Jump to content

Recommended Posts

I've been having issues with the ping.exe that everybody else seems to be having. It seems like it's also depositing other viruses onto my computer, and I'm occasionally assaulted with fake IE windows. I had posted this somewhere else, but I had some issues with figuring out where I was supposed to post things, so I figured I'd try it again. Here are the logs:

dds.txt:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_17

Run by God at 14:10:08 on 2011-12-29

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.295 [GMT -5:00]

.

AV: Microsoft Security Essentials *Disabled/Outdated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\svchost.exe -k hpdevmgmt

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\svcs.exe

C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe

C:\Program Files\SafeConnect\scManager.sys

C:\WINDOWS\system32\StacSV.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe

C:\WINDOWS\system32\UAService7.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files\Apoint\Apoint.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Steam2\Steam.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Apoint\ApMsgFwd.exe

C:\Program Files\Apoint\HidFind.exe

C:\Documents and Settings\God\Local Settings\Application Data\Google\Update\1.3.21.79\GoogleCrashHandler.exe

C:\Program Files\Apoint\Apntex.exe

C:\Program Files\Trillian\trillian.exe

c:\program files\trillian\plugins\skypekit.exe

C:\Program Files\Mozilla Firefox 4.0 Beta 12\firefox.exe

C:\Program Files\Mozilla Firefox 4.0 Beta 12\plugin-container.exe

C:\Program Files\Winamp\winamp.exe

C:\WINDOWS\system32\taskmgr.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\System32\ping.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5080708

mStart Page = hxxp://www.dell.com

uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5080708

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

uURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\tbBitT.dll

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\smart web printing\hpswp_printenhancer.dll

BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hp\smart web printing\hpswp_framework.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngin0.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\tbBitT.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\tbBitT.dll

TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngin0.dll

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [steam] "c:\program files\steam2\Steam.exe" -silent

uRun: [Google Update] "c:\documents and settings\god\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized

mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"

mRun: [Apoint] c:\program files\apoint\Apoint.exe

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

dRunOnce: [VF0500Inst] RunDll32.exe c:\windows\system32\V0500Pin.dll,RunDLL32EP 515

StartupFolder: c:\docume~1\god\startm~1\programs\startup\trillian.lnk - c:\program files\trillian\trillian.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll

IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

LSP: mswsock.dll

DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Notify: gemsafe - c:\program files\gemplus\gemsafe libraries\bin\WLEventNotify.dll

Notify: igfxcui - igfxdev.dll

AppInit_DLLs: c:\progra~1\sophos\sophos~1\SOPHOS~1.DLL

SSODL: voyazuvas - {db615530-e7b6-498e-b3cc-e9c701eda722} - c:\windows\system32\sekikeno.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

STS: jugezatag: {db615530-e7b6-498e-b3cc-e9c701eda722} - c:\windows\system32\sekikeno.dll

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\god\application data\mozilla\firefox\profiles\tvcxbhik.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)

FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/?_bc=1

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: network.proxy.ftp - proxy.doshisha.ac.jp

FF - prefs.js: network.proxy.ftp_port - 8080

FF - prefs.js: network.proxy.gopher - proxy.williams.edu

FF - prefs.js: network.proxy.gopher_port - 3128

FF - prefs.js: network.proxy.http - proxy.doshisha.ac.jp

FF - prefs.js: network.proxy.http_port - 8080

FF - prefs.js: network.proxy.socks - proxy.doshisha.ac.jp

FF - prefs.js: network.proxy.socks_port - 8080

FF - prefs.js: network.proxy.ssl - proxy.doshisha.ac.jp

FF - prefs.js: network.proxy.ssl_port - 8080

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\documents and settings\god\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\download manager\npfpdlm.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox 4.0 beta 12\plugins\npwachk.dll

FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

.

============= SERVICES / DRIVERS ===============

.

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]

R1 MpKsl343c83fc;MpKsl343c83fc;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{beee0366-6ea3-4c1c-9301-a9b703389f14}\MpKsl343c83fc.sys [2011-12-28 29904]

R1 MpKsl62152ed0;MpKsl62152ed0;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{beee0366-6ea3-4c1c-9301-a9b703389f14}\MpKsl62152ed0.sys [2011-12-27 29904]

R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2006-12-19 79432]

R2 NetworkLog;NetworkLog;c:\windows\svcs.exe [2011-12-23 508928]

R2 SCManager;SafeConnect Manager;c:\program files\safeconnect\scmanager.sys servicestart --> c:\program files\safeconnect\scManager.sys servicestart [?]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-8-5 24652]

R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [2004-8-11 5120]

R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [2006-11-2 97536]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-12-29 40776]

S0 jghu;jghu;c:\windows\system32\drivers\dihigmqk.sys --> c:\windows\system32\drivers\dihigmqk.sys [?]

S1 MpKsl4bda1ea0;MpKsl4bda1ea0;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{05c64116-03c4-47b8-ae3a-1a5d85681525}\mpksl4bda1ea0.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{05c64116-03c4-47b8-ae3a-1a5d85681525}\MpKsl4bda1ea0.sys [?]

S1 MpKsl6f7438dc;MpKsl6f7438dc;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2899ea8e-44f3-4953-a3cf-a37a707a9a00}\mpksl6f7438dc.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2899ea8e-44f3-4953-a3cf-a37a707a9a00}\MpKsl6f7438dc.sys [?]

S1 MpKsl803bc26b;MpKsl803bc26b;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ce08b448-12c7-4dd2-a5f4-da652d33b53b}\mpksl803bc26b.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ce08b448-12c7-4dd2-a5f4-da652d33b53b}\MpKsl803bc26b.sys [?]

S1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\drivers\savonaccesscontrol.sys --> c:\windows\system32\drivers\savonaccesscontrol.sys [?]

S1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\drivers\savonaccessfilter.sys --> c:\windows\system32\drivers\savonaccessfilter.sys [?]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2010-12-23 143968]

S3 krdpdre;krdpdre;\??\c:\docume~1\god\locals~1\temp\krdpdre.sys --> c:\docume~1\god\locals~1\temp\krdpdre.sys [?]

S3 sdcfilter;sdcfilter;c:\windows\system32\drivers\sdcfilter.sys [2011-9-4 23928]

S3 V0500Dev;Dynex 1.3MP Webcam Driver;c:\windows\system32\drivers\V0500Vid.sys [2010-12-23 265536]

.

=============== Created Last 30 ================

.

2074-05-18 21:44:52 607296 ----a-w- c:\program files\microsoft games\age of empires iii\deformerdllyD.dll

2011-12-29 18:51:36 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-12-29 04:49:17 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{beee0366-6ea3-4c1c-9301-a9b703389f14}\MpKsl343c83fc.sys

2011-12-29 04:40:02 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{beee0366-6ea3-4c1c-9301-a9b703389f14}\MpKsl5bb8c149.sys

2011-12-28 03:01:32 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{beee0366-6ea3-4c1c-9301-a9b703389f14}\MpKsl62152ed0.sys

2011-12-28 03:01:28 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{beee0366-6ea3-4c1c-9301-a9b703389f14}\offreg.dll

2011-12-27 02:17:27 -------- d-----w- C:\ca739415363f312693a1ef

2011-12-26 16:21:24 -------- d-----w- C:\c2ed4f84d0e5b76d0a8dbc

2011-12-23 15:43:20 508928 ----a-w- c:\windows\svcs.exe

2011-12-22 03:32:47 -------- d-----w- C:\8efeb4841330c6672537d606a2cfcf

2011-12-22 00:37:42 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-12-15 16:32:36 6823496 ------w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{beee0366-6ea3-4c1c-9301-a9b703389f14}\mpengine.dll

.

==================== Find3M ====================

.

2011-12-24 03:17:03 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys

2011-11-15 19:29:56 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-11-01 20:35:20 81920 ----a-w- c:\windows\system32\ieencode.dll

2011-11-01 20:35:20 667136 ----a-w- c:\windows\system32\wininet.dll

2011-11-01 20:35:20 61952 ----a-w- c:\windows\system32\tdc.ocx

2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll

2011-11-01 15:02:49 369664 ----a-w- c:\windows\system32\html.iec

2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll

2011-10-25 13:37:08 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-10-25 12:52:02 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-10-18 11:13:22 186880 ----a-w- c:\windows\system32\encdec.dll

2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll

.

============= FINISH: 14:10:40.92 ===============

I've attached attach.txt here.

attach.txt

Link to post
Share on other sites

Hello omarthedarksmurf and welcome to Malwarebytes! :welcome:

I apologize for the delay.

I am D-FRED-BROWN and I will be helping you. :)

Please print or save this topic: it will make it easier for you to follow the instructions and complete all of the necessary steps.

-------------

Please download Farbar Service Scanner and run it on the computer with the issue.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore

    [*]Press "Scan".

    [*]It will create a log (FSS.txt) in the same directory the tool is run.

    [*]Please copy and paste the log to your reply.

-------------

Please download to your Desktop:

  • TDSSKiller.zip from here and extract it (right click on it => "Extract here").

>>> TDSSKiller: Double-click on TDSSKiller.exe to run the application.

  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue tdsskiller2.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue tdsskiller3.png
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

In your next reply, please include the following (you may need to use two posts to get it all in):

  • TDSSKiller_log.txt
how the PC is running now?
-------------
Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
***IMPORTANT: save ComboFix to your Desktop***
* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Please go here to see a list of programs that should be disabled.
**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**
Please include the C:\ComboFix.txt in your next reply for further review.
Also, please let me know if any problems still remain.
-------------
Please print out these instructions or copy them to a Notepad file for an easier reading and download MBRCheck by a_d_13 to your Desktop from one of these locations:
http://ad13.geekstogo.com/MBRCheck.exe
http://download.bleepingcomputer.com/rootrepeal/MBRCheck.exe
http://www.kernelmode.info/MBRCheck.exe
Close all opened programs/ windows and double-click on MBRCheck.exe.
It will produce a log file saved automatically on your Desktop as "MBRCheck_[Date]_[Time].txt".
Press the "Enter" key to close the MBRCheck window and post the contents of the log file.
-------------
In your next reply, please include:
  • FSS.txt
  • TDSSKiller report
  • C:\ComboFix.txt
  • MBRCheck report

How is your computer running now?

Link to post
Share on other sites

Thank you so much!!! Here's the Farbar log:

Farbar Service Scanner

Ran by God (administrator) on 01-01-2012 at 17:32:09

Microsoft Windows XP Professional Service Pack 3 (X86)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Yahoo IP is accessible.

Windows Firewall:

=============

Firewall Disabled Policy:

==================

System Restore:

============

System Restore Disabled Policy:

========================

File Check:

========

C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit

C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit

C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit

C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit

C:\WINDOWS\system32\netman.dll => MD5 is legit

C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit

C:\WINDOWS\system32\srsvc.dll => MD5 is legit

C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit

C:\WINDOWS\system32\svchost.exe => MD5 is legit

C:\WINDOWS\system32\rpcss.dll => MD5 is legit

C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:

=======

AegisP(8) Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)

0x080000000400000001000000020000000300000005000000060000000700000008000000

IpSec Tag value is correct.

**** End of log ****

And the TDSSKiller log:

17:35:39.0421 6204 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16

17:35:40.0718 6204 ============================================================

17:35:40.0718 6204 Current date / time: 2012/01/01 17:35:40.0718

17:35:40.0718 6204 SystemInfo:

17:35:40.0718 6204

17:35:40.0718 6204 OS Version: 5.1.2600 ServicePack: 3.0

17:35:40.0718 6204 Product type: Workstation

17:35:40.0718 6204 ComputerName: PWNZ0R

17:35:40.0718 6204 UserName: God

17:35:40.0718 6204 Windows directory: C:\WINDOWS

17:35:40.0718 6204 System windows directory: C:\WINDOWS

17:35:40.0718 6204 Processor architecture: Intel x86

17:35:40.0718 6204 Number of processors: 2

17:35:40.0718 6204 Page size: 0x1000

17:35:40.0718 6204 Boot type: Normal boot

17:35:40.0718 6204 ============================================================

17:35:43.0186 6204 Initialize success

17:36:37.0999 8064 ============================================================

17:36:37.0999 8064 Scan started

17:36:37.0999 8064 Mode: Manual;

17:36:37.0999 8064 ============================================================

17:36:38.0546 8064 Abiosdsk - ok

17:36:38.0577 8064 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

17:36:38.0577 8064 abp480n5 - ok

17:36:38.0655 8064 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

17:36:38.0655 8064 ACPI - ok

17:36:38.0702 8064 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

17:36:38.0702 8064 ACPIEC - ok

17:36:38.0749 8064 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

17:36:38.0749 8064 adpu160m - ok

17:36:38.0858 8064 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

17:36:38.0858 8064 aec - ok

17:36:38.0936 8064 AegisP (a1ad1a4a9f18d900ca9c93fa3efdcb56) C:\WINDOWS\system32\DRIVERS\AegisP.sys

17:36:38.0936 8064 AegisP - ok

17:36:38.0999 8064 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

17:36:38.0999 8064 AFD - ok

17:36:39.0077 8064 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

17:36:39.0077 8064 agp440 - ok

17:36:39.0093 8064 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

17:36:39.0093 8064 agpCPQ - ok

17:36:39.0124 8064 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

17:36:39.0124 8064 Aha154x - ok

17:36:39.0186 8064 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

17:36:39.0186 8064 aic78u2 - ok

17:36:39.0202 8064 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

17:36:39.0202 8064 aic78xx - ok

17:36:39.0233 8064 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

17:36:39.0233 8064 AliIde - ok

17:36:39.0264 8064 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

17:36:39.0264 8064 alim1541 - ok

17:36:39.0280 8064 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

17:36:39.0280 8064 amdagp - ok

17:36:39.0296 8064 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

17:36:39.0296 8064 amsint - ok

17:36:39.0343 8064 ApfiltrService (b8d65da679a4a8d048783ede2691b5d4) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys

17:36:39.0343 8064 ApfiltrService - ok

17:36:39.0389 8064 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS

17:36:39.0389 8064 APPDRV - ok

17:36:39.0452 8064 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

17:36:39.0452 8064 Arp1394 - ok

17:36:39.0499 8064 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

17:36:39.0499 8064 asc - ok

17:36:39.0593 8064 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

17:36:39.0593 8064 asc3350p - ok

17:36:39.0655 8064 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

17:36:39.0655 8064 asc3550 - ok

17:36:39.0749 8064 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

17:36:39.0764 8064 AsyncMac - ok

17:36:39.0796 8064 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

17:36:39.0796 8064 atapi - ok

17:36:39.0796 8064 Atdisk - ok

17:36:39.0858 8064 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

17:36:39.0874 8064 Atmarpc - ok

17:36:39.0921 8064 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

17:36:39.0921 8064 audstub - ok

17:36:39.0983 8064 b57w2k (f96038aa1ec4013a93d2420fc689d1e9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys

17:36:39.0983 8064 b57w2k - ok

17:36:40.0030 8064 BASFND (5c68ac6f3e5b3e6d6a78e97d05e42c3a) C:\Program Files\Broadcom\ASFIPMon\BASFND.sys

17:36:40.0046 8064 BASFND - ok

17:36:40.0077 8064 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

17:36:40.0077 8064 Beep - ok

17:36:40.0124 8064 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

17:36:40.0124 8064 cbidf - ok

17:36:40.0139 8064 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

17:36:40.0139 8064 cbidf2k - ok

17:36:40.0218 8064 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

17:36:40.0218 8064 CCDECODE - ok

17:36:40.0296 8064 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

17:36:40.0296 8064 cd20xrnt - ok

17:36:40.0358 8064 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

17:36:40.0358 8064 Cdaudio - ok

17:36:40.0436 8064 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

17:36:40.0436 8064 Cdfs - ok

17:36:40.0468 8064 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

17:36:40.0468 8064 Cdrom - ok

17:36:40.0483 8064 Changer - ok

17:36:40.0514 8064 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

17:36:40.0514 8064 CmBatt - ok

17:36:40.0546 8064 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

17:36:40.0546 8064 CmdIde - ok

17:36:40.0577 8064 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

17:36:40.0593 8064 Compbatt - ok

17:36:40.0639 8064 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

17:36:40.0639 8064 Cpqarray - ok

17:36:40.0764 8064 CtClsFlt (9a6ca307151505730dbfc91d97f01c7e) C:\WINDOWS\system32\DRIVERS\CtClsFlt.sys

17:36:40.0764 8064 CtClsFlt - ok

17:36:40.0843 8064 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

17:36:40.0843 8064 dac2w2k - ok

17:36:40.0905 8064 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

17:36:40.0921 8064 dac960nt - ok

17:36:40.0999 8064 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

17:36:40.0999 8064 Disk - ok

17:36:41.0046 8064 DLABMFSM (a0500678a33802d8954153839301d539) C:\WINDOWS\system32\Drivers\DLABMFSM.SYS

17:36:41.0046 8064 DLABMFSM - ok

17:36:41.0124 8064 DLABOIOM (b8d2f68cac54d46281399f9092644794) C:\WINDOWS\system32\Drivers\DLABOIOM.SYS

17:36:41.0139 8064 DLABOIOM - ok

17:36:41.0155 8064 DLACDBHM (0ee93ab799d1cb4ec90b36f3612fe907) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS

17:36:41.0155 8064 DLACDBHM - ok

17:36:41.0171 8064 DLADResM (87413b94ae1fabc117c4e8ae6725134e) C:\WINDOWS\system32\Drivers\DLADResM.SYS

17:36:41.0171 8064 DLADResM - ok

17:36:41.0202 8064 DLAIFS_M (766a148235be1c0039c974446e4c0edc) C:\WINDOWS\system32\Drivers\DLAIFS_M.SYS

17:36:41.0218 8064 DLAIFS_M - ok

17:36:41.0233 8064 DLAOPIOM (38267cca177354f1c64450a43a4f7627) C:\WINDOWS\system32\Drivers\DLAOPIOM.SYS

17:36:41.0233 8064 DLAOPIOM - ok

17:36:41.0249 8064 DLAPoolM (fd363369fd313b46b5aeab1a688b52e9) C:\WINDOWS\system32\Drivers\DLAPoolM.SYS

17:36:41.0264 8064 DLAPoolM - ok

17:36:41.0296 8064 DLARTL_M (336ae18f0912ef4fbe5518849e004d74) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS

17:36:41.0296 8064 DLARTL_M - ok

17:36:41.0311 8064 DLAUDFAM (fd85f682c1cc2a7ca878c7a448e6d87e) C:\WINDOWS\system32\Drivers\DLAUDFAM.SYS

17:36:41.0311 8064 DLAUDFAM - ok

17:36:41.0343 8064 DLAUDF_M (af389ce587b6bf5bbdcd6f6abe5eabc0) C:\WINDOWS\system32\Drivers\DLAUDF_M.SYS

17:36:41.0343 8064 DLAUDF_M - ok

17:36:41.0421 8064 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

17:36:41.0436 8064 dmboot - ok

17:36:41.0546 8064 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

17:36:41.0546 8064 dmio - ok

17:36:41.0593 8064 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

17:36:41.0593 8064 dmload - ok

17:36:41.0655 8064 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

17:36:41.0655 8064 DMusic - ok

17:36:41.0718 8064 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

17:36:41.0718 8064 dpti2o - ok

17:36:41.0764 8064 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

17:36:41.0764 8064 drmkaud - ok

17:36:41.0811 8064 DRVMCDB (5d3b71bb2bb0009d65d290e2ef374bd3) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS

17:36:41.0811 8064 DRVMCDB - ok

17:36:41.0889 8064 DRVNDDM (c591ba9f96f40a1fd6494dafdcd17185) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS

17:36:41.0889 8064 DRVNDDM - ok

17:36:41.0921 8064 DXEC01 (549734664886d91222969845e4311d1b) C:\WINDOWS\system32\drivers\dxec01.sys

17:36:41.0936 8064 DXEC01 - ok

17:36:41.0999 8064 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys

17:36:41.0999 8064 E100B - ok

17:36:42.0108 8064 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

17:36:42.0108 8064 Fastfat - ok

17:36:42.0155 8064 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

17:36:42.0155 8064 Fdc - ok

17:36:42.0264 8064 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

17:36:42.0264 8064 Fips - ok

17:36:42.0311 8064 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

17:36:42.0311 8064 Flpydisk - ok

17:36:42.0374 8064 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

17:36:42.0374 8064 FltMgr - ok

17:36:42.0421 8064 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

17:36:42.0421 8064 Fs_Rec - ok

17:36:42.0452 8064 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

17:36:42.0452 8064 Ftdisk - ok

17:36:42.0530 8064 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys

17:36:42.0530 8064 GEARAspiWDM - ok

17:36:42.0671 8064 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

17:36:42.0671 8064 Gpc - ok

17:36:42.0764 8064 guardian2 (7031a936832967a93b0e5d5f1c76745a) C:\WINDOWS\system32\Drivers\oz776.sys

17:36:42.0764 8064 guardian2 - ok

17:36:42.0796 8064 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

17:36:42.0796 8064 HDAudBus - ok

17:36:42.0843 8064 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

17:36:42.0858 8064 HidUsb - ok

17:36:42.0921 8064 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

17:36:42.0921 8064 hpn - ok

17:36:43.0014 8064 HSFHWAZL (290cdbb05903742ea06b7203c5a662f5) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys

17:36:43.0014 8064 HSFHWAZL - ok

17:36:43.0093 8064 HSF_DPV (7ab812355f98858b9ecdd46e6fcc221f) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys

17:36:43.0171 8064 HSF_DPV - ok

17:36:43.0264 8064 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

17:36:43.0280 8064 HTTP - ok

17:36:43.0343 8064 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

17:36:43.0343 8064 i2omgmt - ok

17:36:43.0374 8064 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

17:36:43.0374 8064 i2omp - ok

17:36:43.0405 8064 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

17:36:43.0405 8064 i8042prt - ok

17:36:43.0655 8064 ialm (200cca76cd0e0f7eec78fa56c29b4d67) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys

17:36:43.0843 8064 ialm - ok

17:36:43.0952 8064 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

17:36:43.0952 8064 Imapi - ok

17:36:43.0999 8064 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

17:36:43.0999 8064 ini910u - ok

17:36:44.0030 8064 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

17:36:44.0030 8064 IntelIde - ok

17:36:44.0061 8064 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

17:36:44.0077 8064 intelppm - ok

17:36:44.0124 8064 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

17:36:44.0124 8064 Ip6Fw - ok

17:36:44.0139 8064 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

17:36:44.0139 8064 IpFilterDriver - ok

17:36:44.0171 8064 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

17:36:44.0171 8064 IpInIp - ok

17:36:44.0202 8064 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

17:36:44.0202 8064 IpNat - ok

17:36:44.0311 8064 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

17:36:44.0311 8064 IPSec - ok

17:36:44.0343 8064 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

17:36:44.0343 8064 IRENUM - ok

17:36:44.0374 8064 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

17:36:44.0374 8064 isapnp - ok

17:36:44.0405 8064 jghu - ok

17:36:44.0436 8064 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

17:36:44.0436 8064 Kbdclass - ok

17:36:44.0452 8064 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

17:36:44.0452 8064 kbdhid - ok

17:36:44.0499 8064 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

17:36:44.0499 8064 kmixer - ok

17:36:44.0639 8064 krdpdre - ok

17:36:44.0749 8064 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

17:36:44.0749 8064 KSecDD - ok

17:36:44.0764 8064 lbrtfdc - ok

17:36:44.0780 8064 mcdbus - ok

17:36:44.0843 8064 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

17:36:44.0843 8064 mdmxsdk - ok

17:36:44.0874 8064 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

17:36:44.0874 8064 mnmdd - ok

17:36:44.0952 8064 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

17:36:44.0952 8064 Modem - ok

17:36:44.0983 8064 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

17:36:44.0983 8064 Mouclass - ok

17:36:45.0014 8064 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

17:36:45.0030 8064 mouhid - ok

17:36:45.0139 8064 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

17:36:45.0139 8064 MountMgr - ok

17:36:45.0218 8064 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys

17:36:45.0218 8064 MpFilter - ok

17:36:45.0374 8064 MpKsl343c83fc (a69630d039c38018689190234f866d77) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BEEE0366-6EA3-4C1C-9301-A9B703389F14}\MpKsl343c83fc.sys

17:36:45.0374 8064 MpKsl343c83fc - ok

17:36:45.0389 8064 MpKsl4bda1ea0 - ok

17:36:45.0436 8064 MpKsl62152ed0 (a69630d039c38018689190234f866d77) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BEEE0366-6EA3-4C1C-9301-A9B703389F14}\MpKsl62152ed0.sys

17:36:45.0436 8064 MpKsl62152ed0 - ok

17:36:45.0499 8064 MpKsl6b1a7f32 (a69630d039c38018689190234f866d77) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BEEE0366-6EA3-4C1C-9301-A9B703389F14}\MpKsl6b1a7f32.sys

17:36:45.0499 8064 MpKsl6b1a7f32 - ok

17:36:45.0514 8064 MpKsl6f7438dc - ok

17:36:45.0530 8064 MpKsl803bc26b - ok

17:36:45.0608 8064 MpKsl823f41c9 (a69630d039c38018689190234f866d77) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BEEE0366-6EA3-4C1C-9301-A9B703389F14}\MpKsl823f41c9.sys

17:36:45.0624 8064 MpKsl823f41c9 - ok

17:36:45.0780 8064 MpKslde7cfd6e (a69630d039c38018689190234f866d77) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BEEE0366-6EA3-4C1C-9301-A9B703389F14}\MpKslde7cfd6e.sys

17:36:45.0780 8064 MpKslde7cfd6e - ok

17:36:45.0858 8064 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

17:36:45.0858 8064 mraid35x - ok

17:36:45.0936 8064 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

17:36:45.0936 8064 MRxDAV - ok

17:36:46.0014 8064 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

17:36:46.0030 8064 MRxSmb - ok

17:36:46.0155 8064 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

17:36:46.0155 8064 Msfs - ok

17:36:46.0202 8064 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

17:36:46.0202 8064 MSKSSRV - ok

17:36:46.0249 8064 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

17:36:46.0249 8064 MSPCLOCK - ok

17:36:46.0280 8064 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

17:36:46.0280 8064 MSPQM - ok

17:36:46.0358 8064 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

17:36:46.0358 8064 mssmbios - ok

17:36:46.0374 8064 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

17:36:46.0374 8064 MSTEE - ok

17:36:46.0452 8064 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

17:36:46.0452 8064 Mup - ok

17:36:46.0561 8064 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

17:36:46.0561 8064 NABTSFEC - ok

17:36:46.0608 8064 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

17:36:46.0624 8064 NDIS - ok

17:36:46.0702 8064 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

17:36:46.0702 8064 NdisIP - ok

17:36:46.0764 8064 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

17:36:46.0764 8064 NdisTapi - ok

17:36:46.0811 8064 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

17:36:46.0811 8064 Ndisuio - ok

17:36:46.0827 8064 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

17:36:46.0827 8064 NdisWan - ok

17:36:46.0889 8064 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

17:36:46.0889 8064 NDProxy - ok

17:36:46.0999 8064 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

17:36:46.0999 8064 NetBIOS - ok

17:36:47.0046 8064 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

17:36:47.0061 8064 NetBT - ok

17:36:47.0202 8064 NETw4x32 (b5ab1108b377b5f3d37409fabda01453) C:\WINDOWS\system32\DRIVERS\NETw4x32.sys

17:36:47.0280 8064 NETw4x32 - ok

17:36:47.0389 8064 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

17:36:47.0389 8064 NIC1394 - ok

17:36:47.0452 8064 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

17:36:47.0468 8064 Npfs - ok

17:36:47.0499 8064 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

17:36:47.0514 8064 Ntfs - ok

17:36:47.0593 8064 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

17:36:47.0593 8064 Null - ok

17:36:47.0764 8064 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

17:36:47.0811 8064 nv - ok

17:36:47.0905 8064 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

17:36:47.0905 8064 NwlnkFlt - ok

17:36:47.0983 8064 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

17:36:47.0983 8064 NwlnkFwd - ok

17:36:48.0061 8064 odxrknw (e6d35f3aa51a65eb35c1f2340154a25e) C:\WINDOWS\system32\drivers\eaohijpq.sys

17:36:48.0077 8064 odxrknw - ok

17:36:48.0155 8064 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

17:36:48.0155 8064 ohci1394 - ok

17:36:48.0264 8064 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

17:36:48.0264 8064 Parport - ok

17:36:48.0327 8064 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

17:36:48.0327 8064 PartMgr - ok

17:36:48.0421 8064 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

17:36:48.0421 8064 ParVdm - ok

17:36:48.0452 8064 PBADRV (9ec004140e1b675acdeb07f66ee797a4) C:\WINDOWS\system32\DRIVERS\PBADRV.sys

17:36:48.0452 8064 PBADRV - ok

17:36:48.0514 8064 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

17:36:48.0514 8064 PCI - ok

17:36:48.0546 8064 PCIDump - ok

17:36:48.0608 8064 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

17:36:48.0608 8064 PCIIde - ok

17:36:48.0624 8064 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

17:36:48.0639 8064 Pcmcia - ok

17:36:48.0655 8064 PDCOMP - ok

17:36:48.0671 8064 PDFRAME - ok

17:36:48.0686 8064 PDRELI - ok

17:36:48.0718 8064 PDRFRAME - ok

17:36:48.0764 8064 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

17:36:48.0764 8064 perc2 - ok

17:36:48.0780 8064 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

17:36:48.0780 8064 perc2hib - ok

17:36:48.0796 8064 PNDIS5 - ok

17:36:48.0936 8064 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

17:36:48.0936 8064 PptpMiniport - ok

17:36:48.0952 8064 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

17:36:48.0952 8064 PSched - ok

17:36:48.0999 8064 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

17:36:48.0999 8064 Ptilink - ok

17:36:49.0046 8064 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys

17:36:49.0061 8064 PxHelp20 - ok

17:36:49.0108 8064 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

17:36:49.0108 8064 ql1080 - ok

17:36:49.0139 8064 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

17:36:49.0139 8064 Ql10wnt - ok

17:36:49.0155 8064 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

17:36:49.0155 8064 ql12160 - ok

17:36:49.0264 8064 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

17:36:49.0264 8064 ql1240 - ok

17:36:49.0296 8064 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

17:36:49.0296 8064 ql1280 - ok

17:36:49.0343 8064 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

17:36:49.0343 8064 RasAcd - ok

17:36:49.0405 8064 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

17:36:49.0421 8064 Rasl2tp - ok

17:36:49.0452 8064 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

17:36:49.0452 8064 RasPppoe - ok

17:36:49.0483 8064 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

17:36:49.0483 8064 Raspti - ok

17:36:49.0655 8064 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

17:36:49.0671 8064 Rdbss - ok

17:36:49.0733 8064 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

17:36:49.0733 8064 RDPCDD - ok

17:36:49.0811 8064 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

17:36:49.0811 8064 rdpdr - ok

17:36:49.0889 8064 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

17:36:49.0905 8064 RDPWD - ok

17:36:49.0952 8064 redbook (55f7fa7c581d3508de96e4adf418d370) C:\WINDOWS\system32\DRIVERS\redbook.sys

17:36:49.0952 8064 redbook - ok

17:36:50.0077 8064 s24trans (eadfb87f911a7a75d1b80617f92901e8) C:\WINDOWS\system32\DRIVERS\s24trans.sys

17:36:50.0093 8064 s24trans - ok

17:36:50.0155 8064 SAVOnAccessControl - ok

17:36:50.0186 8064 SAVOnAccessFilter - ok

17:36:50.0296 8064 sdcfilter (a957fd57a6ae1597943e4590de10669b) C:\WINDOWS\system32\DRIVERS\sdcfilter.sys

17:36:50.0327 8064 sdcfilter - ok

17:36:50.0405 8064 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

17:36:50.0405 8064 Secdrv - ok

17:36:50.0514 8064 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

17:36:50.0530 8064 serenum - ok

17:36:50.0561 8064 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

17:36:50.0561 8064 Serial - ok

17:36:50.0608 8064 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

17:36:50.0608 8064 Sfloppy - ok

17:36:50.0639 8064 Simbad - ok

17:36:50.0702 8064 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

17:36:50.0702 8064 sisagp - ok

17:36:50.0780 8064 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

17:36:50.0780 8064 SLIP - ok

17:36:50.0874 8064 snpstd (a2e9caef31863cab5486267a65fe322c) C:\WINDOWS\system32\DRIVERS\snpstd.sys

17:36:50.0874 8064 snpstd - ok

17:36:50.0999 8064 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

17:36:50.0999 8064 Sparrow - ok

17:36:51.0061 8064 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

17:36:51.0061 8064 splitter - ok

17:36:51.0124 8064 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

17:36:51.0124 8064 sr - ok

17:36:51.0186 8064 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

17:36:51.0202 8064 Srv - ok

17:36:51.0343 8064 STHDA (951801dfb54d86f611f0af47825476f9) C:\WINDOWS\system32\drivers\sthda.sys

17:36:51.0374 8064 STHDA - ok

17:36:51.0499 8064 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

17:36:51.0499 8064 streamip - ok

17:36:51.0546 8064 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

17:36:51.0546 8064 swenum - ok

17:36:51.0561 8064 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

17:36:51.0561 8064 swmidi - ok

17:36:51.0686 8064 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

17:36:51.0686 8064 symc810 - ok

17:36:51.0749 8064 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

17:36:51.0749 8064 symc8xx - ok

17:36:51.0780 8064 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

17:36:51.0780 8064 sym_hi - ok

17:36:51.0905 8064 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

17:36:51.0905 8064 sym_u3 - ok

17:36:51.0968 8064 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

17:36:51.0983 8064 sysaudio - ok

17:36:52.0061 8064 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

17:36:52.0077 8064 Tcpip - ok

17:36:52.0139 8064 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

17:36:52.0139 8064 TDPIPE - ok

17:36:52.0171 8064 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

17:36:52.0171 8064 TDTCP - ok

17:36:52.0264 8064 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

17:36:52.0280 8064 TermDD - ok

17:36:52.0358 8064 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

17:36:52.0358 8064 TosIde - ok

17:36:52.0436 8064 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

17:36:52.0452 8064 Udfs - ok

17:36:52.0514 8064 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

17:36:52.0514 8064 ultra - ok

17:36:52.0577 8064 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

17:36:52.0593 8064 Update - ok

17:36:52.0749 8064 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

17:36:52.0749 8064 usbaudio - ok

17:36:52.0843 8064 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

17:36:52.0843 8064 usbccgp - ok

17:36:52.0905 8064 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

17:36:52.0921 8064 usbehci - ok

17:36:52.0952 8064 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

17:36:52.0952 8064 usbhub - ok

17:36:53.0014 8064 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

17:36:53.0014 8064 usbprint - ok

17:36:53.0093 8064 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

17:36:53.0093 8064 USBSTOR - ok

17:36:53.0139 8064 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

17:36:53.0155 8064 usbuhci - ok

17:36:53.0233 8064 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys

17:36:53.0233 8064 usbvideo - ok

17:36:53.0311 8064 V0500Dev (cc6c550265748e322e76b58ab5b5894e) C:\WINDOWS\system32\DRIVERS\V0500Vid.sys

17:36:53.0327 8064 V0500Dev - ok

17:36:53.0436 8064 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

17:36:53.0436 8064 VgaSave - ok

17:36:53.0499 8064 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

17:36:53.0514 8064 viaagp - ok

17:36:53.0561 8064 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

17:36:53.0561 8064 ViaIde - ok

17:36:53.0624 8064 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

17:36:53.0624 8064 VolSnap - ok

17:36:53.0686 8064 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

17:36:53.0686 8064 Wanarp - ok

17:36:53.0764 8064 WaveFDE (db626c46997c2430d4958da5c7ffb969) C:\WINDOWS\system32\DRIVERS\WaveFDE.sys

17:36:53.0764 8064 WaveFDE - ok

17:36:53.0858 8064 WavxDMgr (51e756f2bfb5e3adcb15f966ad293231) C:\WINDOWS\system32\DRIVERS\WavxDMgr.sys

17:36:53.0874 8064 WavxDMgr - ok

17:36:53.0889 8064 WDICA - ok

17:36:53.0952 8064 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

17:36:53.0968 8064 wdmaud - ok

17:36:54.0046 8064 winachsf (a8596cf86d445269a42ecc08b7066a4c) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

17:36:54.0061 8064 winachsf - ok

17:36:54.0233 8064 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

17:36:54.0233 8064 WmiAcpi - ok

17:36:54.0343 8064 WpdUsb (c60dc16d4e406810fad54b98dc92d5ec) C:\WINDOWS\system32\Drivers\wpdusb.sys

17:36:54.0343 8064 WpdUsb - ok

17:36:54.0389 8064 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

17:36:54.0389 8064 WS2IFSL - ok

17:36:54.0421 8064 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

17:36:54.0421 8064 WSTCODEC - ok

17:36:54.0499 8064 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

17:36:54.0499 8064 WudfPf - ok

17:36:54.0530 8064 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

17:36:54.0530 8064 WudfRd - ok

17:36:54.0624 8064 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

17:36:54.0874 8064 \Device\Harddisk0\DR0 - ok

17:36:54.0874 8064 Boot (0x1200) (86f96407bc7b61c2dc7195be69087825) \Device\Harddisk0\DR0\Partition0

17:36:54.0874 8064 \Device\Harddisk0\DR0\Partition0 - ok

17:36:54.0889 8064 ============================================================

17:36:54.0889 8064 Scan finished

17:36:54.0889 8064 ============================================================

17:36:54.0905 3884 Detected object count: 0

17:36:54.0905 3884 Actual detected object count: 0

I'm about to run combofix and close out of this window, so I'm ending the post here for now so I don't lose it.

Link to post
Share on other sites

Sorry for the delay. I had to get on a plane last night before combofix was able to finish, so I wasn't able to finish running it until this morning. It seems that I had the zeroAccess rootkit, but ping.exe isn't running anymore, it seems, so I'm hopeful. Anyway, here's the log:

ComboFix 12-01-01.06 - God 01/02/2012 2:19.5.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1591 [GMT -5:00]

Running from: c:\documents and settings\God\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Outdated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_NetworkLog

-------\Service_NetworkLog

.

.

((((((((((((((((((((((((( Files Created from 2011-12-02 to 2012-01-02 )))))))))))))))))))))))))))))))

.

.

2074-05-18 21:44 . 2008-03-21 18:46 607296 ----a-w- c:\program files\Microsoft Games\Age of Empires III\deformerdllyD.dll

2012-01-02 07:17 . 2012-01-02 07:17 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BEEE0366-6EA3-4C1C-9301-A9B703389F14}\offreg.dll

2011-12-29 04:40 . 2011-12-29 04:40 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BEEE0366-6EA3-4C1C-9301-A9B703389F14}\MpKsl5bb8c149.sys

2011-12-27 10:48 . 2011-12-27 10:48 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer

2011-12-27 02:17 . 2011-12-27 02:19 -------- d-----w- C:\ca739415363f312693a1ef

2011-12-26 16:21 . 2011-12-26 16:21 -------- d-----w- C:\c2ed4f84d0e5b76d0a8dbc

2011-12-26 08:06 . 2011-12-26 08:06 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Conduit

2011-12-26 08:06 . 2011-12-26 08:06 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\BitTorrentBar

2011-12-26 08:06 . 2011-12-26 08:06 -------- d-----w- c:\documents and settings\LocalService\Application Data\HPAppData

2011-12-24 23:59 . 2011-12-24 23:59 -------- d-s---w- c:\documents and settings\LocalService\UserData

2011-12-22 03:32 . 2011-12-22 03:34 -------- d-----w- C:\8efeb4841330c6672537d606a2cfcf

2011-12-22 00:37 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-12-21 04:54 . 2011-12-21 04:54 -------- d-s---w- c:\documents and settings\NetworkService\UserData

2011-12-15 16:32 . 2011-11-21 10:47 6823496 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BEEE0366-6EA3-4C1C-9301-A9B703389F14}\mpengine.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-12-24 03:17 . 2011-05-18 01:16 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-11-23 13:25 . 2004-08-11 22:00 1859584 ----a-w- c:\windows\system32\win32k.sys

2011-11-21 10:47 . 2011-09-05 21:24 6823496 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-11-15 19:29 . 2011-09-04 19:05 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-11-01 20:35 . 2004-08-11 22:00 667136 ----a-w- c:\windows\system32\wininet.dll

2011-11-01 20:35 . 2004-08-11 22:00 61952 ----a-w- c:\windows\system32\tdc.ocx

2011-11-01 20:35 . 2004-08-11 22:00 81920 ----a-w- c:\windows\system32\ieencode.dll

2011-11-01 16:07 . 2004-08-11 22:00 1288704 ----a-w- c:\windows\system32\ole32.dll

2011-11-01 15:02 . 2004-08-11 22:00 369664 ----a-w- c:\windows\system32\html.iec

2011-10-28 05:31 . 2004-08-11 22:00 33280 ----a-w- c:\windows\system32\csrsrv.dll

2011-10-25 13:37 . 2004-08-11 22:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-10-25 12:52 . 2004-08-04 03:59 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-10-18 11:13 . 2004-08-11 22:00 186880 ----a-w- c:\windows\system32\encdec.dll

2011-10-10 14:22 . 2004-08-11 22:12 692736 ----a-w- c:\windows\system32\inetcomm.dll

2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll

2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2012-01-01_23.58.30 )))))))))))))))))))))))))))))))))))))))))

.

+ 2012-01-02 07:17 . 2012-01-02 07:17 16384 c:\windows\Temp\Perflib_Perfdata_94.dat

+ 2004-08-11 22:00 . 2012-01-02 07:22 72582 c:\windows\system32\perfc009.dat

- 2004-08-11 22:00 . 2012-01-02 00:00 72582 c:\windows\system32\perfc009.dat

+ 2004-08-11 22:00 . 2012-01-02 07:22 443482 c:\windows\system32\perfh009.dat

- 2004-08-11 22:00 . 2012-01-02 00:00 443482 c:\windows\system32\perfh009.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files\BitTorrentBar\tbBitT.dll" [2010-12-09 3911776]

.

[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]

2010-12-09 17:51 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngin0.dll

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]

2010-12-09 17:51 3911776 ----a-w- c:\program files\BitTorrentBar\tbBitT.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files\BitTorrentBar\tbBitT.dll" [2010-12-09 3911776]

"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngin0.dll" [2010-12-09 3911776]

.

[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]

.

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{88C7F2AA-F93F-432C-8F0E-B7D85967A527}"= "c:\program files\BitTorrentBar\tbBitT.dll" [2010-12-09 3911776]

.

[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

"Steam"="c:\program files\Steam2\Steam.exe" [2011-09-10 1242448]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-02-26 128296]

"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-01-25 159744]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]

"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-12-24 981680]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"VF0500Inst"="c:\windows\system32\V0500Pin.dll" [2009-09-24 40960]

.

c:\documents and settings\God\Start Menu\Programs\Startup\

Trillian.lnk - c:\program files\Trillian\trillian.exe [2011-12-12 2362720]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]

"{db615530-e7b6-498e-b3cc-e9c701eda722}"= "c:\windows\system32\sekikeno.dll" [bU]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

"voyazuvas"= {db615530-e7b6-498e-b3cc-e9c701eda722} - c:\windows\system32\sekikeno.dll [bU]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gemsafe]

2006-11-16 20:20 73728 ----a-w- c:\program files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk

backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SafeConnect.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SafeConnect.lnk

backup=c:\windows\pss\SafeConnect.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^God^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]

path=c:\documents and settings\God\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk

backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

.

[HKLM\~\startupfolder\C:^Documents and Settings^God^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk]

path=c:\documents and settings\God\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk

backup=c:\windows\pss\OpenOffice.org 2.4.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

c:\windows\system32\dumprep 0 -k [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]

c:\windows\system32\dumprep 0 -u [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\17836254]

c:\documents and settings\All Users\Application Data\17836254\17836254.exe [bU]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\748a966c]

c:\windows\system32\yoyijite.dll [bU]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\97846246]

c:\documents and settings\All Users\Application Data\97846246\97846246.exe [bU]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]

c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [bU]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Speed Launch]

c:\program files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe [bU]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Synchronizer]

c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [bU]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2011-06-06 03:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]

2009-08-13 20:51 177440 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]

2008-12-16 01:10 342848 ----a-w- c:\program files\DNA\btdna.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CPM77b9a5f0]

c:\windows\system32\yahikufa.dll [bU]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 09:42 15360 ----a-w- c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dynex Live! Central 2]

2009-11-30 17:41 426155 ------w- c:\program files\Dynex\Live! Central\DnLVCentral2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2007-05-18 16:45 162584 ----a-w- c:\windows\system32\hkcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2007-03-12 01:34 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Idumajapimogud]

c:\windows\okazewugo.dll [bU]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2007-05-18 16:45 138008 ----a-w- c:\windows\system32\igfxtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]

2009-10-27 17:18 1103216 ----a-w- c:\program files\Download Manager\DLM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMEKRMIG6.1]

2004-08-04 10:00 44032 ----a-w- c:\windows\ime\imkr6_1\imekrmig.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]

2004-08-04 10:00 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]

2007-07-25 21:32 823296 ----a-w- c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]

2007-08-30 15:50 205480 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2009-10-29 01:21 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KADxMain]

2006-11-02 19:05 282624 ----a-w- c:\windows\system32\KADxMain.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 09:42 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]

2004-08-04 10:00 59392 ----a-w- c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]

2007-05-18 16:45 138008 ----a-w- c:\windows\system32\igfxpers.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]

2004-08-04 10:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]

2004-08-04 10:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-11-29 21:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecureUpgrade]

2007-09-14 15:53 218424 ----a-w- c:\program files\Wave Systems Corp\SecureUpgrade.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]

2007-12-05 22:24 405504 ----a-w- c:\program files\Sigmatel\C-Major Audio\WDM\stsystra.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd]

2003-12-31 21:39 40960 ----a-w- c:\windows\vsnpstd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

c:\program files\Steam\Steam.exe [bU]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [bU]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\V0500Mon.exe]

2009-08-13 01:01 28672 ----a-r- c:\windows\V0500Mon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wagegunuda]

c:\windows\system32\pesubumu.dll [bU]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WavXMgr]

2007-09-10 14:55 92160 ----a-w- c:\program files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

c:\program files\Winamp\winampa.exe [bU]

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=

"c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=

"c:\\Program Files\\Rise of Nations\\rise.exe"=

"c:\\Program Files\\DNA\\btdna.exe"=

"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\AIM6\\aim6.exe"=

"c:\\Program Files\\Trillian\\trillian.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"%windir%\\system32\\drivers\\svchost.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Apoint\\ApMsgFwd.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=

"c:\\Program Files\\Microsoft Office\\Live Meeting 8\\Console\\PWConsole.exe"=

"c:\\Program Files\\Winamp\\winamp.exe"=

"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"=

"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"=

"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3y.exe"=

"c:\\Program Files\\Steam2\\Steam.exe"=

"c:\\Program Files\\Steam2\\steamapps\\common\\civilization iv colonization\\Colonization.exe"=

"c:\\Program Files\\Steam2\\steamapps\\common\\sid meier's civilization iv\\Civilization4.exe"=

"c:\\Program Files\\Steam2\\steamapps\\common\\sid meier's civilization iv warlords\\Warlords\\Civ4Warlords.exe"=

"c:\\Program Files\\Steam2\\steamapps\\common\\sid meier's civilization iv warlords\\Warlords\\Civ4Warlords_PitBoss.exe"=

"c:\\Program Files\\Steam2\\steamapps\\common\\sid meier's civilization iv beyond the sword\\Beyond the Sword\\Civ4BeyondSword.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Trillian\\plugins\\skypekit.exe"=

.

R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [12/19/2006 2:21 PM 79432]

R2 SCManager;SafeConnect Manager;c:\program files\SafeConnect\scManager.sys servicestart --> c:\program files\SafeConnect\scManager.sys servicestart [?]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [8/5/2008 9:46 PM 24652]

R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [8/11/2004 5:00 PM 5120]

R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [11/2/2006 12:32 PM 97536]

S0 jghu;jghu;c:\windows\system32\drivers\dihigmqk.sys --> c:\windows\system32\drivers\dihigmqk.sys [?]

S1 MpKsl4bda1ea0;MpKsl4bda1ea0;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{05C64116-03C4-47B8-AE3A-1A5D85681525}\MpKsl4bda1ea0.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{05C64116-03C4-47B8-AE3A-1A5D85681525}\MpKsl4bda1ea0.sys [?]

S1 MpKsl6f7438dc;MpKsl6f7438dc;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2899EA8E-44F3-4953-A3CF-A37A707A9A00}\MpKsl6f7438dc.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2899EA8E-44F3-4953-A3CF-A37A707A9A00}\MpKsl6f7438dc.sys [?]

S1 MpKsl803bc26b;MpKsl803bc26b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CE08B448-12C7-4DD2-A5F4-DA652D33B53B}\MpKsl803bc26b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CE08B448-12C7-4DD2-A5F4-DA652D33B53B}\MpKsl803bc26b.sys [?]

S1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\DRIVERS\savonaccesscontrol.sys --> c:\windows\system32\DRIVERS\savonaccesscontrol.sys [?]

S1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\DRIVERS\savonaccessfilter.sys --> c:\windows\system32\DRIVERS\savonaccessfilter.sys [?]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [12/23/2010 11:08 PM 143968]

S3 krdpdre;krdpdre;\??\c:\docume~1\God\LOCALS~1\Temp\krdpdre.sys --> c:\docume~1\God\LOCALS~1\Temp\krdpdre.sys [?]

S3 sdcfilter;sdcfilter;c:\windows\system32\drivers\sdcfilter.sys [9/4/2011 1:42 PM 23928]

S3 V0500Dev;Dynex 1.3MP Webcam Driver;c:\windows\system32\drivers\V0500Vid.sys [12/23/2010 11:11 PM 265536]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2012-01-01 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]

.

2011-12-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1229310906-1468043236-3445834466-1005Core.job

- c:\documents and settings\God\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-14 13:31]

.

2012-01-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1229310906-1468043236-3445834466-1005UA.job

- c:\documents and settings\God\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-14 13:31]

.

2012-01-02 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 19:39]

.

.

------- Supplementary Scan -------

.

uStart Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5080708

mStart Page = hxxp://www.dell.com

uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5080708

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\God\Application Data\Mozilla\Firefox\Profiles\tvcxbhik.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Denshi Jisho - J to E

FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/?_bc=1

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: network.proxy.ftp - proxy.doshisha.ac.jp

FF - prefs.js: network.proxy.ftp_port - 8080

FF - prefs.js: network.proxy.gopher - proxy.williams.edu

FF - prefs.js: network.proxy.gopher_port - 3128

FF - prefs.js: network.proxy.http - proxy.doshisha.ac.jp

FF - prefs.js: network.proxy.http_port - 8080

FF - prefs.js: network.proxy.socks - proxy.doshisha.ac.jp

FF - prefs.js: network.proxy.socks_port - 8080

FF - prefs.js: network.proxy.ssl - proxy.doshisha.ac.jp

FF - prefs.js: network.proxy.ssl_port - 8080

FF - prefs.js: network.proxy.type - 0

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-01-02 02:35

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

.

c:\docume~1\God\LOCALS~1\Temp\catchme.dll 53248 bytes executable

.

scan completed successfully

hidden files: 1

.

**************************************************************************

.

Completion time: 2012-01-02 06:00:11

ComboFix-quarantined-files.txt 2012-01-02 11:00

.

Pre-Run: 18,294,427,648 bytes free

Post-Run: 18,289,946,624 bytes free

.

- - End Of File - - 95AA98165003E16ED56BE45FD4B00014

Link to post
Share on other sites

Ok, and here's the last log:

ComboFix 12-01-01.06 - God 01/02/2012 2:19.5.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1591 [GMT -5:00]

Running from: c:\documents and settings\God\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Outdated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_NetworkLog

-------\Service_NetworkLog

.

.

((((((((((((((((((((((((( Files Created from 2011-12-02 to 2012-01-02 )))))))))))))))))))))))))))))))

.

.

2074-05-18 21:44 . 2008-03-21 18:46 607296 ----a-w- c:\program files\Microsoft Games\Age of Empires III\deformerdllyD.dll

2012-01-02 07:17 . 2012-01-02 07:17 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BEEE0366-6EA3-4C1C-9301-A9B703389F14}\offreg.dll

2011-12-29 04:40 . 2011-12-29 04:40 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BEEE0366-6EA3-4C1C-9301-A9B703389F14}\MpKsl5bb8c149.sys

2011-12-27 10:48 . 2011-12-27 10:48 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer

2011-12-27 02:17 . 2011-12-27 02:19 -------- d-----w- C:\ca739415363f312693a1ef

2011-12-26 16:21 . 2011-12-26 16:21 -------- d-----w- C:\c2ed4f84d0e5b76d0a8dbc

2011-12-26 08:06 . 2011-12-26 08:06 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Conduit

2011-12-26 08:06 . 2011-12-26 08:06 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\BitTorrentBar

2011-12-26 08:06 . 2011-12-26 08:06 -------- d-----w- c:\documents and settings\LocalService\Application Data\HPAppData

2011-12-24 23:59 . 2011-12-24 23:59 -------- d-s---w- c:\documents and settings\LocalService\UserData

2011-12-22 03:32 . 2011-12-22 03:34 -------- d-----w- C:\8efeb4841330c6672537d606a2cfcf

2011-12-22 00:37 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-12-21 04:54 . 2011-12-21 04:54 -------- d-s---w- c:\documents and settings\NetworkService\UserData

2011-12-15 16:32 . 2011-11-21 10:47 6823496 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BEEE0366-6EA3-4C1C-9301-A9B703389F14}\mpengine.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-12-24 03:17 . 2011-05-18 01:16 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-11-23 13:25 . 2004-08-11 22:00 1859584 ----a-w- c:\windows\system32\win32k.sys

2011-11-21 10:47 . 2011-09-05 21:24 6823496 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-11-15 19:29 . 2011-09-04 19:05 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-11-01 20:35 . 2004-08-11 22:00 667136 ----a-w- c:\windows\system32\wininet.dll

2011-11-01 20:35 . 2004-08-11 22:00 61952 ----a-w- c:\windows\system32\tdc.ocx

2011-11-01 20:35 . 2004-08-11 22:00 81920 ----a-w- c:\windows\system32\ieencode.dll

2011-11-01 16:07 . 2004-08-11 22:00 1288704 ----a-w- c:\windows\system32\ole32.dll

2011-11-01 15:02 . 2004-08-11 22:00 369664 ----a-w- c:\windows\system32\html.iec

2011-10-28 05:31 . 2004-08-11 22:00 33280 ----a-w- c:\windows\system32\csrsrv.dll

2011-10-25 13:37 . 2004-08-11 22:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-10-25 12:52 . 2004-08-04 03:59 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-10-18 11:13 . 2004-08-11 22:00 186880 ----a-w- c:\windows\system32\encdec.dll

2011-10-10 14:22 . 2004-08-11 22:12 692736 ----a-w- c:\windows\system32\inetcomm.dll

2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll

2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2012-01-01_23.58.30 )))))))))))))))))))))))))))))))))))))))))

.

+ 2012-01-02 07:17 . 2012-01-02 07:17 16384 c:\windows\Temp\Perflib_Perfdata_94.dat

+ 2004-08-11 22:00 . 2012-01-02 07:22 72582 c:\windows\system32\perfc009.dat

- 2004-08-11 22:00 . 2012-01-02 00:00 72582 c:\windows\system32\perfc009.dat

+ 2004-08-11 22:00 . 2012-01-02 07:22 443482 c:\windows\system32\perfh009.dat

- 2004-08-11 22:00 . 2012-01-02 00:00 443482 c:\windows\system32\perfh009.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files\BitTorrentBar\tbBitT.dll" [2010-12-09 3911776]

.

[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]

2010-12-09 17:51 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngin0.dll

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]

2010-12-09 17:51 3911776 ----a-w- c:\program files\BitTorrentBar\tbBitT.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files\BitTorrentBar\tbBitT.dll" [2010-12-09 3911776]

"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngin0.dll" [2010-12-09 3911776]

.

[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]

.

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{88C7F2AA-F93F-432C-8F0E-B7D85967A527}"= "c:\program files\BitTorrentBar\tbBitT.dll" [2010-12-09 3911776]

.

[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

"Steam"="c:\program files\Steam2\Steam.exe" [2011-09-10 1242448]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-02-26 128296]

"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-01-25 159744]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]

"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-12-24 981680]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"VF0500Inst"="c:\windows\system32\V0500Pin.dll" [2009-09-24 40960]

.

c:\documents and settings\God\Start Menu\Programs\Startup\

Trillian.lnk - c:\program files\Trillian\trillian.exe [2011-12-12 2362720]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]

"{db615530-e7b6-498e-b3cc-e9c701eda722}"= "c:\windows\system32\sekikeno.dll" [bU]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

"voyazuvas"= {db615530-e7b6-498e-b3cc-e9c701eda722} - c:\windows\system32\sekikeno.dll [bU]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gemsafe]

2006-11-16 20:20 73728 ----a-w- c:\program files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk

backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SafeConnect.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SafeConnect.lnk

backup=c:\windows\pss\SafeConnect.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^God^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]

path=c:\documents and settings\God\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk

backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

.

[HKLM\~\startupfolder\C:^Documents and Settings^God^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk]

path=c:\documents and settings\God\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk

backup=c:\windows\pss\OpenOffice.org 2.4.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

c:\windows\system32\dumprep 0 -k [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]

c:\windows\system32\dumprep 0 -u [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\17836254]

c:\documents and settings\All Users\Application Data\17836254\17836254.exe [bU]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\748a966c]

c:\windows\system32\yoyijite.dll [bU]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\97846246]

c:\documents and settings\All Users\Application Data\97846246\97846246.exe [bU]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]

c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [bU]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Speed Launch]

c:\program files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe [bU]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Synchronizer]

c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [bU]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2011-06-06 03:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]

2009-08-13 20:51 177440 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]

2008-12-16 01:10 342848 ----a-w- c:\program files\DNA\btdna.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CPM77b9a5f0]

c:\windows\system32\yahikufa.dll [bU]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 09:42 15360 ----a-w- c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dynex Live! Central 2]

2009-11-30 17:41 426155 ------w- c:\program files\Dynex\Live! Central\DnLVCentral2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2007-05-18 16:45 162584 ----a-w- c:\windows\system32\hkcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2007-03-12 01:34 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Idumajapimogud]

c:\windows\okazewugo.dll [bU]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2007-05-18 16:45 138008 ----a-w- c:\windows\system32\igfxtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]

2009-10-27 17:18 1103216 ----a-w- c:\program files\Download Manager\DLM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMEKRMIG6.1]

2004-08-04 10:00 44032 ----a-w- c:\windows\ime\imkr6_1\imekrmig.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]

2004-08-04 10:00 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]

2007-07-25 21:32 823296 ----a-w- c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]

2007-08-30 15:50 205480 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2009-10-29 01:21 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KADxMain]

2006-11-02 19:05 282624 ----a-w- c:\windows\system32\KADxMain.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 09:42 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]

2004-08-04 10:00 59392 ----a-w- c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]

2007-05-18 16:45 138008 ----a-w- c:\windows\system32\igfxpers.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]

2004-08-04 10:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]

2004-08-04 10:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-11-29 21:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecureUpgrade]

2007-09-14 15:53 218424 ----a-w- c:\program files\Wave Systems Corp\SecureUpgrade.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]

2007-12-05 22:24 405504 ----a-w- c:\program files\Sigmatel\C-Major Audio\WDM\stsystra.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd]

2003-12-31 21:39 40960 ----a-w- c:\windows\vsnpstd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

c:\program files\Steam\Steam.exe [bU]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [bU]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\V0500Mon.exe]

2009-08-13 01:01 28672 ----a-r- c:\windows\V0500Mon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wagegunuda]

c:\windows\system32\pesubumu.dll [bU]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WavXMgr]

2007-09-10 14:55 92160 ----a-w- c:\program files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

c:\program files\Winamp\winampa.exe [bU]

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=

"c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=

"c:\\Program Files\\Rise of Nations\\rise.exe"=

"c:\\Program Files\\DNA\\btdna.exe"=

"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\AIM6\\aim6.exe"=

"c:\\Program Files\\Trillian\\trillian.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"%windir%\\system32\\drivers\\svchost.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Apoint\\ApMsgFwd.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=

"c:\\Program Files\\Microsoft Office\\Live Meeting 8\\Console\\PWConsole.exe"=

"c:\\Program Files\\Winamp\\winamp.exe"=

"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"=

"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"=

"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3y.exe"=

"c:\\Program Files\\Steam2\\Steam.exe"=

"c:\\Program Files\\Steam2\\steamapps\\common\\civilization iv colonization\\Colonization.exe"=

"c:\\Program Files\\Steam2\\steamapps\\common\\sid meier's civilization iv\\Civilization4.exe"=

"c:\\Program Files\\Steam2\\steamapps\\common\\sid meier's civilization iv warlords\\Warlords\\Civ4Warlords.exe"=

"c:\\Program Files\\Steam2\\steamapps\\common\\sid meier's civilization iv warlords\\Warlords\\Civ4Warlords_PitBoss.exe"=

"c:\\Program Files\\Steam2\\steamapps\\common\\sid meier's civilization iv beyond the sword\\Beyond the Sword\\Civ4BeyondSword.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Trillian\\plugins\\skypekit.exe"=

.

R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [12/19/2006 2:21 PM 79432]

R2 SCManager;SafeConnect Manager;c:\program files\SafeConnect\scManager.sys servicestart --> c:\program files\SafeConnect\scManager.sys servicestart [?]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [8/5/2008 9:46 PM 24652]

R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [8/11/2004 5:00 PM 5120]

R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [11/2/2006 12:32 PM 97536]

S0 jghu;jghu;c:\windows\system32\drivers\dihigmqk.sys --> c:\windows\system32\drivers\dihigmqk.sys [?]

S1 MpKsl4bda1ea0;MpKsl4bda1ea0;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{05C64116-03C4-47B8-AE3A-1A5D85681525}\MpKsl4bda1ea0.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{05C64116-03C4-47B8-AE3A-1A5D85681525}\MpKsl4bda1ea0.sys [?]

S1 MpKsl6f7438dc;MpKsl6f7438dc;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2899EA8E-44F3-4953-A3CF-A37A707A9A00}\MpKsl6f7438dc.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2899EA8E-44F3-4953-A3CF-A37A707A9A00}\MpKsl6f7438dc.sys [?]

S1 MpKsl803bc26b;MpKsl803bc26b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CE08B448-12C7-4DD2-A5F4-DA652D33B53B}\MpKsl803bc26b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CE08B448-12C7-4DD2-A5F4-DA652D33B53B}\MpKsl803bc26b.sys [?]

S1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\DRIVERS\savonaccesscontrol.sys --> c:\windows\system32\DRIVERS\savonaccesscontrol.sys [?]

S1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\DRIVERS\savonaccessfilter.sys --> c:\windows\system32\DRIVERS\savonaccessfilter.sys [?]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [12/23/2010 11:08 PM 143968]

S3 krdpdre;krdpdre;\??\c:\docume~1\God\LOCALS~1\Temp\krdpdre.sys --> c:\docume~1\God\LOCALS~1\Temp\krdpdre.sys [?]

S3 sdcfilter;sdcfilter;c:\windows\system32\drivers\sdcfilter.sys [9/4/2011 1:42 PM 23928]

S3 V0500Dev;Dynex 1.3MP Webcam Driver;c:\windows\system32\drivers\V0500Vid.sys [12/23/2010 11:11 PM 265536]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2012-01-01 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]

.

2011-12-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1229310906-1468043236-3445834466-1005Core.job

- c:\documents and settings\God\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-14 13:31]

.

2012-01-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1229310906-1468043236-3445834466-1005UA.job

- c:\documents and settings\God\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-14 13:31]

.

2012-01-02 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 19:39]

.

.

------- Supplementary Scan -------

.

uStart Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5080708

mStart Page = hxxp://www.dell.com

uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5080708

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\God\Application Data\Mozilla\Firefox\Profiles\tvcxbhik.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Denshi Jisho - J to E

FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/?_bc=1

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: network.proxy.ftp - proxy.doshisha.ac.jp

FF - prefs.js: network.proxy.ftp_port - 8080

FF - prefs.js: network.proxy.gopher - proxy.williams.edu

FF - prefs.js: network.proxy.gopher_port - 3128

FF - prefs.js: network.proxy.http - proxy.doshisha.ac.jp

FF - prefs.js: network.proxy.http_port - 8080

FF - prefs.js: network.proxy.socks - proxy.doshisha.ac.jp

FF - prefs.js: network.proxy.socks_port - 8080

FF - prefs.js: network.proxy.ssl - proxy.doshisha.ac.jp

FF - prefs.js: network.proxy.ssl_port - 8080

FF - prefs.js: network.proxy.type - 0

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-01-02 02:35

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

.

c:\docume~1\God\LOCALS~1\Temp\catchme.dll 53248 bytes executable

.

scan completed successfully

hidden files: 1

.

**************************************************************************

.

Completion time: 2012-01-02 06:00:11

ComboFix-quarantined-files.txt 2012-01-02 11:00

.

Pre-Run: 18,294,427,648 bytes free

Post-Run: 18,289,946,624 bytes free

.

- - End Of File - - 95AA98165003E16ED56BE45FD4B00014

Link to post
Share on other sites

Gah! Oops, wrong file pasted! Here's the actual one!

MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows XP Professional

Windows Information: Service Pack 3 (build 2600)

Logical Drives Mask: 0x0000000c

Kernel Drivers (total 150):

0x804D7000 \WINDOWS\system32\ntkrnlpa.exe

0x806E5000 \WINDOWS\system32\hal.dll

0xBA5A8000 \WINDOWS\system32\KDCOM.DLL

0xBA4B8000 \WINDOWS\system32\BOOTVID.dll

0xB9F79000 ACPI.sys

0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS

0xB9F68000 pci.sys

0xBA0A8000 isapnp.sys

0xBA4BC000 compbatt.sys

0xBA4C0000 \WINDOWS\system32\DRIVERS\BATTC.SYS

0xBA670000 pciide.sys

0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS

0xB9F4A000 pcmcia.sys

0xBA0B8000 MountMgr.sys

0xB9F2B000 ftdisk.sys

0xB9F05000 dmio.sys

0xBA330000 PartMgr.sys

0xBA0C8000 VolSnap.sys

0xB9EED000 atapi.sys

0xBA0D8000 disk.sys

0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS

0xB9ECD000 fltmgr.sys

0xB9EBB000 sr.sys

0xBA5AC000 DLACDBHM.SYS

0xB9EA4000 DRVMCDB.SYS

0xBA0F8000 PxHelp20.sys

0xB9E8D000 KSecDD.sys

0xB9E7A000 WudfPf.sys

0xB9DED000 Ntfs.sys

0xB9DC0000 NDIS.sys

0xBA108000 PBADRV.sys

0xBA118000 ohci1394.sys

0xBA128000 \WINDOWS\system32\DRIVERS\1394BUS.SYS

0xB9DA6000 Mup.sys

0xBA148000 \SystemRoot\system32\DRIVERS\nic1394.sys

0xBA1B8000 \SystemRoot\system32\DRIVERS\intelppm.sys

0xB8E11000 \SystemRoot\system32\DRIVERS\igxpmp32.sys

0xB8DFD000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS

0xBA430000 \SystemRoot\system32\DRIVERS\usbuhci.sys

0xB8DD9000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

0xBA438000 \SystemRoot\system32\DRIVERS\usbehci.sys

0xB8DB1000 \SystemRoot\system32\DRIVERS\HDAudBus.sys

0xB8B95000 \SystemRoot\system32\DRIVERS\NETw4x32.sys

0xB8B6A000 \SystemRoot\system32\DRIVERS\b57xp32.sys

0xBA1C8000 \SystemRoot\system32\DRIVERS\i8042prt.sys

0xB8B46000 \SystemRoot\system32\DRIVERS\Apfiltr.sys

0xBA440000 \SystemRoot\system32\DRIVERS\mouclass.sys

0xBA448000 \SystemRoot\system32\DRIVERS\kbdclass.sys

0xBA1D8000 \SystemRoot\system32\DRIVERS\serial.sys

0xB9D6E000 \SystemRoot\system32\DRIVERS\serenum.sys

0xBA1E8000 \SystemRoot\system32\DRIVERS\imapi.sys

0xBA1F8000 \SystemRoot\system32\DRIVERS\cdrom.sys

0xB8B2C000 \SystemRoot\system32\DRIVERS\redbook.sys

0xBA458000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys

0xB9D6A000 \SystemRoot\system32\DRIVERS\CmBatt.sys

0xB9D66000 \SystemRoot\system32\DRIVERS\wmiacpi.sys

0xBA798000 \SystemRoot\system32\DRIVERS\audstub.sys

0xBA278000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0xB9D62000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0xB7E85000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0xBA218000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0xBA228000 \SystemRoot\system32\DRIVERS\raspptp.sys

0xBA460000 \SystemRoot\system32\DRIVERS\TDI.SYS

0xB7E74000 \SystemRoot\system32\DRIVERS\psched.sys

0xBA238000 \SystemRoot\system32\DRIVERS\msgpc.sys

0xBA468000 \SystemRoot\system32\DRIVERS\ptilink.sys

0xBA470000 \SystemRoot\system32\DRIVERS\raspti.sys

0xB7E44000 \SystemRoot\system32\DRIVERS\rdpdr.sys

0xBA248000 \SystemRoot\system32\DRIVERS\termdd.sys

0xBA5D2000 \SystemRoot\system32\DRIVERS\swenum.sys

0xB7E21000 \SystemRoot\system32\DRIVERS\ks.sys

0xB7DC3000 \SystemRoot\system32\DRIVERS\update.sys

0xB9B73000 \SystemRoot\system32\DRIVERS\mssmbios.sys

0xBA478000 \SystemRoot\system32\DRIVERS\WaveFDE.sys

0xBA258000 \SystemRoot\System32\Drivers\NDProxy.SYS

0xBA288000 \SystemRoot\system32\DRIVERS\usbhub.sys

0xBA5D6000 \SystemRoot\system32\DRIVERS\USBD.SYS

0xA7BA5000 \SystemRoot\system32\drivers\sthda.sys

0xA7B81000 \SystemRoot\system32\drivers\portcls.sys

0xBA298000 \SystemRoot\system32\drivers\drmk.sys

0xA7B69000 \SystemRoot\system32\drivers\dxec01.sys

0xA7B35000 \SystemRoot\system32\DRIVERS\HSFHWAZL.sys

0xA7A43000 \SystemRoot\system32\DRIVERS\HSF_DPV.sys

0xA7990000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys

0xBA480000 \SystemRoot\System32\Drivers\Modem.SYS

0xBA558000 \SystemRoot\System32\Drivers\i2omgmt.SYS

0xA7941000 \SystemRoot\system32\DRIVERS\MpFilter.sys

0xBA5F0000 \SystemRoot\System32\Drivers\Fs_Rec.SYS

0xBA7BD000 \SystemRoot\System32\Drivers\Null.SYS

0xBA5F2000 \SystemRoot\System32\Drivers\Beep.SYS

0xBA4A0000 \SystemRoot\System32\Drivers\DLARTL_M.SYS

0xBA4A8000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

0xBA4B0000 \SystemRoot\System32\drivers\vga.sys

0xBA5F4000 \SystemRoot\System32\Drivers\mnmdd.SYS

0xBA5F6000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0xBA340000 \SystemRoot\System32\Drivers\Msfs.SYS

0xBA360000 \SystemRoot\System32\Drivers\Npfs.SYS

0xBA57C000 \SystemRoot\system32\DRIVERS\rasacd.sys

0xA790E000 \SystemRoot\system32\DRIVERS\ipsec.sys

0xA78B5000 \SystemRoot\system32\DRIVERS\tcpip.sys

0xA7867000 \SystemRoot\system32\DRIVERS\ipnat.sys

0xA783F000 \SystemRoot\system32\DRIVERS\netbt.sys

0xA781D000 \SystemRoot\System32\drivers\afd.sys

0xBA2B8000 \SystemRoot\system32\DRIVERS\netbios.sys

0xA77F2000 \SystemRoot\system32\DRIVERS\rdbss.sys

0xA7782000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0xBA2C8000 \SystemRoot\System32\Drivers\Fips.SYS

0xBA598000 \SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS

0xBA2D8000 \SystemRoot\system32\DRIVERS\wanarp.sys

0xBA2E8000 \SystemRoot\system32\DRIVERS\arp1394.sys

0xBA2F8000 \SystemRoot\System32\Drivers\oz776.sys

0xBA5A4000 \SystemRoot\System32\Drivers\SMCLIB.SYS

0xBA158000 \SystemRoot\System32\Drivers\Cdfs.SYS

0xA76A2000 \SystemRoot\System32\Drivers\dump_atapi.sys

0xBA5FE000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS

0xBF800000 \SystemRoot\System32\win32k.sys

0xA7984000 \SystemRoot\System32\drivers\Dxapi.sys

0xBA368000 \SystemRoot\System32\watchdog.sys

0xBF000000 \SystemRoot\System32\drivers\dxg.sys

0xBA73D000 \SystemRoot\System32\drivers\dxgthk.sys

0xBF024000 \SystemRoot\System32\igxpgd32.dll

0xBF012000 \SystemRoot\System32\igxprd32.dll

0xBF04E000 \SystemRoot\System32\igxpdv32.DLL

0xBF1D8000 \SystemRoot\System32\igxpdx32.DLL

0xBF454000 \SystemRoot\System32\ATMFD.DLL

0xA7562000 \SystemRoot\system32\DRIVERS\WavxDMgr.sys

0xBA1A8000 \SystemRoot\System32\Drivers\DRVNDDM.SYS

0xBA7EB000 \SystemRoot\System32\Drivers\DLADResM.SYS

0xA7521000 \SystemRoot\System32\Drivers\DLAIFS_M.SYS

0xBA370000 \SystemRoot\System32\Drivers\DLAOPIOM.SYS

0xA7696000 \SystemRoot\System32\Drivers\DLAPoolM.SYS

0xBA378000 \SystemRoot\System32\Drivers\DLABMFSM.SYS

0xBA380000 \SystemRoot\System32\Drivers\DLABOIOM.SYS

0xA750B000 \SystemRoot\System32\Drivers\DLAUDFAM.SYS

0xA74F4000 \SystemRoot\System32\Drivers\DLAUDF_M.SYS

0xBA390000 \SystemRoot\system32\DRIVERS\AegisP.sys

0xA74C8000 \SystemRoot\system32\DRIVERS\ndisuio.sys

0xA74C4000 \SystemRoot\system32\DRIVERS\s24trans.sys

0xA7247000 \SystemRoot\system32\DRIVERS\mrxdav.sys

0xBA634000 \??\C:\Program Files\Broadcom\ASFIPMon\BASFND.sys

0xA728C000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys

0xA70D7000 \SystemRoot\system32\DRIVERS\srv.sys

0xA6FAA000 \SystemRoot\system32\drivers\wdmaud.sys

0xA70B7000 \SystemRoot\system32\drivers\sysaudio.sys

0xBA428000 \??\C:\DOCUME~1\God\LOCALS~1\Temp\catchme.sys

0xBA642000 \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS

0xA65F7000 \SystemRoot\System32\Drivers\HTTP.sys

0xA6501000 \SystemRoot\system32\drivers\kmixer.sys

0xA6680000 \??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BEEE0366-6EA3-4C1C-9301-A9B703389F14}\MpKsl862f3e4d.sys

0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 42):

0 System Idle Process

4 System

788 C:\WINDOWS\system32\smss.exe

852 csrss.exe

876 C:\WINDOWS\system32\winlogon.exe

920 C:\WINDOWS\system32\services.exe

932 C:\WINDOWS\system32\lsass.exe

1132 C:\WINDOWS\system32\svchost.exe

1200 svchost.exe

1240 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

1276 C:\WINDOWS\system32\svchost.exe

1316 C:\WINDOWS\system32\svchost.exe

1536 svchost.exe

1592 svchost.exe

1828 C:\WINDOWS\system32\spoolsv.exe

1876 scardsvr.exe

1924 svchost.exe

1952 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

1964 C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe

1984 C:\Program Files\Bonjour\mDNSResponder.exe

2020 C:\WINDOWS\system32\svchost.exe

148 C:\Program Files\Java\jre6\bin\jqs.exe

268 C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe

392 C:\WINDOWS\system32\StacSV.exe

672 C:\WINDOWS\system32\svchost.exe

724 C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe

1156 C:\Program Files\Viewpoint\Common\ViewpointService.exe

1464 C:\WINDOWS\system32\dllhost.exe

2092 wmiprvse.exe

2304 C:\WINDOWS\system32\dllhost.exe

2340 wmiprvse.exe

2400 alg.exe

2504 msdtc.exe

3420 C:\WINDOWS\system32\wscntfy.exe

500 C:\WINDOWS\explorer.exe

612 C:\Documents and Settings\God\Local Settings\Application Data\Google\Update\1.3.21.79\GoogleCrashHandler.exe

4016 C:\WINDOWS\system32\ctfmon.exe

1616 C:\Program Files\Microsoft Security Client\msseces.exe

248 C:\Program Files\SafeConnect\scManager.sys

3824 C:\Program Files\SafeConnect\SCClient.exe

1648 C:\WINDOWS\system32\wuauclt.exe

3832 C:\Documents and Settings\God\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`05649600 (NTFS)

PhysicalDrive0 Model Number: HitachiHTS542512K9SA00, Rev: BB2OC39P

Size Device Name MBR Status

--------------------------------------------

111 GB \\.\PhysicalDrive0 Windows XP MBR code detected

SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

Done!

Link to post
Share on other sites

Things are looking much better! We still have a little more cleanup to do:

Please do the following:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KILLALL::

File::

c:\docume~1\God\LOCALS~1\Temp\krdpdre.sys

Driver::

krdpdre

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I shall require in your next reply.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Please include the newly-created C:\ComboFix.txt in your next reply, and let me know how things are running now ;)

Link to post
Share on other sites

Thanks again! All right, here's the log:

ComboFix 12-01-03.08 - God 01/03/2012 23:53:30.6.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1553 [GMT -5:00]

Running from: c:\documents and settings\God\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Outdated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\God\Application Data\PriceGong

c:\documents and settings\God\Application Data\PriceGong\Data\mru.xml

.

.

((((((((((((((((((((((((( Files Created from 2011-12-04 to 2012-01-04 )))))))))))))))))))))))))))))))

.

.

2074-05-18 21:44 . 2008-03-21 18:46 607296 ----a-w- c:\program files\Microsoft Games\Age of Empires III\deformerdllyD.dll

2012-01-04 04:51 . 2012-01-04 04:51 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BEEE0366-6EA3-4C1C-9301-A9B703389F14}\offreg.dll

2011-12-29 04:40 . 2011-12-29 04:40 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BEEE0366-6EA3-4C1C-9301-A9B703389F14}\MpKsl5bb8c149.sys

2011-12-27 10:48 . 2011-12-27 10:48 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer

2011-12-27 02:17 . 2011-12-27 02:19 -------- d-----w- C:\ca739415363f312693a1ef

2011-12-26 16:21 . 2011-12-26 16:21 -------- d-----w- C:\c2ed4f84d0e5b76d0a8dbc

2011-12-26 08:06 . 2011-12-26 08:06 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Conduit

2011-12-26 08:06 . 2011-12-26 08:06 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\BitTorrentBar

2011-12-26 08:06 . 2011-12-26 08:06 -------- d-----w- c:\documents and settings\LocalService\Application Data\HPAppData

2011-12-24 23:59 . 2011-12-24 23:59 -------- d-s---w- c:\documents and settings\LocalService\UserData

2011-12-22 03:32 . 2011-12-22 03:34 -------- d-----w- C:\8efeb4841330c6672537d606a2cfcf

2011-12-22 00:37 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-12-21 04:54 . 2011-12-21 04:54 -------- d-s---w- c:\documents and settings\NetworkService\UserData

2011-12-15 16:32 . 2011-11-21 10:47 6823496 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BEEE0366-6EA3-4C1C-9301-A9B703389F14}\mpengine.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-12-24 03:17 . 2011-05-18 01:16 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-11-23 13:25 . 2004-08-11 22:00 1859584 ----a-w- c:\windows\system32\win32k.sys

2011-11-21 10:47 . 2011-09-05 21:24 6823496 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-11-15 19:29 . 2011-09-04 19:05 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-11-01 20:35 . 2004-08-11 22:00 667136 ----a-w- c:\windows\system32\wininet.dll

2011-11-01 20:35 . 2004-08-11 22:00 61952 ----a-w- c:\windows\system32\tdc.ocx

2011-11-01 20:35 . 2004-08-11 22:00 81920 ----a-w- c:\windows\system32\ieencode.dll

2011-11-01 16:07 . 2004-08-11 22:00 1288704 ----a-w- c:\windows\system32\ole32.dll

2011-11-01 15:02 . 2004-08-11 22:00 369664 ----a-w- c:\windows\system32\html.iec

2011-10-28 05:31 . 2004-08-11 22:00 33280 ----a-w- c:\windows\system32\csrsrv.dll

2011-10-25 13:37 . 2004-08-11 22:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-10-25 12:52 . 2004-08-04 03:59 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-10-18 11:13 . 2004-08-11 22:00 186880 ----a-w- c:\windows\system32\encdec.dll

2011-10-10 14:22 . 2004-08-11 22:12 692736 ----a-w- c:\windows\system32\inetcomm.dll

2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll

2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2012-01-01_23.58.30 )))))))))))))))))))))))))))))))))))))))))

.

+ 2012-01-04 04:51 . 2012-01-04 04:51 16384 c:\windows\Temp\Perflib_Perfdata_694.dat

- 2004-08-11 22:00 . 2012-01-02 00:00 72582 c:\windows\system32\perfc009.dat

+ 2004-08-11 22:00 . 2012-01-04 04:55 72582 c:\windows\system32\perfc009.dat

+ 2011-12-25 08:49 . 2011-12-25 08:49 31504 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe

+ 2011-12-25 16:07 . 2011-12-25 16:07 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll

- 2011-07-08 18:00 . 2011-07-08 18:00 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll

+ 2011-12-25 03:55 . 2011-12-25 03:55 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll

- 2011-07-07 16:04 . 2011-07-07 16:04 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll

- 2011-07-07 16:04 . 2011-07-07 16:04 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll

+ 2011-12-25 03:55 . 2011-12-25 03:55 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll

+ 2011-12-25 03:55 . 2011-12-25 03:55 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll

- 2011-07-07 16:03 . 2011-07-07 16:03 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll

- 2011-07-07 17:09 . 2011-07-07 17:09 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe

+ 2011-12-25 04:49 . 2011-12-25 04:49 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe

- 2011-07-07 17:09 . 2011-07-07 17:09 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll

+ 2011-12-25 04:49 . 2011-12-25 04:49 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll

+ 2012-01-03 08:06 . 2012-01-03 08:06 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_41b76a86\System.Drawing.Design.dll

+ 2012-01-03 08:06 . 2012-01-03 08:06 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_a3f124fd\CustomMarshalers.dll

+ 2012-01-03 08:10 . 2012-01-03 08:10 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\750de53f30e516eb2c62de9bab7954e9\System.Web.DynamicData.Design.ni.dll

+ 2012-01-03 08:03 . 2012-01-03 08:03 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll

- 2011-10-13 07:12 . 2011-10-13 07:12 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll

- 2011-10-13 07:12 . 2011-10-13 07:12 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll

+ 2012-01-03 08:02 . 2012-01-03 08:02 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll

- 2011-10-13 07:12 . 2011-10-13 07:12 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll

+ 2012-01-03 08:03 . 2012-01-03 08:03 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll

- 2011-10-13 07:12 . 2011-10-13 07:12 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll

+ 2012-01-03 08:03 . 2012-01-03 08:03 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll

+ 2012-01-03 08:03 . 2012-01-03 08:03 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll

- 2011-10-13 07:12 . 2011-10-13 07:12 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll

- 2011-10-13 07:12 . 2011-10-13 07:12 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll

+ 2012-01-03 08:03 . 2012-01-03 08:03 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll

- 2011-10-13 07:12 . 2011-10-13 07:12 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll

+ 2012-01-03 08:03 . 2012-01-03 08:03 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll

+ 2012-01-03 08:03 . 2012-01-03 08:03 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll

- 2011-10-13 07:12 . 2011-10-13 07:12 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll

+ 2012-01-03 08:03 . 2012-01-03 08:03 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll

- 2011-10-13 07:12 . 2011-10-13 07:12 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll

- 2011-10-13 07:12 . 2011-10-13 07:12 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll

+ 2012-01-03 08:03 . 2012-01-03 08:03 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll

+ 2012-01-03 08:03 . 2012-01-03 08:03 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll

- 2011-10-13 07:12 . 2011-10-13 07:12 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll

- 2011-10-13 07:12 . 2011-10-13 07:12 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

+ 2012-01-03 08:03 . 2012-01-03 08:03 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

+ 2012-01-03 08:03 . 2012-01-03 08:03 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

- 2011-10-13 07:12 . 2011-10-13 07:12 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

+ 2012-01-03 08:06 . 2012-01-03 08:06 81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll

- 2011-10-13 07:01 . 2011-10-13 07:01 81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll

+ 2012-01-03 08:03 . 2012-01-03 08:03 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll

- 2011-10-13 07:12 . 2011-10-13 07:12 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll

- 2011-10-13 07:12 . 2011-10-13 07:12 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll

+ 2012-01-03 08:03 . 2012-01-03 08:03 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll

+ 2012-01-03 08:03 . 2012-01-03 08:03 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll

- 2011-10-13 07:12 . 2011-10-13 07:12 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll

- 2011-10-13 07:12 . 2011-10-13 07:12 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll

+ 2012-01-03 08:03 . 2012-01-03 08:03 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll

+ 2012-01-03 08:03 . 2012-01-03 08:03 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll

- 2011-10-13 07:12 . 2011-10-13 07:12 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll

+ 2012-01-03 08:03 . 2012-01-03 08:03 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll

- 2011-10-13 07:12 . 2011-10-13 07:12 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll

+ 2012-01-03 08:03 . 2012-01-03 08:03 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll

- 2011-10-13 07:12 . 2011-10-13 07:12 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll

+ 2004-08-11 22:00 . 2012-01-04 04:55 443482 c:\windows\system32\perfh009.dat

- 2004-08-11 22:00 . 2012-01-02 00:00 443482 c:\windows\system32\perfh009.dat

+ 2011-12-25 08:49 . 2011-12-25 08:49 436496 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll

+ 2011-12-25 03:55 . 2011-12-25 03:55 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll

- 2011-07-07 16:04 . 2011-07-07 16:04 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll

- 2011-07-07 16:01 . 2011-07-07 16:01 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll

+ 2011-12-25 03:53 . 2011-12-25 03:53 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll

- 2011-07-07 17:09 . 2011-07-07 17:09 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll

+ 2011-12-25 04:49 . 2011-12-25 04:49 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll

+ 2011-12-25 10:40 . 2011-12-25 10:40 819200 c:\windows\Installer\34f0bc7.msp

+ 2011-06-15 18:31 . 2011-10-13 07:12 303104 c:\windows\assembly\temp\4D6EMT19HP\System.Runtime.Remoting.dll

+ 2012-01-03 08:07 . 2012-01-03 08:07 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_fa429c85\System.Drawing.dll

+ 2012-01-03 08:07 . 2012-01-03 08:07 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_611399f6\System.Drawing.Design.dll

+ 2012-01-03 08:07 . 2012-01-03 08:07 118784 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_e9b0fa7e\CustomMarshalers.dll

+ 2012-01-03 08:10 . 2012-01-03 08:10 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\0bda7bdfaf440d5dd4bc6a1dea7ffa39\System.Web.Routing.ni.dll

+ 2012-01-03 08:10 . 2012-01-03 08:10 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\6e29f9faa74a48b83a13a3413b826295\System.Web.Extensions.Design.ni.dll

+ 2012-01-03 08:10 . 2012-01-03 08:10 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\be8965fe859bc53dff61579bf626858b\System.Web.Entity.ni.dll

+ 2012-01-03 08:10 . 2012-01-03 08:10 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\8441b3eb247e0344fede848337ee911c\System.Web.Entity.Design.ni.dll

+ 2012-01-03 08:10 . 2012-01-03 08:10 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\09c6a41f187ba483486cdb92dad714a1\System.Web.DynamicData.ni.dll

+ 2012-01-03 08:10 . 2012-01-03 08:10 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\5efb726d424b9712632eff749411fa89\System.Web.Abstractions.ni.dll

+ 2012-01-03 08:09 . 2012-01-03 08:09 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\f374e8e7849a72d1470b4a6a0771a137\System.Data.Entity.Design.ni.dll

+ 2012-01-03 08:09 . 2012-01-03 08:09 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\439732479756e0f6df88d29e50a402bf\ServiceModelReg.ni.exe

+ 2012-01-03 08:08 . 2012-01-03 08:08 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\bfcea15c95909860c4f4ac19bd7a2d6c\AspNetMMCExt.ni.dll

+ 2012-01-03 08:03 . 2012-01-03 08:03 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll

- 2011-10-13 07:12 . 2011-10-13 07:12 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll

+ 2012-01-03 08:03 . 2012-01-03 08:03 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll

- 2011-10-13 07:12 . 2011-10-13 07:12 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll

- 2011-10-13 07:12 . 2011-10-13 07:12 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll

+ 2012-01-03 08:03 . 2012-01-03 08:03 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll

- 2011-10-13 07:12 . 2011-10-13 07:12 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll

+ 2012-01-03 08:03 . 2012-01-03 08:03 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll

+ 2012-01-03 08:03 . 2012-01-03 08:03 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll

- 2011-10-13 07:12 . 2011-10-13 07:12 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll

+ 2011-06-15 18:31 . 2012-01-03 08:03 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll

- 2011-06-15 18:31 . 2011-10-13 07:12 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll

+ 2012-01-03 08:03 . 2012-01-03 08:03 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll

- 2011-10-13 07:12 . 2011-10-13 07:12 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll

- 2011-10-13 07:12 . 2011-10-13 07:12 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll

+ 2012-01-03 08:03 . 2012-01-03 08:03 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll

- 2011-10-13 07:12 . 2011-10-13 07:12 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll

+ 2012-01-03 08:03 . 2012-01-03 08:03 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll

- 2011-10-13 07:12 . 2011-10-13 07:12 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll

+ 2012-01-03 08:03 . 2012-01-03 08:03 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll

+ 2012-01-03 08:03 . 2012-01-03 08:03 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll

- 2011-10-13 07:12 . 2011-10-13 07:12 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll

+ 2012-01-03 08:03 . 2012-01-03 08:03 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll

- 2011-10-13 07:12 . 2011-10-13 07:12 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll

- 2011-10-13 07:12 . 2011-10-13 07:12 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll

+ 2012-01-03 08:03 . 2012-01-03 08:03 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll

+ 2012-01-03 08:03 . 2012-01-03 08:03 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll

- 2011-10-13 07:12 . 2011-10-13 07:12 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll

- 2011-10-13 07:12 . 2011-10-13 07:12 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll

+ 2012-01-03 08:03 . 2012-01-03 08:03 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll

+ 2012-01-03 08:03 . 2012-01-03 08:03 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll

- 2011-10-13 07:12 . 2011-10-13 07:12 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll

- 2011-10-13 07:12 . 2011-10-13 07:12 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll

+ 2012-01-03 08:03 . 2012-01-03 08:03 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll

+ 2012-01-03 08:03 . 2012-01-03 08:03 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll

- 2011-10-13 07:12 . 2011-10-13 07:12 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll

- 2011-10-13 07:12 . 2011-10-13 07:12 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll

+ 2012-01-03 08:03 . 2012-01-03 08:03 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll

+ 2012-01-03 08:03 . 2012-01-03 08:03 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll

- 2011-10-13 07:12 . 2011-10-13 07:12 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll

+ 2012-01-03 08:03 . 2012-01-03 08:03 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll

- 2011-10-13 07:12 . 2011-10-13 07:12 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll

+ 2012-01-03 08:02 . 2012-01-03 08:02 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll

- 2011-10-13 07:11 . 2011-10-13 07:11 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll

+ 2012-01-03 08:03 . 2012-01-03 08:03 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll

- 2011-10-13 07:12 . 2011-10-13 07:12 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll

+ 2012-01-03 08:03 . 2012-01-03 08:03 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll

- 2011-10-13 07:12 . 2011-10-13 07:12 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll

- 2011-10-13 07:12 . 2011-10-13 07:12 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll

+ 2012-01-03 08:03 . 2012-01-03 08:03 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll

- 2011-10-13 07:12 . 2011-10-13 07:12 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll

+ 2012-01-03 08:03 . 2012-01-03 08:03 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll

+ 2011-12-25 08:50 . 2011-12-25 08:50 5246976 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll

+ 2011-12-25 16:07 . 2011-12-25 16:07 2064384 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Windows.Forms.dll

+ 2011-12-25 16:06 . 2011-12-25 16:06 1269760 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll

+ 2011-12-25 16:06 . 2011-12-25 16:06 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll

- 2011-07-08 17:59 . 2011-07-08 17:59 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll

+ 2011-12-25 03:54 . 2011-12-25 03:54 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll

- 2011-07-07 16:02 . 2011-07-07 16:02 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll

- 2011-07-07 16:02 . 2011-07-07 16:02 2527232 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll

+ 2011-12-25 03:53 . 2011-12-25 03:53 2527232 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll

+ 2011-12-25 16:06 . 2011-12-25 16:06 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll

- 2011-07-08 17:59 . 2011-07-08 17:59 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll

+ 2011-12-26 14:59 . 2011-12-26 14:59 4368896 c:\windows\Installer\34f0ba8.msp

+ 2012-01-03 08:07 . 2012-01-03 08:07 4792320 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_73cfd78c\System.dll

+ 2012-01-03 08:06 . 2012-01-03 08:06 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_4942b1bc\System.dll

+ 2012-01-03 08:06 . 2012-01-03 08:06 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_868004bf\System.Xml.dll

+ 2012-01-03 08:07 . 2012-01-03 08:07 5513216 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_0577c298\System.Xml.dll

+ 2012-01-03 08:06 . 2012-01-03 08:06 3035136 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_f0d16890\System.Windows.Forms.dll

+ 2012-01-03 08:07 . 2012-01-03 08:07 7917568 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_8b102582\System.Windows.Forms.dll

+ 2012-01-03 08:07 . 2012-01-03 08:07 2244608 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_6bf82b8e\System.Drawing.dll

+ 2012-01-03 08:07 . 2012-01-03 08:07 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_83b7e512\System.Design.dll

+ 2012-01-03 08:06 . 2012-01-03 08:06 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_21382436\System.Design.dll

+ 2012-01-03 08:07 . 2012-01-03 08:07 8908800 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_afb6e69b\mscorlib.dll

+ 2012-01-03 08:07 . 2012-01-03 08:07 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_96c40ec9\mscorlib.dll

+ 2012-01-03 08:10 . 2012-01-03 08:10 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\05c29118462056cf810df0b6aa660d05\System.WorkflowServices.ni.dll

+ 2012-01-03 08:10 . 2012-01-03 08:10 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\26b3258c559dc0ab6bdce481ffd458b3\System.Workflow.Runtime.ni.dll

+ 2012-01-03 08:10 . 2012-01-03 08:10 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\1642d1b72cd84caf24cbe7c5e8fd8368\System.Workflow.ComponentModel.ni.dll

+ 2012-01-03 08:10 . 2012-01-03 08:10 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\32ce12c3c2049f2df94c44c94b052e16\System.Workflow.Activities.ni.dll

+ 2012-01-03 08:10 . 2012-01-03 08:10 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\f63ae1310e004777e880f28377bcddd2\System.Web.Services.ni.dll

+ 2012-01-03 08:10 . 2012-01-03 08:10 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\c99b02434e71ca9898bebbc08d63e885\System.Web.Mobile.ni.dll

+ 2012-01-03 08:10 . 2012-01-03 08:10 2405888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\c8f78b9e94857fdf6c2a378dd1629ee0\System.Web.Extensions.ni.dll

+ 2012-01-03 08:09 . 2012-01-03 08:09 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\ae749b024162e9ac79110c633b5ce6be\System.ServiceModel.Web.ni.dll

+ 2012-01-03 08:08 . 2012-01-03 08:08 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\23eb4618c9d171be9fb551a13a475a32\System.IdentityModel.ni.dll

+ 2012-01-03 08:09 . 2012-01-03 08:09 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\f35064c125799df650c1a959d8fa450b\System.Data.Services.ni.dll

+ 2012-01-03 08:09 . 2012-01-03 08:09 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\a86c12788293105a0d9fda1bc90c90bc\Microsoft.VisualBasic.ni.dll

- 2011-10-13 07:12 . 2011-10-13 07:12 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll

+ 2012-01-03 08:03 . 2012-01-03 08:03 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll

- 2011-10-13 07:12 . 2011-10-13 07:12 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll

+ 2012-01-03 08:03 . 2012-01-03 08:03 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll

- 2011-10-13 07:11 . 2011-10-13 07:12 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll

+ 2012-01-03 08:03 . 2012-01-03 08:03 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll

- 2010-10-07 07:07 . 2010-10-07 07:07 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll

+ 2012-01-03 08:06 . 2012-01-03 08:06 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll

- 2011-10-13 07:12 . 2011-10-13 07:12 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll

+ 2012-01-03 08:02 . 2012-01-03 08:02 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll

+ 2012-01-03 08:02 . 2012-01-03 08:02 5246976 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll

+ 2012-01-03 08:03 . 2012-01-03 08:03 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

- 2011-10-13 07:12 . 2011-10-13 07:12 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

- 2011-06-15 18:31 . 2011-10-13 07:12 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll

+ 2011-06-15 18:31 . 2012-01-03 08:03 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll

+ 2012-01-03 08:06 . 2012-01-03 08:06 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll

- 2011-10-13 07:01 . 2011-10-13 07:01 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll

+ 2012-01-03 08:06 . 2012-01-03 08:06 2064384 c:\windows\assembly\GAC\System.Windows.Forms\1.0.5000.0__b77a5c561934e089\System.Windows.Forms.dll

+ 2012-01-03 08:06 . 2012-01-03 08:06 1269760 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll

+ 2011-12-26 22:02 . 2011-12-26 22:02 12482048 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M2656353\M2656353Uninstall.msp

+ 2011-12-26 14:02 . 2011-12-26 14:02 19677184 c:\windows\Installer\34f0bc1.msp

+ 2012-01-03 08:09 . 2012-01-03 08:09 11817472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\62e34cfb5a8b233667c7c5a47a32ad93\System.Web.ni.dll

+ 2012-01-03 08:09 . 2012-01-03 08:09 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\2dac4fc006596760cd4988d0bfd52ff0\System.ServiceModel.ni.dll

+ 2012-01-03 08:06 . 2012-01-03 08:06 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\9e15d80ffb037e9171fa4bd2e0233497\System.Design.ni.dll

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files\BitTorrentBar\tbBitT.dll" [2010-12-09 3911776]

.

[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]

2010-12-09 17:51 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngin0.dll

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]

2010-12-09 17:51 3911776 ----a-w- c:\program files\BitTorrentBar\tbBitT.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files\BitTorrentBar\tbBitT.dll" [2010-12-09 3911776]

"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngin0.dll" [2010-12-09 3911776]

.

[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]

.

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{88C7F2AA-F93F-432C-8F0E-B7D85967A527}"= "c:\program files\BitTorrentBar\tbBitT.dll" [2010-12-09 3911776]

.

[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

"Steam"="c:\program files\Steam2\Steam.exe" [2011-09-10 1242448]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-02-26 128296]

"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-01-25 159744]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]

"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-12-24 981680]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"VF0500Inst"="c:\windows\system32\V0500Pin.dll" [2009-09-24 40960]

.

c:\documents and settings\God\Start Menu\Programs\Startup\

Trillian.lnk - c:\program files\Trillian\trillian.exe [2011-12-12 2362720]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

SafeConnect.lnk - c:\program files\SafeConnect\scClient.exe [2011-7-20 296088]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]

"{db615530-e7b6-498e-b3cc-e9c701eda722}"= "c:\windows\system32\sekikeno.dll" [bU]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

"voyazuvas"= {db615530-e7b6-498e-b3cc-e9c701eda722} - c:\windows\system32\sekikeno.dll [bU]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gemsafe]

2006-11-16 20:20 73728 ----a-w- c:\program files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk

backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SafeConnect.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SafeConnect.lnk

backup=c:\windows\pss\SafeConnect.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^God^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]

path=c:\documents and settings\God\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk

backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

.

[HKLM\~\startupfolder\C:^Documents and Settings^God^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk]

path=c:\documents and settings\God\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk

backup=c:\windows\pss\OpenOffice.org 2.4.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

c:\windows\system32\dumprep 0 -k [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]

c:\windows\system32\dumprep 0 -u [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\17836254]

c:\documents and settings\All Users\Application Data\17836254\17836254.exe [bU]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\748a966c]

c:\windows\system32\yoyijite.dll [bU]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\97846246]

c:\documents and settings\All Users\Application Data\97846246\97846246.exe [bU]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]

c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [bU]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Speed Launch]

c:\program files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe [bU]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Synchronizer]

c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [bU]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2011-06-06 03:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]

2009-08-13 20:51 177440 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]

2008-12-16 01:10 342848 ----a-w- c:\program files\DNA\btdna.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CPM77b9a5f0]

c:\windows\system32\yahikufa.dll [bU]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 09:42 15360 ----a-w- c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dynex Live! Central 2]

2009-11-30 17:41 426155 ------w- c:\program files\Dynex\Live! Central\DnLVCentral2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2007-05-18 16:45 162584 ----a-w- c:\windows\system32\hkcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2007-03-12 01:34 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Idumajapimogud]

c:\windows\okazewugo.dll [bU]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2007-05-18 16:45 138008 ----a-w- c:\windows\system32\igfxtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]

2009-10-27 17:18 1103216 ----a-w- c:\program files\Download Manager\DLM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMEKRMIG6.1]

2004-08-04 10:00 44032 ----a-w- c:\windows\ime\imkr6_1\imekrmig.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]

2004-08-04 10:00 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]

2007-07-25 21:32 823296 ----a-w- c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]

2007-08-30 15:50 205480 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2009-10-29 01:21 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KADxMain]

2006-11-02 19:05 282624 ----a-w- c:\windows\system32\KADxMain.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 09:42 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]

2004-08-04 10:00 59392 ----a-w- c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]

2007-05-18 16:45 138008 ----a-w- c:\windows\system32\igfxpers.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]

2004-08-04 10:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]

2004-08-04 10:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-11-29 21:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecureUpgrade]

2007-09-14 15:53 218424 ----a-w- c:\program files\Wave Systems Corp\SecureUpgrade.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]

2007-12-05 22:24 405504 ----a-w- c:\program files\Sigmatel\C-Major Audio\WDM\stsystra.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd]

2003-12-31 21:39 40960 ----a-w- c:\windows\vsnpstd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

c:\program files\Steam\Steam.exe [bU]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [bU]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\V0500Mon.exe]

2009-08-13 01:01 28672 ----a-r- c:\windows\V0500Mon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wagegunuda]

c:\windows\system32\pesubumu.dll [bU]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WavXMgr]

2007-09-10 14:55 92160 ----a-w- c:\program files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

c:\program files\Winamp\winampa.exe [bU]

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=

"c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=

"c:\\Program Files\\Rise of Nations\\rise.exe"=

"c:\\Program Files\\DNA\\btdna.exe"=

"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\AIM6\\aim6.exe"=

"c:\\Program Files\\Trillian\\trillian.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"%windir%\\system32\\drivers\\svchost.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Apoint\\ApMsgFwd.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=

"c:\\Program Files\\Microsoft Office\\Live Meeting 8\\Console\\PWConsole.exe"=

"c:\\Program Files\\Winamp\\winamp.exe"=

"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"=

"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"=

"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3y.exe"=

"c:\\Program Files\\Steam2\\Steam.exe"=

"c:\\Program Files\\Steam2\\steamapps\\common\\civilization iv colonization\\Colonization.exe"=

"c:\\Program Files\\Steam2\\steamapps\\common\\sid meier's civilization iv\\Civilization4.exe"=

"c:\\Program Files\\Steam2\\steamapps\\common\\sid meier's civilization iv warlords\\Warlords\\Civ4Warlords.exe"=

"c:\\Program Files\\Steam2\\steamapps\\common\\sid meier's civilization iv warlords\\Warlords\\Civ4Warlords_PitBoss.exe"=

"c:\\Program Files\\Steam2\\steamapps\\common\\sid meier's civilization iv beyond the sword\\Beyond the Sword\\Civ4BeyondSword.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Trillian\\plugins\\skypekit.exe"=

.

R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [12/19/2006 2:21 PM 79432]

R2 SCManager;SafeConnect Manager;c:\program files\SafeConnect\scManager.sys servicestart --> c:\program files\SafeConnect\scManager.sys servicestart [?]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [8/5/2008 9:46 PM 24652]

R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [8/11/2004 5:00 PM 5120]

R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [11/2/2006 12:32 PM 97536]

S0 jghu;jghu;c:\windows\system32\drivers\dihigmqk.sys --> c:\windows\system32\drivers\dihigmqk.sys [?]

S1 MpKsl4bda1ea0;MpKsl4bda1ea0;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{05C64116-03C4-47B8-AE3A-1A5D85681525}\MpKsl4bda1ea0.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{05C64116-03C4-47B8-AE3A-1A5D85681525}\MpKsl4bda1ea0.sys [?]

S1 MpKsl6f7438dc;MpKsl6f7438dc;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2899EA8E-44F3-4953-A3CF-A37A707A9A00}\MpKsl6f7438dc.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2899EA8E-44F3-4953-A3CF-A37A707A9A00}\MpKsl6f7438dc.sys [?]

S1 MpKsl803bc26b;MpKsl803bc26b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CE08B448-12C7-4DD2-A5F4-DA652D33B53B}\MpKsl803bc26b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CE08B448-12C7-4DD2-A5F4-DA652D33B53B}\MpKsl803bc26b.sys [?]

S1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\DRIVERS\savonaccesscontrol.sys --> c:\windows\system32\DRIVERS\savonaccesscontrol.sys [?]

S1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\DRIVERS\savonaccessfilter.sys --> c:\windows\system32\DRIVERS\savonaccessfilter.sys [?]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [12/23/2010 11:08 PM 143968]

S3 krdpdre;krdpdre;\??\c:\docume~1\God\LOCALS~1\Temp\krdpdre.sys --> c:\docume~1\God\LOCALS~1\Temp\krdpdre.sys [?]

S3 sdcfilter;sdcfilter;c:\windows\system32\drivers\sdcfilter.sys [9/4/2011 1:42 PM 23928]

S3 V0500Dev;Dynex 1.3MP Webcam Driver;c:\windows\system32\drivers\V0500Vid.sys [12/23/2010 11:11 PM 265536]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2012-01-01 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]

.

2012-01-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1229310906-1468043236-3445834466-1005Core.job

- c:\documents and settings\God\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-14 13:31]

.

2012-01-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1229310906-1468043236-3445834466-1005UA.job

- c:\documents and settings\God\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-14 13:31]

.

2012-01-04 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 19:39]

.

.

------- Supplementary Scan -------

.

uStart Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5080708

mStart Page = hxxp://www.dell.com

uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5080708

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 137.165.4.21 137.165.4.2

FF - ProfilePath - c:\documents and settings\God\Application Data\Mozilla\Firefox\Profiles\tvcxbhik.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - YB English » Chinese

FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/?_bc=1

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: network.proxy.ftp - proxy.doshisha.ac.jp

FF - prefs.js: network.proxy.ftp_port - 8080

FF - prefs.js: network.proxy.gopher - proxy.williams.edu

FF - prefs.js: network.proxy.gopher_port - 3128

FF - prefs.js: network.proxy.http - proxy.doshisha.ac.jp

FF - prefs.js: network.proxy.http_port - 8080

FF - prefs.js: network.proxy.socks - proxy.doshisha.ac.jp

FF - prefs.js: network.proxy.socks_port - 8080

FF - prefs.js: network.proxy.ssl - proxy.doshisha.ac.jp

FF - prefs.js: network.proxy.ssl_port - 8080

FF - prefs.js: network.proxy.type - 0

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-01-04 00:09

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

Completion time: 2012-01-04 03:34:44

ComboFix-quarantined-files.txt 2012-01-04 08:34

ComboFix2.txt 2012-01-02 11:00

.

Pre-Run: 17,928,507,392 bytes free

Post-Run: 17,944,047,616 bytes free

.

- - End Of File - - E9C659E759ACCE17DAFC0305BEB01675

Link to post
Share on other sites

Looking good! :)

Before the next step, let's run an online scan to see if there's anything we may have missed:

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats is Unchecked and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Link to post
Share on other sites

Ok, here's the log. Apparently it found 44 infected items or so....

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=6.00.2900.5512 (xpsp.080413-2105)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=ce7c64dcf1a2384fbfbae9024549cafc

# end=finished

# remove_checked=false

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-01-05 10:28:00

# local_time=2012-01-05 05:28:00 (-0500, Eastern Standard Time)

# country="United States"

# lang=9

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=5891 16776873 42 88 0 21724258 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# compatibility_mode=8449 16774142 16 1 9708992 9708992 0 0

# scanned=234471

# found=44

# cleaned=0

# scan_time=9490

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FakeBillCourtCologne.zip Win32/Bagle.gen.zip worm (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCgp.zip Win32/Bagle.gen.zip worm (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\God\Application Data\Mozilla\Firefox\Profiles\tvcxbhik.default\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}\defaults\preferences\prefs.js Win32/Agent.RQD.Gen trojan (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\God\Application Data\Sun\Java\Deployment\cache\6.0\55\33499bf7-4de0440d a variant of Win32/Kryptik.XTE trojan (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\16\4ecd9f50-4274d2b8 a variant of Win32/Kryptik.YCX trojan (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\29\4e11bedd-5df70d51 a variant of Win32/Kryptik.YBA trojan (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\34\dc12ee2-6803258e a variant of Win32/TrojanDownloader.FakeAlert.BNF trojan (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\35\219dbb63-31a34ed4 a variant of Win32/Kryptik.YFB trojan (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\35\4c7967a3-72565bd4 a variant of Win32/Kryptik.YHK trojan (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\36\76834ce4-57df0851 a variant of Win32/Kryptik.YDP trojan (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\37\7392b3e5-5c971645 Win32/Adware.XPAntiSpyware.AC application (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\41\790be6e9-5c254bbc a variant of Win32/Kryptik.XYX trojan (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\48\4d731f70-63e230b4 a variant of Win32/Kryptik.YDQ trojan (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\54\363092b6-71a10a82 a variant of Win32/Kryptik.YDP trojan (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\57\58b826f9-67e3479e a variant of Win32/Kryptik.XXD trojan (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\58\7fe7937a-3808c749 a variant of Win32/Kryptik.YGP trojan (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\9\5194e489-2e132136 a variant of Win32/Kryptik.YGY trojan (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\9\54850f49-3751569f a variant of Win32/Kryptik.XYD trojan (unable to clean) 00000000000000000000000000000000 I

C:\Qoobox\Quarantine\C\WINDOWS\svcs.exe.vir probably a variant of Win32/Spy.KeyLogger.LFJNMOG trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP909\A0651354.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP909\A0651386.exe a variant of Win32/Kryptik.XTN trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP909\A0651391.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP909\A0651421.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP909\A0652420.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP909\A0652451.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP909\A0653452.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP909\A0653484.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP910\A0656490.com a variant of Win32/Kryptik.XZQ trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP910\A0656507.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP910\A0656541.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP910\A0659539.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP911\A0660539.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP911\A0660579.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP911\A0660611.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP911\A0660645.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP911\A0660655.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP912\A0660714.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP913\A0660766.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP913\A0661765.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP915\A0662769.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP916\A0663766.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP916\A0664765.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP916\A0664891.exe probably a variant of Win32/Spy.KeyLogger.LFJNMOG trojan (unable to clean) 00000000000000000000000000000000 I

C:\WINDOWS\system32\drivers\redbook.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I

Link to post
Share on other sites

Here it is:

21:49:58.0296 3708 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16

21:49:58.0500 3708 ============================================================

21:49:58.0500 3708 Current date / time: 2012/01/05 21:49:58.0500

21:49:58.0500 3708 SystemInfo:

21:49:58.0500 3708

21:49:58.0500 3708 OS Version: 5.1.2600 ServicePack: 3.0

21:49:58.0500 3708 Product type: Workstation

21:49:58.0500 3708 ComputerName: PWNZ0R

21:49:58.0500 3708 UserName: God

21:49:58.0500 3708 Windows directory: C:\WINDOWS

21:49:58.0500 3708 System windows directory: C:\WINDOWS

21:49:58.0500 3708 Processor architecture: Intel x86

21:49:58.0500 3708 Number of processors: 2

21:49:58.0500 3708 Page size: 0x1000

21:49:58.0500 3708 Boot type: Normal boot

21:49:58.0500 3708 ============================================================

21:50:01.0078 3708 Initialize success

21:50:08.0500 3496 ============================================================

21:50:08.0500 3496 Scan started

21:50:08.0500 3496 Mode: Manual;

21:50:08.0500 3496 ============================================================

21:50:08.0906 3496 Abiosdsk - ok

21:50:08.0937 3496 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

21:50:08.0937 3496 abp480n5 - ok

21:50:09.0031 3496 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

21:50:09.0031 3496 ACPI - ok

21:50:09.0062 3496 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

21:50:09.0078 3496 ACPIEC - ok

21:50:09.0171 3496 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

21:50:09.0171 3496 adpu160m - ok

21:50:09.0250 3496 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

21:50:09.0250 3496 aec - ok

21:50:09.0328 3496 AegisP (a1ad1a4a9f18d900ca9c93fa3efdcb56) C:\WINDOWS\system32\DRIVERS\AegisP.sys

21:50:09.0328 3496 AegisP - ok

21:50:09.0453 3496 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

21:50:09.0453 3496 AFD - ok

21:50:09.0531 3496 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

21:50:09.0531 3496 agp440 - ok

21:50:09.0546 3496 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

21:50:09.0546 3496 agpCPQ - ok

21:50:09.0578 3496 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

21:50:09.0578 3496 Aha154x - ok

21:50:09.0609 3496 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

21:50:09.0609 3496 aic78u2 - ok

21:50:09.0625 3496 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

21:50:09.0625 3496 aic78xx - ok

21:50:09.0656 3496 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

21:50:09.0656 3496 AliIde - ok

21:50:09.0687 3496 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

21:50:09.0687 3496 alim1541 - ok

21:50:09.0703 3496 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

21:50:09.0703 3496 amdagp - ok

21:50:09.0718 3496 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

21:50:09.0734 3496 amsint - ok

21:50:09.0765 3496 ApfiltrService (b8d65da679a4a8d048783ede2691b5d4) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys

21:50:09.0781 3496 ApfiltrService - ok

21:50:09.0828 3496 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS

21:50:09.0828 3496 APPDRV - ok

21:50:09.0968 3496 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

21:50:09.0968 3496 Arp1394 - ok

21:50:10.0046 3496 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

21:50:10.0046 3496 asc - ok

21:50:10.0062 3496 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

21:50:10.0062 3496 asc3350p - ok

21:50:10.0125 3496 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

21:50:10.0125 3496 asc3550 - ok

21:50:10.0187 3496 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

21:50:10.0187 3496 AsyncMac - ok

21:50:10.0218 3496 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

21:50:10.0218 3496 atapi - ok

21:50:10.0281 3496 Atdisk - ok

21:50:10.0343 3496 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

21:50:10.0343 3496 Atmarpc - ok

21:50:10.0406 3496 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

21:50:10.0406 3496 audstub - ok

21:50:10.0437 3496 b57w2k (f96038aa1ec4013a93d2420fc689d1e9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys

21:50:10.0437 3496 b57w2k - ok

21:50:10.0500 3496 BASFND (5c68ac6f3e5b3e6d6a78e97d05e42c3a) C:\Program Files\Broadcom\ASFIPMon\BASFND.sys

21:50:10.0500 3496 BASFND - ok

21:50:10.0625 3496 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

21:50:10.0625 3496 Beep - ok

21:50:10.0750 3496 catchme - ok

21:50:10.0843 3496 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

21:50:10.0843 3496 cbidf - ok

21:50:10.0875 3496 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

21:50:10.0875 3496 cbidf2k - ok

21:50:10.0953 3496 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

21:50:10.0953 3496 CCDECODE - ok

21:50:11.0031 3496 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

21:50:11.0031 3496 cd20xrnt - ok

21:50:11.0078 3496 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

21:50:11.0078 3496 Cdaudio - ok

21:50:11.0109 3496 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

21:50:11.0109 3496 Cdfs - ok

21:50:11.0250 3496 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

21:50:11.0343 3496 Cdrom - ok

21:50:11.0359 3496 Changer - ok

21:50:11.0390 3496 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

21:50:11.0390 3496 CmBatt - ok

21:50:11.0437 3496 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

21:50:11.0453 3496 CmdIde - ok

21:50:11.0484 3496 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

21:50:11.0500 3496 Compbatt - ok

21:50:11.0546 3496 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

21:50:11.0546 3496 Cpqarray - ok

21:50:11.0703 3496 CtClsFlt (9a6ca307151505730dbfc91d97f01c7e) C:\WINDOWS\system32\DRIVERS\CtClsFlt.sys

21:50:11.0703 3496 CtClsFlt - ok

21:50:11.0765 3496 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

21:50:11.0812 3496 dac2w2k - ok

21:50:11.0859 3496 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

21:50:11.0875 3496 dac960nt - ok

21:50:12.0015 3496 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

21:50:12.0031 3496 Disk - ok

21:50:12.0062 3496 DLABMFSM (a0500678a33802d8954153839301d539) C:\WINDOWS\system32\Drivers\DLABMFSM.SYS

21:50:12.0062 3496 DLABMFSM - ok

21:50:12.0093 3496 DLABOIOM (b8d2f68cac54d46281399f9092644794) C:\WINDOWS\system32\Drivers\DLABOIOM.SYS

21:50:12.0093 3496 DLABOIOM - ok

21:50:12.0109 3496 DLACDBHM (0ee93ab799d1cb4ec90b36f3612fe907) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS

21:50:12.0109 3496 DLACDBHM - ok

21:50:12.0125 3496 DLADResM (87413b94ae1fabc117c4e8ae6725134e) C:\WINDOWS\system32\Drivers\DLADResM.SYS

21:50:12.0125 3496 DLADResM - ok

21:50:12.0171 3496 DLAIFS_M (766a148235be1c0039c974446e4c0edc) C:\WINDOWS\system32\Drivers\DLAIFS_M.SYS

21:50:12.0171 3496 DLAIFS_M - ok

21:50:12.0187 3496 DLAOPIOM (38267cca177354f1c64450a43a4f7627) C:\WINDOWS\system32\Drivers\DLAOPIOM.SYS

21:50:12.0187 3496 DLAOPIOM - ok

21:50:12.0203 3496 DLAPoolM (fd363369fd313b46b5aeab1a688b52e9) C:\WINDOWS\system32\Drivers\DLAPoolM.SYS

21:50:12.0218 3496 DLAPoolM - ok

21:50:12.0234 3496 DLARTL_M (336ae18f0912ef4fbe5518849e004d74) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS

21:50:12.0234 3496 DLARTL_M - ok

21:50:12.0265 3496 DLAUDFAM (fd85f682c1cc2a7ca878c7a448e6d87e) C:\WINDOWS\system32\Drivers\DLAUDFAM.SYS

21:50:12.0281 3496 DLAUDFAM - ok

21:50:12.0296 3496 DLAUDF_M (af389ce587b6bf5bbdcd6f6abe5eabc0) C:\WINDOWS\system32\Drivers\DLAUDF_M.SYS

21:50:12.0296 3496 DLAUDF_M - ok

21:50:12.0359 3496 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

21:50:12.0390 3496 dmboot - ok

21:50:12.0515 3496 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

21:50:12.0515 3496 dmio - ok

21:50:12.0562 3496 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

21:50:12.0562 3496 dmload - ok

21:50:12.0609 3496 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

21:50:12.0625 3496 DMusic - ok

21:50:12.0687 3496 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

21:50:12.0687 3496 dpti2o - ok

21:50:12.0765 3496 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

21:50:12.0765 3496 drmkaud - ok

21:50:12.0875 3496 DRVMCDB (5d3b71bb2bb0009d65d290e2ef374bd3) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS

21:50:12.0875 3496 DRVMCDB - ok

21:50:12.0906 3496 DRVNDDM (c591ba9f96f40a1fd6494dafdcd17185) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS

21:50:12.0921 3496 DRVNDDM - ok

21:50:12.0968 3496 DXEC01 (549734664886d91222969845e4311d1b) C:\WINDOWS\system32\drivers\dxec01.sys

21:50:13.0062 3496 DXEC01 - ok

21:50:13.0187 3496 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys

21:50:13.0187 3496 E100B - ok

21:50:13.0328 3496 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

21:50:13.0343 3496 Fastfat - ok

21:50:13.0406 3496 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

21:50:13.0406 3496 Fdc - ok

21:50:13.0562 3496 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

21:50:13.0562 3496 Fips - ok

21:50:13.0640 3496 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

21:50:13.0640 3496 Flpydisk - ok

21:50:13.0734 3496 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

21:50:13.0734 3496 FltMgr - ok

21:50:13.0765 3496 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

21:50:13.0765 3496 Fs_Rec - ok

21:50:13.0890 3496 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

21:50:13.0906 3496 Ftdisk - ok

21:50:13.0984 3496 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys

21:50:13.0984 3496 GEARAspiWDM - ok

21:50:14.0031 3496 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

21:50:14.0046 3496 Gpc - ok

21:50:14.0093 3496 guardian2 (7031a936832967a93b0e5d5f1c76745a) C:\WINDOWS\system32\Drivers\oz776.sys

21:50:14.0093 3496 guardian2 - ok

21:50:14.0187 3496 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

21:50:14.0203 3496 HDAudBus - ok

21:50:14.0265 3496 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

21:50:14.0265 3496 HidUsb - ok

21:50:14.0343 3496 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

21:50:14.0343 3496 hpn - ok

21:50:14.0390 3496 HSFHWAZL (290cdbb05903742ea06b7203c5a662f5) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys

21:50:14.0406 3496 HSFHWAZL - ok

21:50:14.0468 3496 HSF_DPV (7ab812355f98858b9ecdd46e6fcc221f) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys

21:50:14.0484 3496 HSF_DPV - ok

21:50:14.0609 3496 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

21:50:14.0625 3496 HTTP - ok

21:50:14.0734 3496 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

21:50:14.0734 3496 i2omgmt - ok

21:50:14.0765 3496 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

21:50:14.0781 3496 i2omp - ok

21:50:14.0906 3496 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

21:50:14.0968 3496 i8042prt - ok

21:50:15.0187 3496 ialm (200cca76cd0e0f7eec78fa56c29b4d67) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys

21:50:15.0359 3496 ialm - ok

21:50:15.0500 3496 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

21:50:15.0500 3496 Imapi - ok

21:50:15.0546 3496 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

21:50:15.0562 3496 ini910u - ok

21:50:15.0578 3496 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

21:50:15.0593 3496 IntelIde - ok

21:50:15.0656 3496 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

21:50:15.0656 3496 intelppm - ok

21:50:15.0671 3496 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

21:50:15.0671 3496 Ip6Fw - ok

21:50:15.0734 3496 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

21:50:15.0734 3496 IpFilterDriver - ok

21:50:15.0812 3496 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

21:50:15.0812 3496 IpInIp - ok

21:50:15.0843 3496 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

21:50:15.0859 3496 IpNat - ok

21:50:15.0890 3496 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

21:50:16.0046 3496 IPSec - ok

21:50:16.0156 3496 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

21:50:16.0156 3496 IRENUM - ok

21:50:16.0187 3496 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

21:50:16.0187 3496 isapnp - ok

21:50:16.0203 3496 jghu - ok

21:50:16.0234 3496 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

21:50:16.0250 3496 Kbdclass - ok

21:50:16.0265 3496 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

21:50:16.0265 3496 kbdhid - ok

21:50:16.0296 3496 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

21:50:16.0296 3496 kmixer - ok

21:50:16.0468 3496 krdpdre - ok

21:50:16.0578 3496 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

21:50:16.0578 3496 KSecDD - ok

21:50:16.0609 3496 lbrtfdc - ok

21:50:16.0671 3496 mcdbus - ok

21:50:16.0921 3496 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

21:50:16.0921 3496 mdmxsdk - ok

21:50:16.0937 3496 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

21:50:16.0953 3496 mnmdd - ok

21:50:17.0031 3496 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

21:50:17.0046 3496 Modem - ok

21:50:17.0062 3496 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

21:50:17.0062 3496 Mouclass - ok

21:50:17.0156 3496 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

21:50:17.0156 3496 mouhid - ok

21:50:17.0234 3496 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

21:50:17.0250 3496 MountMgr - ok

21:50:17.0328 3496 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys

21:50:17.0328 3496 MpFilter - ok

21:50:17.0390 3496 MpKsl4bda1ea0 - ok

21:50:17.0406 3496 MpKsl6f7438dc - ok

21:50:17.0406 3496 MpKsl803bc26b - ok

21:50:17.0468 3496 MpKsl878cbe23 (a69630d039c38018689190234f866d77) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BEEE0366-6EA3-4C1C-9301-A9B703389F14}\MpKsl878cbe23.sys

21:50:17.0468 3496 MpKsl878cbe23 - ok

21:50:17.0546 3496 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

21:50:17.0562 3496 mraid35x - ok

21:50:17.0625 3496 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

21:50:17.0640 3496 MRxDAV - ok

21:50:17.0703 3496 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

21:50:17.0718 3496 MRxSmb - ok

21:50:17.0828 3496 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

21:50:17.0828 3496 Msfs - ok

21:50:17.0875 3496 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

21:50:17.0875 3496 MSKSSRV - ok

21:50:17.0890 3496 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

21:50:17.0890 3496 MSPCLOCK - ok

21:50:17.0921 3496 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

21:50:17.0921 3496 MSPQM - ok

21:50:17.0984 3496 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

21:50:17.0984 3496 mssmbios - ok

21:50:18.0093 3496 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

21:50:18.0093 3496 MSTEE - ok

21:50:18.0171 3496 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

21:50:18.0171 3496 Mup - ok

21:50:18.0218 3496 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

21:50:18.0218 3496 NABTSFEC - ok

21:50:18.0281 3496 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

21:50:18.0281 3496 NDIS - ok

21:50:18.0343 3496 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

21:50:18.0343 3496 NdisIP - ok

21:50:18.0468 3496 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

21:50:18.0468 3496 NdisTapi - ok

21:50:18.0515 3496 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

21:50:18.0515 3496 Ndisuio - ok

21:50:18.0546 3496 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

21:50:18.0546 3496 NdisWan - ok

21:50:18.0609 3496 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

21:50:18.0609 3496 NDProxy - ok

21:50:18.0625 3496 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

21:50:18.0640 3496 NetBIOS - ok

21:50:18.0656 3496 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

21:50:18.0765 3496 NetBT - ok

21:50:18.0968 3496 NETw4x32 (b5ab1108b377b5f3d37409fabda01453) C:\WINDOWS\system32\DRIVERS\NETw4x32.sys

21:50:19.0046 3496 NETw4x32 - ok

21:50:19.0156 3496 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

21:50:19.0156 3496 NIC1394 - ok

21:50:19.0203 3496 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

21:50:19.0203 3496 Npfs - ok

21:50:19.0234 3496 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

21:50:19.0265 3496 Ntfs - ok

21:50:19.0359 3496 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

21:50:19.0359 3496 Null - ok

21:50:19.0484 3496 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

21:50:19.0531 3496 nv - ok

21:50:19.0640 3496 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

21:50:19.0640 3496 NwlnkFlt - ok

21:50:19.0671 3496 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

21:50:19.0671 3496 NwlnkFwd - ok

21:50:19.0765 3496 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

21:50:19.0781 3496 ohci1394 - ok

21:50:19.0890 3496 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

21:50:19.0921 3496 Parport - ok

21:50:20.0093 3496 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

21:50:20.0109 3496 PartMgr - ok

21:50:20.0296 3496 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

21:50:20.0296 3496 ParVdm - ok

21:50:20.0406 3496 PBADRV (9ec004140e1b675acdeb07f66ee797a4) C:\WINDOWS\system32\DRIVERS\PBADRV.sys

21:50:20.0406 3496 PBADRV - ok

21:50:20.0500 3496 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

21:50:20.0500 3496 PCI - ok

21:50:20.0578 3496 PCIDump - ok

21:50:20.0640 3496 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

21:50:20.0656 3496 PCIIde - ok

21:50:20.0671 3496 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

21:50:20.0671 3496 Pcmcia - ok

21:50:20.0687 3496 PDCOMP - ok

21:50:20.0687 3496 PDFRAME - ok

21:50:20.0703 3496 PDRELI - ok

21:50:20.0718 3496 PDRFRAME - ok

21:50:20.0765 3496 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

21:50:20.0765 3496 perc2 - ok

21:50:20.0796 3496 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

21:50:20.0796 3496 perc2hib - ok

21:50:20.0812 3496 PNDIS5 - ok

21:50:20.0890 3496 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

21:50:20.0890 3496 PptpMiniport - ok

21:50:20.0953 3496 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

21:50:20.0953 3496 PSched - ok

21:50:20.0984 3496 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

21:50:20.0984 3496 Ptilink - ok

21:50:21.0046 3496 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys

21:50:21.0046 3496 PxHelp20 - ok

21:50:21.0109 3496 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

21:50:21.0109 3496 ql1080 - ok

21:50:21.0125 3496 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

21:50:21.0125 3496 Ql10wnt - ok

21:50:21.0140 3496 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

21:50:21.0140 3496 ql12160 - ok

21:50:21.0171 3496 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

21:50:21.0171 3496 ql1240 - ok

21:50:21.0296 3496 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

21:50:21.0296 3496 ql1280 - ok

21:50:21.0343 3496 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

21:50:21.0343 3496 RasAcd - ok

21:50:21.0421 3496 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

21:50:21.0421 3496 Rasl2tp - ok

21:50:21.0453 3496 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

21:50:21.0453 3496 RasPppoe - ok

21:50:21.0468 3496 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

21:50:21.0468 3496 Raspti - ok

21:50:21.0515 3496 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

21:50:21.0562 3496 Rdbss - ok

21:50:21.0656 3496 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

21:50:21.0656 3496 RDPCDD - ok

21:50:21.0750 3496 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

21:50:21.0750 3496 rdpdr - ok

21:50:21.0828 3496 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

21:50:21.0843 3496 RDPWD - ok

21:50:21.0953 3496 redbook (55f7fa7c581d3508de96e4adf418d370) C:\WINDOWS\system32\DRIVERS\redbook.sys

21:50:23.0406 3496 redbook - ok

21:50:23.0531 3496 s24trans (eadfb87f911a7a75d1b80617f92901e8) C:\WINDOWS\system32\DRIVERS\s24trans.sys

21:50:23.0609 3496 s24trans - ok

21:50:23.0625 3496 SAVOnAccessControl - ok

21:50:23.0640 3496 SAVOnAccessFilter - ok

21:50:23.0703 3496 sdcfilter (a957fd57a6ae1597943e4590de10669b) C:\WINDOWS\system32\DRIVERS\sdcfilter.sys

21:50:23.0703 3496 sdcfilter - ok

21:50:23.0765 3496 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

21:50:23.0765 3496 Secdrv - ok

21:50:23.0890 3496 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

21:50:23.0890 3496 serenum - ok

21:50:23.0906 3496 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

21:50:24.0015 3496 Serial - ok

21:50:24.0062 3496 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

21:50:24.0062 3496 Sfloppy - ok

21:50:24.0093 3496 Simbad - ok

21:50:24.0171 3496 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

21:50:24.0171 3496 sisagp - ok

21:50:24.0265 3496 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

21:50:24.0265 3496 SLIP - ok

21:50:24.0375 3496 snpstd (a2e9caef31863cab5486267a65fe322c) C:\WINDOWS\system32\DRIVERS\snpstd.sys

21:50:24.0390 3496 snpstd - ok

21:50:24.0500 3496 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

21:50:24.0500 3496 Sparrow - ok

21:50:24.0546 3496 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

21:50:24.0546 3496 splitter - ok

21:50:24.0593 3496 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

21:50:24.0609 3496 sr - ok

21:50:24.0703 3496 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

21:50:24.0703 3496 Srv - ok

21:50:24.0843 3496 STHDA (951801dfb54d86f611f0af47825476f9) C:\WINDOWS\system32\drivers\sthda.sys

21:50:24.0875 3496 STHDA - ok

21:50:25.0000 3496 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

21:50:25.0000 3496 streamip - ok

21:50:25.0046 3496 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

21:50:25.0046 3496 swenum - ok

21:50:25.0078 3496 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

21:50:25.0078 3496 swmidi - ok

21:50:25.0140 3496 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

21:50:25.0140 3496 symc810 - ok

21:50:25.0171 3496 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

21:50:25.0171 3496 symc8xx - ok

21:50:25.0203 3496 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

21:50:25.0203 3496 sym_hi - ok

21:50:25.0296 3496 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

21:50:25.0312 3496 sym_u3 - ok

21:50:25.0375 3496 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

21:50:25.0375 3496 sysaudio - ok

21:50:25.0453 3496 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

21:50:25.0468 3496 Tcpip - ok

21:50:25.0609 3496 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

21:50:25.0609 3496 TDPIPE - ok

21:50:25.0625 3496 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

21:50:25.0625 3496 TDTCP - ok

21:50:25.0671 3496 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

21:50:25.0671 3496 TermDD - ok

21:50:25.0750 3496 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

21:50:25.0765 3496 TosIde - ok

21:50:25.0828 3496 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

21:50:25.0828 3496 Udfs - ok

21:50:25.0921 3496 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

21:50:25.0921 3496 ultra - ok

21:50:26.0031 3496 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

21:50:26.0046 3496 Update - ok

21:50:26.0171 3496 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

21:50:26.0187 3496 usbaudio - ok

21:50:26.0281 3496 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

21:50:26.0281 3496 usbccgp - ok

21:50:26.0359 3496 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

21:50:26.0359 3496 usbehci - ok

21:50:26.0375 3496 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

21:50:26.0375 3496 usbhub - ok

21:50:26.0453 3496 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

21:50:26.0453 3496 usbprint - ok

21:50:26.0546 3496 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

21:50:26.0546 3496 USBSTOR - ok

21:50:26.0593 3496 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

21:50:26.0593 3496 usbuhci - ok

21:50:26.0671 3496 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys

21:50:26.0687 3496 usbvideo - ok

21:50:26.0750 3496 V0500Dev (cc6c550265748e322e76b58ab5b5894e) C:\WINDOWS\system32\DRIVERS\V0500Vid.sys

21:50:26.0765 3496 V0500Dev - ok

21:50:26.0875 3496 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

21:50:26.0875 3496 VgaSave - ok

21:50:26.0953 3496 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

21:50:26.0953 3496 viaagp - ok

21:50:26.0984 3496 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

21:50:26.0984 3496 ViaIde - ok

21:50:27.0015 3496 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

21:50:27.0015 3496 VolSnap - ok

21:50:27.0062 3496 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

21:50:27.0062 3496 Wanarp - ok

21:50:27.0125 3496 WaveFDE (db626c46997c2430d4958da5c7ffb969) C:\WINDOWS\system32\DRIVERS\WaveFDE.sys

21:50:27.0171 3496 WaveFDE - ok

21:50:27.0281 3496 WavxDMgr (51e756f2bfb5e3adcb15f966ad293231) C:\WINDOWS\system32\DRIVERS\WavxDMgr.sys

21:50:27.0718 3496 WavxDMgr - ok

21:50:27.0796 3496 WDICA - ok

21:50:27.0828 3496 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

21:50:27.0828 3496 wdmaud - ok

21:50:27.0906 3496 winachsf (a8596cf86d445269a42ecc08b7066a4c) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

21:50:27.0937 3496 winachsf - ok

21:50:28.0078 3496 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

21:50:28.0078 3496 WmiAcpi - ok

21:50:28.0187 3496 WpdUsb (c60dc16d4e406810fad54b98dc92d5ec) C:\WINDOWS\system32\Drivers\wpdusb.sys

21:50:28.0203 3496 WpdUsb - ok

21:50:28.0281 3496 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

21:50:28.0281 3496 WS2IFSL - ok

21:50:28.0359 3496 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

21:50:28.0359 3496 WSTCODEC - ok

21:50:28.0421 3496 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

21:50:28.0421 3496 WudfPf - ok

21:50:28.0484 3496 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

21:50:28.0484 3496 WudfRd - ok

21:50:28.0734 3496 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

21:50:29.0281 3496 \Device\Harddisk0\DR0 - ok

21:50:29.0281 3496 Boot (0x1200) (86f96407bc7b61c2dc7195be69087825) \Device\Harddisk0\DR0\Partition0

21:50:29.0281 3496 \Device\Harddisk0\DR0\Partition0 - ok

21:50:29.0281 3496 ============================================================

21:50:29.0281 3496 Scan finished

21:50:29.0281 3496 ============================================================

21:50:29.0312 2748 Detected object count: 0

21:50:29.0312 2748 Actual detected object count: 0

Link to post
Share on other sites

Hmmm... it didn't catch the infected driver. Let's perform a manual fix.

First, let's locate a suitable copy of redbook.sys

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1

Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:

    :filefind
    redbook.sys


  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found at on your Desktop entitled SystemLook.txt

Link to post
Share on other sites

Here we are, thanks again!

SystemLook 30.07.11 by jpshortstuff

Log created at 22:25 on 05/01/2012 by God

Administrator - Elevation successful

========== filefind ==========

Searching for "redbook.sys"

C:\i386\redbook.sys --a---- 57472 bytes [16:06 27/07/2008] [03:59 04/08/2004] B31B4588E4086D8D84ADBF9845C2402B

C:\WINDOWS\$NtServicePackUninstall$\redbook.sys -----c- 57472 bytes [05:13 05/08/2009] [03:59 04/08/2004] B31B4588E4086D8D84ADBF9845C2402B

C:\WINDOWS\Options\Install\redbook.sys --a---- 5664 bytes [04:19 19/08/2008] [11:22 05/05/1999] 09915682CF0B4E05D90AE67C24B3385A

C:\WINDOWS\ServicePackFiles\i386\redbook.sys ------- 57600 bytes [05:24 05/08/2009] [04:10 14/04/2008] F828DD7E1419B6653894A8F97A0094C5

C:\WINDOWS\system32\drivers\redbook.sys --a---- 57600 bytes [22:09 11/08/2004] [04:10 14/04/2008] 55F7FA7C581D3508DE96E4ADF418D370

-= EOF =-

Link to post
Share on other sites

Its late here so I'll call it a night- here's the CFScript you'll need ;)

Please do the following:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KILLALL::

FCopy::

C:\WINDOWS\ServicePackFiles\i386\redbook.sys | C:\WINDOWS\system32\drivers\redbook.sys

ClearJavaCache::

Reboot::

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I shall require in your next reply.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Please include the newly-created C:\ComboFix.txt in your next reply, and let me know how things are running now ;)

After that, if possible, please run ESET Online Scanner once again and post the log it creates- we need to see if the file replacement was successful :)

Link to post
Share on other sites

All right, here's the combofix log, I'm gonna run the scan in a few minutes here.

ComboFix 12-01-05.04 - God 01/06/2012 2:52.7.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1571 [GMT -5:00]

Running from: c:\documents and settings\God\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\God\Desktop\CFScript.txt

AV: Microsoft Security Essentials *Disabled/Outdated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

--------------- FCopy ---------------

.

c:\windows\ServicePackFiles\i386\redbook.sys --> c:\windows\system32\drivers\redbook.sys

.

((((((((((((((((((((((((( Files Created from 2011-12-06 to 2012-01-06 )))))))))))))))))))))))))))))))

.

.

2074-05-18 21:44 . 2008-03-21 18:46 607296 ----a-w- c:\program files\Microsoft Games\Age of Empires III\deformerdllyD.dll

2012-01-06 14:22 . 2012-01-06 14:22 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2012-01-06 08:09 . 2012-01-06 08:09 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BEEE0366-6EA3-4C1C-9301-A9B703389F14}\offreg.dll

2012-01-05 19:40 . 2012-01-05 19:40 -------- d-----w- c:\program files\ESET

2011-12-29 04:40 . 2011-12-29 04:40 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BEEE0366-6EA3-4C1C-9301-A9B703389F14}\MpKsl5bb8c149.sys

2011-12-27 10:48 . 2011-12-27 10:48 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer

2011-12-27 02:17 . 2011-12-27 02:19 -------- d-----w- C:\ca739415363f312693a1ef

2011-12-26 16:21 . 2011-12-26 16:21 -------- d-----w- C:\c2ed4f84d0e5b76d0a8dbc

2011-12-26 08:06 . 2011-12-26 08:06 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Conduit

2011-12-26 08:06 . 2011-12-26 08:06 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\BitTorrentBar

2011-12-26 08:06 . 2011-12-26 08:06 -------- d-----w- c:\documents and settings\LocalService\Application Data\HPAppData

2011-12-24 23:59 . 2011-12-24 23:59 -------- d-s---w- c:\documents and settings\LocalService\UserData

2011-12-22 03:32 . 2011-12-22 03:34 -------- d-----w- C:\8efeb4841330c6672537d606a2cfcf

2011-12-22 00:37 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-12-21 04:54 . 2011-12-21 04:54 -------- d-s---w- c:\documents and settings\NetworkService\UserData

2011-12-15 16:32 . 2011-11-21 10:47 6823496 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BEEE0366-6EA3-4C1C-9301-A9B703389F14}\mpengine.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-12-24 03:17 . 2011-05-18 01:16 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-11-23 13:25 . 2004-08-11 22:00 1859584 ----a-w- c:\windows\system32\win32k.sys

2011-11-21 10:47 . 2011-09-05 21:24 6823496 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-11-15 19:29 . 2011-09-04 19:05 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-11-01 20:35 . 2004-08-11 22:00 667136 ----a-w- c:\windows\system32\wininet.dll

2011-11-01 20:35 . 2004-08-11 22:00 61952 ----a-w- c:\windows\system32\tdc.ocx

2011-11-01 20:35 . 2004-08-11 22:00 81920 ----a-w- c:\windows\system32\ieencode.dll

2011-11-01 16:07 . 2004-08-11 22:00 1288704 ----a-w- c:\windows\system32\ole32.dll

2011-11-01 15:02 . 2004-08-11 22:00 369664 ----a-w- c:\windows\system32\html.iec

2011-10-28 05:31 . 2004-08-11 22:00 33280 ----a-w- c:\windows\system32\csrsrv.dll

2011-10-25 13:37 . 2004-08-11 22:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-10-25 12:52 . 2004-08-04 03:59 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-10-18 11:13 . 2004-08-11 22:00 186880 ----a-w- c:\windows\system32\encdec.dll

2011-10-10 14:22 . 2004-08-11 22:12 692736 ----a-w- c:\windows\system32\inetcomm.dll

2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll

2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll

.

.

((((((((((((((((((((((((((((( SnapShot_2012-01-04_05.09.43 )))))))))))))))))))))))))))))))))))))))))

.

+ 2012-01-06 08:09 . 2012-01-06 08:09 16384 c:\windows\temp\Perflib_Perfdata_3dc.dat

+ 2004-08-11 22:00 . 2012-01-06 14:23 72582 c:\windows\system32\perfc009.dat

- 2004-08-11 22:00 . 2012-01-04 04:55 72582 c:\windows\system32\perfc009.dat

+ 2004-08-11 22:09 . 2008-04-14 04:10 57600 c:\windows\system32\dllcache\redbook.sys

+ 2004-08-11 22:00 . 2012-01-06 14:23 443482 c:\windows\system32\perfh009.dat

- 2004-08-11 22:00 . 2012-01-04 04:55 443482 c:\windows\system32\perfh009.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files\BitTorrentBar\tbBitT.dll" [2010-12-09 3911776]

.

[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]

2010-12-09 17:51 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngin0.dll

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]

2010-12-09 17:51 3911776 ----a-w- c:\program files\BitTorrentBar\tbBitT.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files\BitTorrentBar\tbBitT.dll" [2010-12-09 3911776]

"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngin0.dll" [2010-12-09 3911776]

.

[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]

.

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{88C7F2AA-F93F-432C-8F0E-B7D85967A527}"= "c:\program files\BitTorrentBar\tbBitT.dll" [2010-12-09 3911776]

.

[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

"Steam"="c:\program files\Steam2\Steam.exe" [2011-09-10 1242448]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-02-26 128296]

"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-01-25 159744]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]

"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-12-24 981680]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"VF0500Inst"="c:\windows\system32\V0500Pin.dll" [2009-09-24 40960]

.

c:\documents and settings\God\Start Menu\Programs\Startup\

Trillian.lnk - c:\program files\Trillian\trillian.exe [2011-12-12 2362720]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

SafeConnect.lnk - c:\program files\SafeConnect\scClient.exe [2011-7-20 296088]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]

"{db615530-e7b6-498e-b3cc-e9c701eda722}"= "c:\windows\system32\sekikeno.dll" [bU]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

"voyazuvas"= {db615530-e7b6-498e-b3cc-e9c701eda722} - c:\windows\system32\sekikeno.dll [bU]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gemsafe]

2006-11-16 20:20 73728 ----a-w- c:\program files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk

backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SafeConnect.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SafeConnect.lnk

backup=c:\windows\pss\SafeConnect.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^God^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]

path=c:\documents and settings\God\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk

backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

.

[HKLM\~\startupfolder\C:^Documents and Settings^God^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk]

path=c:\documents and settings\God\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk

backup=c:\windows\pss\OpenOffice.org 2.4.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

c:\windows\system32\dumprep 0 -k [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]

c:\windows\system32\dumprep 0 -u [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\17836254]

c:\documents and settings\All Users\Application Data\17836254\17836254.exe [bU]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\748a966c]

c:\windows\system32\yoyijite.dll [bU]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\97846246]

c:\documents and settings\All Users\Application Data\97846246\97846246.exe [bU]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]

c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [bU]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Speed Launch]

c:\program files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe [bU]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Synchronizer]

c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [bU]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2011-06-06 03:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]

2009-08-13 20:51 177440 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]

2008-12-16 01:10 342848 ----a-w- c:\program files\DNA\btdna.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CPM77b9a5f0]

c:\windows\system32\yahikufa.dll [bU]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 09:42 15360 ----a-w- c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dynex Live! Central 2]

2009-11-30 17:41 426155 ------w- c:\program files\Dynex\Live! Central\DnLVCentral2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2007-05-18 16:45 162584 ----a-w- c:\windows\system32\hkcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2007-03-12 01:34 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Idumajapimogud]

c:\windows\okazewugo.dll [bU]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2007-05-18 16:45 138008 ----a-w- c:\windows\system32\igfxtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]

2009-10-27 17:18 1103216 ----a-w- c:\program files\Download Manager\DLM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMEKRMIG6.1]

2004-08-04 10:00 44032 ----a-w- c:\windows\ime\imkr6_1\imekrmig.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]

2004-08-04 10:00 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]

2007-07-25 21:32 823296 ----a-w- c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]

2007-08-30 15:50 205480 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2009-10-29 01:21 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KADxMain]

2006-11-02 19:05 282624 ----a-w- c:\windows\system32\KADxMain.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 09:42 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]

2004-08-04 10:00 59392 ----a-w- c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]

2007-05-18 16:45 138008 ----a-w- c:\windows\system32\igfxpers.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]

2004-08-04 10:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]

2004-08-04 10:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-11-29 21:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecureUpgrade]

2007-09-14 15:53 218424 ----a-w- c:\program files\Wave Systems Corp\SecureUpgrade.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]

2007-12-05 22:24 405504 ----a-w- c:\program files\Sigmatel\C-Major Audio\WDM\stsystra.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd]

2003-12-31 21:39 40960 ----a-w- c:\windows\vsnpstd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

c:\program files\Steam\Steam.exe [bU]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [bU]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\V0500Mon.exe]

2009-08-13 01:01 28672 ----a-r- c:\windows\V0500Mon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wagegunuda]

c:\windows\system32\pesubumu.dll [bU]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WavXMgr]

2007-09-10 14:55 92160 ----a-w- c:\program files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

c:\program files\Winamp\winampa.exe [bU]

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=

"c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=

"c:\\Program Files\\Rise of Nations\\rise.exe"=

"c:\\Program Files\\DNA\\btdna.exe"=

"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\AIM6\\aim6.exe"=

"c:\\Program Files\\Trillian\\trillian.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"%windir%\\system32\\drivers\\svchost.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Apoint\\ApMsgFwd.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=

"c:\\Program Files\\Microsoft Office\\Live Meeting 8\\Console\\PWConsole.exe"=

"c:\\Program Files\\Winamp\\winamp.exe"=

"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"=

"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"=

"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3y.exe"=

"c:\\Program Files\\Steam2\\Steam.exe"=

"c:\\Program Files\\Steam2\\steamapps\\common\\civilization iv colonization\\Colonization.exe"=

"c:\\Program Files\\Steam2\\steamapps\\common\\sid meier's civilization iv\\Civilization4.exe"=

"c:\\Program Files\\Steam2\\steamapps\\common\\sid meier's civilization iv warlords\\Warlords\\Civ4Warlords.exe"=

"c:\\Program Files\\Steam2\\steamapps\\common\\sid meier's civilization iv warlords\\Warlords\\Civ4Warlords_PitBoss.exe"=

"c:\\Program Files\\Steam2\\steamapps\\common\\sid meier's civilization iv beyond the sword\\Beyond the Sword\\Civ4BeyondSword.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Trillian\\plugins\\skypekit.exe"=

.

R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [12/19/2006 2:21 PM 79432]

R2 SCManager;SafeConnect Manager;c:\program files\SafeConnect\scManager.sys servicestart --> c:\program files\SafeConnect\scManager.sys servicestart [?]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [8/5/2008 9:46 PM 24652]

R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [8/11/2004 5:00 PM 5120]

R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [11/2/2006 12:32 PM 97536]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [1/6/2012 9:22 AM 40776]

S0 jghu;jghu;c:\windows\system32\drivers\dihigmqk.sys --> c:\windows\system32\drivers\dihigmqk.sys [?]

S1 MpKsl4bda1ea0;MpKsl4bda1ea0;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{05C64116-03C4-47B8-AE3A-1A5D85681525}\MpKsl4bda1ea0.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{05C64116-03C4-47B8-AE3A-1A5D85681525}\MpKsl4bda1ea0.sys [?]

S1 MpKsl6f7438dc;MpKsl6f7438dc;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2899EA8E-44F3-4953-A3CF-A37A707A9A00}\MpKsl6f7438dc.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2899EA8E-44F3-4953-A3CF-A37A707A9A00}\MpKsl6f7438dc.sys [?]

S1 MpKsl803bc26b;MpKsl803bc26b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CE08B448-12C7-4DD2-A5F4-DA652D33B53B}\MpKsl803bc26b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CE08B448-12C7-4DD2-A5F4-DA652D33B53B}\MpKsl803bc26b.sys [?]

S1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\DRIVERS\savonaccesscontrol.sys --> c:\windows\system32\DRIVERS\savonaccesscontrol.sys [?]

S1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\DRIVERS\savonaccessfilter.sys --> c:\windows\system32\DRIVERS\savonaccessfilter.sys [?]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [12/23/2010 11:08 PM 143968]

S3 krdpdre;krdpdre;\??\c:\docume~1\God\LOCALS~1\Temp\krdpdre.sys --> c:\docume~1\God\LOCALS~1\Temp\krdpdre.sys [?]

S3 sdcfilter;sdcfilter;c:\windows\system32\drivers\sdcfilter.sys [9/4/2011 1:42 PM 23928]

S3 V0500Dev;Dynex 1.3MP Webcam Driver;c:\windows\system32\drivers\V0500Vid.sys [12/23/2010 11:11 PM 265536]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - MBAMSWISSARMY

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2012-01-01 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]

.

2012-01-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1229310906-1468043236-3445834466-1005Core.job

- c:\documents and settings\God\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-14 13:31]

.

2012-01-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1229310906-1468043236-3445834466-1005UA.job

- c:\documents and settings\God\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-14 13:31]

.

2012-01-06 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 19:39]

.

.

------- Supplementary Scan -------

.

uStart Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5080708

mStart Page = hxxp://www.dell.com

uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5080708

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 137.165.4.21 137.165.4.2

FF - ProfilePath - c:\documents and settings\God\Application Data\Mozilla\Firefox\Profiles\tvcxbhik.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - YB Chinese » English

FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/?_bc=1

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: network.proxy.ftp - proxy.doshisha.ac.jp

FF - prefs.js: network.proxy.ftp_port - 8080

FF - prefs.js: network.proxy.gopher - proxy.williams.edu

FF - prefs.js: network.proxy.gopher_port - 3128

FF - prefs.js: network.proxy.http - proxy.doshisha.ac.jp

FF - prefs.js: network.proxy.http_port - 8080

FF - prefs.js: network.proxy.socks - proxy.doshisha.ac.jp

FF - prefs.js: network.proxy.socks_port - 8080

FF - prefs.js: network.proxy.ssl - proxy.doshisha.ac.jp

FF - prefs.js: network.proxy.ssl_port - 8080

FF - prefs.js: network.proxy.type - 0

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-01-06 09:22

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(468)

c:\windows\system32\WPDShServiceObj.dll

c:\program files\Roxio\Drag-to-Disc\Shellex.dll

c:\program files\Common Files\Roxio Shared\9.0\DLLShared\DLAAPI_W.DLL

c:\program files\Roxio\Drag-to-Disc\ShellRes.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe

c:\windows\System32\SCardSvr.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Dell\QuickSet\NICCONFIGSVC.exe

c:\program files\SafeConnect\scManager.sys

c:\windows\system32\StacSV.exe

c:\program files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe

c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe

c:\windows\system32\UAService7.exe

c:\windows\system32\msdtc.exe

c:\windows\system32\wscntfy.exe

c:\program files\Apoint\ApMsgFwd.exe

c:\program files\Apoint\HidFind.exe

c:\program files\Apoint\Apntex.exe

.

**************************************************************************

.

Completion time: 2012-01-06 13:02:12 - machine was rebooted

ComboFix-quarantined-files.txt 2012-01-06 18:02

ComboFix2.txt 2012-01-04 08:34

ComboFix3.txt 2012-01-02 11:00

.

Pre-Run: 17,843,245,056 bytes free

Post-Run: 17,922,863,104 bytes free

.

- - End Of File - - A1741F3F4830480F0B3D9595DCB9BA84

Link to post
Share on other sites

And here's the ESET scan. Seems like it found around 30 things.

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=6.00.2900.5512 (xpsp.080413-2105)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=ce7c64dcf1a2384fbfbae9024549cafc

# end=finished

# remove_checked=false

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-01-05 10:28:00

# local_time=2012-01-05 05:28:00 (-0500, Eastern Standard Time)

# country="United States"

# lang=9

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=5891 16776873 42 88 0 21724258 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# compatibility_mode=8449 16774142 16 1 9708992 9708992 0 0

# scanned=234471

# found=44

# cleaned=0

# scan_time=9490

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FakeBillCourtCologne.zip Win32/Bagle.gen.zip worm (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCgp.zip Win32/Bagle.gen.zip worm (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\God\Application Data\Mozilla\Firefox\Profiles\tvcxbhik.default\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}\defaults\preferences\prefs.js Win32/Agent.RQD.Gen trojan (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\God\Application Data\Sun\Java\Deployment\cache\6.0\55\33499bf7-4de0440d a variant of Win32/Kryptik.XTE trojan (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\16\4ecd9f50-4274d2b8 a variant of Win32/Kryptik.YCX trojan (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\29\4e11bedd-5df70d51 a variant of Win32/Kryptik.YBA trojan (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\34\dc12ee2-6803258e a variant of Win32/TrojanDownloader.FakeAlert.BNF trojan (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\35\219dbb63-31a34ed4 a variant of Win32/Kryptik.YFB trojan (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\35\4c7967a3-72565bd4 a variant of Win32/Kryptik.YHK trojan (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\36\76834ce4-57df0851 a variant of Win32/Kryptik.YDP trojan (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\37\7392b3e5-5c971645 Win32/Adware.XPAntiSpyware.AC application (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\41\790be6e9-5c254bbc a variant of Win32/Kryptik.XYX trojan (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\48\4d731f70-63e230b4 a variant of Win32/Kryptik.YDQ trojan (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\54\363092b6-71a10a82 a variant of Win32/Kryptik.YDP trojan (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\57\58b826f9-67e3479e a variant of Win32/Kryptik.XXD trojan (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\58\7fe7937a-3808c749 a variant of Win32/Kryptik.YGP trojan (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\9\5194e489-2e132136 a variant of Win32/Kryptik.YGY trojan (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\9\54850f49-3751569f a variant of Win32/Kryptik.XYD trojan (unable to clean) 00000000000000000000000000000000 I

C:\Qoobox\Quarantine\C\WINDOWS\svcs.exe.vir probably a variant of Win32/Spy.KeyLogger.LFJNMOG trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP909\A0651354.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP909\A0651386.exe a variant of Win32/Kryptik.XTN trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP909\A0651391.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP909\A0651421.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP909\A0652420.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP909\A0652451.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP909\A0653452.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP909\A0653484.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP910\A0656490.com a variant of Win32/Kryptik.XZQ trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP910\A0656507.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP910\A0656541.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP910\A0659539.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP911\A0660539.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP911\A0660579.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP911\A0660611.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP911\A0660645.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP911\A0660655.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP912\A0660714.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP913\A0660766.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP913\A0661765.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP915\A0662769.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP916\A0663766.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP916\A0664765.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP916\A0664891.exe probably a variant of Win32/Spy.KeyLogger.LFJNMOG trojan (unable to clean) 00000000000000000000000000000000 I

C:\WINDOWS\system32\drivers\redbook.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I

# version=7

# iexplore.exe=6.00.2900.5512 (xpsp.080413-2105)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=ce7c64dcf1a2384fbfbae9024549cafc

# end=finished

# remove_checked=false

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-01-06 09:15:21

# local_time=2012-01-06 04:15:21 (-0500, Eastern Standard Time)

# country="United States"

# lang=9

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=5891 16776873 42 87 0 21806922 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# compatibility_mode=8449 16774142 16 1 9791656 9791656 0 0

# scanned=235600

# found=30

# cleaned=0

# scan_time=8869

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FakeBillCourtCologne.zip Win32/Bagle.gen.zip worm (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCgp.zip Win32/Bagle.gen.zip worm (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\God\Application Data\Mozilla\Firefox\Profiles\tvcxbhik.default\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}\defaults\preferences\prefs.js Win32/Agent.RQD.Gen trojan (unable to clean) 00000000000000000000000000000000 I

C:\Qoobox\Quarantine\C\WINDOWS\svcs.exe.vir probably a variant of Win32/Spy.KeyLogger.LFJNMOG trojan (unable to clean) 00000000000000000000000000000000 I

C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\redbook.sys.vir Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP909\A0651354.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP909\A0651386.exe a variant of Win32/Kryptik.XTN trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP909\A0651391.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP909\A0651421.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP909\A0652420.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP909\A0652451.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP909\A0653452.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP909\A0653484.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP910\A0656490.com a variant of Win32/Kryptik.XZQ trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP910\A0656507.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP910\A0656541.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP910\A0659539.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP911\A0660539.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP911\A0660579.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP911\A0660611.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP911\A0660645.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP911\A0660655.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP912\A0660714.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP913\A0660766.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP913\A0661765.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP915\A0662769.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP916\A0663766.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP916\A0664765.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP916\A0664891.exe probably a variant of Win32/Spy.KeyLogger.LFJNMOG trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP925\A0665977.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I

Link to post
Share on other sites

Much better- ESET no longer reports that nasty redbook.sys infection, which was quite a nasty one.

Regarding the other detected files, are you allowing ESET to quarantine and delete the detected files? If not, go ahead and set it to do that (you may have to do another scan). That should take care of the other nasties ;)

Link to post
Share on other sites

Here's the log, thanks again! It says that it removed all 30 of the infected objects.

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=6.00.2900.5512 (xpsp.080413-2105)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=ce7c64dcf1a2384fbfbae9024549cafc

# end=finished

# remove_checked=false

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-01-05 10:28:00

# local_time=2012-01-05 05:28:00 (-0500, Eastern Standard Time)

# country="United States"

# lang=9

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=5891 16776873 42 88 0 21724258 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# compatibility_mode=8449 16774142 16 1 9708992 9708992 0 0

# scanned=234471

# found=44

# cleaned=0

# scan_time=9490

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FakeBillCourtCologne.zip Win32/Bagle.gen.zip worm (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCgp.zip Win32/Bagle.gen.zip worm (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\God\Application Data\Mozilla\Firefox\Profiles\tvcxbhik.default\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}\defaults\preferences\prefs.js Win32/Agent.RQD.Gen trojan (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\God\Application Data\Sun\Java\Deployment\cache\6.0\55\33499bf7-4de0440d a variant of Win32/Kryptik.XTE trojan (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\16\4ecd9f50-4274d2b8 a variant of Win32/Kryptik.YCX trojan (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\29\4e11bedd-5df70d51 a variant of Win32/Kryptik.YBA trojan (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\34\dc12ee2-6803258e a variant of Win32/TrojanDownloader.FakeAlert.BNF trojan (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\35\219dbb63-31a34ed4 a variant of Win32/Kryptik.YFB trojan (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\35\4c7967a3-72565bd4 a variant of Win32/Kryptik.YHK trojan (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\36\76834ce4-57df0851 a variant of Win32/Kryptik.YDP trojan (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\37\7392b3e5-5c971645 Win32/Adware.XPAntiSpyware.AC application (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\41\790be6e9-5c254bbc a variant of Win32/Kryptik.XYX trojan (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\48\4d731f70-63e230b4 a variant of Win32/Kryptik.YDQ trojan (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\54\363092b6-71a10a82 a variant of Win32/Kryptik.YDP trojan (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\57\58b826f9-67e3479e a variant of Win32/Kryptik.XXD trojan (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\58\7fe7937a-3808c749 a variant of Win32/Kryptik.YGP trojan (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\9\5194e489-2e132136 a variant of Win32/Kryptik.YGY trojan (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\9\54850f49-3751569f a variant of Win32/Kryptik.XYD trojan (unable to clean) 00000000000000000000000000000000 I

C:\Qoobox\Quarantine\C\WINDOWS\svcs.exe.vir probably a variant of Win32/Spy.KeyLogger.LFJNMOG trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP909\A0651354.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP909\A0651386.exe a variant of Win32/Kryptik.XTN trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP909\A0651391.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP909\A0651421.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP909\A0652420.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP909\A0652451.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP909\A0653452.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP909\A0653484.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP910\A0656490.com a variant of Win32/Kryptik.XZQ trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP910\A0656507.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP910\A0656541.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP910\A0659539.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP911\A0660539.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP911\A0660579.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP911\A0660611.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP911\A0660645.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP911\A0660655.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP912\A0660714.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP913\A0660766.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP913\A0661765.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP915\A0662769.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP916\A0663766.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP916\A0664765.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP916\A0664891.exe probably a variant of Win32/Spy.KeyLogger.LFJNMOG trojan (unable to clean) 00000000000000000000000000000000 I

C:\WINDOWS\system32\drivers\redbook.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I

# version=7

# iexplore.exe=6.00.2900.5512 (xpsp.080413-2105)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=ce7c64dcf1a2384fbfbae9024549cafc

# end=finished

# remove_checked=false

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-01-06 09:15:21

# local_time=2012-01-06 04:15:21 (-0500, Eastern Standard Time)

# country="United States"

# lang=9

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=5891 16776873 42 87 0 21806922 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# compatibility_mode=8449 16774142 16 1 9791656 9791656 0 0

# scanned=235600

# found=30

# cleaned=0

# scan_time=8869

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FakeBillCourtCologne.zip Win32/Bagle.gen.zip worm (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCgp.zip Win32/Bagle.gen.zip worm (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\God\Application Data\Mozilla\Firefox\Profiles\tvcxbhik.default\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}\defaults\preferences\prefs.js Win32/Agent.RQD.Gen trojan (unable to clean) 00000000000000000000000000000000 I

C:\Qoobox\Quarantine\C\WINDOWS\svcs.exe.vir probably a variant of Win32/Spy.KeyLogger.LFJNMOG trojan (unable to clean) 00000000000000000000000000000000 I

C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\redbook.sys.vir Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP909\A0651354.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP909\A0651386.exe a variant of Win32/Kryptik.XTN trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP909\A0651391.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP909\A0651421.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP909\A0652420.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP909\A0652451.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP909\A0653452.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP909\A0653484.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP910\A0656490.com a variant of Win32/Kryptik.XZQ trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP910\A0656507.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP910\A0656541.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP910\A0659539.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP911\A0660539.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP911\A0660579.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP911\A0660611.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP911\A0660645.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP911\A0660655.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP912\A0660714.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP913\A0660766.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP913\A0661765.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP915\A0662769.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP916\A0663766.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP916\A0664765.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP916\A0664891.exe probably a variant of Win32/Spy.KeyLogger.LFJNMOG trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP925\A0665977.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I

esets_scanner_update returned -1 esets_gle=53251

# version=7

# iexplore.exe=6.00.2900.5512 (xpsp.080413-2105)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=ce7c64dcf1a2384fbfbae9024549cafc

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-01-07 03:37:29

# local_time=2012-01-06 10:37:29 (-0500, Eastern Standard Time)

# country="United States"

# lang=9

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=5891 16776873 42 88 0 21830021 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# compatibility_mode=8449 16774142 16 1 9814755 9814755 0 0

# scanned=235785

# found=30

# cleaned=30

# scan_time=8698

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FakeBillCourtCologne.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCgp.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\God\Application Data\Mozilla\Firefox\Profiles\tvcxbhik.default\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}\defaults\preferences\prefs.js Win32/Agent.RQD.Gen trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\WINDOWS\svcs.exe.vir probably a variant of Win32/Spy.KeyLogger.LFJNMOG trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\redbook.sys.vir Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP909\A0651354.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP909\A0651386.exe a variant of Win32/Kryptik.XTN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP909\A0651391.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP909\A0651421.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP909\A0652420.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP909\A0652451.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP909\A0653452.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP909\A0653484.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP910\A0656490.com a variant of Win32/Kryptik.XZQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP910\A0656507.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP910\A0656541.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP910\A0659539.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP911\A0660539.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP911\A0660579.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP911\A0660611.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP911\A0660645.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP911\A0660655.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP912\A0660714.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP913\A0660766.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP913\A0661765.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP915\A0662769.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP916\A0663766.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP916\A0664765.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP916\A0664891.exe probably a variant of Win32/Spy.KeyLogger.LFJNMOG trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP925\A0665977.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Link to post
Share on other sites

Great! ESET cleaned up the last of it. :)

Next, let's see what programs of yours we can update to better secure your computer:

Please download Security Check by screen317 from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Link to post
Share on other sites

All righty, here it is:

Results of screen317's Security Check version 0.99.30

Windows XP Service Pack 3 x86

Internet Explorer 6 Out of date!

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

ESET Online Scanner v3

Microsoft Security Essentials

Antivirus out of date!

```````````````````````````````

Anti-malware/Other Utilities Check:

Spybot - Search & Destroy

Java 6 Update 17

Java 6 Update 4

Java 6 Update 5

Java SE Development Kit 6 Update 12

Java DB 10.4.1.3

Java version out of date!

Adobe Flash Player 11.1.102.55

Adobe Reader X (10.1.1)

Mozilla Firefox 8.0. Firefox out of Date!

````````````````````````````````

Process Check:

objlist.exe by Laurent

Windows Defender MSMpEng.exe

Microsoft Security Essentials msseces.exe

Microsoft Security Client Antimalware MsMpEng.exe

``````````End of Log````````````

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.