Jump to content

Recommended Posts

I was infected with the whole XP Home Security 2012 deal on December 26th. After some MBAM scans (updated the day before), I found several infections. They seemed to be removed, I checked hidden files and the such to see if anything was left, and everything seemed to be fine afterwards, only leaving PING.EXE being odd and slowing me down. I'm constantly shutting the ping.exe process down, but it's hogging everything up right now!! (currently using 325,188K memory..)

I ran several more scans yesterday and this morning, including a scan last night that showed me a shocking 13 infections. The following are my DDS logs as well as the logs from my recent MBAM scans. I'd really appreciate help as my topic created on the 26th was not replied to at all... ): Thank you in advance!

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_22

Run by Mikan at 12:40:05 on 2011-12-29

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.66 [GMT -7:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

C:\Program Files\Creative\Shared Files\CTAudSvc.exe

C:\Program Files\Google\Update\1.3.21.79\GoogleCrashHandler.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\CTXFIHLP.EXE

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

svchost.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Google\Google Japanese Input\GoogleIMEJaCacheService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe

C:\Program Files\Creative\Shared Files\CTSched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\WTablet\TabUserW.exe

C:\WINDOWS\system32\Tablet.exe

C:\Program Files\Stardock\ObjectDockFree\ObjectDock.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\SYSTEM32\CTXFISPI.EXE

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\program files\mozilla firefox\firefox.exe

C:\program files\mozilla firefox\plugin-container.exe

C:\WINDOWS\System32\ping.exe

C:\WINDOWS\system32\taskmgr.exe

C:\WINDOWS\system32\NOTEPAD.EXE

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyOverride = *.local

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

uRun: [CreativeTaskScheduler] "c:\program files\creative\shared files\CTSched.exe" /logon

uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Creative Software Update] "c:\program files\creative\shared files\software update\AutoUpdate.exe" /Silent

uRun: [Google Update] "c:\documents and settings\mikan\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized

mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC

mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRun: [CTxfiHlp] CTXFIHLP.EXE

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

dRun: [Windows Update Server] c:\documents and settings\mikan\24f2b673-5689.exe

StartupFolder: c:\docume~1\mikan\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe

StartupFolder: c:\docume~1\mikan\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\mikan\application data\dropbox\bin\Dropbox.exe

StartupFolder: c:\docume~1\mikan\startm~1\programs\startup\impuls~1.lnk - c:\program files\impulse\now\ImpulseNow.exe

StartupFolder: c:\docume~1\mikan\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe

StartupFolder: c:\docume~1\mikan\startm~1\programs\startup\stardo~1.lnk - c:\program files\stardock\objectdockfree\ObjectDock.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\tabuse~1.lnk - c:\windows\system32\wtablet\TabUserW.exe

IE: Free YouTube to MP3 Converter - c:\documents and settings\mikan\application data\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm

IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\mikan\start menu\programs\imvu\Run IMVU.lnk

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

LSP: mswsock.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 192.168.0.1 205.171.3.25

TCP: Interfaces\{FB63E3BE-65FD-4613-8D83-C11546222641} : DhcpNameServer = 192.168.0.1 205.171.3.25

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Notify: AtiExtEvent - Ati2evxx.dll

STS: ObjectDockShlExt Class: {1984d045-52cf-49cd-db77-08f378fea4db} - c:\program files\stardock\objectdockfree\ODMenu.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\mikan\application data\mozilla\firefox\profiles\8k0kstmg.default\

FF - prefs.js: browser.startup.homepage - hxxp://sanger.dk/

FF - component: c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll

FF - plugin: c:\documents and settings\mikan\application data\mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\documents and settings\mikan\application data\mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: c:\documents and settings\mikan\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: BlockSite: {dd3d7613-0246-469d-bc65-2a3cc1668adc} - %profile%\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}

FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

FF - Ext: Free YouTube Download (Free Studio) Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

FF - Ext: Stylish: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8} - %profile%\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}

FF - Ext: Shareon Tumblr: 714cb7478d98b1cb51d1f5f515f060c7@link.codefisher.org - %profile%\extensions\714cb7478d98b1cb51d1f5f515f060c7@link.codefisher.org

.

============= SERVICES / DRIVERS ===============

.

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-6-23 218688]

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165648]

R1 MpKsl2bdd6181;MpKsl2bdd6181;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{17c9dde0-bb20-4032-8ac5-569a302dbece}\MpKsl2bdd6181.sys [2011-12-29 29904]

R2 GoogleIMEJaCacheService;Google Japanese Input Cache Service;c:\program files\google\google japanese input\GoogleIMEJaCacheService.exe [2011-9-13 664192]

R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2011-8-19 450848]

R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2010-5-5 171096]

R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2010-5-5 1324120]

R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2010-5-5 72792]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-12-29 40776]

S1 MpKsl00583bc9;MpKsl00583bc9;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5bd4abea-4f99-4350-9cfc-f3eca3666cac}\mpksl00583bc9.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5bd4abea-4f99-4350-9cfc-f3eca3666cac}\MpKsl00583bc9.sys [?]

S1 MpKsl0b1bf2cd;MpKsl0b1bf2cd;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0b173dc8-4444-475e-81a5-926da4397855}\mpksl0b1bf2cd.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0b173dc8-4444-475e-81a5-926da4397855}\MpKsl0b1bf2cd.sys [?]

S1 MpKsl185df515;MpKsl185df515;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d9f3c4c9-5bba-4db0-9587-72c41c53a63d}\mpksl185df515.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d9f3c4c9-5bba-4db0-9587-72c41c53a63d}\MpKsl185df515.sys [?]

S1 MpKsl1bc7b979;MpKsl1bc7b979;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d7a0b234-b325-4dc0-9614-c6258e21c68d}\mpksl1bc7b979.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d7a0b234-b325-4dc0-9614-c6258e21c68d}\MpKsl1bc7b979.sys [?]

S1 MpKsl29020f93;MpKsl29020f93;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b4c47b33-9d77-43d1-a7cc-dc1943cbc441}\mpksl29020f93.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b4c47b33-9d77-43d1-a7cc-dc1943cbc441}\MpKsl29020f93.sys [?]

S1 MpKsl2b23e564;MpKsl2b23e564;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0a3d7649-966e-4129-99a1-67d7a99fb6e6}\mpksl2b23e564.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0a3d7649-966e-4129-99a1-67d7a99fb6e6}\MpKsl2b23e564.sys [?]

S1 MpKsl2c8bd254;MpKsl2c8bd254;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d7a0b234-b325-4dc0-9614-c6258e21c68d}\mpksl2c8bd254.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d7a0b234-b325-4dc0-9614-c6258e21c68d}\MpKsl2c8bd254.sys [?]

S1 MpKsl2c8e3881;MpKsl2c8e3881;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3e99c1e2-305c-429d-9a8d-ef1b81129405}\mpksl2c8e3881.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3e99c1e2-305c-429d-9a8d-ef1b81129405}\MpKsl2c8e3881.sys [?]

S1 MpKsl38af0caf;MpKsl38af0caf;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{06dfd417-cc89-40fe-a7a3-b3ca6a23289a}\mpksl38af0caf.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{06dfd417-cc89-40fe-a7a3-b3ca6a23289a}\MpKsl38af0caf.sys [?]

S1 MpKsl38f08803;MpKsl38f08803;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d9f3c4c9-5bba-4db0-9587-72c41c53a63d}\mpksl38f08803.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d9f3c4c9-5bba-4db0-9587-72c41c53a63d}\MpKsl38f08803.sys [?]

S1 MpKsl391d5a8a;MpKsl391d5a8a;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a5e3bca6-a468-4eca-8236-2556fd23e012}\mpksl391d5a8a.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a5e3bca6-a468-4eca-8236-2556fd23e012}\MpKsl391d5a8a.sys [?]

S1 MpKsl453a567f;MpKsl453a567f;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1372a4bf-5b8a-400a-8dca-cf3256c59974}\mpksl453a567f.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1372a4bf-5b8a-400a-8dca-cf3256c59974}\MpKsl453a567f.sys [?]

S1 MpKsl5b757c40;MpKsl5b757c40;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1124aa19-fce6-4bbe-b0bb-51114cc738ed}\mpksl5b757c40.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1124aa19-fce6-4bbe-b0bb-51114cc738ed}\MpKsl5b757c40.sys [?]

S1 MpKsl5efe89da;MpKsl5efe89da;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2d732830-46ee-4070-953e-36855f4dc005}\mpksl5efe89da.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2d732830-46ee-4070-953e-36855f4dc005}\MpKsl5efe89da.sys [?]

S1 MpKsl6743704b;MpKsl6743704b;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c918e926-75a5-4bba-ab72-8f3b379e2b31}\mpksl6743704b.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c918e926-75a5-4bba-ab72-8f3b379e2b31}\MpKsl6743704b.sys [?]

S1 MpKsl6857b1ad;MpKsl6857b1ad;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{aad29379-8661-4258-baa1-aaef061cabef}\mpksl6857b1ad.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{aad29379-8661-4258-baa1-aaef061cabef}\MpKsl6857b1ad.sys [?]

S1 MpKsl6935dc34;MpKsl6935dc34;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0b173dc8-4444-475e-81a5-926da4397855}\mpksl6935dc34.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0b173dc8-4444-475e-81a5-926da4397855}\MpKsl6935dc34.sys [?]

S1 MpKsl722fe2d0;MpKsl722fe2d0;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1372a4bf-5b8a-400a-8dca-cf3256c59974}\mpksl722fe2d0.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1372a4bf-5b8a-400a-8dca-cf3256c59974}\MpKsl722fe2d0.sys [?]

S1 MpKsl7481101a;MpKsl7481101a;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e53d9442-e252-4c00-9d0d-cb7b6bbc42cb}\mpksl7481101a.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e53d9442-e252-4c00-9d0d-cb7b6bbc42cb}\MpKsl7481101a.sys [?]

S1 MpKsl820a18ec;MpKsl820a18ec;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c8156dd2-e093-420b-9a11-6fc58b2676f4}\mpksl820a18ec.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c8156dd2-e093-420b-9a11-6fc58b2676f4}\MpKsl820a18ec.sys [?]

S1 MpKsl847a4619;MpKsl847a4619;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{91c930eb-7dde-4f37-982f-2a013b0f7d6e}\mpksl847a4619.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{91c930eb-7dde-4f37-982f-2a013b0f7d6e}\MpKsl847a4619.sys [?]

S1 MpKsl87923f45;MpKsl87923f45;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4e350cb6-f3f6-4c65-bff1-e9c0f11dd81f}\mpksl87923f45.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4e350cb6-f3f6-4c65-bff1-e9c0f11dd81f}\MpKsl87923f45.sys [?]

S1 MpKsl8b00fb0e;MpKsl8b00fb0e;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1551b41d-9585-4c31-9c20-5dfbae648aec}\mpksl8b00fb0e.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1551b41d-9585-4c31-9c20-5dfbae648aec}\MpKsl8b00fb0e.sys [?]

S1 MpKsl90998879;MpKsl90998879;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8c223729-56dc-4f84-8d7b-c9044ca64d9a}\mpksl90998879.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8c223729-56dc-4f84-8d7b-c9044ca64d9a}\MpKsl90998879.sys [?]

S1 MpKsl91166335;MpKsl91166335;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7669262d-8dfc-4d8e-8537-425400a5ec0c}\mpksl91166335.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7669262d-8dfc-4d8e-8537-425400a5ec0c}\MpKsl91166335.sys [?]

S1 MpKsl966aab78;MpKsl966aab78;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{91c930eb-7dde-4f37-982f-2a013b0f7d6e}\mpksl966aab78.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{91c930eb-7dde-4f37-982f-2a013b0f7d6e}\MpKsl966aab78.sys [?]

S1 MpKsl9d5b14ac;MpKsl9d5b14ac;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{20275aa2-9196-4ebe-86ab-e638bd6a65c4}\mpksl9d5b14ac.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{20275aa2-9196-4ebe-86ab-e638bd6a65c4}\MpKsl9d5b14ac.sys [?]

S1 MpKsla12deac1;MpKsla12deac1;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{15a308b0-83f5-48fa-af9d-0cd712964390}\mpksla12deac1.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{15a308b0-83f5-48fa-af9d-0cd712964390}\MpKsla12deac1.sys [?]

S1 MpKsla274dc94;MpKsla274dc94;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c8156dd2-e093-420b-9a11-6fc58b2676f4}\mpksla274dc94.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c8156dd2-e093-420b-9a11-6fc58b2676f4}\MpKsla274dc94.sys [?]

S1 MpKsla2cff44a;MpKsla2cff44a;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{15a308b0-83f5-48fa-af9d-0cd712964390}\mpksla2cff44a.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{15a308b0-83f5-48fa-af9d-0cd712964390}\MpKsla2cff44a.sys [?]

S1 MpKsla9761909;MpKsla9761909;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{501ff842-8ef7-4859-9e1e-3435bcf607a7}\mpksla9761909.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{501ff842-8ef7-4859-9e1e-3435bcf607a7}\MpKsla9761909.sys [?]

S1 MpKslb30300e0;MpKslb30300e0;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2d732830-46ee-4070-953e-36855f4dc005}\mpkslb30300e0.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2d732830-46ee-4070-953e-36855f4dc005}\MpKslb30300e0.sys [?]

S1 MpKslb57e28da;MpKslb57e28da;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7c06cd88-5330-4717-86dc-6817e74f16a7}\mpkslb57e28da.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7c06cd88-5330-4717-86dc-6817e74f16a7}\MpKslb57e28da.sys [?]

S1 MpKslb78d6b9b;MpKslb78d6b9b;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{74c3f2de-b138-41d1-8a8b-5d111a242cb2}\mpkslb78d6b9b.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{74c3f2de-b138-41d1-8a8b-5d111a242cb2}\MpKslb78d6b9b.sys [?]

S1 MpKslc18e2046;MpKslc18e2046;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2d732830-46ee-4070-953e-36855f4dc005}\mpkslc18e2046.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2d732830-46ee-4070-953e-36855f4dc005}\MpKslc18e2046.sys [?]

S1 MpKslc4cecf06;MpKslc4cecf06;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{fa6d8516-53fe-4496-8088-5674cf05ed6e}\mpkslc4cecf06.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{fa6d8516-53fe-4496-8088-5674cf05ed6e}\MpKslc4cecf06.sys [?]

S1 MpKslc82c8c55;MpKslc82c8c55;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{59efa119-6f6c-4694-9a86-cf7c7c381be5}\mpkslc82c8c55.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{59efa119-6f6c-4694-9a86-cf7c7c381be5}\MpKslc82c8c55.sys [?]

S1 MpKsld4994d92;MpKsld4994d92;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{62ef42e8-0ecd-42c0-942e-cd69e6615624}\mpksld4994d92.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{62ef42e8-0ecd-42c0-942e-cd69e6615624}\MpKsld4994d92.sys [?]

S1 MpKslda1dbb56;MpKslda1dbb56;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e53d9442-e252-4c00-9d0d-cb7b6bbc42cb}\mpkslda1dbb56.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e53d9442-e252-4c00-9d0d-cb7b6bbc42cb}\MpKslda1dbb56.sys [?]

S1 MpKsle363f9a0;MpKsle363f9a0;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ce5dbafa-23c5-4af5-9903-dc9827272342}\mpksle363f9a0.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ce5dbafa-23c5-4af5-9903-dc9827272342}\MpKsle363f9a0.sys [?]

S1 MpKslecb5a26e;MpKslecb5a26e;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{59efa119-6f6c-4694-9a86-cf7c7c381be5}\mpkslecb5a26e.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{59efa119-6f6c-4694-9a86-cf7c7c381be5}\MpKslecb5a26e.sys [?]

S1 MpKslf06818e1;MpKslf06818e1;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5954afff-76f7-46ef-b4de-99bc03d5975f}\mpkslf06818e1.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5954afff-76f7-46ef-b4de-99bc03d5975f}\MpKslf06818e1.sys [?]

S1 MpKslf1a8cd8a;MpKslf1a8cd8a;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3788b5a1-e1f0-4554-b71f-8db77129ee2e}\mpkslf1a8cd8a.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3788b5a1-e1f0-4554-b71f-8db77129ee2e}\MpKslf1a8cd8a.sys [?]

S1 MpKslf9de021a;MpKslf9de021a;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{59efa119-6f6c-4694-9a86-cf7c7c381be5}\mpkslf9de021a.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{59efa119-6f6c-4694-9a86-cf7c7c381be5}\MpKslf9de021a.sys [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-8-4 136176]

S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2011-6-16 79360]

S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2010-5-5 171096]

S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2010-5-5 1324120]

S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2010-5-5 72792]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-8-4 136176]

S3 NPF;WinPcap Packet Driver (NPF);c:\windows\system32\drivers\npf.sys [2011-12-26 50704]

.

=============== Created Last 30 ================

.

2011-12-29 17:02:34 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-12-29 16:58:11 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{17c9dde0-bb20-4032-8ac5-569a302dbece}\MpKsl2bdd6181.sys

2011-12-29 16:57:44 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{17c9dde0-bb20-4032-8ac5-569a302dbece}\offreg.dll

2011-12-26 14:09:36 50704 ----a-w- c:\windows\system32\drivers\npf.sys

2011-12-26 14:09:35 281104 ----a-w- c:\windows\system32\wpcap.dll

2011-12-26 14:09:34 100880 ----a-w- c:\windows\system32\Packet.dll

2011-12-26 03:08:15 -------- d-----w- C:\tdsskiller

2011-12-26 01:42:50 -------- d-----w- C:\xp_exe_fix

2011-12-25 09:13:48 6823496 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{17c9dde0-bb20-4032-8ac5-569a302dbece}\mpengine.dll

.

==================== Find3M ====================

.

2011-12-10 22:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys

2011-11-01 20:35:20 81920 ----a-w- c:\windows\system32\ieencode.dll

2011-11-01 20:35:20 667136 ----a-w- c:\windows\system32\wininet.dll

2011-11-01 20:35:20 61952 ----a-w- c:\windows\system32\tdc.ocx

2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll

2011-11-01 15:02:49 369664 ----a-w- c:\windows\system32\html.iec

2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll

2011-10-25 13:37:08 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-10-25 12:52:02 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-10-18 11:13:22 186880 ----a-w- c:\windows\system32\encdec.dll

2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-10-07 21:56:40 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

.

============= FINISH: 12:42:14.84 ===============

________________________________________________________________________________________________________

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 6/16/2011 8:12:52 PM

System Uptime: 12/29/2011 9:56:52 AM (3 hours ago)

.

Motherboard: Dell Inc. | | 0WG855

Processor: Intel® Core2 CPU 6300 @ 1.86GHz | Microprocessor | 1862/1066mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 233 GiB total, 89.088 GiB free.

D: is CDROM ()

E: is CDROM ()

F: is Removable

G: is Removable

H: is Removable

I: is Removable

J: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}

Description: PCI Simple Communications Controller

Device ID: PCI\VEN_14F1&DEV_2F20&SUBSYS_200F14F1&REV_00\4&1B02CB0B&0&28F0

Manufacturer:

Name: PCI Simple Communications Controller

PNP Device ID: PCI\VEN_14F1&DEV_2F20&SUBSYS_200F14F1&REV_00\4&1B02CB0B&0&28F0

Service:

.

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}

Description:

Device ID: ACPI\AWY0001\2&DABA3FF&0

Manufacturer:

Name:

PNP Device ID: ACPI\AWY0001\2&DABA3FF&0

Service:

.

==== System Restore Points ===================

.

RP169: 9/30/2011 7:26:36 PM - Software Distribution Service 3.0

RP170: 10/1/2011 7:26:43 PM - Software Distribution Service 3.0

RP171: 10/2/2011 1:43:15 AM - Software Distribution Service 3.0

RP172: 10/2/2011 7:26:42 PM - Software Distribution Service 3.0

RP173: 10/3/2011 7:26:31 PM - Software Distribution Service 3.0

RP174: 10/4/2011 7:28:57 PM - Software Distribution Service 3.0

RP175: 10/5/2011 7:29:04 PM - Software Distribution Service 3.0

RP176: 10/6/2011 7:27:28 PM - Software Distribution Service 3.0

RP177: 10/7/2011 9:13:19 PM - Software Distribution Service 3.0

RP178: 10/8/2011 11:44:48 PM - System Checkpoint

RP179: 10/9/2011 2:25:03 AM - Software Distribution Service 3.0

RP180: 10/9/2011 9:55:25 AM - Software Distribution Service 3.0

RP181: 10/10/2011 9:55:44 AM - Software Distribution Service 3.0

RP182: 10/11/2011 9:55:57 AM - Software Distribution Service 3.0

RP183: 10/12/2011 9:56:23 AM - Software Distribution Service 3.0

RP184: 10/13/2011 9:56:37 AM - Software Distribution Service 3.0

RP185: 10/14/2011 3:00:21 AM - Software Distribution Service 3.0

RP186: 10/14/2011 9:55:48 AM - Software Distribution Service 3.0

RP187: 10/15/2011 10:02:13 AM - System Checkpoint

RP188: 10/15/2011 3:35:00 PM - Software Distribution Service 3.0

RP189: 10/16/2011 2:19:20 AM - Software Distribution Service 3.0

RP190: 10/16/2011 3:31:00 PM - Software Distribution Service 3.0

RP191: 10/17/2011 3:31:54 PM - Software Distribution Service 3.0

RP192: 10/18/2011 3:31:19 PM - Software Distribution Service 3.0

RP193: 10/19/2011 3:31:56 PM - Software Distribution Service 3.0

RP194: 10/20/2011 3:31:26 PM - Software Distribution Service 3.0

RP195: 10/21/2011 3:42:10 PM - System Checkpoint

RP196: 10/21/2011 8:42:02 PM - Software Distribution Service 3.0

RP197: 10/22/2011 11:51:23 PM - System Checkpoint

RP198: 10/23/2011 1:43:21 AM - Software Distribution Service 3.0

RP199: 10/23/2011 10:19:57 AM - Software Distribution Service 3.0

RP200: 10/24/2011 10:19:04 AM - Software Distribution Service 3.0

RP201: 10/25/2011 10:19:47 AM - Software Distribution Service 3.0

RP202: 10/25/2011 10:41:51 PM - Installed FINAL FANTASY XI for Windows - Official Benchmark Prog

RP203: 10/26/2011 10:19:54 AM - Software Distribution Service 3.0

RP204: 10/27/2011 10:20:08 AM - Software Distribution Service 3.0

RP205: 10/28/2011 10:20:22 AM - Software Distribution Service 3.0

RP206: 10/29/2011 10:20:49 AM - Software Distribution Service 3.0

RP207: 10/30/2011 1:43:27 AM - Software Distribution Service 3.0

RP208: 10/30/2011 10:21:10 AM - Software Distribution Service 3.0

RP209: 10/31/2011 10:20:10 AM - Software Distribution Service 3.0

RP210: 11/1/2011 10:20:12 AM - Software Distribution Service 3.0

RP211: 11/2/2011 10:20:57 AM - Software Distribution Service 3.0

RP212: 11/3/2011 10:20:49 AM - Software Distribution Service 3.0

RP213: 11/4/2011 10:20:56 AM - Software Distribution Service 3.0

RP214: 11/5/2011 10:20:01 AM - Software Distribution Service 3.0

RP215: 11/6/2011 1:49:13 AM - Software Distribution Service 3.0

RP216: 11/6/2011 11:55:39 AM - Software Distribution Service 3.0

RP217: 11/7/2011 11:55:55 AM - Software Distribution Service 3.0

RP218: 11/8/2011 12:28:02 PM - System Checkpoint

RP219: 11/8/2011 7:32:08 PM - Software Distribution Service 3.0

RP220: 11/9/2011 3:00:16 AM - Software Distribution Service 3.0

RP221: 11/9/2011 7:31:25 PM - Software Distribution Service 3.0

RP222: 11/10/2011 7:33:49 PM - Software Distribution Service 3.0

RP223: 11/11/2011 3:00:16 AM - Software Distribution Service 3.0

RP224: 11/12/2011 3:52:44 AM - System Checkpoint

RP225: 11/12/2011 12:56:02 PM - Software Distribution Service 3.0

RP226: 11/13/2011 2:05:57 AM - Software Distribution Service 3.0

RP227: 11/13/2011 11:38:22 AM - Installed PlayOnline Viewer & Tetra Master

RP228: 11/13/2011 11:49:51 AM - Installed FINAL FANTASY XI

RP229: 11/13/2011 1:12:28 PM - Software Distribution Service 3.0

RP230: 11/14/2011 1:03:53 PM - Software Distribution Service 3.0

RP231: 11/15/2011 12:55:47 PM - Software Distribution Service 3.0

RP232: 11/16/2011 12:56:28 PM - Software Distribution Service 3.0

RP233: 11/17/2011 12:56:11 PM - Software Distribution Service 3.0

RP234: 11/18/2011 12:56:02 PM - Software Distribution Service 3.0

RP235: 11/19/2011 4:52:15 PM - Software Distribution Service 3.0

RP236: 11/20/2011 1:35:45 AM - Software Distribution Service 3.0

RP237: 11/21/2011 1:40:35 AM - System Checkpoint

RP238: 11/21/2011 1:43:31 PM - Software Distribution Service 3.0

RP239: 11/22/2011 2:02:52 PM - System Checkpoint

RP240: 11/22/2011 7:07:03 PM - Software Distribution Service 3.0

RP241: 11/23/2011 11:05:16 PM - System Checkpoint

RP242: 11/24/2011 5:40:02 PM - Software Distribution Service 3.0

RP243: 11/26/2011 12:21:54 AM - System Checkpoint

RP244: 11/26/2011 3:25:31 PM - Software Distribution Service 3.0

RP245: 11/27/2011 1:58:44 AM - Software Distribution Service 3.0

RP246: 11/27/2011 2:06:14 PM - Installed Python 2.6.5

RP247: 11/27/2011 3:24:04 PM - Software Distribution Service 3.0

RP248: 11/28/2011 3:23:05 PM - Software Distribution Service 3.0

RP249: 11/29/2011 3:24:17 PM - Software Distribution Service 3.0

RP250: 11/30/2011 3:24:23 PM - Software Distribution Service 3.0

RP251: 12/1/2011 3:23:01 PM - Software Distribution Service 3.0

RP252: 12/2/2011 3:23:16 PM - Software Distribution Service 3.0

RP253: 12/3/2011 3:24:03 PM - Software Distribution Service 3.0

RP254: 12/4/2011 2:30:09 AM - Software Distribution Service 3.0

RP255: 12/4/2011 10:13:28 PM - Software Distribution Service 3.0

RP256: 12/5/2011 11:57:24 PM - System Checkpoint

RP257: 12/6/2011 3:11:33 PM - Software Distribution Service 3.0

RP258: 12/7/2011 3:04:44 PM - Software Distribution Service 3.0

RP259: 12/8/2011 4:17:57 PM - System Checkpoint

RP260: 12/8/2011 5:53:20 PM - Software Distribution Service 3.0

RP261: 12/9/2011 5:47:10 PM - Software Distribution Service 3.0

RP262: 12/10/2011 5:46:45 PM - Software Distribution Service 3.0

RP263: 12/11/2011 2:14:15 AM - Software Distribution Service 3.0

RP264: 12/12/2011 2:23:00 AM - System Checkpoint

RP265: 12/12/2011 11:26:27 AM - Software Distribution Service 3.0

RP266: 12/13/2011 9:24:41 PM - Software Distribution Service 3.0

RP267: 12/14/2011 3:00:17 AM - Software Distribution Service 3.0

RP268: 12/15/2011 3:22:12 AM - System Checkpoint

RP269: 12/15/2011 3:25:13 AM - Software Distribution Service 3.0

RP270: 12/16/2011 3:24:18 AM - Software Distribution Service 3.0

RP271: 12/17/2011 3:49:03 AM - System Checkpoint

RP272: 12/17/2011 6:11:46 AM - Software Distribution Service 3.0

RP273: 12/17/2011 6:28:28 AM - Software Distribution Service 3.0

RP274: 12/18/2011 2:06:43 AM - Software Distribution Service 3.0

RP275: 12/19/2011 2:18:20 AM - System Checkpoint

RP276: 12/19/2011 6:23:31 AM - Software Distribution Service 3.0

RP277: 12/20/2011 6:24:17 AM - System Checkpoint

RP278: 12/20/2011 7:27:41 PM - Software Distribution Service 3.0

RP279: 12/21/2011 7:28:07 PM - Software Distribution Service 3.0

RP280: 12/22/2011 7:28:05 PM - Software Distribution Service 3.0

RP281: 12/23/2011 7:59:26 PM - System Checkpoint

RP282: 12/23/2011 9:02:50 PM - Software Distribution Service 3.0

RP283: 12/24/2011 9:02:45 PM - Software Distribution Service 3.0

RP284: 12/25/2011 2:13:41 AM - Software Distribution Service 3.0

RP285: 12/26/2011 3:03:23 AM - System Checkpoint

RP286: 12/27/2011 4:26:33 AM - System Checkpoint

RP287: 12/28/2011 4:55:11 AM - System Checkpoint

RP288: 12/29/2011 5:19:02 AM - System Checkpoint

.

==== Installed Programs ======================

.

Adobe Bridge 1.0

Adobe Common File Installer

Adobe Flash Player 11 Plugin

Adobe Help Center 1.0

Adobe Photoshop CS2

Adobe Stock Photos 1.0

ƒOƒŠ[ƒtƒVƒ“ƒhƒ[ƒ€

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ATI - Software Uninstall Utility

ATI Catalyst Control Center

ATI Display Driver

Audacity 1.3.13 (Unicode)

Bonjour

CameraHelperMsi

Catalyst Control Center - Branding

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Graphics Previews Common

Catalyst Control Center HydraVision Full

Catalyst Control Center Localization All

ccc-core-preinstall

ccc-core-static

ccc-utility

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

ClassicPro© v1.15

Combined Community Codec Pack 2011-07-30

Creative Audio Control Panel

Creative Software AutoUpdate

DAEMON Tools Lite

DisplayFusion 3.3.1

Dropbox

EPSON TWAIN 5

erLT

FINAL FANTASY XI

FINAL FANTASY XI for Windows - Official Benchmark Program 3

Firestorm-Beta-Mesh (remove only)

foobar2000 v1.1.7

Foxit Reader 5.0

Fraps (remove only)

Free YouTube to MP3 Converter version 3.10.6.727

Google ?????

Google Chrome

Google Talk Plugin

Google Update Helper

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

ILLUSION ????????

ILLUSION ???????? ??????

Impulse®

Intel® PRO Network Connections Drivers

iTunes

Java Auto Updater

Java 6 Update 22

LAME v3.98.3 for Audacity

Last.fm 1.5.4.27091

Logitech Webcam Software

LWS Facebook

LWS Gallery

LWS Help_main

LWS Launcher

LWS Motion Detection

LWS Pictures And Video

LWS Twitter

LWS Video Mask Maker

LWS VideoEffects

LWS Webcam Software

LWS WLM Plugin

LWS YouTube Plugin

Malwarebytes Anti-Malware version 1.60.0.1800

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Antimalware

Microsoft Application Error Reporting

Microsoft AppLocale

Microsoft Security Client

Microsoft Security Essentials

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Microsoft Windows Application Compatibility Database

Mozilla Firefox (3.6.25)

ObjectDock Free

OpenAL

OpenOffice.org 3.3

Phoenix Viewer 1.5.2.1102

Pidgin

PlayOnline Viewer & Tetra Master

PyQt GPL v4.8.6 for Python v2.6 (x86)

Python 2.6 PyOpenGL-3.0.1

Python 2.6.5

QuickTime

RadioShack USB to Serial Cable

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Microsoft Windows (KB2564958)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2510581)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2530548)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544521)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2559049)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2586448)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2618444)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923789)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982665)

Skins

Skype Click to Call

Skype·5.5

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2607712)

Update for Windows XP (KB2616676)

Update for Windows XP (KB2641690)

Update for Windows XP (KB898461)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

Wacom Tablet Driver

WebFldrs XP

Winamp

Winamp Detector Plug-in

Windows Genuine Advantage Notifications (KB905474)

Windows Media Format Runtime

WinRAR 4.00 (32-bit)

XML Paper Specification Shared Components Pack 1.0

.

==== Event Viewer Messages From Past Week ========

.

12/29/2011 9:58:41 AM, error: System Error [1003] - Error code 10000050, parameter1 aa572000, parameter2 00000001, parameter3 8053a6c8, parameter4 00000000.

12/29/2011 12:40:38 PM, error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.

12/29/2011 10:08:19 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.1714.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.

12/28/2011 7:02:22 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.1714.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.

12/28/2011 6:57:21 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.1714.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.

12/28/2011 11:13:52 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.1714.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.

12/28/2011 10:26:43 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.1714.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.

12/27/2011 7:02:18 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.1714.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.

12/26/2011 8:30:33 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.1714.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.

12/26/2011 3:55:43 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.1714.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.

12/26/2011 11:26:29 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.1714.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.

12/26/2011 10:49:46 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.1714.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.

12/26/2011 10:33:08 AM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.

12/25/2011 6:43:29 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

12/25/2011 6:43:02 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

12/25/2011 6:35:39 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm MpFilter

12/25/2011 6:31:22 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MpFilter MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip

12/25/2011 6:31:22 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.

12/25/2011 6:31:22 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.

12/25/2011 6:31:22 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

12/25/2011 6:31:22 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.

12/25/2011 6:31:22 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

12/25/2011 6:31:22 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

12/25/2011 6:13:27 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

12/25/2011 6:12:26 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

12/25/2011 6:06:31 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

.

==== End Of File ===========================

Moderator note: MBAM logs attached !!!

Link to post
Share on other sites

Hello milky and welcome to Malwarebytes! :welcome:

I apologize for the delay.

I am D-FRED-BROWN and I will be helping you. :)

Please print or save this topic: it will make it easier for you to follow the instructions and complete all of the necessary steps.

-------------

Please download Farbar Service Scanner and run it on the computer with the issue.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore

    [*]Press "Scan".

    [*]It will create a log (FSS.txt) in the same directory the tool is run.

    [*]Please copy and paste the log to your reply.

-------------

Please download to your Desktop:

  • TDSSKiller.zip from here and extract it (right click on it => "Extract here").

>>> TDSSKiller: Double-click on TDSSKiller.exe to run the application.

  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue tdsskiller2.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue tdsskiller3.png
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

In your next reply, please include the following (you may need to use two posts to get it all in):

  • TDSSKiller_log.txt
how the PC is running now?
-------------
Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
***IMPORTANT: save ComboFix to your Desktop***
* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Please go here to see a list of programs that should be disabled.
**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**
Please include the C:\ComboFix.txt in your next reply for further review.
Also, please let me know if any problems still remain.
-------------
Please print out these instructions or copy them to a Notepad file for an easier reading and download MBRCheck by a_d_13 to your Desktop from one of these locations:
http://ad13.geekstogo.com/MBRCheck.exe
http://download.bleepingcomputer.com/rootrepeal/MBRCheck.exe
http://www.kernelmode.info/MBRCheck.exe
Close all opened programs/ windows and double-click on MBRCheck.exe.
It will produce a log file saved automatically on your Desktop as "MBRCheck_[Date]_[Time].txt".
Press the "Enter" key to close the MBRCheck window and post the contents of the log file.
-------------
In your next reply, please include:
  • FSS.txt
  • TDSSKiller report
  • C:\ComboFix.txt
  • MBRCheck report

How is your computer running now?

Link to post
Share on other sites

Thanks so much for the reply, D-FRED-BROWN. :) I followed the steps and here are my logs! (ComboFix found a rootkit, too! scary stuff~):

Farbar Service Scanner

Ran by Mikan (administrator) on 01-01-2012 at 17:42:01

Microsoft Windows XP Professional Service Pack 3 (X86)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Yahoo IP is accessible.

Windows Firewall:

=============

Firewall Disabled Policy:

==================

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall"=DWORD:0

System Restore:

============

System Restore Disabled Policy:

========================

File Check:

========

C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit

C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\netbt.sys

[2008-04-14 05:00] - [2008-04-14 05:00] - 0162816 ____A () 732FB4B0B4F492AB7A1D2227CA2B2D43

C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit

C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit

C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit

C:\WINDOWS\system32\netman.dll => MD5 is legit

C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit

C:\WINDOWS\system32\srsvc.dll => MD5 is legit

C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit

C:\WINDOWS\system32\svchost.exe => MD5 is legit

C:\WINDOWS\system32\rpcss.dll => MD5 is legit

C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:

=======

Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)

0x0700000005000000010000000200000003000000040000000600000007000000

IpSec Tag value is correct.

**** End of log ****

----------

17:45:28.0125 2432 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16

17:45:28.0859 2432 ============================================================

17:45:28.0859 2432 Current date / time: 2012/01/01 17:45:28.0859

17:45:28.0859 2432 SystemInfo:

17:45:28.0859 2432

17:45:28.0859 2432 OS Version: 5.1.2600 ServicePack: 3.0

17:45:28.0859 2432 Product type: Workstation

17:45:28.0859 2432 ComputerName: MARI

17:45:28.0859 2432 UserName: Mikan

17:45:28.0875 2432 Windows directory: C:\WINDOWS

17:45:28.0875 2432 System windows directory: C:\WINDOWS

17:45:28.0875 2432 Processor architecture: Intel x86

17:45:28.0875 2432 Number of processors: 2

17:45:28.0875 2432 Page size: 0x1000

17:45:28.0875 2432 Boot type: Normal boot

17:45:28.0875 2432 ============================================================

17:45:30.0218 2432 Initialize success

17:45:45.0234 5504 ============================================================

17:45:45.0234 5504 Scan started

17:45:45.0234 5504 Mode: Manual;

17:45:45.0234 5504 ============================================================

17:45:45.0390 5504 Abiosdsk - ok

17:45:45.0453 5504 abp480n5 - ok

17:45:45.0562 5504 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

17:45:45.0562 5504 ACPI - ok

17:45:45.0625 5504 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

17:45:45.0625 5504 ACPIEC - ok

17:45:45.0671 5504 adpu160m - ok

17:45:45.0718 5504 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

17:45:45.0734 5504 aec - ok

17:45:45.0796 5504 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

17:45:45.0812 5504 AFD - ok

17:45:45.0812 5504 Aha154x - ok

17:45:45.0828 5504 aic78u2 - ok

17:45:45.0843 5504 aic78xx - ok

17:45:45.0843 5504 AliIde - ok

17:45:45.0859 5504 amsint - ok

17:45:45.0875 5504 asc - ok

17:45:45.0875 5504 asc3350p - ok

17:45:45.0890 5504 asc3550 - ok

17:45:45.0953 5504 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

17:45:45.0953 5504 AsyncMac - ok

17:45:46.0000 5504 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

17:45:46.0000 5504 atapi - ok

17:45:46.0015 5504 Atdisk - ok

17:45:46.0156 5504 ati2mtag (c0b86ecb324e50f6bbd529f9d5c6b24b) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

17:45:46.0765 5504 ati2mtag - ok

17:45:46.0890 5504 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

17:45:46.0890 5504 Atmarpc - ok

17:45:46.0953 5504 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

17:45:46.0953 5504 audstub - ok

17:45:47.0000 5504 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

17:45:47.0000 5504 Beep - ok

17:45:47.0062 5504 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

17:45:47.0062 5504 cbidf2k - ok

17:45:47.0109 5504 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

17:45:47.0125 5504 CCDECODE - ok

17:45:47.0171 5504 cd20xrnt - ok

17:45:47.0234 5504 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

17:45:47.0234 5504 Cdaudio - ok

17:45:47.0296 5504 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

17:45:47.0296 5504 Cdfs - ok

17:45:47.0343 5504 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

17:45:47.0375 5504 Cdrom - ok

17:45:47.0390 5504 Changer - ok

17:45:47.0406 5504 CmdIde - ok

17:45:47.0437 5504 Cpqarray - ok

17:45:47.0500 5504 CT20XUT (b9106942eb5dd0e034ab40a9d48d056e) C:\WINDOWS\system32\drivers\CT20XUT.SYS

17:45:47.0500 5504 CT20XUT - ok

17:45:47.0531 5504 CT20XUT.SYS (b9106942eb5dd0e034ab40a9d48d056e) C:\WINDOWS\System32\drivers\CT20XUT.SYS

17:45:47.0531 5504 CT20XUT.SYS - ok

17:45:47.0546 5504 ctac32k (f2b1d0a3d21bd0d9f46457cbcec1a0e9) C:\WINDOWS\system32\drivers\ctac32k.sys

17:45:47.0562 5504 ctac32k - ok

17:45:47.0593 5504 ctaud2k (44f60a5e3c3a8a6bba4c280948ea6095) C:\WINDOWS\system32\drivers\ctaud2k.sys

17:45:47.0609 5504 ctaud2k - ok

17:45:47.0640 5504 ctdvda2k (8cbe82d6bbf206e144f22cb33fab1f2c) C:\WINDOWS\system32\drivers\ctdvda2k.sys

17:45:47.0640 5504 ctdvda2k - ok

17:45:47.0687 5504 CTEXFIFX (4ae083d16ac9fc9bdf98498f93426226) C:\WINDOWS\system32\drivers\CTEXFIFX.SYS

17:45:47.0718 5504 CTEXFIFX - ok

17:45:47.0765 5504 CTEXFIFX.SYS (4ae083d16ac9fc9bdf98498f93426226) C:\WINDOWS\System32\drivers\CTEXFIFX.SYS

17:45:47.0781 5504 CTEXFIFX.SYS - ok

17:45:47.0796 5504 CTHWIUT (b610bfe02f9fc0cb0b1cde3ec4c13ffa) C:\WINDOWS\system32\drivers\CTHWIUT.SYS

17:45:47.0796 5504 CTHWIUT - ok

17:45:47.0812 5504 CTHWIUT.SYS (b610bfe02f9fc0cb0b1cde3ec4c13ffa) C:\WINDOWS\System32\drivers\CTHWIUT.SYS

17:45:47.0812 5504 CTHWIUT.SYS - ok

17:45:47.0859 5504 ctprxy2k (f0f19a13c948e5289601e354b08e0941) C:\WINDOWS\system32\drivers\ctprxy2k.sys

17:45:47.0859 5504 ctprxy2k - ok

17:45:47.0906 5504 ctsfm2k (c7b2c36a6203a5f3d0a378fd78c5ddd6) C:\WINDOWS\system32\drivers\ctsfm2k.sys

17:45:47.0906 5504 ctsfm2k - ok

17:45:47.0921 5504 dac2w2k - ok

17:45:47.0937 5504 dac960nt - ok

17:45:48.0000 5504 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

17:45:48.0000 5504 Disk - ok

17:45:48.0078 5504 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

17:45:48.0125 5504 dmboot - ok

17:45:48.0140 5504 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

17:45:48.0140 5504 dmio - ok

17:45:48.0140 5504 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

17:45:48.0140 5504 dmload - ok

17:45:48.0218 5504 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

17:45:48.0218 5504 DMusic - ok

17:45:48.0281 5504 dpti2o - ok

17:45:48.0312 5504 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

17:45:48.0312 5504 drmkaud - ok

17:45:48.0390 5504 dtsoftbus01 (555e54ac2f601a8821cef58961653991) C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys

17:45:48.0390 5504 dtsoftbus01 - ok

17:45:48.0453 5504 e1express (17aaca24903e6d5faece3c35de01d3dd) C:\WINDOWS\system32\DRIVERS\e1e5132.sys

17:45:48.0453 5504 e1express - ok

17:45:48.0515 5504 emupia (fb2d6d4d14ae801f5267b0368fc0cb0c) C:\WINDOWS\system32\drivers\emupia2k.sys

17:45:48.0515 5504 emupia - ok

17:45:48.0578 5504 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

17:45:48.0578 5504 Fastfat - ok

17:45:48.0625 5504 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

17:45:48.0625 5504 Fdc - ok

17:45:48.0640 5504 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

17:45:48.0640 5504 Fips - ok

17:45:48.0640 5504 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

17:45:48.0640 5504 Flpydisk - ok

17:45:48.0703 5504 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

17:45:48.0718 5504 FltMgr - ok

17:45:48.0718 5504 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

17:45:48.0718 5504 Fs_Rec - ok

17:45:48.0734 5504 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

17:45:48.0734 5504 Ftdisk - ok

17:45:48.0781 5504 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

17:45:48.0781 5504 GEARAspiWDM - ok

17:45:48.0812 5504 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

17:45:48.0812 5504 Gpc - ok

17:45:48.0937 5504 ha20x2k (7ff1ced1201c169a783b0e81cc561fba) C:\WINDOWS\system32\drivers\ha20x2k.sys

17:45:48.0953 5504 ha20x2k - ok

17:45:49.0046 5504 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

17:45:49.0046 5504 hidusb - ok

17:45:49.0078 5504 hpn - ok

17:45:49.0203 5504 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

17:45:49.0218 5504 HTTP - ok

17:45:49.0281 5504 i2omgmt - ok

17:45:49.0343 5504 i2omp - ok

17:45:49.0421 5504 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys

17:45:49.0421 5504 i8042prt - ok

17:45:49.0500 5504 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

17:45:49.0500 5504 Imapi - ok

17:45:49.0531 5504 ini910u - ok

17:45:49.0578 5504 IntelIde - ok

17:45:49.0625 5504 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

17:45:49.0625 5504 intelppm - ok

17:45:49.0671 5504 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

17:45:49.0671 5504 Ip6Fw - ok

17:45:49.0734 5504 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

17:45:49.0734 5504 IpFilterDriver - ok

17:45:49.0765 5504 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

17:45:49.0765 5504 IpInIp - ok

17:45:49.0828 5504 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

17:45:49.0828 5504 IpNat - ok

17:45:49.0890 5504 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

17:45:49.0890 5504 IPSec - ok

17:45:49.0937 5504 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

17:45:49.0937 5504 IRENUM - ok

17:45:49.0984 5504 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

17:45:49.0984 5504 isapnp - ok

17:45:50.0031 5504 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

17:45:50.0031 5504 Kbdclass - ok

17:45:50.0046 5504 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

17:45:50.0046 5504 kbdhid - ok

17:45:50.0109 5504 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

17:45:50.0109 5504 kmixer - ok

17:45:50.0171 5504 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

17:45:50.0171 5504 KSecDD - ok

17:45:50.0187 5504 lbrtfdc - ok

17:45:50.0250 5504 LVRS (7521c0c58ee91be90b6cc33e792d10c7) C:\WINDOWS\system32\DRIVERS\lvrs.sys

17:45:50.0250 5504 LVRS - ok

17:45:50.0421 5504 LVUVC (37e57c48af530df01cdd4e8a2ad77b51) C:\WINDOWS\system32\DRIVERS\lvuvc.sys

17:45:50.0562 5504 LVUVC - ok

17:45:50.0593 5504 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys

17:45:50.0593 5504 MBAMProtector - ok

17:45:50.0656 5504 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

17:45:50.0656 5504 mnmdd - ok

17:45:50.0687 5504 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

17:45:50.0703 5504 Modem - ok

17:45:50.0734 5504 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

17:45:50.0734 5504 Mouclass - ok

17:45:50.0750 5504 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

17:45:50.0750 5504 mouhid - ok

17:45:50.0765 5504 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

17:45:50.0765 5504 MountMgr - ok

17:45:50.0796 5504 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys

17:45:50.0828 5504 MpFilter - ok

17:45:51.0015 5504 MpKsl00583bc9 - ok

17:45:51.0031 5504 MpKsl0b1bf2cd - ok

17:45:51.0031 5504 MpKsl185df515 - ok

17:45:51.0046 5504 MpKsl1bc7b979 - ok

17:45:51.0046 5504 MpKsl29020f93 - ok

17:45:51.0046 5504 MpKsl2b23e564 - ok

17:45:51.0062 5504 MpKsl2bdd6181 - ok

17:45:51.0062 5504 MpKsl2c8bd254 - ok

17:45:51.0078 5504 MpKsl2c8e3881 - ok

17:45:51.0078 5504 MpKsl38af0caf - ok

17:45:51.0078 5504 MpKsl38f08803 - ok

17:45:51.0093 5504 MpKsl391d5a8a - ok

17:45:51.0093 5504 MpKsl453a567f - ok

17:45:51.0109 5504 MpKsl5b757c40 - ok

17:45:51.0125 5504 MpKsl5efe89da - ok

17:45:51.0125 5504 MpKsl6743704b - ok

17:45:51.0125 5504 MpKsl6857b1ad - ok

17:45:51.0140 5504 MpKsl6935dc34 - ok

17:45:51.0140 5504 MpKsl722fe2d0 - ok

17:45:51.0156 5504 MpKsl7481101a - ok

17:45:51.0156 5504 MpKsl820a18ec - ok

17:45:51.0156 5504 MpKsl847a4619 - ok

17:45:51.0171 5504 MpKsl87923f45 - ok

17:45:51.0187 5504 MpKsl8b00fb0e - ok

17:45:51.0187 5504 MpKsl90998879 - ok

17:45:51.0203 5504 MpKsl91166335 - ok

17:45:51.0203 5504 MpKsl966aab78 - ok

17:45:51.0218 5504 MpKsl9d5b14ac - ok

17:45:51.0234 5504 MpKsla12deac1 - ok

17:45:51.0234 5504 MpKsla274dc94 - ok

17:45:51.0250 5504 MpKsla2cff44a - ok

17:45:51.0250 5504 MpKsla9761909 - ok

17:45:51.0250 5504 MpKslb30300e0 - ok

17:45:51.0265 5504 MpKslb57e28da - ok

17:45:51.0265 5504 MpKslb78d6b9b - ok

17:45:51.0328 5504 MpKslb9331d1f (a69630d039c38018689190234f866d77) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9CEC1698-24FE-42C0-9D7B-95A934B4DA58}\MpKslb9331d1f.sys

17:45:51.0328 5504 MpKslb9331d1f - ok

17:45:51.0343 5504 MpKslc18e2046 - ok

17:45:51.0359 5504 MpKslc4cecf06 - ok

17:45:51.0375 5504 MpKslc82c8c55 - ok

17:45:51.0375 5504 MpKsld4994d92 - ok

17:45:51.0390 5504 MpKslda1dbb56 - ok

17:45:51.0390 5504 MpKsle363f9a0 - ok

17:45:51.0406 5504 MpKslecb5a26e - ok

17:45:51.0406 5504 MpKslf06818e1 - ok

17:45:51.0421 5504 MpKslf1a8cd8a - ok

17:45:51.0421 5504 MpKslf9de021a - ok

17:45:51.0500 5504 mraid35x - ok

17:45:51.0578 5504 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

17:45:51.0578 5504 MRxDAV - ok

17:45:51.0671 5504 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

17:45:51.0671 5504 MRxSmb - ok

17:45:51.0734 5504 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

17:45:51.0734 5504 Msfs - ok

17:45:51.0796 5504 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

17:45:51.0796 5504 MSKSSRV - ok

17:45:51.0812 5504 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

17:45:51.0812 5504 MSPCLOCK - ok

17:45:51.0843 5504 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

17:45:51.0843 5504 MSPQM - ok

17:45:51.0906 5504 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

17:45:51.0906 5504 mssmbios - ok

17:45:51.0937 5504 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

17:45:51.0953 5504 MSTEE - ok

17:45:51.0984 5504 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

17:45:51.0984 5504 Mup - ok

17:45:52.0031 5504 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

17:45:52.0046 5504 NABTSFEC - ok

17:45:52.0140 5504 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

17:45:52.0140 5504 NDIS - ok

17:45:52.0156 5504 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

17:45:52.0171 5504 NdisIP - ok

17:45:52.0250 5504 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

17:45:52.0265 5504 NdisTapi - ok

17:45:52.0328 5504 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

17:45:52.0328 5504 Ndisuio - ok

17:45:52.0328 5504 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

17:45:52.0343 5504 NdisWan - ok

17:45:52.0375 5504 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

17:45:52.0375 5504 NDProxy - ok

17:45:52.0421 5504 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

17:45:52.0437 5504 NetBIOS - ok

17:45:52.0453 5504 NetBT (732fb4b0b4f492ab7a1d2227ca2b2d43) C:\WINDOWS\system32\DRIVERS\netbt.sys

17:45:52.0453 5504 NetBT - ok

17:45:52.0531 5504 NPF (b9730495e0cf674680121e34bd95a73b) C:\WINDOWS\system32\drivers\NPF.sys

17:45:52.0531 5504 NPF - ok

17:45:52.0625 5504 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

17:45:52.0625 5504 Npfs - ok

17:45:52.0703 5504 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

17:45:52.0718 5504 Ntfs - ok

17:45:52.0781 5504 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

17:45:52.0781 5504 Null - ok

17:45:52.0828 5504 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

17:45:52.0828 5504 NwlnkFlt - ok

17:45:52.0843 5504 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

17:45:52.0843 5504 NwlnkFwd - ok

17:45:52.0906 5504 ossrv (ac5bf1a610effaae9cfc48cb53483f08) C:\WINDOWS\system32\drivers\ctoss2k.sys

17:45:52.0906 5504 ossrv - ok

17:45:52.0953 5504 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys

17:45:52.0953 5504 Parport - ok

17:45:52.0984 5504 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

17:45:52.0984 5504 PartMgr - ok

17:45:53.0015 5504 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

17:45:53.0015 5504 ParVdm - ok

17:45:53.0078 5504 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

17:45:53.0078 5504 PCI - ok

17:45:53.0125 5504 PCIDump - ok

17:45:53.0187 5504 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

17:45:53.0187 5504 PCIIde - ok

17:45:53.0281 5504 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

17:45:53.0296 5504 Pcmcia - ok

17:45:53.0343 5504 PDCOMP - ok

17:45:53.0406 5504 PDFRAME - ok

17:45:53.0437 5504 PDRELI - ok

17:45:53.0468 5504 PDRFRAME - ok

17:45:53.0515 5504 PenClass (4a108cc9cc0e0605e68cce7021479879) C:\WINDOWS\system32\Drivers\PenClass.sys

17:45:53.0515 5504 PenClass - ok

17:45:53.0562 5504 perc2 - ok

17:45:53.0609 5504 perc2hib - ok

17:45:53.0687 5504 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

17:45:53.0687 5504 PptpMiniport - ok

17:45:53.0703 5504 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

17:45:53.0703 5504 PSched - ok

17:45:53.0718 5504 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

17:45:53.0718 5504 Ptilink - ok

17:45:53.0750 5504 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys

17:45:53.0750 5504 PxHelp20 - ok

17:45:53.0765 5504 ql1080 - ok

17:45:53.0765 5504 Ql10wnt - ok

17:45:53.0781 5504 ql12160 - ok

17:45:53.0781 5504 ql1240 - ok

17:45:53.0812 5504 ql1280 - ok

17:45:53.0828 5504 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

17:45:53.0828 5504 RasAcd - ok

17:45:53.0890 5504 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

17:45:53.0906 5504 Rasl2tp - ok

17:45:53.0921 5504 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

17:45:53.0937 5504 RasPppoe - ok

17:45:53.0968 5504 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

17:45:53.0968 5504 Raspti - ok

17:45:54.0031 5504 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

17:45:54.0031 5504 Rdbss - ok

17:45:54.0062 5504 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

17:45:54.0062 5504 RDPCDD - ok

17:45:54.0187 5504 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

17:45:54.0187 5504 rdpdr - ok

17:45:54.0250 5504 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

17:45:54.0250 5504 RDPWD - ok

17:45:54.0281 5504 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

17:45:54.0312 5504 redbook - ok

17:45:54.0375 5504 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

17:45:54.0375 5504 Secdrv - ok

17:45:54.0421 5504 Ser2pl (95eeb5a6843238c829aaa9c05168c09c) C:\WINDOWS\system32\DRIVERS\ser2pl.sys

17:45:54.0437 5504 Ser2pl - ok

17:45:54.0468 5504 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

17:45:54.0484 5504 Serenum - ok

17:45:54.0500 5504 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys

17:45:54.0500 5504 Serial - ok

17:45:54.0546 5504 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

17:45:54.0546 5504 Sfloppy - ok

17:45:54.0578 5504 Simbad - ok

17:45:54.0671 5504 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

17:45:54.0687 5504 SLIP - ok

17:45:54.0703 5504 Sparrow - ok

17:45:54.0750 5504 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

17:45:54.0750 5504 splitter - ok

17:45:54.0796 5504 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

17:45:54.0812 5504 sr - ok

17:45:54.0890 5504 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

17:45:54.0890 5504 Srv - ok

17:45:54.0968 5504 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

17:45:54.0984 5504 streamip - ok

17:45:55.0062 5504 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

17:45:55.0062 5504 swenum - ok

17:45:55.0125 5504 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

17:45:55.0125 5504 swmidi - ok

17:45:55.0140 5504 symc810 - ok

17:45:55.0140 5504 symc8xx - ok

17:45:55.0156 5504 sym_hi - ok

17:45:55.0203 5504 sym_u3 - ok

17:45:55.0281 5504 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

17:45:55.0281 5504 sysaudio - ok

17:45:55.0359 5504 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

17:45:55.0359 5504 Tcpip - ok

17:45:55.0406 5504 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

17:45:55.0406 5504 TDPIPE - ok

17:45:55.0468 5504 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

17:45:55.0468 5504 TDTCP - ok

17:45:55.0500 5504 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

17:45:55.0500 5504 TermDD - ok

17:45:55.0515 5504 TosIde - ok

17:45:55.0593 5504 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

17:45:55.0593 5504 Udfs - ok

17:45:55.0625 5504 ultra - ok

17:45:55.0687 5504 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

17:45:55.0703 5504 Update - ok

17:45:55.0765 5504 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys

17:45:55.0765 5504 USBAAPL - ok

17:45:55.0843 5504 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

17:45:55.0875 5504 usbaudio - ok

17:45:55.0968 5504 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

17:45:55.0984 5504 usbccgp - ok

17:45:56.0062 5504 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

17:45:56.0062 5504 usbehci - ok

17:45:56.0078 5504 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

17:45:56.0078 5504 usbhub - ok

17:45:56.0140 5504 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

17:45:56.0140 5504 usbscan - ok

17:45:56.0203 5504 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

17:45:56.0203 5504 usbstor - ok

17:45:56.0218 5504 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

17:45:56.0218 5504 usbuhci - ok

17:45:56.0250 5504 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys

17:45:56.0265 5504 usbvideo - ok

17:45:56.0343 5504 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

17:45:56.0343 5504 VgaSave - ok

17:45:56.0375 5504 ViaIde - ok

17:45:56.0421 5504 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

17:45:56.0421 5504 VolSnap - ok

17:45:56.0453 5504 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

17:45:56.0468 5504 Wanarp - ok

17:45:56.0468 5504 WDICA - ok

17:45:56.0546 5504 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

17:45:56.0546 5504 wdmaud - ok

17:45:56.0671 5504 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

17:45:56.0687 5504 WSTCODEC - ok

17:45:56.0718 5504 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

17:45:56.0875 5504 \Device\Harddisk0\DR0 - ok

17:45:56.0890 5504 Boot (0x1200) (985996edd8fb64784e06e109f96e3b94) \Device\Harddisk0\DR0\Partition0

17:45:56.0890 5504 \Device\Harddisk0\DR0\Partition0 - ok

17:45:56.0890 5504 ============================================================

17:45:56.0890 5504 Scan finished

17:45:56.0890 5504 ============================================================

17:45:56.0937 0336 Detected object count: 0

17:45:56.0937 0336 Actual detected object count: 0

-----

ComboFix 12-01-01.06 - Mikan 01/01/2012 18:17:44.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.612 [GMT -7:00]

Running from: c:\documents and settings\Mikan\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\TabUserW.exe.lnk

c:\documents and settings\Mikan\WINDOWS

C:\install.exe

C:\Thumbs.db

c:\windows\$NtUninstallKB38659$\3353759973\@

c:\windows\$NtUninstallKB38659$\3353759973\bckfg.tmp

c:\windows\$NtUninstallKB38659$\3353759973\cfg.ini

c:\windows\$NtUninstallKB38659$\3353759973\Desktop.ini

c:\windows\$NtUninstallKB38659$\3353759973\keywords

c:\windows\$NtUninstallKB38659$\3353759973\kwrd.dll

c:\windows\$NtUninstallKB38659$\3353759973\L\xwsuvqbi

c:\windows\$NtUninstallKB38659$\3353759973\lsflt7.ver

c:\windows\$NtUninstallKB38659$\3353759973\U\00000001.@

c:\windows\$NtUninstallKB38659$\3353759973\U\00000002.@

c:\windows\$NtUninstallKB38659$\3353759973\U\00000004.@

c:\windows\$NtUninstallKB38659$\3353759973\U\80000000.@

c:\windows\$NtUninstallKB38659$\3353759973\U\80000004.@

c:\windows\$NtUninstallKB38659$\3353759973\U\80000032.@

c:\windows\$NtUninstallKB38659$\802780827

c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb

c:\windows\system32\drivers\npf.sys

c:\windows\system32\Packet.dll

c:\windows\system32\wpcap.dll

c:\windows\$NtUninstallKB38659$ . . . . Failed to delete

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_NPF

-------\Service_NPF

.

.

((((((((((((((((((((((((( Files Created from 2011-12-02 to 2012-01-02 )))))))))))))))))))))))))))))))

.

.

2012-01-02 01:53 . 2012-01-02 01:53 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9CEC1698-24FE-42C0-9D7B-95A934B4DA58}\offreg.dll

2011-12-31 20:49 . 2011-11-21 10:47 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9CEC1698-24FE-42C0-9D7B-95A934B4DA58}\mpengine.dll

2011-12-30 21:20 . 2008-05-14 00:23 417792 ----a-w- c:\program files\Windows Media Player\Plugins\wmp_scrobbler.dll

2011-12-30 21:19 . 2011-12-30 21:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Last.fm

2011-12-26 03:08 . 2011-12-26 03:08 -------- d-----w- C:\tdsskiller

2011-12-26 02:26 . 2011-12-26 02:27 -------- d-s---w- c:\documents and settings\NetworkService\UserData

2011-12-26 01:42 . 2011-12-26 01:46 -------- d-----w- C:\xp_exe_fix

2011-12-26 00:47 . 2011-12-26 00:47 -------- d-----w- c:\documents and settings\Administrator

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-12-10 22:24 . 2011-06-17 03:34 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-11-23 13:25 . 2008-04-14 12:00 1859584 ----a-w- c:\windows\system32\win32k.sys

2011-11-21 10:47 . 2011-06-18 11:32 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-11-01 20:35 . 2008-04-14 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll

2011-11-01 20:35 . 2008-04-14 12:00 667136 ----a-w- c:\windows\system32\wininet.dll

2011-11-01 20:35 . 2008-04-14 12:00 61952 ----a-w- c:\windows\system32\tdc.ocx

2011-11-01 16:07 . 2008-04-14 12:00 1288704 ----a-w- c:\windows\system32\ole32.dll

2011-11-01 15:02 . 2008-04-14 12:00 369664 ----a-w- c:\windows\system32\html.iec

2011-10-28 05:31 . 2008-04-14 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll

2011-10-25 13:37 . 2008-04-14 12:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-10-25 12:52 . 2008-04-14 00:01 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-10-18 11:13 . 2008-04-14 12:00 186880 ----a-w- c:\windows\system32\encdec.dll

2011-10-10 14:22 . 2011-06-17 03:09 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-10-07 21:56 . 2011-08-27 21:53 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Mikan\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Mikan\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Mikan\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Mikan\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CreativeTaskScheduler"="c:\program files\Creative\Shared Files\CTSched.exe" [2006-11-18 53341]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]

"Creative Software Update"="c:\program files\Creative\Shared Files\Software Update\AutoUpdate.exe" [2009-01-15 430968]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-11 61440]

"CTxfiHlp"="CTXFIHLP.EXE" [2010-05-06 25600]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]

"WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-03-22 74752]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-20 421736]

"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-08-12 205336]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-25 460872]

.

c:\documents and settings\Mikan\Start Menu\Programs\Startup\

Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

Dropbox.lnk - c:\documents and settings\Mikan\Application Data\Dropbox\bin\Dropbox.exe [2011-12-5 24242056]

Impulse Now.lnk - c:\program files\Impulse\Now\ImpulseNow.exe [2011-10-13 2042088]

OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDockFree\ObjectDock.exe [2010-10-6 3768176]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]

"{1984D045-52CF-49cd-DB77-08F378FEA4DB}"= "c:\program files\Stardock\ObjectDockFree\ODMenu.dll" [2010-10-04 511344]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200411]

Ime File REG_SZ GIMEJA.IME

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Phoenix Viewer\\SLVoice.exe"=

"c:\\Program Files\\Winamp\\winamp.exe"=

"c:\\Documents and Settings\\Mikan\\My Documents\\zsnes\\zsnes\\ZSNESW.EXE"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Documents and Settings\\Mikan\\Application Data\\Dropbox\\bin\\Dropbox.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Pidgin\\pidgin.exe"=

"c:\\Program Files\\Phoenix Viewer\\SLPlugin.exe"=

"c:\\Program Files\\Firestorm-Beta-Mesh\\SLVoice.exe"=

"c:\\Documents and Settings\\Mikan\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\PlayOnline\\SquareEnix\\PlayOnlineViewer\\pol.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

.

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [6/23/2011 12:28 PM 218688]

R2 GoogleIMEJaCacheService;Google Japanese Input Cache Service;c:\program files\Google\Google Japanese Input\GoogleIMEJaCacheService.exe [9/13/2011 1:48 AM 664192]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/16/2011 8:34 PM 652872]

R2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [8/19/2011 2:26 AM 450848]

R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [5/5/2010 9:23 PM 171096]

R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [5/5/2010 9:24 PM 1324120]

R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [5/5/2010 9:23 PM 72792]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/16/2011 8:34 PM 20464]

S1 MpKsl00583bc9;MpKsl00583bc9;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5BD4ABEA-4F99-4350-9CFC-F3ECA3666CAC}\MpKsl00583bc9.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5BD4ABEA-4F99-4350-9CFC-F3ECA3666CAC}\MpKsl00583bc9.sys [?]

S1 MpKsl0b1bf2cd;MpKsl0b1bf2cd;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0B173DC8-4444-475E-81A5-926DA4397855}\MpKsl0b1bf2cd.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0B173DC8-4444-475E-81A5-926DA4397855}\MpKsl0b1bf2cd.sys [?]

S1 MpKsl185df515;MpKsl185df515;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D9F3C4C9-5BBA-4DB0-9587-72C41C53A63D}\MpKsl185df515.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D9F3C4C9-5BBA-4DB0-9587-72C41C53A63D}\MpKsl185df515.sys [?]

S1 MpKsl1bc7b979;MpKsl1bc7b979;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D7A0B234-B325-4DC0-9614-C6258E21C68D}\MpKsl1bc7b979.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D7A0B234-B325-4DC0-9614-C6258E21C68D}\MpKsl1bc7b979.sys [?]

S1 MpKsl29020f93;MpKsl29020f93;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B4C47B33-9D77-43D1-A7CC-DC1943CBC441}\MpKsl29020f93.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B4C47B33-9D77-43D1-A7CC-DC1943CBC441}\MpKsl29020f93.sys [?]

S1 MpKsl2b23e564;MpKsl2b23e564;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0A3D7649-966E-4129-99A1-67D7A99FB6E6}\MpKsl2b23e564.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0A3D7649-966E-4129-99A1-67D7A99FB6E6}\MpKsl2b23e564.sys [?]

S1 MpKsl2c8bd254;MpKsl2c8bd254;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D7A0B234-B325-4DC0-9614-C6258E21C68D}\MpKsl2c8bd254.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D7A0B234-B325-4DC0-9614-C6258E21C68D}\MpKsl2c8bd254.sys [?]

S1 MpKsl2c8e3881;MpKsl2c8e3881;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3E99C1E2-305C-429D-9A8D-EF1B81129405}\MpKsl2c8e3881.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3E99C1E2-305C-429D-9A8D-EF1B81129405}\MpKsl2c8e3881.sys [?]

S1 MpKsl38af0caf;MpKsl38af0caf;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{06DFD417-CC89-40FE-A7A3-B3CA6A23289A}\MpKsl38af0caf.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{06DFD417-CC89-40FE-A7A3-B3CA6A23289A}\MpKsl38af0caf.sys [?]

S1 MpKsl38f08803;MpKsl38f08803;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D9F3C4C9-5BBA-4DB0-9587-72C41C53A63D}\MpKsl38f08803.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D9F3C4C9-5BBA-4DB0-9587-72C41C53A63D}\MpKsl38f08803.sys [?]

S1 MpKsl391d5a8a;MpKsl391d5a8a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A5E3BCA6-A468-4ECA-8236-2556FD23E012}\MpKsl391d5a8a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A5E3BCA6-A468-4ECA-8236-2556FD23E012}\MpKsl391d5a8a.sys [?]

S1 MpKsl453a567f;MpKsl453a567f;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1372A4BF-5B8A-400A-8DCA-CF3256C59974}\MpKsl453a567f.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1372A4BF-5B8A-400A-8DCA-CF3256C59974}\MpKsl453a567f.sys [?]

S1 MpKsl5b757c40;MpKsl5b757c40;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1124AA19-FCE6-4BBE-B0BB-51114CC738ED}\MpKsl5b757c40.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1124AA19-FCE6-4BBE-B0BB-51114CC738ED}\MpKsl5b757c40.sys [?]

S1 MpKsl5efe89da;MpKsl5efe89da;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2D732830-46EE-4070-953E-36855F4DC005}\MpKsl5efe89da.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2D732830-46EE-4070-953E-36855F4DC005}\MpKsl5efe89da.sys [?]

S1 MpKsl6743704b;MpKsl6743704b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C918E926-75A5-4BBA-AB72-8F3B379E2B31}\MpKsl6743704b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C918E926-75A5-4BBA-AB72-8F3B379E2B31}\MpKsl6743704b.sys [?]

S1 MpKsl6857b1ad;MpKsl6857b1ad;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AAD29379-8661-4258-BAA1-AAEF061CABEF}\MpKsl6857b1ad.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AAD29379-8661-4258-BAA1-AAEF061CABEF}\MpKsl6857b1ad.sys [?]

S1 MpKsl6935dc34;MpKsl6935dc34;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0B173DC8-4444-475E-81A5-926DA4397855}\MpKsl6935dc34.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0B173DC8-4444-475E-81A5-926DA4397855}\MpKsl6935dc34.sys [?]

S1 MpKsl722fe2d0;MpKsl722fe2d0;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1372A4BF-5B8A-400A-8DCA-CF3256C59974}\MpKsl722fe2d0.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1372A4BF-5B8A-400A-8DCA-CF3256C59974}\MpKsl722fe2d0.sys [?]

S1 MpKsl7481101a;MpKsl7481101a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E53D9442-E252-4C00-9D0D-CB7B6BBC42CB}\MpKsl7481101a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E53D9442-E252-4C00-9D0D-CB7B6BBC42CB}\MpKsl7481101a.sys [?]

S1 MpKsl820a18ec;MpKsl820a18ec;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C8156DD2-E093-420B-9A11-6FC58B2676F4}\MpKsl820a18ec.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C8156DD2-E093-420B-9A11-6FC58B2676F4}\MpKsl820a18ec.sys [?]

S1 MpKsl847a4619;MpKsl847a4619;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{91C930EB-7DDE-4F37-982F-2A013B0F7D6E}\MpKsl847a4619.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{91C930EB-7DDE-4F37-982F-2A013B0F7D6E}\MpKsl847a4619.sys [?]

S1 MpKsl87923f45;MpKsl87923f45;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4E350CB6-F3F6-4C65-BFF1-E9C0F11DD81F}\MpKsl87923f45.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4E350CB6-F3F6-4C65-BFF1-E9C0F11DD81F}\MpKsl87923f45.sys [?]

S1 MpKsl8b00fb0e;MpKsl8b00fb0e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1551B41D-9585-4C31-9C20-5DFBAE648AEC}\MpKsl8b00fb0e.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1551B41D-9585-4C31-9C20-5DFBAE648AEC}\MpKsl8b00fb0e.sys [?]

S1 MpKsl90998879;MpKsl90998879;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8C223729-56DC-4F84-8D7B-C9044CA64D9A}\MpKsl90998879.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8C223729-56DC-4F84-8D7B-C9044CA64D9A}\MpKsl90998879.sys [?]

S1 MpKsl91166335;MpKsl91166335;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7669262D-8DFC-4D8E-8537-425400A5EC0C}\MpKsl91166335.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7669262D-8DFC-4D8E-8537-425400A5EC0C}\MpKsl91166335.sys [?]

S1 MpKsl966aab78;MpKsl966aab78;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{91C930EB-7DDE-4F37-982F-2A013B0F7D6E}\MpKsl966aab78.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{91C930EB-7DDE-4F37-982F-2A013B0F7D6E}\MpKsl966aab78.sys [?]

S1 MpKsl9d5b14ac;MpKsl9d5b14ac;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{20275AA2-9196-4EBE-86AB-E638BD6A65C4}\MpKsl9d5b14ac.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{20275AA2-9196-4EBE-86AB-E638BD6A65C4}\MpKsl9d5b14ac.sys [?]

S1 MpKsla12deac1;MpKsla12deac1;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{15A308B0-83F5-48FA-AF9D-0CD712964390}\MpKsla12deac1.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{15A308B0-83F5-48FA-AF9D-0CD712964390}\MpKsla12deac1.sys [?]

S1 MpKsla274dc94;MpKsla274dc94;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C8156DD2-E093-420B-9A11-6FC58B2676F4}\MpKsla274dc94.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C8156DD2-E093-420B-9A11-6FC58B2676F4}\MpKsla274dc94.sys [?]

S1 MpKsla2cff44a;MpKsla2cff44a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{15A308B0-83F5-48FA-AF9D-0CD712964390}\MpKsla2cff44a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{15A308B0-83F5-48FA-AF9D-0CD712964390}\MpKsla2cff44a.sys [?]

S1 MpKsla9761909;MpKsla9761909;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{501FF842-8EF7-4859-9E1E-3435BCF607A7}\MpKsla9761909.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{501FF842-8EF7-4859-9E1E-3435BCF607A7}\MpKsla9761909.sys [?]

S1 MpKslb30300e0;MpKslb30300e0;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2D732830-46EE-4070-953E-36855F4DC005}\MpKslb30300e0.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2D732830-46EE-4070-953E-36855F4DC005}\MpKslb30300e0.sys [?]

S1 MpKslb57e28da;MpKslb57e28da;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7C06CD88-5330-4717-86DC-6817E74F16A7}\MpKslb57e28da.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7C06CD88-5330-4717-86DC-6817E74F16A7}\MpKslb57e28da.sys [?]

S1 MpKslb78d6b9b;MpKslb78d6b9b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{74C3F2DE-B138-41D1-8A8B-5D111A242CB2}\MpKslb78d6b9b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{74C3F2DE-B138-41D1-8A8B-5D111A242CB2}\MpKslb78d6b9b.sys [?]

S1 MpKslb9331d1f;MpKslb9331d1f;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9CEC1698-24FE-42C0-9D7B-95A934B4DA58}\MpKslb9331d1f.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9CEC1698-24FE-42C0-9D7B-95A934B4DA58}\MpKslb9331d1f.sys [?]

S1 MpKslc18e2046;MpKslc18e2046;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2D732830-46EE-4070-953E-36855F4DC005}\MpKslc18e2046.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2D732830-46EE-4070-953E-36855F4DC005}\MpKslc18e2046.sys [?]

S1 MpKslc4cecf06;MpKslc4cecf06;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FA6D8516-53FE-4496-8088-5674CF05ED6E}\MpKslc4cecf06.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FA6D8516-53FE-4496-8088-5674CF05ED6E}\MpKslc4cecf06.sys [?]

S1 MpKslc82c8c55;MpKslc82c8c55;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{59EFA119-6F6C-4694-9A86-CF7C7C381BE5}\MpKslc82c8c55.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{59EFA119-6F6C-4694-9A86-CF7C7C381BE5}\MpKslc82c8c55.sys [?]

S1 MpKsld4994d92;MpKsld4994d92;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{62EF42E8-0ECD-42C0-942E-CD69E6615624}\MpKsld4994d92.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{62EF42E8-0ECD-42C0-942E-CD69E6615624}\MpKsld4994d92.sys [?]

S1 MpKslda1dbb56;MpKslda1dbb56;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E53D9442-E252-4C00-9D0D-CB7B6BBC42CB}\MpKslda1dbb56.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E53D9442-E252-4C00-9D0D-CB7B6BBC42CB}\MpKslda1dbb56.sys [?]

S1 MpKsle363f9a0;MpKsle363f9a0;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CE5DBAFA-23C5-4AF5-9903-DC9827272342}\MpKsle363f9a0.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CE5DBAFA-23C5-4AF5-9903-DC9827272342}\MpKsle363f9a0.sys [?]

S1 MpKslecb5a26e;MpKslecb5a26e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{59EFA119-6F6C-4694-9A86-CF7C7C381BE5}\MpKslecb5a26e.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{59EFA119-6F6C-4694-9A86-CF7C7C381BE5}\MpKslecb5a26e.sys [?]

S1 MpKslf06818e1;MpKslf06818e1;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5954AFFF-76F7-46EF-B4DE-99BC03D5975F}\MpKslf06818e1.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5954AFFF-76F7-46EF-B4DE-99BC03D5975F}\MpKslf06818e1.sys [?]

S1 MpKslf1a8cd8a;MpKslf1a8cd8a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3788B5A1-E1F0-4554-B71F-8DB77129EE2E}\MpKslf1a8cd8a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3788B5A1-E1F0-4554-B71F-8DB77129EE2E}\MpKslf1a8cd8a.sys [?]

S1 MpKslf9de021a;MpKslf9de021a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{59EFA119-6F6C-4694-9A86-CF7C7C381BE5}\MpKslf9de021a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{59EFA119-6F6C-4694-9A86-CF7C7C381BE5}\MpKslf9de021a.sys [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/4/2011 11:56 PM 136176]

S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [6/16/2011 8:50 PM 79360]

S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [5/5/2010 9:23 PM 171096]

S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [5/5/2010 9:24 PM 1324120]

S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [5/5/2010 9:23 PM 72792]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [8/4/2011 11:56 PM 136176]

.

Contents of the 'Scheduled Tasks' folder

.

2012-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-05 06:55]

.

2012-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-05 06:55]

.

2012-01-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-1637723038-1417001333-1003Core.job

- c:\documents and settings\Mikan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-17 14:29]

.

2012-01-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-1637723038-1417001333-1003UA.job

- c:\documents and settings\Mikan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-17 14:29]

.

2012-01-02 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 22:39]

.

.

------- Supplementary Scan -------

.

uInternet Settings,ProxyOverride = *.local

IE: Free YouTube to MP3 Converter - c:\documents and settings\Mikan\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Mikan\Start Menu\Programs\IMVU\Run IMVU.lnk

TCP: DhcpNameServer = 192.168.0.1 205.171.3.25

FF - ProfilePath - c:\documents and settings\Mikan\Application Data\Mozilla\Firefox\Profiles\8k0kstmg.default\

FF - prefs.js: browser.startup.homepage - hxxp://sanger.dk/

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: BlockSite: {dd3d7613-0246-469d-bc65-2a3cc1668adc} - %profile%\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}

FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

FF - Ext: Free YouTube Download (Free Studio) Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

FF - Ext: Stylish: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8} - %profile%\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}

FF - Ext: Shareon Tumblr: 714cb7478d98b1cb51d1f5f515f060c7@link.codefisher.org - %profile%\extensions\714cb7478d98b1cb51d1f5f515f060c7@link.codefisher.org

.

- - - - ORPHANS REMOVED - - - -

.

HKU-Default-Run-Windows Update Server - c:\documents and settings\Mikan\24f2b673-5689.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-01-01 18:53

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

CTxfiHlp = CTXFIHLP.EXE?

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(688)

c:\windows\system32\Ati2evxx.dll

c:\windows\system32\GIMEJA.IME

.

- - - - - - - > 'explorer.exe'(2476)

c:\program files\Stardock\ObjectDockFree\DockShellHook.dll

c:\windows\system32\tabhook.dll

c:\windows\system32\GIMEJA.IME

c:\documents and settings\Mikan\Application Data\Dropbox\bin\DropboxExt.14.dll

c:\program files\Stardock\ObjectDockFree\ODMenu.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe

c:\windows\system32\Ati2evxx.exe

c:\program files\Creative\Shared Files\CTAudSvc.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Google\Update\1.3.21.79\GoogleCrashHandler.exe

c:\windows\system32\Tablet.exe

c:\windows\system32\wdfmgr.exe

c:\windows\system32\CTXFIHLP.EXE

c:\program files\Logitech\LWS\Webcam Software\CameraHelperShell.exe

c:\windows\SYSTEM32\CTXFISPI.EXE

c:\program files\OpenOffice.org 3\program\soffice.exe

c:\program files\OpenOffice.org 3\program\soffice.bin

c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe

c:\program files\iPod\bin\iPodService.exe

.

**************************************************************************

.

Completion time: 2012-01-01 19:04:01 - machine was rebooted

ComboFix-quarantined-files.txt 2012-01-02 02:03

.

Pre-Run: 94,859,390,976 bytes free

Post-Run: 97,737,605,120 bytes free

.

- - End Of File - - 9F19DBDE6924D8AE09E96A45EE9CCF76

----

And lastly, the MBRCheck!

MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows XP Professional

Windows Information: Service Pack 3 (build 2600)

Logical Drives Mask: 0x000003fc

Kernel Drivers (total 129):

0x804D7000 \WINDOWS\system32\ntkrnlpa.exe

0x806E5000 \WINDOWS\system32\hal.dll

0xF7B84000 \WINDOWS\system32\KDCOM.DLL

0xF7A94000 \WINDOWS\system32\BOOTVID.dll

0xF7555000 ACPI.sys

0xF7B86000 \WINDOWS\system32\DRIVERS\WMILIB.SYS

0xF7544000 pci.sys

0xF7684000 isapnp.sys

0xF7C4C000 pciide.sys

0xF7904000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS

0xF7694000 MountMgr.sys

0xF7525000 ftdisk.sys

0xF7B88000 dmload.sys

0xF74FF000 dmio.sys

0xF790C000 PartMgr.sys

0xF76A4000 VolSnap.sys

0xF74E7000 atapi.sys

0xF76B4000 disk.sys

0xF76C4000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS

0xF74C7000 fltMgr.sys

0xF74B5000 sr.sys

0xF76D4000 PxHelp20.sys

0xF749E000 KSecDD.sys

0xF7B8A000 PenClass.sys

0xF7411000 Ntfs.sys

0xF73E4000 NDIS.sys

0xF76E4000 Combo-Fix.sys

0xF73CA000 Mup.sys

0xF6B01000 \SystemRoot\system32\DRIVERS\intelppm.sys

0xF66E2000 \SystemRoot\system32\DRIVERS\ati2mtag.sys

0xF66CE000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS

0xF6690000 \SystemRoot\system32\DRIVERS\e1e5132.sys

0xF7A0C000 \SystemRoot\system32\DRIVERS\usbuhci.sys

0xF666C000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

0xF7A14000 \SystemRoot\system32\DRIVERS\usbehci.sys

0xF65ED000 \SystemRoot\system32\drivers\ctaud2k.sys

0xF65C9000 \SystemRoot\system32\drivers\portcls.sys

0xF6AF1000 \SystemRoot\system32\drivers\drmk.sys

0xF65A6000 \SystemRoot\system32\drivers\ks.sys

0xF6571000 \SystemRoot\system32\drivers\ctoss2k.sys

0xF7A1C000 \SystemRoot\system32\drivers\ctprxy2k.sys

0xF6AE1000 \SystemRoot\system32\DRIVERS\imapi.sys

0xF7704000 \SystemRoot\system32\DRIVERS\cdrom.sys

0xF7714000 \SystemRoot\system32\DRIVERS\redbook.sys

0xF7A24000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

0xF7CD8000 \SystemRoot\system32\DRIVERS\audstub.sys

0xF7724000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0xF7B80000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0xF655A000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0xF7734000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0xF7744000 \SystemRoot\system32\DRIVERS\raspptp.sys

0xF7A2C000 \SystemRoot\system32\DRIVERS\TDI.SYS

0xF6549000 \SystemRoot\system32\DRIVERS\psched.sys

0xF7754000 \SystemRoot\system32\DRIVERS\msgpc.sys

0xF7A34000 \SystemRoot\system32\DRIVERS\ptilink.sys

0xF7A3C000 \SystemRoot\system32\DRIVERS\raspti.sys

0xF6519000 \SystemRoot\system32\DRIVERS\rdpdr.sys

0xF7764000 \SystemRoot\system32\DRIVERS\termdd.sys

0xF7A44000 \SystemRoot\system32\DRIVERS\kbdclass.sys

0xF7A4C000 \SystemRoot\system32\DRIVERS\mouclass.sys

0xF7BAA000 \SystemRoot\system32\DRIVERS\swenum.sys

0xF64BB000 \SystemRoot\system32\DRIVERS\update.sys

0xF7375000 \SystemRoot\system32\DRIVERS\mssmbios.sys

0xF6480000 \SystemRoot\system32\DRIVERS\dtsoftbus01.sys

0xF0020000 \SystemRoot\system32\drivers\ha20x2k.sys

0xEFFF0000 \SystemRoot\system32\drivers\emupia2k.sys

0xEFFC7000 \SystemRoot\system32\drivers\ctsfm2k.sys

0xEFF09000 \SystemRoot\system32\drivers\ctac32k.sys

0xEFE74000 \SystemRoot\System32\drivers\CTHWIUT.SYS

0xEFE48000 \SystemRoot\System32\drivers\CT20XUT.SYS

0xEFD01000 \SystemRoot\System32\drivers\CTEXFIFX.SYS

0xF7784000 \SystemRoot\System32\Drivers\NDProxy.SYS

0xF77B4000 \SystemRoot\system32\DRIVERS\usbhub.sys

0xF7BAC000 \SystemRoot\system32\DRIVERS\USBD.SYS

0xAE7B7000 \SystemRoot\system32\DRIVERS\MpFilter.sys

0xF7BC4000 \SystemRoot\System32\Drivers\Fs_Rec.SYS

0xF7D42000 \SystemRoot\System32\Drivers\Null.SYS

0xF7BC6000 \SystemRoot\System32\Drivers\Beep.SYS

0xF7A84000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

0xF7A8C000 \SystemRoot\System32\drivers\vga.sys

0xF7BC8000 \SystemRoot\System32\Drivers\mnmdd.SYS

0xF7BCA000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0xF791C000 \SystemRoot\System32\Drivers\Msfs.SYS

0xF793C000 \SystemRoot\System32\Drivers\Npfs.SYS

0xF7B48000 \SystemRoot\system32\DRIVERS\rasacd.sys

0xAE75C000 \SystemRoot\system32\DRIVERS\ipsec.sys

0xAE703000 \SystemRoot\system32\DRIVERS\tcpip.sys

0xAE6E9000 \SystemRoot\system32\DRIVERS\netbt.sys

0xAE6C3000 \SystemRoot\system32\DRIVERS\ipnat.sys

0xF77D4000 \SystemRoot\system32\DRIVERS\wanarp.sys

0xAE6A1000 \SystemRoot\System32\drivers\afd.sys

0xF77E4000 \SystemRoot\system32\DRIVERS\netbios.sys

0xAE676000 \SystemRoot\system32\DRIVERS\rdbss.sys

0xAE606000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0xF77F4000 \SystemRoot\System32\Drivers\Fips.SYS

0xF7804000 \SystemRoot\system32\DRIVERS\ser2pl.sys

0xF7B58000 \SystemRoot\system32\DRIVERS\serenum.sys

0xF7B5C000 \SystemRoot\system32\DRIVERS\hidusb.sys

0xF7814000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

0xF7944000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS

0xEFCFD000 \SystemRoot\system32\DRIVERS\mouhid.sys

0xEFCF1000 \SystemRoot\system32\DRIVERS\kbdhid.sys

0xF7844000 \SystemRoot\System32\Drivers\Cdfs.SYS

0xAE5C6000 \SystemRoot\System32\Drivers\dump_atapi.sys

0xF7BCC000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS

0xBF800000 \SystemRoot\System32\win32k.sys

0xEFCD9000 \SystemRoot\System32\drivers\Dxapi.sys

0xF7954000 \SystemRoot\System32\watchdog.sys

0xBF000000 \SystemRoot\System32\drivers\dxg.sys

0xF7DA0000 \SystemRoot\System32\drivers\dxgthk.sys

0xBF012000 \SystemRoot\System32\ati2dvag.dll

0xBF065000 \SystemRoot\System32\ati2cqag.dll

0xBF0FE000 \SystemRoot\System32\atikvmag.dll

0xBF182000 \SystemRoot\System32\atiok3x2.dll

0xBF1CD000 \SystemRoot\System32\ati3duag.dll

0xBF572000 \SystemRoot\System32\ativvaxx.dll

0xBF9C6000 \SystemRoot\System32\ATMFD.DLL

0xAC306000 \??\C:\WINDOWS\system32\drivers\mbam.sys

0xAC29A000 \SystemRoot\system32\DRIVERS\ndisuio.sys

0xABE49000 \SystemRoot\system32\DRIVERS\mrxdav.sys

0xABE34000 \SystemRoot\system32\drivers\wdmaud.sys

0xABF86000 \SystemRoot\system32\drivers\sysaudio.sys

0xABB06000 \SystemRoot\system32\DRIVERS\srv.sys

0xAB68D000 \SystemRoot\System32\Drivers\HTTP.sys

0xAB39A000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys

0xF79F4000 \??\C:\ComboFix\catchme.sys

0xF7C40000 \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS

0xAAD42000 \SystemRoot\system32\drivers\kmixer.sys

0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 53):

0 System Idle Process

4 System

608 C:\WINDOWS\system32\smss.exe

656 csrss.exe

688 C:\WINDOWS\system32\winlogon.exe

732 C:\WINDOWS\system32\services.exe

744 C:\WINDOWS\system32\lsass.exe

920 C:\WINDOWS\system32\ati2evxx.exe

940 C:\WINDOWS\system32\svchost.exe

1008 svchost.exe

1112 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

1148 C:\WINDOWS\system32\svchost.exe

1268 svchost.exe

1336 svchost.exe

1496 C:\WINDOWS\system32\ati2evxx.exe

1568 C:\WINDOWS\system32\spoolsv.exe

1608 C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe

1624 C:\Program Files\Creative\Shared Files\CTAudSvc.exe

2008 svchost.exe

252 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

384 C:\Program Files\Bonjour\mDNSResponder.exe

464 C:\Program Files\Google\Google Japanese Input\GoogleIMEJaCacheService.exe

892 C:\Program Files\Java\jre6\bin\jqs.exe

1356 C:\Program Files\Google\Update\1.3.21.79\GoogleCrashHandler.exe

1696 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

396 C:\WINDOWS\system32\svchost.exe

348 C:\WINDOWS\system32\Tablet.exe

972 wdfmgr.exe

1860 alg.exe

2528 C:\WINDOWS\system32\Ctxfihlp.exe

2536 C:\Program Files\Microsoft Security Client\msseces.exe

2228 C:\Program Files\Winamp\winampa.exe

400 C:\Program Files\iTunes\iTunesHelper.exe

2556 C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe

2680 C:\Program Files\Common Files\Java\Java Update\jusched.exe

2720 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

2892 C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe

2920 C:\Program Files\Creative\Shared Files\CTSched.exe

2940 C:\WINDOWS\system32\CTxfispi.exe

2912 C:\Program Files\DAEMON Tools Lite\DTLite.exe

3060 C:\Program Files\Creative\Shared Files\Software Update\AutoUpdate.exe

3092 C:\Program Files\Skype\Phone\Skype.exe

3436 C:\Documents and Settings\Mikan\Application Data\Dropbox\bin\Dropbox.exe

3280 C:\Program Files\Impulse\Now\ImpulseNow.exe

3608 C:\Program Files\Stardock\ObjectDockFree\ObjectDock.exe

3716 C:\Program Files\OpenOffice.org 3\program\soffice.exe

3868 C:\Program Files\OpenOffice.org 3\program\soffice.bin

1464 C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe

520 C:\Program Files\iPod\bin\iPodService.exe

1856 C:\WINDOWS\system32\wuauclt.exe

2476 C:\WINDOWS\explorer.exe

2864 C:\WINDOWS\system32\notepad.exe

3328 C:\Documents and Settings\Mikan\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: ST3250820AS, Rev: 3.ADG

Size Device Name MBR Status

--------------------------------------------

232 GB \\.\PhysicalDrive0 Windows XP MBR code detected

SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

Done!

Feeling confident about the health of my PC right now! Ping.exe is no longer a process on my task manager.. Things are feeling good! I really appreciate the help so far :D

Link to post
Share on other sites

Feeling confident about the health of my PC right now! Ping.exe is no longer a process on my task manager.. Things are feeling good! I really appreciate the help so far :D

Indeed, we are making great progress! :)

We have some more to cleanup. The infection appears to have modified some of your internet services:

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1

Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:

    :filefind
    netbt.sys


  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found at on your Desktop entitled SystemLook.txt

Link to post
Share on other sites

Here you go! :>

SystemLook 30.07.11 by jpshortstuff

Log created at 17:51 on 02/01/2012 by Mikan

Administrator - Elevation successful

========== filefind ==========

Searching for "netbt.sys"

C:\WINDOWS\system32\dllcache\netbt.sys --a--c- 162816 bytes [12:00 14/04/2008] [12:00 14/04/2008] 74B2B2F5BEA5E9A3DC021D685551BD3D

C:\WINDOWS\system32\drivers\netbt.sys --a---- 162816 bytes [12:00 14/04/2008] [12:00 14/04/2008] 732FB4B0B4F492AB7A1D2227CA2B2D43

-= EOF =-

Link to post
Share on other sites

Cool! Now,

Please do the following:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KILLALL::

FCopy::

C:\WINDOWS\system32\dllcache\netbt.sys | C:\WINDOWS\system32\drivers\netbt.sys

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I shall require in your next reply.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Please include the newly-created C:\ComboFix.txt in your next reply. Please also run Farbar Service Scanner again, post its log, and let me know how things are running now ;)

Link to post
Share on other sites

ComboFix 12-01-01.06 - Mikan 01/02/2012 18:48:39.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.597 [GMT -7:00]

Running from: c:\documents and settings\Mikan\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Mikan\Desktop\CFScript.txt

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

--------------- FCopy ---------------

.

c:\windows\system32\dllcache\netbt.sys --> c:\windows\system32\drivers\netbt.sys

.

((((((((((((((((((((((((( Files Created from 2011-12-03 to 2012-01-03 )))))))))))))))))))))))))))))))

.

.

2012-01-03 02:03 . 2012-01-03 02:03 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BE6C4584-EB3D-4A07-9EAE-60EC0E30A3A6}\offreg.dll

2012-01-02 06:57 . 2011-11-21 10:47 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BE6C4584-EB3D-4A07-9EAE-60EC0E30A3A6}\mpengine.dll

2011-12-30 21:20 . 2008-05-14 00:23 417792 ----a-w- c:\program files\Windows Media Player\Plugins\wmp_scrobbler.dll

2011-12-30 21:19 . 2011-12-30 21:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Last.fm

2011-12-26 03:08 . 2011-12-26 03:08 -------- d-----w- C:\tdsskiller

2011-12-26 02:26 . 2011-12-26 02:27 -------- d-s---w- c:\documents and settings\NetworkService\UserData

2011-12-26 01:42 . 2011-12-26 01:46 -------- d-----w- C:\xp_exe_fix

2011-12-26 00:47 . 2011-12-26 00:47 -------- d-----w- c:\documents and settings\Administrator

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-12-10 22:24 . 2011-06-17 03:34 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-11-23 13:25 . 2008-04-14 12:00 1859584 ----a-w- c:\windows\system32\win32k.sys

2011-11-21 10:47 . 2011-06-18 11:32 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-11-01 20:35 . 2008-04-14 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll

2011-11-01 20:35 . 2008-04-14 12:00 667136 ----a-w- c:\windows\system32\wininet.dll

2011-11-01 20:35 . 2008-04-14 12:00 61952 ----a-w- c:\windows\system32\tdc.ocx

2011-11-01 16:07 . 2008-04-14 12:00 1288704 ----a-w- c:\windows\system32\ole32.dll

2011-11-01 15:02 . 2008-04-14 12:00 369664 ----a-w- c:\windows\system32\html.iec

2011-10-28 05:31 . 2008-04-14 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll

2011-10-25 13:37 . 2008-04-14 12:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-10-25 12:52 . 2008-04-14 00:01 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-10-18 11:13 . 2008-04-14 12:00 186880 ----a-w- c:\windows\system32\encdec.dll

2011-10-10 14:22 . 2011-06-17 03:09 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-10-07 21:56 . 2011-08-27 21:53 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

.

.

((((((((((((((((((((((((((((( SnapShot@2012-01-02_01.53.50 )))))))))))))))))))))))))))))))))))))))))

.

+ 2012-01-03 02:03 . 2012-01-03 02:03 16384 c:\windows\temp\Perflib_Perfdata_208.dat

- 2011-06-21 03:46 . 2012-01-02 01:53 14163 c:\windows\system32\tablet.dat

+ 2011-06-21 03:46 . 2012-01-03 02:03 14163 c:\windows\system32\tablet.dat

+ 2008-04-14 12:00 . 2012-01-03 01:50 67740 c:\windows\system32\perfc009.dat

- 2008-04-14 12:00 . 2012-01-02 01:57 67740 c:\windows\system32\perfc009.dat

+ 2008-04-14 12:00 . 2012-01-03 01:50 432784 c:\windows\system32\perfh009.dat

- 2008-04-14 12:00 . 2012-01-02 01:57 432784 c:\windows\system32\perfh009.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Mikan\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Mikan\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Mikan\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Mikan\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CreativeTaskScheduler"="c:\program files\Creative\Shared Files\CTSched.exe" [2006-11-18 53341]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]

"Creative Software Update"="c:\program files\Creative\Shared Files\Software Update\AutoUpdate.exe" [2009-01-15 430968]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-11 61440]

"CTxfiHlp"="CTXFIHLP.EXE" [2010-05-06 25600]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]

"WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-03-22 74752]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-20 421736]

"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-08-12 205336]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-25 460872]

.

c:\documents and settings\Mikan\Start Menu\Programs\Startup\

Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

Dropbox.lnk - c:\documents and settings\Mikan\Application Data\Dropbox\bin\Dropbox.exe [2011-12-5 24242056]

Impulse Now.lnk - c:\program files\Impulse\Now\ImpulseNow.exe [2011-10-13 2042088]

OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDockFree\ObjectDock.exe [2010-10-6 3768176]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]

"{1984D045-52CF-49cd-DB77-08F378FEA4DB}"= "c:\program files\Stardock\ObjectDockFree\ODMenu.dll" [2010-10-04 511344]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200411]

Ime File REG_SZ GIMEJA.IME

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Phoenix Viewer\\SLVoice.exe"=

"c:\\Program Files\\Winamp\\winamp.exe"=

"c:\\Documents and Settings\\Mikan\\My Documents\\zsnes\\zsnes\\ZSNESW.EXE"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Documents and Settings\\Mikan\\Application Data\\Dropbox\\bin\\Dropbox.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Pidgin\\pidgin.exe"=

"c:\\Program Files\\Phoenix Viewer\\SLPlugin.exe"=

"c:\\Program Files\\Firestorm-Beta-Mesh\\SLVoice.exe"=

"c:\\Documents and Settings\\Mikan\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\PlayOnline\\SquareEnix\\PlayOnlineViewer\\pol.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

.

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [6/23/2011 12:28 PM 218688]

R2 GoogleIMEJaCacheService;Google Japanese Input Cache Service;c:\program files\Google\Google Japanese Input\GoogleIMEJaCacheService.exe [9/13/2011 1:48 AM 664192]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/16/2011 8:34 PM 652872]

R2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [8/19/2011 2:26 AM 450848]

R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [5/5/2010 9:23 PM 171096]

R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [5/5/2010 9:24 PM 1324120]

R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [5/5/2010 9:23 PM 72792]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/16/2011 8:34 PM 20464]

S1 MpKsl00583bc9;MpKsl00583bc9;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5BD4ABEA-4F99-4350-9CFC-F3ECA3666CAC}\MpKsl00583bc9.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5BD4ABEA-4F99-4350-9CFC-F3ECA3666CAC}\MpKsl00583bc9.sys [?]

S1 MpKsl0b1bf2cd;MpKsl0b1bf2cd;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0B173DC8-4444-475E-81A5-926DA4397855}\MpKsl0b1bf2cd.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0B173DC8-4444-475E-81A5-926DA4397855}\MpKsl0b1bf2cd.sys [?]

S1 MpKsl185df515;MpKsl185df515;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D9F3C4C9-5BBA-4DB0-9587-72C41C53A63D}\MpKsl185df515.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D9F3C4C9-5BBA-4DB0-9587-72C41C53A63D}\MpKsl185df515.sys [?]

S1 MpKsl1bc7b979;MpKsl1bc7b979;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D7A0B234-B325-4DC0-9614-C6258E21C68D}\MpKsl1bc7b979.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D7A0B234-B325-4DC0-9614-C6258E21C68D}\MpKsl1bc7b979.sys [?]

S1 MpKsl29020f93;MpKsl29020f93;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B4C47B33-9D77-43D1-A7CC-DC1943CBC441}\MpKsl29020f93.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B4C47B33-9D77-43D1-A7CC-DC1943CBC441}\MpKsl29020f93.sys [?]

S1 MpKsl2b23e564;MpKsl2b23e564;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0A3D7649-966E-4129-99A1-67D7A99FB6E6}\MpKsl2b23e564.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0A3D7649-966E-4129-99A1-67D7A99FB6E6}\MpKsl2b23e564.sys [?]

S1 MpKsl2c8bd254;MpKsl2c8bd254;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D7A0B234-B325-4DC0-9614-C6258E21C68D}\MpKsl2c8bd254.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D7A0B234-B325-4DC0-9614-C6258E21C68D}\MpKsl2c8bd254.sys [?]

S1 MpKsl2c8e3881;MpKsl2c8e3881;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3E99C1E2-305C-429D-9A8D-EF1B81129405}\MpKsl2c8e3881.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3E99C1E2-305C-429D-9A8D-EF1B81129405}\MpKsl2c8e3881.sys [?]

S1 MpKsl38af0caf;MpKsl38af0caf;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{06DFD417-CC89-40FE-A7A3-B3CA6A23289A}\MpKsl38af0caf.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{06DFD417-CC89-40FE-A7A3-B3CA6A23289A}\MpKsl38af0caf.sys [?]

S1 MpKsl38f08803;MpKsl38f08803;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D9F3C4C9-5BBA-4DB0-9587-72C41C53A63D}\MpKsl38f08803.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D9F3C4C9-5BBA-4DB0-9587-72C41C53A63D}\MpKsl38f08803.sys [?]

S1 MpKsl391d5a8a;MpKsl391d5a8a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A5E3BCA6-A468-4ECA-8236-2556FD23E012}\MpKsl391d5a8a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A5E3BCA6-A468-4ECA-8236-2556FD23E012}\MpKsl391d5a8a.sys [?]

S1 MpKsl453a567f;MpKsl453a567f;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1372A4BF-5B8A-400A-8DCA-CF3256C59974}\MpKsl453a567f.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1372A4BF-5B8A-400A-8DCA-CF3256C59974}\MpKsl453a567f.sys [?]

S1 MpKsl5b757c40;MpKsl5b757c40;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1124AA19-FCE6-4BBE-B0BB-51114CC738ED}\MpKsl5b757c40.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1124AA19-FCE6-4BBE-B0BB-51114CC738ED}\MpKsl5b757c40.sys [?]

S1 MpKsl5efe89da;MpKsl5efe89da;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2D732830-46EE-4070-953E-36855F4DC005}\MpKsl5efe89da.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2D732830-46EE-4070-953E-36855F4DC005}\MpKsl5efe89da.sys [?]

S1 MpKsl6743704b;MpKsl6743704b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C918E926-75A5-4BBA-AB72-8F3B379E2B31}\MpKsl6743704b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C918E926-75A5-4BBA-AB72-8F3B379E2B31}\MpKsl6743704b.sys [?]

S1 MpKsl6857b1ad;MpKsl6857b1ad;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AAD29379-8661-4258-BAA1-AAEF061CABEF}\MpKsl6857b1ad.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AAD29379-8661-4258-BAA1-AAEF061CABEF}\MpKsl6857b1ad.sys [?]

S1 MpKsl6935dc34;MpKsl6935dc34;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0B173DC8-4444-475E-81A5-926DA4397855}\MpKsl6935dc34.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0B173DC8-4444-475E-81A5-926DA4397855}\MpKsl6935dc34.sys [?]

S1 MpKsl722fe2d0;MpKsl722fe2d0;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1372A4BF-5B8A-400A-8DCA-CF3256C59974}\MpKsl722fe2d0.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1372A4BF-5B8A-400A-8DCA-CF3256C59974}\MpKsl722fe2d0.sys [?]

S1 MpKsl7481101a;MpKsl7481101a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E53D9442-E252-4C00-9D0D-CB7B6BBC42CB}\MpKsl7481101a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E53D9442-E252-4C00-9D0D-CB7B6BBC42CB}\MpKsl7481101a.sys [?]

S1 MpKsl820a18ec;MpKsl820a18ec;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C8156DD2-E093-420B-9A11-6FC58B2676F4}\MpKsl820a18ec.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C8156DD2-E093-420B-9A11-6FC58B2676F4}\MpKsl820a18ec.sys [?]

S1 MpKsl847a4619;MpKsl847a4619;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{91C930EB-7DDE-4F37-982F-2A013B0F7D6E}\MpKsl847a4619.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{91C930EB-7DDE-4F37-982F-2A013B0F7D6E}\MpKsl847a4619.sys [?]

S1 MpKsl87923f45;MpKsl87923f45;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4E350CB6-F3F6-4C65-BFF1-E9C0F11DD81F}\MpKsl87923f45.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4E350CB6-F3F6-4C65-BFF1-E9C0F11DD81F}\MpKsl87923f45.sys [?]

S1 MpKsl8b00fb0e;MpKsl8b00fb0e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1551B41D-9585-4C31-9C20-5DFBAE648AEC}\MpKsl8b00fb0e.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1551B41D-9585-4C31-9C20-5DFBAE648AEC}\MpKsl8b00fb0e.sys [?]

S1 MpKsl90998879;MpKsl90998879;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8C223729-56DC-4F84-8D7B-C9044CA64D9A}\MpKsl90998879.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8C223729-56DC-4F84-8D7B-C9044CA64D9A}\MpKsl90998879.sys [?]

S1 MpKsl91166335;MpKsl91166335;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7669262D-8DFC-4D8E-8537-425400A5EC0C}\MpKsl91166335.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7669262D-8DFC-4D8E-8537-425400A5EC0C}\MpKsl91166335.sys [?]

S1 MpKsl966aab78;MpKsl966aab78;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{91C930EB-7DDE-4F37-982F-2A013B0F7D6E}\MpKsl966aab78.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{91C930EB-7DDE-4F37-982F-2A013B0F7D6E}\MpKsl966aab78.sys [?]

S1 MpKsl9d5b14ac;MpKsl9d5b14ac;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{20275AA2-9196-4EBE-86AB-E638BD6A65C4}\MpKsl9d5b14ac.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{20275AA2-9196-4EBE-86AB-E638BD6A65C4}\MpKsl9d5b14ac.sys [?]

S1 MpKsla12deac1;MpKsla12deac1;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{15A308B0-83F5-48FA-AF9D-0CD712964390}\MpKsla12deac1.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{15A308B0-83F5-48FA-AF9D-0CD712964390}\MpKsla12deac1.sys [?]

S1 MpKsla274dc94;MpKsla274dc94;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C8156DD2-E093-420B-9A11-6FC58B2676F4}\MpKsla274dc94.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C8156DD2-E093-420B-9A11-6FC58B2676F4}\MpKsla274dc94.sys [?]

S1 MpKsla2cff44a;MpKsla2cff44a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{15A308B0-83F5-48FA-AF9D-0CD712964390}\MpKsla2cff44a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{15A308B0-83F5-48FA-AF9D-0CD712964390}\MpKsla2cff44a.sys [?]

S1 MpKsla9761909;MpKsla9761909;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{501FF842-8EF7-4859-9E1E-3435BCF607A7}\MpKsla9761909.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{501FF842-8EF7-4859-9E1E-3435BCF607A7}\MpKsla9761909.sys [?]

S1 MpKslb30300e0;MpKslb30300e0;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2D732830-46EE-4070-953E-36855F4DC005}\MpKslb30300e0.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2D732830-46EE-4070-953E-36855F4DC005}\MpKslb30300e0.sys [?]

S1 MpKslb57e28da;MpKslb57e28da;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7C06CD88-5330-4717-86DC-6817E74F16A7}\MpKslb57e28da.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7C06CD88-5330-4717-86DC-6817E74F16A7}\MpKslb57e28da.sys [?]

S1 MpKslb78d6b9b;MpKslb78d6b9b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{74C3F2DE-B138-41D1-8A8B-5D111A242CB2}\MpKslb78d6b9b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{74C3F2DE-B138-41D1-8A8B-5D111A242CB2}\MpKslb78d6b9b.sys [?]

S1 MpKslb9331d1f;MpKslb9331d1f;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9CEC1698-24FE-42C0-9D7B-95A934B4DA58}\MpKslb9331d1f.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9CEC1698-24FE-42C0-9D7B-95A934B4DA58}\MpKslb9331d1f.sys [?]

S1 MpKslc18e2046;MpKslc18e2046;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2D732830-46EE-4070-953E-36855F4DC005}\MpKslc18e2046.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2D732830-46EE-4070-953E-36855F4DC005}\MpKslc18e2046.sys [?]

S1 MpKslc4cecf06;MpKslc4cecf06;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FA6D8516-53FE-4496-8088-5674CF05ED6E}\MpKslc4cecf06.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FA6D8516-53FE-4496-8088-5674CF05ED6E}\MpKslc4cecf06.sys [?]

S1 MpKslc82c8c55;MpKslc82c8c55;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{59EFA119-6F6C-4694-9A86-CF7C7C381BE5}\MpKslc82c8c55.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{59EFA119-6F6C-4694-9A86-CF7C7C381BE5}\MpKslc82c8c55.sys [?]

S1 MpKsld4994d92;MpKsld4994d92;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{62EF42E8-0ECD-42C0-942E-CD69E6615624}\MpKsld4994d92.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{62EF42E8-0ECD-42C0-942E-CD69E6615624}\MpKsld4994d92.sys [?]

S1 MpKslda1dbb56;MpKslda1dbb56;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E53D9442-E252-4C00-9D0D-CB7B6BBC42CB}\MpKslda1dbb56.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E53D9442-E252-4C00-9D0D-CB7B6BBC42CB}\MpKslda1dbb56.sys [?]

S1 MpKsle363f9a0;MpKsle363f9a0;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CE5DBAFA-23C5-4AF5-9903-DC9827272342}\MpKsle363f9a0.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CE5DBAFA-23C5-4AF5-9903-DC9827272342}\MpKsle363f9a0.sys [?]

S1 MpKslecb5a26e;MpKslecb5a26e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{59EFA119-6F6C-4694-9A86-CF7C7C381BE5}\MpKslecb5a26e.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{59EFA119-6F6C-4694-9A86-CF7C7C381BE5}\MpKslecb5a26e.sys [?]

S1 MpKslf06818e1;MpKslf06818e1;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5954AFFF-76F7-46EF-B4DE-99BC03D5975F}\MpKslf06818e1.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5954AFFF-76F7-46EF-B4DE-99BC03D5975F}\MpKslf06818e1.sys [?]

S1 MpKslf1a8cd8a;MpKslf1a8cd8a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3788B5A1-E1F0-4554-B71F-8DB77129EE2E}\MpKslf1a8cd8a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3788B5A1-E1F0-4554-B71F-8DB77129EE2E}\MpKslf1a8cd8a.sys [?]

S1 MpKslf9de021a;MpKslf9de021a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{59EFA119-6F6C-4694-9A86-CF7C7C381BE5}\MpKslf9de021a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{59EFA119-6F6C-4694-9A86-CF7C7C381BE5}\MpKslf9de021a.sys [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/4/2011 11:56 PM 136176]

S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [6/16/2011 8:50 PM 79360]

S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [5/5/2010 9:23 PM 171096]

S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [5/5/2010 9:24 PM 1324120]

S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [5/5/2010 9:23 PM 72792]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [8/4/2011 11:56 PM 136176]

.

Contents of the 'Scheduled Tasks' folder

.

2012-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-05 06:55]

.

2012-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-05 06:55]

.

2012-01-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-1637723038-1417001333-1003Core.job

- c:\documents and settings\Mikan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-17 14:29]

.

2012-01-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-1637723038-1417001333-1003UA.job

- c:\documents and settings\Mikan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-17 14:29]

.

2012-01-03 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 22:39]

.

.

------- Supplementary Scan -------

.

uInternet Settings,ProxyOverride = *.local

IE: Free YouTube to MP3 Converter - c:\documents and settings\Mikan\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Mikan\Start Menu\Programs\IMVU\Run IMVU.lnk

TCP: DhcpNameServer = 192.168.0.1 205.171.3.25

FF - ProfilePath - c:\documents and settings\Mikan\Application Data\Mozilla\Firefox\Profiles\8k0kstmg.default\

FF - prefs.js: browser.startup.homepage - hxxp://sanger.dk/

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: BlockSite: {dd3d7613-0246-469d-bc65-2a3cc1668adc} - %profile%\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}

FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

FF - Ext: Free YouTube Download (Free Studio) Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

FF - Ext: Stylish: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8} - %profile%\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}

FF - Ext: Shareon Tumblr: 714cb7478d98b1cb51d1f5f515f060c7@link.codefisher.org - %profile%\extensions\714cb7478d98b1cb51d1f5f515f060c7@link.codefisher.org

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-01-02 19:04

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

CTxfiHlp = CTXFIHLP.EXE?

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(688)

c:\windows\system32\Ati2evxx.dll

c:\windows\system32\GIMEJA.IME

.

- - - - - - - > 'explorer.exe'(3472)

c:\program files\Stardock\ObjectDockFree\DockShellHook.dll

c:\windows\system32\tabhook.dll

c:\windows\system32\GIMEJA.IME

c:\documents and settings\Mikan\Application Data\Dropbox\bin\DropboxExt.14.dll

c:\program files\Stardock\ObjectDockFree\ODMenu.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe

c:\windows\system32\Ati2evxx.exe

c:\program files\Creative\Shared Files\CTAudSvc.exe

c:\program files\Google\Update\1.3.21.79\GoogleCrashHandler.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\Tablet.exe

c:\windows\system32\wdfmgr.exe

c:\program files\Logitech\LWS\Webcam Software\CameraHelperShell.exe

c:\program files\OpenOffice.org 3\program\soffice.exe

c:\program files\OpenOffice.org 3\program\soffice.bin

c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe

c:\program files\iPod\bin\iPodService.exe

.

**************************************************************************

.

Completion time: 2012-01-02 19:11:18 - machine was rebooted

ComboFix-quarantined-files.txt 2012-01-03 02:11

ComboFix2.txt 2012-01-02 02:04

.

Pre-Run: 97,646,141,440 bytes free

Post-Run: 97,668,296,704 bytes free

.

- - End Of File - - 30697A57B1329CD9D3BFF13561DFBF27

Farbar Service Scanner

Ran by Mikan (administrator) on 02-01-2012 at 19:18:28

Microsoft Windows XP Professional Service Pack 3 (X86)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Yahoo IP is accessible.

Windows Firewall:

=============

Firewall Disabled Policy:

==================

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall"=DWORD:0

System Restore:

============

System Restore Disabled Policy:

========================

File Check:

========

C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit

C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit

C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit

C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit

C:\WINDOWS\system32\netman.dll => MD5 is legit

C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit

C:\WINDOWS\system32\srsvc.dll => MD5 is legit

C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit

C:\WINDOWS\system32\svchost.exe => MD5 is legit

C:\WINDOWS\system32\rpcss.dll => MD5 is legit

C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:

=======

Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)

0x0700000005000000010000000200000003000000040000000600000007000000

IpSec Tag value is correct.

**** End of log ****

Don't really notice a difference in my PC since my last post.. But maybe that's because I'm so hungry right now :P Thanks, once again!

Link to post
Share on other sites

But maybe that's because I'm so hungry right now :P Thanks, once again!

EAT! :lol: and no problem ;)

Before the next step, let's run an online scan to see if there's anything we may have missed:

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats is Unchecked and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Link to post
Share on other sites

あああっっh

my IME Is stuck IN japaNese sudDENly & the languAGE bar wont show。。。

please excuse my strange Typing ><

here Is my log。。。 33 infections FOUNd。。。ouch!

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# IEXPLORE.EXE=6.00.2900.5512 (xpsp.080413-2105)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=316be36b19c9be4d9d149f4fe568e8c7

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-01-03 05:00:37

# local_time=2012-01-02 10:00:37 (-0700, US Mountain Standard Time)

# country="United States"

# lang=9

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=5891 16776869 42 87 0 22313977 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=174278

# found=33

# cleaned=0

# scan_time=8532

C:\Documents and Settings\Mikan\Application Data\Sun\Java\Deployment\cache\6.0\55\447b42b7-5cbbf437 a variant of Java/Agent.DZ trojan (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\Mikan\Application Data\Sun\Java\Deployment\cache\6.0\6\511051c6-71d3788a a variant of Java/Agent.DZ trojan (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\Mikan\Application Data\Sun\Java\Deployment\cache\6.0\63\375f92ff-19e7c4f2 a variant of Java/Agent.DZ trojan (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\Mikan\Application Data\Sun\Java\Deployment\cache\6.0\63\375f92ff-7f507872 a variant of Java/Agent.DZ trojan (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\Mikan\Desktop\Project64k_0.31.rar BAT/BadJoke.C trojan (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\10\59a1bcca-189d873a a variant of Java/Agent.DZ trojan (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\15\30eed38f-3d1e832e Win32/Adware.XPAntiSpyware.AC application (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\21\3d41a7d5-2004b393 a variant of Java/Exploit.CVE-2011-3544.Q trojan (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\27\6c24cfdb-2cccf281 a variant of Win32/Kryptik.YFB trojan (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\29\7ee5999d-753dd728 a variant of Java/Exploit.CVE-2011-3544.N trojan (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\31\196b589f-39d51ede a variant of Java/Agent.DZ trojan (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\33\5d149be1-642220bb a variant of Java/Agent.DZ trojan (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\42\2d4937ea-4f93fedc a variant of Java/Agent.DZ trojan (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\44\68619c2c-3090da85 a variant of Win32/Kryptik.YEZ trojan (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\45\1c905ad-72cbb3bb a variant of Java/Exploit.CVE-2011-3544.Q trojan (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\48\79dd2570-66e86854 a variant of Java/Agent.DZ trojan (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\54\4ce42276-1a13b8cf a variant of Win32/Kryptik.YFB trojan (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\57\40dcf279-76dcd2a2 a variant of Win32/Kryptik.YEZ trojan (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\6\511051c6-7abbff8c a variant of Java/Agent.DZ trojan (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\63\375f92ff-1b8aec72 a variant of Java/Agent.DZ trojan (unable to clean) 00000000000000000000000000000000 I

C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\netbt.sys.vir a variant of Win32/Rootkit.Kryptik.HB trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{969DFE9B-F8FF-41F3-9A35-65DC7FA5A70C}\RP284\A0057311.sys a variant of Win32/Rootkit.Kryptik.HB trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{969DFE9B-F8FF-41F3-9A35-65DC7FA5A70C}\RP284\A0058316.sys a variant of Win32/Rootkit.Kryptik.HB trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{969DFE9B-F8FF-41F3-9A35-65DC7FA5A70C}\RP284\A0058330.sys a variant of Win32/Rootkit.Kryptik.HB trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{969DFE9B-F8FF-41F3-9A35-65DC7FA5A70C}\RP284\A0058342.sys a variant of Win32/Rootkit.Kryptik.HB trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{969DFE9B-F8FF-41F3-9A35-65DC7FA5A70C}\RP284\A0058381.sys a variant of Win32/Rootkit.Kryptik.HB trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{969DFE9B-F8FF-41F3-9A35-65DC7FA5A70C}\RP285\A0059387.sys a variant of Win32/Rootkit.Kryptik.HB trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{969DFE9B-F8FF-41F3-9A35-65DC7FA5A70C}\RP285\A0060386.sys a variant of Win32/Rootkit.Kryptik.HB trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{969DFE9B-F8FF-41F3-9A35-65DC7FA5A70C}\RP286\A0060411.sys a variant of Win32/Rootkit.Kryptik.HB trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{969DFE9B-F8FF-41F3-9A35-65DC7FA5A70C}\RP287\A0060441.sys a variant of Win32/Rootkit.Kryptik.HB trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{969DFE9B-F8FF-41F3-9A35-65DC7FA5A70C}\RP287\A0061440.sys a variant of Win32/Rootkit.Kryptik.HB trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{969DFE9B-F8FF-41F3-9A35-65DC7FA5A70C}\RP289\A0061495.sys a variant of Win32/Rootkit.Kryptik.HB trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{969DFE9B-F8FF-41F3-9A35-65DC7FA5A70C}\RP292\A0061823.sys a variant of Win32/Rootkit.Kryptik.HB trojan (unable to clean) 00000000000000000000000000000000 I

Link to post
Share on other sites

Computer's acting a little strange after the scan..

My language bar disappeared for a while, and I was stuck in Japanese IME. I rebooted, had a reaaaallly slow startup, and although I can type in roman letters again, the language bar is still nowhere..

MBAM is showing SOME outgoing IP attempts... Not nearly as many as before, but it did show one or two attempts (compared to like 20 before, haha!)

Just wanted to update you on the behavior!

Link to post
Share on other sites

We have some more cleanup to do:

Please do the following:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KILLALL::

ClearJavaCache::

File::

C:\Documents and Settings\Mikan\Desktop\Project64k_0.31.rar

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I shall require in your next reply.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Please include the newly-created C:\ComboFix.txt in your next reply, and let me know how things are running now ;)

Link to post
Share on other sites

Here you go!

ComboFix 12-01-03.04 - Mikan 01/03/2012 10:40:28.3.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.583 [GMT -7:00]

Running from: c:\documents and settings\Mikan\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Mikan\Desktop\CFScript.txt

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

FILE ::

"c:\documents and settings\Mikan\Desktop\Project64k_0.31.rar"

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Mikan\Desktop\Project64k_0.31.rar

.

.

((((((((((((((((((((((((( Files Created from 2011-12-03 to 2012-01-03 )))))))))))))))))))))))))))))))

.

.

2012-01-03 17:54 . 2012-01-03 17:54 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BABA7170-89F6-48C1-8800-D3276A03933D}\offreg.dll

2012-01-03 02:29 . 2012-01-03 02:29 -------- d-----w- c:\program files\ESET

2012-01-03 02:14 . 2011-11-21 10:47 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BABA7170-89F6-48C1-8800-D3276A03933D}\mpengine.dll

2011-12-30 21:20 . 2008-05-14 00:23 417792 ----a-w- c:\program files\Windows Media Player\Plugins\wmp_scrobbler.dll

2011-12-30 21:19 . 2011-12-30 21:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Last.fm

2011-12-26 03:08 . 2011-12-26 03:08 -------- d-----w- C:\tdsskiller

2011-12-26 02:26 . 2011-12-26 02:27 -------- d-s---w- c:\documents and settings\NetworkService\UserData

2011-12-26 01:42 . 2011-12-26 01:46 -------- d-----w- C:\xp_exe_fix

2011-12-26 00:47 . 2011-12-26 00:47 -------- d-----w- c:\documents and settings\Administrator

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-12-10 22:24 . 2011-06-17 03:34 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-11-23 13:25 . 2008-04-14 12:00 1859584 ----a-w- c:\windows\system32\win32k.sys

2011-11-21 10:47 . 2011-06-18 11:32 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-11-01 20:35 . 2008-04-14 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll

2011-11-01 20:35 . 2008-04-14 12:00 667136 ----a-w- c:\windows\system32\wininet.dll

2011-11-01 20:35 . 2008-04-14 12:00 61952 ----a-w- c:\windows\system32\tdc.ocx

2011-11-01 16:07 . 2008-04-14 12:00 1288704 ----a-w- c:\windows\system32\ole32.dll

2011-11-01 15:02 . 2008-04-14 12:00 369664 ----a-w- c:\windows\system32\html.iec

2011-10-28 05:31 . 2008-04-14 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll

2011-10-25 13:37 . 2008-04-14 12:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-10-25 12:52 . 2008-04-14 00:01 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-10-18 11:13 . 2008-04-14 12:00 186880 ----a-w- c:\windows\system32\encdec.dll

2011-10-10 14:22 . 2011-06-17 03:09 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-10-07 21:56 . 2011-08-27 21:53 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

.

.

((((((((((((((((((((((((((((( SnapShot@2012-01-02_01.53.50 )))))))))))))))))))))))))))))))))))))))))

.

+ 2012-01-03 17:54 . 2012-01-03 17:54 16384 c:\windows\temp\Perflib_Perfdata_1f8.dat

- 2011-06-21 03:46 . 2012-01-02 01:53 14163 c:\windows\system32\tablet.dat

+ 2011-06-21 03:46 . 2012-01-03 17:54 14163 c:\windows\system32\tablet.dat

+ 2008-04-14 12:00 . 2012-01-03 01:50 67740 c:\windows\system32\perfc009.dat

- 2008-04-14 12:00 . 2012-01-02 01:57 67740 c:\windows\system32\perfc009.dat

+ 2008-04-14 12:00 . 2012-01-03 01:50 432784 c:\windows\system32\perfh009.dat

- 2008-04-14 12:00 . 2012-01-02 01:57 432784 c:\windows\system32\perfh009.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Mikan\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Mikan\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Mikan\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Mikan\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CreativeTaskScheduler"="c:\program files\Creative\Shared Files\CTSched.exe" [2006-11-18 53341]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]

"Creative Software Update"="c:\program files\Creative\Shared Files\Software Update\AutoUpdate.exe" [2009-01-15 430968]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-11 61440]

"CTxfiHlp"="CTXFIHLP.EXE" [2010-05-06 25600]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]

"WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-03-22 74752]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-20 421736]

"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-08-12 205336]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-25 460872]

.

c:\documents and settings\Mikan\Start Menu\Programs\Startup\

Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

Dropbox.lnk - c:\documents and settings\Mikan\Application Data\Dropbox\bin\Dropbox.exe [2011-12-5 24242056]

Impulse Now.lnk - c:\program files\Impulse\Now\ImpulseNow.exe [2011-10-13 2042088]

OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDockFree\ObjectDock.exe [2010-10-6 3768176]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]

"{1984D045-52CF-49cd-DB77-08F378FEA4DB}"= "c:\program files\Stardock\ObjectDockFree\ODMenu.dll" [2010-10-04 511344]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200411]

Ime File REG_SZ GIMEJA.IME

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Phoenix Viewer\\SLVoice.exe"=

"c:\\Program Files\\Winamp\\winamp.exe"=

"c:\\Documents and Settings\\Mikan\\My Documents\\zsnes\\zsnes\\ZSNESW.EXE"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Documents and Settings\\Mikan\\Application Data\\Dropbox\\bin\\Dropbox.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Pidgin\\pidgin.exe"=

"c:\\Program Files\\Phoenix Viewer\\SLPlugin.exe"=

"c:\\Program Files\\Firestorm-Beta-Mesh\\SLVoice.exe"=

"c:\\Documents and Settings\\Mikan\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\PlayOnline\\SquareEnix\\PlayOnlineViewer\\pol.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

.

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [6/23/2011 12:28 PM 218688]

R2 GoogleIMEJaCacheService;Google Japanese Input Cache Service;c:\program files\Google\Google Japanese Input\GoogleIMEJaCacheService.exe [9/13/2011 1:48 AM 664192]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/16/2011 8:34 PM 652872]

R2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [8/19/2011 2:26 AM 450848]

R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [5/5/2010 9:23 PM 171096]

R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [5/5/2010 9:24 PM 1324120]

R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [5/5/2010 9:23 PM 72792]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/16/2011 8:34 PM 20464]

S1 MpKsl00583bc9;MpKsl00583bc9;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5BD4ABEA-4F99-4350-9CFC-F3ECA3666CAC}\MpKsl00583bc9.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5BD4ABEA-4F99-4350-9CFC-F3ECA3666CAC}\MpKsl00583bc9.sys [?]

S1 MpKsl0b1bf2cd;MpKsl0b1bf2cd;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0B173DC8-4444-475E-81A5-926DA4397855}\MpKsl0b1bf2cd.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0B173DC8-4444-475E-81A5-926DA4397855}\MpKsl0b1bf2cd.sys [?]

S1 MpKsl185df515;MpKsl185df515;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D9F3C4C9-5BBA-4DB0-9587-72C41C53A63D}\MpKsl185df515.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D9F3C4C9-5BBA-4DB0-9587-72C41C53A63D}\MpKsl185df515.sys [?]

S1 MpKsl1bc7b979;MpKsl1bc7b979;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D7A0B234-B325-4DC0-9614-C6258E21C68D}\MpKsl1bc7b979.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D7A0B234-B325-4DC0-9614-C6258E21C68D}\MpKsl1bc7b979.sys [?]

S1 MpKsl29020f93;MpKsl29020f93;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B4C47B33-9D77-43D1-A7CC-DC1943CBC441}\MpKsl29020f93.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B4C47B33-9D77-43D1-A7CC-DC1943CBC441}\MpKsl29020f93.sys [?]

S1 MpKsl2b23e564;MpKsl2b23e564;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0A3D7649-966E-4129-99A1-67D7A99FB6E6}\MpKsl2b23e564.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0A3D7649-966E-4129-99A1-67D7A99FB6E6}\MpKsl2b23e564.sys [?]

S1 MpKsl2c8bd254;MpKsl2c8bd254;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D7A0B234-B325-4DC0-9614-C6258E21C68D}\MpKsl2c8bd254.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D7A0B234-B325-4DC0-9614-C6258E21C68D}\MpKsl2c8bd254.sys [?]

S1 MpKsl2c8e3881;MpKsl2c8e3881;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3E99C1E2-305C-429D-9A8D-EF1B81129405}\MpKsl2c8e3881.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3E99C1E2-305C-429D-9A8D-EF1B81129405}\MpKsl2c8e3881.sys [?]

S1 MpKsl38af0caf;MpKsl38af0caf;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{06DFD417-CC89-40FE-A7A3-B3CA6A23289A}\MpKsl38af0caf.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{06DFD417-CC89-40FE-A7A3-B3CA6A23289A}\MpKsl38af0caf.sys [?]

S1 MpKsl38f08803;MpKsl38f08803;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D9F3C4C9-5BBA-4DB0-9587-72C41C53A63D}\MpKsl38f08803.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D9F3C4C9-5BBA-4DB0-9587-72C41C53A63D}\MpKsl38f08803.sys [?]

S1 MpKsl391d5a8a;MpKsl391d5a8a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A5E3BCA6-A468-4ECA-8236-2556FD23E012}\MpKsl391d5a8a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A5E3BCA6-A468-4ECA-8236-2556FD23E012}\MpKsl391d5a8a.sys [?]

S1 MpKsl453a567f;MpKsl453a567f;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1372A4BF-5B8A-400A-8DCA-CF3256C59974}\MpKsl453a567f.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1372A4BF-5B8A-400A-8DCA-CF3256C59974}\MpKsl453a567f.sys [?]

S1 MpKsl5b757c40;MpKsl5b757c40;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1124AA19-FCE6-4BBE-B0BB-51114CC738ED}\MpKsl5b757c40.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1124AA19-FCE6-4BBE-B0BB-51114CC738ED}\MpKsl5b757c40.sys [?]

S1 MpKsl5efe89da;MpKsl5efe89da;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2D732830-46EE-4070-953E-36855F4DC005}\MpKsl5efe89da.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2D732830-46EE-4070-953E-36855F4DC005}\MpKsl5efe89da.sys [?]

S1 MpKsl6743704b;MpKsl6743704b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C918E926-75A5-4BBA-AB72-8F3B379E2B31}\MpKsl6743704b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C918E926-75A5-4BBA-AB72-8F3B379E2B31}\MpKsl6743704b.sys [?]

S1 MpKsl6857b1ad;MpKsl6857b1ad;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AAD29379-8661-4258-BAA1-AAEF061CABEF}\MpKsl6857b1ad.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AAD29379-8661-4258-BAA1-AAEF061CABEF}\MpKsl6857b1ad.sys [?]

S1 MpKsl6935dc34;MpKsl6935dc34;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0B173DC8-4444-475E-81A5-926DA4397855}\MpKsl6935dc34.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0B173DC8-4444-475E-81A5-926DA4397855}\MpKsl6935dc34.sys [?]

S1 MpKsl722fe2d0;MpKsl722fe2d0;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1372A4BF-5B8A-400A-8DCA-CF3256C59974}\MpKsl722fe2d0.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1372A4BF-5B8A-400A-8DCA-CF3256C59974}\MpKsl722fe2d0.sys [?]

S1 MpKsl7481101a;MpKsl7481101a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E53D9442-E252-4C00-9D0D-CB7B6BBC42CB}\MpKsl7481101a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E53D9442-E252-4C00-9D0D-CB7B6BBC42CB}\MpKsl7481101a.sys [?]

S1 MpKsl820a18ec;MpKsl820a18ec;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C8156DD2-E093-420B-9A11-6FC58B2676F4}\MpKsl820a18ec.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C8156DD2-E093-420B-9A11-6FC58B2676F4}\MpKsl820a18ec.sys [?]

S1 MpKsl847a4619;MpKsl847a4619;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{91C930EB-7DDE-4F37-982F-2A013B0F7D6E}\MpKsl847a4619.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{91C930EB-7DDE-4F37-982F-2A013B0F7D6E}\MpKsl847a4619.sys [?]

S1 MpKsl87923f45;MpKsl87923f45;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4E350CB6-F3F6-4C65-BFF1-E9C0F11DD81F}\MpKsl87923f45.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4E350CB6-F3F6-4C65-BFF1-E9C0F11DD81F}\MpKsl87923f45.sys [?]

S1 MpKsl8b00fb0e;MpKsl8b00fb0e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1551B41D-9585-4C31-9C20-5DFBAE648AEC}\MpKsl8b00fb0e.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1551B41D-9585-4C31-9C20-5DFBAE648AEC}\MpKsl8b00fb0e.sys [?]

S1 MpKsl90998879;MpKsl90998879;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8C223729-56DC-4F84-8D7B-C9044CA64D9A}\MpKsl90998879.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8C223729-56DC-4F84-8D7B-C9044CA64D9A}\MpKsl90998879.sys [?]

S1 MpKsl91166335;MpKsl91166335;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7669262D-8DFC-4D8E-8537-425400A5EC0C}\MpKsl91166335.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7669262D-8DFC-4D8E-8537-425400A5EC0C}\MpKsl91166335.sys [?]

S1 MpKsl966aab78;MpKsl966aab78;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{91C930EB-7DDE-4F37-982F-2A013B0F7D6E}\MpKsl966aab78.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{91C930EB-7DDE-4F37-982F-2A013B0F7D6E}\MpKsl966aab78.sys [?]

S1 MpKsl9d5b14ac;MpKsl9d5b14ac;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{20275AA2-9196-4EBE-86AB-E638BD6A65C4}\MpKsl9d5b14ac.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{20275AA2-9196-4EBE-86AB-E638BD6A65C4}\MpKsl9d5b14ac.sys [?]

S1 MpKsla12deac1;MpKsla12deac1;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{15A308B0-83F5-48FA-AF9D-0CD712964390}\MpKsla12deac1.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{15A308B0-83F5-48FA-AF9D-0CD712964390}\MpKsla12deac1.sys [?]

S1 MpKsla274dc94;MpKsla274dc94;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C8156DD2-E093-420B-9A11-6FC58B2676F4}\MpKsla274dc94.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C8156DD2-E093-420B-9A11-6FC58B2676F4}\MpKsla274dc94.sys [?]

S1 MpKsla2cff44a;MpKsla2cff44a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{15A308B0-83F5-48FA-AF9D-0CD712964390}\MpKsla2cff44a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{15A308B0-83F5-48FA-AF9D-0CD712964390}\MpKsla2cff44a.sys [?]

S1 MpKsla9761909;MpKsla9761909;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{501FF842-8EF7-4859-9E1E-3435BCF607A7}\MpKsla9761909.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{501FF842-8EF7-4859-9E1E-3435BCF607A7}\MpKsla9761909.sys [?]

S1 MpKslb30300e0;MpKslb30300e0;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2D732830-46EE-4070-953E-36855F4DC005}\MpKslb30300e0.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2D732830-46EE-4070-953E-36855F4DC005}\MpKslb30300e0.sys [?]

S1 MpKslb57e28da;MpKslb57e28da;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7C06CD88-5330-4717-86DC-6817E74F16A7}\MpKslb57e28da.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7C06CD88-5330-4717-86DC-6817E74F16A7}\MpKslb57e28da.sys [?]

S1 MpKslb78d6b9b;MpKslb78d6b9b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{74C3F2DE-B138-41D1-8A8B-5D111A242CB2}\MpKslb78d6b9b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{74C3F2DE-B138-41D1-8A8B-5D111A242CB2}\MpKslb78d6b9b.sys [?]

S1 MpKslb9331d1f;MpKslb9331d1f;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9CEC1698-24FE-42C0-9D7B-95A934B4DA58}\MpKslb9331d1f.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9CEC1698-24FE-42C0-9D7B-95A934B4DA58}\MpKslb9331d1f.sys [?]

S1 MpKslc18e2046;MpKslc18e2046;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2D732830-46EE-4070-953E-36855F4DC005}\MpKslc18e2046.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2D732830-46EE-4070-953E-36855F4DC005}\MpKslc18e2046.sys [?]

S1 MpKslc4cecf06;MpKslc4cecf06;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FA6D8516-53FE-4496-8088-5674CF05ED6E}\MpKslc4cecf06.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FA6D8516-53FE-4496-8088-5674CF05ED6E}\MpKslc4cecf06.sys [?]

S1 MpKslc82c8c55;MpKslc82c8c55;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{59EFA119-6F6C-4694-9A86-CF7C7C381BE5}\MpKslc82c8c55.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{59EFA119-6F6C-4694-9A86-CF7C7C381BE5}\MpKslc82c8c55.sys [?]

S1 MpKsld4994d92;MpKsld4994d92;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{62EF42E8-0ECD-42C0-942E-CD69E6615624}\MpKsld4994d92.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{62EF42E8-0ECD-42C0-942E-CD69E6615624}\MpKsld4994d92.sys [?]

S1 MpKslda1dbb56;MpKslda1dbb56;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E53D9442-E252-4C00-9D0D-CB7B6BBC42CB}\MpKslda1dbb56.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E53D9442-E252-4C00-9D0D-CB7B6BBC42CB}\MpKslda1dbb56.sys [?]

S1 MpKsle363f9a0;MpKsle363f9a0;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CE5DBAFA-23C5-4AF5-9903-DC9827272342}\MpKsle363f9a0.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CE5DBAFA-23C5-4AF5-9903-DC9827272342}\MpKsle363f9a0.sys [?]

S1 MpKslecb5a26e;MpKslecb5a26e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{59EFA119-6F6C-4694-9A86-CF7C7C381BE5}\MpKslecb5a26e.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{59EFA119-6F6C-4694-9A86-CF7C7C381BE5}\MpKslecb5a26e.sys [?]

S1 MpKslf06818e1;MpKslf06818e1;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5954AFFF-76F7-46EF-B4DE-99BC03D5975F}\MpKslf06818e1.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5954AFFF-76F7-46EF-B4DE-99BC03D5975F}\MpKslf06818e1.sys [?]

S1 MpKslf1a8cd8a;MpKslf1a8cd8a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3788B5A1-E1F0-4554-B71F-8DB77129EE2E}\MpKslf1a8cd8a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3788B5A1-E1F0-4554-B71F-8DB77129EE2E}\MpKslf1a8cd8a.sys [?]

S1 MpKslf9de021a;MpKslf9de021a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{59EFA119-6F6C-4694-9A86-CF7C7C381BE5}\MpKslf9de021a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{59EFA119-6F6C-4694-9A86-CF7C7C381BE5}\MpKslf9de021a.sys [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/4/2011 11:56 PM 136176]

S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [6/16/2011 8:50 PM 79360]

S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [5/5/2010 9:23 PM 171096]

S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [5/5/2010 9:24 PM 1324120]

S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [5/5/2010 9:23 PM 72792]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [8/4/2011 11:56 PM 136176]

.

Contents of the 'Scheduled Tasks' folder

.

2012-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-05 06:55]

.

2012-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-05 06:55]

.

2012-01-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-1637723038-1417001333-1003Core.job

- c:\documents and settings\Mikan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-17 14:29]

.

2012-01-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-1637723038-1417001333-1003UA.job

- c:\documents and settings\Mikan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-17 14:29]

.

2012-01-03 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 22:39]

.

.

------- Supplementary Scan -------

.

uInternet Settings,ProxyOverride = *.local

IE: Free YouTube to MP3 Converter - c:\documents and settings\Mikan\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Mikan\Start Menu\Programs\IMVU\Run IMVU.lnk

TCP: DhcpNameServer = 192.168.0.1 205.171.3.25

FF - ProfilePath - c:\documents and settings\Mikan\Application Data\Mozilla\Firefox\Profiles\8k0kstmg.default\

FF - prefs.js: browser.startup.homepage - hxxp://sanger.dk/

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: BlockSite: {dd3d7613-0246-469d-bc65-2a3cc1668adc} - %profile%\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}

FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

FF - Ext: Free YouTube Download (Free Studio) Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

FF - Ext: Stylish: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8} - %profile%\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}

FF - Ext: Shareon Tumblr: 714cb7478d98b1cb51d1f5f515f060c7@link.codefisher.org - %profile%\extensions\714cb7478d98b1cb51d1f5f515f060c7@link.codefisher.org

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-01-03 10:54

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

CTxfiHlp = CTXFIHLP.EXE?

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(688)

c:\windows\system32\Ati2evxx.dll

c:\windows\system32\GIMEJA.IME

.

- - - - - - - > 'explorer.exe'(2784)

c:\program files\Stardock\ObjectDockFree\DockShellHook.dll

c:\windows\system32\tabhook.dll

c:\windows\system32\GIMEJA.IME

c:\documents and settings\Mikan\Application Data\Dropbox\bin\DropboxExt.14.dll

c:\program files\Stardock\ObjectDockFree\ODMenu.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe

c:\windows\system32\Ati2evxx.exe

c:\program files\Creative\Shared Files\CTAudSvc.exe

c:\program files\Google\Update\1.3.21.79\GoogleCrashHandler.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\Tablet.exe

c:\windows\system32\wdfmgr.exe

c:\windows\system32\CTXFIHLP.EXE

c:\program files\Logitech\LWS\Webcam Software\CameraHelperShell.exe

c:\program files\OpenOffice.org 3\program\soffice.exe

c:\program files\OpenOffice.org 3\program\soffice.bin

c:\windows\SYSTEM32\CTXFISPI.EXE

c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe

c:\program files\iPod\bin\iPodService.exe

.

**************************************************************************

.

Completion time: 2012-01-03 11:01:45 - machine was rebooted

ComboFix-quarantined-files.txt 2012-01-03 18:01

ComboFix2.txt 2012-01-03 02:11

ComboFix3.txt 2012-01-02 02:04

.

Pre-Run: 97,507,606,528 bytes free

Post-Run: 97,524,441,088 bytes free

.

- - End Of File - - A9CA58FB7202B44A95BD68EC414DD784

Link to post
Share on other sites

Great!

Now that you're clean, let's see what programs of yours we need to update:

Please download Security Check by screen317 from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Link to post
Share on other sites

Results of screen317's Security Check version 0.99.30

Windows XP Service Pack 3 x86

Internet Explorer 6 Out of date!

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

ESET Online Scanner v3

Microsoft Security Essentials

Antivirus up to date!

```````````````````````````````

Anti-malware/Other Utilities Check:

Java 6 Update 22

Java version out of date!

Adobe Flash Player 11.0.1.152

Mozilla Firefox (3.6.25) Firefox out of Date!

````````````````````````````````

Process Check:

objlist.exe by Laurent

Windows Defender MSMpEng.exe

Malwarebytes' Anti-Malware mbamservice.exe

Microsoft Security Essentials msseces.exe

Microsoft Security Client Antimalware MsMpEng.exe

``````````End of Log````````````

Link to post
Share on other sites

Good. Before we move on to the next step, please update the following programs. (Using outdated applications leaves you extremely vulnerable to getting infected again.)

You are using Internet Explorer version 6. Using an outdated version of a web browser leaves you extremely vulnerable to malware!

Please see this link to download the latest version: http://windows.microsoft.com/en-US/internet-explorer/products/ie/home

----------

Java is out of date and older versions contain vulnerabilities. Please update to the newest version.

Download the newest version from here http://www.oracle.com/technetwork/java/javase/downloads/index.html.

It's important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.

Go to Start > Control Panel and open Add or Remove Programs.

Search in the list for all previous installed versions of Java. (J2SE Runtime Environment).

They will have this icon next to them: javaicon.gif

Select each in turn and click Remove.

Once old versions are gone, please install the newest version.

----------

Firefox is out of date. Using an outdated version of a web browser leaves you vulnerable to malware!

Please visit Mozilla site and update it to the latest version.

----------

Please let me know how the updates went, as failed updates may indicate additional malware ;).

Link to post
Share on other sites

Glad to hear the updates went well! :D

I will now provide you with some suggestions for security software, but first, let's remove ComboFix ;):

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall

-------------

Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future. :)

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

It is really dangerous to go online without an antivirus. Without one, you are extremely likely to get infected and the consequences could be even worse next time. All of the following are excellent free antiviruses. Be sure to only install one.

avast!.

AntiVir

AVG

Please consider installing and running some of the following programs; they are either free or have free versions of commercial programs:

Spybot-Search & Destroy

A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features if you don't have the resident part of another anti-spyware program running.

SpywareBlaster

A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.

SpywareGuard

A tutorial on using SpywareGuard for real-time protection against spyware and hijackers may be found here.

Please, consider maintaining a firewall with HIPS (Host Intrusion Prevention Systems). Firewalls are extremely important and are the first part of your computer's defense. HIPS stops malware by monitoring its behavior and it's very important, too.

A firewall is a software program or piece of hardware that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet.

If you are using the Windows Firewall please note that it doesn't monitor or block outbound traffic and is therefore less effective than other free alternatives.

These firewalls are good and do have free versions available

A tutorial on understanding and using firewalls may be found here.

If you use Internet Explorer, it is a good idea to use IE-Spyad for ZonedOut which provides protections against malicious websites. (Requires 2 downloads)

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster and IE-Spyad can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:

http://www.spywarewarrior.com/rogue_anti-spyware.htm

A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

Please consider using an alternate browser. Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScripts, can make it even more secure. Opera is another good option.

If you are interested, Firefox may be downloaded from here

Opera is available here: http://www.opera.com/download/

For much more useful information, please also read Tony Klein's excellent article: How did I get infected in the first place

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help. :)

Link to post
Share on other sites

I have a few questions!

For an antivirus, I have MSE already installed, and I use MBAM as well.

Should I keep MSE or get rid of it and install one of your suggested AVs?

Also, I downloaded SpywareBlaster as well, and followed the guide you linked to set it up. Is this a program that needs to be constantly run, or is it running in the background/etc?

I'm currently setting up the OnlineArmor firewall, so if I have any questions I'll let you know!

Other than that, Combofix was uninstalled, and I followed your directions :D

Link to post
Share on other sites

I have a few questions!

For an antivirus, I have MSE already installed, and I use MBAM as well.

Should I keep MSE or get rid of it and install one of your suggested AVs?

Personally, I use Avast! Free and Malwarebytes Pro. You might want to try that, I find that the combination is both very flexible and effective :).

Remember, running more than one antivirus/antispyware program in resident mode is a bad idea- they can actually conflict, leaving you less protected overall. Malwarebytes is designed to work in cooperation with whatever antivirus you use, so you may want to throw that on there for another layer of protection.

Also, I downloaded SpywareBlaster as well, and followed the guide you linked to set it up. Is this a program that needs to be constantly run, or is it running in the background/etc?

As long as you update it now and then, you should be fine. SpywareBlaster does not need to be running to provide protection.

After you enable protection for any/all items, you can exit the program and you will still be protected (SpywareBlaster does not need to be running in the background).

You do not have to start up SpywareBlaster each time you start your computer either - your protection remains in place until you disable it (whether SpywareBlaster is running or not).

Hope that helps ;).

I'm currently setting up the OnlineArmor firewall, so if I have any questions I'll let you know!

Other than that, Combofix was uninstalled, and I followed your directions :D

Sounds good! Let me know if you need any clarification on anything :).

Link to post
Share on other sites

Everything is set up and going well~

I'm enjoying the new firewall actually!

Glad to hear that! :)

Is there anything else I need to do?

Nope, unless you personally feel there's something that needs addressing. You may wish to bookmark this topic so you can refer to it in the future ;).

If you have any questions, don't hesitate to ask!

Link to post
Share on other sites

  • Staff

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.