Jump to content

Windows Secuirty Center / XP Internet Security Alert / PW.exe


Recommended Posts

Thanks in advance for any help with this. Sorry I don't have the Malwarebytes log, I'll post that tonight after work. Here is the other requested information per this URL http://forums.malwarebytes.org/index.php?showtopic=9573:

DDS (Ver_10-11-10.01) - NTFSx86

Run by Administrator at 12:23:15.78 on Sun 11/21/2010

Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_16

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3071.2587 [GMT -5:00]

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:WINDOWSsystem32svchost -k DcomLaunch

svchost.exe

C:WINDOWSSystem32svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:Program FilesAlwil SoftwareAvast5AvastSvc.exe

C:WINDOWSsystem32spoolsv.exe

C:Program FilesCommon FilesLogiShrdLVMVFMLVPrcSrv.exe

C:WINDOWSExplorer.EXE

C:Program FilesTortoiseSVNbinTSVNCache.exe

svchost.exe

C:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe

C:Program FilesBonjourmDNSResponder.exe

C:WINDOWSsystem32svchost.exe -k hpdevmgmt

C:WINDOWSsystem32svchost.exe -k HPService

C:Program FilesCommon FilesIntuitUpdate ServiceIntuitUpdateService.exe

C:Program FilesJavajre6binjqs.exe

C:WINDOWSsystem32libusbd-nt.exe

C:Program FilesCommon FilesLightScribeLSSrvc.exe

C:Program FilesCommon FilesLogiShrdLVCOMSERLVComSer.exe

C:Program FilesMediafourMacDrive 7MacDriveService.exe

C:Program FilesMalwarebytes' Anti-Malwarembamservice.exe

C:Program FilesCommon FilesNeroNero BackItUp 4NBService.exe

C:WINDOWSSystem32svchost.exe -k HPZ12

C:WINDOWSsystem32nvsvc32.exe

C:WINDOWSSystem32svchost.exe -k HPZ12

C:Program FilesCommon FilesProtexisLicense ServicePsiService_2.exe

C:WINDOWSsystem32svchost.exe -k imgsvc

C:Program FilesViewpointCommonViewpointService.exe

C:WINDOWSsystem32wuauclt.exe

C:Program FilesCommon FilesLogiShrdLVCOMSERLVComSer.exe

C:WINDOWSSystem32svchost.exe -k HTTPFilter

C:WINDOWSsystem32wuauclt.exe

C:Documents and SettingsAdministratorDesktoptransdds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank

uInternet Settings,ProxyOverride = *.local

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:program fileshpdigital imagingsmart web printinghpswp_printenhancer.dll

BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:program filesadobe/Adobe Contribute CS4/contributeieplugin.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:program filescommon filesadobeacrobatactivexAcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:program filesmicrosoft officeoffice12GrooveShellExtensions.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:program filesjavajre6binjp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:program filesjavajre6libdeployjqsiejqs_plugin.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:program fileshpdigital imagingsmart web printinghpswp_BHO.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:program filescommon filesadobeacrobatactivexAcroIEFavClient.dll

TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:program filesadobe/Adobe Contribute CS4/contributeieplugin.dll

uRun: [LightScribe Control Panel] c:program filescommon fileslightscribeLightScribeControlPanel.exe -hidden

uRun: [ctfmon.exe] c:windowssystem32ctfmon.exe

uRun: [Aim6]

uRun: [AdobeBridge]

mRun: [avast5] c:progra~1alwils~1avast5avastUI.exe /nogui

mRun: [TrojanScanner] c:program filestrojan removerTrjscan.exe /boot

mRun: [sunJavaUpdateSched] "c:program filesjavajre6binjusched.exe"

mRun: [start WingMan Profiler] c:program fileslogitechgaming softwareLWEMon.exe /noui

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [QuickTime Task] "c:program filesquicktimeQTTask.exe" -atboottime

mRun: [PWRISOVM.EXE] c:program filespowerisoPWRISOVM.EXE

mRun: [nwiz] nwiz.exe /install

mRun: [NvMediaCenter] RUNDLL32.EXE c:windowssystem32NvMcTray.dll,NvTaskbarInit

mRun: [NvCplDaemon] RUNDLL32.EXE c:windowssystem32NvCpl.dll,NvStartup

mRun: [MacDrive application] "c:program filesmediafourmacdrive 7MacDrive.exe"

mRun: [LogitechQuickCamRibbon] "c:program fileslogitechquickcamQuickcam.exe" /hide

mRun: [LogitechCommunicationsManager] "c:program filescommon fileslogishrdlcommgrCommunications_Helper.exe"

mRun: [Launch Ai Booster] "c:program filesasusai boosterOverClk.exe"

mRun: [iTunesHelper] "c:program filesitunesiTunesHelper.exe"

mRun: [HP Software Update] c:program fileshphp software updateHPWuSchd2.exe

mRun: [GrooveMonitor] "c:program filesmicrosoft officeoffice12GrooveMonitor.exe"

mRun: [Getting started with MacDrive] "c:program filesmediafourmacdrive 7MDGetStarted.exe" /auto

mRun: [AS00_WN311B] c:program filesnetgearwn311butilityWN311B.exe -hide

mRun: [AppleSyncNotifier] c:program filescommon filesapplemobile device supportAppleSyncNotifier.exe

mRun: [Alcmtr] ALCMTR.EXE

mRun: [Adobe_ID0ENQBO] c:progra~1common~1adobeadobev~1serverbinVERSIO~2.EXE

mRun: [AdobeCS4ServiceManager] "c:program filescommon filesadobecs4servicemanagerCS4ServiceManager.exe" -launchedbylogin

mRun: [Adobe ARM] "c:program filescommon filesadobearm1.0AdobeARM.exe"

mRun: [Adobe Acrobat Speed Launcher] "c:program filesadobeacrobat 9.0acrobatAcrobat_sl.exe"

mRun: [Acrobat Assistant 8.0] "c:program filesadobeacrobat 9.0acrobatAcrotray.exe"

mRun: [Malwarebytes Anti-Malware (reboot)] "c:program filesmalwarebytes' anti-malwarembam.exe" /runcleanupscript

mRun: [Malwarebytes' Anti-Malware] "c:program filesmalwarebytes' anti-malwarembamgui.exe" /starttray

dRunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32

dRunOnce: [iE7-11] rundll32 advpack.dll,LaunchINFSection NR_IE7en.inf,AfterUserStart

StartupFolder: c:docume~1admini~1startm~1programsstartupmagicd~1.lnk - c:program filesmagicdiscMagicDisc.exe

StartupFolder: c:docume~1admini~1startm~1programsstartuponenot~1.lnk - c:program filesmicrosoft officeoffice12ONENOTEM.EXE

StartupFolder: c:docume~1alluse~1startm~1programsstartuphpdigi~1.lnk - c:program fileshpdigital imagingbinhpqtra08.exe

IE: Append Link Target to Existing PDF - c:program filescommon filesadobeacrobatactivexAcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:program filescommon filesadobeacrobatactivexAcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:program filescommon filesadobeacrobatactivexAcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert link target to existing PDF - c:program filescommon filesadobeacrobatactivexAcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert to Adobe PDF - c:program filescommon filesadobeacrobatactivexAcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:progra~1micros~2office12EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:program filesmessengermsmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:progra~1micros~2office12ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:progra~1micros~2office12REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:program fileshpdigital imagingsmart web printinghpswp_BHO.dll

Trusted Zone: intuit.comttlc

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:program filesmicrosoft officeoffice12GrooveSystemServices.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:windowssystem32wpdshserviceobj.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:program filesmicrosoft officeoffice12GrooveShellExtensions.dll

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:program filescommon fileslightscribeLSRunOnce.exe"

================= FIREFOX ===================

FF - ProfilePath - c:docume~1admini~1applic~1mozillafirefoxprofilesx5z7py5e.default

FF - plugin: c:program filesmozilla firefoxpluginsNPTURNMED.dll

FF - plugin: c:program filesviewpointviewpoint media playernpViewpoint.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:windowsmicrosoft.netframeworkv3.5windows presentation foundationdotnetassistantextension

FF - HiddenExtension: Java Console: No Registry Reference - c:program filesmozilla firefoxextensions{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

c:program filesmozilla firefoxgreprefsall.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:program filesmozilla firefoxgreprefsall.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional

c:program filesmozilla firefoxgreprefsall.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified

c:program filesmozilla firefoxgreprefsall.js - pref("network.IDN.whitelist.xn--j6w193g", true);

c:program filesmozilla firefoxgreprefsall.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:program filesmozilla firefoxgreprefsall.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);

c:program filesmozilla firefoxgreprefsall.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);

c:program filesmozilla firefoxgreprefsall.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);

c:program filesmozilla firefoxgreprefsall.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional

c:program filesmozilla firefoxgreprefsall.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R0 MDFSYSNT;MacDrive file system driver;c:windowssystem32driversMDFSYSNT.SYS [2009-2-4 284160]

R0 MDPMGRNT;MacDrive partition driver;c:windowssystem32driversMDPMGRNT.SYS [2009-2-4 19456]

R0 mv614x;mv614x;c:windowssystem32driversmv614x.sys [2009-6-21 34432]

R1 aswSP;aswSP;c:windowssystem32driversaswSP.sys [2009-4-24 165584]

R2 aswFsBlk;aswFsBlk;c:windowssystem32driversaswFsBlk.sys [2009-4-24 17744]

R2 avast! Antivirus;avast! Antivirus;c:program filesalwil softwareavast5AvastSvc.exe [2010-7-2 40384]

R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32libusbd-nt.exe --> system32libusbd-nt.exe [?]

R2 MacDriveService;MacDrive service;c:program filesmediafourmacdrive 7MacDriveService.exe [2008-11-26 150528]

R2 MBAMService;MBAMService;c:program filesmalwarebytes' anti-malwarembamservice.exe [2010-11-17 304464]

R2 regi;regi;c:windowssystem32driversregi.sys [2007-4-17 11032]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:program filesviewpointcommonViewpointService.exe [2009-4-24 24652]

R3 avast! Mail Scanner;avast! Mail Scanner;c:program filesalwil softwareavast5AvastSvc.exe [2010-7-2 40384]

R3 avast! Web Scanner;avast! Web Scanner;c:program filesalwil softwareavast5AvastSvc.exe [2010-7-2 40384]

R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:windowssystem32driverslibusb0.sys [2010-5-2 33792]

R3 MBAMProtector;MBAMProtector;c:windowssystem32driversmbam.sys [2010-11-17 20952]

S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:program filescommon filesadobeadobe version cue cs4serverbinVersionCueCS4.exe [2008-8-15 288112]

S3 AWINDIS5;AWINDIS5 Protocol Driver;c:windowssystem32AWINDIS5.SYS [2009-4-24 16194]

=============== File Associations ===============

.exe=pezfile

=============== Created Last 30 ================

2010-11-18 01:58:49 38224 ----a-w- c:windowssystem32driversmbamswissarmy.sys

2010-11-18 01:58:46 20952 ----a-w- c:windowssystem32driversmbam.sys

2010-11-18 01:58:46 -------- d-----w- c:program filesMalwarebytes' Anti-Malware

2010-11-06 14:50:23 719832 ----a-w- c:program filesmozilla firefoxmozcpp19.dll

2010-11-06 14:50:23 16856 ----a-w- c:program filesmozilla firefoxplugin-container.exe

==================== Find3M ====================

2010-09-07 15:12:17 38848 ----a-w- c:windowsavastSS.scr

============= FINISH: 12:23:54.79 ===============

This is my latest Malwarebytes log, I ran it 8 times in previous days and have attached all logs in a zip file:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 2

Internet Explorer 7.0.5730.11

11/19/2010 10:33:59 PM

mbam-log-2010-11-19 (22-33-59).txt

Scan type: Quick scan

Objects scanned: 123577

Time elapsed: 3 minute(s), 50 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Archive.zip

Logs.zip

Link to post
Share on other sites

:D

Please don't attach the scan results, use Copy/Paste

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

Please download ATF Cleaner by Atribune.

Download - ATF Cleaner

Link to post
Share on other sites

2010/11/23 19:49:47.0343 TDSS rootkit removing tool 2.4.8.0 Nov 17 2010 07:23:12

2010/11/23 19:49:47.0343 ================================================================================

2010/11/23 19:49:47.0343 SystemInfo:

2010/11/23 19:49:47.0343

2010/11/23 19:49:47.0343 OS Version: 5.1.2600 ServicePack: 2.0

2010/11/23 19:49:47.0343 Product type: Workstation

2010/11/23 19:49:47.0343 ComputerName: SHARKY

2010/11/23 19:49:47.0343 UserName: Administrator

2010/11/23 19:49:47.0343 Windows directory: C:\WINDOWS

2010/11/23 19:49:47.0343 System windows directory: C:\WINDOWS

2010/11/23 19:49:47.0343 Processor architecture: Intel x86

2010/11/23 19:49:47.0343 Number of processors: 2

2010/11/23 19:49:47.0343 Page size: 0x1000

2010/11/23 19:49:47.0343 Boot type: Normal boot

2010/11/23 19:49:47.0343 ================================================================================

2010/11/23 19:49:47.0890 Initialize success

2010/11/23 19:49:51.0250 ================================================================================

2010/11/23 19:49:51.0250 Scan started

2010/11/23 19:49:51.0250 Mode: Manual;

2010/11/23 19:49:51.0250 ================================================================================

2010/11/23 19:49:52.0140 Aavmker4 (8d488938e2f7048906f1fbd3af394887) C:\WINDOWS\system32\drivers\Aavmker4.sys

2010/11/23 19:49:52.0234 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2010/11/23 19:49:52.0265 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2010/11/23 19:49:52.0296 adfs (73685e15ef8b0bd9c30f1af413f13d49) C:\WINDOWS\system32\drivers\adfs.sys

2010/11/23 19:49:52.0359 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys

2010/11/23 19:49:52.0390 AFD (6a0397376853e604de8e1e7a87fc08ac) C:\WINDOWS\System32\drivers\afd.sys

2010/11/23 19:49:52.0750 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

2010/11/23 19:49:52.0812 AsIO (c959989e2ce8da9bde8cafddba84badf) C:\WINDOWS\system32\drivers\AsIO.sys

2010/11/23 19:49:52.0843 aswFsBlk (a0d86b8ac93ef95620420c7a24ac5344) C:\WINDOWS\system32\drivers\aswFsBlk.sys

2010/11/23 19:49:52.0859 aswMon2 (7d880c76a285a41284d862e2d798ec0d) C:\WINDOWS\system32\drivers\aswMon2.sys

2010/11/23 19:49:52.0890 aswRdr (69823954bbd461a73d69774928c9737e) C:\WINDOWS\system32\drivers\aswRdr.sys

2010/11/23 19:49:52.0890 aswSP (7ecc2776638b04553f9a85bd684c3abf) C:\WINDOWS\system32\drivers\aswSP.sys

2010/11/23 19:49:52.0921 aswTdi (095ed820a926aa8189180b305e1bcfc9) C:\WINDOWS\system32\drivers\aswTdi.sys

2010/11/23 19:49:52.0937 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2010/11/23 19:49:52.0968 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys

2010/11/23 19:49:53.0015 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2010/11/23 19:49:53.0062 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2010/11/23 19:49:53.0109 AWINDIS5 (f62b70d3209e38a6c19a03109a25b903) C:\WINDOWS\system32\AWINDIS5.SYS

2010/11/23 19:49:53.0171 BCM43XX (7d0bd5c9e92a56775cfac768baba56ca) C:\WINDOWS\system32\DRIVERS\wn311b.sys

2010/11/23 19:49:53.0250 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2010/11/23 19:49:53.0281 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS

2010/11/23 19:49:53.0296 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2010/11/23 19:49:53.0328 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

2010/11/23 19:49:53.0390 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2010/11/23 19:49:53.0421 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys

2010/11/23 19:49:53.0453 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2010/11/23 19:49:53.0609 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys

2010/11/23 19:49:53.0687 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys

2010/11/23 19:49:53.0750 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys

2010/11/23 19:49:53.0796 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2010/11/23 19:49:53.0843 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys

2010/11/23 19:49:53.0968 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys

2010/11/23 19:49:54.0015 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys

2010/11/23 19:49:54.0046 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys

2010/11/23 19:49:54.0078 FilterService (bcef16e3aedd1b44bca45f748d975d73) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys

2010/11/23 19:49:54.0109 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys

2010/11/23 19:49:54.0125 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2010/11/23 19:49:54.0171 FltMgr (5a85cd3d07273e3f6fe72ee9c6431632) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

2010/11/23 19:49:54.0187 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2010/11/23 19:49:54.0203 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2010/11/23 19:49:54.0218 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

2010/11/23 19:49:54.0234 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2010/11/23 19:49:54.0265 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2010/11/23 19:49:54.0281 hidusb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2010/11/23 19:49:54.0343 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys

2010/11/23 19:49:54.0359 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

2010/11/23 19:49:54.0390 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys

2010/11/23 19:49:54.0453 HTTP (261bf53e1d1c21f04b4e748a6ed3d055) C:\WINDOWS\system32\Drivers\HTTP.sys

2010/11/23 19:49:54.0500 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2010/11/23 19:49:54.0531 Imapi (12c59b8929121ace2f55acc86682cf12) C:\WINDOWS\system32\DRIVERS\imapi.sys

2010/11/23 19:49:54.0687 IntcAzAudAddService (1a5b97b5bffde5742f4209f734c4faf0) C:\WINDOWS\system32\drivers\RtkHDAud.sys

2010/11/23 19:49:54.0718 intelppm (db8a1859cf9e48914dcc0a7206d87be5) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2010/11/23 19:49:54.0750 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

2010/11/23 19:49:54.0796 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2010/11/23 19:49:54.0812 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2010/11/23 19:49:54.0843 IpNat (472c75f85e631f8aa87d21c9fee6238d) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2010/11/23 19:49:54.0875 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2010/11/23 19:49:54.0906 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys

2010/11/23 19:49:54.0921 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2010/11/23 19:49:54.0937 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2010/11/23 19:49:54.0984 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2010/11/23 19:49:55.0031 kmixer (8531438246ce9474e41ee1599904c0c7) C:\WINDOWS\system32\drivers\kmixer.sys

2010/11/23 19:49:55.0046 KSecDD (1be7cc2535d760ae4d481576eb789f24) C:\WINDOWS\system32\drivers\KSecDD.sys

2010/11/23 19:49:55.0109 libusb0 (e2f1dcf4a68cc6cf694fbfba1842f4cd) C:\WINDOWS\system32\drivers\libusb0.sys

2010/11/23 19:49:55.0218 LVcKap (8113133ec42dd6c566908008ce913edd) C:\WINDOWS\system32\DRIVERS\LVcKap.sys

2010/11/23 19:49:55.0375 LVMVDrv (0dd5b8af4917a2821047450195c511b3) C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys

2010/11/23 19:49:55.0515 lvpopflt (e1158b0cb852db0573922c92e6e564de) C:\WINDOWS\system32\DRIVERS\lvpopflt.sys

2010/11/23 19:49:55.0625 LVPr2Mon (406b1d186f75b4b4832d6237859e1b00) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys

2010/11/23 19:49:55.0687 LVUSBSta (be5e104be263921d6842c555db6a5c23) C:\WINDOWS\system32\drivers\LVUSBSta.sys

2010/11/23 19:49:55.0812 LVUVC (eacd1eb2d82ed2adc753afeee1d4d660) C:\WINDOWS\system32\DRIVERS\lvuvc.sys

2010/11/23 19:49:55.0937 MBAMProtector (67b48a903430c6d4fb58cbaca1866601) C:\WINDOWS\system32\drivers\mbam.sys

2010/11/23 19:49:55.0968 MBAMSwissArmy (c7dd7d9739785bd3a6b8499eec1dee7e) C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2010/11/23 19:49:56.0015 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\WINDOWS\system32\DRIVERS\mcdbus.sys

2010/11/23 19:49:56.0031 MDFSYSNT (56c3da5cdefc09ec16bca9e8171c7361) C:\WINDOWS\system32\drivers\MDFSYSNT.sys

2010/11/23 19:49:56.0046 MDPMGRNT (7db0ae5dc37c5033df6b5d43250c2783) C:\WINDOWS\system32\drivers\MDPMGRNT.sys

2010/11/23 19:49:56.0093 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2010/11/23 19:49:56.0109 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys

2010/11/23 19:49:56.0140 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2010/11/23 19:49:56.0156 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2010/11/23 19:49:56.0203 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys

2010/11/23 19:49:56.0234 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2010/11/23 19:49:56.0281 MRxSmb (3500e756812e716351f2d341ae1d5623) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2010/11/23 19:49:56.0296 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys

2010/11/23 19:49:56.0343 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2010/11/23 19:49:56.0406 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2010/11/23 19:49:56.0437 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys

2010/11/23 19:49:56.0468 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2010/11/23 19:49:56.0500 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys

2010/11/23 19:49:56.0531 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys

2010/11/23 19:49:56.0578 Mup (79a9c030299e8cc04f18d0765155d902) C:\WINDOWS\system32\drivers\Mup.sys

2010/11/23 19:49:56.0609 mv614x (6eb1d27590d4bc040f105d2bf35a6c4f) C:\WINDOWS\system32\DRIVERS\mv614x.sys

2010/11/23 19:49:56.0640 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

2010/11/23 19:49:56.0687 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys

2010/11/23 19:49:56.0718 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

2010/11/23 19:49:56.0765 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2010/11/23 19:49:56.0781 Ndisuio (77d9bf86b912104c229d4f0d25be3c12) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2010/11/23 19:49:56.0796 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2010/11/23 19:49:56.0812 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys

2010/11/23 19:49:56.0828 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys

2010/11/23 19:49:56.0859 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys

2010/11/23 19:49:56.0890 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys

2010/11/23 19:49:56.0906 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys

2010/11/23 19:49:56.0921 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys

2010/11/23 19:49:56.0953 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2010/11/23 19:49:57.0125 nv (0ae3a22dbe88dc219f8c0fdd30239e4f) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2010/11/23 19:49:57.0296 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2010/11/23 19:49:57.0328 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2010/11/23 19:49:57.0359 ohci1394 (fc128c3d7d5ad30a13742dc3737b9df7) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

2010/11/23 19:49:57.0390 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys

2010/11/23 19:49:57.0421 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys

2010/11/23 19:49:57.0468 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2010/11/23 19:49:57.0500 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys

2010/11/23 19:49:57.0531 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2010/11/23 19:49:57.0546 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys

2010/11/23 19:49:57.0671 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2010/11/23 19:49:57.0687 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys

2010/11/23 19:49:57.0703 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2010/11/23 19:49:57.0718 PxHelp20 (d970470f8f39470bdae94d313a1ccdce) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2010/11/23 19:49:57.0750 QCDonner (fddd1aeb9f81ef1e6e48ae1edc2a97d6) C:\WINDOWS\system32\DRIVERS\OVCD.sys

2010/11/23 19:49:57.0843 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2010/11/23 19:49:57.0875 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2010/11/23 19:49:57.0890 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2010/11/23 19:49:57.0906 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2010/11/23 19:49:57.0937 Rdbss (b48441a6dc703ee4c36db14ee51a189c) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2010/11/23 19:49:57.0984 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2010/11/23 19:49:58.0015 RDPWD (047bea21274c8a4a233674a76c958c2c) C:\WINDOWS\system32\drivers\RDPWD.sys

2010/11/23 19:49:58.0062 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys

2010/11/23 19:49:58.0093 regi (001b4278407f4303efc902a2b16f2453) C:\WINDOWS\system32\drivers\regi.sys

2010/11/23 19:49:58.0125 sbp2port (643e22197dbadc96c2698a77212a2e8a) C:\WINDOWS\system32\DRIVERS\sbp2port.sys

2010/11/23 19:49:58.0187 SCDEmu (612a3d69e603dbbe5c3c1079186a0393) C:\WINDOWS\system32\drivers\SCDEmu.sys

2010/11/23 19:49:58.0234 Secdrv (07f7f501ad50de2ba2d5842d9b6d6155) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2010/11/23 19:49:58.0265 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys

2010/11/23 19:49:58.0281 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys

2010/11/23 19:49:58.0296 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys

2010/11/23 19:49:58.0343 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys

2010/11/23 19:49:58.0390 splitter (9bb1dd670cb7505a90fc4e61d4aa8227) C:\WINDOWS\system32\drivers\splitter.sys

2010/11/23 19:49:58.0437 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys

2010/11/23 19:49:58.0468 Srv (d4af9861c3b6a2163d26dc6b9cf05e2a) C:\WINDOWS\system32\DRIVERS\srv.sys

2010/11/23 19:49:58.0500 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys

2010/11/23 19:49:58.0546 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

2010/11/23 19:49:58.0562 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys

2010/11/23 19:49:58.0578 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys

2010/11/23 19:49:58.0640 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys

2010/11/23 19:49:58.0703 Tcpip (744e57c99232201ae98c49168b918f48) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2010/11/23 19:49:58.0734 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys

2010/11/23 19:49:58.0750 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys

2010/11/23 19:49:58.0781 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys

2010/11/23 19:49:58.0828 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys

2010/11/23 19:49:58.0875 Update (a4815a4884898f355a3513e60843a4fd) C:\WINDOWS\system32\DRIVERS\update.sys

2010/11/23 19:49:58.0921 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys

2010/11/23 19:49:58.0953 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys

2010/11/23 19:49:58.0968 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2010/11/23 19:49:59.0015 usbehci (a45ea1550ea4b368c4fba7ca9d056bc9) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2010/11/23 19:49:59.0031 usbhub (6d46b1f89134892a862ac56b00ac11fe) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2010/11/23 19:49:59.0062 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2010/11/23 19:49:59.0109 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2010/11/23 19:49:59.0156 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2010/11/23 19:49:59.0171 usbuhci (0ee1925590ba1abec14254d54d9870f4) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2010/11/23 19:49:59.0218 usbvideo (1c7bcd04dea750586db4c74da6dc337d) C:\WINDOWS\system32\Drivers\usbvideo.sys

2010/11/23 19:49:59.0265 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys

2010/11/23 19:49:59.0328 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys

2010/11/23 19:49:59.0343 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2010/11/23 19:49:59.0390 wdmaud (0bfa8203b8148fb4e54bc212c41ce497) C:\WINDOWS\system32\drivers\wdmaud.sys

2010/11/23 19:49:59.0437 WmBEnum (84a90f13eebf4380345ef9474d30f10e) C:\WINDOWS\system32\drivers\WmBEnum.sys

2010/11/23 19:49:59.0500 WmFilter (eb0034ac02a44dc784a3174d2b81e764) C:\WINDOWS\system32\drivers\WmFilter.sys

2010/11/23 19:49:59.0546 WmVirHid (72c4f5a748c74d8d4016ccfa7367210f) C:\WINDOWS\system32\drivers\WmVirHid.sys

2010/11/23 19:49:59.0578 WmXlCore (eacdcced934a185e61ce0684f71c2dec) C:\WINDOWS\system32\drivers\WmXlCore.sys

2010/11/23 19:49:59.0625 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

2010/11/23 19:49:59.0671 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2010/11/23 19:49:59.0687 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2010/11/23 19:49:59.0734 yukonwxp (e279c4e1287751dffa0a1f3ec4097491) C:\WINDOWS\system32\DRIVERS\yk51x86.sys

2010/11/23 19:50:00.0015 ================================================================================

2010/11/23 19:50:00.0015 Scan finished

2010/11/23 19:50:00.0015 ================================================================================

Link to post
Share on other sites

Vista users:

1. These tools MUST be run from the executable. (.exe)

2. With Admin Rights (Right click, choose "Run as Administrator") every time you run them

1) exeHelper

Please download exeHelper to your desktop.

Double-click on exeHelper.com to run the fix.

A black window should pop up, press any key to close once the fix is completed.

Post the contents of log.txt (Will be created in the directory where you ran exeHelper.com)

Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

Let me know if the .exe files work now.

Link to post
Share on other sites

The .exe files work now

Here is the log:

exeHelper by Raktor

Build 20100414

Run at 19:58:25 on 11/23/10

Now searching...

Checking for numerical processes...

Checking for sysguard processes...

Checking for bad processes...

Checking for bad files...

Checking for bad registry entries...

Resetting filetype association for .exe

Resetting filetype association for .com

Resetting userinit and shell values...

Resetting policies...

--Finished--

Link to post
Share on other sites

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  • Double click on ComboFix.exe & follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
    Note: If you have SP3, use the SP2 package.
    If Vista or Windows 7, skip the Recovery Console part
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

Haven't restarted computer yet. Some things I notice now:

1. Everything seems a bit snappier (might just be in my head)

2. System tray shows avast icon now and remove external devices icons ... didn't before

3. Firefox icon shows up correctly in application panel

4. I have Avast running actively now in addition to my purchased version of Malwarebytes

5. Can finally have Malwarebytes running with active protection, before the "Enable Protection Module" toggle didn't used to work

So far so good. I haven't seen the opening topic stuff showing up since my first post.

What now?

Thanks for all the help and quick response BTW. Very much appreciated.

ComboFix 10-11-23.01 - Administrator 11/23/2010 20:40:32.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3071.2492 [GMT -5:00]

Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe

AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Administrator\Local Settings\Application Data\opRSK

c:\windows\10252ha9k5ool44z.bin

c:\windows\10560nzt-a-viru930f5.cpl

c:\windows\10595spy5fz.dll

c:\windows\106695acktooz263.bin

c:\windows\10699t5oj6dcz.ocx

c:\windows\1089zt5oj1459.exe

c:\windows\10975s5a9bot50z.dll

c:\windows\1139irus5z8.bin

c:\windows\11527not-a5v9rus74z.cpl

c:\windows\11629no5-a-v9rus2c8z.bin

c:\windows\118135zrm9ed.dll

c:\windows\12225not-5-viru9251z.cpl

c:\windows\13489szambot753.cpl

c:\windows\13997hackzool6fa5.ocx

c:\windows\14381not-a-5iruz62b9.cpl

c:\windows\14720sp5zbot52b9.cpl

c:\windows\14c5addw5re298z.cpl

c:\windows\14dc9ownloadzr5185.exe

c:\windows\14z9vi5184.bin

c:\windows\15027worz692.ocx

c:\windows\15118vir9s5z5.cpl

c:\windows\15355spzmbot9d9.dll

c:\windows\153bspyw5r9z719.cpl

c:\windows\1551ha9ktoolz54.cpl

c:\windows\155z2hackt9ol54b.dll

c:\windows\1567zp5r9e377.dll

c:\windows\15785n9t-a-virus585z.bin

c:\windows\15886notz5-v9rus65.ocx

c:\windows\15920spamz5t598.exe

c:\windows\15971zirus96a.bin

c:\windows\15992szy64e.bin

c:\windows\15995w95z5c1.dll

c:\windows\1599addwarz99675.bin

c:\windows\16162n9t-a-viruz5e4.dll

c:\windows\164505orm6z9.cpl

c:\windows\16528sp91cz.bin

c:\windows\16593virusze5.dll

c:\windows\16717t9oj3az5.ocx

c:\windows\16a9stza52196.bin

c:\windows\16e8stz9l1553.cpl

c:\windows\16z009orm3ef5.exe

c:\windows\16z05i91410.ocx

c:\windows\17095par9ez329.cpl

c:\windows\17253s9ambotz75.dll

c:\windows\1733ha9ktozl52d.cpl

c:\windows\1796doznloader7659.dll

c:\windows\17e6downl59derz26.cpl

c:\windows\18075vz9us572.dll

c:\windows\1809z9pam5ot3c5.bin

c:\windows\1840ba9kdoor2455z.ocx

c:\windows\1858trojz9e.cpl

c:\windows\18863spa5bot4cz9.exe

c:\windows\18zb5pyware2079.exe

c:\windows\19133hacztool615.bin

c:\windows\191895ro9z62.ocx

c:\windows\19531not-a9virus3b5z.cpl

c:\windows\19531not-a9zir5s36c.exe

c:\windows\1956zvirus516.bin

c:\windows\19655nzt9a-virus7f5.cpl

c:\windows\1995zspy77c.ocx

c:\windows\1a6bt5ze9899.ocx

c:\windows\1ad2zackdo9r5950.exe

c:\windows\1ce8sp95sz2808.cpl

c:\windows\1cf8spyware502z9.dll

c:\windows\1e46bzckdo9r15225.dll

c:\windows\1z323vir5s6029.bin

c:\windows\1z5vir1959.dll

c:\windows\1z939not-a-virus4965.exe

c:\windows\20141hazkt9o567e.dll

c:\windows\205859py64z.bin

c:\windows\205espywar9z915.exe

c:\windows\212195pyz13.cpl

c:\windows\2129a5dware1598z.ocx

c:\windows\21476hackt9olz335.bin

c:\windows\21533vi9zs1b6.dll

c:\windows\22298spzmbo5619.bin

c:\windows\22835hack9oolz55.exe

c:\windows\22901zp55c69.dll

c:\windows\229095amzot49.bin

c:\windows\22afbac9doo52z55.exe

c:\windows\23136spam5oz1c19.dll

c:\windows\231845ot-a-v9ruz7d7.cpl

c:\windows\2376zh59ktool45d.bin

c:\windows\2382z9r5j129.ocx

c:\windows\24055n9t-a-5irzs6fc.cpl

c:\windows\24276w9r5zf4.cpl

c:\windows\24891s5azbot5dc9.bin

c:\windows\250zvi95544.bin

c:\windows\2551thz9at29689.dll

c:\windows\25679z9y48b.ocx

c:\windows\25695hacktoolzd0.exe

c:\windows\2576395rm2z7.cpl

c:\windows\258zste95233.cpl

c:\windows\259955irusz2.dll

c:\windows\25de9ackdoor3z3.cpl

c:\windows\2619sp5z92.dll

c:\windows\26259s5ambot33fz.bin

c:\windows\263995izus599.exe

c:\windows\26654spy921z.exe

c:\windows\266dzwnlo9d5r559.bin

c:\windows\266eadzware5935.dll

c:\windows\26898spyz95.bin

c:\windows\26935pamboz556.cpl

c:\windows\26z50spa5bot39d.bin

c:\windows\26z5vir989.exe

c:\windows\2729tr5j1z4.exe

c:\windows\2851szy2e59.exe

c:\windows\29413vzrus695.ocx

c:\windows\29756zackt5ol4a5.ocx

c:\windows\297z8spambot15b.bin

c:\windows\29895viru5911z.bin

c:\windows\29c2do5nl9aderz007.ocx

c:\windows\29e8dowz5oade91807.bin

c:\windows\29z6vi5777.exe

c:\windows\2c8t59ef99z.exe

c:\windows\2d19dzwnlo5der911.cpl

c:\windows\2d5cst9al40z5.exe

c:\windows\2e0bzh5ef1589.exe

c:\windows\2f59dowzl5ader1407.cpl

c:\windows\2z495worm19c.cpl

c:\windows\2z559not-a-virus729.exe

c:\windows\2z758troj69.ocx

c:\windows\2z937s5a9bot75.ocx

c:\windows\2z973virus3095.exe

c:\windows\30004wor9z15.dll

c:\windows\30395pyware299z.bin

c:\windows\3071z5py970.dll

c:\windows\30776hacz5oo95fd.dll

c:\windows\31145virusz479.bin

c:\windows\31173wor595z.exe

c:\windows\314075irus4z19.cpl

c:\windows\31927troz453.ocx

c:\windows\32354ha5k9ozl654.dll

c:\windows\32961tzoj49d5.cpl

c:\windows\3465sp9729z.dll

c:\windows\3553szeal1499.dll

c:\windows\3554z5ief2392.bin

c:\windows\35bzs5arse1935.dll

c:\windows\37a8zackdoor529.ocx

c:\windows\38dfa9dwzre2556.ocx

c:\windows\3986zirus11e5.exe

c:\windows\39ft5izf2330.bin

c:\windows\3a7cspaz591242.ocx

c:\windows\3d5zad9ware1343.ocx

c:\windows\3fd9vir955z.exe

c:\windows\3z7vi93035.exe

c:\windows\3z89th9e5t26331.ocx

c:\windows\4034not-a-59rus4zd.ocx

c:\windows\40z55hreat15977.cpl

c:\windows\410athz9at11805.cpl

c:\windows\4135v9z1787.cpl

c:\windows\4214vz5us1709.bin

c:\windows\42a7baz5door3923.exe

c:\windows\4350virz5519.cpl

c:\windows\4416ha95tzol5c.dll

c:\windows\4435zpambot409.bin

c:\windows\452esparse2399z.bin

c:\windows\4559th9eat514z.cpl

c:\windows\455zthreat95508.bin

c:\windows\458dad9ware3110z.cpl

c:\windows\45z8vir1039.cpl

c:\windows\4697thr5az19619.cpl

c:\windows\4792addwar5321z.dll

c:\windows\47b0down59aderz614.ocx

c:\windows\4800nzt-a-v59us5f9.bin

c:\windows\49529zwnloade52881.bin

c:\windows\4b7sparze98945.dll

c:\windows\4bdbsp5r9z673.bin

c:\windows\4c19thi5fz416.ocx

c:\windows\4d0cdoznloa5er6249.ocx

c:\windows\4d50b9zkdoor405.ocx

c:\windows\4db4backdozr594.bin

c:\windows\4eaesteal955z.exe

c:\windows\4f16th5eaz16359.dll

c:\windows\4f49downzoa5er2178.bin

c:\windows\4f76t9i5fz230.exe

c:\windows\4fa0ba9kd5oz775.cpl

c:\windows\4z5spyware1849.cpl

c:\windows\5017z9roj7a6.dll

c:\windows\503zvir5s7339.bin

c:\windows\50636hackzo9l645.bin

c:\windows\5085downlzade9228.exe

c:\windows\50cba9dwarez635.bin

c:\windows\5131addwa9e2570z.bin

c:\windows\5178szambo9727.cpl

c:\windows\5182s9az5ot452.bin

c:\windows\5186v9z13625.dll

c:\windows\5187zp59are2515.bin

c:\windows\51hackt9olez.ocx

c:\windows\52402zot-9-virus39e.ocx

c:\windows\52491worz238.cpl

c:\windows\52fzdow5load9r1104.ocx

c:\windows\5349steal3z9.bin

c:\windows\5382spy95rez534.dll

c:\windows\53917hackzool6d8.dll

c:\windows\54ccspyzare1911.dll

c:\windows\54d9spyware1z48.exe

c:\windows\55046spambotc9z.cpl

c:\windows\5509wzrm554.ocx

c:\windows\5520stz9l933.bin

c:\windows\5544thiefz729.exe

c:\windows\55490worm73z.dll

c:\windows\558ztroj9955.exe

c:\windows\5605szambot599.dll

c:\windows\570879py134z.exe

c:\windows\57774vizus970.ocx

c:\windows\5870h5cktoz92.cpl

c:\windows\58eeadzware5906.ocx

c:\windows\5930vir190z.cpl

c:\windows\59579tzoj4f5.ocx

c:\windows\5982zhreat5425.bin

c:\windows\59896wozm62.ocx

c:\windows\59939tzoj1259.bin

c:\windows\5994virz335.dll

c:\windows\59d09hreat11655z.bin

c:\windows\59eathizf3509.cpl

c:\windows\5a15steaz393.exe

c:\windows\5ad559ckdzor1326.exe

c:\windows\5c1d5o9nloazer3253.bin

c:\windows\5e53dow5lzader1449.exe

c:\windows\5f9cdownloa5zr3935.ocx

c:\windows\5z48sparse2981.cpl

c:\windows\5z6athief16949.exe

c:\windows\5z84wor92b1.exe

c:\windows\62329izus55c.bin

c:\windows\634zspy59re177.dll

c:\windows\63919dzware28935.bin

c:\windows\650zs9yware2786.bin

c:\windows\66199hief5053z.exe

c:\windows\6694backd5zr579.bin

c:\windows\6695spar9e2990z.dll

c:\windows\6737s9ywzr5666.dll

c:\windows\68205rojz59.cpl

c:\windows\68z2no9-a5virus63c.cpl

c:\windows\695ethreaz69649.cpl

c:\windows\69sparz92058.exe

c:\windows\6b5ed5wnlzader3956.dll

c:\windows\6de79tealz158.dll

c:\windows\6e765ownloade92z86.cpl

c:\windows\6f60dzwnlo5der1869.bin

c:\windows\701ethr95tz5106.bin

c:\windows\713zb5c9door3042.dll

c:\windows\7149b5ckzoor3116.ocx

c:\windows\7153szeal1349.ocx

c:\windows\7496th5zf1055.bin

c:\windows\74z4v95558.dll

c:\windows\7596szy53d9.dll

c:\windows\7599spyzare1395.bin

c:\windows\759ft9reat248z7.exe

c:\windows\75cbsparse190z5.bin

c:\windows\7667thz95t11371.exe

c:\windows\7759addwa9e12z0.dll

c:\windows\783ad5wzloade92637.exe

c:\windows\783z9hief5628.exe

c:\windows\7861h5ckto9l5z7.dll

c:\windows\78z5steal5229.exe

c:\windows\792bth9eat3z581.dll

c:\windows\7980stea51399z.exe

c:\windows\7997ste5z1925.cpl

c:\windows\79d9backdoorz05.dll

c:\windows\79z0spyware25955.ocx

c:\windows\7b4f9z5ef2224.bin

c:\windows\7c23t59ef162z.cpl

c:\windows\7cb3th5z9697.exe

c:\windows\7e0athreaz19504.exe

c:\windows\7z45virus9c75.cpl

c:\windows\7z96downlo9der2752.cpl

c:\windows\814not-a-5ir9s68z.bin

c:\windows\8411spam5ztc9.bin

c:\windows\85679zoj469.bin

c:\windows\85915ot-a-viru9z6f.cpl

c:\windows\8599s592zb.cpl

c:\windows\85z5w9rm4c9.dll

c:\windows\864359cktoolz8.dll

c:\windows\8a8zt9al21665.exe

c:\windows\904athr5at18z87.bin

c:\windows\90515orz56e.ocx

c:\windows\905sparsez95.cpl

c:\windows\91115notza-virus98.dll

c:\windows\91132not-z-5irus594.exe

c:\windows\913a9zware556.ocx

c:\windows\91911zorm5ef.bin

c:\windows\9193down5oadzr2938.bin

c:\windows\9196wozm265.dll

c:\windows\925515pz2e5.ocx

c:\windows\9315wz5m3a9.cpl

c:\windows\9324spyz5c.dll

c:\windows\93865rzj48e.cpl

c:\windows\94bdown5oader928z.exe

c:\windows\94z35worm1975.ocx

c:\windows\954zviru9285.dll

c:\windows\95522troz45d5.cpl

c:\windows\9554virzs48f.dll

c:\windows\955eth5zat23999.ocx

c:\windows\9572vir1989z.exe

c:\windows\9589spambot5zc.bin

c:\windows\95ccvir189z.cpl

c:\windows\95ezsparse790.exe

c:\windows\95z9thief395.bin

c:\windows\96744spy5z2.exe

c:\windows\96757sp5mbot11z.bin

c:\windows\9745s9y3zf5.exe

c:\windows\9757spam9ot75az.ocx

c:\windows\979virus35az.cpl

c:\windows\98670zpy554.dll

c:\windows\9885zpyware2320.dll

c:\windows\98d4addwa5z173.ocx

c:\windows\9925hief2975z.exe

c:\windows\9ab3steal252z.ocx

c:\windows\9b7cthzef5491.bin

c:\windows\9c26downlza5er3276.ocx

c:\windows\9e45sparsez859.dll

c:\windows\9z024hackto5l4c.ocx

c:\windows\9z42troj257.exe

c:\windows\9zb85hief99.exe

c:\windows\a46vir592z.exe

c:\windows\b6sp9w5rz1080.cpl

c:\windows\c59h5eat971z.bin

c:\windows\c9spywz5e2735.bin

c:\windows\cbesp9rse53z7.bin

c:\windows\e7ab5ckdozr9657.ocx

c:\windows\f639teaz855.bin

c:\windows\system32\10316hack5ool1z9.exe

c:\windows\system32\10541sp5mbot429z.dll

c:\windows\system32\106219ot-a-5irzs4fc.dll

c:\windows\system32\10629s596z4.exe

c:\windows\system32\1074t9r5at18z86.bin

c:\windows\system32\10957troj6z4.ocx

c:\windows\system32\112z1s5amb9t2ab.exe

c:\windows\system32\11425vir9s3za5.bin

c:\windows\system32\116449o5m513z.dll

c:\windows\system32\117115irzs92a.cpl

c:\windows\system32\11899v5rzs60b.dll

c:\windows\system32\124165irzs92e.exe

c:\windows\system32\12569szy44f.exe

c:\windows\system32\12936hacktozl65a.cpl

c:\windows\system32\1352noz-a-v9rus28a.bin

c:\windows\system32\13582s5amzot9a.cpl

c:\windows\system32\14125notza-virus291.cpl

c:\windows\system32\14425not-a-virus5zf9.exe

c:\windows\system32\14529hreatz8903.bin

c:\windows\system32\1469sp9warz3520.dll

c:\windows\system32\1506595z143.dll

c:\windows\system32\1509zvirus3a9.cpl

c:\windows\system32\15180zac9tool25a.bin

c:\windows\system32\15266s9ambot385z.ocx

c:\windows\system32\15428spamz9t6ee.dll

c:\windows\system32\1545ztroj5429.cpl

c:\windows\system32\1551s9ywzre370.dll

c:\windows\system32\15527s9yz145.dll

c:\windows\system32\1553threzt939.ocx

c:\windows\system32\15560spambot97z.cpl

c:\windows\system32\1570zownloa9er1465.cpl

c:\windows\system32\1587thief3194z.ocx

c:\windows\system32\158z7virus1579.exe

c:\windows\system32\159zpam9ot1f8.ocx

c:\windows\system32\15cdad9zare767.cpl

c:\windows\system32\16564s9z1be.bin

c:\windows\system32\17196hac5toolz54.ocx

c:\windows\system32\174dstezl5901.exe

c:\windows\system32\175055iru9z11.ocx

c:\windows\system32\17659trojb2z.cpl

c:\windows\system32\17691not-a-zirus5d69.ocx

c:\windows\system32\17921spy65fz.cpl

c:\windows\system32\17z175acktool4d09.cpl

c:\windows\system32\17z59hackt9ol797.exe

c:\windows\system32\1809spam95tz41.bin

c:\windows\system32\182z0s5y29e.dll

c:\windows\system32\18599troj995z.ocx

c:\windows\system32\18698spzmbo548b.ocx

c:\windows\system32\18e19pyware25z7.ocx

c:\windows\system32\190z2hackto5l493.exe

c:\windows\system32\19291not5a-viruz7ae.dll

c:\windows\system32\1943ste5lz5039.ocx

c:\windows\system32\195139pybz5.ocx

c:\windows\system32\1951worm450z.dll

c:\windows\system32\19555szyc35.exe

c:\windows\system32\195z9irus86.bin

c:\windows\system32\19746wo5me5z.cpl

c:\windows\system32\197b5ir45z.dll

c:\windows\system32\19892h5ckzool135.exe

c:\windows\system32\19958spy490z.dll

c:\windows\system32\19f3downloa5ez19169.bin

c:\windows\system32\1b25azd9are950.bin

c:\windows\system32\1da5vir99z.ocx

c:\windows\system32\1db1ba9zdo5r1370.ocx

c:\windows\system32\1dffsp9warez587.ocx

c:\windows\system32\1e565ddware9825z.dll

c:\windows\system32\1ec3zpars919315.bin

c:\windows\system32\1z099troj6215.dll

c:\windows\system32\1z1asparse7529.ocx

c:\windows\system32\1z61495ambotbb.exe

c:\windows\system32\1z6daddw9re1059.bin

c:\windows\system32\20330nzt-a-vi95s50c.cpl

c:\windows\system32\20562za5ktoo959c.cpl

c:\windows\system32\2116zs597c8.exe

c:\windows\system32\21285szam95t253.cpl

c:\windows\system32\21338not-azv95us569.dll

c:\windows\system32\22955not-z-virus789.bin

c:\windows\system32\22z91hackt9ol795.cpl

c:\windows\system32\23050viru979z.ocx

c:\windows\system32\2349spa5b9tzd8.ocx

c:\windows\system32\23887vizus92a5.dll

c:\windows\system32\2448s5y19z.cpl

c:\windows\system32\24599zirus6295.ocx

c:\windows\system32\24815sp9mbot2cz.bin

c:\windows\system32\24946no5-a-vizus33.ocx

c:\windows\system32\2509ztroj4a9.ocx

c:\windows\system32\25154s9z3f1.bin

c:\windows\system32\25295viz5s427.exe

c:\windows\system32\25587spambot3z9.ocx

c:\windows\system32\25775zacktool6689.bin

c:\windows\system32\25e7z9ie51794.exe

c:\windows\system32\25z52troj4b39.dll

c:\windows\system32\26646tzo5d9.cpl

c:\windows\system32\26667v9zu53cc.cpl

c:\windows\system32\26973not-a-vir5s678z.cpl

c:\windows\system32\27609not-a-5irus2bfz.dll

c:\windows\system32\28066spazbot59.dll

c:\windows\system32\281225py59z.exe

c:\windows\system32\28259zirus5c.exe

c:\windows\system32\285149roj5zb.bin

c:\windows\system32\28589wz5m252.cpl

c:\windows\system32\2862sp5mbzt269.cpl

c:\windows\system32\286z59irus2465.bin

c:\windows\system32\29339par5e2z30.exe

c:\windows\system32\29409zp9mb5t230.exe

c:\windows\system32\29575spy55z.bin

c:\windows\system32\2957zownloader1057.cpl

c:\windows\system32\29738virus25z.exe

c:\windows\system32\29767zi9us95.exe

c:\windows\system32\2985steal62z.ocx

c:\windows\system32\2997thzef865.dll

c:\windows\system32\29d4zddwar52719.ocx

c:\windows\system32\29zbback5oor220.exe

c:\windows\system32\2aa5ba5kdoor29z9.ocx

c:\windows\system32\2d02s59warz465.cpl

c:\windows\system32\2d9czhief5922.ocx

c:\windows\system32\2e79downloaz5r1291.dll

c:\windows\system32\2z2fsp5w9re240.exe

c:\windows\system32\2z55w9rm362.ocx

c:\windows\system32\30018sp5zbo9fb.exe

c:\windows\system32\30359not-a-viruz68d.ocx

c:\windows\system32\30z9spyware22555.dll

c:\windows\system32\31032t5oj5z99.exe

c:\windows\system32\313zthr95t4731.dll

c:\windows\system32\3159not-a-vz9us399.cpl

c:\windows\system32\31951szy640.exe

c:\windows\system32\32158hacktoo975z.exe

c:\windows\system32\32359not-a9virusz25.cpl

c:\windows\system32\32559vz9us346.cpl

c:\windows\system32\32f9virz835.bin

c:\windows\system32\3445viz29485.ocx

c:\windows\system32\34b9ownload5r1378z.cpl

c:\windows\system32\3505zi5999.ocx

c:\windows\system32\35933not-z-virus4f3.exe

c:\windows\system32\36259orm5d9z.ocx

c:\windows\system32\385dthrza9625.ocx

c:\windows\system32\3931thiez5915.bin

c:\windows\system32\394zspyware758.bin

c:\windows\system32\3956zhief2539.dll

c:\windows\system32\39596zroj5a8.dll

c:\windows\system32\395downloa9er367z.ocx

c:\windows\system32\39972nzt-a-vir5s499.cpl

c:\windows\system32\3a339hreaz13653.dll

c:\windows\system32\3b36ste9lz58.bin

c:\windows\system32\3bf7dow59zader2502.exe

c:\windows\system32\3c93s9arse5232z.exe

c:\windows\system32\3d57threatz3209.exe

c:\windows\system32\3d95addwaze724.ocx

c:\windows\system32\3e25baz9door401.dll

c:\windows\system32\3e2zs95ware95.bin

c:\windows\system32\3e99s5arsez239.bin

c:\windows\system32\3z599ir2295.cpl

c:\windows\system32\3zed9ir5735.bin

c:\windows\system32\42ddszyw9r52492.ocx

c:\windows\system32\42e6s5yza9e3110.cpl

c:\windows\system32\4304no5-a-virusz339.cpl

c:\windows\system32\4349sp5warz557.cpl

c:\windows\system32\4396spyze59.bin

c:\windows\system32\43f0ba5kzoor2985.exe

c:\windows\system32\4420zdd5ar91888.dll

c:\windows\system32\4481zpywar5981.exe

c:\windows\system32\4522thie9282z.exe

c:\windows\system32\45d0backdozr25569.exe

c:\windows\system32\45dbac9dozr3178.ocx

c:\windows\system32\45e8sza9se478.ocx

c:\windows\system32\45ebback5oor297z.bin

c:\windows\system32\461tz9eat415.ocx

c:\windows\system32\4660zp9mbot353.dll

c:\windows\system32\46c5a9dza5e2998.bin

c:\windows\system32\4731nzt-a-v5rus469.ocx

c:\windows\system32\4796h9cktooz195.cpl

c:\windows\system32\4896s9ywzre1385.bin

c:\windows\system32\4915sparse1880z.bin

c:\windows\system32\49795otz9-virus55a.ocx

c:\windows\system32\499zba5kdoor2500.bin

c:\windows\system32\499zn5t-a-virus245.exe

c:\windows\system32\4abcspa5z92857.exe

c:\windows\system32\4b50t9reaz9002.cpl

c:\windows\system32\4b5a9irz36.ocx

c:\windows\system32\4bc9zpa5se1179.cpl

c:\windows\system32\4c5z9hief1745.ocx

c:\windows\system32\4cf8zpywa95513.bin

c:\windows\system32\4d0zb5ckdoor10149.dll

c:\windows\system32\4e62backdo5r1966z.dll

c:\windows\system32\4f0fsparz925885.bin

c:\windows\system32\4fe3szarse28579.exe

c:\windows\system32\5030downzoader19559.exe

c:\windows\system32\5098v95181z.cpl

c:\windows\system32\50aead9zar52729.ocx

c:\windows\system32\50ddd9wnloadzr444.exe

c:\windows\system32\50e59ddwaze26465.bin

c:\windows\system32\523fdownl95der1z98.bin

c:\windows\system32\5247hacktzol965.dll

c:\windows\system32\52a2down9oa5er1z1.bin

c:\windows\system32\53239worz5e6.dll

c:\windows\system32\5395thief394z.exe

c:\windows\system32\53b9thie9226z.bin

c:\windows\system32\53esparsez295.exe

c:\windows\system32\54484virzs59f.exe

c:\windows\system32\5468spars918z8.cpl

c:\windows\system32\54zds5a9se2231.cpl

c:\windows\system32\550dst5az9349.bin

c:\windows\system32\5565sp9w5re3186z.dll

c:\windows\system32\5579backdooz951.dll

c:\windows\system32\559steal999z.ocx

c:\windows\system32\55d1thzef925.ocx

c:\windows\system32\55z9addware553.bin

c:\windows\system32\561stza9475.cpl

c:\windows\system32\5649addzare386.dll

c:\windows\system32\56901troj5z6.exe

c:\windows\system32\573atzr9at21729.exe

c:\windows\system32\5758ba9zdoor1308.dll

c:\windows\system32\5822zownloade59904.cpl

c:\windows\system32\585ztr9j4a3.exe

c:\windows\system32\5898sz5ware9148.cpl

c:\windows\system32\59045pyware3z89.ocx

c:\windows\system32\5916vi9us2z5.cpl

c:\windows\system32\5941spa9sz1103.cpl

c:\windows\system32\5955steal929z.exe

c:\windows\system32\5980s9yware3061z.cpl

c:\windows\system32\598vzr496.bin

c:\windows\system32\5997th5zf2195.ocx

c:\windows\system32\599bvi95z45.cpl

c:\windows\system32\59z5vir24955.dll

c:\windows\system32\5a63zddwa5e3129.ocx

c:\windows\system32\5aaethrzat2697.dll

c:\windows\system32\5ad45i9198z.cpl

c:\windows\system32\5b35thre9tz820.ocx

c:\windows\system32\5bd3thief9z475.dll

c:\windows\system32\5c5bv9rz440.dll

c:\windows\system32\5cd0threa519903z.bin

c:\windows\system32\5ce4sparse1z999.ocx

c:\windows\system32\5czbvir25975.cpl

c:\windows\system32\5d98vir1891z.ocx

c:\windows\system32\5dc7s5z9are693.cpl

c:\windows\system32\5df1bazkdo592017.ocx

c:\windows\system32\5ec5stzal29009.exe

c:\windows\system32\5ec5t9iez2871.exe

c:\windows\system32\5f009zreat32394.ocx

c:\windows\system32\5fz9t5reat25009.exe

c:\windows\system32\5z265tea91378.ocx

c:\windows\system32\5z3b9ackdo5r2478.exe

c:\windows\system32\5z5estea9308.exe

c:\windows\system32\5z7vi9802.exe

c:\windows\system32\6057sp9rsz2195.exe

c:\windows\system32\60faadd9arez454.bin

c:\windows\system32\61b9sparsz559.cpl

c:\windows\system32\6212tro5950z.dll

c:\windows\system32\62fz5hief9689.ocx

c:\windows\system32\63d9thiez30795.bin

c:\windows\system32\63ddt9ief258z.exe

c:\windows\system32\649z5hreat28766.bin

c:\windows\system32\64dcst9zl1215.ocx

c:\windows\system32\6517vz53009.bin

c:\windows\system32\652z59r1774.dll

c:\windows\system32\6549threatz65705.bin

c:\windows\system32\6590d5wnlzader593.bin

c:\windows\system32\659cspywzre963.ocx

c:\windows\system32\65c4bzckd9or1736.ocx

c:\windows\system32\65e45tezl390.ocx

c:\windows\system32\65ecthiez3599.dll

c:\windows\system32\670spam5zt39a.dll

c:\windows\system32\68c2doznlo9de5881.exe

c:\windows\system32\6919threa52z429.exe

c:\windows\system32\69czthre5t262689.dll

c:\windows\system32\6b5cs5yware1295z.dll

c:\windows\system32\6z55s9y532.exe

c:\windows\system32\6z8at5reat92901.dll

c:\windows\system32\6ze1spyware39665.ocx

c:\windows\system32\709czparse2595.cpl

c:\windows\system32\70viru538z9.ocx

c:\windows\system32\7192s5arse18z9.cpl

c:\windows\system32\719zspy5955.exe

c:\windows\system32\71z8d59nloader1307.exe

c:\windows\system32\725bbac9d5zr2770.exe

c:\windows\system32\72d75zr9at10505.dll

c:\windows\system32\73f4dow9loaze52911.exe

c:\windows\system32\7567spyware9z07.ocx

c:\windows\system32\75bebackdoor979z.dll

c:\windows\system32\75f7spywzr92569.bin

c:\windows\system32\7715sp973cz.cpl

c:\windows\system32\793aspzrs53094.cpl

c:\windows\system32\7957troj59z5.cpl

c:\windows\system32\7961zack5ool9a.ocx

c:\windows\system32\7a759parse5z04.ocx

c:\windows\system32\7acedo5nl9zder144.bin

c:\windows\system32\7aza5ack9oor1840.bin

c:\windows\system32\7bzf9ir855.dll

c:\windows\system32\7d7ev9rz8685.dll

c:\windows\system32\7d8athief29z59.cpl

c:\windows\system32\7zbbs5arse9939.dll

c:\windows\system32\8158v9rus5zf.bin

c:\windows\system32\8159hacktooz9b.exe

c:\windows\system32\8248w95m5zf.dll

c:\windows\system32\8308hzc59ool5c1.ocx

c:\windows\system32\8814haczto9l415.dll

c:\windows\system32\8824virus5z9.ocx

c:\windows\system32\8926hack5ozl23b.bin

c:\windows\system32\8988ha5k9oolz38.ocx

c:\windows\system32\8z26w9rm39d5.dll

c:\windows\system32\90275zpy548.cpl

c:\windows\system32\903est5al247z.exe

c:\windows\system32\907cstezl675.dll

c:\windows\system32\90884spy539z.cpl

c:\windows\system32\908s5eal159z.cpl

c:\windows\system32\90973szambot757.cpl

c:\windows\system32\9219zack5ool18a9.dll

c:\windows\system32\92906not-z-virus57d.dll

c:\windows\system32\92ezvi579.bin

c:\windows\system32\9327s5zware2083.ocx

c:\windows\system32\93511v5ruszbf.dll

c:\windows\system32\9358wz5m2ea.ocx

c:\windows\system32\93f7stea52z25.cpl

c:\windows\system32\94daddwa5e1914z.dll

c:\windows\system32\94trzj950.dll

c:\windows\system32\950dtzreat3774.dll

c:\windows\system32\95296troj68z.dll

c:\windows\system32\9535vizus5295.cpl

c:\windows\system32\9539sparse50z5.cpl

c:\windows\system32\954z4spy1a9.dll

c:\windows\system32\9573t9zj5cb.exe

c:\windows\system32\9577ztroj53c.exe

c:\windows\system32\957dthizf1932.ocx

c:\windows\system32\9595vzru527d.ocx

c:\windows\system32\9945spz5889.bin

c:\windows\system32\9996s5yware9z4.exe

c:\windows\system32\99z0viru5269.exe

c:\windows\system32\9c09thizf2759.ocx

c:\windows\system32\9cf25parse2z64.ocx

c:\windows\system32\9d44baz5door2916.dll

c:\windows\system32\9da7spzrse2595.bin

c:\windows\system32\9edszyw5re1608.dll

c:\windows\system32\9z7fthief5609.bin

c:\windows\system32\a35backdozr1945.cpl

c:\windows\system32\b01st5al3z129.exe

c:\windows\system32\c1ft5rzat169559.dll

c:\windows\system32\d2fspa9ze5435.dll

c:\windows\system32\hal.bak2

c:\windows\system32\z0295ackdoor561.ocx

c:\windows\system32\z0979ot-a-v5rus63c.bin

c:\windows\system32\z179spywa9e5758.exe

c:\windows\system32\z1949virus43e5.dll

c:\windows\system32\z199not-a-vir5s729.dll

c:\windows\system32\z1advir1915.dll

c:\windows\system32\z1e2vi52669.cpl

c:\windows\system32\z1edback9oor1795.bin

c:\windows\system32\z2475sp9mbot596.bin

c:\windows\system32\z509worm523.bin

c:\windows\system32\z53steal9603.cpl

c:\windows\system32\z5f8vi92294.cpl

c:\windows\system32\z6505s5ambot899.exe

c:\windows\system32\z6512hackto9l4ba.bin

c:\windows\system32\z66859py45.cpl

c:\windows\system32\z7760spamb5t9a0.bin

c:\windows\system32\z873thre5t9934.exe

c:\windows\system32\z901not-a-virus4035.exe

c:\windows\system32\z9356worm2c15.bin

c:\windows\system32\z938dow95oader2173.dll

c:\windows\system32\zbb8th5eat19237.cpl

c:\windows\system32\zc995hreat96347.bin

c:\windows\system32\zd8estea53958.dll

c:\windows\system32\zdf6th9eat28650.cpl

c:\windows\system32\ze6th9ef5905.ocx

c:\windows\system32\zffast5al2929.exe

c:\windows\z00bspars9504.bin

c:\windows\z155spy4b9.exe

c:\windows\z27259ot-a-virus32.cpl

c:\windows\z35cdownlo5de92636.ocx

c:\windows\z436t95j19d.dll

c:\windows\z522h9cktool261.dll

c:\windows\z5404sp5mb9t719.exe

c:\windows\z54505pamb9t5b7.ocx

c:\windows\z6596virus5bd9.dll

c:\windows\z7958spambot58e.cpl

c:\windows\z88475pambot972.cpl

c:\windows\z9129spamb5t51.cpl

c:\windows\z995thief278.exe

c:\windows\zb56down5oader9539.ocx

c:\windows\zdd5thi5f22479.cpl

.

((((((((((((((((((((((((( Files Created from 2010-10-24 to 2010-11-24 )))))))))))))))))))))))))))))))

.

2010-11-18 01:58 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-11-18 01:58 . 2010-11-20 02:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-11-18 01:58 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-11-06 14:50 . 2010-10-27 06:10 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe

2010-11-06 14:50 . 2010-10-27 06:10 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-07 15:12 . 2010-07-02 17:22 38848 ----a-w- c:\windows\avastSS.scr

2010-09-07 15:11 . 2009-04-24 07:50 167592 ----a-w- c:\windows\system32\aswBoot.exe

2010-09-07 14:52 . 2009-04-24 07:50 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2010-09-07 14:52 . 2009-04-24 08:23 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys

2010-09-07 14:47 . 2009-04-24 07:50 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2010-09-07 14:47 . 2009-04-24 07:50 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2010-09-07 14:47 . 2009-04-24 07:50 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys

2010-09-07 14:47 . 2009-04-24 08:23 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2010-09-07 14:46 . 2009-04-24 07:50 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll

2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]

@="{C5994560-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]

2010-01-19 00:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]

@="{C5994561-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]

2010-01-19 00:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]

@="{C5994562-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]

2010-01-19 00:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]

@="{C5994563-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]

2010-01-19 00:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]

@="{C5994564-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]

2010-01-19 00:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]

@="{C5994565-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]

2010-01-19 00:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]

@="{C5994566-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]

2010-01-19 00:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]

@="{C5994567-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]

2010-01-19 00:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]

@="{C5994568-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]

2010-01-19 00:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-05-18 2363392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912]

"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2009-10-18 1070984]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-12 149280]

"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2009-09-17 153608]

"RTHDCPL"="RTHDCPL.EXE" [2005-11-25 15473664]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]

"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2007-08-07 200704]

"nwiz"="nwiz.exe" [2009-02-18 1657376]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-18 86016]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-18 13680640]

"MacDrive application"="c:\program files\Mediafour\MacDrive 7\MacDrive.exe" [2008-09-23 201304]

"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 2178832]

"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984]

"Launch Ai Booster"="c:\program files\ASUS\Ai Booster\OverClk.exe" [2005-09-16 3634688]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"Getting started with MacDrive"="c:\program files\Mediafour\MacDrive 7\MDGetStarted.exe" [2008-09-02 141312]

"AS00_WN311B"="c:\program files\NETGEAR\WN311B\Utility\WN311B.exe" [2007-06-15 1323008]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-07-13 47904]

"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2009-10-22 611712]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-10-03 38768]

"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-10-03 640376]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"ShowDeskFix"="shell32" [X]

"IE7-11"="advpack.dll" [2010-05-04 124928]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\

MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2010-5-2 576000]

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hotfix-KB5504305

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WiniShield

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\AIM6\\aim6.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=

"c:\\Program Files\\Adobe\\Adobe Flash CS3\\Flash.exe"=

"c:\\Program Files\\Unreal Tournament 3\\Binaries\\UT3.exe"=

"c:\\Program Files\\CAPCOM\\STREETFIGHTERIV\\StreetFighterIV.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5353:TCP"= 5353:TCP:Adobe CSI CS4

"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server

"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server

"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server

"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server

R0 MDFSYSNT;MacDrive file system driver;c:\windows\system32\drivers\MDFSYSNT.SYS [2/4/2009 10:14 AM 284160]

R0 MDPMGRNT;MacDrive partition driver;c:\windows\system32\drivers\MDPMGRNT.SYS [2/4/2009 10:22 AM 19456]

R0 mv614x;mv614x;c:\windows\system32\drivers\mv614x.sys [6/21/2009 11:24 AM 34432]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [4/24/2009 3:23 AM 165584]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4/24/2009 3:23 AM 17744]

R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]

R2 MacDriveService;MacDrive service;c:\program files\Mediafour\MacDrive 7\MacDriveService.exe [11/26/2008 8:23 AM 150528]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/17/2010 8:58 PM 304464]

R2 regi;regi;c:\windows\system32\drivers\regi.sys [4/17/2007 7:09 PM 11032]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [4/24/2009 2:23 PM 24652]

R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [5/2/2010 6:01 PM 33792]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/17/2010 8:58 PM 20952]

S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [8/15/2008 4:46 AM 288112]

S3 AWINDIS5;AWINDIS5 Protocol Driver;c:\windows\system32\AWINDIS5.SYS [4/24/2009 3:01 AM 16194]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

HPService REG_MULTI_SZ HPSLPSVC

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2009-05-18 21:54 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

2010-09-06 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]

2010-11-24 c:\windows\Tasks\WGASetup.job

- c:\windows\system32\KB905474\wgasetup.exe [2010-04-26 02:18]

.

.

------- Supplementary Scan -------

.

uStart Page = about:blank

uInternet Settings,ProxyOverride = *.local

IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert link target to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

Trusted Zone: intuit.com\ttlc

FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\x5z7py5e.default\

FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll

FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

- - - - ORPHANS REMOVED - - - -

ShellIconOverlayIdentifiers-MacDrive Volume Icons - (no file)

HKCU-Run-Aim6 - (no file)

HKCU-Run-AdobeBridge - (no file)

HKLM-Run-Malwarebytes Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-11-23 20:46

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

Completion time: 2010-11-23 20:48:26

ComboFix-quarantined-files.txt 2010-11-24 01:48

Pre-Run: 93,942,616,064 bytes free

Post-Run: 95,010,496,512 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 900B0D42CE5B3CDC21BBC58C71BBEB8C

Link to post
Share on other sites

Sure thing, here ya go:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 2

Internet Explorer 7.0.5730.11

11/23/2010 10:16:47 PM

mbam-log-2010-11-23 (22-16-47).txt

Scan type: Quick scan

Objects scanned: 118022

Time elapsed: 4 minute(s), 34 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Good job thumbup.gif

The following will implement some cleanup procedures as well as reset System Restore points:

For XP:

  • Click START run
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

For Vista / Windows 7

  • Click START Search
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

If you used DeFogger

To re-enable your Emulation drivers, double click DeFogger to run the tool.

  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled.

Here's my usual all clean post

To be on the safe side, I would also change all my passwords.

This infection appears to have been cleaned, but as the malware could be configured to run any program a remote attacker requires, it's impossible to be 100% sure that any machine is clean.

Log looks good :angry:

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    1. From within Internet Explorer click on the Tools menu and then click on Options.
    2. Click once on the Security tab
    3. Click once on the Internet icon so it becomes highlighted.
    4. Click once on the Custom Level button.
    5. Change the Download signed ActiveX controls to Prompt
    6. Change the Download unsigned ActiveX controls to Disable
    7. Change the Initialize and script ActiveX controls not marked as safe to Disable
    8. Change the Installation of desktop items to Prompt
    9. Change the Launching programs and files in an IFRAME to Prompt
    10. Change the Navigate sub-frames across different domains to Prompt
    11. When all these settings have been made, click on the OK button.
    12. If it prompts you as to whether or not you want to save the settings, press the Yes button.
    13. Next press the Apply button and then the OK to exit the Internet Properties page.

    [*]Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week

    (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

    [*]Use a Firewall - I can not stress how important it is that you use a Firewall on your computer.

    Without a firewall your computer is succeptible to being hacked and taken over.

    I am very serious about this and see it happen almost every day with my clients.

    Simply using a Firewall in its default configuration can lower your risk greatly.

    [*] WOT , Web of Trust, As 'Googling' is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

    Green to go

    Yellow for caution

    Red to stop

    WOT has an addon available for both Firefox and IE.

    [*]Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly.

    This will ensure your computer has always the latest security updates available installed on your computer.

    If there are new updates to install, install them immediately, reboot your computer, and revisit the site

    until there are no more critical updates.

Only run one Anti-Virus and Firewall program.

I would suggest you read:

PC Safety and Security--What Do I Need?.

How to Prevent Malware:

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.