Jump to content

Bogus Microsoft Security essentials


Recommended Posts

Howdy,

After following the many posts on this rather nasty malware, I ran hijackthis, and this is the log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 4:10:33 PM, on 9/22/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\cisvc.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\windows\system\hpsysdrv.exe

C:\WINDOWS\System32\hphmon05.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\LTMSG.exe

C:\WINDOWS\system32\ps2.exe

C:\Program Files\Multimedia Card Reader\shwicon2k.exe

C:\WINDOWS\ALCXMNTR.EXE

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\QuickTime\QTTask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Alwil Software\Avast5\avastUI.exe

C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\WINDOWS\system32\cidaemon.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us10.hpwis.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us10.hpwis.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us10.hpwis.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:50370

F3 - REG:win.ini: load=C:\DOCUME~1\Owner\LOCALS~1\Temp\dwm.exe

F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,c:\program files\microsoft\desktoplayer.exe,c:\program files\quicktime\qttasksrv.exe,

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (file missing)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe

O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe

O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe

O4 - HKLM\..\Run: [AutoTBar] WINDOWS\System32\Wbem;c:\Python22;C:\Program Files\PC-Doctor for Windows\servicesAUTOTBAR.EXE

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [backupNowEZtray] "C:\Program Files\NewTech Infosystems\Backup Now EZ\BackupNowEZtray.exe" -k

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (rootkit-scan)] "C:\Program Files\Malwarebytes' Anti-Malware\winlogon.exe.exe" /runcleanupscript

O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [RIMDeviceManager] "C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe" -RunServer

O4 - HKCU\..\Run: [uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S

O4 - HKCU\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler

O4 - HKCU\..\Run: [dfrgsnapnt.exe] C:\DOCUME~1\Owner\LOCALS~1\Temp\dfrgsnapnt.exe

O4 - S-1-5-18 Startup: AutoTBar.exe (User 'SYSTEM')

O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user')

O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')

O4 - Startup: PowerReg Scheduler V3.exe

O4 - Startup: PowerReg Scheduler V3Srv.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1205482730343

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: NTI BackupNowEZSvr - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe

--

End of file - 8745 bytes

Also, every time after running rkill, and then the latest Malware Bytes quick scan, clicking on the "View Results" box always closes the program with zero quarantines or repairs being performed.

Any help would be aprreciated.

AS

Link to post
Share on other sites

  • Replies 63
  • Created
  • Last Reply

Top Posters In This Topic

Hello angussmith

Welcome to Malwarebytes.

=====================

  • Download OTL to your desktop.
  • Double click on OTL to run it.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Under Custom scan's and fixes section paste in the below in bold


    netsvcs

    %SYSTEMDRIVE%\*.*

    %systemroot%\system32\*.dll /lockedfiles

    %systemroot%\Tasks\*.job /lockedfiles

    %systemroot%\System32\config\*.sav

    %systemroot%\system32\drivers\*.sys /90

    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll


  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

====================

Please download Rootkit Unhooker and save it to your desktop.

  • Double-click RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth Code, Files, and Code Hooks
  • Uncheck the rest, then click OK
  • When prompted to Select Disks for Scan, make sure C:\ is checked and click OK
  • Wait till the scanner has finished then go File > Save Report
  • Save the report somewhere you can find it, typically your desktop. Click Close
  • Copy the entire contents of the report and paste it in your next reply.

Note - You may get this warning it is ok, just ignore it."Rootkit Unhooker has detected a parasite inside itself!

It is recommended to remove parasite, okay?"

Link to post
Share on other sites

Thank you, Kahdah.

The Oxford Concise Dictionary lists deity as having divine status, quality, or nature. I can only say that I am thankful for your response.

Here is OTL.txt:

OTL logfile created on: 9/22/2010 11:30:56 PM - Run 1

OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Owner\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

447.00 Mb Total Physical Memory | 82.00 Mb Available Physical Memory | 18.00% Memory free

1.00 Gb Paging File | 1.00 Gb Available in Paging File | 59.00% Paging File free

Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 70.06 Gb Total Space | 32.28 Gb Free Space | 46.07% Space Free | Partition Type: NTFS

Drive D: | 4.45 Gb Total Space | 0.60 Gb Free Space | 13.47% Space Free | Partition Type: FAT32

E: Drive not present or media not loaded

Unable to calculate disk information.

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Drive Y: | 928.30 Gb Total Space | 868.30 Gb Free Space | 93.54% Space Free | Partition Type: NTFS

Drive Z: | 928.30 Gb Total Space | 868.30 Gb Free Space | 93.54% Space Free | Partition Type: NTFS

Computer Name: HPA500N

Current User Name: Owner

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Trend Micro\HijackThis\HijackThis.exe (Trend Micro Inc.)

PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)

PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)

PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

PRC - C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe (Research In Motion Limited)

PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

PRC - C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe (Research In Motion Limited)

PRC - C:\Program Files\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe (NewTech Infosystems, Inc.)

PRC - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)

PRC - C:\Program Files\Multimedia Card Reader\shwicon2k.exe (Alcor Micro, Corp.)

PRC - C:\WINDOWS\system32\hphmon05.exe (Hewlett-Packard)

PRC - C:\WINDOWS\ltmsg.exe (Agere Systems)

PRC - C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found

SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found

SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)

SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)

SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)

SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (NTI BackupNowEZSvr) -- C:\Program Files\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe (NewTech Infosystems, Inc.)

SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)

========== Driver Services (SafeList) ==========

DRV - (Sunkfiltp) -- C:\WINDOWS\System32\Drivers\sunkfiltp.sys File not found

DRV - (RimUsb) -- C:\WINDOWS\System32\Drivers\RimUsb.sys File not found

DRV - (wxlcoxep) -- C:\WINDOWS\system32\drivers\swxg.sys ()

DRV - (jcbljma) -- C:\WINDOWS\system32\drivers\uloosh.sys ()

DRV - (liulp) -- C:\WINDOWS\system32\drivers\alui.sys ()

DRV - (twwgttu) -- C:\WINDOWS\system32\drivers\xorpc.sys ()

DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)

DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)

DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)

DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)

DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)

DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)

DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)

DRV - (NTIDrvr) -- C:\WINDOWS\system32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)

DRV - (UBHelper) -- C:\WINDOWS\system32\drivers\UBHelper.sys (NewTech Infosystems Corporation)

DRV - (AFS2K) -- C:\WINDOWS\System32\drivers\AFS2K.SYS (Oak Technology Inc.)

DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)

DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)

DRV - (ALCXSENS) -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS (Sensaura Ltd)

DRV - (SiS315) -- C:\WINDOWS\system32\drivers\sisgrp.sys (Silicon Integrated Systems Corporation)

DRV - (SiSkp) -- C:\WINDOWS\system32\drivers\srvkp.sys (Silicon Integrated Systems Corporation)

DRV - (fasttx2k) -- C:\WINDOWS\System32\DRIVERS\fasttx2k.sys (Promise Technology, Inc.)

DRV - (SunkFilt) -- C:\WINDOWS\system32\drivers\Sunkfilt.sys (Alcor Micro Corp.)

DRV - (Pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)

DRV - (nv_agp) -- C:\WINDOWS\System32\DRIVERS\nv_agp.sys (NVIDIA Corporation)

DRV - (SISAGP) -- C:\WINDOWS\System32\DRIVERS\SISAGPX.sys (Silicon Integrated Systems Corporation)

DRV - (viaagp1) -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys (VIA Technologies, Inc.)

DRV - (ltmodem5) -- C:\WINDOWS\system32\drivers\ltmdmnt.sys (Agere Systems)

DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\R8139n51.sys (Realtek Semiconductor Corporation )

DRV - (Ps2) -- C:\WINDOWS\system32\drivers\PS2.sys (Hewlett-Packard Company)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://us10.hpwis.com/

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50370

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}:6.0.19

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.10

FF - prefs.js..network.proxy.http: "127.0.0.1"

FF - prefs.js..network.proxy.http_port: 50370

FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/12/12 10:59:18 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/09/22 23:01:34 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/19 11:54:52 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/19 11:54:52 | 000,000,000 | ---D | M]

[2008/08/27 03:00:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions

[2008/08/27 03:00:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2010/09/21 17:33:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8t1t2g3e.default\extensions

[2009/12/13 12:45:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8t1t2g3e.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2009/08/17 06:47:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8t1t2g3e.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}

[2010/09/21 17:33:06 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2010/09/19 11:54:52 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2007/05/04 09:44:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

[2007/07/31 23:34:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

[2007/10/22 19:23:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

[2009/09/22 23:01:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

[2009/09/23 11:34:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

[2010/04/08 09:34:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

[2010/09/19 11:54:45 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll

[2010/09/19 11:54:46 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll

[2009/11/19 17:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll

[2010/03/09 04:28:20 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll

[2010/09/20 16:15:04 | 000,159,744 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll

[2009/11/19 17:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll

[2010/09/19 11:54:49 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll

[2007/03/22 19:23:30 | 000,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL

[2010/06/19 15:34:11 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll

[2010/09/20 16:15:05 | 000,204,800 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll

[2010/09/20 16:15:05 | 000,204,800 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll

[2010/09/20 16:15:05 | 000,204,800 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll

[2010/09/20 16:15:05 | 000,204,800 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll

[2010/09/20 16:15:05 | 000,204,800 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll

[2010/09/20 16:15:06 | 000,204,800 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll

[2010/09/20 16:15:06 | 000,204,800 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll

[2010/07/31 14:20:22 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml

[2010/07/31 14:20:22 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml

[2009/12/08 00:33:33 | 000,002,273 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\avg_igeared.xml

[2010/07/31 14:20:22 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml

[2010/07/31 14:20:22 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml

[2010/07/31 14:20:22 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml

[2010/07/31 14:20:22 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml

[2010/07/31 14:20:22 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2002/08/29 15:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll File not found

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.

O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.

O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AlcxMonitor] C:\WINDOWS\ALCXMNTR.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [AutoTBar] File not found

O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [backupNowEZtray] C:\Program Files\NewTech Infosystems\Backup Now EZ\BackupNowEZtray.exe (NewTech Infosystems, Inc.)

O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard)

O4 - HKLM..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe (Hewlett-Packard)

O4 - HKLM..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe (Hewlett-Packard)

O4 - HKLM..\Run: [hpsysdrv] c:\WINDOWS\system\hpsysdrv.exe (Hewlett-Packard Company)

O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)

O4 - HKLM..\Run: [LTMSG] C:\WINDOWS\ltmsg.exe (Agere Systems)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [Malwarebytes Anti-Malware (rootkit-scan)] C:\Program Files\Malwarebytes' Anti-Malware\winlogon.exe.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)

O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe (Alcor Micro, Corp.)

O4 - HKLM..\Run: [updateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)

O4 - HKLM..\Run: [VTTimer] File not found

O4 - HKCU..\Run: [dfrgsnapnt.exe] C:\Documents and Settings\Owner\Local Settings\Temp\dfrgsnapnt.exe ()

O4 - HKCU..\Run: [iSUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)

O4 - HKCU..\Run: [RecordNow!] File not found

O4 - HKCU..\Run: [RIMDeviceManager] C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe (Research In Motion Limited)

O4 - HKCU..\Run: [uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe File not found

O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)

O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe (Leader Technologies)

O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\PowerReg Scheduler V3Srv.exe ()

F3 - HKCU WinNT: Load - (C:\DOCUME~1\Owner\LOCALS~1\Temp\dwm.exe) - C:\Documents and Settings\Owner\Local Settings\Temp\dwm.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O15 - HKCU\..Trusted Domains: ([]msn in My Computer)

O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2...78f/wvc1dmo.cab (Reg Error: Key error.)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1205482730343 (MUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)

O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.243.0.12

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (c:\program files\microsoft\desktoplayer.exe) - c:\Program Files\Microsoft\DesktopLayer.exe ()

O20 - HKLM Winlogon: UserInit - (c:\program files\quicktime\qttasksrv.exe) - c:\Program Files\QuickTime\QTTaskSrv.exe ()

O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)

O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKCU Winlogon: Shell - (C:\Documents and Settings\Owner\Application Data\Microsoft\Windows\shell.exe) - C:\Documents and Settings\Owner\Application Data\Microsoft\Windows\shell.exe ()

O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)

O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)

O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O24 - Desktop Components:0 (My Current Home Page) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper2.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper2.bmp

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2004/01/20 21:16:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2001/07/28 06:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]

O32 - AutoRun File - [2002/09/11 03:02:32 | 000,000,045 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]

O33 - MountPoints2\{3c589f42-311e-11df-8c63-000ea6b11a6e}\Shell\AutoRun\command - "" = K:\restore\restorestarter.exe -- File not found

O33 - MountPoints2\{f878bed8-f1b3-11dc-8b08-806d6172696f}\Shell\AutoRun\command - "" = D:\Info.exe -- [2010/09/20 16:17:40 | 000,086,016 | -HS- | M] (XSS)

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found

NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found

NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)

NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/09/22 23:25:42 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe

[2010/09/22 15:49:33 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2010/09/22 12:23:20 | 006,153,376 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\Explorer.exe.exe

[2010/09/22 11:07:46 | 000,000,000 | ---D | C] -- C:\Program Files\sys4

[2010/09/21 23:56:53 | 000,165,584 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys

[2010/09/21 23:56:53 | 000,017,744 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys

[2010/09/21 23:56:52 | 000,023,376 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys

[2010/09/21 23:56:50 | 000,046,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys

[2010/09/21 23:56:47 | 000,100,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys

[2010/09/21 23:56:47 | 000,094,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys

[2010/09/21 23:56:46 | 000,028,880 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys

[2010/09/21 23:54:56 | 000,038,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr

[2010/09/21 23:54:52 | 000,167,592 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe

[2010/09/21 23:53:53 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software

[2010/09/21 23:53:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software

[2010/09/21 18:22:39 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup.exe

[2010/09/20 14:48:09 | 000,000,000 | ---D | C] -- C:\Program Files\sys6

[2010/09/20 14:48:06 | 000,000,000 | ---D | C] -- C:\Program Files\sys5

[2010/09/20 14:48:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft

[2010/09/09 23:18:03 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2010/08/31 10:32:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Vin Bin September 2010

[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[16 C:\Documents and Settings\Owner\Desktop\*.tmp files -> C:\Documents and Settings\Owner\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/09/22 23:25:38 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe

[2010/09/22 16:09:52 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\reeils.sys

[2010/09/22 15:49:35 | 000,001,745 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\HijackThis.lnk

[2010/09/22 14:43:48 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\cyra.sys

[2010/09/22 14:38:31 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT

[2010/09/22 14:34:41 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\keof.sys

[2010/09/22 14:31:18 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\bpsureue.sys

[2010/09/22 12:25:31 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\hxws.sys

[2010/09/22 12:23:14 | 006,153,376 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\Explorer.exe.exe

[2010/09/22 11:52:31 | 000,695,808 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\hotfix.exe

[2010/09/22 11:49:44 | 000,043,008 | ---- | M] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\PowerReg Scheduler V3Srv.exe

[2010/09/22 11:49:41 | 000,000,247 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat

[2010/09/22 11:49:34 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/09/22 11:49:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/09/22 11:49:31 | 469,291,008 | -HS- | M] () -- C:\hiberfil.sys

[2010/09/22 11:46:24 | 004,456,448 | -H-- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT

[2010/09/22 11:45:03 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini

[2010/09/22 09:48:55 | 004,319,414 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db

[2010/09/22 09:40:15 | 000,000,286 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Shortcut (2) to iExplore.lnk

[2010/09/22 09:35:50 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\rkill.com

[2010/09/22 09:31:15 | 000,000,286 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to iExplore.lnk

[2010/09/21 23:56:54 | 000,001,711 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk

[2010/09/21 23:51:16 | 055,085,336 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\setup_av_free.exe

[2010/09/21 23:44:25 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\swxg.sys

[2010/09/21 20:42:40 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\uloosh.sys

[2010/09/21 19:28:56 | 001,640,913 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Grampian Structure.pdf

[2010/09/21 18:22:38 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup.exe

[2010/09/21 17:21:57 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\alui.sys

[2010/09/21 07:18:27 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\xorpc.sys

[2010/09/20 16:02:47 | 000,270,336 | ---- | M] (Leader Technologies) -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe

[2010/09/16 16:39:08 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2010/09/15 12:04:34 | 000,047,975 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Beverage Journal October 2010.pdf

[2010/09/10 11:45:02 | 000,206,075 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Art Dept page one.jpg

[2010/09/10 11:44:39 | 000,181,976 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Art Dept page two.jpg

[2010/09/10 11:01:26 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

[2010/09/09 23:18:57 | 000,001,967 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\BlackBerry Desktop Software.lnk

[2010/09/09 22:41:44 | 000,001,615 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk

[2010/09/09 10:39:30 | 000,000,256 | ---- | M] () -- C:\Documents and Settings\Owner\pool.bin

[2010/09/08 01:34:03 | 000,050,385 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Inventory Sept 7.xlsx

[2010/09/07 11:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr

[2010/09/07 11:11:54 | 000,167,592 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe

[2010/09/07 10:52:25 | 000,046,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys

[2010/09/07 10:52:03 | 000,165,584 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys

[2010/09/07 10:47:46 | 000,023,376 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys

[2010/09/07 10:47:19 | 000,100,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys

[2010/09/07 10:47:16 | 000,094,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys

[2010/09/07 10:47:07 | 000,017,744 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys

[2010/09/07 10:46:51 | 000,028,880 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys

[2010/09/04 12:25:48 | 000,106,496 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\VR Fine&Rare 9_3_10.xls

[2010/08/31 11:23:37 | 000,036,864 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ClioCellar8_16_10.xls

[2010/08/31 09:24:33 | 000,046,989 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Inventory September 1 2010 Raw.xlsx

[2010/08/27 20:57:17 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TuneUp Companion.lnk

[2010/08/26 09:30:15 | 000,001,681 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\AKA Bistro logo.jpg

[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[16 C:\Documents and Settings\Owner\Desktop\*.tmp files -> C:\Documents and Settings\Owner\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/09/22 16:09:52 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\reeils.sys

[2010/09/22 15:49:34 | 000,001,745 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\HijackThis.lnk

[2010/09/22 14:43:47 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\cyra.sys

[2010/09/22 14:34:41 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\keof.sys

[2010/09/22 14:31:18 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\bpsureue.sys

[2010/09/22 12:25:31 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\hxws.sys

[2010/09/22 09:40:15 | 000,000,286 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Shortcut (2) to iExplore.lnk

[2010/09/22 09:39:50 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\rkill.com

[2010/09/22 09:31:15 | 000,000,286 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to iExplore.lnk

[2010/09/22 09:13:13 | 000,043,008 | ---- | C] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\PowerReg Scheduler V3Srv.exe

[2010/09/22 02:49:56 | 000,695,808 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\hotfix.exe

[2010/09/21 23:56:54 | 000,001,711 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk

[2010/09/21 23:50:27 | 055,085,336 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\setup_av_free.exe

[2010/09/21 23:44:25 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\swxg.sys

[2010/09/21 20:42:40 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\uloosh.sys

[2010/09/21 19:28:56 | 001,640,913 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Grampian Structure.pdf

[2010/09/21 17:21:57 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\alui.sys

[2010/09/21 07:18:27 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\xorpc.sys

[2010/09/15 12:04:34 | 000,047,975 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Beverage Journal October 2010.pdf

[2010/09/10 11:45:02 | 000,206,075 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Art Dept page one.jpg

[2010/09/10 11:44:39 | 000,181,976 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Art Dept page two.jpg

[2010/09/09 23:19:08 | 000,000,759 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Rim.Desktop.HttpServerSetup.log

[2010/09/09 23:18:57 | 000,001,967 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\BlackBerry Desktop Software.lnk

[2010/09/09 22:47:17 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

[2010/09/09 22:41:44 | 000,001,615 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk

[2010/09/08 01:34:01 | 000,050,385 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Inventory Sept 7.xlsx

[2010/09/04 12:25:48 | 000,106,496 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\VR Fine&Rare 9_3_10.xls

[2010/08/31 11:05:22 | 000,036,864 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ClioCellar8_16_10.xls

[2010/08/31 09:24:29 | 000,046,989 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Inventory September 1 2010 Raw.xlsx

[2010/08/27 20:57:17 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TuneUp Companion.lnk

[2010/08/26 09:30:14 | 000,001,681 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\AKA Bistro logo.jpg

[2010/02/16 17:37:46 | 000,020,992 | ---- | C] () -- C:\WINDOWS\jestertb.dll

[2009/02/10 15:24:20 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll

[2008/03/14 00:11:03 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll

[2008/03/14 00:11:03 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll

[2008/03/14 00:11:03 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll

[2008/03/14 00:11:03 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll

[2008/03/14 00:11:03 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll

[2008/03/14 00:11:02 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll

[2008/03/08 05:10:59 | 000,019,872 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\dexysohu.inf

[2008/03/08 05:10:59 | 000,019,010 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\akut.vbs

[2008/03/08 05:10:59 | 000,017,436 | ---- | C] () -- C:\Program Files\Common Files\dylog.pif

[2008/03/08 05:10:59 | 000,017,116 | ---- | C] () -- C:\Program Files\Common Files\edete.reg

[2008/03/08 05:10:59 | 000,016,636 | ---- | C] () -- C:\WINDOWS\onipokacoz.dll

[2008/03/08 05:10:59 | 000,016,427 | ---- | C] () -- C:\Program Files\Common Files\zagyj.com

[2008/03/08 05:10:59 | 000,012,732 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\xuzex.bat

[2008/03/08 05:10:59 | 000,012,390 | ---- | C] () -- C:\Program Files\Common Files\bypujevy._sy

[2008/03/08 05:10:59 | 000,011,799 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ligisu.exe

[2008/03/08 05:10:59 | 000,010,218 | ---- | C] () -- C:\Program Files\Common Files\uxerisunej.ban

[2008/03/08 05:10:59 | 000,010,123 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\jovaxitu.com

[2008/03/08 05:10:58 | 000,019,217 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\arul.exe

[2008/03/07 15:53:24 | 000,019,882 | ---- | C] () -- C:\Program Files\Common Files\dapegi._sy

[2008/03/07 15:53:24 | 000,017,394 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\tacini.dll

[2008/03/07 15:53:24 | 000,016,351 | ---- | C] () -- C:\WINDOWS\ovyfuheke.dll

[2008/03/07 15:53:24 | 000,013,747 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ositum.inf

[2008/03/07 15:53:24 | 000,013,252 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\jodopukif.db

[2008/03/07 15:53:24 | 000,012,974 | ---- | C] () -- C:\WINDOWS\ihyguca.dll

[2008/03/07 15:53:24 | 000,011,889 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\nyjelogyd.com

[2008/03/07 15:53:24 | 000,010,721 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\zatoraqiky.vbs

[2008/03/07 14:04:33 | 000,018,381 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\rihecyga.bin

[2008/03/07 14:04:33 | 000,013,769 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\zuku.db

[2008/03/07 14:04:33 | 000,012,949 | ---- | C] () -- C:\WINDOWS\fivymop.sys

[2008/03/07 14:04:33 | 000,012,758 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\rixa.bin

[2008/03/07 14:04:33 | 000,010,446 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\agifagon.scr

[2007/06/04 05:14:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

[2007/05/21 22:15:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini

[2006/01/12 13:33:36 | 000,002,590 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

[2004/09/17 18:37:42 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll

[2004/05/15 19:18:21 | 000,019,564 | ---- | C] () -- C:\WINDOWS\cdplayer.ini

[2004/05/02 03:54:05 | 000,175,616 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2004/01/22 05:26:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini

[2004/01/22 05:26:02 | 000,000,451 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini

[2004/01/21 06:04:38 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2004/01/21 05:52:52 | 000,000,051 | ---- | C] () -- C:\WINDOWS\System32\mshrml.ini

[2004/01/21 00:04:56 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat

[2004/01/21 00:02:24 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll

[2004/01/20 23:56:41 | 000,030,197 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS

[2004/01/20 23:56:16 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\syscontr.dll

[2004/01/20 23:55:38 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll

[2004/01/20 23:42:36 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2004/01/20 23:34:02 | 000,000,889 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI

[2004/01/20 22:30:23 | 000,011,108 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log

[2004/01/20 21:47:52 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2004/01/20 21:38:07 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll

[2004/01/20 21:38:07 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll

[2004/01/20 21:37:39 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll

[2004/01/20 21:20:37 | 000,000,802 | ---- | C] () -- C:\WINDOWS\orun32.ini

[2004/01/20 20:05:12 | 000,000,549 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

[2003/01/08 02:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

[2001/07/07 04:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2004/07/05 18:55:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems

[2010/09/21 23:53:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software

[2009/07/25 10:50:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avg7

[2010/01/12 11:49:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9

[2005/08/09 16:51:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN Messenger 5.0.0544

[2010/03/20 20:16:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NTIReg

[2010/04/22 13:00:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion

[2010/02/14 13:11:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sonos

[2010/07/15 11:36:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUpMedia

[2009/03/31 08:29:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}

[2010/04/13 00:29:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2009/09/14 22:31:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

[2009/05/04 23:07:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

[2004/07/05 19:05:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ACD Systems

[2009/12/10 10:20:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Blackberry Desktop

[2010/09/20 12:57:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Image Zone Express

[2008/03/16 23:29:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\interMute

[2004/05/02 04:09:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterVideo

[2004/05/24 02:09:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Kontiki

[2004/05/05 02:04:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech

[2005/07/12 22:44:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Research In Motion

[2004/01/21 00:29:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView

[2010/09/10 11:02:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TuneUpMedia

[2009/07/20 23:36:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Uniblue

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >

[2004/01/20 21:16:37 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT

[2008/03/14 00:07:55 | 000,000,196 | RHS- | M] () -- C:\BOOT.BAK

[2008/11/30 17:31:40 | 000,000,281 | RHS- | M] () -- C:\boot.ini

[2008/03/10 02:22:22 | 000,000,196 | ---- | M] () -- C:\bootOLD.ini

[2004/08/31 00:47:36 | 000,561,254 | ---- | M] () -- C:\Bosch2.bmp

[2004/10/23 12:23:05 | 000,736,046 | ---- | M] () -- C:\Bouche Label

[2010/01/12 21:40:32 | 000,000,416 | ---- | M] () -- C:\CD3rdPartyWrapper.log

[2002/08/29 08:00:00 | 000,245,920 | RHS- | M] () -- C:\cmldr

[2004/01/20 21:16:37 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS

[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt

[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt

[2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt

[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt

[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt

[2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt

[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt

[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt

[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt

[2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini

[2010/09/22 11:49:31 | 469,291,008 | -HS- | M] () -- C:\hiberfil.sys

[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe

[2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini

[2007/11/07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll

[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll

[2007/11/07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll

[2007/11/07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll

[2007/11/07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll

[2007/11/07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll

[2007/11/07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll

[2007/11/07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll

[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll

[2004/01/20 21:16:37 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2004/01/20 21:16:37 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2008/03/14 05:03:07 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM

[2008/08/31 10:56:29 | 000,250,048 | RHS- | M] () -- C:\ntldr

[2010/09/22 11:49:28 | 704,643,072 | -HS- | M] () -- C:\pagefile.sys

[2007/11/28 01:02:32 | 000,024,590 | ---- | M] () -- C:\Rescued document 1.txt

[2007/11/28 01:02:35 | 000,000,002 | ---- | M] () -- C:\Rescued document 2.txt

[2010/09/22 14:40:31 | 000,000,392 | ---- | M] () -- C:\rkill.log

[2007/04/16 07:31:54 | 000,004,243 | ---- | M] () -- C:\RoxioVenueToken.txt

[2005/11/09 15:08:54 | 000,010,240 | -HS- | M] () -- C:\Thumbs.db

[2010/05/06 09:15:38 | 000,001,083 | ---- | M] () -- C:\updatedatfix.log

[2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp

[2007/11/07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab

[2007/11/07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

[2006/09/24 19:49:48 | 000,000,026 | ---- | M] () -- C:\wizard.txt

< %systemroot%\system32\*.dll /lockedfiles >

[2008/04/13 20:12:00 | 001,384,479 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msvbvm60.dll

[5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >

[2004/01/20 13:08:08 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav

[2004/01/20 13:08:08 | 000,602,112 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav

[2004/01/20 13:08:08 | 000,385,024 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >

[2010/09/07 10:46:51 | 000,028,880 | ---- | M] (AVAST Software) -- C:\WINDOWS\system32\drivers\aavmker4.sys

[2010/09/21 17:21:57 | 000,054,016 | ---- | M] () -- C:\WINDOWS\system32\drivers\alui.sys

[2010/09/07 10:47:07 | 000,017,744 | ---- | M] (AVAST Software) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys

[2010/09/07 10:47:16 | 000,094,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\system32\drivers\aswmon.sys

[2010/09/07 10:47:19 | 000,100,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\system32\drivers\aswmon2.sys

[2010/09/07 10:47:46 | 000,023,376 | ---- | M] (AVAST Software) -- C:\WINDOWS\system32\drivers\aswRdr.sys

[2010/09/07 10:52:03 | 000,165,584 | ---- | M] (AVAST Software) -- C:\WINDOWS\system32\drivers\aswSP.sys

[2010/09/07 10:52:25 | 000,046,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\system32\drivers\aswTdi.sys

[2010/09/22 14:31:18 | 000,054,016 | ---- | M] () -- C:\WINDOWS\system32\drivers\bpsureue.sys

[2010/09/22 14:43:48 | 000,054,016 | ---- | M] () -- C:\WINDOWS\system32\drivers\cyra.sys

[2010/09/22 12:25:31 | 000,054,016 | ---- | M] () -- C:\WINDOWS\system32\drivers\hxws.sys

[2010/09/22 14:34:41 | 000,054,016 | ---- | M] () -- C:\WINDOWS\system32\drivers\keof.sys

[2010/09/22 16:09:52 | 000,054,016 | ---- | M] () -- C:\WINDOWS\system32\drivers\reeils.sys

[2010/09/21 23:44:25 | 000,054,016 | ---- | M] () -- C:\WINDOWS\system32\drivers\swxg.sys

[2010/09/21 20:42:40 | 000,054,016 | ---- | M] () -- C:\WINDOWS\system32\drivers\uloosh.sys

[2010/09/21 07:18:27 | 000,054,016 | ---- | M] () -- C:\WINDOWS\system32\drivers\xorpc.sys

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll

[2006/02/09 16:43:24 | 000,074,240 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp054.dll

[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

< End of report >

And here is Extras.Txt

OTL Extras logfile created on: 9/22/2010 11:30:56 PM - Run 1

OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Owner\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

447.00 Mb Total Physical Memory | 82.00 Mb Available Physical Memory | 18.00% Memory free

1.00 Gb Paging File | 1.00 Gb Available in Paging File | 59.00% Paging File free

Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 70.06 Gb Total Space | 32.28 Gb Free Space | 46.07% Space Free | Partition Type: NTFS

Drive D: | 4.45 Gb Total Space | 0.60 Gb Free Space | 13.47% Space Free | Partition Type: FAT32

E: Drive not present or media not loaded

Unable to calculate disk information.

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Drive Y: | 928.30 Gb Total Space | 868.30 Gb Free Space | 93.54% Space Free | Partition Type: NTFS

Drive Z: | 928.30 Gb Total Space | 868.30 Gb Free Space | 93.54% Space Free | Partition Type: NTFS

Computer Name: HPA500N

Current User Name: Owner

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

"4481:TCP" = 4481:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software music sync service data transfer

"4481:UDP" = 4481:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software music sync service discovery

"4482:TCP" = 4482:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software music sync service data transfer

"4482:UDP" = 4482:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software music sync service discovery

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe" = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe:*:Disabled:BackWeb-137903 -- File not found

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- ()

"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)

"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)

"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)

"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )

"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\Program Files\Sonos\sonos.exe" = C:\Program Files\Sonos\sonos.exe:LocalSubNet:Enabled:Sonos Desktop Controller -- (Sonos, Inc.)

"F:\WD Discovery Software\WD Discovery.exe" = F:\WD Discovery Software\WD Discovery.exe:*:Enabled:WD Discovery Application -- File not found

"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)

"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

"C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe" = C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe:*:Enabled:BlackBerry Desktop Software -- (Research In Motion)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager

"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour

"{1401311D-3960-4CEB-AC0B-4214F069E5B9}" = Sonos Desktop Controller

"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1

"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress

"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java 6 Update 19

"{2A267BC6-F77F-4DD4-825F-7AEB1F68B4B1}" = HpSdpAppCoreApp

"{2E132061-C78A-48D4-A899-1D13B9D189FA}" = Memories Disc Creator 2.0

"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes

"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone

"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant

"{45B6180B-DCAB-4093-8EE8-6164457517F0}" = Photosmart 140,240,7200,7600,7700,7900 Series

"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant

"{60758250-C8CF-47EB-8CB6-E0C3B84D8207}" = PSShortcutsP

"{608D55BC-28E9-477B-8732-23CA23CE0BA8}" = BlackBerry Desktop Manager

"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com

"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg

"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder

"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI

"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox

"{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential

"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme

"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0

"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI

"{8113B2B8-EC59-4BE8-963A-FBC5EC40B1CF}_is1" = Pod to PC version 3.213

"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder

"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc

"{8A708DD8-A5E6-11D4-A706-000629E95E20}" =

"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003

"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = RecordNow!

"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD Player

"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy

"{9FC8D8F8-AF3A-4488-98AF-51C6DEC732F2}" = c3100_Help

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A9F5421F-DA70-4C77-BB97-8D77EC33ED5E}" = HP Photosmart and Deskjet 7.0.A

"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder

"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3

"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update

"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers

"{B2F3FB19-D848-479C-818E-130ABC9366DB}" = BlackBerry Device Software Updater

"{B9ECA41B-55CC-4654-B6B5-6731D009EC69}" = NTI Backup Now EZ

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update

"{C6C44651-7C66-4b11-92E8-17565D3D22DD}" = HP Image Zone Plus 3.5

"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter

"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}" = BlackBerry Desktop Software 6.0

"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support

"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp

"{E0783143-EAE2-4047-A8D6-E155523C594C}" = Garmin WebUpdater

"{EB8C9964-09AC-48bf-8B98-027609C78251}" = C3100

"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime

"{EF9967D8-1999-4260-ACC2-86901AA36650}" = Multimedia Card Reader

"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC

"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan

"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA

"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations

"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"avast5" = avast! Free Antivirus

"BlackBerry_D

Link to post
Share on other sites

And, after a number of attempts,here is the Rootkit Unhooker report:

RkU Version: 3.8.388.590, Type LE (SR2)

==============================================

OS Name: Windows XP

Version 5.1.2600 (Service Pack 3)

Number of processors #1

==============================================

>Drivers

==============================================

0xBF012000 C:\WINDOWS\System32\vtdisp.dll 3448832 bytes (VIA/S3 Graphics Co, Ltd., VIA/S3G Graphics Driver)

0xF69AA000 C:\WINDOWS\system32\drivers\ALCXWDM.SYS 2281472 bytes (Realtek Semiconductor Corp., Realtek AC'97 Audio Driver (WDM))

0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2189952 bytes (Microsoft Corporation, NT Kernel & System)

0x804D7000 PnpManager 2189952 bytes

0x804D7000 RAW 2189952 bytes

0x804D7000 WMIxWDM 2189952 bytes

0xBF800000 Win32k 1851392 bytes

0xBF800000 C:\WINDOWS\System32\win32k.sys 1851392 bytes (Microsoft Corporation, Multi-User Win32 Driver)

0xF6C1E000 C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys 634880 bytes (Agere Systems, Agere Windows Modem)

0xF7481000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)

0xF56B3000 C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)

0xF68EC000 C:\WINDOWS\System32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)

0xF5838000 C:\WINDOWS\System32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)

0xF02E2000 C:\WINDOWS\System32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)

0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)

0xF0096000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)

0xF75DA000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)

0xF0609000 C:\WINDOWS\System32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)

0xF7454000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)

0xF5723000 C:\WINDOWS\System32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)

0xF6CCD000 C:\WINDOWS\System32\DRIVERS\vtmini.sys 176128 bytes (Copyright © VIA/S3 Graphics Co, Ltd., VIA/S3G Miniport Driver)

0xF5810000 C:\WINDOWS\System32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)

0xF568D000 C:\WINDOWS\System32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)

0xF5641000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)

0xF6986000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))

0xF6BD7000 C:\WINDOWS\System32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)

0xF756F000 fasttx2k.sys 143360 bytes (Promise Technology, Inc., Promise FastTrak Series Driver for WindowsXP)

0xF6BFB000 C:\WINDOWS\System32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)

0xF57EE000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)

0x806EE000 ACPI_HAL 131840 bytes

0x806EE000 C:\WINDOWS\system32\hal.dll 131840 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)

0xF7537000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)

0xF75AA000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)

0xF743A000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)

0xF7592000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)

0xF7557000 C:\WINDOWS\System32\DRIVERS\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)

0xF750E000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)

0xF695B000 C:\WINDOWS\System32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))

0xF0A6C000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)

0xF6972000 C:\WINDOWS\System32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)

0xF6CB9000 C:\WINDOWS\System32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)

0xF5891000 C:\WINDOWS\System32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)

0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)

0xF7525000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)

0xF75C9000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)

0xF694A000 C:\WINDOWS\System32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)

0xF77D9000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)

0xF7829000 C:\WINDOWS\System32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)

0xF76D9000 C:\WINDOWS\System32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)

0xF7699000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)

0xF6FE8000 C:\WINDOWS\System32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)

0xF77A9000 C:\WINDOWS\System32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)

0xF7008000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)

0xF7899000 C:\WINDOWS\System32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)

0xF0BE9000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)

0xF7749000 C:\WINDOWS\System32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)

0xF76A9000 C:\WINDOWS\System32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)

0xF7669000 C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)

0xF77E9000 C:\WINDOWS\system32\DRIVERS\HPZid412.sys 53248 bytes (HP, IEEE-1284.4-1999 Driver (Windows 2000))

0xF6FD8000 C:\WINDOWS\System32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)

0xF6FC8000 C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)

0xF7649000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)

0xF76E9000 C:\WINDOWS\System32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)

0xF6FF8000 C:\WINDOWS\System32\DRIVERS\fetnd5bv.sys 45056 bytes (VIA Technologies, Inc. , NDIS 5.0 miniport driver)

0xF7789000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)

0xF7018000 C:\WINDOWS\System32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)

0xF7639000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)

0xF6FB8000 C:\WINDOWS\System32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)

0xF7809000 C:\WINDOWS\System32\DRIVERS\amdk7.sys 40960 bytes (Microsoft Corporation, Processor Device Driver)

0xF7629000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)

0xF7729000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)

0xF7689000 SISAGPX.sys 40960 bytes (Silicon Integrated Systems Corporation, SiS AGPv3.5 Filter)

0xF7709000 C:\WINDOWS\System32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)

0xF7819000 C:\WINDOWS\System32\Drivers\AFS2K.SYS 36864 bytes (Oak Technology Inc., Audio File System)

0xF7659000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)

0xF77F9000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)

0xF76F9000 C:\WINDOWS\System32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)

0xF7769000 C:\WINDOWS\System32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)

0xF7719000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)

0xF7679000 PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)

0xF7799000 C:\WINDOWS\System32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)

0xF79E9000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)

0xF7979000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)

0xF7981000 C:\WINDOWS\System32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)

0xF7919000 C:\WINDOWS\System32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)

0xF7921000 C:\WINDOWS\System32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)

0xF79A1000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)

0xF78A9000 C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)

0xF7949000 C:\WINDOWS\system32\DRIVERS\RimSerial.sys 28672 bytes (Research in Motion Ltd, RIM Virtual Serial Driver)

0xF79A9000 C:\WINDOWS\System32\Drivers\sunkfilt.sys 28672 bytes (Alcor Micro Corp., SunkFilt)

0xF7989000 C:\WINDOWS\System32\DRIVERS\usbprint.sys 28672 bytes (Microsoft Corporation, USB Printer driver)

0xF7999000 C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)

0xF78B9000 viaagp1.sys 28672 bytes (VIA Technologies, Inc., VIA NT AGP Filter)

0xF7909000 C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)

0xF7991000 C:\WINDOWS\system32\DRIVERS\HPZius12.sys 24576 bytes (HP, 1284.4<->Usb Datalink Driver (Windows 2000))

0xF7929000 C:\WINDOWS\System32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)

0xF7951000 C:\WINDOWS\System32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)

0xF78C1000 nv_agp.sys 24576 bytes (NVIDIA Corporation, NVIDIA nForce AGP Filter)

0xF7911000 C:\WINDOWS\System32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)

0xF7969000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)

0xF7959000 C:\WINDOWS\System32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)

0xF7971000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)

0xF78B1000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)

0xF7939000 C:\WINDOWS\System32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)

0xF7941000 C:\WINDOWS\System32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)

0xF7931000 C:\WINDOWS\System32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)

0xF79B1000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)

0xF7AE1000 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys 16384 bytes (HP, IEEE-1284.4-1999 Print Class Driver)

0xF7B25000 C:\WINDOWS\System32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)

0xF0CCD000 C:\WINDOWS\System32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)

0xF7B19000 C:\WINDOWS\System32\DRIVERS\PS2.sys 16384 bytes (Hewlett-Packard Company, PS2 SYS)

0xF7B15000 C:\WINDOWS\System32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)

0xF7ADD000 C:\WINDOWS\System32\DRIVERS\usbscan.sys 16384 bytes (Microsoft Corporation, USB Scanner Driver)

0xF7A39000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)

0xF7B01000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)

0xF7AE5000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)

0xF7AE9000 C:\WINDOWS\System32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)

0xF7B1D000 C:\WINDOWS\System32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)

0xF7213000 C:\WINDOWS\system32\drivers\pfc.sys 12288 bytes (Padus, Inc., Padus® ASPI Shell)

0xF6CFC000 C:\WINDOWS\System32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)

0xF7AB1000 C:\WINDOWS\System32\DRIVERS\srvkp.sys 12288 bytes (Silicon Integrated Systems Corporation, SiS VGA Driver Manager)

0xF7AAD000 C:\WINDOWS\System32\drivers\ws2ifsl.sys 12288 bytes (Microsoft Corporation, Winsock2 IFS Layer)

0xF7B6F000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)

0xF7B6D000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)

0xF7B29000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)

0xF7B71000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)

0xF7B63000 C:\WINDOWS\system32\drivers\NTIDrvr.sys 8192 bytes (NewTech Infosystems, Inc., NTI CD-ROM Filter Driver)

0xF7BAD000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)

0xF7B73000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)

0xF7B65000 C:\WINDOWS\System32\Drivers\RootMdm.sys 8192 bytes (Microsoft Corporation, Legacy Non-Pnp Modem Device Driver)

0xF7B67000 C:\WINDOWS\System32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)

0xF7B75000 C:\WINDOWS\system32\drivers\UBHelper.sys 8192 bytes (NewTech Infosystems Corporation, NTI CDROM Filter Driver)

0xF7B69000 C:\WINDOWS\System32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)

0xF7B2D000 viaide.sys 8192 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)

0xF7B2B000 C:\WINDOWS\System32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)

0xF7D4B000 C:\WINDOWS\System32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)

0xF7D6B000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)

0xF7C65000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)

0xF7BF1000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)

!!!!!!!!!!!Hidden driver: 0x84DEEAEA ?_empty_? 1302 bytes

0x84DEEEC5 unknown_irp_handler 315 bytes

!!!!!!!!!!!Hidden driver: 0x84C80318 ?_empty_? 0 bytes

==============================================

>Stealth

==============================================

0xF7592000 WARNING: suspicious driver modification [atapi.sys::0x84DEEAEA]

0xF7829000 WARNING: Virus alike driver modification [cdrom.sys], 65536 bytes

==============================================

>Files

==============================================

==============================================

>Hooks

==============================================

ntoskrnl.exe+0x00004AA2, Type: Inline - RelativeJump 0x804DBAA2-->804DBAA9 [ntoskrnl.exe]

[1052]svchost.exe-->mswsock.dll+0x00004057, Type: Inline - RelativeJump 0x71A54057-->00000000 [unknown_code_page]

[1052]svchost.exe-->mswsock.dll+0x0000433A, Type: Inline - RelativeJump 0x71A5433A-->00000000 [unknown_code_page]

[1052]svchost.exe-->mswsock.dll+0x00005847, Type: Inline - RelativeJump 0x71A55847-->00000000 [unknown_code_page]

[1052]svchost.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x7C90E47C-->00000000 [unknown_code_page]

[1052]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page]

[1052]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [unknown_code_page]

[1052]svchost.exe-->user32.dll-->GetCursorPos, Type: Inline - RelativeJump 0x7E42974E-->00000000 [unknown_code_page]

[1788]firefox.exe-->mswsock.dll+0x00004057, Type: Inline - RelativeJump 0x71A54057-->00000000 [unknown_code_page]

[1788]firefox.exe-->mswsock.dll+0x0000433A, Type: Inline - RelativeJump 0x71A5433A-->00000000 [unknown_code_page]

[1788]firefox.exe-->mswsock.dll+0x00005847, Type: Inline - RelativeJump 0x71A55847-->00000000 [unknown_code_page]

[1788]firefox.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x7C90E47C-->00000000 [unknown_code_page]

[1788]firefox.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page]

[1788]firefox.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [unknown_code_page]

[1808]firefox.exe-->mswsock.dll+0x00004057, Type: Inline - RelativeJump 0x71A54057-->00000000 [unknown_code_page]

[1808]firefox.exe-->mswsock.dll+0x0000433A, Type: Inline - RelativeJump 0x71A5433A-->00000000 [unknown_code_page]

[1808]firefox.exe-->mswsock.dll+0x00005847, Type: Inline - RelativeJump 0x71A55847-->00000000 [unknown_code_page]

[1808]firefox.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x7C90E47C-->00000000 [unknown_code_page]

[1808]firefox.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page]

[1808]firefox.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [unknown_code_page]

[220]ps2.EXE-->shell32.dll-->user32.dll-->ExitWindowsEx, Type: IAT modification 0x7C9C1E7C-->00000000 [Pehook.dll]

[228]shwicon2k.exe-->shell32.dll-->user32.dll-->ExitWindowsEx, Type: IAT modification 0x7C9C1E7C-->00000000 [Pehook.dll]

[236]ALCXMNTR.EXE-->shell32.dll-->user32.dll-->ExitWindowsEx, Type: IAT modification 0x7C9C1E7C-->00000000 [Pehook.dll]

[256]hpwuschd2.exe-->shell32.dll-->user32.dll-->ExitWindowsEx, Type: IAT modification 0x7C9C1E7C-->00000000 [Pehook.dll]

[2932]hpqste08.exe-->shell32.dll-->user32.dll-->ExitWindowsEx, Type: IAT modification 0x7C9C1E7C-->00000000 [Pehook.dll]

[3216]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]

[3216]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]

[3216]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00000000 [shimeng.dll]

[3216]explorer.exe-->mswsock.dll+0x00004057, Type: Inline - RelativeJump 0x71A54057-->00000000 [unknown_code_page]

[3216]explorer.exe-->mswsock.dll+0x0000433A, Type: Inline - RelativeJump 0x71A5433A-->00000000 [unknown_code_page]

[3216]explorer.exe-->mswsock.dll+0x00005847, Type: Inline - RelativeJump 0x71A55847-->00000000 [unknown_code_page]

[3216]explorer.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x7C90E47C-->00000000 [unknown_code_page]

[3216]explorer.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page]

[3216]explorer.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [unknown_code_page]

[3216]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]

[3216]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]

[324]QTTask.exe-->shell32.dll-->user32.dll-->ExitWindowsEx, Type: IAT modification 0x7C9C1E7C-->00000000 [Pehook.dll]

Link to post
Share on other sites

You are welcome

I am no deity though :P

==============

One or more of the identified infections is a backdoor trojan or rootkit.

This type of infection has the capabilities to allows hacker to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identity Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

If you still want to clean it please do the following

=============

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    DRV - (wxlcoxep) -- C:\WINDOWS\system32\drivers\swxg.sys ()
    DRV - (jcbljma) -- C:\WINDOWS\system32\drivers\uloosh.sys ()
    DRV - (liulp) -- C:\WINDOWS\system32\drivers\alui.sys ()
    DRV - (twwgttu) -- C:\WINDOWS\system32\drivers\xorpc.sys ()
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50370
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll File not found
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - No CLSID value found.
    O4 - HKLM..\Run: [AutoTBar] File not found
    O4 - HKLM..\Run: [VTTimer] File not found
    O4 - HKCU..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe File not found
    O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe (Leader Technologies)
    O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\PowerReg Scheduler V3Srv.exe ()
    F3 - HKCU WinNT: Load - (C:\DOCUME~1\Owner\LOCALS~1\Temp\dwm.exe) - C:\Documents and Settings\Owner\Local Settings\Temp\dwm.exe ()
    O20 - HKLM Winlogon: UserInit - (c:\program files\microsoft\desktoplayer.exe) - c:\Program Files\Microsoft\DesktopLayer.exe ()
    O20 - HKLM Winlogon: UserInit - (c:\program files\quicktime\qttasksrv.exe) - c:\Program Files\QuickTime\QTTaskSrv.exe ()
    O20 - HKCU Winlogon: Shell - (C:\Documents and Settings\Owner\Application Data\Microsoft\Windows\shell.exe) - C:\Documents and Settings\Owner\Application Data\Microsoft\Windows\shell.exe ()
    [2010/09/22 11:07:46 | 000,000,000 | ---D | C] -- C:\Program Files\sys4
    [2010/09/20 14:48:09 | 000,000,000 | ---D | C] -- C:\Program Files\sys6
    [2010/09/20 14:48:06 | 000,000,000 | ---D | C] -- C:\Program Files\sys5
    [2010/09/22 16:09:52 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\reeils.sys
    [2010/09/22 14:34:41 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\keof.sys
    [2010/09/22 14:31:18 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\bpsureue.sys
    [2010/09/22 12:25:31 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\hxws.sys
    [2010/09/22 11:52:31 | 000,695,808 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\hotfix.exe
    2008/03/08 05:10:59 | 000,019,872 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\dexysohu.inf
    [2008/03/08 05:10:59 | 000,019,010 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\akut.vbs
    [2008/03/08 05:10:59 | 000,017,436 | ---- | C] () -- C:\Program Files\Common Files\dylog.pif
    [2008/03/08 05:10:59 | 000,017,116 | ---- | C] () -- C:\Program Files\Common Files\edete.reg
    [2008/03/08 05:10:59 | 000,016,636 | ---- | C] () -- C:\WINDOWS\onipokacoz.dll
    [2008/03/08 05:10:59 | 000,016,427 | ---- | C] () -- C:\Program Files\Common Files\zagyj.com
    [2008/03/08 05:10:59 | 000,012,732 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\xuzex.bat
    [2008/03/08 05:10:59 | 000,012,390 | ---- | C] () -- C:\Program Files\Common Files\bypujevy._sy
    [2008/03/08 05:10:59 | 000,011,799 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ligisu.exe
    [2008/03/08 05:10:59 | 000,010,218 | ---- | C] () -- C:\Program Files\Common Files\uxerisunej.ban
    [2008/03/08 05:10:59 | 000,010,123 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\jovaxitu.com
    [2008/03/08 05:10:58 | 000,019,217 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\arul.exe
    [2008/03/07 15:53:24 | 000,019,882 | ---- | C] () -- C:\Program Files\Common Files\dapegi._sy
    [2008/03/07 15:53:24 | 000,017,394 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\tacini.dll
    [2008/03/07 15:53:24 | 000,016,351 | ---- | C] () -- C:\WINDOWS\ovyfuheke.dll
    [2008/03/07 15:53:24 | 000,013,747 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ositum.inf
    [2008/03/07 15:53:24 | 000,013,252 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\jodopukif.db
    [2008/03/07 15:53:24 | 000,012,974 | ---- | C] () -- C:\WINDOWS\ihyguca.dll
    [2008/03/07 15:53:24 | 000,011,889 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\nyjelogyd.com
    [2008/03/07 15:53:24 | 000,010,721 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\zatoraqiky.vbs
    [2008/03/07 14:04:33 | 000,018,381 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\rihecyga.bin
    [2008/03/07 14:04:33 | 000,013,769 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\zuku.db
    [2008/03/07 14:04:33 | 000,012,949 | ---- | C] () -- C:\WINDOWS\fivymop.sys
    [2008/03/07 14:04:33 | 000,012,758 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\rixa.bin
    [2008/03/07 14:04:33 | 000,010,446 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\agifagon.scr

    :Commands
    [emptytemp]
    [Reboot]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.

===================

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

========

Download ComboFix from one of these locations:

Link 1

Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Link to post
Share on other sites

Kahdah,

Thanks again for your fast, if somewhat appalling, response.

It took a while to get OTL to run but here is the log:

All processes killed

========== OTL ==========

Service wxlcoxep stopped successfully!

Service wxlcoxep deleted successfully!

C:\WINDOWS\system32\drivers\swxg.sys moved successfully.

Service jcbljma stopped successfully!

Service jcbljma deleted successfully!

C:\WINDOWS\system32\drivers\uloosh.sys moved successfully.

Service liulp stopped successfully!

Service liulp deleted successfully!

C:\WINDOWS\system32\drivers\alui.sys moved successfully.

Service twwgttu stopped successfully!

Service twwgttu deleted successfully!

C:\WINDOWS\system32\drivers\xorpc.sys moved successfully.

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AutoTBar deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\VTTimer deleted successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Uniblue RegistryBooster 2009 deleted successfully.

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe moved successfully.

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\PowerReg Scheduler V3Srv.exe moved successfully.

C:\Documents and Settings\Owner\Local Settings\Temp\dwm.exe moved successfully.

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\Load:C:\DOCUME~1\Owner\LOCALS~1\Temp\dwm.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:c:\program files\microsoft\desktoplayer.exe deleted successfully.

c:\Program Files\Microsoft\DesktopLayer.exe moved successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:c:\program files\quicktime\qttasksrv.exe deleted successfully.

c:\Program Files\QuickTime\QTTaskSrv.exe moved successfully.

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell not found.

File C:\Documents and Settings\Owner\Application Data\Microsoft\Windows\shell.exe not found.

C:\Program Files\sys4 folder moved successfully.

C:\Program Files\sys6 folder moved successfully.

C:\Program Files\sys5 folder moved successfully.

C:\WINDOWS\system32\drivers\reeils.sys moved successfully.

C:\WINDOWS\system32\drivers\keof.sys moved successfully.

C:\WINDOWS\system32\drivers\bpsureue.sys moved successfully.

File C:\WINDOWS\System32\drivers\hxws.sys not found.

File C:\Documents and Settings\Owner\Application Data\hotfix.exe not found.

C:\Documents and Settings\All Users\Application Data\akut.vbs moved successfully.

C:\Program Files\Common Files\dylog.pif moved successfully.

C:\Program Files\Common Files\edete.reg moved successfully.

C:\WINDOWS\onipokacoz.dll moved successfully.

C:\Program Files\Common Files\zagyj.com moved successfully.

C:\Documents and Settings\Owner\Application Data\xuzex.bat moved successfully.

C:\Program Files\Common Files\bypujevy._sy moved successfully.

C:\Documents and Settings\All Users\Application Data\ligisu.exe moved successfully.

C:\Program Files\Common Files\uxerisunej.ban moved successfully.

C:\Documents and Settings\All Users\Application Data\jovaxitu.com moved successfully.

C:\Documents and Settings\All Users\Application Data\arul.exe moved successfully.

C:\Program Files\Common Files\dapegi._sy moved successfully.

C:\Documents and Settings\All Users\Application Data\tacini.dll moved successfully.

C:\WINDOWS\ovyfuheke.dll moved successfully.

C:\Documents and Settings\All Users\Application Data\ositum.inf moved successfully.

C:\Documents and Settings\Owner\Local Settings\Application Data\jodopukif.db moved successfully.

C:\WINDOWS\ihyguca.dll moved successfully.

C:\Documents and Settings\Owner\Application Data\nyjelogyd.com moved successfully.

C:\Documents and Settings\All Users\Application Data\zatoraqiky.vbs moved successfully.

C:\Documents and Settings\All Users\Application Data\rihecyga.bin moved successfully.

C:\Documents and Settings\Owner\Application Data\zuku.db moved successfully.

C:\WINDOWS\fivymop.sys moved successfully.

C:\Documents and Settings\All Users\Application Data\rixa.bin moved successfully.

C:\Documents and Settings\Owner\Application Data\agifagon.scr moved successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32902 bytes

->Flash cache emptied: 41620 bytes

User: LocalService

->Temp folder emptied: 68794 bytes

->Temporary Internet Files folder emptied: 71020187 bytes

->Java cache emptied: 8601 bytes

->Flash cache emptied: 5551 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 252021581 bytes

->Flash cache emptied: 9932 bytes

User: Owner

->Temp folder emptied: 2000789747 bytes

->Temporary Internet Files folder emptied: 3386508108 bytes

->Java cache emptied: 134545427 bytes

->FireFox cache emptied: 47405951 bytes

->Flash cache emptied: 2240056 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 111873 bytes

%systemroot%\System32 .tmp files removed: 4731409 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 677425318 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 60943276 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 141356 bytes

RecycleBin emptied: 1559814000 bytes

Total Files Cleaned = 7,818.00 mb

OTL by OldTimer - Version 3.2.14.1 log created on 09232010_115247

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Link to post
Share on other sites

TDSS Killer ran once but I could not find the log. Here is the log after the second run:

2010/09/23 13:06:00.0937 TDSS rootkit removing tool 2.4.2.1 Sep 7 2010 14:43:44

2010/09/23 13:06:00.0937 ================================================================================

2010/09/23 13:06:00.0937 SystemInfo:

2010/09/23 13:06:00.0937

2010/09/23 13:06:00.0937 OS Version: 5.1.2600 ServicePack: 3.0

2010/09/23 13:06:00.0937 Product type: Workstation

2010/09/23 13:06:00.0937 ComputerName: HPA500N

2010/09/23 13:06:00.0968 UserName: Owner

2010/09/23 13:06:00.0968 Windows directory: C:\WINDOWS

2010/09/23 13:06:00.0968 System windows directory: C:\WINDOWS

2010/09/23 13:06:00.0968 Processor architecture: Intel x86

2010/09/23 13:06:00.0968 Number of processors: 1

2010/09/23 13:06:00.0968 Page size: 0x1000

2010/09/23 13:06:00.0968 Boot type: Normal boot

2010/09/23 13:06:00.0968 ================================================================================

2010/09/23 13:06:02.0281 Initialize success

2010/09/23 13:06:08.0406 ================================================================================

2010/09/23 13:06:08.0406 Scan started

2010/09/23 13:06:08.0406 Mode: Manual;

2010/09/23 13:06:08.0406 ================================================================================

2010/09/23 13:06:13.0343 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2010/09/23 13:06:13.0625 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2010/09/23 13:06:14.0093 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2010/09/23 13:06:14.0421 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

2010/09/23 13:06:14.0656 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys

2010/09/23 13:06:15.0484 ALCXSENS (fbbcb95f677cbaa924140b6ea2d9a97b) C:\WINDOWS\system32\drivers\ALCXSENS.SYS

2010/09/23 13:06:16.0000 ALCXWDM (8d6c30e515717248e0e52b85fd7ac466) C:\WINDOWS\system32\drivers\ALCXWDM.SYS

2010/09/23 13:06:17.0687 AmdK7 (8fce268cdbdd83b23419d1f35f42c7b1) C:\WINDOWS\system32\DRIVERS\amdk7.sys

2010/09/23 13:06:18.0421 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

2010/09/23 13:06:19.0671 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2010/09/23 13:06:19.0921 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2010/09/23 13:06:20.0437 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2010/09/23 13:06:20.0703 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2010/09/23 13:06:20.0953 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2010/09/23 13:06:21.0281 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2010/09/23 13:06:21.0765 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2010/09/23 13:06:22.0140 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2010/09/23 13:06:22.0421 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2010/09/23 13:06:23.0718 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2010/09/23 13:06:24.0000 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2010/09/23 13:06:24.0421 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2010/09/23 13:06:24.0656 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2010/09/23 13:06:24.0906 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2010/09/23 13:06:25.0265 Dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys

2010/09/23 13:06:25.0515 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys

2010/09/23 13:06:25.0984 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2010/09/23 13:06:26.0515 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2010/09/23 13:06:26.0765 fasttx2k (1e580770bdece924494b368ac980749e) C:\WINDOWS\system32\DRIVERS\fasttx2k.sys

2010/09/23 13:06:27.0000 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

2010/09/23 13:06:27.0265 FETND5BV (cfc4cc73c903152a23e1db28eaba1f03) C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys

2010/09/23 13:06:27.0609 FETNDISB (29063004926b225c417e7147822f5866) C:\WINDOWS\system32\DRIVERS\fetnd5b.sys

2010/09/23 13:06:27.0875 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2010/09/23 13:06:28.0125 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2010/09/23 13:06:28.0406 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2010/09/23 13:06:28.0921 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2010/09/23 13:06:29.0265 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2010/09/23 13:06:29.0500 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

2010/09/23 13:06:29.0781 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2010/09/23 13:06:30.0046 grmnusb (d956358054e99e6ffac69cd87e893a89) C:\WINDOWS\system32\drivers\grmnusb.sys

2010/09/23 13:06:30.0359 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2010/09/23 13:06:30.0796 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys

2010/09/23 13:06:31.0000 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

2010/09/23 13:06:31.0156 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys

2010/09/23 13:06:31.0484 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2010/09/23 13:06:32.0046 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2010/09/23 13:06:32.0296 ialm (537efe2f9adcd01073f59e9d3d24164e) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

2010/09/23 13:06:32.0484 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2010/09/23 13:06:32.0968 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\System32\DRIVERS\intelide.sys

2010/09/23 13:06:33.0218 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2010/09/23 13:06:33.0468 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2010/09/23 13:06:33.0703 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2010/09/23 13:06:33.0921 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2010/09/23 13:06:34.0125 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2010/09/23 13:06:34.0468 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2010/09/23 13:06:34.0812 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2010/09/23 13:06:35.0062 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2010/09/23 13:06:35.0281 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2010/09/23 13:06:35.0531 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2010/09/23 13:06:36.0187 ltmodem5 (829ef680a308c12e2a80e5e0da0d958d) C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys

2010/09/23 13:06:36.0515 MBAMProtector (67b48a903430c6d4fb58cbaca1866601) C:\WINDOWS\system32\drivers\mbam.sys

2010/09/23 13:06:37.0000 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2010/09/23 13:06:37.0265 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2010/09/23 13:06:37.0500 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2010/09/23 13:06:37.0781 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2010/09/23 13:06:38.0046 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2010/09/23 13:06:38.0750 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2010/09/23 13:06:39.0234 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2010/09/23 13:06:39.0515 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2010/09/23 13:06:39.0750 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2010/09/23 13:06:39.0968 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2010/09/23 13:06:40.0171 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2010/09/23 13:06:40.0484 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2010/09/23 13:06:40.0781 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2010/09/23 13:06:41.0015 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2010/09/23 13:06:41.0203 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2010/09/23 13:06:41.0484 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2010/09/23 13:06:41.0843 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2010/09/23 13:06:42.0062 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys

2010/09/23 13:06:42.0250 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2010/09/23 13:06:42.0500 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2010/09/23 13:06:42.0875 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

2010/09/23 13:06:43.0281 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2010/09/23 13:06:43.0500 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2010/09/23 13:06:43.0984 NTIDrvr (8055859b87ac3e504ece0c1e9353cc4e) C:\WINDOWS\system32\drivers\NTIDrvr.sys

2010/09/23 13:06:44.0203 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2010/09/23 13:06:44.0750 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2010/09/23 13:06:45.0406 nv_agp (01621905ae34bc24aaa2fddb93977299) C:\WINDOWS\system32\DRIVERS\nv_agp.sys

2010/09/23 13:06:45.0609 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2010/09/23 13:06:45.0890 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2010/09/23 13:06:46.0109 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

2010/09/23 13:06:46.0312 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

2010/09/23 13:06:46.0671 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2010/09/23 13:06:46.0921 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2010/09/23 13:06:47.0109 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2010/09/23 13:06:47.0562 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2010/09/23 13:06:47.0781 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

2010/09/23 13:06:49.0046 Pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys

2010/09/23 13:06:49.0296 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2010/09/23 13:06:49.0531 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

2010/09/23 13:06:49.0765 Ps2 (bffdb363485501a38f0bca83aec810db) C:\WINDOWS\system32\DRIVERS\PS2.sys

2010/09/23 13:06:49.0984 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2010/09/23 13:06:50.0203 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2010/09/23 13:06:50.0390 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys

2010/09/23 13:06:51.0468 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2010/09/23 13:06:51.0703 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2010/09/23 13:06:51.0921 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2010/09/23 13:06:52.0125 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2010/09/23 13:06:52.0406 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2010/09/23 13:06:52.0765 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2010/09/23 13:06:52.0984 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2010/09/23 13:06:53.0265 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2010/09/23 13:06:53.0656 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys

2010/09/23 13:06:53.0843 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys

2010/09/23 13:06:54.0078 rtl8139 (2ef9c0dc26b30b2318b1fc3faa1f0ae7) C:\WINDOWS\system32\DRIVERS\R8139n51.SYS

2010/09/23 13:06:54.0343 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2010/09/23 13:06:54.0671 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2010/09/23 13:06:54.0890 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

2010/09/23 13:06:55.0125 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2010/09/23 13:06:55.0640 SiS315 (7a363269d1b57526410fa23fc92cdfa1) C:\WINDOWS\system32\DRIVERS\sisgrp.sys

2010/09/23 13:06:56.0140 SISAGP (61ca562def09a782d26b3e7edec5369a) C:\WINDOWS\system32\DRIVERS\SISAGPX.sys

2010/09/23 13:06:56.0343 SiSkp (7ef8e5c266133638e7e06be03fcbeff3) C:\WINDOWS\system32\DRIVERS\srvkp.sys

2010/09/23 13:06:56.0859 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2010/09/23 13:06:57.0171 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2010/09/23 13:06:57.0453 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys

2010/09/23 13:06:57.0671 SunkFilt (f658d6420b14bedb49c19e39e7d03594) C:\WINDOWS\System32\Drivers\sunkfilt.sys

2010/09/23 13:06:58.0250 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2010/09/23 13:06:58.0453 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2010/09/23 13:06:59.0468 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2010/09/23 13:06:59.0671 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2010/09/23 13:06:59.0875 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2010/09/23 13:07:00.0046 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2010/09/23 13:07:00.0250 tdvav (e6d35f3aa51a65eb35c1f2340154a25e) C:\WINDOWS\system32\drivers\cyra.sys

2010/09/23 13:07:00.0468 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2010/09/23 13:07:00.0843 UBHelper (9e39dc3022e6d84bf974678011a1ea4c) C:\WINDOWS\system32\drivers\UBHelper.sys

2010/09/23 13:07:01.0109 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2010/09/23 13:07:01.0906 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2010/09/23 13:07:02.0140 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2010/09/23 13:07:02.0328 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2010/09/23 13:07:02.0515 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2010/09/23 13:07:02.0796 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

2010/09/23 13:07:03.0000 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2010/09/23 13:07:03.0312 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2010/09/23 13:07:03.0546 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2010/09/23 13:07:03.0781 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2010/09/23 13:07:03.0953 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2010/09/23 13:07:04.0171 viaagp1 (4b039bbd037b01f5db5a144c837f283a) C:\WINDOWS\system32\DRIVERS\viaagp1.sys

2010/09/23 13:07:04.0437 viagfx (45489356501ec6cbb789dece991d393f) C:\WINDOWS\system32\DRIVERS\vtmini.sys

2010/09/23 13:07:04.0625 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

2010/09/23 13:07:04.0843 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2010/09/23 13:07:05.0078 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2010/09/23 13:07:05.0453 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2010/09/23 13:07:05.0828 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys

2010/09/23 13:07:06.0046 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

2010/09/23 13:07:06.0250 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2010/09/23 13:07:06.0578 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2010/09/23 13:07:07.0078 {6080A529-897E-4629-A488-ABA0C29B635E} (e6c22d34baef5196e1b23a4492c275b7) C:\WINDOWS\system32\drivers\ialmsbw.sys

2010/09/23 13:07:07.0296 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (6e53bd96b0ebad721cdd6320dbfc3f5f) C:\WINDOWS\system32\drivers\ialmkchw.sys

2010/09/23 13:07:07.0343 ================================================================================

2010/09/23 13:07:07.0343 Scan finished

2010/09/23 13:07:07.0343 ================================================================================

Link to post
Share on other sites

Doh! This might be the first log. I apologize for my having overlooked this. If you ever need help decoding a wine list, please just ask. That is something I understand.

2010/09/23 11:24:28.0578 TDSS rootkit removing tool 2.4.2.1 Sep 7 2010 14:43:44

2010/09/23 11:24:28.0578 ================================================================================

2010/09/23 11:24:28.0578 SystemInfo:

2010/09/23 11:24:28.0578

2010/09/23 11:24:28.0578 OS Version: 5.1.2600 ServicePack: 3.0

2010/09/23 11:24:28.0578 Product type: Workstation

2010/09/23 11:24:28.0578 ComputerName: HPA500N

2010/09/23 11:24:28.0578 UserName: Owner

2010/09/23 11:24:28.0578 Windows directory: C:\WINDOWS

2010/09/23 11:24:28.0578 System windows directory: C:\WINDOWS

2010/09/23 11:24:28.0578 Processor architecture: Intel x86

2010/09/23 11:24:28.0578 Number of processors: 1

2010/09/23 11:24:28.0578 Page size: 0x1000

2010/09/23 11:24:28.0578 Boot type: Normal boot

2010/09/23 11:24:28.0578 ================================================================================

2010/09/23 11:24:28.0921 Initialize success

2010/09/23 11:24:30.0718 ================================================================================

2010/09/23 11:24:30.0718 Scan started

2010/09/23 11:24:30.0718 Mode: Manual;

2010/09/23 11:24:30.0718 ================================================================================

2010/09/23 11:24:33.0281 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2010/09/23 11:24:33.0484 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2010/09/23 11:24:34.0015 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2010/09/23 11:24:34.0250 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

2010/09/23 11:24:34.0437 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys

2010/09/23 11:24:35.0125 ALCXSENS (fbbcb95f677cbaa924140b6ea2d9a97b) C:\WINDOWS\system32\drivers\ALCXSENS.SYS

2010/09/23 11:24:35.0390 ALCXWDM (8d6c30e515717248e0e52b85fd7ac466) C:\WINDOWS\system32\drivers\ALCXWDM.SYS

2010/09/23 11:24:35.0921 AmdK7 (8fce268cdbdd83b23419d1f35f42c7b1) C:\WINDOWS\system32\DRIVERS\amdk7.sys

2010/09/23 11:24:36.0328 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

2010/09/23 11:24:37.0234 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2010/09/23 11:24:37.0453 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2010/09/23 11:24:37.0781 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2010/09/23 11:24:38.0000 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2010/09/23 11:24:38.0187 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2010/09/23 11:24:38.0421 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2010/09/23 11:24:38.0781 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2010/09/23 11:24:39.0000 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2010/09/23 11:24:39.0234 Cdrom (367121a2db03d516b2dde512335d79ab) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2010/09/23 11:24:39.0234 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\cdrom.sys. Real md5: 367121a2db03d516b2dde512335d79ab, Fake md5: 1f4260cc5b42272d71f79e570a27a4fe

2010/09/23 11:24:39.0250 Cdrom - detected Rootkit.Win32.TDSS.tdl3 (0)

2010/09/23 11:24:40.0312 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2010/09/23 11:24:40.0531 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2010/09/23 11:24:40.0828 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2010/09/23 11:24:41.0015 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2010/09/23 11:24:41.0203 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2010/09/23 11:24:41.0437 Dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys

2010/09/23 11:24:41.0609 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys

2010/09/23 11:24:41.0921 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2010/09/23 11:24:42.0109 eqgtxs (e6d35f3aa51a65eb35c1f2340154a25e) C:\WINDOWS\system32\drivers\reeils.sys

2010/09/23 11:24:42.0343 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2010/09/23 11:24:42.0515 fasttx2k (1e580770bdece924494b368ac980749e) C:\WINDOWS\system32\DRIVERS\fasttx2k.sys

2010/09/23 11:24:42.0718 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

2010/09/23 11:24:42.0890 FETND5BV (cfc4cc73c903152a23e1db28eaba1f03) C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys

2010/09/23 11:24:43.0078 FETNDISB (29063004926b225c417e7147822f5866) C:\WINDOWS\system32\DRIVERS\fetnd5b.sys

2010/09/23 11:24:43.0265 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2010/09/23 11:24:43.0453 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2010/09/23 11:24:43.0640 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2010/09/23 11:24:43.0828 fmkln (e6d35f3aa51a65eb35c1f2340154a25e) C:\WINDOWS\system32\drivers\bpsureue.sys

2010/09/23 11:24:44.0031 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2010/09/23 11:24:44.0250 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2010/09/23 11:24:44.0437 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

2010/09/23 11:24:44.0625 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2010/09/23 11:24:44.0843 grmnusb (d956358054e99e6ffac69cd87e893a89) C:\WINDOWS\system32\drivers\grmnusb.sys

2010/09/23 11:24:45.0046 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2010/09/23 11:24:45.0390 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys

2010/09/23 11:24:45.0593 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

2010/09/23 11:24:45.0812 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys

2010/09/23 11:24:46.0000 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2010/09/23 11:24:46.0546 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2010/09/23 11:24:46.0781 ialm (537efe2f9adcd01073f59e9d3d24164e) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

2010/09/23 11:24:47.0000 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2010/09/23 11:24:47.0328 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\System32\DRIVERS\intelide.sys

2010/09/23 11:24:47.0531 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2010/09/23 11:24:47.0734 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2010/09/23 11:24:47.0937 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2010/09/23 11:24:48.0125 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2010/09/23 11:24:48.0343 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2010/09/23 11:24:48.0546 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2010/09/23 11:24:48.0781 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2010/09/23 11:24:48.0984 jcbljma (e6d35f3aa51a65eb35c1f2340154a25e) C:\WINDOWS\system32\drivers\uloosh.sys

2010/09/23 11:24:49.0171 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2010/09/23 11:24:49.0375 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2010/09/23 11:24:49.0562 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2010/09/23 11:24:49.0968 liulp (e6d35f3aa51a65eb35c1f2340154a25e) C:\WINDOWS\system32\drivers\alui.sys

2010/09/23 11:24:50.0187 ltmodem5 (829ef680a308c12e2a80e5e0da0d958d) C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys

2010/09/23 11:24:50.0406 MBAMProtector (67b48a903430c6d4fb58cbaca1866601) C:\WINDOWS\system32\drivers\mbam.sys

2010/09/23 11:24:50.0625 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2010/09/23 11:24:50.0828 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2010/09/23 11:24:51.0031 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2010/09/23 11:24:51.0265 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2010/09/23 11:24:51.0484 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2010/09/23 11:24:51.0875 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2010/09/23 11:24:52.0093 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2010/09/23 11:24:52.0359 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2010/09/23 11:24:52.0562 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2010/09/23 11:24:52.0750 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2010/09/23 11:24:52.0953 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2010/09/23 11:24:53.0156 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2010/09/23 11:24:53.0343 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2010/09/23 11:24:53.0546 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2010/09/23 11:24:53.0781 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2010/09/23 11:24:53.0984 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2010/09/23 11:24:54.0171 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2010/09/23 11:24:54.0359 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys

2010/09/23 11:24:54.0546 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2010/09/23 11:24:54.0718 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2010/09/23 11:24:55.0000 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

2010/09/23 11:24:55.0343 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2010/09/23 11:24:55.0562 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2010/09/23 11:24:55.0781 NTIDrvr (8055859b87ac3e504ece0c1e9353cc4e) C:\WINDOWS\system32\drivers\NTIDrvr.sys

2010/09/23 11:24:55.0984 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2010/09/23 11:24:56.0265 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2010/09/23 11:24:56.0546 nv_agp (01621905ae34bc24aaa2fddb93977299) C:\WINDOWS\system32\DRIVERS\nv_agp.sys

2010/09/23 11:24:56.0734 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2010/09/23 11:24:56.0906 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2010/09/23 11:24:57.0078 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

2010/09/23 11:24:57.0281 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

2010/09/23 11:24:57.0500 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2010/09/23 11:24:57.0671 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2010/09/23 11:24:57.0843 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2010/09/23 11:24:58.0234 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2010/09/23 11:24:58.0437 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

2010/09/23 11:24:59.0593 Pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys

2010/09/23 11:24:59.0781 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2010/09/23 11:24:59.0953 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

2010/09/23 11:25:00.0171 Ps2 (bffdb363485501a38f0bca83aec810db) C:\WINDOWS\system32\DRIVERS\PS2.sys

2010/09/23 11:25:00.0343 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2010/09/23 11:25:00.0531 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2010/09/23 11:25:00.0765 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys

2010/09/23 11:25:01.0703 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2010/09/23 11:25:01.0890 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2010/09/23 11:25:02.0093 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2010/09/23 11:25:02.0265 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2010/09/23 11:25:02.0453 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2010/09/23 11:25:02.0687 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2010/09/23 11:25:02.0890 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2010/09/23 11:25:03.0093 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2010/09/23 11:25:03.0500 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys

2010/09/23 11:25:03.0687 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys

2010/09/23 11:25:03.0937 rtl8139 (2ef9c0dc26b30b2318b1fc3faa1f0ae7) C:\WINDOWS\system32\DRIVERS\R8139n51.SYS

2010/09/23 11:25:04.0171 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2010/09/23 11:25:04.0375 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2010/09/23 11:25:04.0609 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

2010/09/23 11:25:04.0843 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2010/09/23 11:25:05.0265 SiS315 (7a363269d1b57526410fa23fc92cdfa1) C:\WINDOWS\system32\DRIVERS\sisgrp.sys

2010/09/23 11:25:05.0500 SISAGP (61ca562def09a782d26b3e7edec5369a) C:\WINDOWS\system32\DRIVERS\SISAGPX.sys

2010/09/23 11:25:05.0718 SiSkp (7ef8e5c266133638e7e06be03fcbeff3) C:\WINDOWS\system32\DRIVERS\srvkp.sys

2010/09/23 11:25:06.0093 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2010/09/23 11:25:06.0312 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2010/09/23 11:25:06.0578 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys

2010/09/23 11:25:06.0859 SunkFilt (f658d6420b14bedb49c19e39e7d03594) C:\WINDOWS\System32\Drivers\sunkfilt.sys

2010/09/23 11:25:07.0218 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2010/09/23 11:25:07.0406 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2010/09/23 11:25:08.0281 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2010/09/23 11:25:08.0500 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2010/09/23 11:25:08.0703 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2010/09/23 11:25:08.0890 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2010/09/23 11:25:09.0109 tdvav (e6d35f3aa51a65eb35c1f2340154a25e) C:\WINDOWS\system32\drivers\cyra.sys

2010/09/23 11:25:09.0281 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2010/09/23 11:25:09.0750 twwgttu (e6d35f3aa51a65eb35c1f2340154a25e) C:\WINDOWS\system32\drivers\xorpc.sys

2010/09/23 11:25:09.0937 UBHelper (9e39dc3022e6d84bf974678011a1ea4c) C:\WINDOWS\system32\drivers\UBHelper.sys

2010/09/23 11:25:10.0125 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2010/09/23 11:25:10.0343 ukiy (e6d35f3aa51a65eb35c1f2340154a25e) C:\WINDOWS\system32\drivers\keof.sys

2010/09/23 11:25:10.0703 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2010/09/23 11:25:10.0937 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2010/09/23 11:25:11.0156 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2010/09/23 11:25:11.0359 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2010/09/23 11:25:11.0578 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

2010/09/23 11:25:11.0765 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2010/09/23 11:25:11.0953 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2010/09/23 11:25:12.0203 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2010/09/23 11:25:12.0390 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2010/09/23 11:25:12.0578 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2010/09/23 11:25:12.0812 viaagp1 (4b039bbd037b01f5db5a144c837f283a) C:\WINDOWS\system32\DRIVERS\viaagp1.sys

2010/09/23 11:25:13.0015 viagfx (45489356501ec6cbb789dece991d393f) C:\WINDOWS\system32\DRIVERS\vtmini.sys

2010/09/23 11:25:13.0203 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

2010/09/23 11:25:13.0453 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2010/09/23 11:25:13.0671 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2010/09/23 11:25:14.0046 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2010/09/23 11:25:14.0343 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys

2010/09/23 11:25:14.0531 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

2010/09/23 11:25:14.0765 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2010/09/23 11:25:14.0953 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2010/09/23 11:25:15.0140 wxlcoxep (e6d35f3aa51a65eb35c1f2340154a25e) C:\WINDOWS\system32\drivers\swxg.sys

2010/09/23 11:25:15.0406 {6080A529-897E-4629-A488-ABA0C29B635E} (e6c22d34baef5196e1b23a4492c275b7) C:\WINDOWS\system32\drivers\ialmsbw.sys

2010/09/23 11:25:15.0609 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (6e53bd96b0ebad721cdd6320dbfc3f5f) C:\WINDOWS\system32\drivers\ialmkchw.sys

2010/09/23 11:25:15.0703 ================================================================================

2010/09/23 11:25:15.0703 Scan finished

2010/09/23 11:25:15.0703 ================================================================================

2010/09/23 11:25:15.0734 Detected object count: 1

2010/09/23 11:41:53.0609 Cdrom (367121a2db03d516b2dde512335d79ab) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2010/09/23 11:41:53.0609 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\cdrom.sys. Real md5: 367121a2db03d516b2dde512335d79ab, Fake md5: 1f4260cc5b42272d71f79e570a27a4fe

2010/09/23 11:41:55.0843 Backup copy found, using it..

2010/09/23 11:41:55.0859 C:\WINDOWS\system32\DRIVERS\cdrom.sys - will be cured after reboot

2010/09/23 11:41:55.0859 Rootkit.Win32.TDSS.tdl3(Cdrom) - User select action: Cure

2010/09/23 11:42:31.0296 Deinitialize success

Link to post
Share on other sites

I believe this is the Combo Fix log:

ComboFix 10-09-22.06 - Owner 09/23/2010 13:23:22.1.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.219 [GMT -4:00]

Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Owner\Application Data\Microsoft\svchost.exe

c:\documents and settings\Owner\Application Data\Microsoft\svchostSrv.exe

c:\documents and settings\Owner\Cookies\acidoqov.dll

c:\documents and settings\Owner\Cookies\becasy.sys

c:\documents and settings\Owner\Cookies\ebeq.dll

c:\documents and settings\Owner\Cookies\edove.dll

c:\documents and settings\Owner\Cookies\jugygehi.lib

c:\documents and settings\Owner\Cookies\mutolo.sys

c:\documents and settings\Owner\Cookies\nyrecevo.db

c:\documents and settings\Owner\Cookies\nyticamyl.dl

C:\install.exe

c:\program files\Microsoft\DesktopLayer.exe

C:\Thumbs.db

c:\windows\aligad.exe

c:\windows\damiq.scr

c:\windows\ExplorerSrv.exe

c:\windows\jestertb.dll

c:\windows\opodoxaku.scr

c:\windows\system32\drivers\cyra.sys

D:\Autorun.inf

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_tdvav

-------\Service_tdvav

((((((((((((((((((((((((( Files Created from 2010-08-23 to 2010-09-23 )))))))))))))))))))))))))))))))

.

2010-09-23 17:42 . 2010-09-23 17:42 77312 ----a-w- c:\documents and settings\Owner\Application Data\Microsoft\svchost.exe

2010-09-23 17:41 . 2010-09-23 17:41 203 ----a-w- c:\documents and settings\Owner\Application Data\Microsoft\gb_137406.bat

2010-09-23 17:41 . 2010-09-23 17:41 109 ----a-w- c:\documents and settings\Owner\Application Data\Microsoft\gb_137515.bat

2010-09-23 17:41 . 2010-09-23 17:41 80896 ------w- c:\documents and settings\Owner\Application Data\Microsoft\Windows\shell.exe

2010-09-23 17:40 . 2010-09-23 17:40 651776 ----a-w- c:\documents and settings\Owner\Application Data\hotfix.exe

2010-09-23 17:40 . 2010-09-23 17:40 -------- d-----w- c:\program files\sys5

2010-09-23 17:40 . 2010-09-23 17:40 -------- d-----w- c:\program files\sys4

2010-09-23 14:28 . 2010-09-23 14:28 -------- dc----w- C:\_OTL

2010-09-23 07:09 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-09-23 07:09 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-09-23 07:09 . 2010-09-23 07:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-09-23 04:13 . 2010-09-23 04:13 6656 ----a-w- c:\windows\system32\F12C2D00.exe

2010-09-22 19:49 . 2010-09-22 19:49 -------- d-----w- c:\program files\Trend Micro

2010-09-22 15:48 . 2010-09-22 15:48 191 ----a-w- c:\documents and settings\Owner\Application Data\Microsoft\gb_92390.bat

2010-09-22 15:47 . 2010-09-23 06:41 43008 ----a-w- c:\documents and settings\Owner\Application Data\Microsoft\Windows\shellSrv.exe

2010-09-22 13:13 . 2010-09-22 13:13 191 ----a-w- c:\documents and settings\Owner\Application Data\Microsoft\gb_85781.bat

2010-09-22 03:53 . 2010-09-23 04:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software

2010-09-22 03:53 . 2010-09-22 03:53 -------- d-----w- c:\program files\Alwil Software

2010-09-20 18:48 . 2010-09-23 17:41 -------- d-----w- c:\program files\Microsoft

2010-09-10 03:16 . 2010-09-10 03:16 102602072 ----a-w- c:\documents and settings\Owner\Application Data\Research In Motion\BlackBerry\Updates\AE3199A2-9FC0-476b-B758-E467FDEDB108\Extractor.exe

2010-09-10 02:35 . 2010-09-10 02:35 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 10.0.0.68\SetupAdmin.exe

2010-08-25 22:44 . 2010-08-25 22:44 418648 ----a-w- c:\documents and settings\Owner\Application Data\Research In Motion\BlackBerry\Updates\AE3199A2-9FC0-476b-B758-E467FDEDB108\InstallerUtils\InstallerUtils.exe

2010-08-25 22:44 . 2010-08-25 22:44 2959376 ----a-w- c:\documents and settings\Owner\Application Data\Research In Motion\BlackBerry\Updates\AE3199A2-9FC0-476b-B758-E467FDEDB108\dotnetfx35setup.exe

2010-08-25 22:44 . 2010-08-25 22:44 241496 ----a-w- c:\documents and settings\Owner\Application Data\Research In Motion\BlackBerry\Updates\AE3199A2-9FC0-476b-B758-E467FDEDB108\InstallerUtils\BBDMUtil.dll

2010-08-25 22:44 . 2010-08-25 22:44 1821192 ----a-w- c:\documents and settings\Owner\Application Data\Research In Motion\BlackBerry\Updates\AE3199A2-9FC0-476b-B758-E467FDEDB108\vcredist_x86.exe

2010-08-25 22:44 . 2010-08-25 22:44 128472 ----a-w- c:\documents and settings\Owner\Application Data\Research In Motion\BlackBerry\Updates\AE3199A2-9FC0-476b-B758-E467FDEDB108\Helper.exe

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-23 17:40 . 2004-05-01 19:15 -------- d-----w- c:\program files\Multimedia Card Reader

2010-09-23 17:40 . 2006-03-22 05:22 -------- d-----w- c:\program files\QuickTime

2010-09-23 15:47 . 2004-02-16 19:13 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys

2010-09-20 18:50 . 2010-04-08 13:34 393216 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7ef18923-n\msvcr71.dll

2010-09-20 18:50 . 2009-09-23 15:32 197120 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_15\lzma.dll

2010-09-20 18:50 . 2009-09-23 03:00 197120 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_14\lzma.dll

2010-09-20 18:50 . 2010-05-23 14:08 393216 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2354b059-n\msvcr71.dll

2010-09-20 18:50 . 2010-08-08 14:08 393216 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-163ec1be-n\msvcr71.dll

2010-09-20 18:50 . 2006-03-03 09:40 86016 ----a-w- c:\documents and settings\Owner\Application Data\Real\GOOGLE_DESKTOP\spcping.dll

2010-09-20 18:50 . 2006-03-03 09:40 155648 ----a-w- c:\documents and settings\Owner\Application Data\Real\GOOGLE_DESKTOP\barcontrol.dll

2010-09-20 18:50 . 2006-03-03 09:39 86016 ----a-w- c:\documents and settings\Owner\Application Data\Real\GOOGLE_TOOLBAR\spcping.dll

2010-09-20 18:50 . 2006-03-03 09:39 155648 ----a-w- c:\documents and settings\Owner\Application Data\Real\GOOGLE_TOOLBAR\barcontrol.dll

2010-09-20 18:48 . 2008-07-08 23:35 159744 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\$Registration\KodakCameraAPI_7.2.20.2.dll

2010-09-20 16:57 . 2009-02-17 16:03 -------- d-----w- c:\documents and settings\Owner\Application Data\Image Zone Express

2010-09-20 16:13 . 2010-02-05 16:10 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee

2010-09-10 15:02 . 2010-02-13 02:44 -------- d-----w- c:\documents and settings\Owner\Application Data\TuneUpMedia

2010-09-10 03:22 . 2006-09-13 05:14 -------- d-----w- c:\program files\Research In Motion

2010-09-10 03:21 . 2006-09-13 05:14 -------- d-----w- c:\program files\Common Files\Research In Motion

2010-09-10 02:47 . 2008-02-27 16:48 -------- d-----w- c:\program files\iTunes

2010-09-10 02:45 . 2008-02-27 16:48 -------- d-----w- c:\program files\iPod

2010-09-10 02:45 . 2007-08-12 06:26 -------- d-----w- c:\program files\Common Files\Apple

2010-09-09 14:39 . 2008-07-22 20:27 256 ----a-w- c:\documents and settings\Owner\pool.bin

2010-08-28 00:57 . 2010-02-13 02:45 -------- d-----w- c:\program files\TuneUpMedia

2010-08-08 14:08 . 2010-08-08 14:08 503808 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-163ec1be-n\msvcp71.dll

2010-08-08 14:08 . 2010-08-08 14:08 499712 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-163ec1be-n\jmc.dll

2010-08-08 14:08 . 2010-08-08 14:08 12800 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-3f9839f1-n\decora-d3d.dll

2010-08-08 14:08 . 2010-08-08 14:08 61440 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-3f9839f1-n\decora-sse.dll

2010-07-05 04:17 . 2010-07-05 04:17 552 ----a-w- c:\windows\system32\d3d8caps.dat

2010-07-05 04:17 . 2010-07-05 04:17 664 ----a-w- c:\windows\system32\d3d9caps.dat

2010-07-02 02:11 . 2008-07-22 20:13 256 ----a-w- c:\windows\system32\pool.bin

2010-07-02 01:25 . 2010-07-02 01:25 53248 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{B2F3FB19-D848-479C-818E-130ABC9366DB}\ARPPRODUCTICON.exe

2008-03-10 03:42 . 2008-03-10 00:42 0 --sha-w- c:\windows\SMINST\HPCD.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RIMDeviceManager"="c:\program files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe" [2010-08-11 1686360]

"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LTMSG"="LTMSG.exe 7" [X]

"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-08 52736]

"HPHUPD05"="c:\program files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2010-09-20 94208]

"HPHmon05"="c:\windows\System32\hphmon05.exe" [2003-08-21 483328]

"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]

"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2003-11-04 221184]

"PS2"="c:\windows\system32\ps2.exe" [2002-10-16 81920]

"Sunkist2k"="c:\program files\Multimedia Card Reader\shwicon2k.exe" [2003-10-29 135168]

"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

"BackupNowEZtray"="c:\program files\NewTech Infosystems\Backup Now EZ\BackupNowEZtray.exe" [2009-09-19 562944]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-20 466944]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]

c:\documents and settings\Default User\Start Menu\Programs\Startup\

AutoTBar.exe [2010-9-20 77824]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]

[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon]

"Shell"="explorer.exe,c:\documents and settings\Owner\Application Data\Microsoft\Windows\shell.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"Userinit"="c:\windows\system32\userinit.exe,,c:\program files\common files\sonic\update manager\sgtraysrv.exe"

[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows]

"Load"=c:\docume~1\Owner\LOCALS~1\Temp\dwm.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=

R3 03AB6282;03AB6282;c:\windows\system32\03AB6282.exe [x]

R3 Normandy;Normandy SR2; [x]

R4 eqgtxs;eqgtxs;c:\windows\system32\drivers\reeils.sys [x]

R4 F12C2D00;F12C2D00;c:\windows\system32\F12C2D00.exe [2010-09-23 6656]

R4 fmkln;fmkln;c:\windows\system32\drivers\bpsureue.sys [x]

R4 ukiy;ukiy;c:\windows\system32\drivers\keof.sys [x]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-04-29 304464]

S2 NTI BackupNowEZSvr;NTI BackupNowEZSvr;c:\program files\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe [2009-09-19 45312]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-04-29 20952]

.

Contents of the 'Scheduled Tasks' folder

2010-09-16 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]

.

.

------- Supplementary Scan -------

.

uDefault_Search_URL = hxxp://srch-us10.hpwis.com/

mStart Page = hxxp://us10.hpwis.com/

mSearch Bar = hxxp://srch-us10.hpwis.com/

uInternet Settings,ProxyServer = http=127.0.0.1:50370

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\8t1t2g3e.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: network.proxy.http - 127.0.0.1

FF - prefs.js: network.proxy.http_port - 50370

FF - prefs.js: network.proxy.type - 1

FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npMozCouponPrinter.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

- - - - ORPHANS REMOVED - - - -

HKCU-Run-RecordNow! - (no file)

SafeBoot-klmdb.sys

SafeBoot-mcmscsvc

SafeBoot-MCODS

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-09-23 13:40

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3968)

c:\program files\NewTech Infosystems\Backup Now EZ\Pehook.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\HPZipm12.exe

c:\windows\system32\wscntfy.exe

c:\windows\LTMSG.exe

c:\windows\ALCXMNTR.EXE

c:\program files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\sys5\cim.exe

c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe

.

**************************************************************************

.

Completion time: 2010-09-23 13:50:42 - machine was rebooted

ComboFix-quarantined-files.txt 2010-09-23 17:50

- - End Of File - - 1DEDCC0B232B89D5A442350AC8E1C30D

Link to post
Share on other sites

1. Open notepad and copy/paste the text in the codebox below into it:

http://forums.malwarebytes.org/index.php?showtopic=63254

Collect::
c:\documents and settings\Owner\Application Data\Microsoft\svchost.exe
c:\documents and settings\Owner\Application Data\Microsoft\gb_137406.bat
c:\documents and settings\Owner\Application Data\Microsoft\gb_137515.bat
c:\documents and settings\Owner\Application Data\Microsoft\Windows\shell.exe
c:\documents and settings\Owner\Application Data\hotfix.exe
c:\windows\system32\F12C2D00.exe
c:\documents and settings\Owner\Application Data\Microsoft\gb_92390.bat
c:\documents and settings\Owner\Application Data\Microsoft\Windows\shellSrv.exe
c:\documents and settings\Owner\Application Data\Microsoft\gb_85781.bat
c:\program files\common files\sonic\update manager\sgtraysrv.exe


Folder::
c:\program files\sys5
c:\program files\sys4


Driver::
03AB6282
Normandy
eqgtxs
F12C2D00
fmkln
ukiy

DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:50370



Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LTMSG"=-
[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="explorer.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe"
[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows]
"Load"=""

2. Save the above as CFScript.txt

3. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScriptB-4.gif

4. During this run Combofix will collect and automatically upload some sample files.

You will see it say Combofix needs to upload some samples.

If it fails to do that do the requested steps at the bottom of this post to manually upload the samples.

5. After reboot, (in case it asks to reboot), please post the following report/log into your next reply:

  • Combofix.txt

===========

Note::

If Combofix fails to upload anything please do the following:

Go to Start > My Computer > C:\

Then Navigate to C:\Qoobox\Quarantine\[4]-Submit_Date_Time.zip

Click Here to upload the submit.zip please.

Link to post
Share on other sites

Here's the Combofix(2?) - it did update its own version - log:

ComboFix 10-09-23.01 - Owner 09/23/2010 14:50:29.2.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.216 [GMT -4:00]

Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.exe

file zipped: c:\documents and settings\Owner\Application Data\Microsoft\gb_137406.bat

file zipped: c:\documents and settings\Owner\Application Data\Microsoft\gb_137515.bat

file zipped: c:\documents and settings\Owner\Application Data\Microsoft\gb_85781.bat

file zipped: c:\documents and settings\Owner\Application Data\Microsoft\gb_92390.bat

file zipped: c:\documents and settings\Owner\Application Data\Microsoft\svchost.exe

file zipped: c:\documents and settings\Owner\Application Data\Microsoft\Windows\shell.exe

file zipped: c:\documents and settings\Owner\Application Data\Microsoft\Windows\shellSrv.exe

file zipped: c:\program files\common files\sonic\update manager\sgtraysrv.exe

file zipped: c:\windows\system32\F12C2D00.exe

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Owner\Application Data\Microsoft\gb_137406.bat

c:\documents and settings\Owner\Application Data\Microsoft\gb_137515.bat

c:\documents and settings\Owner\Application Data\Microsoft\gb_85781.bat

c:\documents and settings\Owner\Application Data\Microsoft\gb_92390.bat

c:\documents and settings\Owner\Application Data\Microsoft\svchost.exe

c:\documents and settings\Owner\Application Data\Microsoft\Windows\shell.exe

c:\documents and settings\Owner\Application Data\Microsoft\Windows\shellSrv.exe

c:\documents and settings\Owner\Cookies\xisipagi.dat

c:\documents and settings\Owner\Cookies\xowugun.db

c:\program files\common files\sonic\update manager\sgtraysrv.exe

c:\program files\Internet Explorer\complete.dat

c:\program files\Internet Explorer\dmlconf.dat

c:\program files\Microsoft\DesktopLayer.exe

c:\program files\sys4

c:\program files\sys4\cvm.exe

c:\program files\sys5

c:\program files\sys5\cim.exe

c:\windows\ExplorerSrv.exe

c:\windows\system32\F12C2D00.exe

c:\windows\system32\NOTEPADSrv.exe

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_03AB6282

-------\Legacy_EQGTXS

-------\Legacy_F12C2D00

-------\Legacy_FMKLN

-------\Legacy_NORMANDY

-------\Legacy_UKIY

-------\Service_03AB6282

-------\Service_eqgtxs

-------\Service_F12C2D00

-------\Service_fmkln

-------\Service_Normandy

-------\Service_ukiy

((((((((((((((((((((((((( Files Created from 2010-08-23 to 2010-09-23 )))))))))))))))))))))))))))))))

.

2010-09-23 19:09 . 2010-09-23 19:09 75776 ----a-w- c:\documents and settings\Owner\Application Data\Microsoft\svchost.exe

2010-09-23 18:12 . 2010-09-23 18:13 -------- d-----w- c:\program files\sys8

2010-09-23 18:02 . 2010-09-23 18:02 43008 ----a-w- c:\windows\system32\rundll32Srv.exe

2010-09-23 14:28 . 2010-09-23 14:28 -------- dc----w- C:\_OTL

2010-09-23 07:09 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-09-23 07:09 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-09-23 07:09 . 2010-09-23 07:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-09-22 19:49 . 2010-09-22 19:49 -------- d-----w- c:\program files\Trend Micro

2010-09-22 03:53 . 2010-09-23 04:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software

2010-09-22 03:53 . 2010-09-22 03:53 -------- d-----w- c:\program files\Alwil Software

2010-09-20 18:48 . 2010-09-23 19:07 -------- d-----w- c:\program files\Microsoft

2010-09-10 03:16 . 2010-09-10 03:16 102602072 ----a-w- c:\documents and settings\Owner\Application Data\Research In Motion\BlackBerry\Updates\AE3199A2-9FC0-476b-B758-E467FDEDB108\Extractor.exe

2010-09-10 02:35 . 2010-09-10 02:35 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 10.0.0.68\SetupAdmin.exe

2010-08-25 22:44 . 2010-08-25 22:44 418648 ----a-w- c:\documents and settings\Owner\Application Data\Research In Motion\BlackBerry\Updates\AE3199A2-9FC0-476b-B758-E467FDEDB108\InstallerUtils\InstallerUtils.exe

2010-08-25 22:44 . 2010-08-25 22:44 2959376 ----a-w- c:\documents and settings\Owner\Application Data\Research In Motion\BlackBerry\Updates\AE3199A2-9FC0-476b-B758-E467FDEDB108\dotnetfx35setup.exe

2010-08-25 22:44 . 2010-08-25 22:44 241496 ----a-w- c:\documents and settings\Owner\Application Data\Research In Motion\BlackBerry\Updates\AE3199A2-9FC0-476b-B758-E467FDEDB108\InstallerUtils\BBDMUtil.dll

2010-08-25 22:44 . 2010-08-25 22:44 1821192 ----a-w- c:\documents and settings\Owner\Application Data\Research In Motion\BlackBerry\Updates\AE3199A2-9FC0-476b-B758-E467FDEDB108\vcredist_x86.exe

2010-08-25 22:44 . 2010-08-25 22:44 128472 ----a-w- c:\documents and settings\Owner\Application Data\Research In Motion\BlackBerry\Updates\AE3199A2-9FC0-476b-B758-E467FDEDB108\Helper.exe

1601-01-01 00:00 . 1601-01-01 00:00 0 ----a-w- c:\documents and settings\Owner\Application Data\Microsoft\Windows\shell.exe

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-23 19:11 . 2010-09-23 19:08 -------- d-----w- c:\program files\sys4

2010-09-23 19:11 . 2010-09-23 19:08 -------- d-----w- c:\program files\sys5

2010-09-23 18:32 . 2009-01-17 03:16 -------- d-----w- c:\documents and settings\Owner\Application Data\Ilylni

2010-09-23 18:20 . 2009-11-18 04:12 -------- d-----w- c:\documents and settings\Owner\Application Data\Ymymin

2010-09-23 17:40 . 2004-05-01 19:15 -------- d-----w- c:\program files\Multimedia Card Reader

2010-09-23 17:40 . 2006-03-22 05:22 -------- d-----w- c:\program files\QuickTime

2010-09-23 15:47 . 2004-02-16 19:13 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys

2010-09-20 18:50 . 2010-04-08 13:34 393216 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7ef18923-n\msvcr71.dll

2010-09-20 18:50 . 2009-09-23 15:32 197120 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_15\lzma.dll

2010-09-20 18:50 . 2009-09-23 03:00 197120 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_14\lzma.dll

2010-09-20 18:50 . 2010-05-23 14:08 393216 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2354b059-n\msvcr71.dll

2010-09-20 18:50 . 2010-08-08 14:08 393216 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-163ec1be-n\msvcr71.dll

2010-09-20 18:50 . 2006-03-03 09:40 86016 ----a-w- c:\documents and settings\Owner\Application Data\Real\GOOGLE_DESKTOP\spcping.dll

2010-09-20 18:50 . 2006-03-03 09:40 155648 ----a-w- c:\documents and settings\Owner\Application Data\Real\GOOGLE_DESKTOP\barcontrol.dll

2010-09-20 18:50 . 2006-03-03 09:39 86016 ----a-w- c:\documents and settings\Owner\Application Data\Real\GOOGLE_TOOLBAR\spcping.dll

2010-09-20 18:50 . 2006-03-03 09:39 155648 ----a-w- c:\documents and settings\Owner\Application Data\Real\GOOGLE_TOOLBAR\barcontrol.dll

2010-09-20 18:48 . 2008-07-08 23:35 159744 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\$Registration\KodakCameraAPI_7.2.20.2.dll

2010-09-20 16:57 . 2009-02-17 16:03 -------- d-----w- c:\documents and settings\Owner\Application Data\Image Zone Express

2010-09-20 16:13 . 2010-02-05 16:10 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee

2010-09-10 15:02 . 2010-02-13 02:44 -------- d-----w- c:\documents and settings\Owner\Application Data\TuneUpMedia

2010-09-10 03:22 . 2006-09-13 05:14 -------- d-----w- c:\program files\Research In Motion

2010-09-10 03:21 . 2006-09-13 05:14 -------- d-----w- c:\program files\Common Files\Research In Motion

2010-09-10 02:47 . 2008-02-27 16:48 -------- d-----w- c:\program files\iTunes

2010-09-10 02:45 . 2008-02-27 16:48 -------- d-----w- c:\program files\iPod

2010-09-10 02:45 . 2007-08-12 06:26 -------- d-----w- c:\program files\Common Files\Apple

2010-09-09 14:39 . 2008-07-22 20:27 256 ----a-w- c:\documents and settings\Owner\pool.bin

2010-08-28 00:57 . 2010-02-13 02:45 -------- d-----w- c:\program files\TuneUpMedia

2010-08-08 14:08 . 2010-08-08 14:08 503808 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-163ec1be-n\msvcp71.dll

2010-08-08 14:08 . 2010-08-08 14:08 499712 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-163ec1be-n\jmc.dll

2010-08-08 14:08 . 2010-08-08 14:08 12800 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-3f9839f1-n\decora-d3d.dll

2010-08-08 14:08 . 2010-08-08 14:08 61440 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-3f9839f1-n\decora-sse.dll

2010-07-05 04:17 . 2010-07-05 04:17 552 ----a-w- c:\windows\system32\d3d8caps.dat

2010-07-05 04:17 . 2010-07-05 04:17 664 ----a-w- c:\windows\system32\d3d9caps.dat

2010-07-02 02:11 . 2008-07-22 20:13 256 ----a-w- c:\windows\system32\pool.bin

2010-07-02 01:25 . 2010-07-02 01:25 53248 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{B2F3FB19-D848-479C-818E-130ABC9366DB}\ARPPRODUCTICON.exe

2008-03-10 03:42 . 2008-03-10 00:42 0 --sha-w- c:\windows\SMINST\HPCD.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RecordNow!"="" [bU]

"RIMDeviceManager"="c:\program files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe" [2010-08-11 1686360]

"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-08 52736]

"HPHUPD05"="c:\program files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2010-09-20 94208]

"HPHmon05"="c:\windows\System32\hphmon05.exe" [2003-08-21 483328]

"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]

"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2003-11-04 221184]

"PS2"="c:\windows\system32\ps2.exe" [2002-10-16 81920]

"Sunkist2k"="c:\program files\Multimedia Card Reader\shwicon2k.exe" [2003-10-29 135168]

"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

"BackupNowEZtray"="c:\program files\NewTech Infosystems\Backup Now EZ\BackupNowEZtray.exe" [2009-09-19 562944]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-20 466944]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]

"svchost"="c:\documents and settings\Owner\Application Data\Microsoft\svchost.exe" [2010-09-23 121856]

c:\documents and settings\Default User\Start Menu\Programs\Startup\

AutoTBar.exe [2010-9-20 77824]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"Userinit"="c:\windows\system32\userinit.exe,,c:\program files\microsoft\desktoplayer.exe"

[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows]

"Load"=c:\docume~1\Owner\LOCALS~1\Temp\dwm.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [9/23/2010 3:09 AM 304464]

R2 NTI BackupNowEZSvr;NTI BackupNowEZSvr;c:\program files\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe [9/19/2009 7:04 AM 45312]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [9/23/2010 3:09 AM 20952]

.

Contents of the 'Scheduled Tasks' folder

2010-09-16 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]

.

.

------- Supplementary Scan -------

.

uDefault_Search_URL = hxxp://srch-us10.hpwis.com/

mStart Page = hxxp://us10.hpwis.com/

mSearch Bar = hxxp://srch-us10.hpwis.com/

uInternet Settings,ProxyServer = http=127.0.0.1:50370

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\8t1t2g3e.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: network.proxy.http - 127.0.0.1

FF - prefs.js: network.proxy.http_port - 50370

FF - prefs.js: network.proxy.type - 1

FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npMozCouponPrinter.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-09-23 15:07

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1384)

c:\program files\NewTech Infosystems\Backup Now EZ\Pehook.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\HPZipm12.exe

c:\windows\system32\wscntfy.exe

c:\windows\ALCXMNTR.EXE

c:\program files\Internet Explorer\IEXPLORE.EXE

c:\program files\Internet Explorer\IEXPLORE.EXE

c:\program files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe

c:\docume~1\Owner\LOCALS~1\Temp\D.exe

.

**************************************************************************

.

Completion time: 2010-09-23 15:20:30 - machine was rebooted

ComboFix-quarantined-files.txt 2010-09-23 19:20

ComboFix2.txt 2010-09-23 17:50

Pre-Run: 40,140,136,448 bytes free

Post-Run: 39,837,425,664 bytes free

- - End Of File - - 641739A848303B15656E67FA916689D4

Link to post
Share on other sites

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :Files
    c:\documents and settings\Owner\Application Data\Microsoft\svchost.exe
    c:\program files\sys8
    c:\windows\system32\rundll32Srv.exe
    c:\documents and settings\Owner\Application Data\Microsoft\Windows\shell.exe
    c:\program files\sys4
    c:\program files\sys5
    c:\documents and settings\Owner\Application Data\Ilylni
    c:\documents and settings\Owner\Application Data\Ymymin

    :Reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "svchost"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
    "Userinit"="c:\windows\system32\userinit.exe"
    [HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows]
    "Load"=""

    :Commands
    [emptytemp]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.

================================Malwarebytes' Anti-Malware=================================

Please update\run Malwarebytes' Anti-Malware.

Double Click the Malwarebytes Anti-Malware icon to run the application.

  • Click on the update tab then click on Check for updates.
  • If an update is found, it will download and install the latest version.
  • Once the update has loaded, go to the Scanner tab and select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.

==========================Kapserky Virus Removal Tool==================================

Please click here to download Kaspersky Virus Removal Tool.

  1. Double click on the file you just downloaded and let it install.
  2. It will install to your desktop.
  3. After that leave what is selected and put a check next to My Computer.
  4. Click on the option that says Threat Detection and change it to Disinfect,delete if disinfection fails.
  5. Then click on Start Scan.
  6. Before it is done it may prompt for action regardless of the setting so choose delete if prompted.
  7. When the scan is done no log will be produced.
  8. Click on the bottom where it says Report to open the report.
  9. Then highlight of of the items found by using ctrl + a on your keyboard to select all or use your mouse to select all then right click and choose copy.
  10. This will copy the items that it found to the clipboard you can then open notepad (go to start then run then type in notepad) and choose paste to paste the contents into Notepad.
  11. You can save this on the desktop.
  12. Post the contents of the document in your next reply.

Note: This tool will self uninstall when you close it so please save the log before closing it.

Link to post
Share on other sites

First, the OTL log:

All processes killed

========== FILES ==========

c:\documents and settings\Owner\Application Data\Microsoft\svchost.exe moved successfully.

c:\program files\sys8 folder moved successfully.

c:\windows\system32\rundll32Srv.exe moved successfully.

c:\documents and settings\Owner\Application Data\Microsoft\Windows\shell.exe moved successfully.

c:\program files\sys4 folder moved successfully.

c:\program files\sys5 folder moved successfully.

c:\documents and settings\Owner\Application Data\Ilylni folder moved successfully.

c:\documents and settings\Owner\Application Data\Ymymin folder moved successfully.

========== REGISTRY ==========

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\svchost deleted successfully.

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\\"Userinit"|"c:\windows\system32\userinit.exe" /E : value set successfully!

HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows\\"Load"|"" /E : value set successfully!

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: LocalService

->Temp folder emptied: 65716 bytes

->Temporary Internet Files folder emptied: 32902 bytes

->Java cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32902 bytes

->Flash cache emptied: 0 bytes

User: Owner

->Temp folder emptied: 3052823 bytes

->Temporary Internet Files folder emptied: 141585 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 25058423 bytes

->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 27.00 mb

OTL by OldTimer - Version 3.2.14.1 log created on 09252010_122107

Files\Folders moved on Reboot...

C:\Documents and Settings\Owner\Local Settings\Temp\PRAGMA6dd9.tmp moved successfully.

C:\Documents and Settings\Owner\Local Settings\Temp\PRAGMA6de9.tmp moved successfully.

Registry entries deleted on Reboot...

Then, the MBAM log:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4692

Windows 5.1.2600 Service Pack 3

Internet Explorer 6.0.2900.5512

9/25/2010 7:55:15 PM

mbam-log-2010-09-25 (19-55-15).txt

Scan type: Full scan (C:\|)

Objects scanned: 219928

Time elapsed: 1 hour(s), 44 minute(s), 22 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 3

Folders Infected: 0

Files Infected: 15

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dfrgsnapnt.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\program files\microsoft\desktoplayer.exe -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (explorer.exe,C:\Documents and Settings\Owner\Application Data\Microsoft\Windows\shell.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (c:\windows\system32\userinit.exe,c:\program files\microsoft\desktoplayer.exe) Good: (userinit.exe) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP864\A0120314.exe (Trojan.Shell) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP864\A0121307.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP864\A0121312.exe (Trojan.Shell) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP865\A0121495.sys (Rootkit.TDSS) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP865\A0121496.sys (Rootkit.TDSS) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP865\A0121497.sys (Rootkit.TDSS) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP865\A0121498.dll (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP865\A0121500.dll (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP865\A0121502.dll (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP865\A0125244.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP865\A0127941.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\_OTL\MovedFiles\09252010_122107\c_documents and settings\Owner\Local Settings\Temp\PRAGMA6dd9.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.

C:\_OTL\MovedFiles\09252010_122107\c_documents and settings\Owner\Local Settings\Temp\PRAGMA6de9.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\Program Files\sys5\cim.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Program Files\Microsoft\desktoplayer.exe (Trojan.Agent) -> Delete on reboot.

And, finally, the Kaspersky log:

Autoscan: stopped 1 hour ago (events: 3, objects: 8, time: 00:12:42)

9/25/2010 8:15:23 PM Task started

9/25/2010 8:18:43 PM Detected: Backdoor.Win32.IRCNite.aqv C:\Program Files\Microsoft\DesktopLayer.exe

9/25/2010 8:28:09 PM Task stopped

Disinfect active threats: completed 52 minutes ago (events: 69, objects: 3255, time: 00:10:53)

9/25/2010 8:27:44 PM Task started

9/25/2010 8:27:47 PM Detected: Backdoor.Win32.IRCNite.aqv C:\Program Files\Microsoft\DesktopLayer.exe

9/25/2010 8:29:39 PM Will be deleted on system restart: Backdoor.Win32.IRCNite.aqv C:\Program Files\Microsoft\DesktopLayer.exe

9/25/2010 8:31:03 PM Detected: Virus.Win32.Nimnul.a C:\Program Files\NewTech Infosystems\Backup Now EZ\Pehook.dll

9/25/2010 8:31:05 PM Disinfection on system restart failed: Virus.Win32.Nimnul.a C:\Program Files\NewTech Infosystems\Backup Now EZ\Pehook.dll

9/25/2010 8:31:05 PM Will be deleted on system restart: Virus.Win32.Nimnul.a C:\Program Files\NewTech Infosystems\Backup Now EZ\Pehook.dll

9/25/2010 8:31:56 PM Detected: Virus.Win32.Nimnul.a C:\Program Files\HP\Digital Imaging\bin\hpqtap08.dll

9/25/2010 8:32:00 PM Disinfection on system restart failed: Virus.Win32.Nimnul.a C:\Program Files\HP\Digital Imaging\bin\hpqtap08.dll

9/25/2010 8:32:05 PM Detected: Virus.Win32.Nimnul.a C:\Program Files\HP\Digital Imaging\bin\hpqsti08.dll

9/25/2010 8:32:06 PM Detected: Virus.Win32.Nimnul.a C:\Program Files\HP\Digital Imaging\bin\hpqstp08.dll

9/25/2010 8:32:09 PM Disinfection on system restart failed: Virus.Win32.Nimnul.a C:\Program Files\HP\Digital Imaging\bin\hpqsti08.dll

9/25/2010 8:32:14 PM Detected: Virus.Win32.Nimnul.a C:\Program Files\HP\Digital Imaging\bin\hpqstp08.dll

9/25/2010 8:32:14 PM Disinfected: Virus.Win32.Nimnul.a C:\Program Files\HP\Digital Imaging\bin\hpqstp08.dll

9/25/2010 8:32:15 PM Will be disinfected on system restart: Virus.Win32.Nimnul.a C:\Program Files\HP\Digital Imaging\bin\hpqstp08.dll

9/25/2010 8:34:42 PM Will be deleted on system restart: Virus.Win32.Nimnul.a C:\Program Files\HP\Digital Imaging\bin\hpqtap08.dll

9/25/2010 8:34:54 PM Will be deleted on system restart: Virus.Win32.Nimnul.a C:\Program Files\HP\Digital Imaging\bin\hpqsti08.dll

9/25/2010 8:35:12 PM Detected: Virus.Win32.Nimnul.a C:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe

9/25/2010 8:35:12 PM Disinfected: Virus.Win32.Nimnul.a C:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe

9/25/2010 8:35:13 PM Disinfected: Virus.Win32.Nimnul.a C:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe

9/25/2010 8:35:18 PM Detected: Virus.Win32.Nimnul.a C:\Program Files\QuickTime\QTTask.exe

9/25/2010 8:35:19 PM Disinfected: Virus.Win32.Nimnul.a C:\Program Files\QuickTime\QTTask.exe

9/25/2010 8:35:19 PM Disinfected: Virus.Win32.Nimnul.a C:\Program Files\QuickTime\QTTask.exe

9/25/2010 8:35:40 PM Detected: Virus.Win32.Nimnul.a C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

9/25/2010 8:35:41 PM Disinfected: Virus.Win32.Nimnul.a C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

9/25/2010 8:35:41 PM Disinfected: Virus.Win32.Nimnul.a C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

9/25/2010 8:36:04 PM Detected: Virus.Win32.Nimnul.a C:\Program Files\Windows Media Player\wmpnetwk.exe

9/25/2010 8:36:04 PM Disinfected: Virus.Win32.Nimnul.a C:\Program Files\Windows Media Player\wmpnetwk.exe

9/25/2010 8:36:05 PM Disinfected: Virus.Win32.Nimnul.a C:\Program Files\Windows Media Player\wmpnetwk.exe

9/25/2010 8:36:47 PM Detected: Virus.Win32.Nimnul.a C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

9/25/2010 8:36:48 PM Disinfected: Virus.Win32.Nimnul.a C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

9/25/2010 8:36:49 PM Disinfected: Virus.Win32.Nimnul.a C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

9/25/2010 8:36:56 PM Detected: Virus.Win32.Nimnul.a C:\Program Files\MSN\MSNCoreFiles\msn6.exe

9/25/2010 8:36:56 PM Disinfected: Virus.Win32.Nimnul.a C:\Program Files\MSN\MSNCoreFiles\msn6.exe

9/25/2010 8:36:57 PM Disinfected: Virus.Win32.Nimnul.a C:\Program Files\MSN\MSNCoreFiles\msn6.exe

9/25/2010 8:36:58 PM Detected: Virus.Win32.Nimnul.a C:\Program Files\QuickTime\PictureViewer.exe

9/25/2010 8:36:59 PM Disinfected: Virus.Win32.Nimnul.a C:\Program Files\QuickTime\PictureViewer.exe

9/25/2010 8:36:59 PM Disinfected: Virus.Win32.Nimnul.a C:\Program Files\QuickTime\PictureViewer.exe

9/25/2010 8:37:00 PM Detected: Virus.Win32.Nimnul.a C:\Program Files\RecordNow!\RecordNow.exe

9/25/2010 8:37:01 PM Disinfected: Virus.Win32.Nimnul.a C:\Program Files\RecordNow!\RecordNow.exe

9/25/2010 8:37:01 PM Disinfected: Virus.Win32.Nimnul.a C:\Program Files\RecordNow!\RecordNow.exe

9/25/2010 8:37:04 PM Detected: Virus.Win32.Nimnul.a C:\Program Files\InterVideo\WinDVD4\WinDVD.exe

9/25/2010 8:37:04 PM Disinfected: Virus.Win32.Nimnul.a C:\Program Files\InterVideo\WinDVD4\WinDVD.exe

9/25/2010 8:37:05 PM Disinfected: Virus.Win32.Nimnul.a C:\Program Files\InterVideo\WinDVD4\WinDVD.exe

9/25/2010 8:37:05 PM Detected: Virus.Win32.Nimnul.a C:\Program Files\Microsoft Works\wkplmstp.exe

9/25/2010 8:37:06 PM Disinfected: Virus.Win32.Nimnul.a C:\Program Files\Microsoft Works\wkplmstp.exe

9/25/2010 8:37:06 PM Disinfected: Virus.Win32.Nimnul.a C:\Program Files\Microsoft Works\wkplmstp.exe

9/25/2010 8:37:07 PM Detected: Virus.Win32.Nimnul.a C:\Program Files\Microsoft Works\wkwcestp.exe

9/25/2010 8:37:07 PM Disinfected: Virus.Win32.Nimnul.a C:\Program Files\Microsoft Works\wkwcestp.exe

9/25/2010 8:37:08 PM Disinfected: Virus.Win32.Nimnul.a C:\Program Files\Microsoft Works\wkwcestp.exe

9/25/2010 8:37:20 PM Detected: Virus.Win32.Nimnul.a C:\Documents and Settings\Default User\Start Menu\Programs\Startup\AutoTBar.exe

9/25/2010 8:37:21 PM Disinfected: Virus.Win32.Nimnul.a C:\Documents and Settings\Default User\Start Menu\Programs\Startup\AutoTBar.exe

9/25/2010 8:37:21 PM Disinfected: Virus.Win32.Nimnul.a C:\Documents and Settings\Default User\Start Menu\Programs\Startup\AutoTBar.exe

9/25/2010 8:37:48 PM Detected: Virus.Win32.Nimnul.a C:\Documents and Settings\Owner\Desktop\OTL.exe

9/25/2010 8:37:49 PM Disinfected: Virus.Win32.Nimnul.a C:\Documents and Settings\Owner\Desktop\OTL.exe

9/25/2010 8:37:50 PM Disinfected: Virus.Win32.Nimnul.a C:\Documents and Settings\Owner\Desktop\OTL.exe

9/25/2010 8:37:50 PM Detected: Backdoor.Win32.IRCNite.aqv C:\Documents and Settings\Owner\Desktop\OTLSrv.exe

9/25/2010 8:37:54 PM Deleted: Backdoor.Win32.IRCNite.aqv C:\Documents and Settings\Owner\Desktop\OTLSrv.exe

9/25/2010 8:37:54 PM Deleted: Backdoor.Win32.IRCNite.aqv C:\Documents and Settings\Owner\Desktop\OTLSrv.exe

9/25/2010 8:38:05 PM Detected: Virus.Win32.Nimnul.a C:\Documents and Settings\Owner\Desktop\RKUnhookerLE.EXE

9/25/2010 8:38:05 PM Disinfected: Virus.Win32.Nimnul.a C:\Documents and Settings\Owner\Desktop\RKUnhookerLE.EXE

9/25/2010 8:38:06 PM Disinfected: Virus.Win32.Nimnul.a C:\Documents and Settings\Owner\Desktop\RKUnhookerLE.EXE

9/25/2010 8:38:15 PM Detected: Virus.Win32.Nimnul.a C:\Program Files\Western Digital\WD Discovery Software\WD Discovery.exe

9/25/2010 8:38:16 PM Disinfected: Virus.Win32.Nimnul.a C:\Program Files\Western Digital\WD Discovery Software\WD Discovery.exe

9/25/2010 8:38:16 PM Disinfected: Virus.Win32.Nimnul.a C:\Program Files\Western Digital\WD Discovery Software\WD Discovery.exe

9/25/2010 8:38:24 PM Detected: Virus.Win32.Nimnul.a C:\Program Files\NewTech Infosystems\Backup Now EZ\Pehook.dll

9/25/2010 8:38:24 PM Detected: Virus.Win32.Nimnul.a C:\Program Files\NewTech Infosystems\Backup Now EZ\Pehook.dll

9/25/2010 8:38:24 PM Disinfected: Virus.Win32.Nimnul.a C:\Program Files\NewTech Infosystems\Backup Now EZ\Pehook.dll

9/25/2010 8:38:24 PM Will be disinfected on system restart: Virus.Win32.Nimnul.a C:\Program Files\NewTech Infosystems\Backup Now EZ\Pehook.dll

9/25/2010 8:38:38 PM Task completed

Autoscan: stopped 13 minutes ago (events: 3, objects: 8, time: 00:33:01)

9/25/2010 8:44:09 PM Task started

9/25/2010 8:47:14 PM Detected: Backdoor.Win32.IRCNite.aqv C:\Program Files\Microsoft\DesktopLayer.exe

9/25/2010 9:17:14 PM Task stopped

Disinfect active threats: completed 8 minutes ago (events: 108, objects: 3221, time: 00:05:04)

9/25/2010 9:17:03 PM Task started

9/25/2010 9:17:06 PM Detected: Backdoor.Win32.IRCNite.aqv C:\Program Files\Microsoft\DesktopLayer.exe

9/25/2010 9:17:37 PM Will be deleted on system restart: Backdoor.Win32.IRCNite.aqv C:\Program Files\Microsoft\DesktopLayer.exe

9/25/2010 9:18:27 PM Detected: Trojan.Win32.Swisyn.alxy C:\Program Files\sys4\ctt.exe

9/25/2010 9:18:36 PM Will be deleted on system restart: Trojan.Win32.Swisyn.alxy C:\Program Files\sys4\ctt.exe

9/25/2010 9:18:40 PM Detected: HEUR:Trojan.Win32.Generic C:\Documents and Settings\Owner\local settings\temp\dwm.exe

9/25/2010 9:18:49 PM Will be quarantined on system restart: HEUR:Trojan.Win32.Generic C:\Documents and Settings\Owner\local settings\temp\dwm.exe

9/25/2010 9:19:00 PM Detected: Virus.Win32.Nimnul.a C:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe

9/25/2010 9:19:01 PM Disinfected: Virus.Win32.Nimnul.a C:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe

9/25/2010 9:19:01 PM Disinfected: Virus.Win32.Nimnul.a C:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe

9/25/2010 9:19:08 PM Detected: Virus.Win32.Nimnul.a C:\Program Files\QuickTime\QTTask.exe

9/25/2010 9:19:08 PM Disinfected: Virus.Win32.Nimnul.a C:\Program Files\QuickTime\QTTask.exe

9/25/2010 9:19:08 PM Disinfected: Virus.Win32.Nimnul.a C:\Program Files\QuickTime\QTTask.exe

9/25/2010 9:19:09 PM Detected: Virus.Win32.Nimnul.a C:\Documents and Settings\Owner\Application Data\Microsoft\svchost.exe

9/25/2010 9:19:09 PM Disinfected: Virus.Win32.Nimnul.a C:\Documents and Settings\Owner\Application Data\Microsoft\svchost.exe

9/25/2010 9:19:09 PM Detected: Trojan.Win32.Swisyn.alxy C:\Documents and Settings\Owner\Application Data\Microsoft\svchost.exe

9/25/2010 9:19:34 PM Deleted: Trojan.Win32.Swisyn.alxy C:\Documents and Settings\Owner\Application Data\Microsoft\svchost.exe

9/25/2010 9:19:34 PM Deleted: Trojan.Win32.Swisyn.alxy C:\Documents and Settings\Owner\Application Data\Microsoft\svchost.exe

9/25/2010 9:19:42 PM Detected: Virus.Win32.Nimnul.a C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

9/25/2010 9:19:42 PM Disinfected: Virus.Win32.Nimnul.a C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

9/25/2010 9:19:42 PM Disinfected: Virus.Win32.Nimnul.a C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

9/25/2010 9:19:49 PM Detected: Virus.Win32.Nimnul.a C:\Program Files\Windows Media Player\wmpnetwk.exe

9/25/2010 9:19:49 PM Disinfected: Virus.Win32.Nimnul.a C:\Program Files\Windows Media Player\wmpnetwk.exe

9/25/2010 9:19:49 PM Disinfected: Virus.Win32.Nimnul.a C:\Program Files\Windows Media Player\wmpnetwk.exe

9/25/2010 9:20:18 PM Detected: Virus.Win32.Nimnul.a C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

9/25/2010 9:20:18 PM Disinfected: Virus.Win32.Nimnul.a C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

9/25/2010 9:20:19 PM Disinfected: Virus.Win32.Nimnul.a C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

9/25/2010 9:20:22 PM Detected: Virus.Win32.Nimnul.a C:\Program Files\MSN\MSNCoreFiles\msn6.exe

9/25/2010 9:20:22 PM Disinfected: Virus.Win32.Nimnul.a C:\Program Files\MSN\MSNCoreFiles\msn6.exe

9/25/2010 9:20:22 PM Disinfected: Virus.Win32.Nimnul.a C:\Program Files\MSN\MSNCoreFiles\msn6.exe

9/25/2010 9:20:23 PM Detected: Virus.Win32.Nimnul.a C:\Program Files\QuickTime\PictureViewer.exe

9/25/2010 9:20:23 PM Disinfected: Virus.Win32.Nimnul.a C:\Program Files\QuickTime\PictureViewer.exe

9/25/2010 9:20:23 PM Disinfected: Virus.Win32.Nimnul.a C:\Program Files\QuickTime\PictureViewer.exe

9/25/2010 9:20:24 PM Detected: Virus.Win32.Nimnul.a C:\Program Files\RecordNow!\RecordNow.exe

9/25/2010 9:20:24 PM Disinfected: Virus.Win32.Nimnul.a C:\Program Files\RecordNow!\RecordNow.exe

9/25/2010 9:20:25 PM Disinfected: Virus.Win32.Nimnul.a C:\Program Files\RecordNow!\RecordNow.exe

9/25/2010 9:20:27 PM Detected: Virus.Win32.Nimnul.a C:\Program Files\InterVideo\WinDVD4\WinDVD.exe

9/25/2010 9:20:27 PM Disinfected: Virus.Win32.Nimnul.a C:\Program Files\InterVideo\WinDVD4\WinDVD.exe

9/25/2010 9:20:27 PM Disinfected: Virus.Win32.Nimnul.a C:\Program Files\InterVideo\WinDVD4\WinDVD.exe

9/25/2010 9:20:27 PM Detected: Virus.Win32.Nimnul.a C:\Program Files\Microsoft Works\wkplmstp.exe

9/25/2010 9:20:27 PM Disinfected: Virus.Win32.Nimnul.a C:\Program Files\Microsoft Works\wkplmstp.exe

9/25/2010 9:20:28 PM Disinfected: Virus.Win32.Nimnul.a C:\Program Files\Microsoft Works\wkplmstp.exe

9/25/2010 9:20:28 PM Detected: Virus.Win32.Nimnul.a C:\Program Files\Microsoft Works\wkwcestp.exe

9/25/2010 9:20:28 PM Disinfected: Virus.Win32.Nimnul.a C:\Program Files\Microsoft Works\wkwcestp.exe

9/25/2010 9:20:28 PM Disinfected: Virus.Win32.Nimnul.a C:\Program Files\Microsoft Works\wkwcestp.exe

9/25/2010 9:20:35 PM Detected: Virus.Win32.Nimnul.a C:\Documents and Settings\Default User\Start Menu\Programs\Startup\AutoTBar.exe

9/25/2010 9:20:35 PM Disinfected: Virus.Win32.Nimnul.a C:\Documents and Settings\Default User\Start Menu\Programs\Startup\AutoTBar.exe

9/25/2010 9:20:35 PM Disinfected: Virus.Win32.Nimnul.a C:\Documents and Settings\Default User\Start Menu\Programs\Startup\AutoTBar.exe

9/25/2010 9:20:44 PM Detected: Virus.Win32.Nimnul.a C:\Documents and Settings\Owner\Desktop\OTL.exe

9/25/2010 9:20:45 PM Disinfected: Virus.Win32.Nimnul.a C:\Documents and Settings\Owner\Desktop\OTL.exe

9/25/2010 9:20:46 PM Disinfected: Virus.Win32.Nimnul.a C:\Documents and Settings\Owner\Desktop\OTL.exe

9/25/2010 9:20:47 PM Detected: Virus.Win32.Nimnul.a C:\Documents and Settings\Owner\Desktop\RKUnhookerLE.EXE

9/25/2010 9:20:48 PM Disinfected: Virus.Win32.Nimnul.a C:\Documents and Settings\Owner\Desktop\RKUnhookerLE.EXE

9/25/2010 9:20:48 PM Disinfected: Virus.Win32.Nimnul.a C:\Documents and Settings\Owner\Desktop\RKUnhookerLE.EXE

9/25/2010 9:20:57 PM Detected: Virus.Win32.Nimnul.a C:\Program Files\Western Digital\WD Discovery Software\WD Discovery.exe

9/25/2010 9:20:57 PM Disinfected: Virus.Win32.Nimnul.a C:\Program Files\Western Digital\WD Discovery Software\WD Discovery.exe

9/25/2010 9:20:57 PM Disinfected: Virus.Win32.Nimnul.a C:\Program Files\Western Digital\WD Discovery Software\WD Discovery.exe

9/25/2010 9:20:57 PM Detected: Virus.Win32.Nimnul.a C:\Documents and Settings\Owner\Application Data\Microsoft\Windows\shell.exe

9/25/2010 9:20:58 PM Disinfected: Virus.Win32.Nimnul.a C:\Documents and Settings\Owner\Application Data\Microsoft\Windows\shell.exe

9/25/2010 9:20:58 PM Disinfected: Virus.Win32.Nimnul.a C:\Documents and Settings\Owner\Application Data\Microsoft\Windows\shell.exe

9/25/2010 9:21:07 PM Detected: Backdoor.Win32.IRCNite.aqv C:\Program Files\Common Files\Sonic\Update Manager\sgtraySrv.exe

9/25/2010 9:21:10 PM Deleted: Backdoor.Win32.IRCNite.aqv C:\Program Files\Common Files\Sonic\Update Manager\sgtraySrv.exe

9/25/2010 9:21:10 PM Deleted: Backdoor.Win32.IRCNite.aqv C:\Program Files\Common Files\Sonic\Update Manager\sgtraySrv.exe

9/25/2010 9:21:10 PM Detected: Virus.Win32.Nimnul.a C:\Program Files\Common Files\Sonic\Update Manager\sus.dll

9/25/2010 9:21:10 PM Disinfected: Virus.Win32.Nimnul.a C:\Program Files\Common Files\Sonic\Update Manager\sus.dll

9/25/2010 9:21:10 PM Disinfected: Virus.Win32.Nimnul.a C:\Program Files\Common Files\Sonic\Update Manager\sus.dll

9/25/2010 9:21:11 PM Detected: Virus.Win32.Nimnul.a C:\Program Files\HP\Digital Imaging\bin\hpotra08.dll

9/25/2010 9:21:12 PM Disinfected: Virus.Win32.Nimnul.a C:\Program Files\HP\Digital Imaging\bin\hpotra08.dll

9/25/2010 9:21:12 PM Disinfected: Virus.Win32.Nimnul.a C:\Program Files\HP\Digital Imaging\bin\hpotra08.dll

9/25/2010 9:21:12 PM Detected: Virus.Win32.Nimnul.a C:\Program Files\HP\Digital Imaging\bin\hpqcob08.dll

9/25/2010 9:21:12 PM Disinfected: Virus.Win32.Nimnul.a C:\Program Files\HP\Digital Imaging\bin\hpqcob08.dll

9/25/2010 9:21:12 PM Disinfected: Virus.Win32.Nimnul.a C:\Program Files\HP\Digital Imaging\bin\hpqcob08.dll

9/25/2010 9:21:13 PM Detected: Virus.Win32.Nimnul.a C:\Program Files\HP\Digital Imaging\bin\hpqtax08.exe

9/25/2010 9:21:13 PM Disinfected: Virus.Win32.Nimnul.a C:\Program Files\HP\Digital Imaging\bin\hpqtax08.exe

9/25/2010 9:21:13 PM Disinfected: Virus.Win32.Nimnul.a C:\Program Files\HP\Digital Imaging\bin\hpqtax08.exe

9/25/2010 9:21:14 PM Detected: Virus.Win32.Nimnul.a C:\Program Files\Java\jre6\bin\client\jvm.dll

9/25/2010 9:21:15 PM Disinfected: Virus.Win32.Nimnul.a C:\Program Files\Java\jre6\bin\client\jvm.dll

9/25/2010 9:21:15 PM Disinfected: Virus.Win32.Nimnul.a C:\Program Files\Java\jre6\bin\client\jvm.dll

9/25/2010 9:21:16 PM Detected: Virus.Win32.Nimnul.a C:\Program Files\Java\jre6\bin\deploy.dll

9/25/2010 9:21:16 PM Disinfected: Virus.Win32.Nimnul.a C:\Program Files\Java\jre6\bin\deploy.dll

9/25/2010 9:21:16 PM Disinfected: Virus.Win32.Nimnul.a C:\Program Files\Java\jre6\bin\deploy.dll

9/25/2010 9:21:16 PM Detected: Virus.Win32.Nimnul.a C:\Program Files\Java\jre6\bin\hpi.dll

9/25/2010 9:21:17 PM Disinfected: Virus.Win32.Nimnul.a C:\Program Files\Java\jre6\bin\hpi.dll

9/25/2010 9:21:17 PM Disinfected: Virus.Win32.Nimnul.a C:\Program Files\Java\jre6\bin\hpi.dll

9/25/2010 9:21:17 PM Detected: Virus.Win32.Nimnul.a C:\Program Files\Java\jre6\bin\java.dll

9/25/2010 9:21:17 PM Disinfected: Virus.Win32.Nimnul.a C:\Program Files\Java\jre6\bin\java.dll

9/25/2010 9:21:18 PM Disinfected: Virus.Win32.Nimnul.a C:\Program Files\Java\jre6\bin\java.dll

9/25/2010 9:21:18 PM Detected: Virus.Win32.Nimnul.a C:\Program Files\Java\jre6\bin\net.dll

9/25/2010 9:21:19 PM Disinfected: Virus.Win32.Nimnul.a C:\Program Files\Java\jre6\bin\net.dll

9/25/2010 9:21:19 PM Disinfected: Virus.Win32.Nimnul.a C:\Program Files\Java\jre6\bin\net.dll

9/25/2010 9:21:19 PM Detected: Virus.Win32.Nimnul.a C:\Program Files\Java\jre6\bin\regutils.dll

9/25/2010 9:21:20 PM Disinfected: Virus.Win32.Nimnul.a C:\Program Files\Java\jre6\bin\regutils.dll

9/25/2010 9:21:20 PM Disinfected: Virus.Win32.Nimnul.a C:\Program Files\Java\jre6\bin\regutils.dll

9/25/2010 9:21:20 PM Detected: Backdoor.Win32.IRCNite.aqv C:\Program Files\Microsoft\DesktopLayer.exe

9/25/2010 9:21:25 PM Will be deleted on system restart: Backdoor.Win32.IRCNite.aqv C:\Program Files\Microsoft\DesktopLayer.exe

9/25/2010 9:21:28 PM Detected: Virus.Win32.Nimnul.a C:\Program Files\QuickTime\QTSystem\QuickTime.Resources\QuickTime.dll

9/25/2010 9:21:28 PM Untreated: Virus.Win32.Nimnul.a C:\Program Files\QuickTime\QTSystem\QuickTime.Resources\QuickTime.dll Cannot be disinfected

9/25/2010 9:21:31 PM Processing error: Virus.Win32.Nimnul.a C:\Program Files\QuickTime\QTSystem\QuickTime.Resources\QuickTime.dll Read error

9/25/2010 9:21:33 PM Cannot be deleted: Virus.Win32.Nimnul.a C:\Program Files\QuickTime\QTSystem\QuickTime.Resources\QuickTime.dll

9/25/2010 9:21:33 PM Cannot be deleted: Virus.Win32.Nimnul.a C:\Program Files\QuickTime\QTSystem\QuickTime.Resources\QuickTime.dll

9/25/2010 9:21:33 PM Detected: Virus.Win32.Nimnul.a C:\Program Files\QuickTime\QTSystem\QuickTime.Resources\en.lproj\QuickTimeLocalized.dll

9/25/2010 9:21:33 PM Untreated: Virus.Win32.Nimnul.a C:\Program Files\QuickTime\QTSystem\QuickTime.Resources\en.lproj\QuickTimeLocalized.dll Cannot be disinfected

9/25/2010 9:21:36 PM Processing error: Virus.Win32.Nimnul.a C:\Program Files\QuickTime\QTSystem\QuickTime.Resources\en.lproj\QuickTimeLocalized.dll Read error

9/25/2010 9:21:37 PM Cannot be deleted: Virus.Win32.Nimnul.a C:\Program Files\QuickTime\QTSystem\QuickTime.Resources\en.lproj\QuickTimeLocalized.dll

9/25/2010 9:21:37 PM Cannot be deleted: Virus.Win32.Nimnul.a C:\Program Files\QuickTime\QTSystem\QuickTime.Resources\en.lproj\QuickTimeLocalized.dll

9/25/2010 9:21:39 PM Detected: Trojan.Win32.Swisyn.alxy C:\Program Files\sys4\ctt.exe

9/25/2010 9:21:41 PM Will be deleted on system restart: Trojan.Win32.Swisyn.alxy C:\Program Files\sys4\ctt.exe

9/25/2010 9:22:07 PM Task completed

Link to post
Share on other sites

Please download Dr.Web CureIt and save it to your desktop. DO NOT perform a scan yet.

alternate download link

Note: The file will be randomly named (i.e. 5mkuvc4z.exe).

Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in Safe Mode.

Scan with Dr.Web CureIt as follows:

  • Double-click on the randomly named file to open the program and click Start. (There is no need to update if you just downloaded the most current version
  • Read the Virus check by DrWeb scanner prompt and click Ok where asked to Start scan now? Allow the setup.exe to load if asked by any of your security programs.
  • The Express scan will automatically begin.
  • (This is a short scan of files currently running in memory, boot sectors, and targeted folders).
  • If prompted to dowload the Full version Free Trial, ignore and click the X to close the window.
  • If an infected object is found, you will be prompted to move anything that cannot be cured. Click Yes to All. (This will move any detected files to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if they can't be cured)
  • After the Express Scan is finished, put a check next to Complete scan to scan all local disks and removable media.
  • In the top menu, click Settings > Change settings, and uncheck "Heuristic analysis" under the "Scanning" tab, then click Apply, Ok.
  • Back at the main window, click the green arrow "Start Scanning" button on the right under the Dr.Web logo.
  • Please be patient as this scan could take a long time to complete.
  • When the scan has finished, a message will be displayed at the bottom indicating if any viruses were found.
  • Click Select All, then choose Cure > Move incurable.
  • In the top menu, click file and choose save report list.
  • Save the DrWeb.csv report to your desktop.
  • Exit Dr.Web Cureit when done.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)

In your next reply, please include the following:

Dr. Web.cvs

Link to post
Share on other sites

Unfortunately, after the Dr. Web express scan, which completes with no problems found, the complete scan bogs down.

Sometimes after 11 hours, sometimes 9, or even after an hour and 25,000 files scanned it grinds to a halt. Sometimes it reboots. Sometimes not.

The latest grind down and re-boot during a complete scan - express scan always goes well - featured this message:

viruses detected during the scanning (RC =3221225477)

It then asked about an upgrade to the full version and custom scans and re-booted in Safe Mode all by itself.

The 9th (?) express scan is now underway.....

Link to post
Share on other sites

I would like to see if anything is indeed left over.

Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.

  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Link to post
Share on other sites

Again, another one that will not run completely before bogging down into nothing.

it sometimes starts, and then grinds to a halt

it sometimes asks for a Java update that will not load.

meanwhile, the AiOSoftwareNPI continually attempts to load in the backgroumd

Kaspersky also asks that all other protection software be disabled which makes me nervous.

I cannot tell you how much I do appreciate you continuing to try and find solutions, and i am not discouraged, just a little frustrated and helpless.

Link to post
Share on other sites

No problem.

A computer with this type of infection needs to really be reformatted but I understand if you do not want to do that.

The AIO software seems to be related to a hewlett packard printer.

Do you use a Hp printer possibly all in one?

If so then go to Start>Control panel ,Add remove programs and uninstall the printer software and then you can reinstall it later to make it go away.

It basically means the software is missing a component and needs to be reinstalled.

==================

Give this one a shot.

* Go here to run an online scannner from ESET.

  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Check next options: Remove found threats and Scan unwanted applications.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\ESET Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.