15 01:16 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-06-18 15:34 . 2010-06-18 15:34 -------- d-----w- c:\documents and settings\Devlish\Application Data\Moyea
2010-06-18 15:19 . 2010-06-18 15:19 766 ----a-r- c:\documents and settings\Devlish\Application Data\Microsoft\Installer\{7784A172-61F1-445E-8368-601607E0DD22}\_294823.exe
2010-06-18 15:19 . 2010-06-18 15:19 2238 ----a-r- c:\documents and settings\Devlish\Application Data\Microsoft\Installer\{7784A172-61F1-445E-8368-601607E0DD22}\_4ae13d6c.exe
2010-06-18 15:19 . 2010-06-18 15:19 1518 ----a-r- c:\documents and settings\Devlish\Application Data\Microsoft\Installer\{7784A172-61F1-445E-8368-601607E0DD22}\_69525f90.exe
2010-06-18 15:19 . 2010-06-18 15:19 1078 ----a-r- c:\documents and settings\Devlish\Application Data\Microsoft\Installer\{7784A172-61F1-445E-8368-601607E0DD22}\_2cd672ae.exe
2010-06-18 15:19 . 2010-06-18 15:19 1078 ----a-r- c:\documents and settings\Devlish\Application Data\Microsoft\Installer\{7784A172-61F1-445E-8368-601607E0DD22}\_18be6784.exe
2010-06-18 15:18 . 2010-06-18 15:18 -------- d-----w- c:\program files\MP3 Player Utilities 4.00
2010-06-15 17:50 . 2010-06-15 17:50 -------- d-----w- c:\program files\Multimedia Transcoding Tool
2010-06-15 17:49 . 2010-03-14 06:17 -------- d-----w- c:\documents and settings\Devlish\Application Data\Apple Computer
2010-06-15 17:47 . 2010-03-14 06:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-06-09 23:01 . 2010-07-24 00:38 126448 ------w- c:\windows\system32\pxinsi64.exe
2010-06-09 23:01 . 2010-07-24 00:38 123888 ------w- c:\windows\system32\pxcpyi64.exe
2010-06-09 23:01 . 2008-02-28 12:35 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys
2010-06-09 23:01 . 2008-02-28 12:35 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2010-06-09 23:01 . 2008-02-28 12:35 45648 ----a-w- c:\windows\system32\drivers\PxHelp20.sys
2010-06-09 23:01 . 2008-02-28 12:35 133616 ------w- c:\windows\system32\pxafs.dll
2010-06-08 18:29 . 2010-06-08 18:29 45828 ----a-w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment\Battle.net\Cache\Download\Scan.dll
2010-05-23 21:50 . 2010-06-25 02:17 73216 ----a-w- c:\documents and settings\Devlish\Application Data\Mozilla\Firefox\Profiles\sh4zei83.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll
.
((((((((((((((((((((((((((((( SnapShot_2010-08-09_12.54.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-08-11 06:12 . 2010-08-11 11:12 2452 c:\windows\SoftwareDistribution\EventCache\{DAEFADDE-70D0-484C-932A-1364EDDA36F1}.bin
+ 2010-08-10 00:11 . 2010-08-10 05:11 2452 c:\windows\SoftwareDistribution\EventCache\{68FA3993-BC10-4154-B94E-7EA43F0DEDED}.bin
+ 2010-08-10 10:11 . 2010-08-10 20:11 2452 c:\windows\SoftwareDistribution\EventCache\{624CDC06-7D9D-47D3-928A-0839CEAFCD40}.bin
+ 2010-08-09 14:11 . 2010-08-09 19:11 2452 c:\windows\SoftwareDistribution\EventCache\{4ADFAE11-2DBB-4B86-913E-7F30B88AE6F6}.bin
+ 2010-08-10 20:11 . 2010-08-11 01:12 2452 c:\windows\SoftwareDistribution\EventCache\{12DFAE96-73D1-48E1-B3A8-FF625AEEA7A6}.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"RTHDCPL"="RTHDCPL.EXE" [2007-09-19 16844800]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-05-06 09:29 64592 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-21 04:34 24576 ----a-w- c:\program files\AlienGUIse\fastload.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Devlish^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\Devlish\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 10:43 69632 ------r- c:\windows\Alcmtr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EvtMgr6]
2010-05-18 20:41 1311312 ----a-w- c:\program files\Logitech\SetPointP\SetPoint.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-07-21 21:32 136176 ----atw- c:\documents and settings\Devlish\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 15:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PVR Agent]
2005-04-13 15:46 751104 ----a-w- c:\program files\KWorld Multimedia\PVR Plus\TVR\Scheduled.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE]
2002-02-05 03:32 53248 ----a-w- c:\program files\REGSHAVE\Regshave.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-09-19 10:14 16844800 ------r- c:\windows\RTHDCPL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2006-11-10 17:35 90112 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 15:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\V0330Mon.exe]
2007-04-30 06:03 32768 ----a-w- c:\windows\V0330Mon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinDVR SchSvr]
2005-02-17 04:03 106496 ----a-w- c:\program files\Common Files\InterVideo\SchSvr\SchSvr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher]
2004-03-18 13:33 892928 ----a-w- c:\program files\Logitech\iTouch\iTouch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)
"RemoteRegistry"=2 (0x2)
"RDSessMgr"=3 (0x3)
"RasMan"=3 (0x3)
"RasAuto"=3 (0x3)
"helpsvc"=2 (0x2)
"ERSvc"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WOW PTR\\World of Warcraft Public Test\\WoW-0.2.0.10048-to-0.2.0.10072-enUS-downloader.exe"=
"c:\\WOW PTR\\World of Warcraft Public Test\\WoW-0.2.0.10072-to-0.2.0.10083-enUS-downloader.exe"=
"c:\\WOW PTR\\World of Warcraft Public Test\\wow-0.2.0.10083-to-0.2.0.10116-enUS-downloader.exe"=
"c:\\WOW PTR\\World of Warcraft Public Test\\WoW-0.2.0.10116-to-0.2.0.10128-enUS-downloader.exe"=
"c:\\WOW PTR\\World of Warcraft Public Test\\WoW-0.2.0.10128-to-0.2.0.10147-enUS-downloader.exe"=
"c:\\WOW PTR\\World of Warcraft Public Test\\WoW-0.2.0.10147-to-0.2.0.10170-enUS-downloader.exe"=
"c:\\WOW PTR\\World of Warcraft Public Test\\WoW-0.2.0.10170-to-0.2.0.10179-enUS-downloader.exe"=
"c:\\WOW PTR\\World of Warcraft Public Test\\WoW-0.2.2.10257-enUS-ptr-downloader.exe"=
"c:\\WOW PTR\\World of Warcraft Public Test\\WoW-0.2.2.10357-to-0.2.2.10371-enUS-ptr-downloader.exe"=
"c:\\WOW PTR\\World of Warcraft Public Test\\WoW-0.2.2.10371-to-0.2.2.10392-enUS-ptr-downloader.exe"=
"c:\\WOW PTR\\World of Warcraft Public Test\\WoW-0.2.2.10392-to-0.2.2.10433-enUS-ptr-downloader.exe"=
"c:\\WOW PTR\\World of Warcraft Public Test\\WoW-0.2.2.10433-to-0.2.2.10468-enUS-ptr-downloader.exe"=
"c:\\WOW PTR\\World of Warcraft Public Test\\WoW-0.3.0.10522-enUS-ptr-downloader.exe"=
"c:\\WOW PTR\\World of Warcraft Public Test\\WoW-0.3.0.10522-to-0.3.0.10554-enUS-ptr-downloader.exe"=
"c:\\WOW PTR\\World of Warcraft Public Test\\WoW-0.3.0.10554-to-0.3.0.10571-enUS-ptr-downloader.exe"=
"c:\\WOW PTR\\World of Warcraft Public Test\\WoW-0.3.0.10571-to-0.3.0.10596-enUS-ptr-downloader.exe"=
"c:\\Program Files\\Electronic Arts\\Armies of Exigo\\Exigo.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [10/14/2009 9:18 PM 36880]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [9/14/2009 2:42 PM 32272]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 CX88XBAR;KWorld PVR 883 Crossbar;c:\windows\system32\drivers\cx88xbar.sys [7/1/2008 9:42 AM 8960]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/22/2010 6:38 PM 136176]
S2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [7/7/2010 7:49 AM 10448]
S3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [7/21/2010 3:51 PM 30104]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [7/21/2010 3:51 PM 30104]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [10/2/2009 7:39 PM 19472]
S3 V0330VID;WebCam Vista/Live! Cam Chat;c:\windows\system32\drivers\V0330Vid.sys [2/22/2009 6:35 AM 157696]
S4 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [6/21/2008 9:13 AM 158720]
S4 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [6/21/2008 9:13 AM 5248]
.
Contents of the 'Scheduled Tasks' folder
2010-08-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-22 22:38]
2010-08-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-22 22:38]
2010-08-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-823518204-682003330-1003Core.job
- c:\documents and settings\Devlish\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-21 21:32]
2010-08-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-823518204-682003330-1003UA.job
- c:\documents and settings\Devlish\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-21 21:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.orbitdownloader.com
uInternet Settings,ProxyServer = http=127.0.0.1:5643
uInternet Settings,ProxyOverride = <local>
IE: Add to AMV Convert Tool... - c:\program files\MP3 Player Utilities 4.00\AMVConverter\grab.html
IE: Add to Media Manager... - c:\program files\MP3 Player Utilities 4.00\MediaManager\grab.html
FF - ProfilePath - c:\documents and settings\Devlish\Application Data\Mozilla\Firefox\Profiles\sh4zei83.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://thottbot.com/
FF - component: c:\documents and settings\Devlish\Application Data\Mozilla\Firefox\Profiles\sh4zei83.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\documents and settings\Devlish\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr
ef", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-11 14:58
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys >>UNKNOWN [0x8AACDA17]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf763bf28
\Driver\ACPI -> ACPI.sys @ 0xf75aecb8
\Driver\atapi -> atapi.sys @ 0xf74a0852
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->NDIS: Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xf7439bb0
PacketIndicateHandler -> NDIS.sys @ 0xf7446a21
SendHandler -> NDIS.sys @ 0xf742487b
user & kernel MBR OK
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-2000478354-823518204-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
[HKEY_USERS\S-1-5-21-2000478354-823518204-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*4%0*`%]
@Class="Shell"
[HKEY_USERS\S-1-5-21-2000478354-823518204-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*4%0*`%\OpenWithList]
@Class="Shell"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(940)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\AlienGUIse\fastload.dll
.
Completion time: 2010-08-11 14:59:41
ComboFix-quarantined-files.txt 2010-08-11 18:59
ComboFix2.txt 2010-08-06 13:15
Pre-Run: 225,798,160,384 bytes free
Post-Run: 225,782,312,960 bytes free
- - End Of File - - 6245933C40B261B25061ADA5A5353D6C
-
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
-
I was only able to make the redirects start twice over about 15 minutes of trying with different browsers / search engines. when the redirects started they didnt stop until i closed the browser (once in each)
redirects started in chrome and firefox. after they start showing up every search result turns into an addpage when clicked on until the browser is closed
-
I mean with your problem.
I was only able to make the redirects start twice over about 15 minutes of trying with different browsers / search engines. when the redirects started they didnt stop until i closed the browser (once in each)
-
Any change?
no. the program is still telling me one drive's mbr is faked and one is unkown. it doesnt seem to change either of them
-
ok.. got the program to run in safe mode as administrator (can't believe i remembered the password). i'm pretty sure you are going to want me to use it on drive 3 instead of 0. but i used it on 0 like you said.
thanks for sticking with me on this
MBRCheck, version 1.2.3
© 2010, AD
Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x000000fc
Kernel Drivers (total 100):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806FF000 \WINDOWS\system32\hal.dll
0x8AA91000 \WINDOWS\system32\KDCOM.DLL
0xF789B000 \WINDOWS\system32\BOOTVID.dll
0xF75A8000 ACPI.sys
0xF7987000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7597000 pci.sys
0xF75F7000 isapnp.sys
0xF7A4F000 pciide.sys
0xF7707000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7607000 MountMgr.sys
0xF74D8000 ftdisk.sys
0xF7989000 dmload.sys
0xF74B2000 dmio.sys
0xF770F000 PartMgr.sys
0xF7617000 VolSnap.sys
0xF749A000 atapi.sys
0xF7627000 disk.sys
0xF7637000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF747A000 fltmgr.sys
0xF7468000 sr.sys
0xF7647000 PxHelp20.sys
0xF7451000 KSecDD.sys
0xF7B52000 Ntfs.sys
0xF7424000 NDIS.sys
0xF740A000 Mup.sys
0xF7657000 klbg.sys
0xBA6DE000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF7767000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xBA6BA000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF776F000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF7687000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF791F000 \SystemRoot\system32\drivers\pfc.sys
0xF7697000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF76A7000 \SystemRoot\system32\DRIVERS\redbook.sys
0xBA697000 \SystemRoot\system32\DRIVERS\ks.sys
0xBA67E000 \SystemRoot\system32\DRIVERS\Rtenicxp.sys
0xF76B7000 \SystemRoot\system32\DRIVERS\klim5.sys
0xF76C7000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7933000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xBA667000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF76D7000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF76E7000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF779F000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xBA62E000 \SystemRoot\system32\DRIVERS\psched.sys
0xF76F7000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF77AF000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF77BF000 \SystemRoot\system32\DRIVERS\raspti.sys
0xBA5AE000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF7587000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF77CF000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF77D7000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7577000 \SystemRoot\system32\DRIVERS\VClone.sys
0xBA4F6000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0xF7991000 \SystemRoot\system32\DRIVERS\swenum.sys
0xBA498000 \SystemRoot\system32\DRIVERS\update.sys
0xBA7F8000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF7567000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF7557000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF799B000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF79A1000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7A8C000 \SystemRoot\System32\Drivers\Null.SYS
0xF79A5000 \SystemRoot\System32\Drivers\Beep.SYS
0xF775F000 \SystemRoot\System32\drivers\vga.sys
0xBA402000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0xF79A9000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF778F000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF77A7000 \SystemRoot\System32\Drivers\Npfs.SYS
0xBA48C000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xBA468000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF7547000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xBA5EE000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xBA3A7000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xBA34E000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xBA326000 \SystemRoot\system32\DRIVERS\netbt.sys
0xBA300000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xBA2DE000 \SystemRoot\System32\drivers\afd.sys
0xF7537000 \SystemRoot\system32\DRIVERS\netbios.sys
0xBA2B3000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xBA243000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF77DF000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xBA3CE000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xF7797000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
0xF7517000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
0xBA1D2000 \SystemRoot\System32\Drivers\wdf01000.sys
0xBA450000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xBA5E6000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
0xF74F7000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xBA142000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF79CF000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xBA424000 \SystemRoot\System32\drivers\Dxapi.sys
0xF77B7000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7A60000 \SystemRoot\System32\drivers\dxgthk.sys
0xBFF50000 \SystemRoot\System32\framebuf.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xB9E1A000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB9BA8000 \SystemRoot\system32\DRIVERS\srv.sys
0x7C900000 \WINDOWS\system32\ntdll.dll
Processes (total 15):
0 System Idle Process
4 System
868 C:\WINDOWS\system32\smss.exe
920 csrss.exe
944 C:\WINDOWS\system32\winlogon.exe
988 C:\WINDOWS\system32\services.exe
1000 C:\WINDOWS\system32\lsass.exe
1160 C:\WINDOWS\system32\svchost.exe
1248 svchost.exe
1460 C:\WINDOWS\system32\svchost.exe
1572 svchost.exe
1728 svchost.exe
504 C:\WINDOWS\explorer.exe
672 C:\WINDOWS\system32\notepad.exe
756 C:\Documents and Settings\Devlish\My Documents\Downloads\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive3 at offset 0x00000000`00007e00 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\F: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)
\\.\H: --> \\.\PhysicalDrive2 at offset 0x00000000`007e0000 (NTFS)
PhysicalDrive3 Model Number: SAMSUNGHD501LJ, Rev: CR100-12
PhysicalDrive0 Model Number: Maxtor6Y160P0, Rev: YAR41BW0
PhysicalDrive1 Model Number: Maxtor6L200M0, Rev: BANC1G10
PhysicalDrive2 Model Number: Maxtor7B250S0, Rev: BANC1E00
Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive3 MBR Code Faked!
SHA1: 3DD27C7EE9B2D8B2CB511843C79460E5DB3CA995
152 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 639AC5CDF8A5CF3245975932C6A4215450A7B98F
189 GB \\.\PhysicalDrive1 Legit MBR code detected
SHA1: 317A49A9E93F077F2D004734D2A7B6CA7E7B9495
233 GB \\.\PhysicalDrive2 Legit MBR code detected
SHA1: 317A49A9E93F077F2D004734D2A7B6CA7E7B9495
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
-
2010/08/09 11:06:23.0343 TDSS rootkit removing tool 2.4.1.0 Aug 4 2010 15:06:41
2010/08/09 11:06:23.0343 ================================================================================
2010/08/09 11:06:23.0343 SystemInfo:
2010/08/09 11:06:23.0343
2010/08/09 11:06:23.0343 OS Version: 5.1.2600 ServicePack: 3.0
2010/08/09 11:06:23.0343 Product type: Workstation
2010/08/09 11:06:23.0343 ComputerName: EXECUTER
2010/08/09 11:06:23.0343 UserName: Devlish
2010/08/09 11:06:23.0343 Windows directory: C:\WINDOWS
2010/08/09 11:06:23.0343 System windows directory: C:\WINDOWS
2010/08/09 11:06:23.0343 Processor architecture: Intel x86
2010/08/09 11:06:23.0343 Number of processors: 2
2010/08/09 11:06:23.0343 Page size: 0x1000
2010/08/09 11:06:23.0343 Boot type: Normal boot
2010/08/09 11:06:23.0343 ================================================================================
2010/08/09 11:06:23.0578 Initialize success
2010/08/09 11:06:27.0875 ================================================================================
2010/08/09 11:06:27.0875 Scan started
2010/08/09 11:06:27.0875 Mode: Manual;
2010/08/09 11:06:27.0875 ================================================================================
2010/08/09 11:06:28.0765 a347bus (61c7faa37417ca5bafa0490a49cc84d6) C:\WINDOWS\system32\DRIVERS\a347bus.sys
2010/08/09 11:06:28.0812 a347scsi (113e4b318bbaa7483ca4e582a4d63f49) C:\WINDOWS\System32\Drivers\a347scsi.sys
2010/08/09 11:06:28.0890 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/08/09 11:06:28.0921 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/08/09 11:06:29.0015 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/08/09 11:06:29.0093 AFD (322d0e36693d6e24a2398bee62a268cd) C:\WINDOWS\System32\drivers\afd.sys
2010/08/09 11:06:29.0203 ASPI32 (b979979ab8027f7f53fb16ec4229b7db) C:\WINDOWS\system32\drivers\ASPI32.sys
2010/08/09 11:06:29.0234 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/08/09 11:06:29.0281 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/08/09 11:06:29.0593 ati2mtag (1d99d1b43638e31ea5cf4a8fd199762b) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2010/08/09 11:06:29.0984 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/08/09 11:06:30.0093 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/08/09 11:06:30.0156 Avgfwdx (fa6336f05695e39995884d0c959c9608) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
2010/08/09 11:06:30.0156 Avgfwfd (fa6336f05695e39995884d0c959c9608) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
2010/08/09 11:06:30.0203 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/08/09 11:06:30.0250 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/08/09 11:06:30.0281 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/08/09 11:06:30.0328 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/08/09 11:06:30.0375 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/08/09 11:06:30.0437 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/08/09 11:06:30.0515 CX23880 (4738c943897f84a3fc33781b3d50affc) C:\WINDOWS\system32\drivers\cx88vid.sys
2010/08/09 11:06:30.0546 CX88XBAR (243cc69ad24dd71264188d9af1ff1958) C:\WINDOWS\system32\drivers\CX88XBAR.sys
2010/08/09 11:06:30.0609 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/08/09 11:06:30.0687 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/08/09 11:06:30.0765 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/08/09 11:06:30.0796 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/08/09 11:06:30.0828 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/08/09 11:06:30.0859 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/08/09 11:06:30.0890 ElbyCDIO (44996a2addd2db7454f2ca40b67d8941) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
2010/08/09 11:06:30.0937 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/08/09 11:06:30.0984 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/08/09 11:06:31.0015 FINEPIX_PCC (c05d16c1ef3f5519764fefdf281ca4d2) C:\WINDOWS\system32\Drivers\V4CB011D.SYS
2010/08/09 11:06:31.0046 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/08/09 11:06:31.0093 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/08/09 11:06:31.0156 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/08/09 11:06:31.0171 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/08/09 11:06:31.0234 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/08/09 11:06:31.0281 gdrv (b6bfec7542730e9a376bf2408423d493) C:\WINDOWS\gdrv.sys
2010/08/09 11:06:31.0296 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/08/09 11:06:31.0343 HdAudAddService (56bf27d7a539f9e6bbc1de201aba0edf) C:\WINDOWS\system32\drivers\AtiHdAud.sys
2010/08/09 11:06:31.0421 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/08/09 11:06:31.0468 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/08/09 11:06:31.0515 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/08/09 11:06:31.0578 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/08/09 11:06:31.0625 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/08/09 11:06:31.0796 IntcAzAudAddService (c282875880df189c64c465fc54a0150a) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2010/08/09 11:06:31.0875 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/08/09 11:06:31.0890 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/08/09 11:06:31.0937 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/08/09 11:06:31.0968 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/08/09 11:06:32.0031 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/08/09 11:06:32.0078 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/08/09 11:06:32.0093 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/08/09 11:06:32.0125 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/08/09 11:06:32.0156 itchfltr (8f1ba487b35f0c8f637e05113aa815f8) C:\WINDOWS\system32\Drivers\itchfltr.sys
2010/08/09 11:06:32.0203 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/08/09 11:06:32.0203 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/08/09 11:06:32.0281 kl1 (ce3958f58547454884e97bda78cd7040) C:\WINDOWS\system32\drivers\kl1.sys
2010/08/09 11:06:32.0296 klbg (53eedab3f0511321ac3ae8bc968b158c) C:\WINDOWS\system32\drivers\klbg.sys
2010/08/09 11:06:32.0375 KLIF (439c778700fce23f2852535d6fa5996d) C:\WINDOWS\system32\DRIVERS\klif.sys
2010/08/09 11:06:32.0421 klim5 (fbdc2034b58d2135d25fe99eb8b747c3) C:\WINDOWS\system32\DRIVERS\klim5.sys
2010/08/09 11:06:32.0453 klmouflt (1f351c4ba53bfe58a1ca5fcdd11e1f81) C:\WINDOWS\system32\DRIVERS\klmouflt.sys
2010/08/09 11:06:32.0484 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/08/09 11:06:32.0531 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/08/09 11:06:32.0562 LBeepKE (ca63fe81705ad660e482bef210bf2c73) C:\WINDOWS\system32\Drivers\LBeepKE.sys
2010/08/09 11:06:32.0609 LCcfltr (fb5e7a5c86c0b58aa155487b141b8457) C:\WINDOWS\system32\Drivers\LCcFltr.Sys
2010/08/09 11:06:32.0640 LHidFilt (b68309f25c5787385da842eb5b496958) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
2010/08/09 11:06:32.0671 LHidUsb (a8742865e15a57b426efcc5ff744d6d3) C:\WINDOWS\system32\Drivers\LHidUsb.Sys
2010/08/09 11:06:32.0687 LMouFilt (63d3b1d3cd267fcc186a0146b80d453b) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
2010/08/09 11:06:32.0718 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/08/09 11:06:32.0734 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/08/09 11:06:32.0765 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/08/09 11:06:32.0796 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/08/09 11:06:32.0843 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/08/09 11:06:32.0875 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/08/09 11:06:33.0031 MRxSmb (68755f0ff16070178b54674fe5b847b0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/08/09 11:06:33.0046 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/08/09 11:06:33.0062 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/08/09 11:06:33.0078 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/08/09 11:06:33.0109 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/08/09 11:06:33.0125 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/08/09 11:06:33.0171 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/08/09 11:06:33.0218 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/08/09 11:06:33.0250 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/08/09 11:06:33.0312 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/08/09 11:06:33.0328 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/08/09 11:06:33.0359 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/08/09 11:06:33.0390 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/08/09 11:06:33.0421 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/08/09 11:06:33.0437 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/08/09 11:06:33.0484 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/08/09 11:06:33.0546 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/08/09 11:06:33.0578 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/08/09 11:06:33.0640 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/08/09 11:06:33.0671 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/08/09 11:06:33.0703 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/08/09 11:06:33.0703 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/08/09 11:06:33.0750 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/08/09 11:06:33.0796 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/08/09 11:06:33.0812 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/08/09 11:06:33.0859 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/08/09 11:06:33.0890 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/08/09 11:06:33.0953 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/08/09 11:06:34.0046 pfc (da86016f0672ada925f589ede715f185) C:\WINDOWS\system32\drivers\pfc.sys
2010/08/09 11:06:34.0078 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/08/09 11:06:34.0093 PQNTDrv (4228630829c0e521c43d882a00533374) C:\WINDOWS\system32\drivers\PQNTDrv.sys
2010/08/09 11:06:34.0156 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/08/09 11:06:34.0171 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/08/09 11:06:34.0203 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/08/09 11:06:34.0281 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/08/09 11:06:34.0328 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/08/09 11:06:34.0343 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/08/09 11:06:34.0359 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/08/09 11:06:34.0406 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/08/09 11:06:34.0437 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/08/09 11:06:34.0484 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/08/09 11:06:34.0531 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/08/09 11:06:34.0578 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/08/09 11:06:34.0640 RTLE8023xp (36ada62330c31ad314e4a26b815fc485) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
2010/08/09 11:06:34.0687 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/08/09 11:06:34.0718 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/08/09 11:06:34.0781 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/08/09 11:06:34.0828 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/08/09 11:06:34.0859 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/08/09 11:06:34.0906 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/08/09 11:06:34.0984 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/08/09 11:06:35.0031 Srv (5252605079810904e31c332e241cd59b) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/08/09 11:06:35.0062 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/08/09 11:06:35.0078 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/08/09 11:06:35.0125 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/08/09 11:06:35.0187 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/08/09 11:06:35.0281 Tcpip (93ea8d04ec73a85db02eb8805988f733) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/08/09 11:06:35.0296 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/08/09 11:06:35.0312 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/08/09 11:06:35.0343 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/08/09 11:06:35.0421 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/08/09 11:06:35.0531 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/08/09 11:06:35.0578 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2010/08/09 11:06:35.0593 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/08/09 11:06:35.0625 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/08/09 11:06:35.0656 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/08/09 11:06:35.0671 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/08/09 11:06:35.0687 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/08/09 11:06:35.0734 V0330VID (c31d232a9ccbaa03da67504ec5c208ca) C:\WINDOWS\system32\DRIVERS\V0330Vid.sys
2010/08/09 11:06:35.0765 VClone (94d73b62e458fb56c9ce60aa96d914f9) C:\WINDOWS\system32\DRIVERS\VClone.sys
2010/08/09 11:06:35.0796 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/08/09 11:06:35.0843 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/08/09 11:06:35.0890 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/08/09 11:06:35.0937 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
2010/08/09 11:06:35.0968 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/08/09 11:06:36.0015 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/08/09 11:06:36.0046 ================================================================================
2010/08/09 11:06:36.0046 Scan finished
2010/08/09 11:06:36.0046 ================================================================================
2010/08/09 11:06:44.0859 Deinitialize success
-
when i run "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v
it comes up with an error and lists vaild line parameters and doesnt make a txt file
it will execute without the -v on the end
-
when i run "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v
it comes up with an error and lists vaild line parameters and doesnt make a txt file
-
ComboFix 10-08-08.02 - Devlish 08/09/2010 8:44.5.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1806 [GMT -4:00]
Running from: c:\documents and settings\Devlish\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Devlish\Desktop\CFScript.txt
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_ccoxdmgu
((((((((((((((((((((((((( Files Created from 2010-07-09 to 2010-08-09 )))))))))))))))))))))))))))))))
.
2010-08-08 19:08 . 2010-07-07 01:58 53248 ----a-w- c:\windows\system32\aticalrt.dll
2010-08-08 19:08 . 2010-07-07 01:58 53248 ----a-w- c:\windows\system32\aticalcl.dll
2010-08-08 19:08 . 2010-07-07 01:57 4337664 ----a-w- c:\windows\system32\aticaldd.dll
2010-08-08 19:08 . 2010-07-07 01:53 15499264 ----a-w- c:\windows\system32\atioglxx.dll
2010-08-08 19:08 . 2010-07-07 01:29 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-08-08 19:08 . 2010-07-07 01:24 184320 ----a-w- c:\windows\system32\atiadlxx.dll
2010-08-08 19:08 . 2010-07-07 01:15 65024 ----a-w- c:\windows\system32\atimpc32.dll
2010-08-08 19:08 . 2009-05-11 21:35 118784 ----a-w- c:\windows\system32\atibtmon.exe
2010-08-08 19:08 . 2010-08-08 19:09 -------- d-----w- c:\program files\ATI
2010-08-06 06:19 . 2010-08-06 06:19 503808 ----a-w- c:\documents and settings\Devlish\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5ee28c56-n\msvcp71.dll
2010-08-06 06:19 . 2010-08-06 06:19 499712 ----a-w- c:\documents and settings\Devlish\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5ee28c56-n\jmc.dll
2010-08-06 06:19 . 2010-08-06 06:19 348160 ----a-w- c:\documents and settings\Devlish\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5ee28c56-n\msvcr71.dll
2010-08-06 06:19 . 2010-08-06 06:19 61440 ----a-w- c:\documents and settings\Devlish\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-1b9d670e-n\decora-sse.dll
2010-08-06 06:19 . 2010-08-06 06:19 12800 ----a-w- c:\documents and settings\Devlish\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-1b9d670e-n\decora-d3d.dll
2010-07-29 20:43 . 2008-04-14 09:42 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-07-29 20:36 . 2008-04-14 09:42 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe
2010-07-29 20:35 . 2008-04-14 09:42 1384479 ----a-w- c:\windows\system32\msvbvm60.dll
2010-07-27 18:28 . 2010-07-27 18:28 388096 ----a-r- c:\documents and settings\Devlish\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-07-27 18:28 . 2010-07-27 18:28 -------- d-----w- c:\program files\Trend Micro
2010-07-27 12:21 . 2010-07-27 12:21 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-26 23:24 . 2010-07-27 00:41 -------- d-----w- c:\program files\World of Warcraft
2010-07-26 00:05 . 2010-07-26 00:05 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-26 00:05 . 2010-07-26 00:05 -------- d-----w- c:\program files\Java
2010-07-24 00:41 . 2010-07-24 00:41 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-07-24 00:37 . 2010-07-24 00:37 56458 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-07-24 00:37 . 2010-07-24 00:37 54174 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe
2010-07-24 00:37 . 2010-07-24 00:37 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
2010-07-24 00:37 . 2010-07-24 00:37 54128 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe
2010-07-24 00:37 . 2010-07-24 00:37 54644 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe
2010-07-24 00:37 . 2010-07-24 00:37 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
2010-07-24 00:37 . 2010-07-24 00:37 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe
2010-07-24 00:37 . 2010-07-24 00:37 52963 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-07-24 00:37 . 2010-07-24 00:37 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
2010-07-24 00:37 . 2010-07-24 00:37 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-07-24 00:37 . 2010-07-24 00:37 56969 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe
2010-07-24 00:34 . 2010-07-24 00:41 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-07-23 23:18 . 2010-07-23 23:18 932368 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\profiles-1-6.dll
2010-07-23 23:18 . 2010-07-23 23:18 678416 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\content_interpreter-1-1.dll
2010-07-23 23:18 . 2010-07-23 23:18 604688 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\gsg-3-9.dll
2010-07-23 23:18 . 2010-07-23 23:18 522768 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\database-1-5.dll
2010-07-23 23:18 . 2010-07-23 23:18 1096208 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\filtration-4-6.dll
2010-07-23 23:17 . 2010-07-23 23:17 80400 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\fssync.dll
2010-07-23 23:17 . 2010-07-23 23:17 397328 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\oeas.dll
2010-07-23 23:17 . 2010-07-23 23:17 315408 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\sys\i386\5.1\klif.sys
2010-07-23 23:17 . 2010-07-23 23:17 19472 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\kloehk.dll
2010-07-23 23:02 . 2010-07-23 23:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2010-07-23 17:53 . 2010-07-23 17:53 54016 ----a-w- c:\windows\system32\drivers\xkix.sys
2010-07-22 22:43 . 2010-07-22 22:43 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-07-22 22:38 . 2010-07-22 22:38 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-07-22 22:38 . 2010-07-22 22:39 -------- d-----w- c:\program files\Google
2010-07-22 21:43 . 2010-07-22 21:43 -------- d-----w- c:\program files\FileASSASSIN
2010-07-22 20:49 . 2010-07-22 20:49 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
2010-07-22 20:45 . 2010-07-22 20:45 1025992 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\SecurityScan_Release.exe
2010-07-22 19:37 . 2010-08-03 15:58 13104 ----a-w- c:\documents and settings\Devlish\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-22 19:36 . 2010-07-22 19:36 -------- d-----w- c:\documents and settings\Devlish\Local Settings\Application Data\Sunbelt Software
2010-07-21 21:52 . 2010-07-21 21:52 503808 ----a-w- c:\documents and settings\Devlish\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5f75f42e-n\msvcp71.dll
2010-07-21 21:52 . 2010-07-21 21:52 499712 ----a-w- c:\documents and settings\Devlish\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5f75f42e-n\jmc.dll
2010-07-21 21:52 . 2010-07-21 21:52 348160 ----a-w- c:\documents and settings\Devlish\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5f75f42e-n\msvcr71.dll
2010-07-21 21:52 . 2010-07-21 21:52 61440 ----a-w- c:\documents and settings\Devlish\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-2d409bec-n\decora-sse.dll
2010-07-21 21:52 . 2010-07-21 21:52 12800 ----a-w- c:\documents and settings\Devlish\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-2d409bec-n\decora-d3d.dll
2010-07-21 21:32 . 2010-07-28 19:37 -------- d-----w- c:\documents and settings\Devlish\Local Settings\Application Data\Temp
2010-07-21 21:32 . 2010-07-22 22:39 -------- d-----w- c:\documents and settings\Devlish\Local Settings\Application Data\Google
2010-07-21 19:51 . 2010-07-21 19:51 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2010-07-21 19:51 . 2010-07-21 19:51 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2010-07-21 19:50 . 2010-07-21 19:52 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-07-21 19:13 . 2010-07-21 19:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-07-21 19:13 . 2010-07-21 19:25 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-07-21 18:08 . 2010-07-23 18:41 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-07-21 14:56 . 2010-07-21 14:56 -------- d-s---w- c:\documents and settings\LocalService\UserData
2010-07-21 14:04 . 2008-04-14 04:06 37248 ----a-w- c:\windows\system32\drivers\isapnp.sys
2010-07-21 00:29 . 2010-07-21 00:29 -------- d-s---w- c:\documents and settings\NetworkService\UserData
2010-07-14 17:28 . 2010-07-14 17:28 -------- d-----w- c:\documents and settings\Devlish\Local Settings\Application Data\Fallout3
2010-07-14 17:23 . 2008-09-16 22:20 121064 ------r- c:\documents and settings\All Users\Application Data\Fallout3\setup.exe
2010-07-14 17:23 . 2010-07-14 17:23 -------- d-----w- c:\program files\Bethesda Softworks
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-08 19:13 . 2010-07-23 23:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2010-08-08 19:08 . 2008-02-05 13:43 -------- d-----w- c:\program files\ATI Technologies
2010-08-06 12:43 . 2009-08-04 20:57 -------- d-----w- c:\program files\Trillian
2010-07-29 19:59 . 2010-07-23 23:06 97549 ----a-w- c:\windows\system32\drivers\klick.dat
2010-07-29 19:59 . 2010-07-23 23:06 113933 ----a-w- c:\windows\system32\drivers\klin.dat
2010-07-27 18:43 . 2008-07-26 16:04 -------- d-----w- c:\program files\DivX
2010-07-27 00:41 . 2008-03-25 22:07 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-07-25 23:49 . 2008-04-01 18:36 -------- d-----w- c:\documents and settings\Devlish\Application Data\Orbit
2010-07-25 23:49 . 2008-02-07 01:18 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-07-25 23:47 . 2008-09-01 06:16 -------- d-----w- c:\program files\Common Files\Java
2010-07-24 05:25 . 2010-07-24 00:38 -------- d-----w- c:\documents and settings\Devlish\Application Data\DivX
2010-07-24 00:38 . 2010-07-24 00:38 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-07-24 00:38 . 2010-07-24 00:38 56997 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-07-24 00:38 . 2010-07-24 00:38 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-07-24 00:38 . 2010-07-24 00:38 57715 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-07-24 00:38 . 2010-07-24 00:38 84054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe
2010-07-24 00:38 . 2010-07-24 00:38 57054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe
2010-07-24 00:38 . 2010-07-24 00:38 54166 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe
2010-07-24 00:38 . 2010-07-24 00:38 57532 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe
2010-07-24 00:34 . 2010-07-24 00:38 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-07-24 00:34 . 2010-07-24 00:38 895256 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-07-23 23:17 . 2010-07-23 23:17 133648 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\mmpprtc.dll
2010-07-23 23:17 . 2010-07-23 23:17 109072 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\mzvkbd3.dll
2010-07-23 23:17 . 2010-07-23 23:17 397328 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\oeas.dll
2010-07-23 23:17 . 2010-07-23 23:17 133720 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\mmpprtc.dll
2010-07-23 23:17 . 2010-07-23 23:17 109072 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\mzvkbd3.dll
2010-07-23 23:17 . 2010-07-23 23:17 80400 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\fssync.dll
2010-07-23 23:17 . 2010-07-23 23:17 17936 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\kloehk.dll
2010-07-23 23:17 . 2010-07-23 23:17 315408 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\sys\i386\5.1\klif.sys
2010-07-23 23:05 . 2010-07-23 23:05 -------- d-----w- c:\program files\Kaspersky Lab
2010-07-23 23:03 . 2009-11-21 21:06 -------- d-----w- c:\program files\Lavasoft
2010-07-23 23:03 . 2009-11-21 21:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-07-22 21:55 . 2010-03-23 11:49 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-07-22 18:59 . 2010-03-31 12:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-21 21:07 . 2010-02-09 22:08 -------- d-----w- c:\documents and settings\Devlish\Application Data\Qunuze
2010-07-20 19:29 . 2009-09-03 12:36 -------- d-----w- c:\documents and settings\Devlish\Application Data\Irocka
2010-07-16 11:35 . 2009-06-27 17:12 -------- d-----w- c:\documents and settings\Devlish\Application Data\Edtuag
2010-07-14 17:23 . 2010-04-22 11:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Fallout3
2010-07-14 17:23 . 2008-02-05 13:34 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-07 19:19 . 2010-07-07 11:49 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2010-07-07 11:49 . 2010-07-07 11:48 -------- d-----w- c:\documents and settings\Devlish\Application Data\Logitech
2010-07-07 11:49 . 2010-07-07 11:49 -------- d-----w- c:\documents and settings\Devlish\Application Data\Leadertech
2010-07-07 11:49 . 2010-07-07 11:49 53248 ----a-r- c:\documents and settings\Devlish\Application Data\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2010-07-07 11:49 . 2010-07-07 11:48 -------- d-----w- c:\program files\Common Files\LogiShrd
2010-07-07 11:49 . 2010-07-07 11:49 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-07-07 11:48 . 2010-07-07 11:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Logishrd
2010-07-07 11:48 . 2008-05-28 14:47 -------- d-----w- c:\program files\Logitech
2010-07-07 11:48 . 2010-07-07 11:48 -------- d-----w- c:\documents and settings\Devlish\Application Data\Logishrd
2010-07-07 02:27 . 2007-06-15 01:58 5069312 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2010-07-07 01:50 . 2008-02-05 13:43 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2010-07-07 01:48 . 2008-02-05 13:43 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-07-07 01:47 . 2007-06-15 01:59 299520 ----a-w- c:\windows\system32\ati2dvag.dll
2010-07-07 01:41 . 2007-06-15 01:41 3869952 ----a-w- c:\windows\system32\ati3duag.dll
2010-07-07 01:33 . 2007-06-15 01:52 208896 ----a-w- c:\windows\system32\atipdlxx.dll
2010-07-07 01:32 . 2007-03-23 20:23 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2010-07-07 01:32 . 2007-06-15 01:51 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2010-07-07 01:32 . 2007-06-15 01:51 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-07-07 01:32 . 2007-06-15 01:51 159744 ----a-w- c:\windows\system32\ati2evxx.dll
2010-07-07 01:31 . 2007-06-15 01:50 602112 ----a-w- c:\windows\system32\ati2evxx.exe
2010-07-07 01:29 . 2007-06-15 01:49 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2010-07-07 01:28 . 2007-06-15 01:31 2273920 ----a-w- c:\windows\system32\ativvaxx.dll
2010-07-07 01:27 . 2008-02-05 13:43 887724 ----a-w- c:\windows\system32\ativva6x.dat
2010-07-07 01:27 . 2008-02-05 13:43 3 ----a-w- c:\windows\system32\ativva5x.dat
2010-07-07 01:25 . 2007-06-15 01:18 573440 ----a-w- c:\windows\system32\atikvmag.dll
2010-07-07 01:24 . 2007-06-15 01:14 393216 ----a-w- c:\windows\system32\atiok3x2.dll
2010-07-07 01:23 . 2007-06-15 01:17 17408 ----a-w- c:\windows\system32\atitvo32.dll
2010-07-07 01:19 . 2007-06-15 01:11 704512 ----a-w- c:\windows\system32\ati2cqag.dll
2010-07-07 01:15 . 2007-12-21 02:24 65024 ----a-w- c:\windows\system32\amdpcom32.dll
2010-07-07 01:15 . 2007-06-15 01:16 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-06-18 15:34 . 2010-06-18 15:34 -------- d-----w- c:\documents and settings\Devlish\Application Data\Moyea
2010-06-18 15:19 . 2010-06-18 15:19 766 ----a-r- c:\documents and settings\Devlish\Application Data\Microsoft\Installer\{7784A172-61F1-445E-8368-601607E0DD22}\_294823.exe
2010-06-18 15:19 . 2010-06-18 15:19 2238 ----a-r- c:\documents and settings\Devlish\Application Data\Microsoft\Installer\{7784A172-61F1-445E-8368-601607E0DD22}\_4ae13d6c.exe
2010-06-18 15:19 . 2010-06-18 15:19 1518 ----a-r- c:\documents and settings\Devlish\Application Data\Microsoft\Installer\{7784A172-61F1-445E-8368-601607E0DD22}\_69525f90.exe
2010-06-18 15:19 . 2010-06-18 15:19 1078 ----a-r- c:\documents and settings\Devlish\Application Data\Microsoft\Installer\{7784A172-61F1-445E-8368-601607E0DD22}\_2cd672ae.exe
2010-06-18 15:19 . 2010-06-18 15:19 1078 ----a-r- c:\documents and settings\Devlish\Application Data\Microsoft\Installer\{7784A172-61F1-445E-8368-601607E0DD22}\_18be6784.exe
2010-06-18 15:18 . 2010-06-18 15:18 -------- d-----w- c:\program files\MP3 Player Utilities 4.00
2010-06-15 17:50 . 2010-06-15 17:50 -------- d-----w- c:\program files\Multimedia Transcoding Tool
2010-06-15 17:49 . 2010-03-14 06:17 -------- d-----w- c:\documents and settings\Devlish\Application Data\Apple Computer
2010-06-15 17:47 . 2010-03-14 06:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-06-09 23:01 . 2010-07-24 00:38 126448 ------w- c:\windows\system32\pxinsi64.exe
2010-06-09 23:01 . 2010-07-24 00:38 123888 ------w- c:\windows\system32\pxcpyi64.exe
2010-06-09 23:01 . 2008-02-28 12:35 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys
2010-06-09 23:01 . 2008-02-28 12:35 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2010-06-09 23:01 . 2008-02-28 12:35 45648 ----a-w- c:\windows\system32\drivers\PxHelp20.sys
2010-06-09 23:01 . 2008-02-28 12:35 133616 ------w- c:\windows\system32\pxafs.dll
2010-06-08 18:29 . 2010-06-08 18:29 45828 ----a-w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment\Battle.net\Cache\Download\Scan.dll
2010-05-23 21:50 . 2010-06-25 02:17 73216 ----a-w- c:\documents and settings\Devlish\Application Data\Mozilla\Firefox\Profiles\sh4zei83.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll
2010-05-11 20:42 . 2008-02-05 13:43 205156 ----a-w- c:\windows\system32\atiicdxx.dat
.
((((((((((((((((((((((((((((( SnapShot@2010-08-06_13.05.41 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-12 04:02 . 2009-07-12 04:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
+ 2009-07-12 04:05 . 2009-07-12 04:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
+ 2009-07-12 04:05 . 2009-07-12 04:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
+ 2010-08-08 19:08 . 2010-07-07 01:32 81083 c:\windows\system32\DRVSTORE\CX102491_447EBC2BF3945AA24FFCBAC34BDAEA08E20EA545\B102427\oemdspif.dll
+ 2010-08-08 19:08 . 2001-11-09 15:01 12614 c:\windows\system32\DRVSTORE\CX102491_447EBC2BF3945AA24FFCBAC34BDAEA08E20EA545\B102427\ativcoxx.dll
+ 2010-08-08 19:08 . 2009-02-18 17:55 81447 c:\windows\system32\DRVSTORE\CX102491_447EBC2BF3945AA24FFCBAC34BDAEA08E20EA545\B102427\atiode.exe
+ 2010-08-08 19:08 . 2009-02-03 20:52 25093 c:\windows\system32\DRVSTORE\CX102491_447EBC2BF3945AA24FFCBAC34BDAEA08E20EA545\B102427\atiodcli.exe
+ 2010-08-08 19:08 . 2010-07-07 01:15 41477 c:\windows\system32\DRVSTORE\CX102491_447EBC2BF3945AA24FFCBAC34BDAEA08E20EA545\B102427\atimpc32.dll
+ 2010-08-08 19:08 . 2010-07-07 01:29 28700 c:\windows\system32\DRVSTORE\CX102491_447EBC2BF3945AA24FFCBAC34BDAEA08E20EA545\B102427\atiddc.dll
+ 2010-08-08 19:08 . 2010-07-07 01:58 29394 c:\windows\system32\DRVSTORE\CX102491_447EBC2BF3945AA24FFCBAC34BDAEA08E20EA545\B102427\aticalrt.dll
+ 2010-08-08 19:08 . 2010-07-07 01:58 28972 c:\windows\system32\DRVSTORE\CX102491_447EBC2BF3945AA24FFCBAC34BDAEA08E20EA545\B102427\aticalcl.dll
+ 2010-08-08 19:08 . 2009-05-11 21:35 71662 c:\windows\system32\DRVSTORE\CX102491_447EBC2BF3945AA24FFCBAC34BDAEA08E20EA545\B102427\atibtmon.exe
+ 2010-08-08 19:08 . 2010-07-07 01:29 54492 c:\windows\system32\DRVSTORE\CX102491_447EBC2BF3945AA24FFCBAC34BDAEA08E20EA545\B102427\atiapfxx.exe
+ 2010-08-08 19:08 . 2010-07-07 01:32 16309 c:\windows\system32\DRVSTORE\CX102491_447EBC2BF3945AA24FFCBAC34BDAEA08E20EA545\B102427\ati2mdxx.exe
+ 2010-08-08 19:08 . 2010-07-07 01:32 80978 c:\windows\system32\DRVSTORE\CX102491_447EBC2BF3945AA24FFCBAC34BDAEA08E20EA545\B102427\ati2evxx.dll
+ 2010-08-08 19:08 . 2010-07-07 01:15 13650 c:\windows\system32\DRVSTORE\CX102491_447EBC2BF3945AA24FFCBAC34BDAEA08E20EA545\B102427\ati2erec.dll
+ 2010-08-08 19:08 . 2010-07-07 01:32 28844 c:\windows\system32\DRVSTORE\CX102491_447EBC2BF3945AA24FFCBAC34BDAEA08E20EA545\B102427\ati2edxx.dll
+ 2007-06-02 02:25 . 2009-02-03 20:52 45056 c:\windows\system32\ATIODCLI.exe
+ 2010-08-08 19:08 . 2010-08-08 19:08 77542 c:\windows\Installer\{C2274248-9536-B9E2-0886-84BF1F292219}\NewShortcut5_4DEA5338A7B840A3B51CDC742625BF49.exe
+ 2010-08-08 19:08 . 2010-08-08 19:08 77542 c:\windows\Installer\{C2274248-9536-B9E2-0886-84BF1F292219}\NewShortcut4_4DEA5338A7B840A3B51CDC742625BF49.exe
+ 2010-08-08 19:08 . 2010-08-08 19:08 77542 c:\windows\Installer\{C2274248-9536-B9E2-0886-84BF1F292219}\NewShortcut3_4DEA5338A7B840A3B51CDC742625BF49.exe
+ 2010-08-08 19:08 . 2010-08-08 19:08 77542 c:\windows\Installer\{C2274248-9536-B9E2-0886-84BF1F292219}\NewShortcut2_4DEA5338A7B840A3B51CDC742625BF49.exe
+ 2010-08-08 19:08 . 2010-08-08 19:08 77542 c:\windows\Installer\{C2274248-9536-B9E2-0886-84BF1F292219}\ARPPRODUCTICON.exe
+ 2010-08-08 19:08 . 2010-07-07 01:23 8348 c:\windows\system32\DRVSTORE\CX102491_447EBC2BF3945AA24FFCBAC34BDAEA08E20EA545\B102427\atitvo32.dll
+ 2010-08-06 16:09 . 2010-08-06 21:09 2452 c:\windows\SoftwareDistribution\EventCache\{FF422914-4A2D-490F-8D65-5C006FADDF2C}.bin
+ 2010-08-08 18:10 . 2010-08-09 04:10 2452 c:\windows\SoftwareDistribution\EventCache\{D4923E76-6FE8-49F2-A505-B493EDFF4512}.bin
+ 2010-08-07 22:10 . 2010-08-08 03:10 2452 c:\windows\SoftwareDistribution\EventCache\{B6481392-2CB8-41F0-992A-7B4A0A96BF55}.bin
+ 2010-08-07 02:09 . 2010-08-07 07:09 2452 c:\windows\SoftwareDistribution\EventCache\{82EEB085-EE01-4654-8357-7F206243F684}.bin
+ 2010-08-07 12:09 . 2010-08-07 17:09 2452 c:\windows\SoftwareDistribution\EventCache\{79756F80-A60F-463B-95C7-23A199F2F22B}.bin
+ 2010-08-08 08:10 . 2010-08-08 13:10 2452 c:\windows\SoftwareDistribution\EventCache\{4648F413-8141-4B45-9277-FBFBD1B0F166}.bin
+ 2010-08-09 04:10 . 2010-08-09 09:10 2452 c:\windows\SoftwareDistribution\EventCache\{0268B84F-C11F-40EF-ADF6-9C15D6D7650F}.bin
+ 2009-07-12 04:02 . 2009-07-12 04:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
+ 2009-07-12 04:05 . 2009-07-12 04:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
+ 2010-08-08 19:08 . 2010-07-07 01:27 887724 c:\windows\system32\DRVSTORE\CX102491_447EBC2BF3945AA24FFCBAC34BDAEA08E20EA545\B102427\ativva6x.dat
+ 2010-08-08 19:08 . 2010-07-07 01:33 109092 c:\windows\system32\DRVSTORE\CX102491_447EBC2BF3945AA24FFCBAC34BDAEA08E20EA545\B102427\atipdlxx.dll
+ 2010-08-08 19:08 . 2010-07-07 01:24 194349 c:\windows\system32\DRVSTORE\CX102491_447EBC2BF3945AA24FFCBAC34BDAEA08E20EA545\B102427\atiok3x2.dll
+ 2010-08-08 19:08 . 2010-07-07 01:25 306873 c:\windows\system32\DRVSTORE\CX102491_447EBC2BF3945AA24FFCBAC34BDAEA08E20EA545\B102427\atikvmag.dll
+ 2010-08-08 19:08 . 2010-07-07 01:50 311296 c:\windows\system32\DRVSTORE\CX102491_447EBC2BF3945AA24FFCBAC34BDAEA08E20EA545\B102427\atiiiexx.dll
+ 2010-08-08 19:08 . 2010-05-11 20:42 205156 c:\windows\system32\DRVSTORE\CX102491_447EBC2BF3945AA24FFCBAC34BDAEA08E20EA545\B102427\atiicdxx.dat
+ 2010-08-08 19:08 . 2010-07-07 01:48 446464 c:\windows\system32\DRVSTORE\CX102491_447EBC2BF3945AA24FFCBAC34BDAEA08E20EA545\B102427\atidemgx.dll
+ 2010-08-08 19:08 . 2010-07-07 01:24 101570 c:\windows\system32\DRVSTORE\CX102491_447EBC2BF3945AA24FFCBAC34BDAEA08E20EA545\B102427\atiadlxx.dll
+ 2010-08-08 19:08 . 2010-07-07 01:31 317754 c:\windows\system32\DRVSTORE\CX102491_447EBC2BF3945AA24FFCBAC34BDAEA08E20EA545\B102427\ati2evxx.exe
+ 2010-08-08 19:08 . 2010-07-07 01:47 188030 c:\windows\system32\DRVSTORE\CX102491_447EBC2BF3945AA24FFCBAC34BDAEA08E20EA545\B102427\ati2dvag.dll
+ 2010-08-08 19:08 . 2010-07-07 01:19 362057 c:\windows\system32\DRVSTORE\CX102491_447EBC2BF3945AA24FFCBAC34BDAEA08E20EA545\B102427\ati2cqag.dll
+ 2007-06-02 02:26 . 2009-02-18 17:55 294912 c:\windows\system32\ATIODE.exe
+ 2010-08-08 19:09 . 2010-08-08 19:09 718336 c:\windows\Installer\b9ada9c.msi
+ 2010-08-08 19:08 . 2010-08-08 19:08 219648 c:\windows\Installer\b9ada8b.msi
+ 2010-08-08 19:09 . 2010-08-08 19:09 238223 c:\windows\Installer\{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}\ARPPRODUCTICON.exe
+ 2009-07-12 04:02 . 2009-07-12 04:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
+ 2010-08-08 19:08 . 2010-07-07 01:28 1104942 c:\windows\system32\DRVSTORE\CX102491_447EBC2BF3945AA24FFCBAC34BDAEA08E20EA545\B102427\ativvaxx.dll
+ 2010-08-08 19:08 . 2010-07-07 01:53 6723831 c:\windows\system32\DRVSTORE\CX102491_447EBC2BF3945AA24FFCBAC34BDAEA08E20EA545\B102427\atioglxx.dll
+ 2010-08-08 19:08 . 2010-07-07 01:57 2055374 c:\windows\system32\DRVSTORE\CX102491_447EBC2BF3945AA24FFCBAC34BDAEA08E20EA545\B102427\aticaldd.dll
+ 2010-08-08 19:08 . 2010-07-07 01:41 2043007 c:\windows\system32\DRVSTORE\CX102491_447EBC2BF3945AA24FFCBAC34BDAEA08E20EA545\B102427\ati3duag.dll
+ 2010-08-08 19:08 . 2010-07-07 02:27 3379320 c:\windows\system32\DRVSTORE\CX102491_447EBC2BF3945AA24FFCBAC34BDAEA08E20EA545\B102427\ati2mtag.sys
+ 2007-06-15 01:58 . 2010-07-07 02:27 5069312 c:\windows\system32\dllcache\ati2mtag.sys
+ 2010-08-08 19:08 . 2010-08-08 19:08 1597440 c:\windows\Installer\b9ada94.msi
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"RTHDCPL"="RTHDCPL.EXE" [2007-09-19 16844800]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-05-06 09:29 64592 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-21 04:34 24576 ----a-w- c:\program files\AlienGUIse\fastload.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Devlish^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\Devlish\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 10:43 69632 ------r- c:\windows\Alcmtr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EvtMgr6]
2010-05-18 20:41 1311312 ----a-w- c:\program files\Logitech\SetPointP\SetPoint.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-07-21 21:32 136176 ----atw- c:\documents and settings\Devlish\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 15:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PVR Agent]
2005-04-13 15:46 751104 ----a-w- c:\program files\KWorld Multimedia\PVR Plus\TVR\Scheduled.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE]
2002-02-05 03:32 53248 ----a-w- c:\program files\REGSHAVE\Regshave.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-09-19 10:14 16844800 ------r- c:\windows\RTHDCPL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2006-11-10 17:35 90112 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 15:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\V0330Mon.exe]
2007-04-30 06:03 32768 ----a-w- c:\windows\V0330Mon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinDVR SchSvr]
2005-02-17 04:03 106496 ----a-w- c:\program files\Common Files\InterVideo\SchSvr\SchSvr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher]
2004-03-18 13:33 892928 ----a-w- c:\program files\Logitech\iTouch\iTouch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)
"RemoteRegistry"=2 (0x2)
"RDSessMgr"=3 (0x3)
"RasMan"=3 (0x3)
"RasAuto"=3 (0x3)
"helpsvc"=2 (0x2)
"ERSvc"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WOW PTR\\World of Warcraft Public Test\\WoW-0.2.0.10048-to-0.2.0.10072-enUS-downloader.exe"=
"c:\\WOW PTR\\World of Warcraft Public Test\\WoW-0.2.0.10072-to-0.2.0.10083-enUS-downloader.exe"=
"c:\\WOW PTR\\World of Warcraft Public Test\\wow-0.2.0.10083-to-0.2.0.10116-enUS-downloader.exe"=
"c:\\WOW PTR\\World of Warcraft Public Test\\WoW-0.2.0.10116-to-0.2.0.10128-enUS-downloader.exe"=
"c:\\WOW PTR\\World of Warcraft Public Test\\WoW-0.2.0.10128-to-0.2.0.10147-enUS-downloader.exe"=
"c:\\WOW PTR\\World of Warcraft Public Test\\WoW-0.2.0.10147-to-0.2.0.10170-enUS-downloader.exe"=
"c:\\WOW PTR\\World of Warcraft Public Test\\WoW-0.2.0.10170-to-0.2.0.10179-enUS-downloader.exe"=
"c:\\WOW PTR\\World of Warcraft Public Test\\WoW-0.2.2.10257-enUS-ptr-downloader.exe"=
"c:\\WOW PTR\\World of Warcraft Public Test\\WoW-0.2.2.10357-to-0.2.2.10371-enUS-ptr-downloader.exe"=
"c:\\WOW PTR\\World of Warcraft Public Test\\WoW-0.2.2.10371-to-0.2.2.10392-enUS-ptr-downloader.exe"=
"c:\\WOW PTR\\World of Warcraft Public Test\\WoW-0.2.2.10392-to-0.2.2.10433-enUS-ptr-downloader.exe"=
"c:\\WOW PTR\\World of Warcraft Public Test\\WoW-0.2.2.10433-to-0.2.2.10468-enUS-ptr-downloader.exe"=
"c:\\WOW PTR\\World of Warcraft Public Test\\WoW-0.3.0.10522-enUS-ptr-downloader.exe"=
"c:\\WOW PTR\\World of Warcraft Public Test\\WoW-0.3.0.10522-to-0.3.0.10554-enUS-ptr-downloader.exe"=
"c:\\WOW PTR\\World of Warcraft Public Test\\WoW-0.3.0.10554-to-0.3.0.10571-enUS-ptr-downloader.exe"=
"c:\\WOW PTR\\World of Warcraft Public Test\\WoW-0.3.0.10571-to-0.3.0.10596-enUS-ptr-downloader.exe"=
"c:\\Program Files\\Electronic Arts\\Armies of Exigo\\Exigo.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [10/14/2009 9:18 PM 36880]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [9/14/2009 2:42 PM 32272]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 CX88XBAR;KWorld PVR 883 Crossbar;c:\windows\system32\drivers\cx88xbar.sys [7/1/2008 9:42 AM 8960]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/22/2010 6:38 PM 136176]
S2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [7/7/2010 7:49 AM 10448]
S3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [7/21/2010 3:51 PM 30104]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [7/21/2010 3:51 PM 30104]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [10/2/2009 7:39 PM 19472]
S3 V0330VID;WebCam Vista/Live! Cam Chat;c:\windows\system32\drivers\V0330Vid.sys [2/22/2009 6:35 AM 157696]
S4 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [6/21/2008 9:13 AM 158720]
S4 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [6/21/2008 9:13 AM 5248]
.
Contents of the 'Scheduled Tasks' folder
2010-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-22 22:38]
2010-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-22 22:38]
2010-08-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-823518204-682003330-1003Core.job
- c:\documents and settings\Devlish\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-21 21:32]
2010-08-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-823518204-682003330-1003UA.job
- c:\documents and settings\Devlish\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-21 21:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.orbitdownloader.com
uInternet Settings,ProxyServer = http=127.0.0.1:5643
uInternet Settings,ProxyOverride = <local>
IE: Add to AMV Convert Tool... - c:\program files\MP3 Player Utilities 4.00\AMVConverter\grab.html
IE: Add to Media Manager... - c:\program files\MP3 Player Utilities 4.00\MediaManager\grab.html
FF - ProfilePath - c:\documents and settings\Devlish\Application Data\Mozilla\Firefox\Profiles\sh4zei83.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://thottbot.com/
FF - component: c:\documents and settings\Devlish\Application Data\Mozilla\Firefox\Profiles\sh4zei83.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\documents and settings\Devlish\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr
ef", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-09 08:53
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys >>UNKNOWN [0x8A6C6A17]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf763bf28
\Driver\ACPI -> ACPI.sys @ 0xf75aecb8
\Driver\atapi -> atapi.sys @ 0xf74a0852
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->NDIS: Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xf7439bb0
PacketIndicateHandler -> NDIS.sys @ 0xf7446a21
SendHandler -> NDIS.sys @ 0xf742487b
user & kernel MBR OK
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-2000478354-823518204-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
[HKEY_USERS\S-1-5-21-2000478354-823518204-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*4%0*`%]
@Class="Shell"
[HKEY_USERS\S-1-5-21-2000478354-823518204-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*4%0*`%\OpenWithList]
@Class="Shell"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(948)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\AlienGUIse\fastload.dll
.
Completion time: 2010-08-09 08:57:22 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-09 12:57
ComboFix2.txt 2010-08-06 13:15
Pre-Run: 225,844,674,560 bytes free
Post-Run: 225,830,178,816 bytes free
- - End Of File - - 93D012604763E63EDC0AB11C1DB1CBAD
-
Antivirus Version Last Update Result
a-squared 5.0.0.31 2010.07.11 -
AhnLab-V3 2010.07.10.00 2010.07.09 -
AntiVir 8.2.4.10 2010.07.09 -
Antiy-AVL 2.0.3.7 2010.07.09 -
Authentium 5.2.0.5 2010.07.10 -
Avast 4.8.1351.0 2010.07.10 -
Avast5 5.0.332.0 2010.07.10 -
AVG 9.0.0.836 2010.07.11 -
BitDefender 7.2 2010.07.11 -
CAT-QuickHeal 11.00 2010.07.10 -
ClamAV 0.96.0.3-git 2010.07.11 -
Comodo 5390 2010.07.11 -
DrWeb 5.0.2.03300 2010.07.11 -
eSafe 7.0.17.0 2010.07.08 -
eTrust-Vet 36.1.7696 2010.07.10 -
F-Prot 4.6.1.107 2010.07.10 -
F-Secure 9.0.15370.0 2010.07.11 -
Fortinet 4.1.143.0 2010.07.10 -
GData 21 2010.07.11 -
Ikarus T3.1.1.84.0 2010.07.11 -
Jiangmin 13.0.900 2010.07.11 -
Kaspersky 7.0.0.125 2010.07.11 -
McAfee 5.400.0.1158 2010.07.11 -
McAfee-GW-Edition 2010.1 2010.07.05 -
Microsoft 1.5902 2010.07.11 -
NOD32 5268 2010.07.11 -
Norman 6.05.11 2010.07.10 -
nProtect 2010-07-11.01 2010.07.11 -
Panda 10.0.2.7 2010.07.11 -
PCTools 7.0.3.5 2010.07.11 -
Prevx 3.0 2010.07.11 -
Rising 22.55.04.04 2010.07.09 -
Sophos 4.55.0 2010.07.11 -
Sunbelt 6566 2010.07.10 -
Symantec 20101.1.0.89 2010.07.11 -
TheHacker 6.5.2.1.311 2010.07.11 -
TrendMicro 9.120.0.1004 2010.07.11 -
TrendMicro-HouseCall 9.120.0.1004 2010.07.11 -
VBA32 3.12.12.6 2010.07.09 -
ViRobot 2010.6.29.3912 2010.07.10 -
VirusBuster 5.0.27.0 2010.07.10 -
Additional information
File size: 221184 bytes
MD5 : c5b41140dbda488a02e8d33b5ff95686
SHA1 : afe8b6f3a90faa8148e55a43d789872dbfa3b527
SHA256: 6bc4e07e07c4ddee6c4e16b0d52185dced6f239dfe9ab5708c62a205ad6e570a
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x19A8C
timedatestamp.....: 0x4802A154 (Mon Apr 14 02:12:04 2008)
machinetype.......: 0x14C (Intel I386)
( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x2C693 0x2D000 6.31 1ff9fee2a0f7fabf2b586ec7de490f5c
.data 0x2E000 0x40F0 0x3000 5.64 591a726c846a969a897745f7c6b83b2c
.rsrc 0x33000 0x3D8 0x1000 1.04 531c61bac95b2927128896d55f9d44f7
.reloc 0x34000 0x3B42 0x4000 4.18 939ad9306eff984cd68074481419921c
( 10 imports )
> advapi32.dll: RegCreateKeyExA, RegCreateKeyExW, RegOpenKeyExA, RegOpenKeyExW, RegQueryValueExA, RegQueryValueExW, RegCloseKey
> comctl32.dll: InitCommonControlsEx
> gdi32.dll: SelectPalette, RealizePalette, RectVisible, SetDIBitsToDevice, StretchDIBits, MaskBlt, StretchBlt, CreateDIBSection, GetDIBColorTable, GetDeviceCaps, GetObjectW, GetObjectType, GetObjectA, CreateICW, CreateICA, GetClipBox, CreateCompatibleDC, SelectClipRgn, SelectObject, OffsetViewportOrgEx, DeleteDC, SetRectRgn, CreateRectRgnIndirect, DeleteObject
> kernel32.dll: CompareStringW, GetDriveTypeA, GetDriveTypeW, QueryDosDeviceA, QueryDosDeviceW, GetWindowsDirectoryW, GetLocaleInfoW, GetLocaleInfoA, GetVersionExW, lstrcpyW, lstrcatW, LoadLibraryW, lstrcpynW, GetModuleHandleW, GetModuleFileNameW, GetModuleFileNameA, GetFileAttributesW, GetFileAttributesA, lstrlenA, CloseHandle, GetCurrentThreadId, WaitForSingleObject, SetEvent, FlushInstructionCache, GetCurrentProcess, InterlockedIncrement, LeaveCriticalSection, EnterCriticalSection, InterlockedDecrement, SetLastError, GetLastError, FreeLibrary, SetErrorMode, GetProcAddress, GetExitCodeThread, CreateFileW, CreateFileA, DeviceIoControl, GetVersion, GetUserDefaultLangID, CreateThread, InitializeCriticalSection, HeapDestroy, DeleteCriticalSection, DisableThreadLibraryCalls, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, CreateEventW, CreateEventA, CompareStringA, GetModuleHandleA, GetWindowsDirectoryA, lstrlenW, GetVersionExA, MultiByteToWideChar, WideCharToMultiByte, VirtualAlloc, VirtualFree, LoadLibraryA, HeapAlloc, GetProcessHeap, HeapFree, SetUnhandledExceptionFilter, UnhandledExceptionFilter
> mpr.dll: WNetGetConnectionW, WNetGetConnectionA, WNetCancelConnection2W, WNetAddConnection2W
> msvcrt.dll: wcsstr, _wcsnicmp, _wtol, _vsnwprintf, wcschr, wcspbrk, iswspace, memmove, wcslen, wcsncmp, towupper, _wcsicmp, wcsrchr, vswprintf, _beginthreadex, _wtoi, iswdigit, wcscmp, _snwprintf, wcsncpy, __3@YAXPAX@Z, _onexit, __dllonexit, _adjust_fdiv, malloc, _initterm, free, _purecall, _except_handler3, __2@YAPAXI@Z
> ole32.dll: CoUninitialize, CoFreeUnusedLibraries, CoInitialize, CoCreateInstance
> oleaut32.dll: -, -, -, -, -, -, -
> shlwapi.dll: PathGetCharTypeW, PathGetCharTypeA
> user32.dll: MessageBoxA, MessageBoxW, PeekMessageA, PeekMessageW, PostMessageA, PostMessageW, PostThreadMessageA, PostThreadMessageW, RegisterClassExA, RegisterClassExW, UnregisterClassA, UnregisterClassW, RegisterWindowMessageA, SendMessageW, SetWindowLongA, SetWindowLongW, wvsprintfW, GetMonitorInfoA, GetMonitorInfoW, CharNextW, GetCapture, ReleaseCapture, SetCapture, GetFocus, SetFocus, IsWindowVisible, GetDC, ReleaseDC, InvalidateRect, InvalidateRgn, PtInRect, MonitorFromRect, WindowFromDC, LoadCursorW, GetWindowTextW, GetWindowTextA, GetWindowLongW, GetWindowLongA, GetMessageW, GetMessageA, GetClassNameA, GetClassLongA, GetClassInfoExW, GetClassInfoExA, DispatchMessageW, DispatchMessageA, DefWindowProcW, DefWindowProcA, CreateWindowExW, CreateWindowExA, GetSystemMetrics, CharNextA, GetCursorPos, MapWindowPoints, CallWindowProcW, CallWindowProcA, BeginPaint, CopyRect, LoadCursorA, OffsetRect, EndPaint, IsChild, ShowWindow, GetClientRect, SetWindowPos, GetParent, GetWindowRect, TranslateMessage, SetParent, IsWindow, DestroyWindow, BringWindowToTop, SendMessageA
( 1 exports )
> DllCanUnloadNow, DllGetClassObject, DllRegisterServer, DllUnregisterServer, _Java_WMPNS_EventThread_CheckEvents@8, _Java_WMPNS_EventThread_GetThreadID@8, _Java_WMPNS_EventThread_kill@12, _Java_WMPNS_IWMPCdromCollection_equalsNative@20, _Java_WMPNS_IWMPCdromCollection_getByDriveSpecifierNative@20, _Java_WMPNS_IWMPCdromCollection_getCountNative@16, _Java_WMPNS_IWMPCdromCollection_itemNative@24, _Java_WMPNS_IWMPCdrom_ejectNative@16, _Java_WMPNS_IWMPCdrom_equalsNative@20, _Java_WMPNS_IWMPCdrom_getDriveSpecifierNative@16, _Java_WMPNS_IWMPCdrom_getPlaylistNative@16, _Java_WMPNS_IWMPClosedCaption_equalsNative@20, _Java_WMPNS_IWMPClosedCaption_getCaptioningIDNative@16, _Java_WMPNS_IWMPClosedCaption_getSAMIFileNameNative@16, _Java_WMPNS_IWMPClosedCaption_getSAMILangCountNative@16, _Java_WMPNS_IWMPClosedCaption_getSAMILangIDNative@24, _Java_WMPNS_IWMPClosedCaption_getSAMILangNameNative@24, _Java_WMPNS_IWMPClosedCaption_getSAMILangNative@16, _Java_WMPNS_IWMPClosedCaption_getSAMIStyleCountNative@16, _Java_WMPNS_IWMPClosedCaption_getSAMIStyleNameNative@24, _Java_WMPNS_IWMPClosedCaption_getSAMIStyleNative@16, _Java_WMPNS_IWMPClosedCaption_setCaptioningIDNative@20, _Java_WMPNS_IWMPClosedCaption_setSAMIFileNameNative@20, _Java_WMPNS_IWMPClosedCaption_setSAMILangNative@20, _Java_WMPNS_IWMPClosedCaption_setSAMIStyleNative@20, _Java_WMPNS_IWMPControls_equalsNative@20, _Java_WMPNS_IWMPControls_fastForwardNative@16, _Java_WMPNS_IWMPControls_fastReverseNative@16, _Java_WMPNS_IWMPControls_getAudioLanguageCountNative@16, _Java_WMPNS_IWMPControls_getAudioLanguageDescriptionNative@24, _Java_WMPNS_IWMPControls_getAudioLanguageIDNative@24, _Java_WMPNS_IWMPControls_getCurrentAudioLanguageIndexNative@16, _Java_WMPNS_IWMPControls_getCurrentAudioLanguageNative@16, _Java_WMPNS_IWMPControls_getCurrentItemNative@16, _Java_WMPNS_IWMPControls_getCurrentMarkerNative@16, _Java_WMPNS_IWMPControls_getCurrentPositionNative@16, _Java_WMPNS_IWMPControls_getCurrentPositionStringNative@16, _Java_WMPNS_IWMPControls_getCurrentPositionTimecodeNative@16, _Java_WMPNS_IWMPControls_getLanguageNameNative@24, _Java_WMPNS_IWMPControls_isAvailableNative@20, _Java_WMPNS_IWMPControls_nextNative@16, _Java_WMPNS_IWMPControls_pauseNative@16, _Java_WMPNS_IWMPControls_playItemNative@20, _Java_WMPNS_IWMPControls_playNative@16, _Java_WMPNS_IWMPControls_previousNative@16, _Java_WMPNS_IWMPControls_setCurrentAudioLanguageIndexNative@24, _Java_WMPNS_IWMPControls_setCurrentAudioLanguageNative@24, _Java_WMPNS_IWMPControls_setCurrentItemNative@20, _Java_WMPNS_IWMPControls_setCurrentMarkerNative@24, _Java_WMPNS_IWMPControls_setCurrentPositionNative@24, _Java_WMPNS_IWMPControls_setCurrentPositionTimecodeNative@20, _Java_WMPNS_IWMPControls_stepNative@24, _Java_WMPNS_IWMPControls_stopNative@16, _Java_WMPNS_IWMPDVD_backNative@16, _Java_WMPNS_IWMPDVD_equalsNative@20, _Java_WMPNS_IWMPDVD_getDomainNative@16, _Java_WMPNS_IWMPDVD_isAvailableNative@20, _Java_WMPNS_IWMPDVD_resumeNative@16, _Java_WMPNS_IWMPDVD_titleMenuNative@16, _Java_WMPNS_IWMPDVD_topMenuNative@16, _Java_WMPNS_IWMPErrorItem_equalsNative@20, _Java_WMPNS_IWMPErrorItem_getConditionNative@16, _Java_WMPNS_IWMPErrorItem_getCustomUrlNative@16, _Java_WMPNS_IWMPErrorItem_getErrorCodeNative@16, _Java_WMPNS_IWMPErrorItem_getErrorContextNative@16, _Java_WMPNS_IWMPErrorItem_getErrorDescriptionNative@16, _Java_WMPNS_IWMPErrorItem_getRemedyNative@16, _Java_WMPNS_IWMPError_clearErrorQueueNative@16, _Java_WMPNS_IWMPError_equalsNative@20, _Java_WMPNS_IWMPError_getErrorCountNative@16, _Java_WMPNS_IWMPError_itemNative@24, _Java_WMPNS_IWMPError_webHelpNative@16, _Java_WMPNS_IWMPMediaCollection_addNative@20, _Java_WMPNS_IWMPMediaCollection_equalsNative@20, _Java_WMPNS_IWMPMediaCollection_getAllNative@16, _Java_WMPNS_IWMPMediaCollection_getAttributeStringCollectionNative@24, _Java_WMPNS_IWMPMediaCollection_getByAlbumNative@20, _Java_WMPNS_IWMPMediaCollection_getByAttributeNative@24, _Java_WMPNS_IWMPMediaCollection_getByAuthorNative@20, _Java_WMPNS_IWMPMediaCollection_getByGenreNative@20, _Java_WMPNS_IWMPMediaCollection_getByNameNative@20, _Java_WMPNS_IWMPMediaCollection_getMediaAtomNative@20, _Java_WMPNS_IWMPMediaCollection_isDeletedNative@20, _Java_WMPNS_IWMPMediaCollection_removeNative@24, _Java_WMPNS_IWMPMediaCollection_setDeletedNative@24, _Java_WMPNS_IWMPMedia_equalsNative@20, _Java_WMPNS_IWMPMedia_getAttributeCountByTypeNative@24, _Java_WMPNS_IWMPMedia_getAttributeCountNative@16, _Java_WMPNS_IWMPMedia_getAttributeNameNative@24, _Java_WMPNS_IWMPMedia_getDurationNative@16, _Java_WMPNS_IWMPMedia_getDurationStringNative@16, _Java_WMPNS_IWMPMedia_getErrorNative@16, _Java_WMPNS_IWMPMedia_getImageSourceHeightNative@16, _Java_WMPNS_IWMPMedia_getImageSourceWidthNative@16, _Java_WMPNS_IWMPMedia_getItemInfoByAtomNative@24, _Java_WMPNS_IWMPMedia_getItemInfoByTypeNative@32, _Java_WMPNS_IWMPMedia_getItemInfoNative@20, _Java_WMPNS_IWMPMedia_getMarkerCountNative@16, _Java_WMPNS_IWMPMedia_getMarkerNameNative@24, _Java_WMPNS_IWMPMedia_getMarkerTimeNative@24, _Java_WMPNS_IWMPMedia_getNameNative@16, _Java_WMPNS_IWMPMedia_getSourceURLNative@16, _Java_WMPNS_IWMPMedia_isIdenticalNative@20, _Java_WMPNS_IWMPMedia_isMemberOfNative@20, _Java_WMPNS_IWMPMedia_isReadOnlyItemNative@20, _Java_WMPNS_IWMPMedia_setItemInfoNative@24, _Java_WMPNS_IWMPMedia_setNameNative@20, _Java_WMPNS_IWMPNetwork_equalsNative@20, _Java_WMPNS_IWMPNetwork_getBandWidthNative@16, _Java_WMPNS_IWMPNetwork_getBitRateNative@16, _Java_WMPNS_IWMPNetwork_getBufferingCountNative@16, _Java_WMPNS_IWMPNetwork_getBufferingProgressNative@16, _Java_WMPNS_IWMPNetwork_getBufferingTimeNative@16, _Java_WMPNS_IWMPNetwork_getDownloadProgressNative@16, _Java_WMPNS_IWMPNetwork_getEncodedFrameRateNative@16, _Java_WMPNS_IWMPNetwork_getFrameRateNative@16, _Java_WMPNS_IWMPNetwork_getFramesSkippedNative@16, _Java_WMPNS_IWMPNetwork_getLostPacketsNative@16, _Java_WMPNS_IWMPNetwork_getMaxBandwidthNative@16, _Java_WMPNS_IWMPNetwork_getMaxBitRateNative@16, _Java_WMPNS_IWMPNetwork_getProxyBypassForLocalNative@20, _Java_WMPNS_IWMPNetwork_getProxyExceptionListNative@20, _Java_WMPNS_IWMPNetwork_getProxyNameNative@20, _Java_WMPNS_IWMPNetwork_getProxyPortNative@20, _Java_WMPNS_IWMPNetwork_getProxySettingsNative@20, _Java_WMPNS_IWMPNetwork_getReceivedPacketsNative@16, _Java_WMPNS_IWMPNetwork_getReceptionQualityNative@16, _Java_WMPNS_IWMPNetwork_getRecoveredPacketsNative@16, _Java_WMPNS_IWMPNetwork_getSourceProtocolNative@16, _Java_WMPNS_IWMPNetwork_setBufferingTimeNative@24, _Java_WMPNS_IWMPNetwork_setMaxBandwidthNative@24, _Java_WMPNS_IWMPNetwork_setProxyBypassForLocalNative@24, _Java_WMPNS_IWMPNetwork_setProxyExceptionListNative@24, _Java_WMPNS_IWMPNetwork_setProxyNameNative@24, _Java_WMPNS_IWMPNetwork_setProxyPortNative@28, _Java_WMPNS_IWMPNetwork_setProxySettingsNative@28, _Java_WMPNS_IWMPPlayerApplication_equalsNative@20, _Java_WMPNS_IWMPPlayerApplication_getHasDisplayNative@16, _Java_WMPNS_IWMPPlayerApplication_getPlayerDockedNative@16, _Java_WMPNS_IWMPPlayerApplication_switchToControlNative@16, _Java_WMPNS_IWMPPlayerApplication_switchToPlayerApplicationNative@16, _Java_WMPNS_IWMPPlayer_closeNative@16, _Java_WMPNS_IWMPPlayer_equalsNative@20, _Java_WMPNS_IWMPPlayer_getCdromCollectionNative@16, _Java_WMPNS_IWMPPlayer_getClosedCaptionNative@16, _Java_WMPNS_IWMPPlayer_getControlsNative@16, _Java_WMPNS_IWMPPlayer_getCurrentMediaNative@16, _Java_WMPNS_IWMPPlayer_getCurrentPlaylistNative@16, _Java_WMPNS_IWMPPlayer_getDvdNative@16, _Java_WMPNS_IWMPPlayer_getEnableContextMenuNative@16, _Java_WMPNS_IWMPPlayer_getEnabledNative@16, _Java_WMPNS_IWMPPlayer_getErrorNative@16, _Java_WMPNS_IWMPPlayer_getFullScreenNative@16, _Java_WMPNS_IWMPPlayer_getIsOnlineNative@16, _Java_WMPNS_IWMPPlayer_getIsRemoteNative@16, _Java_WMPNS_IWMPPlayer_getMediaCollectionNative@16, _Java_WMPNS_IWMPPlayer_getNetworkNative@16, _Java_WMPNS_IWMPPlayer_getOpenStateNative@16, _Java_WMPNS_IWMPPlayer_getPlayStateNative@16, _Java_WMPNS_IWMPPlayer_getPlayerApplicationNative@16, _Java_WMPNS_IWMPPlayer_getPlaylistCollectionNative@16, _Java_WMPNS_IWMPPlayer_getSettingsNative@16, _Java_WMPNS_IWMPPlayer_getStatusNative@16, _Java_WMPNS_IWMPPlayer_getStretchToFitNative@16, _Java_WMPNS_IWMPPlayer_getURLNative@16, _Java_WMPNS_IWMPPlayer_getUiModeNative@16, _Java_WMPNS_IWMPPlayer_getVersionInfoNative@16, _Java_WMPNS_IWMPPlayer_getWindowlessVideoNative@16, _Java_WMPNS_IWMPPlayer_launchURLNative@20, _Java_WMPNS_IWMPPlayer_newMediaNative@20, _Java_WMPNS_IWMPPlayer_newPlaylistNative@24, _Java_WMPNS_IWMPPlayer_openPlayerNative@20, _Java_WMPNS_IWMPPlayer_setCurrentMediaNative@20, _Java_WMPNS_IWMPPlayer_setCurrentPlaylistNative@20, _Java_WMPNS_IWMPPlayer_setEnableContextMenuNative@20, _Java_WMPNS_IWMPPlayer_setEnabledNative@20, _Java_WMPNS_IWMPPlayer_setFullScreenNative@20, _Java_WMPNS_IWMPPlayer_setStretchToFitNative@20, _Java_WMPNS_IWMPPlayer_setURLNative@20, _Java_WMPNS_IWMPPlayer_setUiModeNative@20, _Java_WMPNS_IWMPPlayer_setWindowlessVideoNative@20, _Java_WMPNS_IWMPPlaylistArray_equalsNative@20, _Java_WMPNS_IWMPPlaylistArray_getCountNative@16, _Java_WMPNS_IWMPPlaylistArray_itemNative@24, _Java_WMPNS_IWMPPlaylistCollection_equalsNative@20, _Java_WMPNS_IWMPPlaylistCollection_getAllNative@16, _Java_WMPNS_IWMPPlaylistCollection_getByNameNative@20, _Java_WMPNS_IWMPPlaylistCollection_importPlaylistNative@20, _Java_WMPNS_IWMPPlaylistCollection_isDeletedNative@20, _Java_WMPNS_IWMPPlaylistCollection_newPlaylistNative@20, _Java_WMPNS_IWMPPlaylistCollection_removeNative@20, _Java_WMPNS_IWMPPlaylistCollection_setDeletedNative@24, _Java_WMPNS_IWMPPlaylist_appendItemNative@20, _Java_WMPNS_IWMPPlaylist_clearNative@16, _Java_WMPNS_IWMPPlaylist_equalsNative@20, _Java_WMPNS_IWMPPlaylist_getAttributeCountNative@16, _Java_WMPNS_IWMPPlaylist_getAttributeNameNative@24, _Java_WMPNS_IWMPPlaylist_getCountNative@16, _Java_WMPNS_IWMPPlaylist_getItemInfoNative@20, _Java_WMPNS_IWMPPlaylist_getNameNative@16, _Java_WMPNS_IWMPPlaylist_insertItemNative@28, _Java_WMPNS_IWMPPlaylist_isIdenticalNative@20, _Java_WMPNS_IWMPPlaylist_itemNative@24, _Java_WMPNS_IWMPPlaylist_moveItemNative@32, _Java_WMPNS_IWMPPlaylist_removeItemNative@20, _Java_WMPNS_IWMPPlaylist_setItemInfoNative@24, _Java_WMPNS_IWMPPlaylist_setNameNative@20, _Java_WMPNS_IWMPSettings_equalsNative@20, _Java_WMPNS_IWMPSettings_getAutoStartNative@16, _Java_WMPNS_IWMPSettings_getBalanceNative@16, _Java_WMPNS_IWMPSettings_getBaseURLNative@16, _Java_WMPNS_IWMPSettings_getDefaultAudioLanguageNative@16, _Java_WMPNS_IWMPSettings_getDefaultFrameNative@16, _Java_WMPNS_IWMPSettings_getEnableErrorDialogsNative@16, _Java_WMPNS_IWMPSettings_getInvokeURLsNative@16, _Java_WMPNS_IWMPSettings_getMediaAccessRightsNative@16, _Java_WMPNS_IWMPSettings_getModeNative@20, _Java_WMPNS_IWMPSettings_getMuteNative@16, _Java_WMPNS_IWMPSettings_getPlayCountNative@16, _Java_WMPNS_IWMPSettings_getRateNative@16, _Java_WMPNS_IWMPSettings_getVolumeNative@16, _Java_WMPNS_IWMPSettings_isAvailableNative@20, _Java_WMPNS_IWMPSettings_requestMediaAccessRightsNative@20, _Java_WMPNS_IWMPSettings_setAutoStartNative@20, _Java_WMPNS_IWMPSettings_setBalanceNative@24, _Java_WMPNS_IWMPSettings_setBaseURLNative@20, _Java_WMPNS_IWMPSettings_setDefaultFrameNative@20, _Java_WMPNS_IWMPSettings_setEnableErrorDialogsNative@20, _Java_WMPNS_IWMPSettings_setInvokeURLsNative@20, _Java_WMPNS_IWMPSettings_setModeNative@24, _Java_WMPNS_IWMPSettings_setMuteNative@20, _Java_WMPNS_IWMPSettings_setPlayCountNative@24, _Java_WMPNS_IWMPSettings_setRateNative@24, _Java_WMPNS_IWMPSettings_setVolumeNative@24, _Java_WMPNS_IWMPStringCollection_equalsNative@20, _Java_WMPNS_IWMPStringCollection_getCountNative@16, _Java_WMPNS_IWMPStringCollection_itemNative@24, _Java_WMPNS_WMP_debug@12, _Java_WMPNS_WMP_getAppletHWND@8, _Java_WMPNS_WMP_getPlayer@12, _Java_WMPNS_WMP_getTargetHWND@12, _Java_WMPNS_WMP_killThread@12, _Java_WMPNS_WMP_spawnThread@16
TrID : File type identification
DirectShow filter (43.0%)
Windows OCX File (26.3%)
Win64 Executable Generic (18.2%)
Win32 Executable MS Visual C++ (generic) (8.0%)
Win32 Executable Generic (1.8%)
ssdeep: 3072:79oJZcTUKXq1KgL3PigjjjRJ5mDA0eWQztbEQ6uFLd:ecTbuKgTP75mDbeWQztbOuF
sigcheck: publisher....: Microsoft Corporation
copyright....: © Microsoft Corporation. All rights reserved.
product......: Microsoft® Windows Media Player
description..: Windows Media Player Applet Support DLL
original name: WMPNS.DLL
internal name: WMPNS.DLL
file version.: 9.00.00.4503
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEiD : -
RDS : NSRL Reference Data Set
-
-
I know, do what I told you.
I did....
-
I'm still getting browser redirects from search engines.
-
As you can see it found and killed something. still getting redirects tho. also... combo fix installed some kind of drivers when it was completing. is this normal?? catchme.sys and 1 or 2 others
ComboFix 10-08-05.06 - Devlish 08/06/2010 8:54.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1646 [GMT -4:00]
Running from: c:\documents and settings\Devlish\Desktop\Combo-Fix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\NetworkService\Local Settings\Application Data\wvndoyfjo
c:\documents and settings\NetworkService\Local Settings\Application Data\wvndoyfjo\xpbrjewtssd.exe
.
((((((((((((((((((((((((( Files Created from 2010-07-06 to 2010-08-06 )))))))))))))))))))))))))))))))
.
2010-08-06 06:19 . 2010-08-06 06:19 503808 ----a-w- c:\documents and settings\Devlish\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5ee28c56-n\msvcp71.dll
2010-08-06 06:19 . 2010-08-06 06:19 499712 ----a-w- c:\documents and settings\Devlish\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5ee28c56-n\jmc.dll
2010-08-06 06:19 . 2010-08-06 06:19 348160 ----a-w- c:\documents and settings\Devlish\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5ee28c56-n\msvcr71.dll
2010-08-06 06:19 . 2010-08-06 06:19 61440 ----a-w- c:\documents and settings\Devlish\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-1b9d670e-n\decora-sse.dll
2010-08-06 06:19 . 2010-08-06 06:19 12800 ----a-w- c:\documents and settings\Devlish\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-1b9d670e-n\decora-d3d.dll
2010-07-29 20:43 . 2008-04-14 09:42 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-07-29 20:36 . 2008-04-14 09:42 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe
2010-07-29 20:35 . 2008-04-14 09:42 1384479 ----a-w- c:\windows\system32\msvbvm60.dll
2010-07-27 18:28 . 2010-07-27 18:28 388096 ----a-r- c:\documents and settings\Devlish\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-07-27 18:28 . 2010-07-27 18:28 -------- d-----w- c:\program files\Trend Micro
2010-07-27 12:21 . 2010-07-27 12:21 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-26 23:24 . 2010-07-27 00:41 -------- d-----w- c:\program files\World of Warcraft
2010-07-26 00:05 . 2010-07-26 00:05 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-26 00:05 . 2010-07-26 00:05 -------- d-----w- c:\program files\Java
2010-07-24 00:41 . 2010-07-24 00:41 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-07-24 00:37 . 2010-07-24 00:37 56458 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-07-24 00:37 . 2010-07-24 00:37 54174 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe
2010-07-24 00:37 . 2010-07-24 00:37 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
2010-07-24 00:37 . 2010-07-24 00:37 54128 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe
2010-07-24 00:37 . 2010-07-24 00:37 54644 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe
2010-07-24 00:37 . 2010-07-24 00:37 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
2010-07-24 00:37 . 2010-07-24 00:37 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe
2010-07-24 00:37 . 2010-07-24 00:37 52963 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-07-24 00:37 . 2010-07-24 00:37 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
2010-07-24 00:37 . 2010-07-24 00:37 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-07-24 00:37 . 2010-07-24 00:37 56969 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe
2010-07-24 00:34 . 2010-07-24 00:41 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-07-23 23:18 . 2010-07-23 23:18 932368 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\profiles-1-6.dll
2010-07-23 23:18 . 2010-07-23 23:18 678416 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\content_interpreter-1-1.dll
2010-07-23 23:18 . 2010-07-23 23:18 604688 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\gsg-3-9.dll
2010-07-23 23:18 . 2010-07-23 23:18 522768 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\database-1-5.dll
2010-07-23 23:18 . 2010-07-23 23:18 1096208 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\filtration-4-6.dll
2010-07-23 23:17 . 2010-07-23 23:17 80400 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\fssync.dll
2010-07-23 23:17 . 2010-07-23 23:17 397328 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\oeas.dll
2010-07-23 23:17 . 2010-07-23 23:17 315408 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\sys\i386\5.1\klif.sys
2010-07-23 23:17 . 2010-07-23 23:17 19472 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\kloehk.dll
2010-07-23 23:02 . 2010-07-23 23:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2010-07-23 17:53 . 2010-07-23 17:53 54016 ----a-w- c:\windows\system32\drivers\xkix.sys
2010-07-22 22:43 . 2010-07-22 22:43 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-07-22 22:38 . 2010-07-22 22:38 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-07-22 22:38 . 2010-07-22 22:39 -------- d-----w- c:\program files\Google
2010-07-22 21:43 . 2010-07-22 21:43 -------- d-----w- c:\program files\FileASSASSIN
2010-07-22 20:49 . 2010-07-22 20:49 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
2010-07-22 20:45 . 2010-07-22 20:45 1025992 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\SecurityScan_Release.exe
2010-07-22 19:37 . 2010-08-03 15:58 13104 ----a-w- c:\documents and settings\Devlish\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-22 19:36 . 2010-07-22 19:36 -------- d-----w- c:\documents and settings\Devlish\Local Settings\Application Data\Sunbelt Software
2010-07-21 21:52 . 2010-07-21 21:52 503808 ----a-w- c:\documents and settings\Devlish\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5f75f42e-n\msvcp71.dll
2010-07-21 21:52 . 2010-07-21 21:52 499712 ----a-w- c:\documents and settings\Devlish\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5f75f42e-n\jmc.dll
2010-07-21 21:52 . 2010-07-21 21:52 348160 ----a-w- c:\documents and settings\Devlish\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5f75f42e-n\msvcr71.dll
2010-07-21 21:52 . 2010-07-21 21:52 61440 ----a-w- c:\documents and settings\Devlish\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-2d409bec-n\decora-sse.dll
2010-07-21 21:52 . 2010-07-21 21:52 12800 ----a-w- c:\documents and settings\Devlish\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-2d409bec-n\decora-d3d.dll
2010-07-21 21:32 . 2010-07-28 19:37 -------- d-----w- c:\documents and settings\Devlish\Local Settings\Application Data\Temp
2010-07-21 21:32 . 2010-07-22 22:39 -------- d-----w- c:\documents and settings\Devlish\Local Settings\Application Data\Google
2010-07-21 19:51 . 2010-07-21 19:51 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2010-07-21 19:51 . 2010-07-21 19:51 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2010-07-21 19:50 . 2010-07-21 19:52 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-07-21 19:13 . 2010-07-21 19:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-07-21 19:13 . 2010-07-21 19:25 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-07-21 18:08 . 2010-07-23 18:41 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-07-21 14:56 . 2010-07-21 14:56 -------- d-s---w- c:\documents and settings\LocalService\UserData
2010-07-21 14:04 . 2008-04-14 04:06 37248 ----a-w- c:\windows\system32\drivers\isapnp.sys
2010-07-21 00:29 . 2010-07-21 00:29 -------- d-s---w- c:\documents and settings\NetworkService\UserData
2010-07-14 17:28 . 2010-07-14 17:28 -------- d-----w- c:\documents and settings\Devlish\Local Settings\Application Data\Fallout3
2010-07-14 17:23 . 2008-09-16 22:20 121064 ------r- c:\documents and settings\All Users\Application Data\Fallout3\setup.exe
2010-07-14 17:23 . 2010-07-14 17:23 -------- d-----w- c:\program files\Bethesda Softworks
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-06 13:05 . 2010-07-23 23:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2010-08-06 12:43 . 2009-08-04 20:57 -------- d-----w- c:\program files\Trillian
2010-07-29 19:59 . 2010-07-23 23:06 97549 ----a-w- c:\windows\system32\drivers\klick.dat
2010-07-29 19:59 . 2010-07-23 23:06 113933 ----a-w- c:\windows\system32\drivers\klin.dat
2010-07-27 18:43 . 2008-07-26 16:04 -------- d-----w- c:\program files\DivX
2010-07-27 00:41 . 2008-03-25 22:07 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-07-25 23:49 . 2008-04-01 18:36 -------- d-----w- c:\documents and settings\Devlish\Application Data\Orbit
2010-07-25 23:49 . 2008-02-07 01:18 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-07-25 23:47 . 2008-09-01 06:16 -------- d-----w- c:\program files\Common Files\Java
2010-07-24 05:25 . 2010-07-24 00:38 -------- d-----w- c:\documents and settings\Devlish\Application Data\DivX
2010-07-24 00:38 . 2010-07-24 00:38 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-07-24 00:38 . 2010-07-24 00:38 56997 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-07-24 00:38 . 2010-07-24 00:38 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-07-24 00:38 . 2010-07-24 00:38 57715 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-07-24 00:38 . 2010-07-24 00:38 84054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe
2010-07-24 00:38 . 2010-07-24 00:38 57054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe
2010-07-24 00:38 . 2010-07-24 00:38 54166 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe
2010-07-24 00:38 . 2010-07-24 00:38 57532 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe
2010-07-24 00:34 . 2010-07-24 00:38 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-07-24 00:34 . 2010-07-24 00:38 895256 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-07-23 23:17 . 2010-07-23 23:17 133648 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\mmpprtc.dll
2010-07-23 23:17 . 2010-07-23 23:17 109072 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\mzvkbd3.dll
2010-07-23 23:17 . 2010-07-23 23:17 397328 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\oeas.dll
2010-07-23 23:17 . 2010-07-23 23:17 133720 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\mmpprtc.dll
2010-07-23 23:17 . 2010-07-23 23:17 109072 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\mzvkbd3.dll
2010-07-23 23:17 . 2010-07-23 23:17 80400 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\fssync.dll
2010-07-23 23:17 . 2010-07-23 23:17 17936 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\kloehk.dll
2010-07-23 23:17 . 2010-07-23 23:17 315408 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\sys\i386\5.1\klif.sys
2010-07-23 23:05 . 2010-07-23 23:05 -------- d-----w- c:\program files\Kaspersky Lab
2010-07-23 23:03 . 2009-11-21 21:06 -------- d-----w- c:\program files\Lavasoft
2010-07-23 23:03 . 2009-11-21 21:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-07-22 21:55 . 2010-03-23 11:49 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-07-22 18:59 . 2010-03-31 12:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-21 21:07 . 2010-02-09 22:08 -------- d-----w- c:\documents and settings\Devlish\Application Data\Qunuze
2010-07-20 19:29 . 2009-09-03 12:36 -------- d-----w- c:\documents and settings\Devlish\Application Data\Irocka
2010-07-16 11:35 . 2009-06-27 17:12 -------- d-----w- c:\documents and settings\Devlish\Application Data\Edtuag
2010-07-14 17:23 . 2010-04-22 11:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Fallout3
2010-07-14 17:23 . 2008-02-05 13:34 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-07 19:19 . 2010-07-07 11:49 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2010-07-07 11:49 . 2010-07-07 11:48 -------- d-----w- c:\documents and settings\Devlish\Application Data\Logitech
2010-07-07 11:49 . 2010-07-07 11:49 -------- d-----w- c:\documents and settings\Devlish\Application Data\Leadertech
2010-07-07 11:49 . 2010-07-07 11:49 53248 ----a-r- c:\documents and settings\Devlish\Application Data\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2010-07-07 11:49 . 2010-07-07 11:48 -------- d-----w- c:\program files\Common Files\LogiShrd
2010-07-07 11:49 . 2010-07-07 11:49 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-07-07 11:48 . 2010-07-07 11:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Logishrd
2010-07-07 11:48 . 2008-05-28 14:47 -------- d-----w- c:\program files\Logitech
2010-07-07 11:48 . 2010-07-07 11:48 -------- d-----w- c:\documents and settings\Devlish\Application Data\Logishrd
2010-06-18 15:34 . 2010-06-18 15:34 -------- d-----w- c:\documents and settings\Devlish\Application Data\Moyea
2010-06-18 15:19 . 2010-06-18 15:19 766 ----a-r- c:\documents and settings\Devlish\Application Data\Microsoft\Installer\{7784A172-61F1-445E-8368-601607E0DD22}\_294823.exe
2010-06-18 15:19 . 2010-06-18 15:19 2238 ----a-r- c:\documents and settings\Devlish\Application Data\Microsoft\Installer\{7784A172-61F1-445E-8368-601607E0DD22}\_4ae13d6c.exe
2010-06-18 15:19 . 2010-06-18 15:19 1518 ----a-r- c:\documents and settings\Devlish\Application Data\Microsoft\Installer\{7784A172-61F1-445E-8368-601607E0DD22}\_69525f90.exe
2010-06-18 15:19 . 2010-06-18 15:19 1078 ----a-r- c:\documents and settings\Devlish\Application Data\Microsoft\Installer\{7784A172-61F1-445E-8368-601607E0DD22}\_2cd672ae.exe
2010-06-18 15:19 . 2010-06-18 15:19 1078 ----a-r- c:\documents and settings\Devlish\Application Data\Microsoft\Installer\{7784A172-61F1-445E-8368-601607E0DD22}\_18be6784.exe
2010-06-18 15:18 . 2010-06-18 15:18 -------- d-----w- c:\program files\MP3 Player Utilities 4.00
2010-06-15 17:50 . 2010-06-15 17:50 -------- d-----w- c:\program files\Multimedia Transcoding Tool
2010-06-15 17:49 . 2010-03-14 06:17 -------- d-----w- c:\documents and settings\Devlish\Application Data\Apple Computer
2010-06-15 17:47 . 2010-03-14 06:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-06-09 23:01 . 2010-07-24 00:38 126448 ------w- c:\windows\system32\pxinsi64.exe
2010-06-09 23:01 . 2010-07-24 00:38 123888 ------w- c:\windows\system32\pxcpyi64.exe
2010-06-09 23:01 . 2008-02-28 12:35 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys
2010-06-09 23:01 . 2008-02-28 12:35 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2010-06-09 23:01 . 2008-02-28 12:35 45648 ----a-w- c:\windows\system32\drivers\PxHelp20.sys
2010-06-09 23:01 . 2008-02-28 12:35 133616 ------w- c:\windows\system32\pxafs.dll
2010-06-08 18:29 . 2010-06-08 18:29 45828 ----a-w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment\Battle.net\Cache\Download\Scan.dll
2010-06-08 18:27 . 2009-08-15 05:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
2010-05-23 21:50 . 2010-06-25 02:17 73216 ----a-w- c:\documents and settings\Devlish\Application Data\Mozilla\Firefox\Profiles\sh4zei83.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2009-10-21 340456]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"RTHDCPL"="RTHDCPL.EXE" [2007-09-19 16844800]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-05-06 09:29 64592 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-21 04:34 24576 ----a-w- c:\program files\AlienGUIse\fastload.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Devlish^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\Devlish\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 10:43 69632 ------r- c:\windows\Alcmtr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EvtMgr6]
2010-05-18 20:41 1311312 ----a-w- c:\program files\Logitech\SetPointP\SetPoint.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-07-21 21:32 136176 ----atw- c:\documents and settings\Devlish\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 15:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PVR Agent]
2005-04-13 15:46 751104 ----a-w- c:\program files\KWorld Multimedia\PVR Plus\TVR\Scheduled.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE]
2002-02-05 03:32 53248 ----a-w- c:\program files\REGSHAVE\Regshave.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-09-19 10:14 16844800 ------r- c:\windows\RTHDCPL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2006-11-10 17:35 90112 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 15:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\V0330Mon.exe]
2007-04-30 06:03 32768 ----a-w- c:\windows\V0330Mon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinDVR SchSvr]
2005-02-17 04:03 106496 ----a-w- c:\program files\Common Files\InterVideo\SchSvr\SchSvr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher]
2004-03-18 13:33 892928 ----a-w- c:\program files\Logitech\iTouch\iTouch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)
"RemoteRegistry"=2 (0x2)
"RDSessMgr"=3 (0x3)
"RasMan"=3 (0x3)
"RasAuto"=3 (0x3)
"helpsvc"=2 (0x2)
"ERSvc"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WOW PTR\\World of Warcraft Public Test\\WoW-0.2.0.10048-to-0.2.0.10072-enUS-downloader.exe"=
"c:\\WOW PTR\\World of Warcraft Public Test\\WoW-0.2.0.10072-to-0.2.0.10083-enUS-downloader.exe"=
"c:\\WOW PTR\\World of Warcraft Public Test\\wow-0.2.0.10083-to-0.2.0.10116-enUS-downloader.exe"=
"c:\\WOW PTR\\World of Warcraft Public Test\\WoW-0.2.0.10116-to-0.2.0.10128-enUS-downloader.exe"=
"c:\\WOW PTR\\World of Warcraft Public Test\\WoW-0.2.0.10128-to-0.2.0.10147-enUS-downloader.exe"=
"c:\\WOW PTR\\World of Warcraft Public Test\\WoW-0.2.0.10147-to-0.2.0.10170-enUS-downloader.exe"=
"c:\\WOW PTR\\World of Warcraft Public Test\\WoW-0.2.0.10170-to-0.2.0.10179-enUS-downloader.exe"=
"c:\\WOW PTR\\World of Warcraft Public Test\\WoW-0.2.2.10257-enUS-ptr-downloader.exe"=
"c:\\WOW PTR\\World of Warcraft Public Test\\WoW-0.2.2.10357-to-0.2.2.10371-enUS-ptr-downloader.exe"=
"c:\\WOW PTR\\World of Warcraft Public Test\\WoW-0.2.2.10371-to-0.2.2.10392-enUS-ptr-downloader.exe"=
"c:\\WOW PTR\\World of Warcraft Public Test\\WoW-0.2.2.10392-to-0.2.2.10433-enUS-ptr-downloader.exe"=
"c:\\WOW PTR\\World of Warcraft Public Test\\WoW-0.2.2.10433-to-0.2.2.10468-enUS-ptr-downloader.exe"=
"c:\\WOW PTR\\World of Warcraft Public Test\\WoW-0.3.0.10522-enUS-ptr-downloader.exe"=
"c:\\WOW PTR\\World of Warcraft Public Test\\WoW-0.3.0.10522-to-0.3.0.10554-enUS-ptr-downloader.exe"=
"c:\\WOW PTR\\World of Warcraft Public Test\\WoW-0.3.0.10554-to-0.3.0.10571-enUS-ptr-downloader.exe"=
"c:\\WOW PTR\\World of Warcraft Public Test\\WoW-0.3.0.10571-to-0.3.0.10596-enUS-ptr-downloader.exe"=
"c:\\Program Files\\Electronic Arts\\Armies of Exigo\\Exigo.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [10/14/2009 9:18 PM 36880]
R2 CX88XBAR;KWorld PVR 883 Crossbar;c:\windows\system32\drivers\cx88xbar.sys [7/1/2008 9:42 AM 8960]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [7/7/2010 7:49 AM 10448]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [9/14/2009 2:42 PM 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [10/2/2009 7:39 PM 19472]
S0 ccoxdmgu;ccoxdmgu;c:\windows\system32\drivers\yocgnxgs.sys --> c:\windows\system32\drivers\yocgnxgs.sys [?]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/22/2010 6:38 PM 136176]
S3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [7/21/2010 3:51 PM 30104]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [7/21/2010 3:51 PM 30104]
S3 V0330VID;WebCam Vista/Live! Cam Chat;c:\windows\system32\drivers\V0330Vid.sys [2/22/2009 6:35 AM 157696]
S4 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [6/21/2008 9:13 AM 158720]
S4 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [6/21/2008 9:13 AM 5248]
.
Contents of the 'Scheduled Tasks' folder
2010-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-22 22:38]
2010-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-22 22:38]
2010-08-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-823518204-682003330-1003Core.job
- c:\documents and settings\Devlish\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-21 21:32]
2010-08-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-823518204-682003330-1003UA.job
- c:\documents and settings\Devlish\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-21 21:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.orbitdownloader.com
uInternet Settings,ProxyServer = http=127.0.0.1:5643
uInternet Settings,ProxyOverride = <local>
IE: Add to AMV Convert Tool... - c:\program files\MP3 Player Utilities 4.00\AMVConverter\grab.html
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
IE: Add to Media Manager... - c:\program files\MP3 Player Utilities 4.00\MediaManager\grab.html
FF - ProfilePath - c:\documents and settings\Devlish\Application Data\Mozilla\Firefox\Profiles\sh4zei83.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://thottbot.com/
FF - component: c:\documents and settings\Devlish\Application Data\Mozilla\Firefox\Profiles\sh4zei83.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\documents and settings\Devlish\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr
ef", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
MSConfigStartUp-DivXUpdate - c:\program files\DivX\DivX Update\DivXUpdate.exe
MSConfigStartUp-TrojanScanner - c:\program files\Trojan Remover\Trjscan.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-06 09:05
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-2000478354-823518204-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
[HKEY_USERS\S-1-5-21-2000478354-823518204-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*4%0*`%]
@Class="Shell"
[HKEY_USERS\S-1-5-21-2000478354-823518204-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*4%0*`%\OpenWithList]
@Class="Shell"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1128)
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\AlienGUIse\fastload.dll
- - - - - - - > 'explorer.exe'(3196)
c:\program files\Common Files\Ahead\Lib\NeroDigitalExt.dll
c:\program files\Illustrate\dBpowerAMP\dBShell.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wdfmgr.exe
.
**************************************************************************
.
Completion time: 2010-08-06 09:15:03 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-06 13:09
Pre-Run: 226,133,925,888 bytes free
Post-Run: 226,145,857,536 bytes free
- - End Of File - - 1030CE95445D08103789116D92E2429F
-
combofix is not running all the way through. its stopping at the "scanning for infected files...." stage. i let it sit there for like 45 minutes then opened task manager to see what was going on and it looked like 2 processes were running mbr.cfxxe and cf30084.cfxxe. neither of them were doing anything cpu-wise
-
hello! oki. i did all that and i attached all the reports in a zip.
fyi it gives me redirects in firefox and chrome. it only really redirects me if i click on a search result. if i choose "open in a new window" the page opens to the right one. also it doesnt redirect every time, but most of the time
-
its ok to be scared....
-
I recently got infected with a bunch of nasty stuff.. A bunch of malware and viruses. They even got my world of warcraft account info and cleaned me out . With the help several tools I believe I have removed almost all of it. I'm still having search engine redirects and problems with windows components acting screwy. mainly explorer.exe and svchost.exe. here is the dds report
Thanks!
DDS (Ver_10-03-17.01) - NTFSx86
Run by Devlish at 15:22:16.43 on Sun 07/25/2010
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1538 [GMT -4:00]
AV: Kaspersky Internet Security *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *enabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
============== Running Processes ===============
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\Devlish\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://search.orbitdownloader.com
uInternet Settings,ProxyServer = http=127.0.0.1:5643
uInternet Settings,ProxyOverride = <local>
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2010\ievkbd.dll
BHO: Trillian Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll
TB: Trillian Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe"
mRun: [skyTel] SkyTel.EXE
IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: Add to AMV Convert Tool... - c:\program files\mp3 player utilities 4.00\amvconverter\grab.html
IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2010\ie_banner_deny.htm
IE: Add to Media Manager... - c:\program files\mp3 player utilities 4.00\mediamanager\grab.html
IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: AtiExtEvent - Ati2evxx.dll
Notify: klogon - c:\windows\system32\klogon.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
Notify: WB - c:\program files\alienguise\fastload.dll
AppInit_DLLs: c:\windows\system32\wbsys.dll,c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll,c:\progra~1\kasper~1\kasper~1\kloehk.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\devlish\applic~1\mozilla\firefox\profiles\sh4zei83.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://thottbot.com/
FF - component: c:\documents and settings\devlish\application data\mozilla\firefox\profiles\sh4zei83.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc_fireftp.dll
FF - component: c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\documents and settings\devlish\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr
ef", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880]
R1 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2009-9-1 128016]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2010-7-23 315408]
R2 AVP;Kaspersky Internet Security;c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe [2009-10-20 340456]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2010-7-7 10448]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2009-9-14 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-10-2 19472]
S0 ccoxdmgu;ccoxdmgu;c:\windows\system32\drivers\yocgnxgs.sys --> c:\windows\system32\drivers\yocgnxgs.sys [?]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S2 CX88XBAR;KWorld PVR 883 Crossbar;c:\windows\system32\drivers\cx88xbar.sys [2008-7-1 8960]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-22 136176]
S3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2010-7-21 30104]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-7-21 30104]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 V0330VID;WebCam Vista/Live! Cam Chat;c:\windows\system32\drivers\V0330Vid.sys [2009-2-22 157696]
S4 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [2008-6-21 158720]
S4 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [2008-6-21 5248]
=============== Created Last 30 ================
2010-07-25 19:17:07 28 ----a-w- c:\documents and settings\devlish\defogger_reenable
2010-07-24 00:53:48 0 d-----w- c:\program files\Sun
2010-07-24 00:38:04 126448 ------w- c:\windows\system32\pxinsi64.exe
2010-07-24 00:38:04 123888 ------w- c:\windows\system32\pxcpyi64.exe
2010-07-24 00:37:31 0 d-----w- c:\program files\common files\DivX Shared
2010-07-24 00:34:44 0 d-----w- c:\docume~1\alluse~1\applic~1\DivX
2010-07-23 23:06:30 97549 ----a-w- c:\windows\system32\drivers\klick.dat
2010-07-23 23:06:30 113933 ----a-w- c:\windows\system32\drivers\klin.dat
2010-07-23 23:05:45 0 d-----w- c:\program files\Kaspersky Lab
2010-07-23 23:05:45 0 d-----w- c:\docume~1\alluse~1\applic~1\Kaspersky Lab
2010-07-23 23:02:17 0 d-----w- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files
2010-07-23 17:53:57 54016 ----a-w- c:\windows\system32\drivers\xkix.sys
2010-07-22 21:43:04 0 d-----w- c:\program files\FileASSASSIN
2010-07-22 20:45:46 0 d-----w- c:\docume~1\alluse~1\applic~1\McAfee Security Scan
2010-07-22 20:45:45 0 d-----w- c:\program files\McAfee Security Scan
2010-07-21 19:51:45 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2010-07-21 19:51:45 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2010-07-21 19:50:30 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2010-07-21 19:13:07 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-07-21 19:13:07 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-07-21 18:07:42 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2010-07-21 18:07:42 75264 ----a-w- c:\windows\system32\unacev2.dll
2010-07-21 18:07:42 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2010-07-21 18:07:42 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2010-07-21 18:07:42 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2010-07-21 18:07:41 0 d-----w- c:\program files\Trojan Remover
2010-07-21 18:07:41 0 d-----w- c:\docume~1\devlish\applic~1\Simply Super Software
2010-07-21 18:07:41 0 d-----w- c:\docume~1\alluse~1\applic~1\Simply Super Software
2010-07-21 18:06:35 0 d-----w- c:\program files\Uniblue
2010-07-21 14:04:30 35840 ----a-w- c:\windows\system32\drivers\isapnp.sys
2010-07-20 19:15:40 77312 ----a-w- c:\windows\MBR.exe
2010-07-20 19:15:40 256512 ----a-w- c:\windows\PEV.exe
2010-07-20 13:26:55 120 ----a-w- c:\windows\Wlivebu.dat
2010-07-20 13:26:55 0 ----a-w- c:\windows\Anicoxosokara.bin
2010-07-20 13:25:16 766976 ----a-w- c:\windows\system32\drivers\uiahtpkw.sys.vir
2010-07-20 13:25:08 150 ----a-w- C:\zrpt.xml
2010-07-14 17:23:19 0 d-----w- c:\program files\Bethesda Softworks
2010-07-07 11:49:27 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2010-07-07 11:49:27 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-07-07 11:49:25 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2010-07-07 11:49:02 10448 ----a-w- c:\windows\system32\drivers\LBeepKE.sys
2010-07-07 11:48:27 0 d-----w- c:\docume~1\devlish\applic~1\Logishrd
==================== Find3M ====================
2010-06-09 23:01:10 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys
2010-06-09 23:01:10 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2010-06-09 23:01:10 45648 ------w- c:\windows\system32\drivers\PxHelp20.sys
2010-06-09 23:01:10 133616 ------w- c:\windows\system32\pxafs.dll
2010-04-28 22:29:24 53328 ----a-w- c:\windows\system32\LMouFiltCoInst.dll
============= FINISH: 15:23:00.65 ===============
-
just like to say thanks. I used malware bytes, combofix, gmer, and information found on these forums to annihilate root infections on 2 of my computers
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\h8srtkrl32mainweq.dll
c:\documents and settings\All Users\Application Data\h8srtmainqt.dll
c:\documents and settings\All Users\Application Data\sysReserve.ini
c:\windows\system32\drivers\H8SRTwqvrnsxmoo.sys
c:\windows\system32\H8SRTakvvcrdahp.dll
c:\windows\system32\H8SRTdgmbrmncmj.dll
c:\windows\system32\H8SRTnbakdmivst.dll
c:\windows\system32\H8SRToltbpixuwq.dll
c:\windows\system32\H8SRTpulhbftpjt.dat
c:\windows\system32\h8srtshsyst.dll
c:\windows\system32\h8srtsrcr.dat
c:\windows\system32\Thumbs.db
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_H8SRTd.sys
-------\Legacy_H8SRTd.sys
********************************************************************************
*
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\scaredy\nah_log.dat
c:\windows\system32\AutoRun.inf
c:\windows\system32\drivers\TDSSmqct.sys
c:\windows\system32\TDSShrxm.dll
c:\windows\system32\TDSSkkai.log
c:\windows\system32\TDSSlxwp.dll
c:\windows\system32\TDSSmtvd.dat
c:\windows\system32\TDSSnmxh.log
c:\windows\system32\TDSSoiqt.dll
c:\windows\system32\TDSSrhyp.log
c:\windows\system32\TDSSsahc.dll
c:\windows\system32\TDSSvkql.dll
c:\windows\system32\TDSSxfum.dll
Infected copy of c:\windows\system32\winlogon.exe was found and disinfected
Restored copy from - c:\windows\system32\dllcache\winlogon.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_TDSSserv.sys
-------\Legacy_TDSSserv.sys
lingering infection
in Resolved Malware Removal Logs
Posted
I haven't gotten any redirects since. Looks like case solved!