Cannot run MBAM, Internet, Firewall, Hijackthis, Printers

[FAR]

My PC (xp sp3), doesn't seem to want to work with me. I try to do a hijackthis, and it runs, and closes, and then you can't even run it a second time.. No logs. Mbam doesn't even want to load. Firewalls off, network doesn't seem to want to load. And the taskbar has turned into a small line at the bottom of the desktop, and the minimized windows sit on top of that. System restore doesn't even load after clicking on the icon. The printers aren't even being recognized. And the windows keep wont pop up either.

Let me provide a SysProt Log...

SysProtLog.txt

[FAR]

Any help?

[Irun6snd8th]

Any help?

Ran into this same issue this weekend. Had to rebuild the machine.

[FAR]

Ran into this same issue this weekend. Had to rebuild the machine.

How did your's end up like that? Because I don't know what someone did after I left my PC.

[FAR]

Is it me or have the viruses gotten more tricky and nasty than before?

[FAR]

I guess I'll try this method first.

http://www.malwarebytes.org/forums/index.php?showtopic=12709

[FAR]

Looks like root repeal shuts down after file searching something in windows/PIF/PIF

And it seems like this is some sort of chinese virus according to the other reports from root repeal.

drivers.txt

shadow_ssdt.txt

ssd.txt

stealth_objects.txt

[FAR]

Someone must know something?

[screen317]

Hello and welcome to Malwarebytes.

My apologies for the delay; do you still need help?

[FAR]

Hello and welcome to Malwarebytes.

My apologies for the delay; do you still need help?

Aye I still do need help, thank you for asking.

[FAR]

I was able to get a hijackthis log with the diagnostic startup.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 2:43:13 AM, on 1/3/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\WINDOWS\system32\userinit.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\taskmgr.exe

C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe

L:\Hortmackfhis.exe

C:\WINDOWS\system32\wpabaln.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\PROGRA~1\FREEDO~1\iefdm2.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')

O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User '?')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')

O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm

O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm

O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1227168631375

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: DCOM Server Process Launcher (DcomLaunch) - Unknown owner - C:\WINDOWS\system32\svchost.exe

O23 - Service: Remote Procedure Call (RPC) (RpcSs) - Unknown owner - C:\WINDOWS\system32\svchost.exe

O24 - Desktop Component 0: (no name) - http://i1.ytimg.com/bg/8aEAyryaSz9TS4bP9Pb...bg&v=5496cf

--

End of file - 5231 bytes

[FAR]

Confusing. I click on the diagnostic setting and press okay, but I get an error pop up saying I need to be an administrator. So I think when it restarts, it's in selective startup.

I reran a sysprot scan. It completed itself. I tried to run combofix but the pc did a shutdown on me. A bit different from combofix just turning off on normal boot.

SysProt AntiRootkit v1.0.1.0

by swatkat

********************************************************************************

**********

********************************************************************************

**********

Process:

Name: [system Idle Process]

PID: 0

Hidden: No

Window Visible: No

Name: System

PID: 4

Hidden: No

Window Visible: No

Name: C:\WINDOWS\system32\smss.exe

PID: 724

Hidden: No

Window Visible: No

Name: C:\WINDOWS\system32\csrss.exe

PID: 780

Hidden: No

Window Visible: No

Name: C:\WINDOWS\system32\winlogon.exe

PID: 812

Hidden: No

Window Visible: No

Name: C:\WINDOWS\system32\services.exe

PID: 856

Hidden: No

Window Visible: No

Name: C:\WINDOWS\system32\lsass.exe

PID: 868

Hidden: No

Window Visible: No

Name: C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

PID: 1064

Hidden: No

Window Visible: No

Name: C:\WINDOWS\explorer.exe

PID: 1340

Hidden: No

Window Visible: No

Name: C:\WINDOWS\system32\taskmgr.exe

PID: 1376

Hidden: No

Window Visible: No

Name: C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe

PID: 1592

Hidden: No

Window Visible: No

Name: C:\WINDOWS\system32\wpabaln.exe

PID: 1648

Hidden: No

Window Visible: No

Name: L:\SysProt\SysProt.exe

PID: 1364

Hidden: No

Window Visible: Yes

********************************************************************************

**********

********************************************************************************

**********

Kernel Modules:

Module Name: \??\L:\SysProt\SysProtDrv.sys

Service Name: SysProtDrv.sys

Module Base: F76E7000

Module End: F76F2000

Hidden: No

Module Name: C:\WINDOWS\system32\ntkrnlpa.exe

Service Name: ---

Module Base: 804D7000

Module End: 806E4000

Hidden: No

Module Name: C:\WINDOWS\system32\hal.dll

Service Name: ---

Module Base: 806E4000

Module End: 80704D00

Hidden: No

Module Name: C:\WINDOWS\system32\KDCOM.DLL

Service Name: ---

Module Base: F7987000

Module End: F7989000

Hidden: No

Module Name: C:\WINDOWS\system32\BOOTVID.dll

Service Name: ---

Module Base: F7897000

Module End: F789A000

Hidden: No

Module Name: spsu.sys

Service Name: ---

Module Base: F7285000

Module End: F7386000

Hidden: Yes

Module Name: C:\WINDOWS\system32\drivers\WMILIB.SYS

Service Name: ---

Module Base: F7989000

Module End: F798B000

Hidden: No

Module Name: C:\WINDOWS\system32\drivers\SCSIPORT.SYS

Service Name: ---

Module Base: F726D000

Module End: F7285000

Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ACPI.sys

Service Name: ACPI

Module Base: F723F000

Module End: F726D000

Hidden: No

Module Name: C:\WINDOWS\system32\drivers\pci.sys

Service Name: PCI

Module Base: F722E000

Module End: F723F000

Hidden: No

Module Name: C:\WINDOWS\system32\drivers\isapnp.sys

Service Name: isapnp

Module Base: F7487000

Module End: F7491000

Hidden: No

Module Name: C:\WINDOWS\system32\drivers\pciide.sys

Service Name: PCIIde

Module Base: F7A4F000

Module End: F7A50000

Hidden: No

Module Name: C:\WINDOWS\system32\drivers\PCIIDEX.SYS

Service Name: ---

Module Base: F7707000

Module End: F770E000

Hidden: No

Module Name: C:\WINDOWS\system32\drivers\MountMgr.sys

Service Name: MountMgr

Module Base: F7497000

Module End: F74A2000

Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ftdisk.sys

Service Name: Disk

Module Base: F720F000

Module End: F722E000

Hidden: No

Module Name: C:\WINDOWS\system32\drivers\PartMgr.sys

Service Name: PartMgr

Module Base: F770F000

Module End: F7714000

Hidden: No

Module Name: C:\WINDOWS\system32\drivers\VolSnap.sys

Service Name: VolSnap

Module Base: F74A7000

Module End: F74B4000

Hidden: No

Module Name: C:\WINDOWS\system32\drivers\atapi.sys

Service Name: atapi

Module Base: F71F7000

Module End: F720F000

Hidden: No

Module Name: C:\WINDOWS\system32\drivers\disk.sys

Service Name: ---

Module Base: F74B7000

Module End: F74C0000

Hidden: No

Module Name: C:\WINDOWS\system32\drivers\CLASSPNP.SYS

Service Name: ---

Module Base: F74C7000

Module End: F74D4000

Hidden: No

Module Name: C:\WINDOWS\system32\drivers\fltMgr.sys

Service Name: FltMgr

Module Base: F71D7000

Module End: F71F7000

Hidden: No

Module Name: C:\WINDOWS\system32\drivers\KSecDD.sys

Service Name: KSecDD

Module Base: F71C0000

Module End: F71D7000

Hidden: No

Module Name: C:\WINDOWS\system32\drivers\WudfPf.sys

Service Name: WudfPf

Module Base: F71AD000

Module End: F71C0000

Hidden: No

Module Name: C:\WINDOWS\system32\drivers\Ntfs.sys

Service Name: Ntfs

Module Base: F7120000

Module End: F71AD000

Hidden: No

Module Name: C:\WINDOWS\system32\drivers\NDIS.sys

Service Name: NDIS

Module Base: F70F3000

Module End: F7120000

Hidden: No

Module Name: C:\WINDOWS\system32\speedfan.sys

Service Name: speedfan

Module Base: F798B000

Module End: F798D000

Hidden: No

Module Name: C:\WINDOWS\system32\drivers\Mup.sys

Service Name: Mup

Module Base: F70D9000

Module End: F70F3000

Hidden: No

Module Name: C:\WINDOWS\system32\giveio.sys

Service Name: giveio

Module Base: F7A50000

Module End: F7A51000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\tunmp.sys

Service Name: tunmp

Module Base: F70A1000

Module End: F70A4000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\intelppm.sys

Service Name: intelppm

Module Base: F7567000

Module End: F7570000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

Service Name: ati2mtag

Module Base: F67F4000

Module End: F6C78000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS

Service Name: ---

Module Base: F67E0000

Module End: F67F4000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

Service Name: HDAudBus

Module Base: F67B8000

Module End: F67E0000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbuhci.sys

Service Name: usbuhci

Module Base: F783F000

Module End: F7845000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS

Service Name: ---

Module Base: F6794000

Module End: F67B8000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbehci.sys

Service Name: usbehci

Module Base: F7847000

Module End: F784F000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\l1e51x86.sys

Service Name: L1e

Module Base: F7577000

Module End: F7584000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ASACPI.sys

Service Name: MTsensor

Module Base: F79B5000

Module End: F79B7000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\i8042prt.sys

Service Name: i8042prt

Module Base: F7587000

Module End: F7594000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\kbdclass.sys

Service Name: Kbdclass

Module Base: F7857000

Module End: F785D000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\serial.sys

Service Name: Serial

Module Base: F7597000

Module End: F75A7000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\serenum.sys

Service Name: serenum

Module Base: F7095000

Module End: F7099000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\imapi.sys

Service Name: Imapi

Module Base: F75A7000

Module End: F75B2000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\cdrom.sys

Service Name: Cdrom

Module Base: F75B7000

Module End: F75C7000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\redbook.sys

Service Name: redbook

Module Base: F75C7000

Module End: F75D6000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ks.sys

Service Name: ---

Module Base: F6771000

Module End: F6794000

Hidden: No

Module Name: \SystemRoot\System32\Drivers\adk34hf9.SYS

Service Name: ---

Module Base: F673A000

Module End: F6771000

Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\ayf3xq7x.SYS

Service Name: ---

Module Base: F6703000

Module End: F673A000

Hidden: Yes

Module Name: C:\WINDOWS\system32\drivers\atkkbnt.sys

Service Name: asuskbnt

Module Base: F6C8C000

Module End: F6C8F000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\wacomvhid.sys

Service Name: wacomvhid

Module Base: F79BF000

Module End: F79C1000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS

Service Name: ---

Module Base: F75D7000

Module End: F75E0000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS

Service Name: ---

Module Base: F77D7000

Module End: F77DE000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\audstub.sys

Service Name: audstub

Module Base: F7B41000

Module End: F7B42000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

Service Name: Rasl2tp

Module Base: F75E7000

Module End: F75F4000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ndistapi.sys

Service Name: NdisTapi

Module Base: F6C84000

Module End: F6C87000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ndiswan.sys

Service Name: NdisWan

Module Base: F66EC000

Module End: F6703000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\raspppoe.sys

Service Name: RasPppoe

Module Base: F75F7000

Module End: F7602000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\raspptp.sys

Service Name: PptpMiniport

Module Base: F7607000

Module End: F7613000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\TDI.SYS

Service Name: ---

Module Base: F77E7000

Module End: F77EC000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\psched.sys

Service Name: PSched

Module Base: F66DB000

Module End: F66EC000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\msgpc.sys

Service Name: Gpc

Module Base: F7617000

Module End: F7620000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ptilink.sys

Service Name: Ptilink

Module Base: F77EF000

Module End: F77F4000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\raspti.sys

Service Name: Raspti

Module Base: F77F7000

Module End: F77FC000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\termdd.sys

Service Name: TermDD

Module Base: F7627000

Module End: F7631000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mouclass.sys

Service Name: Mouclass

Module Base: F77FF000

Module End: F7805000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\swenum.sys

Service Name: swenum

Module Base: F79C5000

Module End: F79C7000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\update.sys

Service Name: Update

Module Base: F65DD000

Module End: F663B000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mssmbios.sys

Service Name: mssmbios

Module Base: F6C78000

Module End: F6C7C000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mouhid.sys

Service Name: mouhid

Module Base: F792F000

Module End: F7932000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys

Service Name: wacommousefilter

Module Base: F7817000

Module End: F781F000

Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\NDProxy.SYS

Service Name: NDProxy

Module Base: F7637000

Module End: F7641000

Hidden: No

Module Name: C:\WINDOWS\system32\drivers\AtiHdmi.sys

Service Name: AtiHdmiService

Module Base: AE7E3000

Module End: AE7FE000

Hidden: No

Module Name: C:\WINDOWS\system32\drivers\portcls.sys

Service Name: ---

Module Base: AE7BF000

Module End: AE7E3000

Hidden: No

Module Name: C:\WINDOWS\system32\drivers\drmk.sys

Service Name: ---

Module Base: F7667000

Module End: F7676000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbhub.sys

Service Name: usbhub

Module Base: F7677000

Module End: F7686000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\USBD.SYS

Service Name: ---

Module Base: F79CB000

Module End: F79CD000

Hidden: No

Module Name: C:\WINDOWS\system32\drivers\RtkHDAud.sys

Service Name: IntcAzAudAddService

Module Base: AE30E000

Module End: AE7BF000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\flpydisk.sys

Service Name: Flpydisk

Module Base: F782F000

Module End: F7834000

Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS

Service Name: Fs_Rec

Module Base: F79CF000

Module End: F79D1000

Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Null.SYS

Service Name: Null

Module Base: F7B89000

Module End: F7B8A000

Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Beep.SYS

Service Name: Beep

Module Base: F79D1000

Module End: F79D3000

Hidden: No

Module Name: C:\WINDOWS\System32\drivers\vga.sys

Service Name: VgaSave

Module Base: F785F000

Module End: F7865000

Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\mnmdd.SYS

Service Name: mnmdd

Module Base: F79D3000

Module End: F79D5000

Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys

Service Name: RDPCDD

Module Base: F79D5000

Module End: F79D7000

Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Msfs.SYS

Service Name: Msfs

Module Base: F7867000

Module End: F786C000

Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Npfs.SYS

Service Name: Npfs

Module Base: F786F000

Module End: F7877000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rasacd.sys

Service Name: RasAcd

Module Base: F6C98000

Module End: F6C9B000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ipsec.sys

Service Name: IPSec

Module Base: AE24B000

Module End: AE25E000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\tcpip.sys

Service Name: Tcpip

Module Base: AE1F2000

Module End: AE24B000

Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\aswTdi.SYS

Service Name: aswTdi

Module Base: F7697000

Module End: F76A2000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\wanarp.sys

Service Name: Wanarp

Module Base: F76A7000

Module End: F76B0000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\netbt.sys

Service Name: NetBT

Module Base: AE1CA000

Module End: AE1F2000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\tcpip6.sys

Service Name: Tcpip6

Module Base: AE192000

Module End: AE1CA000

Hidden: No

Module Name: C:\WINDOWS\System32\drivers\afd.sys

Service Name: AFD

Module Base: AE170000

Module End: AE192000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\netbios.sys

Service Name: NetBIOS

Module Base: F76B7000

Module End: F76C0000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rdbss.sys

Service Name: Rdbss

Module Base: AE0A5000

Module End: AE0D0000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

Service Name: MRxSmb

Module Base: AE035000

Module End: AE0A5000

Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Fips.SYS

Service Name: Fips

Module Base: F76C7000

Module End: F76D2000

Hidden: No

Module Name: \??\C:\WINDOWS\system32\drivers\EIO_XP.sys

Service Name: EIO_XP

Module Base: F65D5000

Module End: F65D8000

Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\aswSP.SYS

Service Name: aswSP

Module Base: AE014000

Module End: AE035000

Hidden: No

Module Name: C:\WINDOWS\system32\drivers\AsIO.sys

Service Name: AsIO

Module Base: F79D7000

Module End: F79D9000

Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Aavmker4.SYS

Service Name: Aavmker4

Module Base: F7887000

Module End: F788C000

Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Cdfs.SYS

Service Name: Cdfs

Module Base: F76F7000

Module End: F7707000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

Service Name: usbstor

Module Base: F771F000

Module End: F7726000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\hidusb.sys

Service Name: HidUsb

Module Base: F65BD000

Module End: F65C0000

Hidden: No

Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys

Service Name: ---

Module Base: ADFD4000

Module End: ADFEC000

Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS

Service Name: ---

Module Base: F79E3000

Module End: F79E5000

Hidden: Yes

Module Name: C:\WINDOWS\System32\drivers\Dxapi.sys

Service Name: ---

Module Base: AE2FA000

Module End: AE2FD000

Hidden: No

Module Name: C:\WINDOWS\System32\watchdog.sys

Service Name: ---

Module Base: F775F000

Module End: F7764000

Hidden: No

Module Name: C:\WINDOWS\System32\drivers\dxgthk.sys

Service Name: ---

Module Base: F7BCE000

Module End: F7BCF000

Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Fastfat.SYS

Service Name: Fastfat

Module Base: AB577000

Module End: AB59B000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys

Service Name: aswFsBlk

Module Base: F778F000

Module End: F7797000

Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\aswMon2.SYS

Service Name: aswMon2

Module Base: AB421000

Module End: AB437000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\fdc.sys

Service Name: Fdc

Module Base: F784F000

Module End: F7856000

Hidden: No

********************************************************************************

**********

********************************************************************************

**********

SSDT:

Function Name: ZwClose

Address: AE01C6B8

Driver Base: AE014000

Driver End: AE035000

Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS

Function Name: ZwCreateKey

Address: AE01C574

Driver Base: AE014000

Driver End: AE035000

Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS

Function Name: ZwDeleteValueKey

Address: AE01CA52

Driver Base: AE014000

Driver End: AE035000

Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS

Function Name: ZwDuplicateObject

Address: AE01C14C

Driver Base: AE014000

Driver End: AE035000

Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS

Function Name: ZwEnumerateKey

Address: F72A4CA4

Driver Base: F7285000

Driver End: F7386000

Driver Name: spsu.sys

Function Name: ZwEnumerateValueKey

Address: F72A5032

Driver Base: F7285000

Driver End: F7386000

Driver Name: spsu.sys

Function Name: ZwOpenKey

Address: AE01C64E

Driver Base: AE014000

Driver End: AE035000

Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS

Function Name: ZwOpenProcess

Address: AE01C08C

Driver Base: AE014000

Driver End: AE035000

Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS

Function Name: ZwOpenThread

Address: AE01C0F0

Driver Base: AE014000

Driver End: AE035000

Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS

Function Name: ZwQueryKey

Address: F72A510A

Driver Base: F7285000

Driver End: F7386000

Driver Name: spsu.sys

Function Name: ZwQueryValueKey

Address: AE01C76E

Driver Base: AE014000

Driver End: AE035000

Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS

Function Name: ZwRestoreKey

Address: AE01C72E

Driver Base: AE014000

Driver End: AE035000

Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS

Function Name: ZwSetValueKey

Address: AE01C8AE

Driver Base: AE014000

Driver End: AE035000

Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS

********************************************************************************

**********

********************************************************************************

**********

No Kernel Hooks found

********************************************************************************

**********

********************************************************************************

**********

IRP Hooks:

Hooked Module: \SystemRoot\System32\Drivers\ayf3xq7x.SYS

Hooked IRP: IRP_MJ_CREATE

Jump To: 8A7FA500

Hooking Module: _unknown_

Hooked Module: \SystemRoot\System32\Drivers\ayf3xq7x.SYS

Hooked IRP: IRP_MJ_CLOSE

Jump To: 8A7FA500

Hooking Module: _unknown_

Hooked Module: \SystemRoot\System32\Drivers\ayf3xq7x.SYS

Hooked IRP: IRP_MJ_DEVICE_CONTROL

Jump To: 8A7FA500

Hooking Module: _unknown_

Hooked Module: \SystemRoot\System32\Drivers\ayf3xq7x.SYS

Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL

Jump To: 8A7FA500

Hooking Module: _unknown_

Hooked Module: \SystemRoot\System32\Drivers\ayf3xq7x.SYS

Hooked IRP: IRP_MJ_POWER

Jump To: 8A7FA500

Hooking Module: _unknown_

Hooked Module: \SystemRoot\System32\Drivers\ayf3xq7x.SYS

Hooked IRP: IRP_MJ_SYSTEM_CONTROL

Jump To: 8A7FA500

Hooking Module: _unknown_

Hooked Module: \SystemRoot\System32\Drivers\adk34hf9.SYS

Hooked IRP: IRP_MJ_CREATE

Jump To: 8A82F500

Hooking Module: _unknown_

Hooked Module: \SystemRoot\System32\Drivers\adk34hf9.SYS

Hooked IRP: IRP_MJ_CLOSE

Jump To: 8A82F500

Hooking Module: _unknown_

Hooked Module: \SystemRoot\System32\Drivers\adk34hf9.SYS

Hooked IRP: IRP_MJ_DEVICE_CONTROL

Jump To: 8A82F500

Hooking Module: _unknown_

Hooked Module: \SystemRoot\System32\Drivers\adk34hf9.SYS

Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL

Jump To: 8A82F500

Hooking Module: _unknown_

Hooked Module: \SystemRoot\System32\Drivers\adk34hf9.SYS

Hooked IRP: IRP_MJ_POWER

Jump To: 8A82F500

Hooking Module: _unknown_

Hooked Module: \SystemRoot\System32\Drivers\adk34hf9.SYS

Hooked IRP: IRP_MJ_SYSTEM_CONTROL

Jump To: 8A82F500

Hooking Module: _unknown_

Hooked Module: \Driver\sptd

Hooked IRP: IRP_MJ_CREATE

Jump To: F7286000

Hooking Module: spsu.sys

Hooked Module: \Driver\sptd

Hooked IRP: IRP_MJ_CREATE_NAMED_PIPE

Jump To: F7286000

Hooking Module: spsu.sys

Hooked Module: \Driver\sptd

Hooked IRP: IRP_MJ_CLOSE

Jump To: F7286000

Hooking Module: spsu.sys

Hooked Module: \Driver\sptd

Hooked IRP: IRP_MJ_READ

Jump To: F7286000

Hooking Module: spsu.sys

Hooked Module: \Driver\sptd

Hooked IRP: IRP_MJ_WRITE

Jump To: F7286000

Hooking Module: spsu.sys

Hooked Module: \Driver\sptd

Hooked IRP: IRP_MJ_QUERY_INFORMATION

Jump To: F7286000

Hooking Module: spsu.sys

Hooked Module: \Driver\sptd

Hooked IRP: IRP_MJ_SET_INFORMATION

Jump To: F7286000

Hooking Module: spsu.sys

Hooked Module: \Driver\sptd

Hooked IRP: IRP_MJ_QUERY_EA

Jump To: F7286000

Hooking Module: spsu.sys

Hooked Module: \Driver\sptd

Hooked IRP: IRP_MJ_SET_EA

Jump To: F7286000

Hooking Module: spsu.sys

Hooked Module: \Driver\sptd

Hooked IRP: IRP_MJ_FLUSH_BUFFERS

Jump To: F7286000

Hooking Module: spsu.sys

Hooked Module: \Driver\sptd

Hooked IRP: IRP_MJ_QUERY_VOLUME_INFORMATION

Jump To: F7286000

Hooking Module: spsu.sys

Hooked Module: \Driver\sptd

Hooked IRP: IRP_MJ_SET_VOLUME_INFORMATION

Jump To: F7286000

Hooking Module: spsu.sys

Hooked Module: \Driver\sptd

Hooked IRP: IRP_MJ_DIRECTORY_CONTROL

Jump To: F7286000

Hooking Module: spsu.sys

Hooked Module: \Driver\sptd

Hooked IRP: IRP_MJ_FILE_SYSTEM_CONTROL

Jump To: F7286000

Hooking Module: spsu.sys

Hooked Module: \Driver\sptd

Hooked IRP: IRP_MJ_DEVICE_CONTROL

Jump To: F7286000

Hooking Module: spsu.sys

Hooked Module: \Driver\sptd

Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL

Jump To: F7286000

Hooking Module: spsu.sys

Hooked Module: \Driver\sptd

Hooked IRP: IRP_MJ_SHUTDOWN

Jump To: F7286000

Hooking Module: spsu.sys

Hooked Module: \Driver\sptd

Hooked IRP: IRP_MJ_LOCK_CONTROL

Jump To: F7286000

Hooking Module: spsu.sys

Hooked Module: \Driver\sptd

Hooked IRP: IRP_MJ_CLEANUP

Jump To: F7286000

Hooking Module: spsu.sys

Hooked Module: \Driver\sptd

Hooked IRP: IRP_MJ_CREATE_MAILSLOT

Jump To: F7286000

Hooking Module: spsu.sys

Hooked Module: \Driver\sptd

Hooked IRP: IRP_MJ_QUERY_SECURITY

Jump To: F7286000

Hooking Module: spsu.sys

Hooked Module: \Driver\sptd

Hooked IRP: IRP_MJ_SET_SECURITY

Jump To: F7286000

Hooking Module: spsu.sys

Hooked Module: \Driver\sptd

Hooked IRP: IRP_MJ_POWER

Jump To: F7286000

Hooking Module: spsu.sys

Hooked Module: \Driver\sptd

Hooked IRP: IRP_MJ_SYSTEM_CONTROL

Jump To: F7286000

Hooking Module: spsu.sys

Hooked Module: \Driver\sptd

Hooked IRP: IRP_MJ_DEVICE_CHANGE

Jump To: F7286000

Hooking Module: spsu.sys

Hooked Module: \Driver\sptd

Hooked IRP: IRP_MJ_QUERY_QUOTA

Jump To: F7286000

Hooking Module: spsu.sys

Hooked Module: \Driver\sptd

Hooked IRP: IRP_MJ_SET_QUOTA

Jump To: F7286000

Hooking Module: spsu.sys

Hooked Module: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

Hooked IRP: IRP_MJ_CREATE

Jump To: 8A899500

Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

Hooked IRP: IRP_MJ_CLOSE

Jump To: 8A899500

Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

Hooked IRP: IRP_MJ_READ

Jump To: 8A899500

Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

Hooked IRP: IRP_MJ_WRITE

Jump To: 8A899500

Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

Hooked IRP: IRP_MJ_DEVICE_CONTROL

Jump To: 8A899500

Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL

Jump To: 8A899500

Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

Hooked IRP: IRP_MJ_POWER

Jump To: 8A899500

Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

Hooked IRP: IRP_MJ_SYSTEM_CONTROL

Jump To: 8A899500

Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbuhci.sys

Hooked IRP: IRP_MJ_CREATE

Jump To: 8A97E500

Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbuhci.sys

Hooked IRP: IRP_MJ_CLOSE

Jump To: 8A97E500

Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbuhci.sys

Hooked IRP: IRP_MJ_DEVICE_CONTROL

Jump To: 8A97E500

Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbuhci.sys

Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL

Jump To: 8A97E500

Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbuhci.sys

Hooked IRP: IRP_MJ_POWER

Jump To: 8A97E500

Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbuhci.sys

Hooked IRP: IRP_MJ_SYSTEM_CONTROL

Jump To: 8A97E500

Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys

Hooked IRP: IRP_MJ_CREATE

Jump To: 8ACF61F8

Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys

Hooked IRP: IRP_MJ_READ

Jump To: 8ACF61F8

Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys

Hooked IRP: IRP_MJ_WRITE

Jump To: 8ACF61F8

Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys

Hooked IRP: IRP_MJ_FLUSH_BUFFERS

Jump To: 8ACF61F8

Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys

Hooked IRP: IRP_MJ_DEVICE_CONTROL

Jump To: 8ACF61F8

Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys

Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL

Jump To: 8ACF61F8

Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys

Hooked IRP: IRP_MJ_SHUTDOWN

Jump To: 8ACF61F8

Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys

Hooked IRP: IRP_MJ_CLEANUP

Jump To: 8ACF61F8

Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys

Hooked IRP: IRP_MJ_POWER

Jump To: 8ACF61F8

Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys

Hooked IRP: IRP_MJ_SYSTEM_CONTROL

Jump To: 8ACF61F8

Hooking Module: _unknown_

Hooked Module: \Driver\PCI_PNP3426

Hooked IRP: IRP_MJ_CREATE

Jump To: F72C9AEA

Hooking Module: spsu.sys

Hooked Module: \Driver\PCI_PNP3426

Hooked IRP: IRP_MJ_CREATE_NAMED_PIPE

Jump To: F72C9AEA

Hooking Module: spsu.sys

Hooked Module: \Driver\PCI_PNP3426

Hooked IRP: IRP_MJ_CLOSE

Jump To: F72C9AEA

Hooking Module: spsu.sys

Hooked Module: \Driver\PCI_PNP3426

Hooked IRP: IRP_MJ_READ

Jump To: F72C9AEA

Hooking Module: spsu.sys

Hooked Module: \Driver\PCI_PNP3426

Hooked IRP: IRP_MJ_WRITE

Jump To: F72C9AEA

Hooking Module: spsu.sys

Hooked Module: \Driver\PCI_PNP3426

Hooked IRP: IRP_MJ_QUERY_INFORMATION

Jump To: F72C9AEA

Hooking Module: spsu.sys

Hooked Module: \Driver\PCI_PNP3426

Hooked IRP: IRP_MJ_SET_INFORMATION

Jump To: F72C9AEA

Hooking Module: spsu.sys

Hooked Module: \Driver\PCI_PNP3426

Hooked IRP: IRP_MJ_QUERY_EA

Jump To: F72C9AEA

Hooking Module: spsu.sys

Hooked Module: \Driver\PCI_PNP3426

Hooked IRP: IRP_MJ_SET_EA

Jump To: F72C9AEA

Hooking Module: spsu.sys

Hooked Module: \Driver\PCI_PNP3426

Hooked IRP: IRP_MJ_FLUSH_BUFFERS

Jump To: F72C9AEA

Hooking Module: spsu.sys

Hooked Module: \Driver\PCI_PNP3426

Hooked IRP: IRP_MJ_QUERY_VOLUME_INFORMATION

Jump To: F72C9AEA

Hooking Module: spsu.sys

Hooked Module: \Driver\PCI_PNP3426

Hooked IRP: IRP_MJ_SET_VOLUME_INFORMATION

Jump To: F72C9AEA

Hooking Module: spsu.sys

Hooked Module: \Driver\PCI_PNP3426

Hooked IRP: IRP_MJ_DIRECTORY_CONTROL

Jump To: F72C9AEA

Hooking Module: spsu.sys

Hooked Module: \Driver\PCI_PNP3426

Hooked IRP: IRP_MJ_FILE_SYSTEM_CONTROL

Jump To: F72C9AEA

Hooking Module: spsu.sys

Hooked Module: \Driver\PCI_PNP3426

Hooked IRP: IRP_MJ_DEVICE_CONTROL

Jump To: F72C9AEA

Hooking Module: spsu.sys

Hooked Module: \Driver\PCI_PNP3426

Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL

Jump To: F72C9AEA

Hooking Module: spsu.sys

Hooked Module: \Driver\PCI_PNP3426

Hooked IRP: IRP_MJ_SHUTDOWN

Jump To: F72C9AEA

Hooking Module: spsu.sys

Hooked Module: \Driver\PCI_PNP3426

Hooked IRP: IRP_MJ_LOCK_CONTROL

Jump To: F72C9AEA

Hooking Module: spsu.sys

Hooked Module: \Driver\PCI_PNP3426

Hooked IRP: IRP_MJ_CLEANUP

Jump To: F72C9AEA

Hooking Module: spsu.sys

Hooked Module: \Driver\PCI_PNP3426

Hooked IRP: IRP_MJ_CREATE_MAILSLOT

Jump To: F72C9AEA

Hooking Module: spsu.sys

Hooked Module: \Driver\PCI_PNP3426

Hooked IRP: IRP_MJ_QUERY_SECURITY

Jump To: F72C9AEA

Hooking Module: spsu.sys

Hooked Module: \Driver\PCI_PNP3426

Hooked IRP: IRP_MJ_SET_SECURITY

Jump To: F72C9AEA

Hooking Module: spsu.sys

Hooked Module: \Driver\PCI_PNP3426

Hooked IRP: IRP_MJ_POWER

Jump To: F728DE30

Hooking Module: spsu.sys

Hooked Module: \Driver\PCI_PNP3426

Hooked IRP: IRP_MJ_SYSTEM_CONTROL

Jump To: F72A2514

Hooking Module: spsu.sys

Hooked Module: \Driver\PCI_PNP3426

Hooked IRP: IRP_MJ_DEVICE_CHANGE

Jump To: F72C9AEA

Hooking Module: spsu.sys

Hooked Module: \Driver\PCI_PNP3426

Hooked IRP: IRP_MJ_QUERY_QUOTA

Jump To: F72C9AEA

Hooking Module: spsu.sys

Hooked Module: \Driver\PCI_PNP3426

Hooked IRP: IRP_MJ_SET_QUOTA

Jump To: F72C9AEA

Hooking Module: spsu.sys

Hooked Module: C:\WINDOWS\system32\DRIVERS\netbt.sys

Hooked IRP: IRP_MJ_CREATE

Jump To: 8A8C8500

Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\netbt.sys

Hooked IRP: IRP_MJ_CLOSE

Jump To: 8A8C8500

Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\netbt.sys

Hooked IRP: IRP_MJ_DEVICE_CONTROL

Jump To: 8A8C8500

Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\netbt.sys

Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL

Jump To: 8A8C8500

Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\netbt.sys

Hooked IRP: IRP_MJ_CLEANUP

Jump To: 8A8C8500

Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys

Hooked IRP: IRP_MJ_CREATE

Jump To: 8A8CD500

Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys

Hooked IRP: IRP_MJ_CLOSE

Jump To: 8A8CD500

Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys

Hooked IRP: IRP_MJ_READ

Jump To: 8A8CD500

Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys

Hooked IRP: IRP_MJ_WRITE

Jump To: 8A8CD500

Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys

Hooked IRP: IRP_MJ_FLUSH_BUFFERS

Jump To: 8A8CD500

Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys

Hooked IRP: IRP_MJ_DEVICE_CONTROL

Jump To: 8A8CD500

Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys

Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL

Jump To: 8A8CD500

Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys

Hooked IRP: IRP_MJ_SHUTDOWN

Jump To: 8A8CD500

Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys

Hooked IRP: IRP_MJ_POWER

Jump To: 8A8CD500

Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys

Hooked IRP: IRP_MJ_SYSTEM_CONTROL

Jump To: 8A8CD500

Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbehci.sys

Hooked IRP: IRP_MJ_CREATE

Jump To: 8A90F500

Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbehci.sys

Hooked IRP: IRP_MJ_CLOSE

Jump To: 8A90F500

Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbehci.sys

Hooked IRP: IRP_MJ_DEVICE_CONTROL

Jump To: 8A90F500

Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbehci.sys

Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL

Jump To: 8A90F500

Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbehci.sys

Hooked IRP: IRP_MJ_POWER

Jump To: 8A90F500

Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbehci.sys

Hooked IRP: IRP_MJ_SYSTEM_CONTROL

Jump To: 8A90F500

Hooking Module: _unknown_

********************************************************************************

**********

********************************************************************************

**********

Ports:

Local Address: D:MICROSOFT-DS

Remote Address: 0.0.0.0:0

Type: TCP

Process: System

State: LISTENING

Local Address: D:MICROSOFT-DS

Remote Address: NA

Type: UDP

Process: System

State: NA

********************************************************************************

**********

********************************************************************************

**********

Hidden files/folders:

Object: C:\Documents and Settings\-FAR-\Application Data\SecuROM\UserData\???????????p?????????

Status: Hidden

Object: C:\Documents and Settings\-FAR-\Application Data\SecuROM\UserData\???????????p?????????

Status: Hidden

Object: C:\Documents and Settings\Bootwo\Application Data\Adobe\AIR\Updater

Status: Access denied

Object: C:\Documents and Settings\Bootwo\Application Data\Adobe\AIR

Status: Access denied

Object: C:\Documents and Settings\Bootwo\Application Data\Adobe\com.adobe.330.ALL.registration

Status: Access denied

Object: C:\Documents and Settings\Bootwo\Application Data\Adobe\Flash Player\AssetCache\ZASQTYE6

Status: Access denied

Object: C:\Documents and Settings\Bootwo\Application Data\Adobe\Flash Player\AssetCache

Status: Access denied

Object: C:\Documents and Settings\Bootwo\Application Data\Adobe\Flash Player

Status: Access denied

Object: C:\Documents and Settings\Bootwo\Application Data\Adobe

Status: Access denied

Object: C:\Documents and Settings\Bootwo\Application Data\ATI\ACE

Status: Access denied

Object: C:\Documents and Settings\Bootwo\Application Data\ATI

Status: Access denied

Object: C:\Documents and Settings\Bootwo\Application Data\Cakewalk\ACT Data\genericpluginparams.xml

Status: Access denied

Object: C:\Documents and Settings\Bootwo\Application Data\Cakewalk\ACT Data\sonaract.xml

Status: Access denied

Object: C:\Documents and Settings\Bootwo\Application Data\Cakewalk\ACT Data

Status: Access denied

Object: C:\Documents and Settings\Bootwo\Application Data\Cakewalk\Shared Presets\{404C9315-693D-4715-A326-143A992FA784}\Control Freak (Programs 37-38)

Status: Access denied

Object: C:\Documents and Settings\Bootwo\Application Data\Cakewalk\Shared Presets\{404C9315-693D-4715-A326-143A992FA784}\Control Freak Studio Edition

Status: Access denied

Object: C:\Documents and Settings\Bootwo\Application Data\Cakewalk\Shared Presets\{404C9315-693D-4715-A326-143A992FA784}\Edirol PCR

Status: Access denied

Object: C:\Documents and Settings\Bootwo\Application Data\Cakewalk\Shared Presets\{404C9315-693D-4715-A326-143A992FA784}\JL Cooper FaderMaster (1 track)

Status: Access denied

40-682003330-1004\Dc1569\GamerOSD2060801_WinXP3264\x86\setup.exe

Status: Access denied

Object: C:\RECYCLER\S-1-5-21-746137067-527237240-682003330-1004\Dc1569\GamerOSD2060801_WinXP3264\x86\setup.ibt

Status: Access denied

Object: C:\RECYCLER\S-1-5-21-746137067-527237240-682003330-1004\Dc1572\CCC\Help

Status: Access denied

Object: C:\RECYCLER\S-1-5-21-746137067-527237240-682003330-1004\Dc1572\CCC\install.ini

Status: Access denied

Object: C:\RECYCLER\S-1-5-21-746137067-527237240-682003330-1004\Dc1572\CCC\layout.bin

Status: Access denied

Object: C:\RECYCLER\S-1-5-21-746137067-527237240-682003330-1004\Dc1572\CCC\Localization\cs\ccc-local-cs.msi

Status: Access denied

Object: C:\RECYCLER\S-1-5-21-746137067-527237240-682003330-1004\Dc1572\CCC\Localization\cs

Status: Access denied

Object: C:\RECYCLER\S-1-5-21-746137067-527237240-682003330-1004\Dc1572\CCC\Localization\da\ccc-local-da.msi

Status: Access denied

Object: C:\RECYCLER\S-1-5-21-746137067-527237240-682003330-1004\Dc1572\CCC\Localization\da

Status: Access denied

Object: C:\RECYCLER\S-1-5-21-746137067-527237240-682003330-1004\Dc1572\CCC\Localization\de\ccc-local-de.msi

Status: Access denied

Object: C:\RECYCLER\S-1-5-21-746137067-527237240-682003330-1004\Dc1572\CCC\Localization\de

Status: Access denied

Object: C:\RECYCLER\S-1-5-21-746137067-527237240-682003330-1004\Dc1572\CCC\Localization\el\ccc-local-el.msi

Status: Access denied

Object: C:\RECYCLER\S-1-5-21-746137067-527237240-682003330-1004\Dc1572\CCC\Localization\el

Status: Access denied

Object: C:\RECYCLER\S-1-5-21-746137067-527237240-682003330-1004\Dc1572\CCC\Localization\es\ccc-local-es.msi

Status: Access denied

Object: C:\RECYCLER\S-1-5-21-746137067-527237240-682003330-1004\Dc1572\CCC\Localization\es

Status: Access denied

Object: C:\RECYCLER\S-1-5-21-746137067-527237240-682003330-1004\Dc1572\CCC\Localization\fi\ccc-local-fi.msi

Status: Access denied

Object: C:\RECYCLER\S-1-5-21-746137067-527237240-682003330-1004\Dc1572\CCC\Localization\fi

Status: Access denied

Object: C:\RECYCLER\S-1-5-21-746137067-527237240-682003330-1004\Dc1572\CCC\Localization\fr\ccc-local-fr.msi

Status: Access denied

Object: C:\RECYCLER\S-1-5-21-746137067-527237240-682003330-1004\Dc1572\CCC\Localization\fr

Status: Access denied

Object: C:\RECYCLER\S-1-5-21-746137067-527237240-682003330-1004\Dc1572\CCC\Localization\hu\ccc-local-hu.msi

Status: Access denied

Object: C:\RECYCLER\S-1-5-21-746137067-527237240-682003330-1004\Dc1572\CCC\Localization\hu

Status: Access denied

Object: C:\RECYCLER\S-1-5-21-746137067-527237240-682003330-1004\Dc1575\Vista\945.inf

Status: Access denied

Object: C:\RECYCLER\S-1-5-21-746137067-527237240-682003330-1004\Dc1575\Vista\945gm.cat

Status: Access denied

Object: C:\RECYCLER\S-1-5-21-746137067-527237240-682003330-1004\Dc1575\Vista\945GM.inf

Status: Access denied

Object: C:\RECYCLER\S-1-5-21-746137067-527237240-682003330-1004\Dc1575\Vista\965g.cat

Status: Access denied

Object: C:\RECYCLER\S-1-5-21-746137067-527237240-682003330-1004\Dc1575\Vista\965g.inf

Status: Access denied

Object: C:\RECYCLER\S-1-5-21-746137067-527237240-682003330-1004\Dc1575\Vista\965m.cat

Status: Access denied

Object: C:\RECYCLER\S-1-5-21-746137067-527237240-682003330-1004\Dc1575\Vista\965m.inf

Status: Access denied

Object: C:\RECYCLER\S-1-5-21-746137067-527237240-682003330-1004\Dc1575\Vista\dmi_pci.cat

Status: Access denied

Object: C:\RECYCLER\S-1-5-21-746137067-527237240-682003330-1004\Dc1575\Vista\dmi_pci.inf

Status: Access denied

Object: C:\RECYCLER\S-1-5-21-746137067-527237240-682003330-1004\Dc1575\Vista\e5100.cat

Status: Access denied

Object: C:\RECYCLER\S-1-5-21-746137067-527237240-682003330-1004\Dc1575\Vista\E5100.inf

Status: Access denied

Object: C:\RECYCLER\S-1-5-21-746137067-527237240-682003330-1004\Dc1575\Vista\e7300.cat

Status: Access denied

Object: C:\RECYCLER\S-1-5-21-746137067-527237240-682003330-1004\Dc1575\Vista\E7300.inf

Status: Access denied

Object: C:\RECYCLER\S-1-5-21-746137067-527237240-682003330-1004\Dc1575\Vista\esb2id2.cat

Status: Access denied

Object: C:\RECYCLER\S-1-5-21-746137067-527237240-682003330-1004\Dc1575\Vista\ESB2id2.inf

Status: Access denied

Object: C:\RECYCLER\S-1-5-21-746137067-527237240-682003330-1004\Dc1575\Vista\esb2ide.cat

Status: Access denied

Object: C:\RECYCLER\S-1-5-21-746137067-527237240-682003330-1004\Dc1575\Vista\ESB2ide.inf

Status: Access denied

Object: C:\RECYCLER\S-1-5-21-746137067-527237240-682003330-1004\Dc1575\Vista\esb2usb.cat

Status: Access denied

Object: C:\RECYCLER\S-1-5-21-746137067-527237240-682003330-1004\Dc1575\Vista\ESB2usb.inf

Status: Access denied

Object: C:\RECYCLER\S-1-5-21-746137067-527237240-682003330-1004\Dc1575\Vista\g33q35.cat

Status: Access denied

Object: C:\RECYCLER\S-1-5-21-746137067-527237240-682003330-1004\Dc1575\Vista\g33q35.inf

Status: Access denied

Object: C:\RECYCLER\S-1-5-21-746137067-527237240-682003330-1004\Dc1575\Vista\ich7core.cat

Status: Access denied

Object: C:\RECYCLER\S-1-5-21-746137067-527237240-682003330-1004\Dc1575\Vista\ich7core.inf

Status: Access denied

Object: C:\RECYCLER\S-1-5-21-746137067-527237240-682003330-1004\Dc1575\Vista\ich7id2.cat

Status: Access denied

Object: C:\RECYCLER\S-1-5-21-746137067-527237240-682003330-1004\Dc1575\Vista\ich7id2.inf

Status: Access denied

Object: C:\RECYCLER\S-1-5-21-746137067-527237240-682003330-1004\Dc1575\Vista\ich7ide.cat

Status: Access denied

Object: C:\RECYCLER\S-1-5-21-746137067-527237240-682003330-1004\Dc1575\Vista\ich7ide.inf

Status: Access denied

Object: C:\RECYCLER\S-1-5-21-746137067-527237240-682003330-1004\Dc1575\Vista\ich7usb.cat

Status: Access denied

Object: C:\RECYCLER\S-1-5-21-746137067-527237240-682003330-1004\Dc1575\Vista\ich7usb.inf

Status: Access denied

Object: C:\RECYCLER\S-1-5-21-746137067-527237240-682003330-1004\Dc1575\Vista\ich8ahci.cat

Status: Access denied

Object: C:\RECYCLER\S-1-5-21-746137067-527237240-682003330-1004\Dc1575\Vista\ich8ahci.inf

Status: Access denied

Object: C:\RECYCLER\S-1-5-21-746137067-527237240-682003330-1004\Dc1575\Vista\ich8core.cat

Status: Access denied

Object: C:\RECYCLER\S-1-5-21-746137067-527237240-682003330-1004\Dc1575\Vista\ich8core.inf

Status: Access denied

Object: C:\RECYCLER\S-1-5-21-746137067-527237240-682003330-1004\Dc1575\Vista\ich8id2.cat

Status: Access denied

Object: C:\RECYCLER\S-1-5-21-746137067-527237240-682003330-1004\Dc1575\Vista\ich8id2.inf

Status: Access denied

Object: C:\RECYCLER\S-1-5-21-746137067-527237240-682003330-1004\Dc1575\Vista\ich8ide.cat

Status: Access denied

Object: C:\RECYCLER\S-1-5-21-746137067-527237240-682003330-1004\Dc1575\Vista\ich8ide.inf

Status: Access denied

Object: C:\RECYCLER\S-1-5-21-746137067-527237240-682003330-1004\Dc1575\Vista\ich8smb.cat

Status: Access denied

Object: C:\RECYCLER\S-1-5-21-746137067-527237240-682003330-1004\Dc1575\Vista\ich8smb.inf

Status: Access denied

Object: C:\RECYCLER\S-1-5-21-746137067-527237240-682003330-1004\Dc1575\Vista\ich8usb.cat

Status: Access denied

Object: C:\RECYCLER\S-1-5-21-746137067-527237240-682003330-1004\Dc1575\Vista\ich8usb.inf

Status: Access denied

Object: C:\RECYCLER\S-1-5-21-746137067-527237240-682003330-1004\Dc1575\Vista\ich9ahci.cat

Status: Access denied

Object: C:\RECYCLER\S-1-5-21-746137067-527237240-682003330-1004\Dc1575\Vista\ich9ahci.inf

Status: Access denied

Object: C:\RECYCLER\S-1-5-21-746137067-527237240-682003330-1004\Dc1575\Vista\ich9core.cat

Status: Access denied

Object: C:\RECYCLER\S-1-5-21-746137067-527237240-682003330-1004\Dc1575\Vista\ich9core.inf

Status: Access denied

Object: C:\RECYCLER\S-1-5-21-746137067-527237240-682003330-1004\Dc1575\Vista\ich9id2.cat

Status: Access denied

Object: C:\RECYCLER\S-1-5-21-746137067-527237240-682003330-1004\Dc1575\Vista\ich9id2.inf

Status: Access denied

Object: C:\RECYCLER\S-1-5-21-746137067-527237240-682003330-1004\Dc1575\Vista\ich9ide.cat

Status: Access denied

Object: C:\RECYCLER\S-1-5-21-746137067-527237240-682003330-1004\Dc1575\Vista\ich9ide.inf

Status: Access denied

Object: C:\RECYCLER\S-1-5-21-746137067-527237240-682003330-1004\Dc1575\Vista\ich9smb.cat

Status: Access denied

Object: C:\RECYCLER\S-1-5-21-746137067-527237240-682003330-1004\Dc1575\Vista\ich9smb.inf

Status: Access denied

Object: C:\RECYCLER\S-1-5-21-746137067-527237240-682003330-1004\Dc1575\Vista\ich9usb.cat

Status: Access denied

Object: C:\RECYCLER\S-1-5-21-746137067-527237240-682003330-1004\Dc1575\Vista\ich9usb.inf

Status: Access denied

Object: C:\RECYCLER\S-1-5-21-746137067-527237240-682003330-1004\Dc1575\Vista\ichaahci.cat

Status: Access denied

Object: C:\RECYCLER\S-1-5-21-746137067-527237240-682003330-1004\Dc1575\Vista\ichaahci.inf

Status: Access denied

Object: C:\RECYCLER\S-1-5-21-746137067-527237240-682003330-1004\Dc1575\Vista\ichacore.cat

Status: Access denied

Object: C:\RECYCLER\S-1-5-21-746137067-527237240-682003330-1004\Dc1575\Vista\ichacore.inf

Status: Access denied

Object: C:\RECYCLER\S-1-5-21-746137067-527237240-682003330-1004\Dc1575\Vista\ichaid2.cat

Status: Access denied

Object: C:\RECYCLER\S-1-5-21-746137067-527237240-682003330-1004\Dc1575\Vista\ichaid2.inf

Status: Access denied

Object: C:\RECYCLER\S-1-5-21-746137067-527237240-682003330-1004\Dc1575\Vista\ichaide.cat

Status: Access denied

Object: C:\RECYCLER\S-1-5-21-746137067-527237240-682003330-1004\Dc1575\Vista\ichaide.inf

Status: Access denied

Object: C:\RECYCLER\S-1-5-21-746137067-527237240-682003330-1004\Dc1575\Vista\ichasmb.cat

Status: Access denied

Object: C:\RECYCLER\S-1-5-21-746137067-527237240-682003330-1004\Dc1575\Vista\ichasmb.inf

Status: Access denied

Object: C:\RECYCLER\S-1-5-21-746137067-527237240-682003330-1004\Dc1575\Vista\ichausb.cat

Status: Access denied

Object: C:\RECYCLER\S-1-5-21-746137067-527237240-682003330-1004\Dc1575\Vista\ichausb.inf

Status: Access denied

Object: C:\RECYCLER\S-1-5-21-746137067-527237240-682003330-1004\Dc1575\Vista\ichxdev.cat

Status: Access denied

Object: C:\RECYCLER\S-1-5-21-746137067-527237240-682003330-1004\Dc1575\Vista\ichXdev.inf

Status: Access denied

Object: C:\RECYCLER\S-1-5-21-746137067-527237240-682003330-1004\Dc1575\Vista\INFAnswr.txt

Status: Access denied

Object: C:\RECYCLER\S-1-5-21-746137067-527237240-682003330-1004\Dc1575\Vista\IntelCPU.inf

Status: Access denied

Object: C:\RECYCLER\S-1-5-21-746137067-527237240-682003330-1004\Dc1575\Vista\IntelIOH.inf

Status: Access denied

Object: C:\RECYCLER\S-1-5-21-746137067-527237240-682003330-1004\Dc1575\Vista\pm45gm45.cat

Status: Access denied

Object: C:\RECYCLER\S-1-5-21-746137067-527237240-682003330-1004\Dc1575\Vista\pm45gm45.inf

Status: Access denied

Object: C:\RECYCLER\S-1-5-21-746137067-527237240-682003330-1004\Dc1575\Vista\whed_dev.cat

Status: Access denied

Object: C:\RECYCLER\S-1-5-21-746137067-527237240-682003330-1004\Dc1575\Vista\whed_dev.inf

Status: Access denied

Object: C:\RECYCLER\S-1-5-21-746137067-527237240-682003330-1004\Dc1575\Vista

Status: Access denied

Object: C:\RECYCLER\S-1-5-21-746137067-527237240-682003330-1004\Dc1575\x64\Difx64.exe

Status: Access denied

Object: C:\RECYCLER\S-1-5-21-746137067-527237240-682003330-1004\Dc1575\x64\difxapi.dll

Status: Access denied

Object: C:\RECYCLER\S-1-5-21-746137067-527237240-682003330-1004\Dc1575\x64

Status: Access denied

Object: C:\System Volume Information\MountPointManagerRemoteDatabase

Status: Access denied

Object: C:\System Volume Information\tracking.log

Status: Access denied

Object: C:\System Volume Information\_restore{F1AAF32A-3AEE-47BC-950A-FC7F81701F4C}

Status: Access denied

[screen317]

Hi,

Give me a summary, in bullet form, of what problems you are experiencing. We will try to tackle each one at a time.

Download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post the one that is not minimized.

-screen317

[FAR]

Hi,

Give me a summary, in bullet form, of what problems you are experiencing. We will try to tackle each one at a time.

Download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post the one that is not minimized.

-screen317

Well I cannot access:

Add/remove hardware

User Accounts in control panel is blank

System restore tells me that I don't have it and need to restart.

I have no ethn network access

Cannot paste or move files

Combofix did run on start up after selecting diagnostic recovery from administrator safe mode (I'll post that log at the end). I got an error pop up when I tried to run it afterwards (tried to run it in safe mode my user account)

In defrag I cannot analyze the PC or defrag

My taskbar is locked, and it's just a small line at the bottom. Other than the PC taking ages to load and I'm only able to use the Task Manager to access files.

I get a windows popup before logging in telling me that I had 3 days left to activate my pc because of hardware changes... I now have two days.

ComboFix 09-11-22.06 - -FAR- 01/04/2010 12:24.1.2 - x86

Running from: l:\pc\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

- REDUCED FUNCTIONALITY MODE -

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\recycler\S-1-5-21-746137067-527237240-682003330-1004

c:\windows\inform.dat

c:\windows\system32\eventlog.dll . . . is infected!!

c:\windows\system32\sethc.exe . . . is infected!!

.

((((((((((((((((((((((((( Files Created from 2009-12-04 to 2010-01-04 )))))))))))))))))))))))))))))))

.

2009-12-28 23:40 . 2009-12-28 23:40 -------- d-----w- C:\ubuntu

2009-12-28 23:39 . 2009-12-26 00:18 1468640 ----a-w- C:\wubi.exe

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-01-03 16:11 . 2009-11-29 20:39 -------- d-----w- c:\documents and settings\-FAR-\Application Data\FreeFixer

2010-01-03 15:55 . 2009-09-25 05:54 0 ----a-w- c:\windows\win32k.sys

2009-12-11 15:06 . 2008-11-23 14:09 -------- d-----w- c:\documents and settings\family\Application Data\Free Download Manager

2009-12-03 18:06 . 2009-11-15 12:47 -------- d-----w- c:\program files\PaintTool SAI English Pack

2009-12-03 07:55 . 2009-12-03 07:55 289584 ----a-w- C:\uTorrent.exe

2009-12-03 07:32 . 2009-12-03 07:32 -------- d-----w- c:\program files\reatogo

2009-12-03 06:37 . 2009-11-23 16:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-12-03 04:59 . 2008-11-17 12:22 -------- d-----w- c:\program files\Bethesda Softworks

2009-12-03 04:50 . 2008-11-14 21:30 -------- d-----w- c:\program files\Rockstar Games

2009-12-03 02:42 . 2009-12-03 02:41 -------- d-----w- c:\program files\freefixer

2009-12-02 19:01 . 2009-12-02 19:01 -------- d-----w- c:\documents and settings\family\Application Data\WTablet

2009-12-02 00:42 . 2009-12-02 00:42 -------- d-----w- c:\documents and settings\-FAR-\Application Data\ImgBurn

2009-12-02 00:42 . 2009-12-02 00:42 -------- d-----w- c:\program files\ImgBurn

2009-12-02 00:25 . 2009-12-02 00:25 -------- d-----w- c:\documents and settings\-FAR-\Application Data\WTablet

2009-12-01 21:01 . 2009-12-01 21:00 -------- d-----w- c:\program files\Tablet

2009-11-27 23:54 . 2008-12-04 07:43 1 ----a-w- c:\documents and settings\-FAR-\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys

2009-11-25 15:06 . 2008-11-23 19:06 139904 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys

2009-11-25 15:06 . 2008-11-23 19:06 189744 ----a-w- c:\windows\system32\PnkBstrB.exe

2009-11-23 14:57 . 2009-12-03 04:03 3573273 ----a-w- C:\ComboFix.exe

2009-11-21 01:35 . 2008-11-24 08:37 1 ----a-w- c:\documents and settings\family\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys

2009-11-21 01:35 . 2009-09-07 21:19 63 ----a-w- c:\documents and settings\family\jagex_runescape_preferences2.dat

2009-11-21 01:35 . 2008-11-23 14:45 38 ----a-w- c:\documents and settings\family\jagex_runescape_preferences.dat

2009-11-20 18:25 . 2009-11-20 18:25 -------- d-----w- c:\program files\Ask.com

2009-11-20 11:31 . 2008-11-15 12:57 42224 ----a-w- c:\documents and settings\family\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-11-19 20:53 . 2009-11-19 20:53 -------- d-----w- c:\documents and settings\-FAR-\Application Data\Cakewalk

2009-11-19 20:53 . 2008-12-04 07:30 42224 ----a-w- c:\documents and settings\-FAR-\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-11-19 20:21 . 2008-11-15 14:39 -------- d-----w- c:\program files\Common Files\Adobe

2009-11-19 20:07 . 2009-11-19 20:07 -------- d-----w- c:\program files\Common Files\Adobe AIR

2009-11-19 15:05 . 2009-11-19 15:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Cakewalk

2009-11-19 15:04 . 2009-11-19 15:03 -------- d-----w- c:\program files\Cakewalk

2009-11-17 18:44 . 2009-11-17 18:44 -------- d-----w- c:\program files\Alwil Software

2009-11-15 13:00 . 2009-11-15 13:00 -------- d-----w- c:\documents and settings\All Users\Application Data\TechSmith

2009-11-15 13:00 . 2009-11-15 13:00 -------- d-----w- c:\program files\TechSmith

2009-11-15 12:55 . 2008-12-04 10:45 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

2009-11-15 12:52 . 2009-11-15 12:52 -------- d-----w- c:\program files\ASIO4ALL v2

2009-11-15 12:52 . 2009-11-15 12:52 -------- d-----w- c:\program files\VstPlugins

2009-11-15 12:52 . 2009-11-15 12:50 -------- d-----w- c:\program files\Image-Line

2009-11-15 12:52 . 2009-11-15 12:52 -------- d-----w- c:\program files\Outsim

2009-11-15 12:51 . 2009-11-15 12:51 -------- d-----w- c:\documents and settings\All Users\Application Data\SYSTEMAX Software Development

2009-11-07 23:46 . 2008-12-05 19:37 38 ----a-w- c:\documents and settings\-FAR-\jagex_runescape_preferences.dat

2009-11-07 23:46 . 2009-09-24 19:09 63 ----a-w- c:\documents and settings\-FAR-\jagex_runescape_preferences2.dat

2009-11-07 01:46 . 2009-11-07 01:46 -------- d-----w- c:\program files\Microsoft Silverlight

2009-10-19 21:17 . 2008-12-06 15:53 1324 ----a-w- c:\documents and settings\family\Local Settings\Application Data\d3d9caps.tmp

2009-10-16 16:17 . 2009-10-16 16:17 76 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_F47690592793ED1108D6000565084666.dll

2009-10-16 16:17 . 2009-10-16 16:17 302 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_E5D9D200AB92D6E3B94CD3D7D6CB37C5.dll

2009-10-16 16:17 . 2009-10-16 16:17 625 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_E1F834973CEDD344D9DCEFECD2866C50.dll

2009-10-16 16:17 . 2009-10-16 16:17 152 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_DDA39468D428E8B4DB27C8D5DC5CA217.dll

2009-10-16 16:17 . 2009-10-16 16:17 10 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_DC3BF90CC0D3D2F398A9A6D1762F70F3.dll

2009-10-16 16:17 . 2009-10-16 16:17 884 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_7EBAF54B101D99D46A171ED64AA07F0F.dll

2009-10-16 16:17 . 2009-10-16 16:17 48 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_B83F4D01634537648B163F1029B973B3.dll

2009-10-16 16:17 . 2009-10-16 16:17 290 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_A2A066E2F55ADC34F937AC7D83E2BE87.dll

2009-10-16 16:17 . 2009-10-16 16:17 26 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_9F2FDFE0D6387BE43AD230B83D1FBFA2.dll

2009-10-16 16:17 . 2009-10-16 16:17 156 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_D6E743D330A524345BABA67781583F97.dll

2009-10-16 16:17 . 2009-10-16 16:17 154 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_C44CC767CBB9D834AB3DDF5459DD41B8.dll

2009-10-16 16:17 . 2009-10-16 16:17 1251 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_D20352A90C039D93DBF6126ECE614057.dll

2009-10-08 20:12 . 2009-10-08 20:12 593408 ----a-w- c:\documents and settings\-FAR-\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\pmv305hw-0909250-0-main.dll

2009-10-08 20:12 . 2009-10-08 20:12 319488 ----a-w- c:\documents and settings\-FAR-\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe

.

------- Sigcheck -------

[-] 2008-04-14 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys

[-] 2008-04-14 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\asyncmac.sys

[-] 2008-04-14 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys

[-] 2008-04-14 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys

[-] 2008-04-14 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys

[-] 2008-04-14 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys

[-] 2008-04-14 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ndis.sys

[-] 2008-04-14 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys

[-] 2008-04-14 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ntfs.sys

[-] 2008-04-14 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys

[-] 2008-04-14 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys

[-] 2008-04-14 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys

[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys

[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys

[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys

[-] 2008-04-14 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys

[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\browser.dll

[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\browser.dll

[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe

[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\lsass.exe

[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll

[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\netman.dll

[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll

[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\dllcache\qmgr.dll

[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll

[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll

[-] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll

[-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\rpcss.dll

[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\services.exe

[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe

[-] 2009-02-06 . 020CEAAEDC8EB655B6506B8C70D53BB6 . 110592 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe

[-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\services.exe

[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\system32\spoolsv.exe

[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\spoolsv.exe

[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe

[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\winlogon.exe

[-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll

[-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll

[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll

[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\cryptsvc.dll

[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll

[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll

[-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll

[-] 2008-04-14 12:00 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\$NtUninstallKB950974$\es.dll

[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll

[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\imm32.dll

[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\kernel32.dll

[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\dllcache\kernel32.dll

[-] 2009-03-21 . DA11D9D6ECBDF0F93436A4B7C13F7BEC . 991744 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll

[-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB959426$\kernel32.dll

[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll

[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\linkinfo.dll

[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll

[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\lpk.dll

[-] 2009-10-19 . 4D1EAA7E0B845D1B2E8D711AE754D0F2 . 3070976 . . [6.00.2900.5890] . . c:\windows\system32\mshtml.dll

[-] 2009-10-19 . 4D1EAA7E0B845D1B2E8D711AE754D0F2 . 3070976 . . [6.00.2900.5890] . . c:\windows\system32\dllcache\mshtml.dll

[-] 2009-10-19 23:44 . 7B5FEF3425503F8C880B0FBE819ABF3B . 3072512 . . [------] . . c:\windows\$hf_mig$\KB976749\SP3QFE\mshtml.dll

[-] 2009-09-25 . BBFD3B7EA5E261D791C095BC06F3D0C4 . 3070976 . . [6.00.2900.5880] . . c:\windows\$NtUninstallKB976749$\mshtml.dll

[-] 2009-09-25 . 37F578776552FA076EA6085F0365209C . 3072512 . . [6.00.2900.5880] . . c:\windows\$hf_mig$\KB974455\SP3QFE\mshtml.dll

[-] 2009-07-18 . 7467941BE64DFC5F8E9F3DC1DE920806 . 3069440 . . [6.00.2900.5848] . . c:\windows\$NtUninstallKB974455$\mshtml.dll

[-] 2009-07-18 . F3EE47F296295D08A97CB50EF57244D9 . 3069952 . . [6.00.2900.5848] . . c:\windows\$hf_mig$\KB972260\SP3QFE\mshtml.dll

[-] 2009-04-29 . ABD8093E43E53AEA5898D2214B92E9BA . 3068928 . . [6.00.2900.5803] . . c:\windows\$NtUninstallKB972260$\mshtml.dll

[-] 2009-04-29 . 06CF679E3D24C3DF270556456A0F1EDA . 3069440 . . [6.00.2900.5803] . . c:\windows\$hf_mig$\KB969897\SP3QFE\mshtml.dll

[-] 2009-02-20 . 2F70F2F74C40397D031016FA162981C2 . 3068416 . . [6.00.2900.5764] . . c:\windows\$NtUninstallKB969897$\mshtml.dll

[-] 2009-02-20 . 1618A4A2C5DD8164B8295190C8EA6544 . 3068416 . . [6.00.2900.5764] . . c:\windows\$hf_mig$\KB963027\SP3QFE\mshtml.dll

[-] 2008-12-12 . B6DAA74E2ED36C71B502945589A683AE . 3067904 . . [6.00.2900.5726] . . c:\windows\$hf_mig$\KB960714\SP3QFE\mshtml.dll

[-] 2008-12-12 . C828AA1C5469E72251F3D367005E589F . 3067904 . . [6.00.2900.5726] . . c:\windows\$NtUninstallKB963027$\mshtml.dll

[-] 2008-10-16 . CC5A2205D37AE67CE23AB7FD3E1FDACA . 3067904 . . [6.00.2900.5694] . . c:\windows\$hf_mig$\KB958215\SP3QFE\mshtml.dll

[-] 2008-10-16 . B846C2DE341CF32B42AD297437233742 . 3067904 . . [6.00.2900.5694] . . c:\windows\$NtUninstallKB960714$\mshtml.dll

[-] 2008-08-20 . 507BDA42F7DB8209C0F0B3556A043491 . 3067904 . . [6.00.2900.5659] . . c:\windows\$NtUninstallKB958215$\mshtml.dll

[-] 2008-08-20 . BD45470B132A0F98596277323D9F2E5A . 3067904 . . [6.00.2900.5659] . . c:\windows\$hf_mig$\KB956390\SP3QFE\mshtml.dll

[-] 2008-04-14 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512] . . c:\windows\$NtUninstallKB956390$\mshtml.dll

[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll

[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\dllcache\msvcrt.dll

[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll

[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll

[-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll

[-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\mswsock.dll

[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll

[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\netlogon.dll

[-] 2009-08-04 . 8415D9C7C050E7022AED8ABF281BE4A6 . 2189184 . . [5.1.2600.5857] . . c:\windows\Driver Cache\i386\ntoskrnl.exe

[-] 2009-08-04 . 8415D9C7C050E7022AED8ABF281BE4A6 . 2189184 . . [5.1.2600.5857] . . c:\windows\system32\dllcache\ntoskrnl.exe

[-] 2009-08-04 . 78FCC97CD878D4CF5B5D2158A5A7CF92 . 2145280 . . [5.1.2600.5857] . . c:\windows\system32\ntoskrnl.exe

[-] 2009-08-04 . FDE779EA1A564EBFE16F4E0F82B61BAD . 2189312 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe

[-] 2009-02-07 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe

[-] 2009-02-06 . 0CBA44D0938D57F334C0862424148B70 . 2145280 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntoskrnl.exe

[-] 2008-08-14 . 31914172342BFF330063F343AC6958FE . 2189184 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe

[-] 2008-08-14 . F6F8245B3A2E9CA834DD318E7AE0C6D0 . 2145280 . . [5.1.2600.5657] . . c:\windows\$NtUninstallKB956572$\ntoskrnl.exe

[-] 2008-04-14 . 40F8880122A030A7E9E1FEDEA833B33D . 2145280 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956841$\ntoskrnl.exe

[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll

[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\powrprof.dll

[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll

[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\scecli.dll

[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll

[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\sfc.dll

[-] 2008-04-14 12:00 . !HASH: COULD NOT OPEN FILE !!!!! . 14336 . . [------] . . c:\windows\system32\svchost.exe

[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\svchost.exe

[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll

[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\tapisrv.dll

[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll

[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\user32.dll

[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe

[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\userinit.exe

[-] 2009-09-25 . 178CF0F58C9907633AAB633860B68973 . 667136 . . [6.00.2900.5880] . . c:\windows\system32\wininet.dll

[-] 2009-09-25 . 178CF0F58C9907633AAB633860B68973 . 667136 . . [6.00.2900.5880] . . c:\windows\system32\dllcache\wininet.dll

[-] 2009-09-25 . 406D33F9B30FFC0EEFC7C55562839931 . 668672 . . [6.00.2900.5880] . . c:\windows\$hf_mig$\KB974455\SP3QFE\wininet.dll

[-] 2009-06-26 . 70FFEA4793D7139A447B169CB0E500BC . 666624 . . [6.00.2900.5835] . . c:\windows\$NtUninstallKB974455$\wininet.dll

[-] 2009-06-26 . 8553E6D4EC1563277323E6B2D6FBB954 . 668160 . . [6.00.2900.5835] . . c:\windows\$hf_mig$\KB972260\SP3QFE\wininet.dll

[-] 2009-04-29 . 6002073519FA478BF89977369CDFD156 . 666624 . . [6.00.2900.5803] . . c:\windows\$NtUninstallKB972260$\wininet.dll

[-] 2009-04-29 . 04BCB4F87B35502568F6CF33433543A5 . 668160 . . [6.00.2900.5803] . . c:\windows\$hf_mig$\KB969897\SP3QFE\wininet.dll

[-] 2009-02-20 . 5B6A3EB7BB2F338BC2CB9F2FA4AAEA9E . 666112 . . [6.00.2900.5764] . . c:\windows\$NtUninstallKB969897$\wininet.dll

[-] 2009-02-20 . 711FEABED387B29FF7ED61BC6806A06C . 667648 . . [6.00.2900.5764] . . c:\windows\$hf_mig$\KB963027\SP3QFE\wininet.dll

[-] 2008-10-16 . E8FCE58A470999350F64C591557F9E42 . 667136 . . [6.00.2900.5694] . . c:\windows\$hf_mig$\KB958215\SP3QFE\wininet.dll

[-] 2008-10-16 . 1576318BF08D28CC61D1278114AD8D5B . 666112 . . [6.00.2900.5694] . . c:\windows\$NtUninstallKB963027$\wininet.dll

[-] 2008-08-20 . 9AF5F25124FBDC36E2B510729CBA2674 . 666112 . . [6.00.2900.5659] . . c:\windows\$NtUninstallKB958215$\wininet.dll

[-] 2008-08-20 . 94418F53D2612C26DBADC04DAFBC197C . 666624 . . [6.00.2900.5659] . . c:\windows\$hf_mig$\KB956390\SP3QFE\wininet.dll

[-] 2008-04-14 . 7A4F775ABB2F1C97DEF3E73AFA2FAEDD . 666112 . . [6.00.2900.5512] . . c:\windows\$NtUninstallKB956390$\wininet.dll

[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll

[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ws2_32.dll

[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe

[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\explorer.exe

[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll

[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\srsvc.dll

[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe

[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\wscntfy.exe

[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll

[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\xmlprov.dll

[-] 2008-04-14 12:00 . 028C3E9C06BBEE764908254C0A9270D8 . 61952 . . [------] . . c:\windows\system32\eventlog.dll

[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\eventlog.dll

[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll

[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\sfcfiles.dll

[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe

[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ctfmon.exe

[-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\system32\shsvcs.dll

[-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\shsvcs.dll

[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll

[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\regsvc.dll

[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll

[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\schedsvc.dll

[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll

[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ssdpsrv.dll

[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll

[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\termsrv.dll

[-] 2008-04-14 12:00 . 5A9B6F54B7DD78AB88C905E454184BDE . 11648 . . [------] . . c:\windows\system32\drivers\acpiec.sys

[-] 2008-04-13 22:09 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\dllcache\aec.sys

[-] 2008-04-13 22:09 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys

[-] 2008-04-14 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ip6fw.sys

[-] 2008-04-14 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys

[-] 2008-04-14 . 23CC730053925E60F1EA17E7C3CBEC2A . 35328 . . [5.1.2600.5512] . . c:\windows\system32\iprip.dll

[-] 2008-04-14 . F08D74EC300B8BA60CA953C58A24D19E . 35328 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\iprip.dll

[-] 2008-04-14 12:00 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\system32\mfc40u.dll

[-] 2008-04-14 12:00 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\system32\dllcache\mfc40u.dll

[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll

[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\msgsvc.dll

[-] 2008-04-14 12:00 . C7E39EA41233E9F5B86C8DA3A9F1E4A8 . 52224 . . [9.0.1.56] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll

[-] 2006-10-18 21:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll

[-] 2006-10-18 21:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\dllcache\mspmsnsv.dll

[-] 2009-08-04 . 363B2BBEE0AEDC9E5433616D0AD0236A . 2066176 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe

[-] 2009-08-04 . 32B1A971183EC22DD91EEDA61C499E7C . 2023936 . . [5.1.2600.5857] . . c:\windows\system32\ntkrnlpa.exe

[-] 2009-08-04 . 7437BA6F538E89381A2E3643AED296C7 . 2066048 . . [5.1.2600.5857] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe

[-] 2009-08-04 . 7437BA6F538E89381A2E3643AED296C7 . 2066048 . . [5.1.2600.5857] . . c:\windows\system32\dllcache\ntkrnlpa.exe

[-] 2009-02-06 . 65D4220799E6FC2CB079070A6393CC0E . 2023936 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntkrnlpa.exe

[-] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe

[-] 2008-08-14 . A25E9B86EFFB2AF33BF51E676B68BFB0 . 2066048 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe

[-] 2008-08-14 . 8206B5F94A6A9450E934029420C1693F . 2023936 . . [5.1.2600.5657] . . c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe

[-] 2008-04-14 . 7F653A89F6E89E3AE0D49830EECE35D4 . 2023936 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe

[-] 2008-04-14 12:00 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll

[-] 2008-04-14 12:00 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\system32\dllcache\ntmssvc.dll

[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll

[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\upnphost.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2008-04-14 53760]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Snagit 9.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Snagit 9.lnk

backup=c:\windows\pss\Snagit 9.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"xmlprov"=3 (0x3)

"WZCSVC"=2 (0x2)

"WudfSvc"=2 (0x2)

"wuauserv"=2 (0x2)

"wscsvc"=2 (0x2)

"WmiApSrv"=3 (0x3)

"WmdmPmSN"=3 (0x3)

"winmgmt"=2 (0x2)

"WebClient"=2 (0x2)

"W32Time"=2 (0x2)

"VSS"=3 (0x3)

"UPS"=3 (0x3)

"upnphost"=3 (0x3)

"TrkWks"=2 (0x2)

"Themes"=2 (0x2)

"TermService"=3 (0x3)

"TapiSrv"=3 (0x3)

"TabletServicePen"=2 (0x2)

"SysmonLog"=3 (0x3)

"SwPrv"=3 (0x3)

"stisvc"=3 (0x3)

"StarWindServiceAE"=2 (0x2)

"SSDPSRV"=3 (0x3)

"srservice"=2 (0x2)

"Spooler"=2 (0x2)

"SimpTcp"=2 (0x2)

"ShellHWDetection"=2 (0x2)

"SharedAccess"=2 (0x2)

"SENS"=2 (0x2)

"seclogon"=2 (0x2)

"Schedule"=2 (0x2)

"SCardSvr"=3 (0x3)

"SamSs"=2 (0x2)

"RSVP"=3 (0x3)

"RDSessMgr"=3 (0x3)

"RasMan"=3 (0x3)

"RasAuto"=3 (0x3)

"ProtectedStorage"=2 (0x2)

"PolicyAgent"=2 (0x2)

"PNRPSvc"=3 (0x3)

"PnkBstrA"=2 (0x2)

"PlugPlay"=2 (0x2)

"p2psvc"=3 (0x3)

"p2pimsvc"=3 (0x3)

"p2pgasvc"=3 (0x3)

"NtmsSvc"=3 (0x3)

"NtLmSsp"=3 (0x3)

"Nla"=3 (0x3)

"Netman"=3 (0x3)

"Netlogon"=3 (0x3)

"napagent"=3 (0x3)

"MyWebSearchService"=2 (0x2)

"MSIServer"=3 (0x3)

"MSDTC"=3 (0x3)

"mnmsrvc"=3 (0x3)

"mi-raysat_3dsmax8"=2 (0x2)

"LmHosts"=2 (0x2)

"lanmanworkstation"=2 (0x2)

"LanmanServer"=2 (0x2)

"JavaQuickStarterService"=2 (0x2)

"Iprip"=2 (0x2)

"ImapiService"=3 (0x3)

"idsvc"=3 (0x3)

"IDriverT"=3 (0x3)

"HTTPFilter"=3 (0x3)

"hkmsvc"=3 (0x3)

"HidServ"=2 (0x2)

"helpsvc"=2 (0x2)

"FontCache3.0.0.0"=3 (0x3)

"FastUserSwitchingCompatibility"=3 (0x3)

"EventSystem"=3 (0x3)

"Eventlog"=2 (0x2)

"ERSvc"=2 (0x2)

"EapHost"=3 (0x3)

"Dot3svc"=3 (0x3)

"Dnscache"=2 (0x2)

"dmserver"=3 (0x3)

"dmadmin"=3 (0x3)

"Dhcp"=2 (0x2)

"CryptSvc"=3 (0x3)

"COMSysApp"=3 (0x3)

"clr_optimization_v2.0.50727_32"=2 (0x2)

"CiSvc"=3 (0x3)

"Browser"=2 (0x2)

"BITS"=2 (0x2)

"avast! Web Scanner"=3 (0x3)

"avast! Mail Scanner"=3 (0x3)

"avast! Antivirus"=2 (0x2)

"Autodesk Licensing Service"=2 (0x2)

"AudioSrv"=2 (0x2)

"ATKKeyboardService"=2 (0x2)

"ATI Smart"=2 (0x2)

"Ati HotKey Poller"=2 (0x2)

"aswUpdSv"=2 (0x2)

"aspnet_state"=3 (0x3)

"AppMgmt"=3 (0x3)

"ALG"=3 (0x3)

"aawservice"=2 (0x2)

"6to4"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\Bethesda Softworks\\Star Trek Legacy\\Legacy.exe"=

"c:\\Program Files\\Beyond the Red Line\\fs2_open_3_6_9.exe"=

"c:\\Documents and Settings\\-FAR-\\My Documents\\downloads\\utorrent.exe"=

"c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=

"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=

"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=

"c:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"=

"c:\\bridge commander 2\\stbc.exe"=

"c:\\Program Files\\CRS\\Battleground Europe\\WW2_sse2.exe"=

"c:\\Program Files\\Ubisoft\\IL-2 Sturmovik 1946\\il2fb.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Bethesda Softworks\\uum\\Legacy.exe"=

"c:\\Program Files\\Free Download Manager\\fdm.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

"c:\\Program Files\\Autodesk\\backburner\\monitor.exe"=

"c:\\Program Files\\Autodesk\\backburner\\manager.exe"=

"c:\\Program Files\\Autodesk\\backburner\\server.exe"=

"c:\\Documents and Settings\\-FAR-\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=

"c:\\Program Files\\Wolfenstein noquarter\\ET.exe"=

"c:\\Documents and Settings\\family\\Desktop\\Wolfenstein - Enemy Territory\\ET.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"22101:TCP"= 22101:TCP:brid1

"22101:UDP"= 22101:UDP:brid12

"28900:TCP"= 28900:TCP:bridg2

"28900:UDP"= 28900:UDP:bridge21

"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping

"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)

R1 aiptektp;HyperPen;c:\windows\system32\DRIVERS\aiptektp.sys [2004-07-07 22272]

R3 atidgllk;atidgllk;c:\program files\winflash\atidgllk.sys [2006-07-19 12048]

R3 cpuz130;cpuz130;c:\docume~1\-FAR-\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [x]

R3 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2009-03-27 12672]

R3 io02;Hardware Access Driver;c:\windows\system32\io02.sys [2008-11-24 2688]

R4 Iprip;RIP Listener;c:\windows\System32\svchost.exe [2008-04-14 14336]

R4 MyWebSearchService;My Web Search Service;c:\progra~1\MYWEBS~1\bar\1.bin\mwssvc.exe [x]

R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-06-17 721904]

R4 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2008-05-01 3032360]

S1 aswSP;avast! Self Protection; [x]

S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-09-15 20560]

S3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\l1e51x86.sys [2008-03-11 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0f6e262d-b288-11dd-9035-0022157631db}]

\Shell\AutoRun\command - L:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0f6e262e-b288-11dd-9035-0022157631db}]

\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL chess.exe e

\Shell\Open\command - chess.exe

.

Contents of the 'Scheduled Tasks' folder

.

.

------- Supplementary Scan -------

.

uInternet Connection Wizard,ShellNext = iexplore

IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm

IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm

IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm

IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm

FF - ProfilePath - c:\documents and settings\-FAR-\Application Data\Mozilla\Firefox\Profiles\nttpjn9o.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.guardian-series.co.uk/

FF - prefs.js: network.proxy.type - 4

FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\NPplaynet.dll

FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll

FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll

FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

.

- - - - ORPHANS REMOVED - - - -

Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

AddRemove-HijackThis - c:\program files\Trend Micro\HijackThis\HijackThis.exe

AddRemove-Malwarebytes' Anti-Malware_is1 - c:\program files\Malwarebytes' Anti-Malware\unins000.exe

AddRemove-NaturalMotion endorphin_is1 - c:\program files\NaturalMotion\endorphin 2.7.1

AddRemove-UBCD4Win_is1 - c:\ubcd4win\unins000.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-01-04 12:28

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-746137067-527237240-682003330-1007\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:68,41,9f,34,43,c1,a6,1a,10,bf,4d,88,16,71,0d,eb,e8,b5,a0,bb,1e,e4,c3,

14,98,62,0e,21,ef,74,f3,71,3e,9d,77,0b,f8,54,ae,09,75,6b,80,e9,a6,6d,98,cd,\

"??"=hex:ba,81,64,81,89,42,d6,52,e6,fc,7a,33,19,25,fd,f3

[HKEY_USERS\S-1-5-21-746137067-527237240-682003330-1007\Software\SecuROM\License information*]

"datasecu"=hex:3d,32,04,7f,1e,ac,a1,a8,e3,0c,4b,d0,c6,46,56,37,75,21,5c,ec,e1,

b3,9e,e2,50,1d,a3,8e,0c,5b,7d,61,54,64,c3,17,15,e7,f2,3b,b8,8b,e2,fa,46,50,\

"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(796)

c:\windows\system32\Ati2evxx.dll

.

Completion time: 2010-01-04 12:32

ComboFix-quarantined-files.txt 2010-01-04 12:32

Pre-Run: 68,376,461,312 bytes free

Post-Run: 72,496,017,408 bytes free

Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4

- - End Of File - - 507AFC5BC8A4ADAD9218D5E0BDDD47C7

[FAR]

I manged to put dds.scr on the desktop using ubcd4win... it shuts down after loading instantly.

[screen317]

Please delete that ancient copy of ComboFix.

Please download the latest version of Combofix by sUBs.

1. Save it to your Desktop.

2. Double click combofix.exe & follow the prompts.

3. When finished, it shall produce a log for you. Post that log, as well as a fresh HijackThis log, in your next reply.

-screen317

[FAR]

Please delete that ancient copy of ComboFix.

Please download the latest version of Combofix by sUBs.

1. Save it to your Desktop.

2. Double click combofix.exe & follow the prompts.

3. When finished, it shall produce a log for you. Post that log, as well as a fresh HijackThis log, in your next reply.

-screen317

ComboFix 10-01-04.01 - -FAR- 01/05/2010 12:11:20.4.2 - x86

Running from: L:\CombFix.exe

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\eventlog.dll . . . is infected!!

c:\windows\system32\sethc.exe . . . is infected!!

.

((((((((((((((((((((((((( Files Created from 2009-12-05 to 2010-01-05 )))))))))))))))))))))))))))))))

.

2010-01-05 11:37 . 2010-01-05 11:55 -------- d-----w- C:\CombFix

2010-01-04 12:40 . 2010-01-04 13:44 -------- d-----w- C:\ComboFix

2009-12-28 23:40 . 2009-12-28 23:40 -------- d-----w- C:\ubuntu

2009-12-28 23:39 . 2009-12-26 00:18 1468640 ----a-w- C:\wubi.exe

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-01-04 12:38 . 2009-09-25 05:54 0 ----a-r- c:\windows\win32k.sys

2010-01-03 16:11 . 2009-11-29 20:39 -------- d-----w- c:\documents and settings\-FAR-\Application Data\FreeFixer

2009-12-11 15:06 . 2008-11-23 14:09 -------- d-----w- c:\documents and settings\family\Application Data\Free Download Manager

2009-12-03 18:06 . 2009-11-15 12:47 -------- d-----w- c:\program files\PaintTool SAI English Pack

2009-12-03 07:55 . 2009-12-03 07:55 289584 ----a-w- C:\uTorrent.exe

2009-12-03 07:32 . 2009-12-03 07:32 -------- d-----w- c:\program files\reatogo

2009-12-03 06:37 . 2009-11-23 16:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-12-03 04:59 . 2008-11-17 12:22 -------- d-----w- c:\program files\Bethesda Softworks

2009-12-03 04:50 . 2008-11-14 21:30 -------- d-----w- c:\program files\Rockstar Games

2009-12-03 02:42 . 2009-12-03 02:41 -------- d-----w- c:\program files\freefixer

2009-12-02 19:01 . 2009-12-02 19:01 -------- d-----w- c:\documents and settings\family\Application Data\WTablet

2009-12-02 00:42 . 2009-12-02 00:42 -------- d-----w- c:\documents and settings\-FAR-\Application Data\ImgBurn

2009-12-02 00:42 . 2009-12-02 00:42 -------- d-----w- c:\program files\ImgBurn

2009-12-02 00:25 . 2009-12-02 00:25 -------- d-----w- c:\documents and settings\-FAR-\Application Data\WTablet

2009-12-01 21:01 . 2009-12-01 21:00 -------- d-----w- c:\program files\Tablet

2009-11-27 23:54 . 2008-12-04 07:43 1 ----a-w- c:\documents and settings\-FAR-\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys

2009-11-25 15:06 . 2008-11-23 19:06 139904 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys

2009-11-25 15:06 . 2008-11-23 19:06 189744 ----a-w- c:\windows\system32\PnkBstrB.exe

2009-11-23 14:57 . 2009-12-03 04:03 3573273 ----a-r- C:\ComboFix.exe

2009-11-21 01:35 . 2008-11-24 08:37 1 ----a-w- c:\documents and settings\family\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys

2009-11-21 01:35 . 2009-09-07 21:19 63 ----a-w- c:\documents and settings\family\jagex_runescape_preferences2.dat

2009-11-21 01:35 . 2008-11-23 14:45 38 ----a-w- c:\documents and settings\family\jagex_runescape_preferences.dat

2009-11-20 18:25 . 2009-11-20 18:25 -------- d-----w- c:\program files\Ask.com

2009-11-20 11:31 . 2008-11-15 12:57 42224 ----a-w- c:\documents and settings\family\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-11-19 20:53 . 2009-11-19 20:53 -------- d-----w- c:\documents and settings\-FAR-\Application Data\Cakewalk

2009-11-19 20:53 . 2008-12-04 07:30 42224 ----a-w- c:\documents and settings\-FAR-\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-11-19 20:21 . 2008-11-15 14:39 -------- d-----w- c:\program files\Common Files\Adobe

2009-11-19 20:07 . 2009-11-19 20:07 -------- d-----w- c:\program files\Common Files\Adobe AIR

2009-11-19 15:05 . 2009-11-19 15:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Cakewalk

2009-11-19 15:04 . 2009-11-19 15:03 -------- d-----w- c:\program files\Cakewalk

2009-11-17 18:44 . 2009-11-17 18:44 -------- d-----w- c:\program files\Alwil Software

2009-11-15 13:00 . 2009-11-15 13:00 -------- d-----w- c:\documents and settings\All Users\Application Data\TechSmith

2009-11-15 13:00 . 2009-11-15 13:00 -------- d-----w- c:\program files\TechSmith

2009-11-15 12:55 . 2008-12-04 10:45 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

2009-11-15 12:52 . 2009-11-15 12:52 -------- d-----w- c:\program files\ASIO4ALL v2

2009-11-15 12:52 . 2009-11-15 12:52 -------- d-----w- c:\program files\VstPlugins

2009-11-15 12:52 . 2009-11-15 12:50 -------- d-----w- c:\program files\Image-Line

2009-11-15 12:52 . 2009-11-15 12:52 -------- d-----w- c:\program files\Outsim

2009-11-15 12:51 . 2009-11-15 12:51 -------- d-----w- c:\documents and settings\All Users\Application Data\SYSTEMAX Software Development

2009-11-07 23:46 . 2008-12-05 19:37 38 ----a-w- c:\documents and settings\-FAR-\jagex_runescape_preferences.dat

2009-11-07 23:46 . 2009-09-24 19:09 63 ----a-w- c:\documents and settings\-FAR-\jagex_runescape_preferences2.dat

2009-11-07 01:46 . 2009-11-07 01:46 -------- d-----w- c:\program files\Microsoft Silverlight

2009-10-19 21:17 . 2008-12-06 15:53 1324 ----a-w- c:\documents and settings\family\Local Settings\Application Data\d3d9caps.tmp

2009-10-16 16:17 . 2009-10-16 16:17 76 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_F47690592793ED1108D6000565084666.dll

2009-10-16 16:17 . 2009-10-16 16:17 302 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_E5D9D200AB92D6E3B94CD3D7D6CB37C5.dll

2009-10-16 16:17 . 2009-10-16 16:17 625 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_E1F834973CEDD344D9DCEFECD2866C50.dll

2009-10-16 16:17 . 2009-10-16 16:17 152 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_DDA39468D428E8B4DB27C8D5DC5CA217.dll

2009-10-16 16:17 . 2009-10-16 16:17 10 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_DC3BF90CC0D3D2F398A9A6D1762F70F3.dll

2009-10-16 16:17 . 2009-10-16 16:17 884 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_7EBAF54B101D99D46A171ED64AA07F0F.dll

2009-10-16 16:17 . 2009-10-16 16:17 48 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_B83F4D01634537648B163F1029B973B3.dll

2009-10-16 16:17 . 2009-10-16 16:17 290 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_A2A066E2F55ADC34F937AC7D83E2BE87.dll

2009-10-16 16:17 . 2009-10-16 16:17 26 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_9F2FDFE0D6387BE43AD230B83D1FBFA2.dll

2009-10-16 16:17 . 2009-10-16 16:17 156 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_D6E743D330A524345BABA67781583F97.dll

2009-10-16 16:17 . 2009-10-16 16:17 154 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_C44CC767CBB9D834AB3DDF5459DD41B8.dll

2009-10-16 16:17 . 2009-10-16 16:17 1251 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_D20352A90C039D93DBF6126ECE614057.dll

2009-10-08 20:12 . 2009-10-08 20:12 593408 ----a-w- c:\documents and settings\-FAR-\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\pmv305hw-0909250-0-main.dll

2009-10-08 20:12 . 2009-10-08 20:12 319488 ----a-w- c:\documents and settings\-FAR-\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe

.

------- Sigcheck -------

[-] 2008-04-14 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys

[-] 2008-04-14 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\asyncmac.sys

[-] 2008-04-14 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys

[-] 2008-04-14 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys

[-] 2008-04-14 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys

[-] 2008-04-14 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys

[-] 2008-04-14 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ndis.sys

[-] 2008-04-14 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys

[-] 2008-04-14 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ntfs.sys

[-] 2008-04-14 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys

[-] 2008-04-14 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys

[-] 2008-04-14 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys

[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys

[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys

[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys

[-] 2008-04-14 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys

[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\browser.dll

[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\browser.dll

[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe

[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\lsass.exe

[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll

[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\netman.dll

[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll

[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\dllcache\qmgr.dll

[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll

[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll

[-] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll

[-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\rpcss.dll

[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\services.exe

[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe

[-] 2009-02-06 . 020CEAAEDC8EB655B6506B8C70D53BB6 . 110592 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe

[-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\services.exe

[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\system32\spoolsv.exe

[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\spoolsv.exe

[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe

[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\winlogon.exe

[-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll

[-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll

[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll

[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\cryptsvc.dll

[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll

[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll

[-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll

[-] 2008-04-14 12:00 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\$NtUninstallKB950974$\es.dll

[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll

[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\imm32.dll

[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\kernel32.dll

[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\dllcache\kernel32.dll

[-] 2009-03-21 . DA11D9D6ECBDF0F93436A4B7C13F7BEC . 991744 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll

[-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB959426$\kernel32.dll

[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll

[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\linkinfo.dll

[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll

[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\lpk.dll

[-] 2009-10-19 . 4D1EAA7E0B845D1B2E8D711AE754D0F2 . 3070976 . . [6.00.2900.5890] . . c:\windows\system32\mshtml.dll

[-] 2009-10-19 . 4D1EAA7E0B845D1B2E8D711AE754D0F2 . 3070976 . . [6.00.2900.5890] . . c:\windows\system32\dllcache\mshtml.dll

[-] 2009-10-19 23:44 . 7B5FEF3425503F8C880B0FBE819ABF3B . 3072512 . . [------] . . c:\windows\$hf_mig$\KB976749\SP3QFE\mshtml.dll

[-] 2009-09-25 . BBFD3B7EA5E261D791C095BC06F3D0C4 . 3070976 . . [6.00.2900.5880] . . c:\windows\$NtUninstallKB976749$\mshtml.dll

[-] 2009-09-25 . 37F578776552FA076EA6085F0365209C . 3072512 . . [6.00.2900.5880] . . c:\windows\$hf_mig$\KB974455\SP3QFE\mshtml.dll

[-] 2009-07-18 . 7467941BE64DFC5F8E9F3DC1DE920806 . 3069440 . . [6.00.2900.5848] . . c:\windows\$NtUninstallKB974455$\mshtml.dll

[-] 2009-07-18 . F3EE47F296295D08A97CB50EF57244D9 . 3069952 . . [6.00.2900.5848] . . c:\windows\$hf_mig$\KB972260\SP3QFE\mshtml.dll

[-] 2009-04-29 . ABD8093E43E53AEA5898D2214B92E9BA . 3068928 . . [6.00.2900.5803] . . c:\windows\$NtUninstallKB972260$\mshtml.dll

[-] 2009-04-29 . 06CF679E3D24C3DF270556456A0F1EDA . 3069440 . . [6.00.2900.5803] . . c:\windows\$hf_mig$\KB969897\SP3QFE\mshtml.dll

[-] 2009-02-20 . 2F70F2F74C40397D031016FA162981C2 . 3068416 . . [6.00.2900.5764] . . c:\windows\$NtUninstallKB969897$\mshtml.dll

[-] 2009-02-20 . 1618A4A2C5DD8164B8295190C8EA6544 . 3068416 . . [6.00.2900.5764] . . c:\windows\$hf_mig$\KB963027\SP3QFE\mshtml.dll

[-] 2008-12-12 . B6DAA74E2ED36C71B502945589A683AE . 3067904 . . [6.00.2900.5726] . . c:\windows\$hf_mig$\KB960714\SP3QFE\mshtml.dll

[-] 2008-12-12 . C828AA1C5469E72251F3D367005E589F . 3067904 . . [6.00.2900.5726] . . c:\windows\$NtUninstallKB963027$\mshtml.dll

[-] 2008-10-16 . CC5A2205D37AE67CE23AB7FD3E1FDACA . 3067904 . . [6.00.2900.5694] . . c:\windows\$hf_mig$\KB958215\SP3QFE\mshtml.dll

[-] 2008-10-16 . B846C2DE341CF32B42AD297437233742 . 3067904 . . [6.00.2900.5694] . . c:\windows\$NtUninstallKB960714$\mshtml.dll

[-] 2008-08-20 . 507BDA42F7DB8209C0F0B3556A043491 . 3067904 . . [6.00.2900.5659] . . c:\windows\$NtUninstallKB958215$\mshtml.dll

[-] 2008-08-20 . BD45470B132A0F98596277323D9F2E5A . 3067904 . . [6.00.2900.5659] . . c:\windows\$hf_mig$\KB956390\SP3QFE\mshtml.dll

[-] 2008-04-14 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512] . . c:\windows\$NtUninstallKB956390$\mshtml.dll

[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll

[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\dllcache\msvcrt.dll

[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll

[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll

[-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll

[-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\mswsock.dll

[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll

[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\netlogon.dll

[-] 2009-08-04 . 8415D9C7C050E7022AED8ABF281BE4A6 . 2189184 . . [5.1.2600.5857] . . c:\windows\Driver Cache\i386\ntoskrnl.exe

[-] 2009-08-04 . 8415D9C7C050E7022AED8ABF281BE4A6 . 2189184 . . [5.1.2600.5857] . . c:\windows\system32\dllcache\ntoskrnl.exe

[-] 2009-08-04 . 78FCC97CD878D4CF5B5D2158A5A7CF92 . 2145280 . . [5.1.2600.5857] . . c:\windows\system32\ntoskrnl.exe

[-] 2009-08-04 . FDE779EA1A564EBFE16F4E0F82B61BAD . 2189312 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe

[-] 2009-02-07 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe

[-] 2009-02-06 . 0CBA44D0938D57F334C0862424148B70 . 2145280 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntoskrnl.exe

[-] 2008-08-14 . 31914172342BFF330063F343AC6958FE . 2189184 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe

[-] 2008-08-14 . F6F8245B3A2E9CA834DD318E7AE0C6D0 . 2145280 . . [5.1.2600.5657] . . c:\windows\$NtUninstallKB956572$\ntoskrnl.exe

[-] 2008-04-14 . 40F8880122A030A7E9E1FEDEA833B33D . 2145280 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956841$\ntoskrnl.exe

[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll

[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\powrprof.dll

[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll

[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\scecli.dll

[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll

[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\sfc.dll

[-] 2008-04-14 12:00 . !HASH: COULD NOT OPEN FILE !!!!! . 14336 . . [------] . . c:\windows\system32\svchost.exe

[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\svchost.exe

[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll

[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\tapisrv.dll

[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll

[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\user32.dll

[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe

[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\userinit.exe

[-] 2009-09-25 . 178CF0F58C9907633AAB633860B68973 . 667136 . . [6.00.2900.5880] . . c:\windows\system32\wininet.dll

[-] 2009-09-25 . 178CF0F58C9907633AAB633860B68973 . 667136 . . [6.00.2900.5880] . . c:\windows\system32\dllcache\wininet.dll

[-] 2009-09-25 . 406D33F9B30FFC0EEFC7C55562839931 . 668672 . . [6.00.2900.5880] . . c:\windows\$hf_mig$\KB974455\SP3QFE\wininet.dll

[-] 2009-06-26 . 70FFEA4793D7139A447B169CB0E500BC . 666624 . . [6.00.2900.5835] . . c:\windows\$NtUninstallKB974455$\wininet.dll

[-] 2009-06-26 . 8553E6D4EC1563277323E6B2D6FBB954 . 668160 . . [6.00.2900.5835] . . c:\windows\$hf_mig$\KB972260\SP3QFE\wininet.dll

[-] 2009-04-29 . 6002073519FA478BF89977369CDFD156 . 666624 . . [6.00.2900.5803] . . c:\windows\$NtUninstallKB972260$\wininet.dll

[-] 2009-04-29 . 04BCB4F87B35502568F6CF33433543A5 . 668160 . . [6.00.2900.5803] . . c:\windows\$hf_mig$\KB969897\SP3QFE\wininet.dll

[-] 2009-02-20 . 5B6A3EB7BB2F338BC2CB9F2FA4AAEA9E . 666112 . . [6.00.2900.5764] . . c:\windows\$NtUninstallKB969897$\wininet.dll

[-] 2009-02-20 . 711FEABED387B29FF7ED61BC6806A06C . 667648 . . [6.00.2900.5764] . . c:\windows\$hf_mig$\KB963027\SP3QFE\wininet.dll

[-] 2008-10-16 . E8FCE58A470999350F64C591557F9E42 . 667136 . . [6.00.2900.5694] . . c:\windows\$hf_mig$\KB958215\SP3QFE\wininet.dll

[-] 2008-10-16 . 1576318BF08D28CC61D1278114AD8D5B . 666112 . . [6.00.2900.5694] . . c:\windows\$NtUninstallKB963027$\wininet.dll

[-] 2008-08-20 . 9AF5F25124FBDC36E2B510729CBA2674 . 666112 . . [6.00.2900.5659] . . c:\windows\$NtUninstallKB958215$\wininet.dll

[-] 2008-08-20 . 94418F53D2612C26DBADC04DAFBC197C . 666624 . . [6.00.2900.5659] . . c:\windows\$hf_mig$\KB956390\SP3QFE\wininet.dll

[-] 2008-04-14 . 7A4F775ABB2F1C97DEF3E73AFA2FAEDD . 666112 . . [6.00.2900.5512] . . c:\windows\$NtUninstallKB956390$\wininet.dll

[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll

[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ws2_32.dll

[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe

[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\explorer.exe

[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll

[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\srsvc.dll

[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe

[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\wscntfy.exe

[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll

[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\xmlprov.dll

[-] 2008-04-14 12:00 . 028C3E9C06BBEE764908254C0A9270D8 . 61952 . . [------] . . c:\windows\system32\eventlog.dll

[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\eventlog.dll

[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll

[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\sfcfiles.dll

[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe

[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ctfmon.exe

[-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\system32\shsvcs.dll

[-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\shsvcs.dll

[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll

[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\regsvc.dll

[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll

[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\schedsvc.dll

[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll

[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ssdpsrv.dll

[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll

[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\termsrv.dll

[-] 2008-04-14 12:00 . 5A9B6F54B7DD78AB88C905E454184BDE . 11648 . . [------] . . c:\windows\system32\drivers\acpiec.sys

[-] 2008-04-13 22:09 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\dllcache\aec.sys

[-] 2008-04-13 22:09 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys

[-] 2008-04-14 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ip6fw.sys

[-] 2008-04-14 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys

[-] 2008-04-14 . 23CC730053925E60F1EA17E7C3CBEC2A . 35328 . . [5.1.2600.5512] . . c:\windows\system32\iprip.dll

[-] 2008-04-14 . F08D74EC300B8BA60CA953C58A24D19E . 35328 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\iprip.dll

[-] 2008-04-14 12:00 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\system32\mfc40u.dll

[-] 2008-04-14 12:00 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\system32\dllcache\mfc40u.dll

[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll

[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\msgsvc.dll

[-] 2008-04-14 12:00 . C7E39EA41233E9F5B86C8DA3A9F1E4A8 . 52224 . . [9.0.1.56] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll

[-] 2006-10-18 21:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll

[-] 2006-10-18 21:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\dllcache\mspmsnsv.dll

[-] 2009-08-04 . 363B2BBEE0AEDC9E5433616D0AD0236A . 2066176 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe

[-] 2009-08-04 . 32B1A971183EC22DD91EEDA61C499E7C . 2023936 . . [5.1.2600.5857] . . c:\windows\system32\ntkrnlpa.exe

[-] 2009-08-04 . 7437BA6F538E89381A2E3643AED296C7 . 2066048 . . [5.1.2600.5857] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe

[-] 2009-08-04 . 7437BA6F538E89381A2E3643AED296C7 . 2066048 . . [5.1.2600.5857] . . c:\windows\system32\dllcache\ntkrnlpa.exe

[-] 2009-02-06 . 65D4220799E6FC2CB079070A6393CC0E . 2023936 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntkrnlpa.exe

[-] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe

[-] 2008-08-14 . A25E9B86EFFB2AF33BF51E676B68BFB0 . 2066048 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe

[-] 2008-08-14 . 8206B5F94A6A9450E934029420C1693F . 2023936 . . [5.1.2600.5657] . . c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe

[-] 2008-04-14 . 7F653A89F6E89E3AE0D49830EECE35D4 . 2023936 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe

[-] 2008-04-14 12:00 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll

[-] 2008-04-14 12:00 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\system32\dllcache\ntmssvc.dll

[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll

[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\upnphost.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"RunNarrator"="Narrator.exe" [2008-04-14 53760]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Snagit 9.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Snagit 9.lnk

backup=c:\windows\pss\Snagit 9.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\atwtusb]

atwtusb.exe beta [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\combofix]

c:\combofix\CF13036.cfxxe [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2009-02-27 17:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

2008-06-19 16:20 57344 ----a-w- c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]

2009-04-24 03:16 203928 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS SmartDoctor]

2008-11-16 17:53 1171456 ----a-w- c:\program files\ASUS\SmartDoctor\SmartDoctor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]

2009-09-15 11:56 81000 ----a-w- c:\progra~1\ALWILS~1\Avast4\ashDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

2008-04-14 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

2008-08-08 12:11 490952 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gainward]

2008-07-31 14:14 2296360 ----a-w- c:\program files\EXPERTool ATI\TBPANEL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]

2003-12-22 07:38 241664 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2006-01-14 00:20 49152 ----a-w- c:\program files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMEKRMIG6.1]

2008-04-14 12:00 44032 ----a-w- c:\windows\ime\imkr6_1\imekrmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]

2008-04-14 12:00 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 05:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]

2008-04-14 12:00 59392 ----a-w- c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NuonSoft ShellEnhancer StartupHelper]

2006-12-16 11:46 65536 ----a-w- c:\program files\NuonSoft\ShellEnhancer\StartupHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]

2008-04-14 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]

2008-04-14 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

2008-07-16 19:14 16806400 ----a-w- c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Six Engine]

2008-07-23 17:04 5625344 ----a-w- c:\program files\ASUS\EPU-4 Engine\FourEngine.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]

2008-08-29 16:11 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2009-05-21 10:34 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]

2008-05-02 04:15 15872 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"xmlprov"=3 (0x3)

"WZCSVC"=2 (0x2)

"WudfSvc"=2 (0x2)

"wuauserv"=2 (0x2)

"wscsvc"=2 (0x2)

"WmiApSrv"=3 (0x3)

"WmdmPmSN"=3 (0x3)

"winmgmt"=2 (0x2)

"WebClient"=2 (0x2)

"W32Time"=2 (0x2)

"VSS"=3 (0x3)

"UPS"=3 (0x3)

"upnphost"=3 (0x3)

"TrkWks"=2 (0x2)

"Themes"=2 (0x2)

"TermService"=3 (0x3)

"TapiSrv"=3 (0x3)

"TabletServicePen"=2 (0x2)

"SysmonLog"=3 (0x3)

"SwPrv"=3 (0x3)

"stisvc"=3 (0x3)

"StarWindServiceAE"=2 (0x2)

"SSDPSRV"=3 (0x3)

"srservice"=2 (0x2)

"Spooler"=2 (0x2)

"SimpTcp"=2 (0x2)

"ShellHWDetection"=2 (0x2)

"SharedAccess"=2 (0x2)

"SENS"=2 (0x2)

"seclogon"=2 (0x2)

"Schedule"=2 (0x2)

"SCardSvr"=3 (0x3)

"SamSs"=2 (0x2)

"RSVP"=3 (0x3)

"RDSessMgr"=3 (0x3)

"RasMan"=3 (0x3)

"RasAuto"=3 (0x3)

"ProtectedStorage"=2 (0x2)

"PolicyAgent"=2 (0x2)

"PNRPSvc"=3 (0x3)

"PnkBstrA"=2 (0x2)

"PlugPlay"=2 (0x2)

"p2psvc"=3 (0x3)

"p2pimsvc"=3 (0x3)

"p2pgasvc"=3 (0x3)

"NtmsSvc"=3 (0x3)

"NtLmSsp"=3 (0x3)

"Nla"=3 (0x3)

"Netman"=3 (0x3)

"Netlogon"=3 (0x3)

"napagent"=3 (0x3)

"MyWebSearchService"=2 (0x2)

"MSIServer"=3 (0x3)

"MSDTC"=3 (0x3)

"mnmsrvc"=3 (0x3)

"mi-raysat_3dsmax8"=2 (0x2)

"LmHosts"=2 (0x2)

"lanmanworkstation"=2 (0x2)

"LanmanServer"=2 (0x2)

"JavaQuickStarterService"=2 (0x2)

"Iprip"=2 (0x2)

"ImapiService"=3 (0x3)

"idsvc"=3 (0x3)

"IDriverT"=3 (0x3)

"HTTPFilter"=3 (0x3)

"hkmsvc"=3 (0x3)

"HidServ"=2 (0x2)

"helpsvc"=2 (0x2)

"FontCache3.0.0.0"=3 (0x3)

"FastUserSwitchingCompatibility"=3 (0x3)

"EventSystem"=3 (0x3)

"Eventlog"=2 (0x2)

"ERSvc"=2 (0x2)

"EapHost"=3 (0x3)

"Dot3svc"=3 (0x3)

"Dnscache"=2 (0x2)

"dmserver"=3 (0x3)

"dmadmin"=3 (0x3)

"Dhcp"=2 (0x2)

"CryptSvc"=3 (0x3)

"COMSysApp"=3 (0x3)

"clr_optimization_v2.0.50727_32"=2 (0x2)

"CiSvc"=3 (0x3)

"Browser"=2 (0x2)

"BITS"=2 (0x2)

"avast! Web Scanner"=3 (0x3)

"avast! Mail Scanner"=3 (0x3)

"avast! Antivirus"=2 (0x2)

"Autodesk Licensing Service"=2 (0x2)

"AudioSrv"=2 (0x2)

"ATKKeyboardService"=2 (0x2)

"ATI Smart"=2 (0x2)

"Ati HotKey Poller"=2 (0x2)

"aswUpdSv"=2 (0x2)

"aspnet_state"=3 (0x3)

"AppMgmt"=3 (0x3)

"ALG"=3 (0x3)

"aawservice"=2 (0x2)

"6to4"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\Bethesda Softworks\\Star Trek Legacy\\Legacy.exe"=

"c:\\Program Files\\Beyond the Red Line\\fs2_open_3_6_9.exe"=

"c:\\Documents and Settings\\-FAR-\\My Documents\\downloads\\utorrent.exe"=

"c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=

"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=

"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=

"c:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"=

"c:\\bridge commander 2\\stbc.exe"=

"c:\\Program Files\\CRS\\Battleground Europe\\WW2_sse2.exe"=

"c:\\Program Files\\Ubisoft\\IL-2 Sturmovik 1946\\il2fb.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Bethesda Softworks\\uum\\Legacy.exe"=

"c:\\Program Files\\Free Download Manager\\fdm.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

"c:\\Program Files\\Autodesk\\backburner\\monitor.exe"=

"c:\\Program Files\\Autodesk\\backburner\\manager.exe"=

"c:\\Program Files\\Autodesk\\backburner\\server.exe"=

"c:\\Documents and Settings\\-FAR-\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\Wolfenstein noquarter\\ET.exe"=

"c:\\Documents and Settings\\family\\Desktop\\Wolfenstein - Enemy Territory\\ET.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"22101:TCP"= 22101:TCP:brid1

"22101:UDP"= 22101:UDP:brid12

"28900:TCP"= 28900:TCP:bridg2

"28900:UDP"= 28900:UDP:bridge21

"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping

"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)

R1 aiptektp;HyperPen;c:\windows\system32\DRIVERS\aiptektp.sys [2004-07-07 22272]

R3 atidgllk;atidgllk;c:\program files\winflash\atidgllk.sys [2006-07-19 12048]

R3 cpuz130;cpuz130;c:\docume~1\-FAR-\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [x]

R3 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2009-03-27 12672]

R3 io02;Hardware Access Driver;c:\windows\system32\io02.sys [2008-11-24 2688]

R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-06-17 721904]

R4 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2008-05-01 3032360]

S1 aswSP;avast! Self Protection; [x]

S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-09-15 20560]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

.

.

------- Supplementary Scan -------

.

uInternet Connection Wizard,ShellNext = iexplore

IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm

IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm

IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm

IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm

FF - ProfilePath - c:\documents and settings\-FAR-\Application Data\Mozilla\Firefox\Profiles\nttpjn9o.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.guardian-series.co.uk/

FF - prefs.js: network.proxy.type - 4

FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\NPplaynet.dll

FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll

FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll

FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

.

- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-HijackThis startup scan - L:\HijackThis.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-01-05 12:19

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-746137067-527237240-682003330-1007\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:68,41,9f,34,43,c1,a6,1a,10,bf,4d,88,16,71,0d,eb,e8,b5,a0,bb,1e,e4,c3,

14,98,62,0e,21,ef,74,f3,71,3e,9d,77,0b,f8,54,ae,09,75,6b,80,e9,a6,6d,98,cd,\

"??"=hex:ba,81,64,81,89,42,d6,52,e6,fc,7a,33,19,25,fd,f3

[HKEY_USERS\S-1-5-21-746137067-527237240-682003330-1007\Software\SecuROM\License information*]

"datasecu"=hex:3d,32,04,7f,1e,ac,a1,a8,e3,0c,4b,d0,c6,46,56,37,75,21,5c,ec,e1,

b3,9e,e2,50,1d,a3,8e,0c,5b,7d,61,54,64,c3,17,15,e7,f2,3b,b8,8b,e2,fa,46,50,\

"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(796)

c:\windows\system32\Ati2evxx.dll

.

Completion time: 2010-01-05 12:22:24

ComboFix-quarantined-files.txt 2010-01-05 12:22

ComboFix2.txt 2010-01-05 11:55

ComboFix3.txt 2010-01-04 13:44

ComboFix4.txt 2010-01-04 12:32

Pre-Run: 72,428,539,904 bytes free

Post-Run: 72,413,904,896 bytes free

Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4

- - End Of File - - 3C13E316E78271F029C51659A9B82344

[FAR]

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:59:26 AM, on 1/5/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\wpabaln.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\taskmgr.exe

L:\this high.exe

C:\WINDOWS\system32\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\PROGRA~1\FREEDO~1\iefdm2.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')

O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User '?')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')

O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm

O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm

O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1227168631375

O23 - Service: CryptSvc - Unknown owner - C:\WINDOWS\system32\svchost.exe

O23 - Service: DCOM Server Process Launcher (DcomLaunch) - Unknown owner - C:\WINDOWS\system32\svchost.exe

O23 - Service: Error Reporting Service (ERSvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe

O23 - Service: Help and Support (helpsvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe

O23 - Service: Removable Storage (NtmsSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe

O23 - Service: Remote Procedure Call (RPC) (RpcSs) - Unknown owner - C:\WINDOWS\system32\svchost.exe

O23 - Service: Secondary Logon (seclogon) - Unknown owner - C:\WINDOWS\System32\svchost.exe

O23 - Service: Windows Firewall/Internet Connection Sharing (ICS) (SharedAccess) - Unknown owner - C:\WINDOWS\System32\svchost.exe

O23 - Service: System Restore Service (srservice) - Unknown owner - C:\WINDOWS\system32\svchost.exe

O23 - Service: Windows Management Instrumentation (winmgmt) - Unknown owner - C:\WINDOWS\system32\svchost.exe

O23 - Service: Portable Media Serial Number Service (WmdmPmSN) - Unknown owner - C:\WINDOWS\System32\svchost.exe

O23 - Service: Security Center (wscsvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe

O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\system32\svchost.exe

O23 - Service: Network Provisioning Service (xmlprov) - Unknown owner - C:\WINDOWS\System32\svchost.exe

--

End of file - 5484 bytes

And that other thing worked this time.

DDS (Ver_09-12-01.01) - NTFSx86

Run by -FAR- at 12:38:12.09 on Tue 01/05/2010

Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_14

============== Running Processes ===============

C:\WINDOWS\system32\wpabaln.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\taskmgr.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\ESTsoft\ALZip\ALZip.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\system32\notepad.exe

L:\dds.scr

============== Pseudo HJT Report ===============

uInternet Connection Wizard,ShellNext = iexplore

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 9\SnagitBHO.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\progra~1\freedo~1\iefdm2.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

dRunOnce: [RunNarrator] Narrator.exe

IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm

IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm

IE: Download video with Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm

IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1227168631375

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll

Notify: AtiExtEvent - Ati2evxx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\-far-\applic~1\mozilla\firefox\profiles\nttpjn9o.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.guardian-series.co.uk/

FF - prefs.js: network.proxy.type - 4

FF - component: c:\program files\free download manager\firefox\extension\components\vmsfdmff.dll

FF - plugin: c:\program files\mozilla firefox\plugins\NPplaynet.dll

FF - plugin: c:\program files\opera\program\plugins\nppl3260.dll

FF - plugin: c:\program files\opera\program\plugins\nprpjplug.dll

FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R? aawservice;Lavasoft Ad-Aware Service

R? aiptektp;HyperPen

R? atidgllk;atidgllk

R? avast! Antivirus;avast! Antivirus

R? avast! Mail Scanner;avast! Mail Scanner

R? avast! Web Scanner;avast! Web Scanner

R? cpuz130;cpuz130

R? cpuz132;cpuz132

R? io02;Hardware Access Driver

R? StarWindServiceAE;StarWind AE Service

R? TabletServicePen;TabletServicePen

S? aswFsBlk;aswFsBlk

S? aswSP;avast! Self Protection

=============== Created Last 30 ================

2010-01-05 12:10:16 0 d-sha-r- C:\cmdcons

2010-01-04 15:47:31 2 ------w- C:\.windows-serial

2010-01-04 13:34:47 98816 ----a-w- c:\windows\sed.exe

2010-01-04 13:34:47 77312 ----a-w- c:\windows\MBR.exe

2010-01-04 13:34:47 261632 ----a-w- c:\windows\PEV.exe

2010-01-04 13:34:47 161792 ----a-w- c:\windows\SWREG.exe

2009-12-28 23:40:56 8192 ----a-w- C:\wubildr.mbr

2009-12-28 23:40:56 80177 ----a-w- C:\wubildr

2009-12-28 23:40:06 0 d-----w- C:\ubuntu

2009-12-28 23:39:10 1468640 ----a-w- C:\wubi.exe

2009-12-28 23:38:47 724353024 ----a-w- C:\ubuntu-9.10-desktop-amd64.iso

==================== Find3M ====================

2009-12-03 07:55:26 289584 ----a-w- C:\uTorrent.exe

2009-11-25 15:06:36 139904 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys

2009-11-25 15:06:10 189744 ----a-w- c:\windows\system32\PnkBstrB.exe

2009-11-07 23:46:18 38 ----a-w- c:\documents and settings\-far-\jagex_runescape_preferences.dat

2009-11-07 23:46:17 63 ----a-w- c:\documents and settings\-far-\jagex_runescape_preferences2.dat

============= FINISH: 12:38:16.39 ===============

[screen317]

This is very odd. The way your logs are presented gives me the impression that the damage caused to your computer from whatever caused it is very heavy and may not be completely reparable. Do you have your Windows CD?

Please download Dial-A-Fix from here.

Save it to your Desktop.

Open Dial-a-fix.exe

Click the green checkmark at the bottom of the window; this should select all options.

Now, click GO.

Allow it to run (the status will be displayed at the bottom), and follow any prompts you receive.

Next, run ComboFix again, except this time, please turn off Word Wrap in Notepad so that the log is presented more clearly.

[FAR]

I'm stuck in safe mode because that activation thingy ran out.

I can post some new hijack this logs from safe mode, it didn't before.

I do have my windows xp sp3 cd.

I'll go get that dial fix and combo thing done.

[FAR]

I ran that dial a fix. And I had some problems with it, an access violation @ 77c0154d module "version.dll" address 00000004. One for the Activex options (a bad image for \system32\acelpdex.ax not valid...) and one for the Explorer/IE/oe... (comcat.dll bad image). Also the MSI options were not tickable.

The combofix didn't seem like it wanted to run in safe mode. I first got a "cannot find a c:\programs" pop up. And then the combo box loaded, and it told me NIRCMDC not recognized. And then it said "access is denied" twice. And then a "cannot find 'ERUNT'..." pop up.

[screen317]

This is not looking good. There is severe damage here.

Please perform a repair-install of Windows (this is not the same as a format and reinstallation, as all of your personal data remains intact).

See this link for instructions:

http://michaelstevenstech.com/XPrepairinstall.htm

Let me know how it goes or if you have any questions.

-screen317

[FAR]

I guess the repair install did it's job.

I thought it wouldn't pull through when it kept on crashing on 34 minutes until I used the second from last method here: repair "install drivers" crash

I did a combofix and it didn't find any problems. I removed snagit since it wouldn't want to uninstall (I think it might have caused one or two problems)... I was able to reinstall mbam, and do a scan. It managed to clean some bugs.

I have one question... how in hell did someone make a new user account and give it administrator privileges? Because I'm sure I logged off my account... Best put a password on the Administrator safe mode account....

Thanks for the help.

[screen317]

Well the default Administrator account is always present on XP (but hidden), so it's visible in Safe Mode as you observed. It is meant for troubleshooting issues and it is not meant to be used by regular users. The password is blank by default, but if you do change it, make sure you have the password stored somewhere on paper and make sure you don't lose it.

Next, please use the Internet Explorer browser and click here to use the F-Secure Online Scanner.

• Click Start Scanning.
  
• You should get a notification bar (on top) to install the ActiveX control.
  
• Click on it and select to install the ActiveX.
  
• Once the ActiveX is installed, you should accept the License terms by clicking OK below to start the scan.
  
• In case you are having problems with installing the ActiveX/starting the scan, please read here.
  
• Click the Full System Scan button.
  
• It will start to download scanner components and databases. This can take a while.
  
• The main scan will start.
  
• Once the scan has finished scanning, click the Automatic cleaning (recommended) button
  
• It could be possible that your firewall gives an alert - allow it, because that's a connection you establish to submit infected files to F-Secure.
  
• The cleaning can take a while, so please be patient.
  
• Then click the Show report button and Copy/Paste what is present under results in your next reply.
  

Next, download my Security Check from here or here.

• Save it to your Desktop.
  
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  

Let me know how things are running now and what issues remain.

-screen317

[screen317]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!