Jump to content

stopbadsites.com reroute? Windows can't update


Recommended Posts

PC won't allow windows updates and when surfing the web the page will be rerouted to stopbadsites.com stating "Attention! Your web page request has been cancelled!" Then it goes on to explain a malicious request was made and I need to buy their spyware program to fix it. Here are the logs from the instructions.

DDS (Ver_10-12-12.02) - NTFSx86

Run by Carlos Bonaventura at 10:56:27.53 on Mon 01/03/2011

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.553 [GMT -12:00]

AV: BitDefender Antivirus *Enabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}

AV: McAfee VirusScan *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: BitDefender Firewall *Enabled*

FW: McAfee Personal Firewall *Enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Stardock\MyColors\wbload.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\igfxpers.exe

svchost.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Live\Messenger\msnmsgr .exe

C:\Program Files\Common Files\mcafee\mna\mcnasvc.exe

C:\Program Files\BitDefender\BitDefender 2011\pchooklaunch32.exe

C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

D:\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/

uSearch Page = hxxp://www.live.com

uInternet Settings,ProxyServer = http=127.0.0.1:62242

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File

TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\bitdefender\bitdefender 2011\IEToolbar.dll

{cccc7d2d-9a4c-4c9a-9bd4-cc4815b28ccc}

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr .exe" /background

uRun: [Google Updater] c:\documents and settings\carlos bonaventura\application data\GoogleUpdater.exe.exe

uRun: [MKbuqK] c:\windows\iexplarer .exe

uRun: [MKbuqgggc] c:\windows\iexplarer .exe

uRun: [MKbuqggggc] c:\windows\iexplarer .exe

uRun: [MKcEgg0] c:\windows\mdm .exe

uRun: [MKbuqggj] c:\windows\iexplarer .exe

uRun: [MKcEggK] c:\windows\mdm .exe

uRun: [MKbuqgggK] c:\windows\iexplarer .exe

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe

mRun: [<NO NAME>]

mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey

mRun: [Google Updater] c:\documents and settings\carlos bonaventura\application data\GoogleUpdater.exe.exe

mRun: [MKWPzz/OWS\TEMP\3505034654.exe] c:\windows\temp\3505034654.exe

mRun: [MKbuqgggc] c:\windows\iexplarer .exe

mRun: [MKbuqggggc] c:\windows\iexplarer .exe

mRun: [MKcEgg0] c:\windows\mdm .exe

mRun: [MKbuqggj] c:\windows\iexplarer .exe

mRun: [MKcEggK] c:\windows\mdm .exe

mRun: [MKbuqgggK] c:\windows\iexplarer .exe

mRun: [bitDefender Antiphishing Helper] "c:\program files\bitdefender\bitdefender 2011\ieshow.exe"

mRun: [bDAgent] "c:\program files\bitdefender\bitdefender 2011\bdagent.exe"

dRun: [MKeta] c:\windows\services.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\stardo~1.lnk - c:\program files\stardock\mycolors\SDDelayedLaunch.exe

dPolicies-explorer: NoFolderOptions = 1 (0x1)

dPolicies-system: DisableRegistryTools = 1 (0x1)

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Notify: igfxcui - igfxdev.dll

Notify: WB - c:\program files\stardock\mycolors\fastload.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

============= SERVICES / DRIVERS ===============

R0 EMSC;COMPAL Embedded System Control;c:\windows\system32\drivers\EMSC.sys [2009-9-23 14248]

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2010-11-21 54760]

R2 NvtlService;NovaCore SDK Service;c:\program files\novatel wireless\novacore\server\NvtlSrvr.exe [2009-8-24 82432]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2009-9-23 143840]

R3 OA012Afx;Provides a software interface to control audio effects of OA012 camera.;c:\windows\system32\drivers\OA012Afx.sys [2009-9-23 135168]

R3 OA012Ufd;Creative Camera OA012 Upper Filter Driver;c:\windows\system32\drivers\OA012Ufd.sys [2009-9-23 133632]

R3 OA012Vid;Creative Camera OA012 Function Driver;c:\windows\system32\drivers\OA012Vid.sys [2009-9-23 272032]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-9-23 162816]

R4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-1-2 38224]

S0 gjjidneq;gjjidneq; [x]

S2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe --> c:\progra~1\common~1\mcafee\mcproxy\McProxy.exe [?]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-9-23 1684736]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]

S3 NWVMModem;Virgin Mobile USB Modem Driver;c:\windows\system32\drivers\nwvmmdm.sys [2009-5-15 174720]

S3 NWVMPort;Virgin Mobile USB Status Port Driver;c:\windows\system32\drivers\nwvmser.sys [2009-5-15 174720]

S3 NWVMPort2;Virgin Mobile USB Status2 Port Driver;c:\windows\system32\drivers\nwvmser2.sys [2009-5-15 174720]

S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2011-1-3 27064]

=============== Created Last 30 ================

2011-01-03 22:25:31 -------- d-----w- c:\docume~1\carlos~1\locals~1\applic~1\VS Revo Group

2011-01-03 22:25:19 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys

2011-01-03 22:25:16 -------- d-----w- c:\program files\VS Revo Group

2011-01-03 09:03:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-01-03 09:03:20 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-01-03 09:01:40 -------- d-----w- c:\docume~1\carlos~1\applic~1\MSNInstaller

2011-01-02 19:59:19 149520 ----a-w- c:\windows\system32\drivers\bdfm.sys

2011-01-02 19:59:00 -------- d-----w- c:\docume~1\carlos~1\applic~1\BitDefender

2011-01-02 19:58:13 -------- d-----w- c:\program files\BitDefender

2011-01-02 19:48:18 -------- d-----w- c:\docume~1\carlos~1\applic~1\QuickScan

2011-01-02 19:47:24 -------- d-----w- c:\program files\common files\BitDefender

2011-01-02 19:47:24 -------- d-----w- c:\docume~1\alluse~1\applic~1\BitDefender

2011-01-02 19:46:36 306104 ----a-w- c:\windows\system32\drivers\trufos.sys

2011-01-02 19:46:25 327368 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys

2011-01-02 19:46:25 12960 ----a-w- c:\windows\system32\drivers\bdrawpr.sys

2011-01-02 19:46:20 64726 ----a-w- c:\docume~1\alluse~1\applic~1\bdinstall.bin

2011-01-02 17:01:25 -------- d-sh--w- c:\documents and settings\carlos bonaventura\IECompatCache

2011-01-02 05:01:10 -------- d-----w- c:\windows\system32\LogFiles

2011-01-02 04:28:05 -------- d-----w- c:\docume~1\carlos~1\applic~1\AVG10

2011-01-02 04:26:40 -------- d--h--w- c:\docume~1\alluse~1\applic~1\Common Files

2011-01-02 04:24:45 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10

2011-01-02 04:24:08 -------- d-----w- c:\program files\AVG

2011-01-02 02:50:54 -------- d-----w- c:\docume~1\carlos~1\locals~1\applic~1\PageRage

2011-01-02 02:49:28 2753 ----a-w- c:\windows\ebemeposu.dll

2011-01-02 02:44:04 -------- d-----w- c:\docume~1\carlos~1\applic~1\Malwarebytes

2011-01-02 02:43:57 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2011-01-02 02:43:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-01-02 02:35:24 2753 ----a-w- c:\windows\ifafumakuladoleq.dll

2011-01-02 02:07:05 1152 ----a-w- c:\windows\system32\windrv.sys

2011-01-02 01:54:15 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData

2011-01-02 01:53:52 -------- d-----w- c:\docume~1\carlos~1\applic~1\GetRightToGo

2011-01-01 23:27:15 23040 ----a-w- c:\windows\system32\psapi.dll

2011-01-01 23:00:03 2743 ----a-w- c:\windows\eqofavinasowovo.dll

2010-12-26 04:54:18 217 ----a-w- c:\docume~1\carlos~1\applic~1\microsoft\gb_329843.bat

2010-12-26 04:52:15 0 ----a-w- c:\windows\eveqoxevuqa.dll

2010-12-23 21:54:20 3022 ----a-w- c:\windows\adewelijosi.dll

2010-12-23 18:56:04 3022 ----a-w- c:\windows\ugureguc.dll

2010-12-21 17:20:40 3022 ----a-w- c:\windows\imilaqoc.dll

2010-12-21 15:39:46 -------- d-----w- c:\docume~1\alluse~1\applic~1\boost_interprocess

2010-12-21 15:38:50 -------- d-----w- c:\windows\system32\1057

2010-12-21 15:38:06 217 ----a-w- c:\documents and settings\carlos bonaventura\delme.bat

2010-12-21 15:38:03 3022 ----a-w- c:\docume~1\carlos~1\applic~1\yCU49.exe

2010-12-21 15:36:21 544 ----a-w- c:\docume~1\carlos~1\applic~1\net.vbs

2010-12-21 15:36:21 1122 ----a-w- c:\docume~1\carlos~1\applic~1\net.bat

2010-12-21 15:33:23 2753 ----a-w- c:\windows\ecilexah.dll

2010-12-21 15:32:08 -------- d-----w- c:\windows\system32\%APPDATA%

2010-12-17 18:06:03 -------- d-----w- c:\docume~1\carlos~1\locals~1\applic~1\Temp

2010-12-17 18:05:49 -------- d-----w- c:\program files\Yontoo Layers Client

2010-12-17 18:05:48 -------- d-----w- c:\docume~1\alluse~1\applic~1\Tarma Installer

2010-12-15 13:35:42 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys

2010-12-15 13:34:30 45568 -c----w- c:\windows\system32\dllcache\wab.exe

==================== Find3M ====================

2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll

2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll

2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-11-06 00:26:58 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec

2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll

2010-10-26 13:27:10 1862272 ----a-w- c:\windows\system32\win32k.sys

2010-07-08 21:37:14 101544 ----a-w- c:\program files\common files\LinkInstaller.exe

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600 Disk: WDC_WD1600BEVT-75ZCT2 rev.11.01A11 -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-3

device: opened successfully

user: MBR read successfully

Disk trace:

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86F0A735]<<

_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x86f10990]; MOV EAX, [0x86f10a0c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }

1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x86F54AB8]

3 CLASSPNP[0xF757DFD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\00000066[0x86F849E8]

5 ACPI[0xF7414620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x86F49940]

\Driver\atapi[0x86F81270] -> IRP_MJ_CREATE -> 0x86F0A735

kernel: MBR read successfully

_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [bP+0x0], 0x0; }

detected disk devices:

\Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskWDC_WD1600BEVT-75ZCT2___________________11.01A11#5&33dc7a75&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

detected hooks:

\Driver\atapi DriverStartIo -> 0x86F0A57B

user & kernel MBR OK

Warning: possible TDL3 rootkit infection !

============= FINISH: 10:59:26.26 ===============

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 5448

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

1/3/2011 11:29:18 AM

mbam-log-2011-01-03 (11-29-18).txt

Scan type: Full scan (C:\|)

Objects scanned: 193408

Time elapsed: 34 minute(s), 22 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MKWPzz/OWS\TEMP\3505034654.exe (Trojan.Downloader.Gen) -> Value: 3505034654.exe -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Attach.zip

ark.zip

Link to post
Share on other sites

Hello ImSpecial! Welcome to Malwarebytes' Anti-Malware Forums!

My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following:

  • The process of cleaning your system may take some time, so please be patient.
  • Follow my instructions step by step if there is a problem somewhere, stop and tell me.
  • Stay with the thread until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • If you don't know or can't understand something please ask.
  • Do not install or uninstall any software or hardware, while work on.
  • Keep me informed about any changes.

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, change it to Cure and then click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • Click the Report button and copy/paste the contents of it into your next reply

Note:It will also create a log in the C:\ directory.

Link to post
Share on other sites

Ok I ran it and it found something which required a reboot, which i did. Then I opened it again and clicked report

2011/01/03 17:49:28.0640 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46

2011/01/03 17:49:28.0640 ================================================================================

2011/01/03 17:49:28.0640 SystemInfo:

2011/01/03 17:49:28.0640

2011/01/03 17:49:28.0640 OS Version: 5.1.2600 ServicePack: 3.0

2011/01/03 17:49:28.0640 Product type: Workstation

2011/01/03 17:49:28.0640 ComputerName: CARLOS

2011/01/03 17:49:28.0640 UserName: Carlos Bonaventura

2011/01/03 17:49:28.0640 Windows directory: C:\WINDOWS

2011/01/03 17:49:28.0640 System windows directory: C:\WINDOWS

2011/01/03 17:49:28.0640 Processor architecture: Intel x86

2011/01/03 17:49:28.0640 Number of processors: 2

2011/01/03 17:49:28.0640 Page size: 0x1000

2011/01/03 17:49:28.0640 Boot type: Normal boot

2011/01/03 17:49:28.0640 ================================================================================

2011/01/03 17:49:28.0875 Initialize success

and that's what I got, not sure if I did that right.

Link to post
Share on other sites

sorry missed the part about the log being in the C directory HERE is the log...

2011/01/03 17:46:29.0250 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46

2011/01/03 17:46:29.0250 ================================================================================

2011/01/03 17:46:29.0250 SystemInfo:

2011/01/03 17:46:29.0250

2011/01/03 17:46:29.0250 OS Version: 5.1.2600 ServicePack: 3.0

2011/01/03 17:46:29.0250 Product type: Workstation

2011/01/03 17:46:29.0250 ComputerName: CARLOS

2011/01/03 17:46:29.0250 UserName: Carlos Bonaventura

2011/01/03 17:46:29.0250 Windows directory: C:\WINDOWS

2011/01/03 17:46:29.0250 System windows directory: C:\WINDOWS

2011/01/03 17:46:29.0250 Processor architecture: Intel x86

2011/01/03 17:46:29.0250 Number of processors: 2

2011/01/03 17:46:29.0250 Page size: 0x1000

2011/01/03 17:46:29.0250 Boot type: Normal boot

2011/01/03 17:46:29.0250 ================================================================================

2011/01/03 17:46:29.0734 Initialize success

2011/01/03 17:46:43.0281 ================================================================================

2011/01/03 17:46:43.0281 Scan started

2011/01/03 17:46:43.0281 Mode: Manual;

2011/01/03 17:46:43.0281 ================================================================================

2011/01/03 17:46:43.0890 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

2011/01/03 17:46:43.0953 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/01/03 17:46:43.0984 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

2011/01/03 17:46:44.0078 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

2011/01/03 17:46:44.0156 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2011/01/03 17:46:44.0234 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

2011/01/03 17:46:44.0312 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

2011/01/03 17:46:44.0375 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

2011/01/03 17:46:44.0406 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

2011/01/03 17:46:44.0453 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

2011/01/03 17:46:44.0500 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

2011/01/03 17:46:44.0562 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

2011/01/03 17:46:44.0593 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

2011/01/03 17:46:44.0687 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys

2011/01/03 17:46:44.0750 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

2011/01/03 17:46:44.0781 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

2011/01/03 17:46:44.0828 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

2011/01/03 17:46:44.0875 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

2011/01/03 17:46:44.0906 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

2011/01/03 17:46:44.0968 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/01/03 17:46:45.0031 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/01/03 17:46:45.0078 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/01/03 17:46:45.0125 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/01/03 17:46:45.0234 BCM43XX (37f385a93c620cbe0f89c17e45f697a1) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys

2011/01/03 17:46:45.0312 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/01/03 17:46:45.0375 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

2011/01/03 17:46:45.0390 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/01/03 17:46:45.0453 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

2011/01/03 17:46:45.0484 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

2011/01/03 17:46:45.0515 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/01/03 17:46:45.0562 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/01/03 17:46:45.0609 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/01/03 17:46:45.0687 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

2011/01/03 17:46:45.0718 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

2011/01/03 17:46:45.0750 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

2011/01/03 17:46:45.0796 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

2011/01/03 17:46:45.0890 CtClsFlt (b27d15c551a6678137c6b751b160756d) C:\WINDOWS\system32\DRIVERS\CtClsFlt.sys

2011/01/03 17:46:45.0937 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

2011/01/03 17:46:45.0984 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

2011/01/03 17:46:46.0015 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/01/03 17:46:46.0078 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2011/01/03 17:46:46.0140 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2011/01/03 17:46:46.0171 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/01/03 17:46:46.0250 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2011/01/03 17:46:46.0281 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

2011/01/03 17:46:46.0359 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/01/03 17:46:46.0406 EMSC (a6da3468ffafbdce403ef2973ff03865) C:\WINDOWS\system32\DRIVERS\EMSC.SYS

2011/01/03 17:46:46.0593 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/01/03 17:46:46.0703 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

2011/01/03 17:46:46.0750 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2011/01/03 17:46:46.0781 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

2011/01/03 17:46:46.0812 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

2011/01/03 17:46:46.0921 fssfltr (e0087225b137e57239ff40f8ae82059b) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys

2011/01/03 17:46:46.0953 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/01/03 17:46:47.0015 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/01/03 17:46:47.0078 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

2011/01/03 17:46:47.0156 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/01/03 17:46:47.0187 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2011/01/03 17:46:47.0250 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/01/03 17:46:47.0281 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

2011/01/03 17:46:47.0343 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/01/03 17:46:47.0375 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

2011/01/03 17:46:47.0421 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

2011/01/03 17:46:47.0484 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/01/03 17:46:47.0734 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys

2011/01/03 17:46:48.0000 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/01/03 17:46:48.0062 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

2011/01/03 17:46:48.0343 IntcAzAudAddService (cb1113029fae50c685198eabd9885161) C:\WINDOWS\system32\drivers\RtkHDAud.sys

2011/01/03 17:46:48.0515 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

2011/01/03 17:46:48.0562 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2011/01/03 17:46:48.0609 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

2011/01/03 17:46:48.0656 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/01/03 17:46:48.0718 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/01/03 17:46:48.0750 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/01/03 17:46:48.0796 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/01/03 17:46:48.0843 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/01/03 17:46:48.0921 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/01/03 17:46:48.0968 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/01/03 17:46:48.0984 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2011/01/03 17:46:49.0062 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2011/01/03 17:46:49.0125 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/01/03 17:46:49.0281 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/01/03 17:46:49.0343 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2011/01/03 17:46:49.0437 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys

2011/01/03 17:46:49.0546 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/01/03 17:46:49.0593 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2011/01/03 17:46:49.0640 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/01/03 17:46:49.0703 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

2011/01/03 17:46:49.0734 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/01/03 17:46:49.0796 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/01/03 17:46:49.0875 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2011/01/03 17:46:49.0937 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/01/03 17:46:49.0984 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/01/03 17:46:50.0031 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/01/03 17:46:50.0078 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/01/03 17:46:50.0125 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

2011/01/03 17:46:50.0156 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2011/01/03 17:46:50.0187 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

2011/01/03 17:46:50.0250 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2011/01/03 17:46:50.0312 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

2011/01/03 17:46:50.0343 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/01/03 17:46:50.0375 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/01/03 17:46:50.0390 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/01/03 17:46:50.0453 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/01/03 17:46:50.0468 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/01/03 17:46:50.0515 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/01/03 17:46:50.0578 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2011/01/03 17:46:50.0656 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/01/03 17:46:50.0734 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/01/03 17:46:50.0781 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/01/03 17:46:50.0812 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/01/03 17:46:50.0875 NWVMModem (b7112f30d7eff4b5052eba879f46228f) C:\WINDOWS\system32\DRIVERS\nwvmmdm.sys

2011/01/03 17:46:50.0937 NWVMPort (b7112f30d7eff4b5052eba879f46228f) C:\WINDOWS\system32\DRIVERS\nwvmser.sys

2011/01/03 17:46:50.0968 NWVMPort2 (b7112f30d7eff4b5052eba879f46228f) C:\WINDOWS\system32\DRIVERS\nwvmser2.sys

2011/01/03 17:46:51.0031 OA012Afx (aff089842ba83be89e51d7ea0aa09e53) C:\WINDOWS\system32\Drivers\OA012Afx.sys

2011/01/03 17:46:51.0109 OA012Ufd (2cf21d5f8f1b74bb1922135ac2b12ddb) C:\WINDOWS\system32\DRIVERS\OA012Ufd.sys

2011/01/03 17:46:51.0171 OA012Vid (71346423b584daa06ea26e0bd2cb67c2) C:\WINDOWS\system32\DRIVERS\OA012Vid.sys

2011/01/03 17:46:51.0234 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys

2011/01/03 17:46:51.0296 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/01/03 17:46:51.0328 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/01/03 17:46:51.0375 PCASp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\WINDOWS\system32\Drivers\PCASp50.sys

2011/01/03 17:46:51.0421 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/01/03 17:46:51.0484 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/01/03 17:46:51.0531 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

2011/01/03 17:46:51.0703 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

2011/01/03 17:46:51.0718 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

2011/01/03 17:46:51.0812 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/01/03 17:46:51.0843 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/01/03 17:46:51.0859 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/01/03 17:46:51.0906 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

2011/01/03 17:46:51.0953 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

2011/01/03 17:46:51.0968 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

2011/01/03 17:46:52.0000 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

2011/01/03 17:46:52.0031 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

2011/01/03 17:46:52.0062 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/01/03 17:46:52.0109 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/01/03 17:46:52.0125 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/01/03 17:46:52.0156 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/01/03 17:46:52.0203 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/01/03 17:46:52.0234 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/01/03 17:46:52.0281 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2011/01/03 17:46:52.0328 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/01/03 17:46:52.0390 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/01/03 17:46:52.0453 Revoflt (8b5b8a11306190c6963d3473f052d3c8) C:\WINDOWS\system32\DRIVERS\revoflt.sys

2011/01/03 17:46:52.0515 RSUSBSTOR (7ffa9821b1c5e0e0667e0a2685cfb89f) C:\WINDOWS\system32\Drivers\RtsUStor.sys

2011/01/03 17:46:52.0578 RTLE8023xp (6e7470477d08f6e47e91016d6a1c5a5f) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys

2011/01/03 17:46:52.0656 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/01/03 17:46:52.0703 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys

2011/01/03 17:46:52.0765 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2011/01/03 17:46:52.0843 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

2011/01/03 17:46:52.0906 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

2011/01/03 17:46:52.0953 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

2011/01/03 17:46:53.0000 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2011/01/03 17:46:53.0046 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/01/03 17:46:53.0125 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/01/03 17:46:53.0171 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

2011/01/03 17:46:53.0218 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/01/03 17:46:53.0250 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2011/01/03 17:46:53.0296 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

2011/01/03 17:46:53.0328 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

2011/01/03 17:46:53.0359 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

2011/01/03 17:46:53.0390 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

2011/01/03 17:46:53.0453 SynTP (a10d781153bb23036b474ffedb448266) C:\WINDOWS\system32\DRIVERS\SynTP.sys

2011/01/03 17:46:53.0500 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/01/03 17:46:53.0578 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/01/03 17:46:53.0640 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/01/03 17:46:53.0671 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/01/03 17:46:53.0687 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/01/03 17:46:53.0734 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

2011/01/03 17:46:53.0796 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2011/01/03 17:46:53.0843 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

2011/01/03 17:46:53.0953 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2011/01/03 17:46:54.0015 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys

2011/01/03 17:46:54.0062 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2011/01/03 17:46:54.0125 usbehci (4bac8df07f1d8434fc640e677a62204e) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/01/03 17:46:54.0140 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/01/03 17:46:54.0203 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2011/01/03 17:46:54.0250 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/01/03 17:46:54.0296 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2011/01/03 17:46:54.0343 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys

2011/01/03 17:46:54.0390 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2011/01/03 17:46:54.0437 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

2011/01/03 17:46:54.0484 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

2011/01/03 17:46:54.0531 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/01/03 17:46:54.0593 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/01/03 17:46:54.0671 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys

2011/01/03 17:46:54.0734 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/01/03 17:46:54.0859 WpdUsb (05d10cf85b78d81530e7d8b0ef443349) C:\WINDOWS\system32\Drivers\wpdusb.sys

2011/01/03 17:46:54.0953 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

2011/01/03 17:46:55.0031 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)

2011/01/03 17:46:55.0031 ================================================================================

2011/01/03 17:46:55.0031 Scan finished

2011/01/03 17:46:55.0031 ================================================================================

2011/01/03 17:46:55.0062 Detected object count: 1

2011/01/03 17:47:14.0390 \HardDisk0 - will be cured after reboot

2011/01/03 17:47:14.0390 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure

2011/01/03 17:47:29.0718 Deinitialize success

Link to post
Share on other sites

Good! :)

**Note: If you need more detailed information, please visit the web page of ComboFix in BleepingComputer. **

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper.

Please download ComboFix from

Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

  1. If you are using Firefox, make sure that your download settings are as follows:
    • Open Tools -> Options -> Main tab
    • Set to Always ask me where to Save the files.

[*]During the download, rename Combofix to Combo-Fix as follows:

CF_download_FF.gif

CF_download_rename.gif

[*]It is important you rename Combofix during the download, but not after.

[*]Please do not rename Combofix to other names, but only to the one indicated.

AFsAKgBd-Close any open browsers.

[*]Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

-----------------------------------------------------------

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause unpredictable results.
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

    -----------------------------------------------------------


  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

-----------------------------------------------------------

[*]Double click on combo-Fix.exe & follow the prompts.

[*]When finished, it will produce a report for you.

[*]Please post the C:\Combo-Fix.txt for further review.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

Link to post
Share on other sites

Good! :)

**Note: If you need more detailed information, please visit the web page of ComboFix in BleepingComputer. **

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper.

Please download ComboFix from

Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

  1. If you are using Firefox, make sure that your download settings are as follows:
    • Open Tools -> Options -> Main tab
    • Set to Always ask me where to Save the files.

[*]During the download, rename Combofix to Combo-Fix as follows:

CF_download_FF.gif

CF_download_rename.gif

[*]It is important you rename Combofix during the download, but not after.

[*]Please do not rename Combofix to other names, but only to the one indicated.

AFsAKgBd-Close any open browsers.

[*]Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

-----------------------------------------------------------

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause unpredictable results.
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

    -----------------------------------------------------------


  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

-----------------------------------------------------------

[*]Double click on combo-Fix.exe & follow the prompts.

[*]When finished, it will produce a report for you.

[*]Please post the C:\Combo-Fix.txt for further review.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**[

/b]

Before I do this I have a question. One of the scan you told me to do said McAfee was running AntiVirus and firewall when I installed it. What do I do about that?

Link to post
Share on other sites

Ok I got it!

ComboFix 11-01-03.04 - Carlos Bonaventura 01/04/2011 11:24:07.1.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.663 [GMT -12:00]

Running from: c:\documents and settings\Carlos Bonaventura\Desktop\Combo-Fix.exe

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Administrator\Application Data\Install.dat

c:\documents and settings\All Users\Application Data\boost_interprocess\20110101133553.375000

c:\documents and settings\Carlos Bonaventura\Application Data\Install.dat

c:\documents and settings\Carlos Bonaventura\delme.bat

c:\windows\adewelijosi.dll

c:\windows\eveqoxevuqa.dll

c:\windows\imilaqoc.dll

c:\windows\system32\1057

c:\windows\system32\1057\inf1057.dat

c:\windows\system32\config\system~1\applic~1\install.dat

c:\windows\system32\config\systemprofile\Application Data\Install.dat

c:\windows\ugureguc.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_6TO4

-------\Service_6to4

((((((((((((((((((((((((( Files Created from 2010-12-04 to 2011-01-04 )))))))))))))))))))))))))))))))

.

2011-01-03 22:25 . 2011-01-03 22:25 -------- d-----w- c:\documents and settings\Carlos Bonaventura\Local Settings\Application Data\VS Revo Group

2011-01-03 22:25 . 2009-12-30 23:20 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys

2011-01-03 22:25 . 2011-01-03 22:25 -------- d-----w- c:\program files\VS Revo Group

2011-01-03 09:03 . 2010-12-21 06:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-01-03 09:03 . 2010-12-21 06:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-01-03 09:01 . 2011-01-03 09:01 -------- d-----w- c:\documents and settings\Carlos Bonaventura\Application Data\MSNInstaller

2011-01-02 20:12 . 2011-01-02 20:12 -------- d-----w- c:\documents and settings\LocalService\Application Data\QuickScan

2011-01-02 19:58 . 2011-01-02 19:58 -------- d-----w- c:\program files\BitDefender

2011-01-02 19:48 . 2011-01-02 19:48 -------- d-----w- c:\documents and settings\Carlos Bonaventura\Application Data\QuickScan

2011-01-02 19:46 . 2011-01-04 22:55 98726 ----a-w- c:\documents and settings\All Users\Application Data\bdinstall.bin

2011-01-02 17:01 . 2011-01-02 17:01 -------- d-sh--w- c:\documents and settings\Carlos Bonaventura\IECompatCache

2011-01-02 05:01 . 2011-01-02 05:01 -------- d-----w- c:\windows\system32\LogFiles

2011-01-02 04:28 . 2011-01-02 04:28 -------- d-----w- c:\documents and settings\Carlos Bonaventura\Application Data\AVG10

2011-01-02 04:26 . 2011-01-02 04:26 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files

2011-01-02 04:24 . 2011-01-03 08:57 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10

2011-01-02 04:24 . 2011-01-02 04:24 -------- d-----w- c:\program files\AVG

2011-01-02 02:50 . 2011-01-02 02:50 -------- d-----w- c:\documents and settings\Carlos Bonaventura\Local Settings\Application Data\PageRage

2011-01-02 02:49 . 2011-01-02 02:49 2753 ----a-w- c:\windows\ebemeposu.dll

2011-01-02 02:44 . 2011-01-02 02:44 -------- d-----w- c:\documents and settings\Carlos Bonaventura\Application Data\Malwarebytes

2011-01-02 02:43 . 2011-01-02 02:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-01-02 02:43 . 2011-01-03 09:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-01-02 02:35 . 2011-01-02 02:35 2753 ----a-w- c:\windows\ifafumakuladoleq.dll

2011-01-02 02:07 . 2011-01-02 02:07 1152 ----a-w- c:\windows\system32\windrv.sys

2011-01-02 01:54 . 2011-01-02 04:24 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData

2011-01-02 01:53 . 2011-01-02 02:06 -------- d-----w- c:\documents and settings\Carlos Bonaventura\Application Data\GetRightToGo

2011-01-02 00:41 . 2011-01-03 06:47 -------- d-----w- c:\documents and settings\Administrator

2011-01-01 23:27 . 2008-04-14 12:00 23040 ----a-w- c:\windows\system32\psapi.dll

2011-01-01 23:02 . 2011-01-01 23:02 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Conduit

2011-01-01 23:01 . 2011-01-01 23:01 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE

2011-01-01 23:01 . 2011-01-01 23:01 -------- d-----w- c:\documents and settings\LocalService\Application Data\Windows Search

2011-01-01 23:01 . 2011-01-01 23:01 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\PageRage

2011-01-01 23:00 . 2011-01-01 23:00 2743 ----a-w- c:\windows\eqofavinasowovo.dll

2010-12-26 04:54 . 2010-12-26 04:54 217 ----a-w- c:\documents and settings\Carlos Bonaventura\Application Data\Microsoft\gb_329843.bat

2010-12-21 15:39 . 2011-01-04 23:28 -------- d-----w- c:\documents and settings\All Users\Application Data\boost_interprocess

2010-12-21 15:38 . 2010-12-21 15:38 3022 ----a-w- c:\documents and settings\Carlos Bonaventura\Application Data\yCU49.exe

2010-12-21 15:36 . 2010-12-23 21:53 544 ----a-w- c:\documents and settings\Carlos Bonaventura\Application Data\net.vbs

2010-12-21 15:36 . 2010-12-23 21:53 1122 ----a-w- c:\documents and settings\Carlos Bonaventura\Application Data\net.bat

2010-12-21 15:34 . 2010-12-21 15:34 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Conduit

2010-12-21 15:34 . 2010-12-21 15:34 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE

2010-12-21 15:33 . 2010-12-21 15:33 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Windows Search

2010-12-21 15:33 . 2010-12-21 15:35 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PageRage

2010-12-21 15:33 . 2010-12-21 15:33 2753 ----a-w- c:\windows\ecilexah.dll

2010-12-21 15:32 . 2011-01-03 08:31 -------- d-----w- c:\windows\system32\%APPDATA%

2010-12-21 00:32 . 2010-12-21 00:32 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

2010-12-17 18:06 . 2010-12-17 18:06 -------- d-----w- c:\documents and settings\Carlos Bonaventura\Local Settings\Application Data\Temp

2010-12-17 18:05 . 2010-12-17 18:05 -------- d-----w- c:\program files\Yontoo Layers Client

2010-12-17 18:05 . 2010-12-17 18:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Tarma Installer

2010-12-15 13:35 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys

2010-12-15 13:34 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-11-18 18:12 . 2008-04-26 01:44 81920 ----a-w- c:\windows\system32\isign32.dll

2010-11-06 00:26 . 2008-04-25 20:33 916480 ----a-w- c:\windows\system32\wininet.dll

2010-11-06 00:26 . 2008-04-25 20:33 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-11-06 00:26 . 2008-04-25 20:33 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2010-11-03 12:25 . 2008-04-25 20:33 385024 ----a-w- c:\windows\system32\html.iec

2010-11-02 15:17 . 2008-04-25 20:33 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys

2010-10-28 13:13 . 2008-04-25 20:33 290048 ----a-w- c:\windows\system32\atmfd.dll

2010-10-26 13:27 . 2008-04-25 20:33 1862272 ----a-w- c:\windows\system32\win32k.sys

.

<pre>
c:\program files\Adobe\Reader 9.0\Reader\Reader_sl .exe
c:\program files\Battery Meter\BTMeter .exe
c:\program files\CapsLKNotify\CapsLKNotify .exe
c:\program files\Dell Support Center\bin\sprtcmd .exe
c:\program files\iTunes\iTunesHelper .exe
c:\program files\Java\jre6\bin\jusched .exe
c:\program files\Numedeon\Whyville Launcher\wvlaunch .exe
c:\program files\QuickTime\qttask .exe
c:\program files\Synaptics\SynTP\SynTPEnh .exe
c:\program files\Windows Live\Messenger\msnmsgr .exe
c:\program files\WSED\WSED .exe
c:\windows\OA012Mon .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr .exe" [2010-04-17 3872080]

"Google Updater"="c:\documents and settings\Carlos Bonaventura\Application Data\GoogleUpdater.exe.exe" [N/A]

"MKbuqK"="c:\windows\iexplarer .exe" [N/A]

"MKbuqgggc"="c:\windows\iexplarer .exe" [N/A]

"MKbuqggggc"="c:\windows\iexplarer .exe" [N/A]

"MKcEgg0"="c:\windows\mdm .exe" [N/A]

"MKbuqggj"="c:\windows\iexplarer .exe" [N/A]

"MKcEggK"="c:\windows\mdm .exe" [N/A]

"MKbuqgggK"="c:\windows\iexplarer .exe" [N/A]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE" [2009-03-15 17529856]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-15 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-15 166424]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-15 137752]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2009-01-06 2289664]

"Google Updater"="c:\documents and settings\Carlos Bonaventura\Application Data\GoogleUpdater.exe.exe" [N/A]

"MKbuqgggc"="c:\windows\iexplarer .exe" [N/A]

"MKbuqggggc"="c:\windows\iexplarer .exe" [N/A]

"MKcEgg0"="c:\windows\mdm .exe" [N/A]

"MKbuqggj"="c:\windows\iexplarer .exe" [N/A]

"MKcEggK"="c:\windows\mdm .exe" [N/A]

"MKbuqgggK"="c:\windows\iexplarer .exe" [N/A]

"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [N/A]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"MKeta"="c:\windows\services.exe" [N/A]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\

IconPackager.lnk - c:\program files\Stardock\MyColors\IconPackager.exe [2009-6-16 1385848]

Nickelodeon RSS.lnk - c:\program files\Stardock\DesktopGadgets\Nickelodeon RSS\Nickelodeon RSS.exe [2009-9-23 884016]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Stardock MyColors.lnk - c:\program files\Stardock\MyColors\SDDelayedLaunch.exe [2009-6-24 10440]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]

2009-06-09 14:55 30000 ----a-w- c:\program files\Stardock\MyColors\fastload.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Dell Video Chat\\DellVideoChat.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"443:TCP"= 443:TCP:*:Disabled:ooVoo TCP port 443

"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443

"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674

"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674

"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675

"21:TCP"= 21:TCP:internet2

R0 EMSC;COMPAL Embedded System Control;c:\windows\system32\drivers\EMSC.sys [9/23/2009 3:10 PM 14248]

R2 NvtlService;NovaCore SDK Service;c:\program files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [8/24/2009 6:52 PM 82432]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [9/23/2009 3:19 PM 143840]

R3 OA012Afx;Provides a software interface to control audio effects of OA012 camera.;c:\windows\system32\drivers\OA012Afx.sys [9/23/2009 5:41 PM 135168]

R3 OA012Ufd;Creative Camera OA012 Upper Filter Driver;c:\windows\system32\drivers\OA012Ufd.sys [9/23/2009 5:41 PM 133632]

R3 OA012Vid;Creative Camera OA012 Function Driver;c:\windows\system32\drivers\OA012Vid.sys [9/23/2009 5:41 PM 272032]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [9/23/2009 5:41 PM 162816]

S0 gjjidneq;gjjidneq; [x]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [9/23/2009 5:40 PM 1684736]

S3 NWVMModem;Virgin Mobile USB Modem Driver;c:\windows\system32\drivers\nwvmmdm.sys [5/15/2009 2:34 PM 174720]

S3 NWVMPort;Virgin Mobile USB Status Port Driver;c:\windows\system32\drivers\nwvmser.sys [5/15/2009 2:34 PM 174720]

S3 NWVMPort2;Virgin Mobile USB Status2 Port Driver;c:\windows\system32\drivers\nwvmser2.sys [5/15/2009 2:34 PM 174720]

S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [1/3/2011 10:25 AM 27064]

.

Contents of the 'Scheduled Tasks' folder

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyServer = http=127.0.0.1:62242

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-01-04 11:31

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,75,7c,89,9c,90,29,83,4e,bd,0a,a2,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,75,7c,89,9c,90,29,83,4e,bd,0a,a2,\

[HKEY_USERS\.Default\Software\SetId\Internal]

@Denied: (A 2) (LocalSystem)

"DATA2"="<settings accountStatus=\"3\" oldDevice=\"\" timeDiff=\"39926\" expireTime=\"1296575510\" productStatus=\"1\" obSize=\"0\" InstallIS=\"1289332796\" isSubsc=\"0\" authStat_is=\"0\" version=\"14.1\" keyType=\"195\" prodId=\"2\" moduleId1=\"8\" moduleId2=\"0\" relType=\"1\" />\0a"

[HKEY_USERS\S-1-5-21-568999965-2687617262-1816714951-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]

@Denied: (Full) (LocalSystem)

@SACL=

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(840)

c:\program files\Stardock\MyColors\fastload.dll

c:\windows\System32\BCMLogon.dll

- - - - - - - > 'explorer.exe'(2348)

c:\windows\system32\WININET.dll

c:\program files\Windows Desktop Search\deskbar.dll

c:\program files\Windows Desktop Search\en-us\dbres.dll.mui

c:\program files\Windows Desktop Search\dbres.dll

c:\program files\Windows Desktop Search\wordwheel.dll

c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui

c:\program files\Windows Desktop Search\msnlExtRes.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\System32\WLTRYSVC.EXE

c:\windows\System32\bcmwltry.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files\Dell Support Center\bin\sprtsvc.exe

c:\windows\system32\wdfmgr.exe

c:\windows\system32\SearchIndexer.exe

c:\windows\system32\wscntfy.exe

c:\windows\RTHDCPL.EXE

c:\windows\system32\igfxsrvc.exe

c:\windows\system32\SearchProtocolHost.exe

c:\windows\system32\SearchFilterHost.exe

.

**************************************************************************

.

Completion time: 2011-01-04 11:34:41 - machine was rebooted

ComboFix-quarantined-files.txt 2011-01-04 23:34

Pre-Run: 148,761,370,624 bytes free

Post-Run: 149,015,236,608 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 5FFB4A6D228C48799E65AF7D4EB96B5C

Do you have any suggestion on a free real time antivirus software because the bitdefender I bought isn't working right

Link to post
Share on other sites

Do you have any suggestion on a free real time antivirus software because the bitdefender I bought isn't working right

Please wait about that for now, because we have a very very serious problem. I'll explain you.

Open Notepad and copy and paste the text in the code box below into it:

http://forums.malwarebytes.org/index.php?showtopic=71774

Driver::

gjjidneq

Collect::[8]

c:\windows\ebemeposu.dll

c:\windows\ifafumakuladoleq.dll

c:\windows\eqofavinasowovo.dll

c:\documents and settings\Carlos Bonaventura\Application Data\yCU49.exe

c:\documents and settings\Carlos Bonaventura\Application Data\net.vbs

c:\documents and settings\Carlos Bonaventura\Application Data\net.bat

c:\windows\ecilexah.dll

c:\windows\iexplarer .exe

c:\windows\mdm .exe

c:\windows\services.exe

Folder::

c:\documents and settings\LocalService\Application Data\QuickScan

c:\program files\BitDefender

c:\documents and settings\Carlos Bonaventura\Application Data\QuickScan

c:\documents and settings\Carlos Bonaventura\Application Data\AVG10

c:\documents and settings\All Users\Application Data\AVG10

c:\program files\AVG

DirLook::

c:\windows\system32\%APPDATA%

RenV::

c:\program files\Adobe\Reader 9.0\Reader\Reader_sl .exe

c:\program files\Battery Meter\BTMeter .exe

c:\program files\CapsLKNotify\CapsLKNotify .exe

c:\program files\Dell Support Center\bin\sprtcmd .exe

c:\program files\iTunes\iTunesHelper .exe

c:\program files\Java\jre6\bin\jusched .exe

c:\program files\Numedeon\Whyville Launcher\wvlaunch .exe

c:\program files\QuickTime\qttask

Link to post
Share on other sites

ComboFix 11-01-04.01 - Carlos Bonaventura 01/04/2011 15:28:16.2.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.617 [GMT -12:00]

Running from: c:\documents and settings\Carlos Bonaventura\Desktop\Combo-Fix.exe

Command switches used :: c:\documents and settings\Carlos Bonaventura\Desktop\CFScript.txt

file zipped: c:\documents and settings\Carlos Bonaventura\Application Data\net.bat

file zipped: c:\documents and settings\Carlos Bonaventura\Application Data\net.vbs

file zipped: c:\documents and settings\Carlos Bonaventura\Application Data\yCU49.exe

file zipped: c:\windows\ebemeposu.dll

file zipped: c:\windows\ecilexah.dll

file zipped: c:\windows\eqofavinasowovo.dll

file zipped: c:\windows\ifafumakuladoleq.dll

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\All Users\Application Data\AVG10

c:\documents and settings\All Users\Application Data\AVG10\Chjw\40268d2b268d22d0\avgcchff.dat

c:\documents and settings\All Users\Application Data\AVG10\Chjw\40268d2b268d22d0\avgcchfi.dat

c:\documents and settings\All Users\Application Data\AVG10\Chjw\40268d2b268d22d0\avgcchmf.dat

c:\documents and settings\All Users\Application Data\AVG10\Chjw\40268d2b268d22d0\avgcchmi.dat

c:\documents and settings\All Users\Application Data\AVG10\log\avgcore.log

c:\documents and settings\All Users\Application Data\AVG10\log\avgui.log

c:\documents and settings\All Users\Application Data\AVG10\log\commonpriv.log

c:\documents and settings\All Users\Application Data\AVG10\lsdb\prev\prvcache.dat

c:\documents and settings\All Users\Application Data\AVG10\lsdb\prev\prvglbl.dat

c:\documents and settings\Carlos Bonaventura\Application Data\AVG10

c:\documents and settings\Carlos Bonaventura\Application Data\AVG10\cfgall\usergui.cfg

c:\documents and settings\Carlos Bonaventura\Application Data\net.bat

c:\documents and settings\Carlos Bonaventura\Application Data\net.vbs

c:\documents and settings\Carlos Bonaventura\Application Data\QuickScan

c:\documents and settings\Carlos Bonaventura\Application Data\yCU49.exe

c:\documents and settings\LocalService\Application Data\QuickScan

c:\program files\AVG

c:\program files\AVG\AVG10\Notification\avgxobni_installerxTE.exe

c:\program files\AVG\AVG10\Notification\XobniMiniAVGSetup.exe

c:\program files\BitDefender

c:\windows\ebemeposu.dll

c:\windows\ecilexah.dll

c:\windows\eqofavinasowovo.dll

c:\windows\ifafumakuladoleq.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_GJJIDNEQ

-------\Service_gjjidneq

((((((((((((((((((((((((( Files Created from 2010-12-05 to 2011-01-05 )))))))))))))))))))))))))))))))

.

2011-01-05 00:11 . 2011-01-05 00:11 398744 ----a-r- c:\windows\system32\cpnprt2.cid

2011-01-05 00:11 . 2011-01-05 00:11 -------- d-----w- c:\windows\Cache

2011-01-05 00:11 . 2011-01-05 00:11 -------- d-----w- c:\program files\Coupons

2011-01-05 00:02 . 2011-01-05 00:02 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonBJ

2011-01-05 00:02 . 2008-04-01 08:00 69632 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPP9F.DLL

2011-01-05 00:02 . 2008-04-01 08:00 27136 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPD9F.DLL

2011-01-05 00:02 . 2008-04-01 08:00 230912 ----a-w- c:\windows\system32\CNMLM9F.DLL

2011-01-05 00:01 . 2008-04-14 12:17 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys

2011-01-05 00:01 . 2008-04-14 12:17 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys

2011-01-03 22:25 . 2011-01-03 22:25 -------- d-----w- c:\documents and settings\Carlos Bonaventura\Local Settings\Application Data\VS Revo Group

2011-01-03 22:25 . 2009-12-30 23:20 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys

2011-01-03 22:25 . 2011-01-03 22:25 -------- d-----w- c:\program files\VS Revo Group

2011-01-03 09:03 . 2010-12-21 06:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-01-03 09:03 . 2010-12-21 06:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-01-03 09:01 . 2011-01-03 09:01 -------- d-----w- c:\documents and settings\Carlos Bonaventura\Application Data\MSNInstaller

2011-01-02 19:46 . 2011-01-04 22:55 98726 ----a-w- c:\documents and settings\All Users\Application Data\bdinstall.bin

2011-01-02 17:01 . 2011-01-02 17:01 -------- d-sh--w- c:\documents and settings\Carlos Bonaventura\IECompatCache

2011-01-02 05:01 . 2011-01-02 05:01 -------- d-----w- c:\windows\system32\LogFiles

2011-01-02 04:26 . 2011-01-02 04:26 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files

2011-01-02 02:50 . 2011-01-02 02:50 -------- d-----w- c:\documents and settings\Carlos Bonaventura\Local Settings\Application Data\PageRage

2011-01-02 02:44 . 2011-01-02 02:44 -------- d-----w- c:\documents and settings\Carlos Bonaventura\Application Data\Malwarebytes

2011-01-02 02:43 . 2011-01-02 02:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-01-02 02:43 . 2011-01-03 09:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-01-02 02:07 . 2011-01-02 02:07 1152 ----a-w- c:\windows\system32\windrv.sys

2011-01-02 01:54 . 2011-01-02 04:24 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData

2011-01-02 01:53 . 2011-01-02 02:06 -------- d-----w- c:\documents and settings\Carlos Bonaventura\Application Data\GetRightToGo

2011-01-02 00:41 . 2011-01-03 06:47 -------- d-----w- c:\documents and settings\Administrator

2011-01-01 23:27 . 2008-04-14 12:00 23040 ----a-w- c:\windows\system32\psapi.dll

2011-01-01 23:02 . 2011-01-01 23:02 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Conduit

2011-01-01 23:01 . 2011-01-01 23:01 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE

2011-01-01 23:01 . 2011-01-01 23:01 -------- d-----w- c:\documents and settings\LocalService\Application Data\Windows Search

2011-01-01 23:01 . 2011-01-01 23:01 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\PageRage

2010-12-26 04:54 . 2010-12-26 04:54 217 ----a-w- c:\documents and settings\Carlos Bonaventura\Application Data\Microsoft\gb_329843.bat

2010-12-21 15:39 . 2011-01-04 23:28 -------- d-----w- c:\documents and settings\All Users\Application Data\boost_interprocess

2010-12-21 15:34 . 2010-12-21 15:34 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Conduit

2010-12-21 15:34 . 2010-12-21 15:34 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE

2010-12-21 15:33 . 2010-12-21 15:33 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Windows Search

2010-12-21 15:33 . 2010-12-21 15:35 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PageRage

2010-12-21 15:32 . 2011-01-03 08:31 -------- d-----w- c:\windows\system32\%APPDATA%

2010-12-21 00:32 . 2010-12-21 00:32 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

2010-12-17 18:06 . 2010-12-17 18:06 -------- d-----w- c:\documents and settings\Carlos Bonaventura\Local Settings\Application Data\Temp

2010-12-17 18:05 . 2010-12-17 18:05 -------- d-----w- c:\program files\Yontoo Layers Client

2010-12-17 18:05 . 2010-12-17 18:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Tarma Installer

2010-12-15 13:35 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys

2010-12-15 13:34 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-11-18 18:12 . 2008-04-26 01:44 81920 ----a-w- c:\windows\system32\isign32.dll

2010-11-06 00:26 . 2008-04-25 20:33 916480 ----a-w- c:\windows\system32\wininet.dll

2010-11-06 00:26 . 2008-04-25 20:33 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-11-06 00:26 . 2008-04-25 20:33 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2010-11-03 12:25 . 2008-04-25 20:33 385024 ----a-w- c:\windows\system32\html.iec

2010-11-02 15:17 . 2008-04-25 20:33 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys

2010-10-28 13:13 . 2008-04-25 20:33 290048 ----a-w- c:\windows\system32\atmfd.dll

2010-10-26 13:27 . 2008-04-25 20:33 1862272 ----a-w- c:\windows\system32\win32k.sys

.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

---- Directory of c:\windows\system32\%APPDATA% ----

((((((((((((((((((((((((((((( SnapShot@2011-01-04_23.31.32 )))))))))))))))))))))))))))))))))))))))))

.

+ 2007-09-11 17:21 . 2007-09-11 17:21 86016 c:\windows\twain_32\MP480 series\RSTCOL.DLL

+ 2008-02-12 18:42 . 2008-02-12 18:42 90112 c:\windows\twain_32\MP480 series\MC2Plus.dll

+ 2008-04-17 16:20 . 2008-04-17 16:20 94208 c:\windows\twain_32\MP480 series\JPRCV.dll

+ 2010-10-05 17:26 . 2010-10-05 17:26 38362 c:\windows\twain_32\MP480 series\IPM.DAT

+ 2007-12-06 16:46 . 2007-12-06 16:46 73728 c:\windows\twain_32\MP480 series\IJFSHLIB.DLL

+ 2007-11-09 11:48 . 2007-11-09 11:48 53248 c:\windows\twain_32\MP480 series\HSL.DLL

+ 2008-02-12 18:42 . 2008-02-12 18:42 73728 c:\windows\twain_32\MP480 series\DDT.dll

+ 2008-04-03 17:36 . 2008-04-03 17:36 30720 c:\windows\twain_32\MP480 series\CNC480.DAT

+ 2007-11-05 23:14 . 2007-11-05 23:14 14848 c:\windows\twain_32\MP480 series\caddisnt.dll

+ 2005-04-15 18:34 . 2005-04-15 18:34 57344 c:\windows\twain_32\MP480 series\BaLCo.dll

+ 2011-01-05 03:35 . 2011-01-05 03:35 16384 c:\windows\Temp\Perflib_Perfdata_2d8.dat

+ 2011-01-05 00:02 . 2008-04-01 08:00 11264 c:\windows\system32\spool\drivers\w32x86\canonmp480_seriesfb65\CNMW39F.DLL

+ 2011-01-05 00:02 . 2008-03-31 11:36 51024 c:\windows\system32\spool\drivers\w32x86\canonmp480_seriesfb65\CNMVS9F.EXE

+ 2011-01-05 00:02 . 2008-04-01 08:00 13824 c:\windows\system32\spool\drivers\w32x86\canonmp480_seriesfb65\CNMVS9F.DLL

+ 2011-01-05 00:02 . 2008-04-01 08:00 77312 c:\windows\system32\spool\drivers\w32x86\canonmp480_seriesfb65\CNMSR9F.DLL

+ 2011-01-05 00:02 . 2008-04-01 08:00 44032 c:\windows\system32\spool\drivers\w32x86\canonmp480_seriesfb65\CNMSQ9F.DLL

+ 2011-01-05 00:02 . 2008-03-31 11:36 18768 c:\windows\system32\spool\drivers\w32x86\canonmp480_seriesfb65\CNMSE9F.EXE

+ 2011-01-05 00:02 . 2008-04-01 08:00 47616 c:\windows\system32\spool\drivers\w32x86\canonmp480_seriesfb65\CNMSD9F.DLL

+ 2011-01-05 00:02 . 2008-04-01 08:00 12288 c:\windows\system32\spool\drivers\w32x86\canonmp480_seriesfb65\CNMPI9F.DLL

+ 2011-01-05 00:02 . 2008-04-01 03:00 30320 c:\windows\system32\spool\drivers\w32x86\canonmp480_seriesfb65\CNMP29F.DAT

+ 2011-01-05 00:02 . 2008-04-01 03:00 27140 c:\windows\system32\spool\drivers\w32x86\canonmp480_seriesfb65\CNMP19F.DAT

+ 2011-01-05 00:02 . 2008-04-01 03:00 23280 c:\windows\system32\spool\drivers\w32x86\canonmp480_seriesfb65\CNMP09F.DAT

+ 2011-01-05 00:02 . 2008-04-01 08:00 27136 c:\windows\system32\spool\drivers\w32x86\canonmp480_seriesfb65\CNMOP9F.DLL

+ 2011-01-05 00:02 . 2008-04-01 08:00 59904 c:\windows\system32\spool\drivers\w32x86\canonmp480_seriesfb65\CNMLH9F.DLL

+ 2011-01-05 00:02 . 2008-04-01 08:00 10240 c:\windows\system32\spool\drivers\w32x86\canonmp480_seriesfb65\CNMFU9F.DLL

+ 2011-01-05 00:02 . 2008-04-01 08:00 29184 c:\windows\system32\spool\drivers\w32x86\canonmp480_seriesfb65\CNMEI9F.DLL

+ 2011-01-05 00:02 . 2008-04-01 08:00 95232 c:\windows\system32\spool\drivers\w32x86\canonmp480_seriesfb65\CNMCP9F.DLL

+ 2011-01-05 00:02 . 2008-04-01 08:00 11264 c:\windows\system32\spool\drivers\w32x86\canonmp480_seriesfb65\CNMBU9F.DLL

+ 2011-01-05 00:02 . 2008-04-01 08:00 33280 c:\windows\system32\spool\drivers\w32x86\canonmp480_seriesfb65\CNMBS9F.DLL

+ 2011-01-05 00:02 . 2008-04-01 08:00 11264 c:\windows\system32\spool\drivers\w32x86\canonmp480_seriesfb65\CNMBM9F.DLL

+ 2011-01-05 00:02 . 2008-04-01 08:00 11264 c:\windows\system32\spool\drivers\w32x86\3\CNMW39F.DLL

+ 2011-01-05 00:02 . 2008-03-31 11:36 51024 c:\windows\system32\spool\drivers\w32x86\3\CNMVS9F.EXE

+ 2011-01-05 00:02 . 2008-04-01 08:00 13824 c:\windows\system32\spool\drivers\w32x86\3\CNMVS9F.DLL

+ 2011-01-05 00:02 . 2008-04-01 08:00 77312 c:\windows\system32\spool\drivers\w32x86\3\CNMSR9F.DLL

+ 2011-01-05 00:02 . 2008-04-01 08:00 44032 c:\windows\system32\spool\drivers\w32x86\3\CNMSQ9F.DLL

+ 2011-01-05 00:02 . 2008-03-31 11:36 18768 c:\windows\system32\spool\drivers\w32x86\3\CNMSE9F.EXE

+ 2011-01-05 00:02 . 2008-04-01 08:00 47616 c:\windows\system32\spool\drivers\w32x86\3\CNMSD9F.DLL

+ 2011-01-05 00:02 . 2008-04-01 08:00 12288 c:\windows\system32\spool\drivers\w32x86\3\CNMPI9F.DLL

+ 2011-01-05 00:02 . 2008-04-01 03:00 30320 c:\windows\system32\spool\drivers\w32x86\3\CNMP29F.DAT

+ 2011-01-05 00:02 . 2008-04-01 03:00 27140 c:\windows\system32\spool\drivers\w32x86\3\CNMP19F.DAT

+ 2011-01-05 00:02 . 2008-04-01 03:00 23280 c:\windows\system32\spool\drivers\w32x86\3\CNMP09F.DAT

+ 2011-01-05 00:02 . 2008-04-01 08:00 27136 c:\windows\system32\spool\drivers\w32x86\3\CNMOP9F.DLL

+ 2011-01-05 00:02 . 2008-04-01 08:00 59904 c:\windows\system32\spool\drivers\w32x86\3\CNMLH9F.DLL

+ 2011-01-05 00:02 . 2008-04-01 08:00 10240 c:\windows\system32\spool\drivers\w32x86\3\CNMFU9F.DLL

+ 2011-01-05 00:02 . 2008-04-01 08:00 29184 c:\windows\system32\spool\drivers\w32x86\3\CNMEI9F.DLL

+ 2011-01-05 00:02 . 2008-04-01 08:00 95232 c:\windows\system32\spool\drivers\w32x86\3\CNMCP9F.DLL

+ 2011-01-05 00:02 . 2008-04-01 08:00 11264 c:\windows\system32\spool\drivers\w32x86\3\CNMBU9F.DLL

+ 2011-01-05 00:02 . 2008-04-01 08:00 33280 c:\windows\system32\spool\drivers\w32x86\3\CNMBS9F.DLL

+ 2011-01-05 00:02 . 2008-04-01 08:00 11264 c:\windows\system32\spool\drivers\w32x86\3\CNMBM9F.DLL

+ 2009-12-11 16:18 . 2009-12-11 16:18 98304 c:\windows\system32\CNC480I.DLL

+ 2009-09-24 05:41 . 2009-05-11 21:11 24576 c:\windows\OA012Mon.exe

+ 2007-11-27 13:18 . 2007-11-27 13:18 4608 c:\windows\twain_32\MP480 series\USDRESUS.DLL

+ 2008-04-22 17:28 . 2008-04-22 17:28 4096 c:\windows\twain_32\MP480 series\USDRESTW.DLL

+ 2008-04-22 17:28 . 2008-04-22 17:28 4608 c:\windows\twain_32\MP480 series\USDRESTR.DLL

+ 2008-04-22 17:28 . 2008-04-22 17:28 4608 c:\windows\twain_32\MP480 series\USDRESTH.DLL

+ 2008-04-22 17:28 . 2008-04-22 17:28 4608 c:\windows\twain_32\MP480 series\USDRESSE.DLL

+ 2008-04-22 17:28 . 2008-04-22 17:28 5120 c:\windows\twain_32\MP480 series\USDRESRU.DLL

+ 2008-04-22 17:28 . 2008-04-22 17:28 4608 c:\windows\twain_32\MP480 series\USDRESPT.DLL

+ 2008-04-22 17:28 . 2008-04-22 17:28 4608 c:\windows\twain_32\MP480 series\USDRESPL.DLL

+ 2008-04-22 17:28 . 2008-04-22 17:28 4608 c:\windows\twain_32\MP480 series\USDRESNO.DLL

+ 2008-04-22 17:28 . 2008-04-22 17:28 4608 c:\windows\twain_32\MP480 series\USDRESNL.DLL

+ 2008-04-22 17:28 . 2008-04-22 17:28 4096 c:\windows\twain_32\MP480 series\USDRESKR.DLL

+ 2007-11-27 13:18 . 2007-11-27 13:18 4096 c:\windows\twain_32\MP480 series\USDRESJP.DLL

+ 2008-04-22 17:28 . 2008-04-22 17:28 4608 c:\windows\twain_32\MP480 series\USDRESIT.DLL

+ 2008-04-22 17:28 . 2008-04-22 17:28 4608 c:\windows\twain_32\MP480 series\USDRESID.DLL

+ 2008-04-22 17:28 . 2008-04-22 17:28 4608 c:\windows\twain_32\MP480 series\USDRESHU.DLL

+ 2008-04-22 17:28 . 2008-04-22 17:28 4608 c:\windows\twain_32\MP480 series\USDRESGR.DLL

+ 2008-04-22 17:28 . 2008-04-22 17:28 5120 c:\windows\twain_32\MP480 series\USDRESFR.DLL

+ 2008-04-22 17:28 . 2008-04-22 17:28 5120 c:\windows\twain_32\MP480 series\USDRESFI.DLL

+ 2008-04-22 17:28 . 2008-04-22 17:28 5120 c:\windows\twain_32\MP480 series\USDRESES.DLL

+ 2008-04-22 17:28 . 2008-04-22 17:28 4608 c:\windows\twain_32\MP480 series\USDRESDK.DLL

+ 2008-04-22 17:28 . 2008-04-22 17:28 4608 c:\windows\twain_32\MP480 series\USDRESDE.DLL

+ 2008-04-22 17:28 . 2008-04-22 17:28 4608 c:\windows\twain_32\MP480 series\USDRESCZ.DLL

+ 2008-04-22 17:28 . 2008-04-22 17:28 4096 c:\windows\twain_32\MP480 series\USDRESCN.DLL

+ 2008-04-22 17:28 . 2008-04-22 17:28 4608 c:\windows\twain_32\MP480 series\USDRESAR.DLL

+ 2011-01-05 00:02 . 2008-04-01 08:00 9216 c:\windows\system32\spool\drivers\w32x86\canonmp480_seriesfb65\CNML29F.DLL

+ 2011-01-05 00:02 . 2008-04-01 08:00 9216 c:\windows\system32\spool\drivers\w32x86\3\CNML29F.DLL

+ 2007-12-18 22:20 . 2007-12-18 22:20 221184 c:\windows\twain_32\MP480 series\USIP.DLL

+ 2009-12-08 14:46 . 2009-12-08 14:46 532480 c:\windows\twain_32\MP480 series\TPM.DLL

+ 2007-12-03 20:33 . 2007-12-03 20:33 102400 c:\windows\twain_32\MP480 series\softfare.dll

+ 2007-07-02 14:04 . 2007-07-02 14:04 114688 c:\windows\twain_32\MP480 series\SCRPRMVL.DLL

+ 2005-02-02 21:34 . 2005-02-02 21:34 118784 c:\windows\twain_32\MP480 series\SCRPRMV.DLL

+ 2009-12-08 14:46 . 2009-12-08 14:46 151552 c:\windows\twain_32\MP480 series\SCANINTF.DLL

+ 2008-01-23 19:45 . 2008-01-23 19:45 454656 c:\windows\twain_32\MP480 series\RACSLIB.dll

+ 2008-01-24 13:33 . 2008-01-24 13:33 139264 c:\windows\twain_32\MP480 series\MC2.DLL

+ 2004-06-07 15:58 . 2004-06-07 15:58 290816 c:\windows\twain_32\MP480 series\libBLC.dll

+ 2009-12-08 14:47 . 2009-12-08 14:47 151552 c:\windows\twain_32\MP480 series\IPM.DLL

+ 2009-12-08 14:46 . 2009-12-08 14:46 188416 c:\windows\twain_32\MP480 series\IOP.DLL

+ 2008-05-08 18:04 . 2008-05-08 18:04 172032 c:\windows\twain_32\MP480 series\CUBS.DLL

+ 2008-03-06 18:30 . 2008-03-06 18:30 148200 c:\windows\twain_32\MP480 series\CNC480P.DAT

+ 2005-08-24 18:51 . 2005-08-24 18:51 126976 c:\windows\twain_32\MP480 series\CFine2.dll

+ 2008-03-19 19:36 . 2008-03-19 19:36 118784 c:\windows\twain_32\MP480 series\CAPS.DLL

+ 2007-10-24 16:36 . 2007-10-24 16:36 118784 c:\windows\twain_32\MP480 series\AG.DLL

+ 2011-01-05 00:02 . 2008-04-01 08:00 393216 c:\windows\system32\spool\drivers\w32x86\canonmp480_seriesfb65\CNMUR9F.DLL

+ 2011-01-05 00:02 . 2008-04-01 08:00 308736 c:\windows\system32\spool\drivers\w32x86\canonmp480_seriesfb65\CNMUB9F.DLL

+ 2011-01-05 00:02 . 2008-04-01 08:00 444928 c:\windows\system32\spool\drivers\w32x86\canonmp480_seriesfb65\CNMSM9F.DLL

+ 2011-01-05 00:02 . 2008-04-01 08:00 755712 c:\windows\system32\spool\drivers\w32x86\canonmp480_seriesfb65\CNMSB9F.DLL

+ 2011-01-05 00:02 . 2008-04-01 08:00 102912 c:\windows\system32\spool\drivers\w32x86\canonmp480_seriesfb65\CNMPV9F.DLL

+ 2011-01-05 00:02 . 2008-04-01 08:00 166912 c:\windows\system32\spool\drivers\w32x86\canonmp480_seriesfb65\CNMLR9F.DLL

+ 2011-01-05 00:02 . 2008-04-01 08:00 552448 c:\windows\system32\spool\drivers\w32x86\canonmp480_seriesfb65\CNMDR9F.DLL

+ 2011-01-05 00:02 . 2008-04-01 08:00 243200 c:\windows\system32\spool\drivers\w32x86\canonmp480_seriesfb65\CNMD59F.DLL

+ 2011-01-05 00:02 . 2008-04-01 08:00 393216 c:\windows\system32\spool\drivers\w32x86\3\CNMUR9F.DLL

+ 2011-01-05 00:02 . 2008-04-01 08:00 308736 c:\windows\system32\spool\drivers\w32x86\3\CNMUB9F.DLL

+ 2011-01-05 00:02 . 2008-04-01 08:00 444928 c:\windows\system32\spool\drivers\w32x86\3\CNMSM9F.DLL

+ 2011-01-05 00:02 . 2008-04-01 08:00 755712 c:\windows\system32\spool\drivers\w32x86\3\CNMSB9F.DLL

+ 2011-01-05 00:02 . 2008-04-01 08:00 102912 c:\windows\system32\spool\drivers\w32x86\3\CNMPV9F.DLL

+ 2011-01-05 00:02 . 2008-04-01 08:00 166912 c:\windows\system32\spool\drivers\w32x86\3\CNMLR9F.DLL

+ 2011-01-05 00:02 . 2008-04-01 08:00 552448 c:\windows\system32\spool\drivers\w32x86\3\CNMDR9F.DLL

+ 2011-01-05 00:02 . 2008-04-01 08:00 243200 c:\windows\system32\spool\drivers\w32x86\3\CNMD59F.DLL

+ 2007-03-15 17:12 . 2007-03-15 17:12 188416 c:\windows\system32\CNC480O.DLL

+ 2009-11-30 19:39 . 2009-11-30 19:39 270336 c:\windows\system32\CNC480L.DLL

+ 2009-12-08 14:47 . 2009-12-08 14:47 1232896 c:\windows\twain_32\MP480 series\SGUI.DLL

+ 2009-12-08 14:45 . 2009-12-08 14:45 1912832 c:\windows\twain_32\MP480 series\SGRES_US.DLL

+ 2008-04-22 17:26 . 2008-04-22 17:26 1875968 c:\windows\twain_32\MP480 series\SGRES_TW.DLL

+ 2008-04-22 17:23 . 2008-04-22 17:23 1912832 c:\windows\twain_32\MP480 series\SGRES_TR.DLL

+ 2008-04-22 17:20 . 2008-04-22 17:20 1908736 c:\windows\twain_32\MP480 series\SGRES_TH.DLL

+ 2008-04-22 17:20 . 2008-04-22 17:20 1916928 c:\windows\twain_32\MP480 series\SGRES_SE.DLL

+ 2008-04-22 17:20 . 2008-04-22 17:20 1921024 c:\windows\twain_32\MP480 series\SGRES_RU.DLL

+ 2008-04-22 17:20 . 2008-04-22 17:20 1925120 c:\windows\twain_32\MP480 series\SGRES_PT.DLL

+ 2008-04-22 17:20 . 2008-04-22 17:20 1921024 c:\windows\twain_32\MP480 series\SGRES_PL.DLL

+ 2008-04-22 17:21 . 2008-04-22 17:21 1916928 c:\windows\twain_32\MP480 series\SGRES_NO.DLL

+ 2008-04-22 17:21 . 2008-04-22 17:21 1925120 c:\windows\twain_32\MP480 series\SGRES_NL.DLL

+ 2008-04-22 17:21 . 2008-04-22 17:21 1888256 c:\windows\twain_32\MP480 series\SGRES_KR.DLL

+ 2009-12-08 14:45 . 2009-12-08 14:45 1888256 c:\windows\twain_32\MP480 series\SGRES_JP.DLL

+ 2008-04-22 17:22 . 2008-04-22 17:22 1929216 c:\windows\twain_32\MP480 series\SGRES_IT.DLL

+ 2008-04-22 17:26 . 2008-04-22 17:26 1916928 c:\windows\twain_32\MP480 series\SGRES_ID.DLL

+ 2008-04-22 17:25 . 2008-04-22 17:25 1921024 c:\windows\twain_32\MP480 series\SGRES_HU.DLL

+ 2008-04-22 17:25 . 2008-04-22 17:25 1929216 c:\windows\twain_32\MP480 series\SGRES_GR.DLL

+ 2008-04-22 17:25 . 2008-04-22 17:25 1925120 c:\windows\twain_32\MP480 series\SGRES_FR.DLL

+ 2008-04-22 17:25 . 2008-04-22 17:25 1916928 c:\windows\twain_32\MP480 series\SGRES_FI.DLL

+ 2008-04-22 17:25 . 2008-04-22 17:25 1929216 c:\windows\twain_32\MP480 series\SGRES_ES.DLL

+ 2008-04-22 17:25 . 2008-04-22 17:25 1916928 c:\windows\twain_32\MP480 series\SGRES_DK.DLL

+ 2008-04-22 17:25 . 2008-04-22 17:25 1925120 c:\windows\twain_32\MP480 series\SGRES_DE.DLL

+ 2008-04-22 17:25 . 2008-04-22 17:25 1916928 c:\windows\twain_32\MP480 series\SGRES_CZ.DLL

+ 2008-04-22 17:25 . 2008-04-22 17:25 1875968 c:\windows\twain_32\MP480 series\SGRES_CN.DLL

+ 2008-04-22 17:26 . 2008-04-22 17:26 1912832 c:\windows\twain_32\MP480 series\SGRES_AR.DLL

+ 2008-04-03 17:53 . 2008-04-03 17:53 1159168 c:\windows\twain_32\MP480 series\SGCFLTR.DLL

+ 2008-01-08 13:58 . 2008-01-08 13:58 2102320 c:\windows\twain_32\MP480 series\CNC480R.DAT

+ 2011-01-05 00:02 . 2008-04-01 08:00 2626560 c:\windows\system32\spool\drivers\w32x86\canonmp480_seriesfb65\CNMUI9F.DLL

+ 2011-01-05 00:02 . 2008-04-01 08:00 1599488 c:\windows\system32\spool\drivers\w32x86\canonmp480_seriesfb65\CNMCB9F.DLL

+ 2011-01-05 00:02 . 2008-04-01 08:00 2626560 c:\windows\system32\spool\drivers\w32x86\3\CNMUI9F.DLL

+ 2011-01-05 00:02 . 2008-04-01 08:00 1599488 c:\windows\system32\spool\drivers\w32x86\3\CNMCB9F.DLL

+ 2009-12-11 16:18 . 2009-12-11 16:18 1335296 c:\windows\system32\CNC480C.DLL

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE" [2009-03-15 17529856]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-15 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-15 166424]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-15 137752]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2009-01-06 2289664]

"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\

IconPackager.lnk - c:\program files\Stardock\MyColors\IconPackager.exe [2009-6-16 1385848]

Nickelodeon RSS.lnk - c:\program files\Stardock\DesktopGadgets\Nickelodeon RSS\Nickelodeon RSS.exe [2009-9-23 884016]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Stardock MyColors.lnk - c:\program files\Stardock\MyColors\SDDelayedLaunch.exe [2009-6-24 10440]

c:\documents and settings\Default User\Start Menu\Programs\Startup\

IconPackager.lnk - c:\program files\Stardock\MyColors\IconPackager.exe [2009-6-16 1385848]

Nickelodeon RSS.lnk - c:\program files\Stardock\DesktopGadgets\Nickelodeon RSS\Nickelodeon RSS.exe [2009-9-23 884016]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]

2009-06-09 14:55 30000 ----a-w- c:\program files\Stardock\MyColors\fastload.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Dell Video Chat\\DellVideoChat.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"443:TCP"= 443:TCP:*:Disabled:ooVoo TCP port 443

"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443

"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674

"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674

"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675

"21:TCP"= 21:TCP:internet2

R0 EMSC;COMPAL Embedded System Control;c:\windows\system32\drivers\EMSC.sys [9/23/2009 3:10 PM 14248]

R2 NvtlService;NovaCore SDK Service;c:\program files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [8/24/2009 6:52 PM 82432]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [9/23/2009 3:19 PM 143840]

R3 OA012Afx;Provides a software interface to control audio effects of OA012 camera.;c:\windows\system32\drivers\OA012Afx.sys [9/23/2009 5:41 PM 135168]

R3 OA012Ufd;Creative Camera OA012 Upper Filter Driver;c:\windows\system32\drivers\OA012Ufd.sys [9/23/2009 5:41 PM 133632]

R3 OA012Vid;Creative Camera OA012 Function Driver;c:\windows\system32\drivers\OA012Vid.sys [9/23/2009 5:41 PM 272032]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [9/23/2009 5:41 PM 162816]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [9/23/2009 5:40 PM 1684736]

S3 CFcatchme;CFcatchme;\??\c:\docume~1\CARLOS~1\LOCALS~1\Temp\CFcatchme.sys --> c:\docume~1\CARLOS~1\LOCALS~1\Temp\CFcatchme.sys [?]

S3 NWVMModem;Virgin Mobile USB Modem Driver;c:\windows\system32\drivers\nwvmmdm.sys [5/15/2009 2:34 PM 174720]

S3 NWVMPort;Virgin Mobile USB Status Port Driver;c:\windows\system32\drivers\nwvmser.sys [5/15/2009 2:34 PM 174720]

S3 NWVMPort2;Virgin Mobile USB Status2 Port Driver;c:\windows\system32\drivers\nwvmser2.sys [5/15/2009 2:34 PM 174720]

S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [1/3/2011 10:25 AM 27064]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

.

- - - - ORPHANS REMOVED - - - -

HKCU-Run-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr .exe

HKCU-Run-Google Updater - c:\documents and settings\Carlos Bonaventura\Application Data\GoogleUpdater.exe.exe

HKLM-Run-Google Updater - c:\documents and settings\Carlos Bonaventura\Application Data\GoogleUpdater.exe.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-01-04 15:35

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,75,7c,89,9c,90,29,83,4e,bd,0a,a2,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,75,7c,89,9c,90,29,83,4e,bd,0a,a2,\

[HKEY_USERS\.Default\Software\SetId\Internal]

@Denied: (A 2) (LocalSystem)

"DATA2"="<settings accountStatus=\"3\" oldDevice=\"\" timeDiff=\"39926\" expireTime=\"1296575510\" productStatus=\"1\" obSize=\"0\" InstallIS=\"1289332796\" isSubsc=\"0\" authStat_is=\"0\" version=\"14.1\" keyType=\"195\" prodId=\"2\" moduleId1=\"8\" moduleId2=\"0\" relType=\"1\" />\0a"

[HKEY_USERS\S-1-5-21-568999965-2687617262-1816714951-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]

@Denied: (Full) (LocalSystem)

@SACL=

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(856)

c:\program files\Stardock\MyColors\fastload.dll

c:\windows\System32\BCMLogon.dll

- - - - - - - > 'explorer.exe'(252)

c:\windows\system32\WININET.dll

c:\program files\Windows Desktop Search\deskbar.dll

c:\program files\Windows Desktop Search\en-us\dbres.dll.mui

c:\program files\Windows Desktop Search\dbres.dll

c:\program files\Windows Desktop Search\wordwheel.dll

c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui

c:\program files\Windows Desktop Search\msnlExtRes.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\System32\WLTRYSVC.EXE

c:\windows\System32\bcmwltry.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files\Dell Support Center\bin\sprtsvc.exe

c:\windows\system32\wdfmgr.exe

c:\windows\system32\SearchIndexer.exe

c:\windows\system32\wscntfy.exe

c:\windows\RTHDCPL.EXE

c:\windows\system32\igfxsrvc.exe

c:\windows\system32\SearchProtocolHost.exe

c:\windows\system32\SearchFilterHost.exe

.

**************************************************************************

.

Completion time: 2011-01-04 15:39:29 - machine was rebooted

ComboFix-quarantined-files.txt 2011-01-05 03:39

ComboFix2.txt 2011-01-04 23:34

Pre-Run: 148,843,839,488 bytes free

Post-Run: 148,837,904,384 bytes free

- - End Of File - - 3A69E3ADCBE1958261F1B8CBB5F6CFC2

Link to post
Share on other sites

Please locate and manually delete the following folder:

c:\windows\system32\%APPDATA%

Then:

  1. Please visit this website: Submit Malware Sample
  2. Against the inscription: "Link to topic where this file was requested:", insert links pointing to this topic in our forum.
  3. Against the inscription: "Browse to the file you want to submit:", click on the Choose... button.
  4. Navigate to the following file: C:\Qoobox\Quarantine\[8]-Submit_date_time.zip (date_time will be replaced with the date and time when this file was created)
  5. Against the inscription: "Leave any comments, further information about this file, or contact information:" should be written as follows:
    Sent at the request of Borislav.
  6. Once you're ready, click the Send File button.

Let me know how are things.

Link to post
Share on other sites

Very good! :)

  • Launch Malwarebytes' Anti-Malware
  • Go to "Update" tab and select "Check for Updates". If an update is found, it will download and install the latest version.
  • Go to "Scanner" tab and select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 5465

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

1/5/2011 2:13:58 PM

mbam-log-2011-01-05 (14-13-58).txt

Scan type: Full scan (C:\|)

Objects scanned: 185493

Time elapsed: 16 minute(s), 42 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MKWPzz/OWS\TEMP\3505034654.exe (Trojan.Downloader.Gen) -> Value: 3505034654.exe -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Nice jobb! :)

Last steps:

Step 1

  1. Go to Start => Run... and copy & paste next command in the field:
    ComboFix /uninstall


  2. Then hit Enter button.

This procedure will do the following:

  • Uninstall ComboFix
  • Delete its related folders and files
  • Reset your clock settings
  • Hide file extensions
  • Hide the system/hidden files
  • Resets System Restore again

P.S.: Make sure there's a space between ComboFix and /uninstall

Step 2

Please manually delete TDSSKiller, DDS and GMER.

Step 3

Keep your software up-to-date:

www.bleepingcomputer.com/tutorials/tutorial174.html

Some malware preventions:

http://forums.malwarebytes.org/index.php?showtopic=9365

Safe surfing! ;)

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.