Jump to content

themed32.dll infection error - lsass.exe userinit.exe explorer.exe unable to locate component


Recommended Posts

I have the exact same problem as a few other people and it occurred yesterday like everyone else, and did the exact same same things before it occurred.

Computer found some virus and popups, so ran some scans including malwayre bytes. All good, then restarted computer, and same error as you

lsass.exe - unable to locate component. The application has failed to start as themed32.dll was not found. Reinstalling the application may fix this problem.

userinit.exe. - unable to locate component. The application has failed to start as themed32.dll was not found. Reinstalling the application may fix this problem.

explorere.xe -unable to locate component. The application has failed to start as themed32.dll was not found. Reinstalling the application may fix this problem.

My explorer won't show, my desktop won't show, not even in safe mode, so i can even reinstall wahtever software i might have uninstalled to cause this. All i can do is open up taskmanager (it gives same error but still opens it) and browse the computer through it by clicking file run.

Can't run sfc /scannow either as computer gives error

Windows File Protection could not initiate a scan of protected system files.

The specific error code is 0x000006ba. [The RPC server is unavailable.

In task manager it shows lsass.exe and userinit.exe running, it just doesn't show explorer.exe running and that is the desktop.

SCANS

1) Have done the usual scans as requested on the sticky thread. Whilst the DDS was scanning, i kept constantly getting the unable to locate compenent, can't find themed32.dll error and the scan would not proceeed any further until i had clicked ok and acknowledged it.

2) Have 3 malware bytes log files as i did 3 scans, each time it kept finding something new and different. So have uploaded all from the first one before the problem and the two after the problem.

3) There seems to be somethign wrong with the dates of the malwarebytes log files, within a space of 10hours, the clock has gone from 9 of june, to 13th of june. But all the problems started yesterday night around 11pm BST.

Please help, and thanks for help. I get the feeling it will be a quick fix once figured out, but it seems to be a very new virus or new and rare system error problem.

Attach.txt

DDS.txt

mbam_log_2010_06_09__23_02_20_.txt

mbam_log_2010_06_11__19_14_14_.txt

mbam_log_2010_06_13__04_37_26_.txt

Link to post
Share on other sites

Hello ,

And :P My name is Elise and I'll be glad to help you with your computer problems.

I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications.

-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please download GMER from one of the following locations and save it to your desktop:

  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.

  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
    gmer_zip.gif
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.

-- If you encounter any problems, try running GMER in Safe Mode.

-------------------------------------------------------------

In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply

  • GMER log

Link to post
Share on other sites

thanks for the help

Here is the log file, hope there's nothing sesnsitive there that should not be public.

I think i should add, everytime i try to open antyhing i get the unable to locate error, themed32.dll is missing. But somethings still open, and other stuff doesnt, whilst other stuff opens and then crashs after the error. For instance internet explorer, won't open, but mozilla does even though both get the same missing error message.

What's the likelyhood its a registery problem?

GMER 1.0.15.15281 - http://www.gmer.net

Rootkit scan 2010-06-14 11:38:48

Windows 5.1.2600 Service Pack 3

Running: oebwzu2x.exe; Driver: C:\DOCUME~1\User\LOCALS~1\Temp\uwryrpow.sys

---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwAssignProcessToJobObject [0xA8748D82]

SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwCreateFile [0xA874948E]

SSDT BA7236FE ZwCreateKey

SSDT BA7236F4 ZwCreateThread

SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwDeleteFile [0xA87495DA]

SSDT BA723703 ZwDeleteKey

SSDT BA72370D ZwDeleteValueKey

SSDT BA723712 ZwLoadKey

SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwOpenFile [0xA874953E]

SSDT BA7236E0 ZwOpenProcess

SSDT BA7236E5 ZwOpenThread

SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwProtectVirtualMemory [0xA87491EA]

SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwQueryValueKey [0xA874CE5E]

SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwRenameKey [0xA874CDC8]

SSDT BA72371C ZwReplaceKey

SSDT BA723717 ZwRestoreKey

SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwSetContextThread [0xA8748D30]

SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwSetInformationFile [0xA874963A]

SSDT BA723708 ZwSetValueKey

SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwSuspendThread [0xA8748CD4]

SSDT BA7236EF ZwTerminateProcess

SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwTerminateThread [0xA8748C78]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2DF4 80504690 4 Bytes JMP ECA87491

.rsrc C:\WINDOWS\system32\DRIVERS\ssmdrv.sys entry point in ".rsrc" section [0xBA37CC14]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\wuauclt.exe[1116] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 008B000A

.text C:\WINDOWS\system32\wuauclt.exe[1116] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 008C000A

.text C:\WINDOWS\system32\wuauclt.exe[1116] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 003F000C

.text C:\WINDOWS\System32\svchost.exe[1248] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0089000A

.text C:\WINDOWS\System32\svchost.exe[1248] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 008A000A

.text C:\WINDOWS\System32\svchost.exe[1248] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 007B000C

.text C:\WINDOWS\System32\svchost.exe[1248] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00DF000A

.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[2812] ntdll.dll!KiUserApcDispatcher 7C90E450 5 Bytes JMP 00412220 C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (RapportMgmtService/Trusteer Ltd.)

.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[2812] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716B001E

.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[2812] USER32.dll!GetGUIThreadInfo + FB 7E428023 6 Bytes JMP 716E001E

.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[2812] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 71650022

.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[2812] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 71680022

.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[2944] ntdll.dll!KiUserApcDispatcher 7C90E450 5 Bytes JMP 004394A0 C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (RapportService/Trusteer Ltd.)

.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[2944] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716B001E

.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[2944] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 71680022

.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[2944] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 716E0022

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device -> \Driver\atapi \Device\Harddisk0\DR0 89DA1EC5

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x82 0x1A 0xC7 0x1D ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE0 0x0B 0x5B 0x7C ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x78 0x62 0x6D 0xED ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x5B 0xE2 0x59 0x6C ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x5B 0xE2 0x59 0x6C ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0x5B 0xE2 0x59 0x6C ...

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x82 0x1A 0xC7 0x1D ...

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE0 0x0B 0x5B 0x7C ...

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x78 0x62 0x6D 0xED ...

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x5B 0xE2 0x59 0x6C ...

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x5B 0xE2 0x59 0x6C ...

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0x5B 0xE2 0x59 0x6C ...

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG10.00.00.01WORKSTATION 53059C7365FA5E60BFEA62D4EA3A4F1E787BC0A9A6B0DBD1411631CFA83CC89FE05680FB847B1E30

94C6BEE1E98D00A3D1A00B610F4EE104541321CBE4327C55FDAAC1B6A5301E2F0BB8E85C2430C663

0

FD94C0F0195103E47F735BC17D9724DB976A282CBA94BB926573EC9A324B8B5C9FDA001AA9DCB73E

8

FCE7FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BEC

C

74CFEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3D8EDD5E5BE2F6E6675D575E7D6A3B9

8

08710942DB2687D7A3F8392E0A7195FB655D6AEC9822B34601E201AA6F3F878AAD490BE8038039E3

D

C7528C67BC7050448BD3F5A39A81A12DFB60B8F1A874A9A7115EEA99AC18D0BB725243C3FE751412

B

C5AACDD48798A925841BF7F60AE9EFD536369FF31815BD89B0D4BA729A40033C881B2774C2495C7C

E

782119D2275FC24EEB66A52D8F3ADD623B471A6CE2ADEDE79CDC497FD5B40C6DFE78B974E11F5596

6

1AACEDFA6153DB6F1415DF93FCABAA73D70C2F858F2E994DC01EE4B17356A629DC0CF1992B6985E8

1

35D171FB9866CB1216621C5BEC3BB785C817913E6DBF325523480F6B0EEF748AA043949F4CFA2D86

4

40C7D05061AA0B5BF3BA5D4C0958AE20D3AC75662708A825C9A80FD8AA01EB3389715CC3AC9791B0

B

6859F1623A27E409C7C1D5318C18B21F23913A2FE6E54EF37DFC

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{05962EB7-D710-1DBF-C301-BD340B66075C}

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{57361BAA-24AA-C7C5-DDD1-83F6003BE5B1}

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{57361BAA-24AA-C7C5-DDD1-83F6003BE5B1}@jahaoejnklaebgbbacop 0x6B 0x61 0x62 0x6A ...

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{57361BAA-24AA-C7C5-DDD1-83F6003BE5B1}@iafbmlhadgalpieiap 0x6B 0x61 0x61 0x6A ...

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\DRIVERS\ssmdrv.sys suspicious modification

File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----

Link to post
Share on other sites

Hello there,

You have a nasty rootkit on board. Before starting the cleanup, please read the following information.

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.

  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.

COMBOFIX

---------------

Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Link to post
Share on other sites

Ran the combofix program, it found a rootkit and said it had to restart, clicked ok, but it would not restart so i had to manually shut down and restart computer.

Then ran it again, it gave me a million of those "unable to locate component" due to not finding themed32.dll, from findstr.exe to many others. And until i acknowledged it the combofix scan would not continue. So kept clicking them through. Scan finished, and on the blue screen it kept saying unable to locate log this and log that. But this notepad window did in the end pop up with what seems like the log you were asking for.

Here it is.

ComboFix 10-06-13.01 - User 15/06/2010 12:20:52.6.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2037.1502 [GMT 1:00]

Running from: F:\ComboFix.exe

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\User\Application Data\6BD1BEE02E02E4EAAC52F178F95EE573

c:\documents and settings\User\Application Data\6BD1BEE02E02E4EAAC52F178F95EE573\enemies-names.txt

c:\documents and settings\User\Local Settings\Application Data\{BF3D988B-8A98-4F68-B6B9-53EFF5C46C24}

c:\documents and settings\User\Local Settings\Application Data\{BF3D988B-8A98-4F68-B6B9-53EFF5C46C24}\chrome.manifest

c:\documents and settings\User\Local Settings\Application Data\{BF3D988B-8A98-4F68-B6B9-53EFF5C46C24}\chrome\content\_cfg.js

c:\documents and settings\User\Local Settings\Application Data\{BF3D988B-8A98-4F68-B6B9-53EFF5C46C24}\chrome\content\overlay.xul

c:\documents and settings\User\Local Settings\Application Data\{BF3D988B-8A98-4F68-B6B9-53EFF5C46C24}\install.rdf

c:\windows\system32\jodvou

.

((((((((((((((((((((((((( Files Created from 2010-05-15 to 2010-06-15 )))))))))))))))))))))))))))))))

.

2010-06-13 07:23 . 2010-06-13 07:23 61952 ----a-w- c:\windows\system32\PxSecure.dll

2010-06-13 07:23 . 2010-06-13 07:23 61624 ----a-w- c:\windows\system32\drivers\pxrts.sys

2010-06-13 07:23 . 2010-06-13 07:23 30320 ----a-w- c:\windows\system32\drivers\pxscan.sys

2010-06-13 07:23 . 2010-06-13 07:23 24400 ----a-w- c:\windows\system32\drivers\pxkbf.sys

2010-06-13 07:22 . 2010-06-13 08:19 -------- d-----w- c:\documents and settings\All Users\Application Data\PrevxCSI

2010-06-13 06:48 . 2004-08-04 02:56 385536 ----a-w- c:\windows\system32\THEMEd32.DLL

2010-06-13 04:21 . 2010-06-13 04:21 -------- d-----w- c:\windows\system32\wbem\Repository

2010-06-13 01:59 . 2010-06-13 04:20 -------- d-----w- c:\program files\Azureus(2)

2010-06-12 08:15 . 2010-06-12 16:28 -------- d-----w- C:\ErdUndoCache

2010-06-11 23:07 . 2010-06-11 23:07 -------- d-----w- C:\found.000

2010-06-11 21:40 . 2010-06-11 21:40 -------- d-----w- c:\documents and settings\Vostro77\Application Data\Trusteer

2010-06-11 17:26 . 2010-06-11 17:26 -------- d-----w- c:\documents and settings\LocalService\Application Data\Azureus

2010-06-11 16:34 . 2010-06-11 19:53 120 ----a-w- c:\windows\Omonum.dat

2010-06-11 16:34 . 2010-06-11 16:34 0 ----a-w- c:\windows\Jdejebopevubeq.bin

2010-06-11 13:26 . 2010-06-11 13:26 -------- d-----w- C:\spoolerlogs

2010-06-10 08:23 . 2010-06-10 08:23 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll

2010-06-10 08:23 . 2010-06-10 08:21 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll

2010-06-10 08:23 . 2010-06-10 08:21 895256 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe

2010-06-10 08:23 . 2009-11-30 14:36 530625 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivX7\DivX Web Player\DivXWebPlayerUninstall.exe

2010-06-10 08:23 . 2009-11-30 14:36 530625 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivX7\DivX Plus DirectShow Filters\DivXDSFiltersUninstall.exe

2010-06-10 08:23 . 2009-11-30 14:35 530625 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivX7\DivX Converter\DivXConverterUninstall.exe

2010-06-10 08:23 . 2010-06-10 08:23 57715 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe

2010-06-10 08:23 . 2010-06-10 08:23 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe

2010-06-10 08:23 . 2010-06-10 08:23 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe

2010-06-10 08:23 . 2010-06-10 08:23 84062 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe

2010-06-10 08:21 . 2010-06-10 08:23 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX

2010-06-07 17:07 . 2010-06-07 17:07 434176 ----a-w- c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\17053\RapportMS.dll

2010-06-05 19:02 . 2009-01-16 07:19 1731736 ----a-w- c:\documents and settings\User\Application Data\Leadertech\PowerRegister\Seagate 2GH2YNJG Product Registration.exe

2010-06-05 19:01 . 2010-06-05 19:01 -------- d-----w- c:\documents and settings\User\Application Data\Leadertech

2010-05-26 16:08 . 2010-05-26 16:08 -------- d-----w- c:\program files\Advanced File Organizer

2010-05-26 13:25 . 2010-05-26 13:25 -------- d-----w- c:\program files\uTorrent

2010-05-25 22:11 . 2010-05-25 22:13 -------- d-----w- C:\1121aa01e2dca97d337f

2010-05-23 16:32 . 2010-05-23 16:32 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Temp

2010-05-23 16:32 . 2010-05-23 16:32 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google

2010-05-23 16:27 . 2010-05-23 16:27 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google

2010-05-23 15:03 . 2010-05-24 17:45 -------- d-----w- c:\program files\Google

2010-05-18 15:15 . 2010-05-18 15:15 -------- d-----w- c:\program files\CDisplay

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-06-13 04:20 . 2008-01-31 00:42 -------- d-----w- c:\documents and settings\User\Application Data\Azureus

2010-06-12 16:28 . 2009-10-09 19:27 -------- d-----w- c:\documents and settings\All Users\Application Data\pdf995

2010-06-11 21:30 . 2009-12-10 12:07 -------- d-----w- c:\program files\PeerBlock

2010-06-11 19:48 . 2009-12-16 18:18 -------- d-----w- c:\documents and settings\User\Application Data\vlc

2010-06-11 16:57 . 2009-04-07 18:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-06-11 16:55 . 2008-01-31 02:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2010-06-11 16:55 . 2008-12-13 07:56 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2010-06-11 16:55 . 2008-01-31 02:00 -------- d-----w- c:\program files\SpywareBlaster

2010-06-11 16:53 . 2008-04-07 20:20 -------- d-----w- c:\documents and settings\User\Application Data\Media Player Classic

2010-06-11 16:53 . 2008-03-14 03:38 -------- d-----w- c:\program files\CCleaner

2010-06-10 08:23 . 2009-11-30 14:35 -------- d-----w- c:\program files\DivX

2010-06-10 08:23 . 2009-11-30 14:35 -------- d-----w- c:\program files\Common Files\DivX Shared

2010-06-07 20:25 . 2009-09-11 04:04 -------- d-----w- c:\program files\2 Pic

2010-06-04 19:04 . 2009-10-12 22:03 -------- d-----w- c:\program files\Microsoft Silverlight

2010-05-26 13:25 . 2009-10-26 14:04 -------- d-----w- c:\documents and settings\User\Application Data\uTorrent

2010-05-22 07:47 . 2008-03-04 09:47 -------- d-----w- c:\documents and settings\User\Application Data\dvdcss

2010-05-18 06:00 . 2008-03-16 02:12 -------- d-----w- c:\documents and settings\User\Application Data\U3

2010-05-04 17:20 . 2006-03-04 03:33 832512 ----a-w- c:\windows\system32\wininet.dll

2010-05-04 17:20 . 2004-08-04 10:00 78336 ----a-w- c:\windows\system32\ieencode.dll

2010-05-04 17:20 . 2004-08-04 10:00 17408 ------w- c:\windows\system32\corpol.dll

2010-04-29 14:39 . 2009-04-07 18:43 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-04-29 14:39 . 2009-04-07 18:43 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-04-27 18:40 . 2009-02-03 00:27 45648 ----a-w- c:\windows\system32\drivers\PxHelp20.sys

2010-04-27 18:40 . 2009-02-03 00:27 133616 ------w- c:\windows\system32\pxafs.dll

2010-04-27 18:40 . 2009-02-03 00:27 126448 ------w- c:\windows\system32\pxinsi64.exe

2010-04-27 18:40 . 2009-02-03 00:27 123888 ------w- c:\windows\system32\pxcpyi64.exe

2010-04-25 01:49 . 2008-01-31 02:17 -------- d-----w- c:\program files\Spybot - Search & Destroy

2010-04-25 01:39 . 2010-04-25 01:39 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Azureus

2010-04-11 20:49 . 2010-04-11 20:48 26582 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{B8672913-A995-4C4A-AA0F-DE5D83549FA0}\Project64.exe1_B797CA9398E846EAA83635BE088145CE.exe

2010-04-11 20:49 . 2010-04-11 20:48 26582 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{B8672913-A995-4C4A-AA0F-DE5D83549FA0}\Project64.exe_7FDC4F26BA404AD0BE57AC3D01EAD3E0.exe

2010-04-11 20:49 . 2010-04-11 20:48 26582 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{B8672913-A995-4C4A-AA0F-DE5D83549FA0}\ARPPRODUCTICON.exe

2010-04-11 20:49 . 2010-04-11 20:48 25214 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{B8672913-A995-4C4A-AA0F-DE5D83549FA0}\UNINST_Uninstall_P_156F75ED3AC34F899F4E49E7BCF228E8.exe

2010-04-11 20:49 . 2010-04-11 20:48 24942 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{B8672913-A995-4C4A-AA0F-DE5D83549FA0}\Project64.chm_FC8E88CE0FC0416A8DCED87702F81733.exe

2010-04-11 20:49 . 2010-04-11 20:48 24942 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{B8672913-A995-4C4A-AA0F-DE5D83549FA0}\PJgameFAQ.chm_4CFA8D737AA64B3EB46FBE36D300F34E.exe

2010-04-11 20:49 . 2010-04-11 20:48 1150 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{B8672913-A995-4C4A-AA0F-DE5D83549FA0}\evoodoo.cpl_218B97DFEF7B43DBB14A0C45C482ABEE.exe

2010-04-10 14:44 . 2010-04-10 14:44 8854 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\Uninstall_Project64__9559F7CA5E344237A2D9D856464AD727.exe

2010-04-10 14:44 . 2010-04-10 14:44 40960 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe

2010-04-10 14:44 . 2010-04-10 14:44 40960 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe

2010-03-29 21:55 . 2010-03-29 21:55 1956656 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe

2006-05-03 10:06 . 2009-05-26 04:45 163328 --sh--r- c:\windows\system32\flvDX.dll

2007-02-21 11:47 . 2009-05-26 04:45 31232 --sh--r- c:\windows\system32\msfDX.dll

2008-03-16 13:30 . 2009-05-26 04:45 216064 --sh--r- c:\windows\system32\nbDX.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2009-09-28 1524824]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"SpybotDeletingD3469"="del" [X]

"SpybotDeletingD5468"="del" [X]

"SpybotDeletingB7600"="command.com" [2004-08-04 50620]

"SpybotDeletingB9754"="command.com" [2004-08-04 50620]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\User\Start Menu\Programs\Startup\

Wallpaper Changer.lnk - c:\program files\WallpaperToy\Wallpapertoy.Exe [2008-6-25 110592]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office OneNote 2003 Quick Launch.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office OneNote 2003 Quick Launch.lnk

backup=c:\windows\pss\Microsoft Office OneNote 2003 Quick Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^Microsoft Office OneNote 2003 Quick Launch.lnk]

path=c:\documents and settings\User\Start Menu\Programs\Startup\Microsoft Office OneNote 2003 Quick Launch.lnk

backup=c:\windows\pss\Microsoft Office OneNote 2003 Quick Launch.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]

2007-05-11 05:46 624248 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

2005-05-04 02:43 69632 ----a-w- c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2007-04-17 03:51 162584 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2007-04-17 03:51 142104 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]

2004-08-04 10:00 208952 ----a-w- c:\windows\ime\IMJP8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]

2007-05-11 02:08 2512392 ----a-w- c:\windows\system32\oodtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]

2005-06-20 12:32 127118 ------w- c:\program files\CyberLink\PowerCinema\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]

2006-10-21 01:23 118784 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]

2007-04-17 03:51 138008 ----a-w- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]

2004-08-04 10:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]

2004-08-04 10:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

2007-04-26 22:27 16132608 ----a-w- c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2008-12-01 12:29 136600 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"WMPNetworkSvc"=3 (0x3)

"WLSetupSvc"=3 (0x3)

"usnjsvc"=3 (0x3)

"SSScsiSV"=3 (0x3)

"SPTISRV"=3 (0x3)

"SonicStage Back-End Service"=3 (0x3)

"PACSPTISVR"=3 (0x3)

"ose"=3 (0x3)

"MSCSPTISRV"=3 (0x3)

"KSD2Service"=2 (0x2)

"JavaQuickStarterService"=2 (0x2)

"iPod Service"=3 (0x3)

"idsvc"=3 (0x3)

"IDriverT"=3 (0x3)

"FLEXnet Licensing Service"=3 (0x3)

"dlbt_device"=3 (0x3)

"CyberLink Media Library Service"=2 (0x2)

"CLSched"=2 (0x2)

"CLCapSvc"=2 (0x2)

"Apple Mobile Device"=2 (0x2)

"O&O Defrag"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=

"c:\\Program Files\\SopCast\\SopCast.exe"=

"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=

"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

"c:\\Program Files\\uTorrent\\utorrent.exe"=

"c:\\WINDOWS\\system32\\spoolsv.exe"=

R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [13/06/2010 08:23 30320]

R1 RapportKELL;RapportKELL;c:\program files\Trusteer\Rapport\bin\RapportKELL.sys [15/03/2010 14:47 58984]

R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [15/03/2010 14:47 116328]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [18/05/2009 22:35 108289]

R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [15/03/2010 14:47 779496]

R3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [13/06/2010 08:23 24400]

R3 XPAD;XBox Controllers USB HID Mini Driver;c:\windows\system32\drivers\Xpad.sys [01/02/2008 06:05 12800]

S2 CSIScanner;CSIScanner;"c:\program files\Prevx\prevx.exe" /service --> c:\program files\Prevx\prevx.exe [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [23/05/2010 17:27 135664]

S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [26/05/2008 07:37 16512]

S3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [10/12/2009 13:07 14424]

S3 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [13/06/2010 08:23 61624]

S3 XID;XBox Controller HID Minidriver, XID;c:\windows\system32\drivers\xid.sys [01/02/2008 04:58 7597]

S3 xpvcom;XPVCOM Port;c:\windows\system32\drivers\XPVCOM.sys [23/03/2007 03:00 30032]

S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [24/07/2008 07:18 717296]

.

Contents of the 'Scheduled Tasks' folder

2010-06-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-23 16:27]

2010-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-23 16:27]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.argos.co.uk/static/Product/partNumber/7000814/c_1/1%7Ccat_12107492%7CDIY%20tools%20and%20equipment%7C12107545/Trail/searchtext%3EFURNISHINGS.htm?storeId=10001&referredURL=http%3A%2F%2Fwww.argos.co.uk%2Fstatic%2FProduct%2FpartNumber%2F7000814%2Fc_1%2F1%7Ccat_12107492%7CDIY+tools+and+equipment%7C12107545%2FTrail%2Fsearchtext%3EFURNISHINGS.htm&jspStoreDir=argos&referrer=COJUN&cmpid=COJUN

uInternet Connection Wizard,ShellNext = iexplore

IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

.

- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-BrMfcWnd - c:\program files\Brother\Brmfcmon\BrMfcWnd.exe

MSConfigStartUp-ControlCenter3 - c:\program files\Brother\ControlCenter3\brctrcen.exe

MSConfigStartUp-IndexSearch - c:\program files\ScanSoft\PaperPort\IndexSearch.exe

MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe

MSConfigStartUp-PaperPort PTD - c:\program files\ScanSoft\PaperPort\pptd40nt.exe

MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\qttask.exe

MSConfigStartUp-SSBkgdUpdate - c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe

AddRemove-HijackThis - c:\docume~1\User\LOCALS~1\Temp\Rar$EX00.844\HijackThis.exe

AddRemove-mIRC - c:\documents and settings\User\Desktop\SYSRESET\mirc.exe

AddRemove-Mozilla Firefox (3.6.3) - c:\program files\Mozilla Firefox\uninstall\helper.exe

AddRemove-PCSI - c:\program files\Prevx\prevx.exe

AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe

**************************************************************************

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files:

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1454471165-1085031214-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{05962EB7-D710-1DBF-C301-BD340B66075C}*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1454471165-1085031214-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{57361BAA-24AA-C7C5-DDD1-83F6003BE5B1}*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

"jahaoejnklaebgbbacop"=hex:6b,61,62,6a,62,63,64,6f,6c,66,70,62,61,66,68,67,68,

6f,66,6f,62,6c,00,00

"iafbmlhadgalpieiap"=hex:6b,61,61,6a,6f,67,65,70,6d,6c,68,67,6e,68,6d,63,65,61,

66,6b,62,68,00,7c

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]

"OODEFRAG10.00.00.01WORKSTATION"="53059C7365FA5E60BFEA62D4EA3A4F1E787BC0A9A6B0DBD1411631CFA83CC89FE05680FB847

B1E3094C6BEE1E98D00A3D1A00B610F4EE104541321CBE4327C55FDAAC1B6A5301E2F0BB8E85C243

0

C6630FD94C0F0195103E47F735BC17D9724DB976A282CBA94BB926573EC9A324B8B5C9FDA001AA9D

C

B73E8FCE7FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E1

2

7BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3D8EDD5E5BE2F6E6675D575E7D

6

A3B9808710942DB2687D7A3F8392E0A7195FB655D6AEC9822B34601E201AA6F3F878AAD490BE8038

0

39E3DC7528C67BC7050448BD3F5A39A81A12DFB60B8F1A874A9A7115EEA99AC18D0BB725243C3FE7

5

1412BC5AACDD48798A925841BF7F60AE9EFD536369FF31815BD89B0D4BA729A40033C881B2774C24

9

5C7CE782119D2275FC24EEB66A52D8F3ADD623B471A6CE2ADEDE79CDC497FD5B40C6DFE78B974E11

F

559661AACEDFA6153DB6F1415DF93FCABAA73D70C2F858F2E994DC01EE4B17356A629DC0CF1992B6

9

85E8135D171FB9866CB1216621C5BEC3BB785C817913E6DBF325523480F6B0EEF748AA043949F4CF

A

2D86440C7D05061AA0B5BF3BA5D4C0958AE20D3AC75662708A825C9A80FD8AA01EB3389715CC3AC9

7

91B0B6859F1623A27E409C7C1D5318C18B21F23913A2FE6E54EF37DFC12B8FE5812710270CCB3553

A

C0045EE99170FE2D491C6359723F908E052C14A01AD36AD2F5AC863FA090EA0BA0009723B5E195D4

E

3C90D607BF8B1D42E6A6D83B0412BCD5BBAF70E67B3E758CB7A6EBF5700B59A1BC21526E72E82F8D

0

DE52A35FDD713141016FA6D691CEBE7F0603161A3FB306202C9CB7D4707F7BCF784CF59FC01656B6

F

D0A05227C258F9C8FC11B96345EF02CEE45A0BE0A5E1AC3089D1B5F7CA1DC2C7BAF47D2190405031

4

74B5FB207DCDB3ACC8D8D73C20C1F910528FBF7B6D46458AFFE78D526DA60708D92D4A3256C292DE

0

66A448A3CB39CB8341031D885E7EB6933AF1DAEA18009EA30F43E0C6480D6985570E3E4FA685E21C

0

043184B3D244BC994BED489986A2B5EDC7524D5510B7F214B3244125A6FAEE7B95CAFCB2B4C543EF

0

D3806E3240D71A0DDCBE03180B5620209761FD53495903380E3D99144F605D28CC2D4C6D84B9B3A2

8

B14C0E2D92973A4EB2EE3B7C9E30DBA40B10C98EDD51905E7BD1A091E3A8F15BA9E452DA7870D9F0

0

58DF5F08A22BF1FB8C3A8D48ECE64409A991F5591913D146688C2609D2E4C8C8204BD203BC86846E

6

603FAE633BF1B377BB0D864E5A938AC13D52FF5C3F6CEDEDC46541BAE4C8CEA67061DB187A2AF9D5

4

3A0D5307419D1452A4DFCBE243D0FE7536571746AB18664FA9E5F921909C8965B29F9E374D47C2EE

3

F80C90F4CE40B6843019F295A287B"

.

Completion time: 2010-06-15 12:30:27

ComboFix-quarantined-files.txt 2010-06-15 11:30

ComboFix2.txt 2009-04-21 10:39

Pre-Run: 454,469,832,704 bytes free

Post-Run: 454,714,773,504 bytes free

- - End Of File - - 6BBF7FB354958C8DE06E6CD716DFA127

Link to post
Share on other sites

Hello again,

Don't worry about Spybot, it shows only some entries that indicate it wants to remove some files on startup. We will remove those entries with the next script.

CF-SCRIPT

-------------

We need to execute a CF-script.

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click Start > Run and in the box that opens type notepad and press enter. Copy/paste the text in the codebox below into it:

TDL::
C:\WINDOWS\system32\DRIVERS\ssmdrv.sys

File::
c:\windows\Omonum.dat
c:\windows\Jdejebopevubeq.bin

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingD3469"=-
"SpybotDeletingD5468"=-
"SpybotDeletingB7600"=-
"SpybotDeletingB9754"=-

RegNull::
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
[HKEY_USERS\S-1-5-21-1454471165-1085031214-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{05962EB7-D710-1DBF-C301-BD340B66075C}*]
[HKEY_USERS\S-1-5-21-1454471165-1085031214-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{57361BAA-24AA-C7C5-DDD1-83F6003BE5B1}*]

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Link to post
Share on other sites

Heres the log, it set of the errors as usual.

ComboFix 10-06-13.01 - User 16/06/2010 8:51.7.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2037.1606 [GMT 1:00]

Running from: F:\ComboFix.exe

Command switches used :: F:\CFScript.txt

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

* Created a new restore point

FILE ::

"c:\windows\Jdejebopevubeq.bin"

"c:\windows\Omonum.dat"

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\Jdejebopevubeq.bin

c:\windows\Omonum.dat

.

((((((((((((((((((((((((( Files Created from 2010-05-16 to 2010-06-16 )))))))))))))))))))))))))))))))

.

2010-06-13 07:23 . 2010-06-13 07:23 61952 ----a-w- c:\windows\system32\PxSecure.dll

2010-06-13 07:23 . 2010-06-13 07:23 61624 ----a-w- c:\windows\system32\drivers\pxrts.sys

2010-06-13 07:23 . 2010-06-13 07:23 30320 ----a-w- c:\windows\system32\drivers\pxscan.sys

2010-06-13 07:23 . 2010-06-13 07:23 24400 ----a-w- c:\windows\system32\drivers\pxkbf.sys

2010-06-13 07:22 . 2010-06-13 08:19 -------- d-----w- c:\documents and settings\All Users\Application Data\PrevxCSI

2010-06-13 06:48 . 2004-08-04 02:56 385536 ----a-w- c:\windows\system32\THEMEd32.DLL

2010-06-13 04:21 . 2010-06-13 04:21 -------- d-----w- c:\windows\system32\wbem\Repository

2010-06-13 01:59 . 2010-06-13 04:20 -------- d-----w- c:\program files\Azureus(2)

2010-06-12 08:15 . 2010-06-12 16:28 -------- d-----w- C:\ErdUndoCache

2010-06-11 23:07 . 2010-06-11 23:07 -------- d-----w- C:\found.000

2010-06-11 21:40 . 2010-06-11 21:40 -------- d-----w- c:\documents and settings\Vostro77\Application Data\Trusteer

2010-06-11 17:26 . 2010-06-11 17:26 -------- d-----w- c:\documents and settings\LocalService\Application Data\Azureus

2010-06-11 13:26 . 2010-06-11 13:26 -------- d-----w- C:\spoolerlogs

2010-06-10 08:23 . 2010-06-10 08:23 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll

2010-06-10 08:23 . 2010-06-10 08:21 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll

2010-06-10 08:23 . 2010-06-10 08:21 895256 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe

2010-06-10 08:23 . 2009-11-30 14:36 530625 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivX7\DivX Web Player\DivXWebPlayerUninstall.exe

2010-06-10 08:23 . 2009-11-30 14:36 530625 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivX7\DivX Plus DirectShow Filters\DivXDSFiltersUninstall.exe

2010-06-10 08:23 . 2009-11-30 14:35 530625 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivX7\DivX Converter\DivXConverterUninstall.exe

2010-06-10 08:23 . 2010-06-10 08:23 57715 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe

2010-06-10 08:23 . 2010-06-10 08:23 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe

2010-06-10 08:23 . 2010-06-10 08:23 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe

2010-06-10 08:23 . 2010-06-10 08:23 84062 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe

2010-06-10 08:21 . 2010-06-10 08:23 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX

2010-06-07 17:07 . 2010-06-07 17:07 434176 ----a-w- c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\17053\RapportMS.dll

2010-06-05 19:02 . 2009-01-16 07:19 1731736 ----a-w- c:\documents and settings\User\Application Data\Leadertech\PowerRegister\Seagate 2GH2YNJG Product Registration.exe

2010-06-05 19:01 . 2010-06-05 19:01 -------- d-----w- c:\documents and settings\User\Application Data\Leadertech

2010-05-26 16:08 . 2010-05-26 16:08 -------- d-----w- c:\program files\Advanced File Organizer

2010-05-26 13:25 . 2010-05-26 13:25 -------- d-----w- c:\program files\uTorrent

2010-05-25 22:11 . 2010-05-25 22:13 -------- d-----w- C:\1121aa01e2dca97d337f

2010-05-23 16:32 . 2010-05-23 16:32 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Temp

2010-05-23 16:32 . 2010-05-23 16:32 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google

2010-05-23 16:27 . 2010-05-23 16:27 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google

2010-05-23 15:03 . 2010-05-24 17:45 -------- d-----w- c:\program files\Google

2010-05-18 15:15 . 2010-05-18 15:15 -------- d-----w- c:\program files\CDisplay

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-06-13 04:20 . 2008-01-31 00:42 -------- d-----w- c:\documents and settings\User\Application Data\Azureus

2010-06-12 16:28 . 2009-10-09 19:27 -------- d-----w- c:\documents and settings\All Users\Application Data\pdf995

2010-06-11 21:30 . 2009-12-10 12:07 -------- d-----w- c:\program files\PeerBlock

2010-06-11 19:48 . 2009-12-16 18:18 -------- d-----w- c:\documents and settings\User\Application Data\vlc

2010-06-11 16:57 . 2009-04-07 18:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-06-11 16:55 . 2008-01-31 02:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2010-06-11 16:55 . 2008-12-13 07:56 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2010-06-11 16:55 . 2008-01-31 02:00 -------- d-----w- c:\program files\SpywareBlaster

2010-06-11 16:53 . 2008-04-07 20:20 -------- d-----w- c:\documents and settings\User\Application Data\Media Player Classic

2010-06-11 16:53 . 2008-03-14 03:38 -------- d-----w- c:\program files\CCleaner

2010-06-10 08:23 . 2009-11-30 14:35 -------- d-----w- c:\program files\DivX

2010-06-10 08:23 . 2009-11-30 14:35 -------- d-----w- c:\program files\Common Files\DivX Shared

2010-06-07 20:25 . 2009-09-11 04:04 -------- d-----w- c:\program files\2 Pic

2010-06-04 19:04 . 2009-10-12 22:03 -------- d-----w- c:\program files\Microsoft Silverlight

2010-05-26 13:25 . 2009-10-26 14:04 -------- d-----w- c:\documents and settings\User\Application Data\uTorrent

2010-05-22 07:47 . 2008-03-04 09:47 -------- d-----w- c:\documents and settings\User\Application Data\dvdcss

2010-05-18 06:00 . 2008-03-16 02:12 -------- d-----w- c:\documents and settings\User\Application Data\U3

2010-05-04 17:20 . 2006-03-04 03:33 832512 ----a-w- c:\windows\system32\wininet.dll

2010-05-04 17:20 . 2004-08-04 10:00 78336 ----a-w- c:\windows\system32\ieencode.dll

2010-05-04 17:20 . 2004-08-04 10:00 17408 ------w- c:\windows\system32\corpol.dll

2010-04-29 14:39 . 2009-04-07 18:43 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-04-29 14:39 . 2009-04-07 18:43 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-04-27 18:40 . 2009-02-03 00:27 45648 ----a-w- c:\windows\system32\drivers\PxHelp20.sys

2010-04-27 18:40 . 2009-02-03 00:27 133616 ------w- c:\windows\system32\pxafs.dll

2010-04-27 18:40 . 2009-02-03 00:27 126448 ------w- c:\windows\system32\pxinsi64.exe

2010-04-27 18:40 . 2009-02-03 00:27 123888 ------w- c:\windows\system32\pxcpyi64.exe

2010-04-25 01:49 . 2008-01-31 02:17 -------- d-----w- c:\program files\Spybot - Search & Destroy

2010-04-25 01:39 . 2010-04-25 01:39 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Azureus

2010-04-11 20:49 . 2010-04-11 20:48 26582 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{B8672913-A995-4C4A-AA0F-DE5D83549FA0}\Project64.exe1_B797CA9398E846EAA83635BE088145CE.exe

2010-04-11 20:49 . 2010-04-11 20:48 26582 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{B8672913-A995-4C4A-AA0F-DE5D83549FA0}\Project64.exe_7FDC4F26BA404AD0BE57AC3D01EAD3E0.exe

2010-04-11 20:49 . 2010-04-11 20:48 26582 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{B8672913-A995-4C4A-AA0F-DE5D83549FA0}\ARPPRODUCTICON.exe

2010-04-11 20:49 . 2010-04-11 20:48 25214 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{B8672913-A995-4C4A-AA0F-DE5D83549FA0}\UNINST_Uninstall_P_156F75ED3AC34F899F4E49E7BCF228E8.exe

2010-04-11 20:49 . 2010-04-11 20:48 24942 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{B8672913-A995-4C4A-AA0F-DE5D83549FA0}\Project64.chm_FC8E88CE0FC0416A8DCED87702F81733.exe

2010-04-11 20:49 . 2010-04-11 20:48 24942 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{B8672913-A995-4C4A-AA0F-DE5D83549FA0}\PJgameFAQ.chm_4CFA8D737AA64B3EB46FBE36D300F34E.exe

2010-04-11 20:49 . 2010-04-11 20:48 1150 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{B8672913-A995-4C4A-AA0F-DE5D83549FA0}\evoodoo.cpl_218B97DFEF7B43DBB14A0C45C482ABEE.exe

2010-04-10 14:44 . 2010-04-10 14:44 8854 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\Uninstall_Project64__9559F7CA5E344237A2D9D856464AD727.exe

2010-04-10 14:44 . 2010-04-10 14:44 40960 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe

2010-04-10 14:44 . 2010-04-10 14:44 40960 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe

2010-03-29 21:55 . 2010-03-29 21:55 1956656 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe

2006-05-03 10:06 . 2009-05-26 04:45 163328 --sh--r- c:\windows\system32\flvDX.dll

2007-02-21 11:47 . 2009-05-26 04:45 31232 --sh--r- c:\windows\system32\msfDX.dll

2008-03-16 13:30 . 2009-05-26 04:45 216064 --sh--r- c:\windows\system32\nbDX.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2009-09-28 1524824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\User\Start Menu\Programs\Startup\

Wallpaper Changer.lnk - c:\program files\WallpaperToy\Wallpapertoy.Exe [2008-6-25 110592]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office OneNote 2003 Quick Launch.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office OneNote 2003 Quick Launch.lnk

backup=c:\windows\pss\Microsoft Office OneNote 2003 Quick Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^Microsoft Office OneNote 2003 Quick Launch.lnk]

path=c:\documents and settings\User\Start Menu\Programs\Startup\Microsoft Office OneNote 2003 Quick Launch.lnk

backup=c:\windows\pss\Microsoft Office OneNote 2003 Quick Launch.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]

2007-05-11 05:46 624248 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

2005-05-04 02:43 69632 ----a-w- c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2007-04-17 03:51 162584 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2007-04-17 03:51 142104 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]

2004-08-04 10:00 208952 ----a-w- c:\windows\ime\IMJP8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]

2007-05-11 02:08 2512392 ----a-w- c:\windows\system32\oodtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]

2005-06-20 12:32 127118 ------w- c:\program files\CyberLink\PowerCinema\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]

2006-10-21 01:23 118784 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]

2007-04-17 03:51 138008 ----a-w- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]

2004-08-04 10:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]

2004-08-04 10:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

2007-04-26 22:27 16132608 ----a-w- c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2008-12-01 12:29 136600 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"WMPNetworkSvc"=3 (0x3)

"WLSetupSvc"=3 (0x3)

"usnjsvc"=3 (0x3)

"SSScsiSV"=3 (0x3)

"SPTISRV"=3 (0x3)

"SonicStage Back-End Service"=3 (0x3)

"PACSPTISVR"=3 (0x3)

"ose"=3 (0x3)

"MSCSPTISRV"=3 (0x3)

"KSD2Service"=2 (0x2)

"JavaQuickStarterService"=2 (0x2)

"iPod Service"=3 (0x3)

"idsvc"=3 (0x3)

"IDriverT"=3 (0x3)

"FLEXnet Licensing Service"=3 (0x3)

"dlbt_device"=3 (0x3)

"CyberLink Media Library Service"=2 (0x2)

"CLSched"=2 (0x2)

"CLCapSvc"=2 (0x2)

"Apple Mobile Device"=2 (0x2)

"O&O Defrag"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=

"c:\\Program Files\\SopCast\\SopCast.exe"=

"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=

"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

"c:\\Program Files\\uTorrent\\utorrent.exe"=

"c:\\WINDOWS\\system32\\spoolsv.exe"=

R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [13/06/2010 08:23 30320]

R1 RapportKELL;RapportKELL;c:\program files\Trusteer\Rapport\bin\RapportKELL.sys [15/03/2010 14:47 58984]

R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [15/03/2010 14:47 116328]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [18/05/2009 22:35 108289]

R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [15/03/2010 14:47 779496]

R3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [13/06/2010 08:23 24400]

R3 XPAD;XBox Controllers USB HID Mini Driver;c:\windows\system32\drivers\Xpad.sys [01/02/2008 06:05 12800]

S2 CSIScanner;CSIScanner;"c:\program files\Prevx\prevx.exe" /service --> c:\program files\Prevx\prevx.exe [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [23/05/2010 17:27 135664]

S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [26/05/2008 07:37 16512]

S3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [10/12/2009 13:07 14424]

S3 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [13/06/2010 08:23 61624]

S3 XID;XBox Controller HID Minidriver, XID;c:\windows\system32\drivers\xid.sys [01/02/2008 04:58 7597]

S3 xpvcom;XPVCOM Port;c:\windows\system32\drivers\XPVCOM.sys [23/03/2007 03:00 30032]

S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [24/07/2008 07:18 717296]

.

Contents of the 'Scheduled Tasks' folder

2010-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-23 16:27]

2010-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-23 16:27]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.argos.co.uk/static/Product/partNumber/7000814/c_1/1%7Ccat_12107492%7CDIY%20tools%20and%20equipment%7C12107545/Trail/searchtext%3EFURNISHINGS.htm?storeId=10001&referredURL=http%3A%2F%2Fwww.argos.co.uk%2Fstatic%2FProduct%2FpartNumber%2F7000814%2Fc_1%2F1%7Ccat_12107492%7CDIY+tools+and+equipment%7C12107545%2FTrail%2Fsearchtext%3EFURNISHINGS.htm&jspStoreDir=argos&referrer=COJUN&cmpid=COJUN

uInternet Connection Wizard,ShellNext = iexplore

IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

.

**************************************************************************

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files:

**************************************************************************

.

Completion time: 2010-06-16 09:08:07

ComboFix-quarantined-files.txt 2010-06-16 08:08

ComboFix2.txt 2010-06-15 11:30

ComboFix3.txt 2009-04-21 10:39

Pre-Run: 472,071,290,880 bytes free

Post-Run: 472,055,021,568 bytes free

- - End Of File - - 0381C6C194B8158FEA5337332185A184

Link to post
Share on other sites

Hello again, Combofix refuses to see the rootkit, so lets try another tool :)

  • Please download TDSSKiller.zip and save it to your desktop.
  • Extract the zip file to your desktop (important, before continuing, make sure the file is located on your desktop, otherwise the following steps will not work!). Do NOT run the file yet!
  • Click Start > Run and copy paste the following bolded text in the run box
    "%userprofile%\desktop\tdsskiller.exe" -l report.txt
  • When it finished press any key to continue.
  • If needed reboot the computer.

A logfile (report.txt) will be created on your desktop. Please post its contents in your next reply.

Link to post
Share on other sites

Hi

Was i meant to also run the combofix from the desktop as well? As i think i was running them from the usb instead.

Also i was unable to copy and paste the text you said in the start>run box, as the desktop does not show up, so no start. But i was able to paste it into the task manager>file>new task run box. Hope that is good enough.

Here is the log.

18:17:26:281 3224 TDSS rootkit removing tool 2.3.2.0 May 31 2010 10:39:48

18:17:26:281 3224 ================================================================================

18:17:26:281 3224 SystemInfo:

18:17:26:281 3224 OS Version: 5.1.2600 ServicePack: 3.0

18:17:26:281 3224 Product type: Workstation

18:17:26:281 3224 ComputerName: VOSTRO-77880131

18:17:26:281 3224 UserName: User

18:17:26:281 3224 Windows directory: C:\WINDOWS

18:17:26:281 3224 Processor architecture: Intel x86

18:17:26:281 3224 Number of processors: 2

18:17:26:281 3224 Page size: 0x1000

18:17:26:281 3224 Boot type: Normal boot

18:17:26:281 3224 ================================================================================

18:17:26:484 3224 Initialize success

18:17:26:484 3224

18:17:26:484 3224 Scanning Services ...

18:17:26:828 3224 Raw services enum returned 355 services

18:17:26:828 3224

18:17:26:828 3224 Scanning Drivers ...

18:17:27:296 3224 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

18:17:27:328 3224 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

18:17:27:375 3224 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

18:17:27:406 3224 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

18:17:27:484 3224 ASPI (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\System32\DRIVERS\ASPI32.sys

18:17:27:515 3224 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

18:17:27:531 3224 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

18:17:27:562 3224 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

18:17:27:593 3224 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

18:17:27:671 3224 avgio (6a646c46b9415e13095aa9b352040a7a) C:\Program Files\Avira\AntiVir Desktop\avgio.sys

18:17:27:703 3224 avgntflt (14fe36d8f2c6a2435275338d061a0b66) C:\WINDOWS\system32\DRIVERS\avgntflt.sys

18:17:27:734 3224 avipbb (452e382340bb0c5e694ed9d3625356d0) C:\WINDOWS\system32\DRIVERS\avipbb.sys

18:17:27:750 3224 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

18:17:27:765 3224 BrScnUsb (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys

18:17:27:859 3224 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

18:17:27:890 3224 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

18:17:27:921 3224 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

18:17:27:953 3224 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

18:17:27:968 3224 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

18:17:28:000 3224 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys

18:17:28:046 3224 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

18:17:28:078 3224 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

18:17:28:109 3224 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

18:17:28:140 3224 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

18:17:28:156 3224 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

18:17:28:187 3224 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

18:17:28:218 3224 e1express (34aaa3b298a852b3663e6e0d94d12945) C:\WINDOWS\system32\DRIVERS\e1e5132.sys

18:17:28:234 3224 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

18:17:28:265 3224 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

18:17:28:281 3224 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

18:17:28:296 3224 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

18:17:28:312 3224 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

18:17:28:343 3224 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

18:17:28:359 3224 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

18:17:28:406 3224 GEARAspiWDM (ab8a6a87d9d7255c3884d5b9541a6e80) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

18:17:28:421 3224 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

18:17:28:453 3224 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

18:17:28:468 3224 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

18:17:28:515 3224 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

18:17:28:531 3224 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys

18:17:28:687 3224 ialm (28423512370705aeda6a652fedb25468) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys

18:17:28:828 3224 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

18:17:28:953 3224 IntcAzAudAddService (17bbbabb21f86b650b2626045a9d016c) C:\WINDOWS\system32\drivers\RtkHDAud.sys

18:17:29:000 3224 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

18:17:29:015 3224 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

18:17:29:046 3224 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

18:17:29:062 3224 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

18:17:29:078 3224 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

18:17:29:109 3224 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

18:17:29:125 3224 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

18:17:29:156 3224 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

18:17:29:171 3224 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

18:17:29:203 3224 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

18:17:29:250 3224 klmd23 (67e1faa88fb397b3d56909d7e04f4dd3) C:\WINDOWS\system32\drivers\klmd.sys

18:17:29:281 3224 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

18:17:29:312 3224 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

18:17:29:343 3224 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

18:17:29:359 3224 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

18:17:29:390 3224 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

18:17:29:406 3224 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

18:17:29:421 3224 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

18:17:29:453 3224 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys

18:17:29:468 3224 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

18:17:29:500 3224 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

18:17:29:531 3224 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

18:17:29:546 3224 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

18:17:29:562 3224 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

18:17:29:578 3224 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

18:17:29:609 3224 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

18:17:29:625 3224 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

18:17:29:640 3224 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

18:17:29:671 3224 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

18:17:29:687 3224 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

18:17:29:718 3224 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

18:17:29:734 3224 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

18:17:29:750 3224 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

18:17:29:765 3224 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

18:17:29:781 3224 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys

18:17:29:812 3224 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

18:17:29:828 3224 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

18:17:29:843 3224 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

18:17:29:875 3224 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

18:17:29:921 3224 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

18:17:29:953 3224 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

18:17:29:984 3224 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

18:17:30:000 3224 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys

18:17:30:015 3224 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

18:17:30:031 3224 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

18:17:30:078 3224 pbfilter (65fb0c4aa30d84849e0e4c97cb5501ce) C:\Program Files\PeerBlock\pbfilter.sys

18:17:30:093 3224 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

18:17:30:125 3224 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

18:17:30:140 3224 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

18:17:30:203 3224 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

18:17:30:218 3224 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

18:17:30:234 3224 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

18:17:30:265 3224 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys

18:17:30:296 3224 pxkbf (045f95215c47d381dfb1807b551ba09c) C:\WINDOWS\system32\drivers\pxkbf.sys

18:17:30:312 3224 pxrts (7272a3b16d43049a083d62b20648e70e) C:\WINDOWS\system32\drivers\pxrts.sys

18:17:30:343 3224 pxscan (ec1173008038d321772a4b5821ac27a2) C:\WINDOWS\system32\drivers\pxscan.sys

18:17:30:453 3224 RapportKELL (057b724872f9b3cba1aa18ca3c8774dc) C:\Program Files\Trusteer\Rapport\bin\RapportKELL.sys

18:17:30:453 3224 RapportPG (92d289c130204ad11d8508df94886a84) C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys

18:17:30:484 3224 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

18:17:30:500 3224 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

18:17:30:515 3224 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

18:17:30:531 3224 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

18:17:30:562 3224 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

18:17:30:578 3224 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

18:17:30:609 3224 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

18:17:30:625 3224 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

18:17:30:656 3224 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

18:17:30:671 3224 s116bus (815445f4676cc96bc9aeec303c727e19) C:\WINDOWS\system32\DRIVERS\s116bus.sys

18:17:30:703 3224 s116mdfl (333d1e0743e6de1779c3c418ac601c3a) C:\WINDOWS\system32\DRIVERS\s116mdfl.sys

18:17:30:718 3224 s116mdm (50d6e5b021e9ec7553ab8a3553cc1b6b) C:\WINDOWS\system32\DRIVERS\s116mdm.sys

18:17:30:734 3224 s116mgmt (1589aa53e43f8d193a7d4d580d3ffa95) C:\WINDOWS\system32\DRIVERS\s116mgmt.sys

18:17:30:781 3224 s116nd5 (306f85733671fe507470f0273025e768) C:\WINDOWS\system32\DRIVERS\s116nd5.sys

18:17:30:796 3224 s116obex (ec32601f04a5a5de89315d0f55e73d66) C:\WINDOWS\system32\DRIVERS\s116obex.sys

18:17:30:828 3224 s116unic (32e3ecb4b2b5887426eaf241a8149cde) C:\WINDOWS\system32\DRIVERS\s116unic.sys

18:17:30:859 3224 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

18:17:30:890 3224 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys

18:17:30:906 3224 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys

18:17:30:937 3224 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

18:17:30:968 3224 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

18:17:31:015 3224 sptd (71e276f6d189413266ea22171806597b) C:\WINDOWS\System32\Drivers\sptd.sys

18:17:31:062 3224 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

18:17:31:093 3224 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys

18:17:31:140 3224 ssmdrv (654dfea96bc82b4acda4f37e5e4a3bbf) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys

18:17:31:156 3224 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

18:17:31:171 3224 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

18:17:31:187 3224 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

18:17:31:234 3224 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

18:17:31:250 3224 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

18:17:31:281 3224 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

18:17:31:312 3224 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

18:17:31:328 3224 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

18:17:31:359 3224 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

18:17:31:406 3224 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

18:17:31:453 3224 USB28xxBGA (1d244e3c7afa613218f66970fea240ca) C:\WINDOWS\system32\DRIVERS\emBDA.sys

18:17:31:484 3224 USB28xxOEM (e3bb8bc8088498d1a191af321b8c05c5) C:\WINDOWS\system32\DRIVERS\emOEM.sys

18:17:31:515 3224 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

18:17:31:546 3224 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

18:17:31:562 3224 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

18:17:31:578 3224 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

18:17:31:593 3224 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

18:17:31:609 3224 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

18:17:31:625 3224 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

18:17:31:656 3224 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

18:17:31:671 3224 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

18:17:31:687 3224 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

18:17:31:718 3224 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

18:17:31:734 3224 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

18:17:31:750 3224 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

18:17:31:781 3224 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

18:17:31:796 3224 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

18:17:31:843 3224 XID (65142f36516123821917bc91abebdd9d) C:\WINDOWS\system32\Drivers\xid.sys

18:17:31:875 3224 XPAD (6417bb89d38dacaaff529854efb1b502) C:\WINDOWS\system32\Drivers\xpad.sys

18:17:31:906 3224 xpvcom (fd255b2a8f614bdcdfae5f0a289d605e) C:\WINDOWS\system32\DRIVERS\XPVCOM.sys

18:17:31:906 3224

18:17:31:906 3224 Completed

18:17:31:906 3224

18:17:31:906 3224 Results:

18:17:31:906 3224 Registry objects infected / cured / cured on reboot: 0 / 0 / 0

18:17:31:906 3224 File objects infected / cured / cured on reboot: 0 / 0 / 0

18:17:31:906 3224

18:17:31:906 3224 KLMD(ARK) unloaded successfully

Link to post
Share on other sites

Hi, to make things easier both for you and for me, I would like to use an alternative solution. I understand its quite difficult for you to work in Normal Mode (and yes, you did well by using the runcommand :)).

To be able to have a good look at what this themed32.dll file is actually doing as well as being able to replace the rootkit infected file (which is unrelated from the themed32.dll file) I want to use a bootable PE CD.

On a working computer, please download OTLPE (filesize 120,9 MB)

  • When downloaded double click on OTLPENet.exe and make sure there is a blank CD in your CD drive. This will automatically create a bootable CD.
  • Reboot your system using the boot CD you just created.
    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • Your system should now display a REATOGO-X-PE desktop.
  • Depending on your type of internet connection, you should be able to get online as well so you can access this topic more easily.
  • Double-click on the OTLPE icon.
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start.
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive if you do not have internet connection on this system
  • Please post the contents of the OTL.txt file in your reply.

Link to post
Share on other sites

Heres the log

OTL logfile created on: 6/17/2010 11:03:08 AM - Run

OTLPE by OldTimer - Version 3.1.39.0 Folder = X:\Programs\OTLPE

Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 86.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 462.40 Gb Total Space | 439.80 Gb Free Space | 95.11% Space Free | Partition Type: NTFS

Drive D: | 232.88 Gb Total Space | 2.00 Gb Free Space | 0.86% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Drive X: | 433.24 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO

Current User Name: SYSTEM

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto] -- -- (CSIScanner)

SRV - [2010/03/15 09:47:22 | 000,779,496 | ---- | M] (Trusteer Ltd.) [Auto] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)

SRV - [2009/08/05 19:08:42 | 000,185,089 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2009/06/09 17:51:49 | 000,108,289 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2008/08/16 21:32:04 | 000,658,432 | ---- | M] (Macrovision Europe Ltd.) [On_Demand] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2007/05/10 22:09:48 | 001,050,120 | ---- | M] (O&O Software GmbH) [Disabled] -- C:\WINDOWS\system32\oodag.exe -- (O&O Defrag)

SRV - [2007/02/05 06:11:18 | 000,075,320 | ---- | M] (Sony Corporation) [Disabled] -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)

SRV - [2007/02/05 06:11:16 | 000,112,184 | ---- | M] (Sony Corporation) [Disabled] -- C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe -- (SonicStage Back-End Service)

SRV - [2005/07/07 14:40:12 | 000,110,687 | ---- | M] () [Disabled] -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)

SRV - [2005/07/07 14:40:10 | 000,221,281 | ---- | M] () [Disabled] -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)

SRV - [2005/06/20 08:32:56 | 000,061,440 | ---- | M] (Cyberlink) [Disabled] -- C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)

DRV - File not found [Kernel | On_Demand] -- -- (USBAAPL)

DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)

DRV - File not found [Kernel | System] -- -- (PCIDump)

DRV - File not found [Kernel | System] -- -- (lbrtfdc)

DRV - File not found [Kernel | System] -- -- (i2omgmt)

DRV - File not found [Kernel | System] -- -- (Changer)

DRV - File not found [Kernel | On_Demand] -- -- (catchme)

DRV - [2010/06/13 03:23:13 | 000,061,624 | ---- | M] (Prevx) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\pxrts.sys -- (pxrts)

DRV - [2010/06/13 03:23:13 | 000,030,320 | ---- | M] (Prevx) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pxscan.sys -- (pxscan)

DRV - [2010/06/13 03:23:12 | 000,024,400 | ---- | M] (Prevx) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pxkbf.sys -- (pxkbf)

DRV - [2010/03/15 09:47:30 | 000,116,328 | ---- | M] (Trusteer Ltd.) [Kernel | System] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)

DRV - [2010/03/15 09:47:30 | 000,058,984 | ---- | M] (Trusteer Ltd.) [Kernel | System] -- C:\Program Files\Trusteer\Rapport\bin\RapportKELL.sys -- (RapportKELL)

DRV - [2009/12/07 19:13:38 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2009/09/27 22:02:44 | 000,014,424 | ---- | M] () [Kernel | On_Demand] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)

DRV - [2009/06/09 17:51:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2009/03/30 05:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)

DRV - [2009/02/13 07:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)

DRV - [2008/07/24 02:18:08 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)

DRV - [2008/04/13 14:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)

DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)

DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)

DRV - [2007/05/02 20:21:22 | 004,403,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2007/04/17 01:16:26 | 005,760,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)

DRV - [2007/04/14 00:33:34 | 000,254,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel®

DRV - [2007/04/03 15:57:54 | 000,099,080 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\s116unic.sys -- (s116unic) Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (WDM)

DRV - [2007/04/03 15:57:52 | 000,098,696 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\s116obex.sys -- (s116obex)

DRV - [2007/04/03 15:57:52 | 000,023,176 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\s116nd5.sys -- (s116nd5) Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (NDIS)

DRV - [2007/04/03 15:57:50 | 000,100,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\s116mgmt.sys -- (s116mgmt) Sony Ericsson Device 116 USB WMC Device Management Drivers (WDM)

DRV - [2007/04/03 15:57:48 | 000,108,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\s116mdm.sys -- (s116mdm)

DRV - [2007/04/03 15:57:48 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\s116mdfl.sys -- (s116mdfl)

DRV - [2007/04/03 15:57:42 | 000,083,336 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\s116bus.sys -- (s116bus) Sony Ericsson Device 116 driver (WDM)

DRV - [2007/03/22 22:00:14 | 000,030,032 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\XPVCOM.sys -- (xpvcom)

DRV - [2005/09/06 10:11:50 | 000,202,496 | R--- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\emBDA.sys -- (USB28xxBGA)

DRV - [2005/09/06 10:11:38 | 000,005,376 | R--- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\emOEM.sys -- (USB28xxOEM)

DRV - [2004/10/15 08:50:20 | 000,015,295 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BrScnUsb.sys -- (BrScnUsb)

DRV - [2004/08/01 14:18:30 | 000,012,800 | ---- | M] (Beijing WiseGrup.,Ltd (gamepad.yeah.net)) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Xpad.sys -- (XPAD)

DRV - [2002/11/13 06:38:26 | 000,007,597 | ---- | M] (XID) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\xid.sys -- (XID)

DRV - [2002/07/17 11:05:10 | 000,016,512 | ---- | M] (Adaptec) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (ASPI)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\systemprofile_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\User_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.argos.co.uk/static/Product/part...amp;cmpid=COJUN

IE - HKU\User_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Vostro77_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

FF - HKLM\software\mozilla\Mozilla Sunbird 0.7\extensions\\Components: C:\Program Files\Mozilla Sunbird\components [2009/03/03 16:08:23 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Sunbird 0.7\extensions\\Plugins: C:\Program Files\Mozilla Sunbird\plugins [2010/03/12 00:56:11 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.9\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009/03/03 16:08:23 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.9\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/03/12 00:56:11 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2010/06/16 04:04:27 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (SafeOnline BHO) - {69D72956-317C-44bd-B369-8E44D4EF9801} - C:\WINDOWS\system32\PxSecure.dll (Prevx)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKU\systemprofile_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKU\User_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKU\Vostro77_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKU\User_ON_C..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC)

O4 - Startup: C:\Documents and Settings\User\Start Menu\Programs\Startup\Wallpaper Changer.lnk = C:\Program Files\WallpaperToy\Wallpapertoy.Exe (Microsoft Corp.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1

O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\systemprofile_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\systemprofile_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\User_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\User_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\User_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\User_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1

O7 - HKU\Vostro77_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} Reg Error: Value error. (Reg Error: Key error.)

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab (DLM Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_10)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)

O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)

O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_10)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_10)

O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} http://eu.download.games.yahoo.com/zylom/a...zylomloader.cab (Zylom Loader Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008/01/29 22:45:25 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O34 - HKLM BootExecute: (OODBS) - C:\WINDOWS\System32\OODBS.exe (O&O Software GmbH)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKU\.DEFAULT\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/06/16 04:08:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp

[2010/06/16 03:48:56 | 000,000,000 | ---D | C] -- C:\ComboFix

[2010/06/15 07:02:53 | 000,000,000 | ---D | C] -- C:\Qoobox

[2010/06/15 04:13:10 | 000,998,736 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\User\Desktop\TDSSKiller.exe

[2010/06/13 03:23:14 | 000,061,952 | ---- | C] (Prevx) -- C:\WINDOWS\System32\PxSecure.dll

[2010/06/13 03:23:13 | 000,061,624 | ---- | C] (Prevx) -- C:\WINDOWS\System32\drivers\pxrts.sys

[2010/06/13 03:23:13 | 000,030,320 | ---- | C] (Prevx) -- C:\WINDOWS\System32\drivers\pxscan.sys

[2010/06/13 03:23:12 | 000,024,400 | ---- | C] (Prevx) -- C:\WINDOWS\System32\drivers\pxkbf.sys

[2010/06/13 02:48:15 | 000,385,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\THEMEd32.DLL

[2010/06/13 00:20:37 | 000,000,000 | ---D | C] -- C:\Config.Msi

[2010/06/12 21:59:10 | 000,000,000 | ---D | C] -- C:\Program Files\Azureus(2)

[2010/06/12 04:15:22 | 000,000,000 | ---D | C] -- C:\ErdUndoCache

[2010/06/11 19:07:32 | 000,000,000 | ---D | C] -- C:\found.000

[2010/06/11 17:40:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vostro77\Application Data\Trusteer

[2010/06/11 13:27:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\My Documents\Azureus Downloads

[2010/06/11 13:26:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Azureus

[2010/06/11 12:53:24 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\User\Recent

[2010/06/11 12:41:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia

[2010/06/11 12:41:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe

[2010/06/11 09:26:03 | 000,000,000 | ---D | C] -- C:\spoolerlogs

[2010/06/05 15:01:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Leadertech

[2010/05/26 12:08:30 | 000,000,000 | ---D | C] -- C:\Program Files\Advanced File Organizer

[2010/05/26 09:25:14 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent

[2010/05/25 18:11:19 | 000,000,000 | ---D | C] -- C:\1121aa01e2dca97d337f

[2010/05/23 12:32:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Temp

[2010/05/23 12:32:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google

[2010/05/23 12:27:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google

[2010/05/23 11:03:43 | 000,000,000 | ---D | C] -- C:\Program Files\Google

[2010/05/18 11:15:58 | 000,000,000 | ---D | C] -- C:\Program Files\CDisplay

[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/06/17 11:04:19 | 000,262,144 | ---- | M] () -- C:\Documents and Settings\LocalService\ntuser.dat

[2010/06/16 13:24:05 | 000,233,472 | ---- | M] () -- C:\Documents and Settings\NetworkService\ntuser.dat

[2010/06/16 13:24:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/06/16 13:24:02 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/06/16 13:24:00 | 019,607,552 | ---- | M] () -- C:\Documents and Settings\User\ntuser.dat

[2010/06/16 13:24:00 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\User\ntuser.ini

[2010/06/16 13:22:58 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2010/06/16 13:22:41 | 000,586,143 | ---- | M] () -- C:\WINDOWS\System32\oodbs.lor

[2010/06/16 04:06:32 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini

[2010/06/16 04:04:27 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2010/06/14 02:37:07 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2010/06/13 12:36:52 | 004,980,736 | ---- | M] () -- C:\Documents and Settings\Vostro77\ntuser.dat

[2010/06/13 03:35:29 | 000,000,020 | ---- | M] () -- C:\Documents and Settings\User\defogger_reenable

[2010/06/13 03:23:14 | 000,061,952 | ---- | M] (Prevx) -- C:\WINDOWS\System32\PxSecure.dll

[2010/06/13 03:23:13 | 000,061,624 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxrts.sys

[2010/06/13 03:23:13 | 000,030,320 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxscan.sys

[2010/06/13 03:23:12 | 000,024,400 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxkbf.sys

[2010/06/13 03:22:49 | 000,000,680 | ---- | M] () -- C:\WINDOWS\wininit.ini

[2010/06/12 12:35:27 | 000,333,872 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010/06/11 17:35:05 | 004,403,200 | ---- | M] () -- C:\WINDOWS\system32\config\systemprofile\ntuser.dat

[2010/06/11 17:32:15 | 003,145,782 | -H-- | M] () -- C:\WINDOWS\System32\toyhide.bmp

[2010/06/11 17:31:32 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2010/06/11 17:30:22 | 000,000,288 | ---- | M] () -- C:\WINDOWS\win.ini

[2010/06/11 17:29:18 | 000,000,063 | ---- | M] () -- C:\WINDOWS\vbaddin.ini

[2010/06/11 17:16:41 | 000,492,798 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2010/06/11 17:16:41 | 000,435,590 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010/06/11 17:16:41 | 000,068,360 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010/06/10 11:24:10 | 000,026,991 | ---- | M] () -- C:\Documents and Settings\User\peerblock.dmp

[2010/06/07 16:25:45 | 000,000,079 | ---- | M] () -- C:\WINDOWS\2pic.ini

[2010/06/07 16:05:43 | 000,094,720 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/05/31 05:41:12 | 000,998,736 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\User\Desktop\TDSSKiller.exe

[2010/05/26 13:26:49 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/15 07:11:28 | 000,008,192 | -H-- | C] () -- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG

[2010/06/15 07:10:06 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2010/06/15 07:10:05 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2010/06/13 03:35:15 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\User\defogger_reenable

[2010/06/12 12:36:22 | 019,607,552 | ---- | C] () -- C:\Documents and Settings\User\ntuser.dat

[2010/06/12 12:28:06 | 004,403,200 | ---- | C] () -- C:\WINDOWS\system32\config\systemprofile\ntuser.dat

[2010/06/11 17:02:55 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK

[2010/05/23 12:27:36 | 000,000,884 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2010/05/23 12:27:35 | 000,000,880 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2010/05/04 17:30:04 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2010/05/04 17:30:04 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest

[2010/03/02 06:26:05 | 000,014,122 | -HS- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\fhW51

[2010/02/27 07:46:54 | 000,014,098 | -HS- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\vn844t3vL0

[2010/02/26 13:37:49 | 000,002,334 | -HS- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\HACL0GM47D

[2010/02/10 11:09:12 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI

[2010/02/10 11:09:12 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI

[2010/02/10 05:19:56 | 000,002,894 | -HS- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\g52C

[2010/01/22 22:27:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OODCNT.INI

[2009/12/11 09:14:42 | 000,026,991 | ---- | C] () -- C:\Documents and Settings\User\peerblock.dmp

[2009/10/09 15:27:36 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll

[2009/10/09 15:27:36 | 000,000,059 | ---- | C] () -- C:\WINDOWS\wpd99.drv

[2009/09/11 00:10:44 | 000,000,079 | ---- | C] () -- C:\WINDOWS\2pic.ini

[2009/05/26 00:46:03 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll

[2009/03/11 15:03:58 | 000,000,013 | ---- | C] () -- C:\WINDOWS\msgtn.ini

[2009/02/02 20:27:42 | 000,532,480 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Sony.dll

[2008/12/13 04:24:50 | 000,000,680 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2008/12/09 12:17:53 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Vostro77\ntuser.ini

[2008/12/09 12:17:51 | 004,980,736 | ---- | C] () -- C:\Documents and Settings\Vostro77\ntuser.dat

[2008/12/09 12:17:51 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\Vostro77\NtUser.dat.LOG

[2008/11/23 10:18:46 | 000,000,124 | ---- | C] () -- C:\Documents and Settings\User\webct_upload_applet.properties

[2008/07/21 23:36:34 | 000,000,534 | ---- | C] () -- C:\WINDOWS\dellstat.ini

[2008/06/15 03:14:30 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2008/06/15 03:01:45 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll

[2008/06/12 20:37:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI

[2008/06/03 01:37:12 | 000,000,053 | ---- | C] () -- C:\WINDOWS\System32\sysmwwod.dll

[2008/05/26 02:33:23 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll

[2008/05/16 05:07:28 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI

[2008/02/10 18:44:20 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll

[2008/02/05 04:36:21 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2008/01/29 23:01:55 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4820.dll

[2008/01/29 22:54:32 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\igfxtvcx.dll

[2008/01/29 22:50:23 | 000,094,720 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/01/29 22:48:53 | 000,020,480 | -H-- | C] () -- C:\Documents and Settings\User\ntuser.dat.LOG

[2008/01/29 22:48:53 | 000,000,278 | -HS- | C] () -- C:\Documents and Settings\User\ntuser.ini

[2008/01/29 22:48:10 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\LocalService\ntuser.ini

[2008/01/29 22:48:09 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\LocalService\ntuser.dat

[2008/01/29 22:48:09 | 000,049,152 | -H-- | C] () -- C:\Documents and Settings\LocalService\ntuser.dat.LOG

[2008/01/29 22:47:26 | 000,233,472 | ---- | C] () -- C:\Documents and Settings\NetworkService\ntuser.dat

[2008/01/29 22:47:26 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\NetworkService\ntuser.dat.LOG

[2008/01/29 22:47:26 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\NetworkService\ntuser.ini

[2008/01/29 20:54:56 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2007/03/22 22:00:14 | 000,030,032 | ---- | C] () -- C:\WINDOWS\System32\drivers\XPVCOM.sys

[2005/05/25 13:07:26 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\dlbtcnv4.dll

[2004/06/09 16:38:01 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\JPeg32.dll

[2003/01/07 10:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2010/06/11 13:26:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Azureus

[2010/02/14 07:27:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Trusteer

[2010/04/24 21:39:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Azureus

[2010/02/11 17:20:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Trusteer

[2008/08/23 06:49:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\.SwarmPlayer

[2008/08/13 01:21:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\.Tribler

[2010/06/13 00:20:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Azureus

[2010/01/10 06:19:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\CellularEmulator

[2008/07/24 02:18:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\DAEMON Tools

[2008/11/02 16:09:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\eBookPro6

[2010/01/06 12:57:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\GrabPro

[2008/01/30 21:52:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Grisoft

[2010/02/14 04:19:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\IEPro

[2010/01/23 23:21:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\ImgBurn

[2008/11/08 21:44:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\ImTOO Software Studio

[2010/06/05 15:01:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Leadertech

[2010/02/11 20:44:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\MiniDm

[2008/06/18 05:43:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Netscape

[2010/01/06 13:05:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Orbit

[2009/04/17 18:31:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\PPStream

[2009/09/10 21:45:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Sports Interactive

[2008/01/30 22:21:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Thunderbird

[2010/02/11 10:10:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Trusteer

[2009/10/09 15:23:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\UDC Profiles

[2010/05/26 09:25:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\uTorrent

[2009/11/29 22:52:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\VitySoft

[2010/06/11 17:40:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vostro77\Application Data\Trusteer

========== Purity Check ==========

< End of report >

Link to post
Share on other sites

Lets see if we can find out a bit more about this file.

Please rerun OTLPE and copy/paste the following text into the "custom scan/fix" field. Click the NONE button and then Run Scan.

/md5start
themed32.dll
/md5stop

Please post me the resulting log.

Link to post
Share on other sites

Sorry i should have mentioned it, i comepletely forgot. But initially when the error message kept asking for file themed32.dll i googloed it, and found that it was a not a system file, it was a fake virus file. So I went into windows/system32 and looked for it and could not find one, so i created a fake one with nothing in it, just a txt file renamed themed32.dll with 0 bytes of information in it, to test and see if that would fix the constant errors and at least allow me to access the desktop so i could run scans and so on. But it didn't work, and i compeltely forgot to delete the file.

OTL logfile created on: 6/18/2010 5:57:14 AM - Run

OTLPE by OldTimer - Version 3.1.39.0 Folder = X:\Programs\OTLPE

Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 86.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 462.40 Gb Total Space | 439.80 Gb Free Space | 95.11% Space Free | Partition Type: NTFS

Drive D: | 232.88 Gb Total Space | 2.00 Gb Free Space | 0.86% Space Free | Partition Type: NTFS

Drive E: | 59.55 Mb Total Space | 54.05 Mb Free Space | 90.77% Space Free | Partition Type: FAT32

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Drive X: | 433.24 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO

Current User Name: SYSTEM

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

Using ControlSet: ControlSet001

========== Custom Scans ==========

< MD5 for: THEMED32.DLL >

[2004/08/03 22:56:48 | 000,385,536 | ---- | M] (Microsoft Corporation) MD5=E6796D51CED309E46D29C0B787735615 -- C:\WINDOWS\system32\THEMEd32.DLL

< End of report >

Link to post
Share on other sites

This does not look like a renamed textfile. Both size and name do not match.

What I suspect is that we are dealing with a patched system file as well. To find out a bit more about it, please do the following:

UPLOAD A FILE

--------------------

We need to check a file. Please click this link VirusTotal

When the page has finished loading, click the Choose file button and navigate to the following file and click Send file.

C:\WINDOWS\system32\THEMEd32.DLL

If you get the message that the file has already been scanned before, please click Reanalyse file now.

Please post back the results of the scan in your next post.

Link to post
Share on other sites

here's the report

OTL logfile created on: 6/19/2010 8:30:04 AM - Run

OTLPE by OldTimer - Version 3.1.39.0 Folder = X:\Programs\OTLPE

Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 87.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 462.40 Gb Total Space | 439.80 Gb Free Space | 95.11% Space Free | Partition Type: NTFS

Drive D: | 232.88 Gb Total Space | 0.94 Gb Free Space | 0.40% Space Free | Partition Type: NTFS

Drive E: | 59.55 Mb Total Space | 54.05 Mb Free Space | 90.76% Space Free | Partition Type: FAT32

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Drive X: | 433.24 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO

Current User Name: SYSTEM

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

Using ControlSet: ControlSet001

========== Custom Scans ==========

< MD5 for: THEMEUI.DLL >

[2008/04/13 20:12:07 | 000,385,536 | ---- | M] (Microsoft Corporation) MD5=A314EEA2A503A8E04085201E436384A5 -- C:\WINDOWS\ServicePackFiles\i386\themeui.dll

[2008/04/13 20:12:07 | 000,385,536 | ---- | M] (Microsoft Corporation) MD5=A314EEA2A503A8E04085201E436384A5 -- C:\WINDOWS\system32\themeui.dll

[2004/08/04 06:00:00 | 000,385,536 | ---- | M] (Microsoft Corporation) MD5=E6796D51CED309E46D29C0B787735615 -- C:\WINDOWS\$NtServicePackUninstall$\themeui.dll

< End of report >

Link to post
Share on other sites

sfc /scannow worked, before i was unable to do the scan due to the error message, but i guess because of the combo fix, or tdsskiller or otlpe scan it must have deleted and fixed whatever was preventing me from doing the scan. Now that i was able to do the scan it fixed whatever system file that was corrupted, as on the restart my desktop and explorer showed up.

Is there anythign else i should be doing now, few scans or something, extra software you can recommened i should install?

thanks for all the help.

Link to post
Share on other sites

here's the DDS log, hope it helps

DDS (Ver_10-03-17.01) - NTFSx86

Run by User at 18:43:14.50 on 20/06/2010

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_10

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2037.1577 [GMT 1:00]

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

svchost.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\Explorer.EXE

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\PeerBlock\peerblock.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\WallpaperToy\Wallpapertoy.Exe

F:\Defogger.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\system32\wscntfy.exe

F:\dds.scr

============== Pseudo HJT Report ===============

uInternet Connection Wizard,ShellNext = iexplore

BHO: {02478d38-c3f9-4efb-9b51-7695eca05670} - Yahoo! Toolbar Helper

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: SafeOnline BHO: {69d72956-317c-44bd-b369-8e44d4ef9801} - c:\windows\system32\PxSecure.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File

uRun: [PeerBlock] c:\program files\peerblock\peerblock.exe

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\docume~1\user\startm~1\programs\startup\wallpa~1.lnk - c:\program files\wallpapertoy\Wallpapertoy.Exe

IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab}

DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab

DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} - hxxp://eu.download.games.yahoo.com/zylom/activex/zylomloader.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\user\applic~1\mozilla\firefox\profiles\vlosx0jy.default\

FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\program files\google\update\1.2.183.27\npGoogleOneClick8.dll

FF - plugin: c:\program files\veetle\player\npvlc.dll

FF - plugin: c:\program files\veetle\plugins\npVeetle.dll

FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2010-6-13 30320]

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-5-18 11608]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-5-18 108289]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-5-18 185089]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-5-18 56816]

R3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2009-12-10 14424]

R3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [2010-6-13 24400]

R3 XPAD;XBox Controllers USB HID Mini Driver;c:\windows\system32\drivers\Xpad.sys [2008-2-1 12800]

S2 CSIScanner;CSIScanner;"c:\program files\prevx\prevx.exe" /service --> c:\program files\prevx\prevx.exe [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-23 135664]

S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2008-5-26 16512]

S3 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [2010-6-13 61624]

S3 XID;XBox Controller HID Minidriver, XID;c:\windows\system32\drivers\xid.sys [2008-2-1 7597]

S3 xpvcom;XPVCOM Port;c:\windows\system32\drivers\XPVCOM.sys [2007-3-23 30032]

=============== Created Last 30 ================

2010-06-20 09:31:34 0 d-sh--w- c:\documents and settings\user\IETldCache

2010-06-20 09:28:52 0 dc-h--w- c:\windows\ie8

2010-06-20 09:19:59 12415 -c--a-w- c:\windows\system32\dllcache\wadv01nt.sys

2010-06-20 09:18:59 94720 -c--a-w- c:\windows\system32\dllcache\umaxud32.dll

2010-06-20 09:17:57 4992 -c--a-w- c:\windows\system32\dllcache\toside.sys

2010-06-20 09:16:58 10240 -c--a-w- c:\windows\system32\dllcache\swpdflt2.dll

2010-06-20 09:15:57 25034 -c--a-w- c:\windows\system32\dllcache\smcpwr2n.sys

2010-06-20 09:14:58 98080 -c--a-w- c:\windows\system32\dllcache\sgiulnt5.sys

2010-06-20 09:13:57 65664 -c--a-w- c:\windows\system32\dllcache\s3legacy.sys

2010-06-20 09:12:59 130942 -c--a-w- c:\windows\system32\dllcache\ptserlv.sys

2010-06-20 09:11:57 30495 -c--a-w- c:\windows\system32\dllcache\pc100nds.sys

2010-06-20 09:10:57 87040 -c--a-w- c:\windows\system32\dllcache\nm6wdm.sys

2010-06-20 09:09:59 12416 -c--a-w- c:\windows\system32\dllcache\msriffwv.sys

2010-06-20 09:08:59 727786 -c--a-w- c:\windows\system32\dllcache\ltck000c.sys

2010-06-20 09:07:58 100992 -c--a-w- c:\windows\system32\dllcache\icam5usb.sys

2010-06-20 09:06:59 150239 -c--a-w- c:\windows\system32\dllcache\hsf_amos.sys

2010-06-20 09:05:57 442240 -c--a-w- c:\windows\system32\dllcache\fpnpbase.sys

2010-06-20 09:04:59 7296 -c--a-w- c:\windows\system32\dllcache\elmsmc.sys

2010-06-20 09:03:59 7424 -c--a-w- c:\windows\system32\dllcache\ddsmc.sys

2010-06-20 09:02:52 13824 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys

2010-06-20 09:01:58 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll

2010-06-20 08:35:09 0 d-sh--w- c:\documents and settings\user\IECompatCache

2010-06-20 08:32:55 0 d-sh--w- c:\documents and settings\user\PrivacIE

2010-06-18 01:46:25 0 d-sh--w- C:\$RECYCLE.BIN

2010-06-16 07:48:56 0 d-----w- C:\ComboFix

2010-06-15 11:10:06 77312 ----a-w- c:\windows\MBR.exe

2010-06-15 11:10:05 256512 ----a-w- c:\windows\PEV.exe

2010-06-13 07:35:15 20 ----a-w- c:\documents and settings\user\defogger_reenable

2010-06-13 07:23:14 61952 ----a-w- c:\windows\system32\PxSecure.dll

2010-06-13 07:23:13 61624 ----a-w- c:\windows\system32\drivers\pxrts.sys

2010-06-13 07:23:13 30320 ----a-w- c:\windows\system32\drivers\pxscan.sys

2010-06-13 07:23:12 24400 ----a-w- c:\windows\system32\drivers\pxkbf.sys

2010-06-13 07:22:49 0 d-----w- c:\docume~1\alluse~1\applic~1\PrevxCSI

2010-06-13 04:21:15 0 d-----w- c:\windows\system32\wbem\Repository

2010-06-13 01:59:10 0 d-----w- c:\program files\Azureus(2)

2010-06-12 08:15:22 0 d-----w- C:\ErdUndoCache

2010-06-11 23:07:32 0 d-----w- C:\found.000

2010-06-11 13:26:03 0 d-----w- C:\spoolerlogs

2010-06-10 08:21:03 0 d-----w- c:\docume~1\alluse~1\applic~1\DivX

2010-06-07 20:24:06 3255 ----a-w- c:\windows\system32\wbem\Outlook_01cb067f60e97c1e.mof

2010-05-26 16:08:30 0 d-----w- c:\program files\Advanced File Organizer

2010-05-26 13:25:14 0 d-----w- c:\program files\uTorrent

2010-05-25 22:11:19 0 d-----w- C:\1121aa01e2dca97d337f

==================== Find3M ====================

2010-04-29 14:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-04-29 14:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-04-27 18:40:40 45648 ----a-w- c:\windows\system32\drivers\PxHelp20.sys

2010-04-27 18:40:40 133616 ------w- c:\windows\system32\pxafs.dll

2010-04-27 18:40:40 126448 ------w- c:\windows\system32\pxinsi64.exe

2010-04-27 18:40:40 123888 ------w- c:\windows\system32\pxcpyi64.exe

2006-05-03 10:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll

2007-02-21 11:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll

2008-03-16 13:30:52 216064 --sh--r- c:\windows\system32\nbDX.dll

2008-07-16 17:26:08 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008071620080717\index.dat

============= FINISH: 18:43:52.85 ===============

Link to post
Share on other sites

sorry forgot to run it from the desktop

here is the one run from the desktop

P.S. Is there anything in any of these log files that could be a problem that i should delete from the net? The forums doesn't allow editing or deleting posts, so thought i should ask.

18:58:50:187 2912 TDSS rootkit removing tool 2.3.2.0 May 31 2010 10:39:48

18:58:50:187 2912 ================================================================================

18:58:50:187 2912 SystemInfo:

18:58:50:187 2912 OS Version: 5.1.2600 ServicePack: 3.0

18:58:50:187 2912 Product type: Workstation

18:58:50:187 2912 ComputerName: VOSTRO-77880131

18:58:50:187 2912 UserName: User

18:58:50:187 2912 Windows directory: C:\WINDOWS

18:58:50:187 2912 Processor architecture: Intel x86

18:58:50:187 2912 Number of processors: 2

18:58:50:187 2912 Page size: 0x1000

18:58:50:187 2912 Boot type: Normal boot

18:58:50:187 2912 ================================================================================

18:58:51:000 2912 Initialize success

18:58:51:000 2912

18:58:51:000 2912 Scanning Services ...

18:58:51:437 2912 Raw services enum returned 352 services

18:58:51:437 2912

18:58:51:437 2912 Scanning Drivers ...

18:58:52:171 2912 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

18:58:52:218 2912 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

18:58:52:265 2912 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

18:58:52:296 2912 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

18:58:52:390 2912 ASPI (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\System32\DRIVERS\ASPI32.sys

18:58:52:421 2912 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

18:58:52:421 2912 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

18:58:52:453 2912 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

18:58:52:500 2912 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

18:58:52:640 2912 avgio (6a646c46b9415e13095aa9b352040a7a) C:\Program Files\Avira\AntiVir Desktop\avgio.sys

18:58:52:656 2912 avgntflt (14fe36d8f2c6a2435275338d061a0b66) C:\WINDOWS\system32\DRIVERS\avgntflt.sys

18:58:52:671 2912 avipbb (452e382340bb0c5e694ed9d3625356d0) C:\WINDOWS\system32\DRIVERS\avipbb.sys

18:58:52:718 2912 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

18:58:52:765 2912 BrScnUsb (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys

18:58:52:968 2912 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

18:58:53:000 2912 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

18:58:53:046 2912 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

18:58:53:078 2912 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

18:58:53:125 2912 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

18:58:53:171 2912 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys

18:58:53:203 2912 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

18:58:53:281 2912 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

18:58:53:312 2912 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

18:58:53:328 2912 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

18:58:53:390 2912 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

18:58:53:406 2912 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

18:58:53:468 2912 e1express (34aaa3b298a852b3663e6e0d94d12945) C:\WINDOWS\system32\DRIVERS\e1e5132.sys

18:58:53:515 2912 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

18:58:53:531 2912 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

18:58:53:531 2912 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

18:58:53:562 2912 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

18:58:53:578 2912 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

18:58:53:593 2912 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

18:58:53:609 2912 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

18:58:53:609 2912 GEARAspiWDM (ab8a6a87d9d7255c3884d5b9541a6e80) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

18:58:53:625 2912 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

18:58:53:671 2912 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

18:58:53:671 2912 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

18:58:53:718 2912 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

18:58:53:750 2912 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys

18:58:53:937 2912 ialm (28423512370705aeda6a652fedb25468) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys

18:58:54:078 2912 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

18:58:54:203 2912 IntcAzAudAddService (17bbbabb21f86b650b2626045a9d016c) C:\WINDOWS\system32\drivers\RtkHDAud.sys

18:58:54:250 2912 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

18:58:54:296 2912 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

18:58:54:296 2912 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

18:58:54:328 2912 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

18:58:54:359 2912 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

18:58:54:375 2912 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

18:58:54:406 2912 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

18:58:54:453 2912 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

18:58:54:468 2912 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

18:58:54:468 2912 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

18:58:54:515 2912 klmd23 (67e1faa88fb397b3d56909d7e04f4dd3) C:\WINDOWS\system32\drivers\klmd.sys

18:58:54:546 2912 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

18:58:54:593 2912 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

18:58:54:609 2912 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

18:58:54:640 2912 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

18:58:54:640 2912 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

18:58:54:671 2912 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

18:58:54:687 2912 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

18:58:54:718 2912 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys

18:58:54:734 2912 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

18:58:54:796 2912 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

18:58:54:828 2912 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

18:58:54:859 2912 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

18:58:54:875 2912 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

18:58:54:890 2912 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

18:58:54:937 2912 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

18:58:54:968 2912 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

18:58:54:984 2912 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

18:58:55:000 2912 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

18:58:55:015 2912 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

18:58:55:031 2912 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

18:58:55:062 2912 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

18:58:55:078 2912 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

18:58:55:093 2912 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

18:58:55:093 2912 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys

18:58:55:109 2912 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

18:58:55:125 2912 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

18:58:55:140 2912 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

18:58:55:171 2912 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

18:58:55:250 2912 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

18:58:55:296 2912 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

18:58:55:312 2912 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

18:58:55:578 2912 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys

18:58:55:687 2912 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

18:58:55:718 2912 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

18:58:55:812 2912 pbfilter (65fb0c4aa30d84849e0e4c97cb5501ce) C:\Program Files\PeerBlock\pbfilter.sys

18:58:55:828 2912 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

18:58:55:843 2912 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

18:58:55:875 2912 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

18:58:55:937 2912 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

18:58:55:953 2912 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

18:58:55:984 2912 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

18:58:56:000 2912 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys

18:58:56:031 2912 pxkbf (045f95215c47d381dfb1807b551ba09c) C:\WINDOWS\system32\drivers\pxkbf.sys

18:58:56:046 2912 pxrts (7272a3b16d43049a083d62b20648e70e) C:\WINDOWS\system32\drivers\pxrts.sys

18:58:56:078 2912 pxscan (ec1173008038d321772a4b5821ac27a2) C:\WINDOWS\system32\drivers\pxscan.sys

18:58:56:109 2912 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

18:58:56:140 2912 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

18:58:56:156 2912 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

18:58:56:171 2912 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

18:58:56:171 2912 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

18:58:56:187 2912 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

18:58:56:203 2912 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

18:58:56:250 2912 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

18:58:56:281 2912 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

18:58:56:312 2912 s116bus (815445f4676cc96bc9aeec303c727e19) C:\WINDOWS\system32\DRIVERS\s116bus.sys

18:58:56:328 2912 s116mdfl (333d1e0743e6de1779c3c418ac601c3a) C:\WINDOWS\system32\DRIVERS\s116mdfl.sys

18:58:56:359 2912 s116mdm (50d6e5b021e9ec7553ab8a3553cc1b6b) C:\WINDOWS\system32\DRIVERS\s116mdm.sys

18:58:56:375 2912 s116mgmt (1589aa53e43f8d193a7d4d580d3ffa95) C:\WINDOWS\system32\DRIVERS\s116mgmt.sys

18:58:56:406 2912 s116nd5 (306f85733671fe507470f0273025e768) C:\WINDOWS\system32\DRIVERS\s116nd5.sys

18:58:56:421 2912 s116obex (ec32601f04a5a5de89315d0f55e73d66) C:\WINDOWS\system32\DRIVERS\s116obex.sys

18:58:56:437 2912 s116unic (32e3ecb4b2b5887426eaf241a8149cde) C:\WINDOWS\system32\DRIVERS\s116unic.sys

18:58:56:468 2912 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

18:58:56:500 2912 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys

18:58:56:531 2912 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys

18:58:56:562 2912 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

18:58:56:593 2912 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

18:58:56:656 2912 sptd (71e276f6d189413266ea22171806597b) C:\WINDOWS\system32\Drivers\sptd.sys

18:58:56:656 2912 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b

18:58:56:703 2912 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

18:58:56:734 2912 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys

18:58:56:781 2912 ssmdrv (654dfea96bc82b4acda4f37e5e4a3bbf) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys

18:58:56:812 2912 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

18:58:56:843 2912 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

18:58:56:859 2912 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

18:58:56:890 2912 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

18:58:56:921 2912 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

18:58:56:953 2912 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

18:58:56:984 2912 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

18:58:57:015 2912 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

18:58:57:062 2912 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

18:58:57:093 2912 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

18:58:57:140 2912 USB28xxBGA (1d244e3c7afa613218f66970fea240ca) C:\WINDOWS\system32\DRIVERS\emBDA.sys

18:58:57:171 2912 USB28xxOEM (e3bb8bc8088498d1a191af321b8c05c5) C:\WINDOWS\system32\DRIVERS\emOEM.sys

18:58:57:187 2912 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

18:58:57:203 2912 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

18:58:57:250 2912 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

18:58:57:250 2912 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

18:58:57:312 2912 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

18:58:57:328 2912 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

18:58:57:343 2912 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

18:58:57:390 2912 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

18:58:57:406 2912 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

18:58:57:468 2912 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

18:58:57:515 2912 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

18:58:57:531 2912 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

18:58:57:546 2912 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

18:58:57:578 2912 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

18:58:57:593 2912 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

18:58:57:625 2912 XID (65142f36516123821917bc91abebdd9d) C:\WINDOWS\system32\Drivers\xid.sys

18:58:57:656 2912 XPAD (6417bb89d38dacaaff529854efb1b502) C:\WINDOWS\system32\Drivers\xpad.sys

18:58:57:687 2912 xpvcom (fd255b2a8f614bdcdfae5f0a289d605e) C:\WINDOWS\system32\DRIVERS\XPVCOM.sys

18:58:57:687 2912

18:58:57:687 2912 Completed

18:58:57:687 2912

18:58:57:687 2912 Results:

18:58:57:687 2912 Registry objects infected / cured / cured on reboot: 0 / 0 / 0

18:58:57:687 2912 File objects infected / cured / cured on reboot: 0 / 0 / 0

18:58:57:687 2912

18:58:57:703 2912 KLMD(ARK) unloaded successfully

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.