dslreports logo
site
    All Forums Hot Topics Gallery
spc
Search Topic:
uniqs
3228
share rss forum feed

GreenLeoCat

join:2008-03-13

[Trojan] Possible Trojan/bot?

I'm not really sure exactly what happened since I was not using this computer when the issues arose. I do understand that a false "virus scanner" started running. I also received an email from my internet provider stating that my computer had a bot.

I had to run the Malwarebytes twice because it crashed the first time while trying to remove the 9 found items.

ESET would complete the scan but then restart at the end, so I switched to bitDefender..

Below is the info requested... some of the steps were performed out of order because when I ESET made my computer reboot I lost the logs. OTL did not produce a second document titled "extras.txt".

As always thank you guys so much for helping with this.

Let me know if you need any additional information!

_____
Malwarebytes' Anti-Malware 1.43
Database version: 3458
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

2/10/2010 8:52:10 PM
mbam-log-2010-02-10 (20-52-10).txt

Scan type: Quick Scan
Objects scanned: 128212
Time elapsed: 4 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

_____

OTL logfile created on: 12/15/2011 9:55:37 PM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Administrator\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 1.39 Gb Available Physical Memory | 73.98% Memory free
3.04 Gb Paging File | 2.74 Gb Available in Paging File | 89.94% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 141.97 Gb Total Space | 2.97 Gb Free Space | 2.09% Space Free | Partition Type: NTFS
Drive D: | 7.05 Gb Total Space | 1.63 Gb Free Space | 23.11% Space Free | Partition Type: FAT32
Drive L: | 488.84 Mb Total Space | 74.67 Mb Free Space | 15.28% Space Free | Partition Type: FAT

Computer Name: YOUR-F78BF48CE2 | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2011/12/15 21:55:27 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\Downloads\OTL(1).exe
PRC - [2011/11/11 20:48:29 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/08/31 17:00:48 | 001,047,208 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2011/11/23 02:08:06 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/11/11 20:48:27 | 001,989,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll

[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/04/08 10:17:40 | 000,176,848 | ---- | M] (iWin Inc.) [Auto | Stopped] -- C:\Program Files\iWin Games\iWinTrusted.exe -- (iWinTrusted)
SRV - [2010/11/11 13:57:04 | 000,268,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV - [2010/11/11 13:57:02 | 000,444,656 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2010/11/11 13:55:56 | 006,351,600 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2010/11/11 13:55:56 | 000,057,072 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- c:\Program Files\Zune\ZuneBusEnum.exe -- (ZuneBusEnum)
SRV - [2010/04/29 11:30:44 | 000,091,456 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe -- (MotoConnect Service)
SRV - [2010/03/27 20:53:44 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/10/09 04:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
SRV - [2009/07/15 11:13:04 | 000,112,936 | ---- | M] (Wacom Technology, Corp.) [Auto | Stopped] -- C:\Program Files\WTouch\WTouchService.exe -- (WTouchService)
SRV - [2009/07/15 11:13:02 | 004,408,616 | ---- | M] (Wacom Technology, Corp.) [Auto | Stopped] -- C:\WINDOWS\system32\Pen_Tablet.exe -- (TabletServicePen)
SRV - [2004/11/03 01:59:50 | 000,316,544 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe -- (SymWSC)
SRV - [2004/09/29 21:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2011/12/15 21:52:10 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/01/25 19:56:44 | 000,009,472 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motusbdevice.sys -- (motusbdevice)
DRV - [2009/11/06 16:11:02 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/05/20 14:54:06 | 000,013,736 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2009/01/30 16:29:50 | 000,015,656 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV - [2008/02/19 22:35:00 | 001,516,672 | R--- | M] (C-Media Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cmudax3.sys -- (cmuda3)
DRV - [2007/02/16 14:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2007/02/15 19:11:28 | 000,011,440 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WacomVKHid.sys -- (WacomVKHid)
DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2005/04/12 11:42:16 | 000,011,904 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2005/04/12 11:08:44 | 000,247,296 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2005/03/09 16:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005/01/19 19:21:56 | 000,012,416 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PcdrNdisuio.sys -- (PcdrNdisuio)
DRV - [2004/10/01 12:24:02 | 002,279,424 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/08/03 23:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/06/29 12:07:18 | 001,268,204 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2003/12/02 20:23:20 | 000,142,336 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\fasttx2k.sys -- (fasttx2k)
DRV - [2003/07/11 17:28:56 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
DRV - [2001/06/04 08:00:00 | 000,014,112 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2001/04/09 08:45:00 | 000,008,138 | ---- | M] (Wacom Technology Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PenClass.sys -- (PenClass)

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]

[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=desktop&parm1=seconduser
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop&parm1=seconduser
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop&parm1=seconduser
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop&parm1=seconduser
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=desktop&parm1=seconduser
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2027: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2088: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1040: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{98e34367-8df7-42b4-837b-20b892ff0849}: C:\Program Files\iWin Games\firefox\ [2011/06/24 00:14:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/11 20:48:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/11 02:15:07 | 000,000,000 | ---D | M]

[2010/01/03 03:51:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2011/12/15 21:49:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lu7lu8v4.default\extensions
[2010/02/10 20:46:29 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lu7lu8v4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/12/15 21:49:09 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lu7lu8v4.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2011/11/11 20:48:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/10/30 01:27:49 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/11/11 20:48:29 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/02/02 20:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/05/11 12:01:43 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/11 20:48:29 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

Hosts file not found
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AOLSearchHook Class) - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll (America Online, Inc.)
O2 - BHO: (IEHlprObj Class) - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\Program Files\iWin Games\iWinGamesHookIE.dll (iWin Inc.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\ShellBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\WebBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [CmPCIaudio] RunDll32 CMICNFG3.cpl,CMICtrlWnd File not found
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SiSPower] C:\WINDOWS\System32\SiSPower.dll (Silicon Integrated Systems Corporation)
O4 - HKLM..\Run: [SSC_UserPrompt] c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe (Symantec Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Zune Launcher] c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe (Wacom Technology, Corp.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe (Hewlett-Packard)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Google Search - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Backward Links - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Cached Snapshot of Page - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Similar Pages - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Translate into English - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - mswsock.dll File not found
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1262506654546 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.68.166 68.87.74.166
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B9F78B8B-E324-441F-8912-CC9381B73000}: DhcpNameServer = 68.87.68.166 68.87.74.166
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\welcome.htm
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\welcome.htm
O28 - HKLM ShellExecuteHooks: {FA010552-4A27-4cb1-A1BB-3E2D697F1639} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/07/13 12:00:32 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 20:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 12:01:14 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 20:01:14 | 000,000,053 | -HS- | M] () - D:\AUTORUN.FCB -- [ FAT32 ]
O32 - AutoRun File - [2007/06/07 00:24:40 | 000,000,090 | ---- | M] () - L:\AUTORUN.INF -- [ FAT ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2011/12/15 21:52:10 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/12/15 21:49:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\QuickScan
[2011/12/15 07:43:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/12/15 04:58:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/12/15 04:58:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/11/23 02:08:07 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2011/12/15 21:52:10 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/12/15 21:46:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/15 21:37:42 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/15 05:06:36 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/15 04:39:25 | 000,000,185 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2011/12/15 04:37:50 | 000,016,374 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\071633p1j612x862q517x5krx0j0
[2011/12/11 03:18:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\File Helper.job
[2011/11/23 02:08:07 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2011/12/15 04:29:45 | 000,016,374 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\071633p1j612x862q517x5krx0j0
[2010/03/27 02:17:46 | 000,526,848 | ---- | C] () -- C:\WINDOWS\System32\hpgtg400.dll
[2010/02/11 07:21:43 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/12/19 21:04:12 | 000,018,587 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/11/05 23:44:16 | 000,000,066 | ---- | C] () -- C:\WINDOWS\Cmicnfg3.ini.cfl
[2009/11/05 23:43:56 | 000,001,480 | R--- | C] () -- C:\WINDOWS\Cmicnfg3.ini.cfg
[2009/11/05 23:43:46 | 000,002,267 | R--- | C] () -- C:\WINDOWS\cmudax3.ini
[2009/11/05 04:12:01 | 000,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/11/05 04:12:01 | 000,421,888 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2009/11/05 04:12:01 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/11/05 04:12:01 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\libfaac.dll
[2009/11/05 04:12:00 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2009/11/05 02:56:29 | 000,000,337 | ---- | C] () -- C:\WINDOWS\System32\tablet.dat
[2009/11/05 02:42:37 | 000,079,020 | ---- | C] () -- C:\WINDOWS\hpfins05.dat
[2009/11/05 02:42:37 | 000,001,395 | ---- | C] () -- C:\WINDOWS\hpfmdl05.dat
[2009/11/01 07:38:40 | 000,000,110 | ---- | C] () -- C:\WINDOWS\GMouse.ini
[2009/10/30 02:45:09 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2009/10/30 02:45:09 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2009/10/30 02:45:05 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2009/10/30 02:45:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2009/10/30 02:44:54 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2009/10/30 02:44:24 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2009/10/30 02:44:23 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2009/10/30 02:41:59 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2009/10/30 02:41:30 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2009/10/30 01:52:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/07/13 12:02:30 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/07/13 11:59:46 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/07/13 11:59:46 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/07/13 11:59:46 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/07/13 11:59:45 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/07/13 11:59:45 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/07/13 11:59:45 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/07/13 11:32:42 | 000,118,784 | R--- | C] () -- C:\WINDOWS\bwUnin-6.3.2.62.exe
[2005/07/13 11:31:32 | 000,014,554 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2005/07/13 11:31:26 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2005/07/13 11:31:05 | 000,002,154 | ---- | C] () -- C:\WINDOWS\System32\ssmute.ini
[2005/07/13 11:28:13 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/07/13 11:15:18 | 000,047,832 | ---- | C] () -- C:\WINDOWS\hpiins01.dat
[2005/07/13 11:15:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpimdl01.dat
[2005/07/13 11:13:55 | 000,094,364 | ---- | C] () -- C:\WINDOWS\HPHins03.dat
[2005/07/13 11:13:55 | 000,002,655 | ---- | C] () -- C:\WINDOWS\hphmdl03.dat
[2005/07/13 11:11:56 | 000,069,000 | ---- | C] () -- C:\WINDOWS\hpoins05.dat
[2005/07/13 11:11:56 | 000,019,696 | ---- | C] () -- C:\WINDOWS\hpomdl05.dat
[2005/07/13 11:08:20 | 000,050,500 | ---- | C] () -- C:\WINDOWS\hpdins05.dat
[2005/07/13 11:08:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpdmdl01.dat
[2005/07/13 11:06:58 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/07/13 11:04:14 | 000,001,040 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat
[2005/07/13 11:00:41 | 000,094,143 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2005/07/13 11:00:41 | 000,083,779 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini
[2005/07/13 11:00:39 | 000,032,768 | ---- | C] () -- C:\WINDOWS\InstFunc.exe
[2005/07/13 11:00:33 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis760.bin
[2005/07/13 11:00:33 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis741.bin
[2005/07/13 11:00:33 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis660.bin
[2005/07/13 10:51:03 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/07/13 10:49:12 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2005/07/13 10:49:12 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2005/07/13 10:48:53 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2005/04/27 13:38:00 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\hpzidi01.dll
[2005/04/27 13:37:49 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2005/02/18 12:56:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/01/28 04:12:02 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/01/26 23:58:08 | 000,443,232 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/01/26 23:58:08 | 000,072,372 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/01/26 23:56:22 | 000,212,880 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/01/26 23:53:16 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/01/26 23:51:30 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/01/20 00:45:40 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2005/01/20 00:45:40 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2004/08/04 13:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/06/15 23:38:00 | 000,000,560 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/06/07 13:32:52 | 000,009,505 | ---- | C] () -- C:\WINDOWS\System32\hphmon06.dat
[2003/04/11 00:04:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2003/01/08 00:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

[color=#E56717]========== LOP Check ==========[/color]

[2005/07/13 11:48:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InterMute
[2011/12/15 21:49:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\QuickScan
[2005/07/13 11:43:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SampleView
[2009/12/13 02:53:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2009/11/06 16:12:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010/03/27 21:10:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2010/04/17 00:04:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2010/11/26 02:34:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HipSoft
[2010/04/05 02:01:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Iwin
[2010/04/03 21:30:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin Games
[2009/11/06 00:42:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Last.fm
[2011/07/28 03:39:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/12/11 03:18:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\File Helper.job

[color=#E56717]========== Purity Check ==========[/color]

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 170 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:97C84299
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:803A486C
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3D0C4F47
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:38337420
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EF258AD5
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E6A94ABF
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:969736FD
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E7B2BEDB

_____

Results of screen317's Security Check version 0.99.28
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
[u]Antivirus/Firewall Check:[/u]

[color=red]Windows Security Center service is not running! This report may not be accurate![/color]
McAfee Security Scan Plus
```````````````````````````````
[u]Anti-malware/Other Utilities Check:[/u]

Malwarebytes' Anti-Malware
Java(TM) 6 Update 24
[color=red]Java version out of date![/color]
Adobe Flash Player 11.1.102.55
Mozilla Firefox (8.0.)
````````````````````````````````
Process Check:
[u]objlist.exe by Laurent[/u]

Malwarebytes' Anti-Malware mbam.exe
``````````End of Log````````````

_____

QuickScan Beta 32-bit v0.9.9.99
-------------------------------
Scan date: Thu Dec 15 21:49:18 2011
Machine ID: 987D8176

No infection found.
-------------------

Processes
---------
Firefox 1272 C:\Program Files\Mozilla Firefox\firefox.exe
Firefox 1480 C:\Program Files\Mozilla Firefox\plugin-container.exe
(verified) Microsoft® Windows® Operating System 1184 C:\WINDOWS\explorer.exe
(verified) Microsoft® Windows® Operating System 416 C:\WINDOWS\system32\csrss.exe
(verified) Microsoft® Windows® Operating System 500 C:\WINDOWS\system32\lsass.exe
(verified) Microsoft® Windows® Operating System 488 C:\WINDOWS\system32\services.exe
(verified) Microsoft® Windows® Operating System 364 C:\WINDOWS\system32\smss.exe
(verified) Microsoft® Windows® Operating System 652 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 700 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 800 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 868 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 916 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 988 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 444 C:\WINDOWS\system32\winlogon.exe

Network activity
----------------
Process firefox.exe (1272) connected on port 80 (HTTP) --> 66.235.142.2
Process firefox.exe (1272) connected on port 80 (HTTP) --> 69.171.242.54
Process firefox.exe (1272) connected on port 80 (HTTP) --> 74.125.159.113

Process svchost.exe (652) listens on ports: 3389 (Terminal Server)
Process svchost.exe (700) listens on ports: 135 (RPC)

Autoruns and critical files
---------------------------
Adobe Acrobat C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
ArcSoft Connect C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
hp digital imaging - hp all-in-one seri C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
HPBootOp C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
Java(TM) Platform SE Auto Updater 2 0 C:\Program Files\Common Files\Java\Java Update\jusched.exe
LightScribe c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
LiveUpdate C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
Malwarebytes' Anti-Malware C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\CRYPT32.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\cscdll.dll
Microsoft® Windows® Operating System C:\WINDOWS\System32\dimsntfy.dll
Microsoft® Windows® Operating System C:\WINDOWS\System32\logon.scr
Microsoft® Windows® Operating System C:\WINDOWS\system32\SHELL32.dll
Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\WlNotify.dll
Norton Security Center c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
QuickTime C:\Program Files\QuickTime\QTTask.exe
RealPlayer (32-bit) C:\Program Files\Common Files\Real\Update_OB\realsched.exe
Realtek Audio - Event Monitor C:\WINDOWS\ALCXMNTR.EXE
SiS Power Scheme Library C:\WINDOWS\system32\SiSPower.dll
Updates from HP.exe C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
Wacom Technology, Corp. TABUSERW C:\WINDOWS\system32\WTablet\TabUserW.exe
XSS ShellvRTF D:\info.exe
Zune® c:\Program Files\Zune\ZuneLauncher.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\BROWSEUI.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\ctfmon.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\logonui.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\sclgntfy.dll
(verified) Microsoft® Windows® Operating System c:\windows\system32\stobject.dll
(verified) Microsoft® Windows® Operating System c:\windows\system32\wpdshserviceobj.dll
(verified) Windows® Internet Explorer c:\windows\system32\webcheck.dll

Browser plugins
---------------
AcroIEHelper Library c:\program files\adobe\acrobat 7.0\activex\acroiehelper.dll
Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll
Adobe Acrobat C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
AOL Search c:\program files\aim search\aolsearch.dll
BitDefender QuickScan C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lu7lu8v4.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
downloadUpdater C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
downloadUpdater2 C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
Flash® Player Installer/Uninstaller C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
hp view c:\program files\hp\digital imaging\bin\hpdtlk02.dll
InstallShield Update Service C:\WINDOWS\Downloaded Program Files\isusweb.dll
iWinGamesManager Application c:\program files\iwin games\iwingameshookie.dll
Java Deployment Toolkit 6.0.240.7 C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
Java(TM) Platform SE 6 U24 c:\program files\java\jre6\bin\jp2ssv.dll
Java(TM) Platform SE 6 U24 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
Java(TM) Platform SE 6 U24 c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
Messenger C:\Program Files\Messenger\msmsgs.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\mswsock.dll
Microsoft® Windows® Operating System C:\WINDOWS\System32\winrnr.dll
NPSWF32.dll C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
RealJukebox NS Plugin C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
RealPlayer Version Plugin C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
RealPlayer(tm) G2 LiveConnect-Enabled P C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
Silverlight Plug-In C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
Windows Presentation Foundation c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
Windows® Internet Explorer C:\WINDOWS\system32\ieframe.dll
(verified) InstallShield Update Service C:\WINDOWS\Downloaded Program Files\dwusplay.dll
(verified) InstallShield Update Service C:\WINDOWS\Downloaded Program Files\dwusplay.exe
(verified) Microsoft® Windows Live Login Helper c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
(verified) QuickTime Plug-in 7.6.4 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
(verified) QuickTime Plug-in 7.6.4 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
(verified) QuickTime Plug-in 7.6.4 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
(verified) QuickTime Plug-in 7.6.4 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
(verified) QuickTime Plug-in 7.6.4 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
(verified) QuickTime Plug-in 7.6.4 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
(verified) QuickTime Plug-in 7.6.4 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
(verified) QuickTime Plug-in 7.6.4 C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
(verified) QuickTime Plug-in 7.6.4 C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
(verified) QuickTime Plug-in 7.6.4 C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
(verified) QuickTime Plug-in 7.6.4 C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
(verified) QuickTime Plug-in 7.6.4 C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
(verified) QuickTime Plug-in 7.6.4 C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
(verified) QuickTime Plug-in 7.6.4 C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll

Missing files
-------------
File not found: CMICNFG3.cpl
--> HKLM\Software\Microsoft\Windows\CurrentVersion\Run\"CmPCIaudio"

Scan
----
MD5: f4a569f89a90205a095965ae628625e1 C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lu7lu8v4.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
MD5: 9819c4f68686e9fe1d62dd0d4767ddd5 c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
MD5: 42729c3de75a7a51fc6f9ef6546c9199 c:\program files\adobe\acrobat 7.0\activex\acroiehelper.dll
MD5: deb88aef013dd1eefb462d7cad642166 C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
MD5: 34400005de52842c4d6d4ee978b4d7ce C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
MD5: f00c1002b8c7528c91c6a26723d18265 c:\program files\aim search\aolsearch.dll
MD5: a7810b302294793de88542aae177d1b1 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
MD5: 2e5212a0bfb98fe0167c92c76c87afe3 C:\Program Files\Common Files\Java\Java Update\jusched.exe
MD5: 9bd7add61b031307dd075e5e6a917c4d c:\Program Files\Common Files\LightScribe\LSSrvc.exe
MD5: abedfd48ac042c6aaad32452e77217a1 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
MD5: b8e684df9a97497edd2f87444a6307fb C:\Program Files\Common Files\Real\Update_OB\realsched.exe
MD5: 67c5af84809468061121fbcbecb19285 c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
MD5: b96c81be7b8d11710496787e5859d768 c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
MD5: 30a086ba3520555b718e77763b1c52c0 C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
MD5: 3117f57bfd69c3637340c47d9fee2e7c c:\program files\hp\digital imaging\bin\hpdtlk02.dll
MD5: 5597d0075861cb0a6e6087752d205c0d C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
MD5: 865250e2742e49c02b0c4307ab042478 C:\Program Files\Internet Explorer\plugins\nppdf32.dll
MD5: 6d1dd86ea58ad1b2f57301042d819436 C:\Program Files\iPod\bin\iPodService.exe
MD5: f841c2d5f930cf4ae834b67a9eba5809 c:\program files\iwin games\iwingameshookie.dll
MD5: fe1a970e7ce330bb844e333c374c6599 C:\Program Files\iWin Games\iWinTrusted.exe
MD5: 88e49c2b7e75b1d9695d6a063f28a8bb c:\program files\java\jre6\bin\jp2ssv.dll
MD5: 5e06a9d23727daf96faa796f1135fdcd C:\Program Files\Java\jre6\bin\jqs.exe
MD5: 4ebb5b4dcabec18b29d01f9f607b0114 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
MD5: a36f13f0a039de74e07d7b2fbcaf8bb7 c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
MD5: 4cbe2bd48a10404a7cb9fa9d45fd77a3 C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
MD5: 3e930c641079443d4de036167a69caa2 C:\Program Files\Messenger\msmsgs.exe
MD5: c3e42cbf8215171a524d123a54ae3233 C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
MD5: be72f68c3e898c6c7dd61afdf28769dd C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
MD5: a7057e1fb47203ff55bced30572f2664 C:\Program Files\Mozilla Firefox\components\browsercomps.dll
MD5: 4cb4054659abeeef925b153e2290e634 C:\Program Files\Mozilla Firefox\firefox.exe
MD5: d08d8b6306638a0ea7d95666165bb7fe C:\Program Files\Mozilla Firefox\freebl3.dll
MD5: 69793b6f19bdc9c5ae671e89adcfa226 C:\Program Files\Mozilla Firefox\mozalloc.dll
MD5: 674ad9717fe2026f484bf232fc47e28f C:\Program Files\Mozilla Firefox\MOZCPP19.dll
MD5: 89d0ef2f8282b36bea6ce3482e8c577f C:\Program Files\Mozilla Firefox\MOZCRT19.dll
MD5: 47a91e11a42f115d094dee60ec144ad7 C:\Program Files\Mozilla Firefox\mozjs.dll
MD5: f56c38796e2d3a82517bd9c55a6107a7 C:\Program Files\Mozilla Firefox\mozsqlite3.dll
MD5: 2016d8e53579693fbcf59718dde836b4 C:\Program Files\Mozilla Firefox\nspr4.dll
MD5: 70307aaa18fcc82c1b73f82107da9d76 C:\Program Files\Mozilla Firefox\nss3.dll
MD5: 1985fe5d5022dec52e030e01e129ffec C:\Program Files\Mozilla Firefox\nssckbi.dll
MD5: 1b732fb5914612e596f0d57ff9c0f5bd C:\Program Files\Mozilla Firefox\nssdbm3.dll
MD5: ffad522e94add9fd60d5fa6d41d237ea C:\Program Files\Mozilla Firefox\nssutil3.dll
MD5: 770f78dbd5c76dcea4968c936e836ad4 C:\Program Files\Mozilla Firefox\plc4.dll
MD5: a374095556e72de21174173e6800b7fc C:\Program Files\Mozilla Firefox\plds4.dll
MD5: fd67e2c52f62995c3cf1d6d720eeb66f C:\Program Files\Mozilla Firefox\plugin-container.exe
MD5: 9d35e12b661581b83dd74eb910ea9e6d C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
MD5: 323fe218dac089eed70ca55e6c1c2f1d C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
MD5: dbe8c34758da614f35ae7011284406bb C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
MD5: 865250e2742e49c02b0c4307ab042478 C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
MD5: 35a2c59e2f1963a9afcac9a959f076a6 C:\Program Files\Mozilla Firefox\smime3.dll
MD5: c35b493f498764e43b35b313b51f5f08 C:\Program Files\Mozilla Firefox\softokn3.dll
MD5: d4b4f877ee533e8b766c67ff54e73d5d C:\Program Files\Mozilla Firefox\ssl3.dll
MD5: 79b19878f2240152c0e5ea8202e12003 C:\Program Files\Mozilla Firefox\xpcom.dll
MD5: 848d0c1ac744b36501eede14d0bb72d8 C:\Program Files\Mozilla Firefox\xul.dll
MD5: 8cbd57d84729debee1e83cb5fa3e3d7a C:\Program Files\QuickTime\QTTask.exe
MD5: 7a51119945be40aeac5b512f6bc7195c C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
MD5: 135b08eca081bd44c707af6c1235c36e C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
MD5: 6a39886b9fd9bba97241049693dfb432 C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
MD5: 77a09a4a5b4db9736962a854eacb8c06 C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
MD5: 061380aff32ec10474b2b355499b6e35 C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
MD5: f37569c373a4475007835ed77593475c C:\Program Files\WTouch\WTouchService.exe
MD5: a3ba4712ebf768edfbccec09fa120b6f c:\Program Files\Zune\WMZuneComm.exe
MD5: dee869820c3483ec7b92a9fd9ba332a7 c:\Program Files\Zune\ZuneBusEnum.exe
MD5: 4048f9da4ba3036a994185ce6a2b6c55 c:\Program Files\Zune\ZuneLauncher.exe
MD5: 5bdcacd5b2b0fb972bc570e70f616acf c:\Program Files\Zune\ZuneNss.exe
MD5: e22e48654a66aa3e24f4646c6bc1756c c:\Program Files\Zune\ZuneWlanCfgSvc.exe
MD5: 7b8875a5b04932ac73afd8079864db68 C:\WINDOWS\ALCXMNTR.EXE
MD5: 310c15fd8358b2c4cd7a5b98a112883f C:\WINDOWS\AppPatch\AcGenral.DLL
MD5: 632e0ce38fbcadeaae28077f4c9c45d5 C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
MD5: 6f88f1de97b7ba6e2be4dc29aeeacf0d C:\WINDOWS\Downloaded Program Files\isusweb.dll
MD5: ab87eeffd18f2baafc274e7075ea6c67 c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
MD5: 93afb83fbc1f9443cac722fca63d73bf C:\WINDOWS\system32\COMCTL32.dll
MD5: a90e118f12d355f9946dfb30a8f94609 C:\WINDOWS\system32\CRYPT32.dll
MD5: c14350fc0d47d806699c4f907fc6785b C:\WINDOWS\system32\cryptnet.dll
MD5: 515a7fae2070c2b0242b2353443e2f11 C:\WINDOWS\system32\cscdll.dll
MD5: 2a9e427681169f02274ad8c17d52fa2d C:\WINDOWS\system32\CSRSRV.dll
MD5: e2092f0a1d7abc243f9c2362483d150d C:\WINDOWS\System32\dimsntfy.dll
MD5: 389496118b3b03c2328024af320132ac C:\WINDOWS\system32\DNSAPI.dll
MD5: 5f7e24fa9eab896051ffb87f840730d2 c:\windows\system32\dnsrslvr.dll
MD5: fe3ea6e9afc1a78e6edca121e006afb7 C:\WINDOWS\system32\drivers\Afc.sys
MD5: 1e44bc1e83d8fd2305f8d452db109cf9 C:\WINDOWS\System32\drivers\afd.sys
MD5: 593aefc67283d409f34cc1245d00a509 C:\WINDOWS\system32\DRIVERS\AGRSM.sys
MD5: 8d6c30e515717248e0e52b85fd7ac466 C:\WINDOWS\system32\drivers\ALCXWDM.SYS
MD5: 59301936898ae62245a6f09c0aba9475 C:\WINDOWS\system32\DRIVERS\AmdK8.sys
MD5: 4b0a100eaf5c49ef3cca8c641431eacc C:\WINDOWS\system32\DRIVERS\cdrom.sys
MD5: 809980f0bfcec2d3ddb3dbe8a2bd323b C:\WINDOWS\system32\drivers\cmudax3.sys
MD5: 1e580770bdece924494b368ac980749e C:\WINDOWS\system32\DRIVERS\fasttx2k.sys
MD5: 3a74c423cf6bcca6982715878f450a3b C:\WINDOWS\system32\DRIVERS\gagp30kx.sys
MD5: 2fb04db459c71f416ee8b05448ca4ac3 C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys
MD5: 2136cca3d1bf7c0248e5366b1a6c24e3 C:\WINDOWS\system32\DRIVERS\motusbdevice.sys
MD5: 7d304a5eb4344ebeeab53a2fe3ffb9f0 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
MD5: 0109c4f3850dfbab279542515386ae22 C:\WINDOWS\system32\DRIVERS\ndistapi.sys
MD5: 505cba425df3bb230f244e1c23221058 C:\WINDOWS\system32\DRIVERS\pcdrndisuio.sys
MD5: 4a108cc9cc0e0605e68cce7021479879 C:\WINDOWS\system32\drivers\PenClass.sys
MD5: bffdb363485501a38f0bca83aec810db C:\WINDOWS\system32\DRIVERS\PS2.sys
MD5: 509d96916c7d9218e4083940b8711b9b C:\WINDOWS\system32\DRIVERS\sisgrp.sys
MD5: 5529b51aacff16fbdde4b34ff0af2b76 C:\WINDOWS\system32\DRIVERS\sisnic.sys
MD5: 71e276f6d189413266ea22171806597b C:\WINDOWS\System32\Drivers\sptd.sys
MD5: 47ddfc2f003f7f9f0592c6874962a2e7 C:\WINDOWS\system32\DRIVERS\srv.sys
MD5: 2c921a4cce0b3eb372ebf448939fa3bf C:\WINDOWS\system32\DRIVERS\srvkp.sys
MD5: 826a053968d0faf39afd8aecff580cb6 C:\WINDOWS\system32\DRIVERS\wacmoumonitor.sys
MD5: 427a8bc96f16c40df81c2d2f4edd32dd C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys
MD5: 51d580f30d1a1f2ea4965af6abc2bcb2 C:\WINDOWS\system32\DRIVERS\wacomvhid.sys
MD5: 889459833432b161cb99cfdf84a1a9bb C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys
MD5: fd600b032e741eb6aab509fc630f7c42 C:\WINDOWS\system32\DRIVERS\WinUSB.sys
MD5: 337b9607f041b77824411750069aff2d C:\WINDOWS\system32\DRIVERS\zumbus.sys
MD5: f5b754cdea20bbb3a31e16a776ede6d6 c:\windows\system32\ESENT.dll
MD5: 303a63f4b913aa5d8998161cb77a8ce7 C:\WINDOWS\system32\feclient.dll
MD5: 9d84376931440f3679beef2a414fa493 C:\WINDOWS\system32\HPZipm12.exe
MD5: 0217cd51d55ca3e693a682664d3de2bf C:\WINDOWS\system32\ieframe.dll
MD5: 7cfdeb1560eacad6006d653ec55d12d0 C:\WINDOWS\system32\iertutil.dll
MD5: a525c96c51d55111fdf3bea9ffffc7ae C:\WINDOWS\system32\kerberos.dll
MD5: 9fad7dff67555ff1e06bc4a3893024a7 C:\WINDOWS\System32\logon.scr
MD5: bd31dc6dbe9333c4fbd4bdf0899f2160 C:\WINDOWS\system32\LSASRV.dll
MD5: de3745a51b7ac7fedc356a83f76c8023 C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MD5: 3f790874a85819e94574f3e7af9c5806 C:\WINDOWS\system32\msctfime.ime
MD5: d3f72d50de53f9f1f55240115af4d42e C:\WINDOWS\system32\msi.dll
MD5: 943337d786a56729263071623bbb9de5 C:\WINDOWS\system32\mswsock.dll
MD5: 062f837c1fbdb6a0a75f82efc2ee8e74 c:\windows\system32\netshell.dll
MD5: f8f0d25ca553e39dde485d8fc7fcce89 C:\WINDOWS\system32\ntdll.dll
MD5: 40b0f98bad16ad5def894e88c3ef8014 C:\WINDOWS\system32\ODBC32.dll
MD5: 7a6a7900b5e322763430ba6fd9a31224 C:\WINDOWS\system32\ole32.dll
MD5: 1b2be5777f69a71778f52ffee1c798d6 C:\WINDOWS\system32\OLEAUT32.dll
MD5: 629021756c8fc4c579849a823c471cb3 C:\WINDOWS\system32\Pen_Tablet.exe
MD5: c7c84df7233f4834cd190f3dccaf50ca C:\WINDOWS\system32\rdpwsx.dll
MD5: d4502f124289a31976130cccb014c9aa C:\WINDOWS\system32\RPCRT4.dll
MD5: abeedd547e939ad827b2e29dec754206 C:\WINDOWS\system32\schannel.dll
MD5: 26cb10fa893f940ab09713ff46dcdade C:\WINDOWS\system32\SHDOCVW.dll
MD5: e86423aa9aa8c382af02b94a058dc2aa C:\WINDOWS\system32\SHELL32.dll
MD5: 0e3605a5e7c23f1139c5c448e1eaf494 C:\WINDOWS\system32\shimgvw.dll
MD5: 99bc0b50f511924348be19c7c7313bbf C:\WINDOWS\system32\SHSVCS.dll
MD5: ad00fc15ddaa7ad50cf3b1ca3153dbc7 C:\WINDOWS\system32\SiSPower.dll
MD5: 60784f891563fb1b767f70117fc2428f C:\WINDOWS\system32\spoolsv.exe
MD5: 3a7c3cbe5d96b8ae96ce81f0b22fb527 c:\windows\system32\srvsvc.dll
MD5: d0049860b63dd87a73a5d165c829c65f C:\WINDOWS\system32\t2embed.dll
MD5: 31b6e9e116a3d6f8eb13202c9b5db403 C:\WINDOWS\system32\urlmon.dll
MD5: a93aee1928a9d7ce3e16d24ec7380f89 c:\windows\system32\userinit.exe
MD5: 9e03dc5ab51cfd0190541ce2038d819d C:\WINDOWS\system32\USP10.dll
MD5: 6404807abc7af52fa3792697ae638b50 C:\WINDOWS\system32\wbem\wbemcons.dll
MD5: 1a377838b4b468e37c3eeb5baa24f925 C:\WINDOWS\system32\WININET.dll
MD5: d72b9ec3337b247a666f098f3d6b43de C:\WINDOWS\System32\winrnr.dll
MD5: 95cf3446911a6e25ee4086df8a45b2aa C:\WINDOWS\system32\winsrv.dll
MD5: 2cc34e8bb667eef78899546e12649196 C:\WINDOWS\system32\WlNotify.dll
MD5: f58793db078a90280b35b2f9489b2ade C:\WINDOWS\system32\WTablet\TabUserW.exe
MD5: 16403217ab6fc5c30c14c6b12098ad4b C:\WINDOWS\system32\xpsp2res.dll
MD5: 736b12b725aeb2b07f0241a9f680cb10 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MD5: 33d9b7bb7ba323bafe489df033dac824 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22509_x-ww_c7dad023\gdiplus.dll
MD5: 6c487182578d1253831725a7cdc606c3 D:\info.exe

No file uploaded.

Scan finished - communication took 2 sec
Total traffic - 0.01 MB sent, 0.64 KB recvd
Scanned 480 files and modules - 36 seconds

==============================================================================


LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26
Reviews:
·Comcast

1 recommendation

First:
You are using an outdated version of MalwareBytes. Please uninstall, download the most recent version, re-install, update, then run and post the new log in this thread.

Second:
Please post the Extras log from OTL. It's only produced on the first run of OTL (default). Checfk the C:\_OTL folder for it. If not there, then run OTL again, this time select 'Use Whitelist' in the 'Extra Registry' section of the selectable options.

Post the Extras log in this thread.
--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2011
Gladiator Security Forum


GreenLeoCat

join:2008-03-13

There was no "whitelist" option, but there was a "safelist" option, so I tried that. Here's thin info you requested:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8382

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

12/16/2011 7:26:48 PM
mbam-log-2011-12-16 (19-26-48).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 347530
Time elapsed: 36 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\system volume information\_restore{2466a83d-1b81-456e-9766-38c2b7e48210}\RP758\A0051247.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{2466a83d-1b81-456e-9766-38c2b7e48210}\RP758\A0051248.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

_____

OTL Extras logfile created on: 12/16/2011 7:31:35 PM - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Administrator\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 1.43 Gb Available Physical Memory | 76.41% Memory free
3.04 Gb Paging File | 2.78 Gb Available in Paging File | 91.62% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 141.97 Gb Total Space | 2.95 Gb Free Space | 2.08% Space Free | Partition Type: NTFS
Drive D: | 7.05 Gb Total Space | 1.63 Gb Free Space | 23.11% Space Free | Partition Type: FAT32
Drive L: | 488.84 Mb Total Space | 74.67 Mb Free Space | 15.28% Space Free | Partition Type: FAT

Computer Name: YOUR-F78BF48CE2 | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]

[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Scan with SpySubtract...] -- "C:\Program Files\InterMute\SpySubtract\SpySub.exe" "-sc" "%1" (InterMute, Inc.)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[color=#E56717]========== System Restore Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"2479:TCP" = 2479:TCP:*:Enabled:Services
"2435:TCP" = 2435:TCP:*:Enabled:Services
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"2479:TCP" = 2479:TCP:*:Enabled:Services
"2435:TCP" = 2435:TCP:*:Enabled:Services
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe" = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe:*:Enabled:BackWeb for Pavilion -- (Hewlett-Packard)
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- (AOL Inc.)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\iWin Games\iWinGames.exe" = C:\Program Files\iWin Games\iWinGames.exe:*:Enabled:iWin Games application. -- (iWin Inc.)
"C:\Program Files\iWin Games\WebUpdater.exe" = C:\Program Files\iWin Games\WebUpdater.exe:*:Enabled:iWin Games updater. -- ()

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{0DC86BEC-5CE3-413A-BB61-C40A3D186B24}" = Scan
"{0E484A60-A429-49A8-982C-D6475F1E80A9}" = HPIZplus450
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{14589F05-C658-4594-9429-D437BA688686}" = IntelliMover Data Transfer Demo
"{14BEB6DF-A499-4A38-8E06-E173BCD5C087}" = ScannerCopy
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0
"{181821B7-82AA-44DA-9DAF-EF254CCB670A}" = Fax
"{19C989C4-50AE-43A4-B06E-8C70FFFF852F}" = PC-Doctor for Windows
"{1A103D70-5C9B-4E1A-B306-5106C68F9914}" = Microsoft Plus! Dancer LE
"{1AD5F465-8282-4DAD-B957-E09C0B783D18}" = InstantShare
"{1B680FBA-E317-4E93-AF43-3B59798A4BE0}" = Copy
"{1EBEC42C-5E3F-4077-933B-411E33A0C3A4}" = Motorola Driver Installation 4.6.0
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24FBE9FC-6C0E-4221-AE41-55A40BEFE93F}" = CameraDrivers
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 24
"{272EC8BA-5A08-4ea1-A189-684466A06B02}" = cp_dwShrek2Albums1
"{28CFF19D-B92C-4109-A427-F75505E81688}" = cp_dwSharkTaleAlbums1
"{2C4E2E4E-A7C9-4CCB-BF03-FE6EBD5D4AB7}" = Windows Mobile Device Updater Component
"{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}" = HP Deskjet Printer Preload
"{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}" = Unload
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0
"{32498B7B-E1F3-4ad5-A23B-F26414E94BE0}" = HP Image Zone Plus 4.8.6
"{342C7C88-D335-4bc2-8CF1-281857629CE2}" = HP PSC & OfficeJet 4.7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36FCD82D-1CED-436d-B33C-874EEC666D68}" = cp_dwSharkTaleCards1
"{3762DB2D-71BD-421F-9E55-C74DA7DF4D07}" = CueTour
"{3819891A-030B-4a4e-98ED-B28A649E48AB}" = HP Deskjet 3900 series
"{3912A629-0020-0005-3757-2FBA74D4DF0A}" = InterVideo WinDVD Player
"{3AEF2F6C-F1D3-47CD-BF3B-A327F1FABE58}" = PSPrinters06
"{3BA95526-6AE0-4B87-A62D-17187EF565FC}" = HP Boot Optimizer
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{42F6BED9-41DD-40F1-85A8-8E0350493626}" = HPDeskjet3900Series
"{442BE28B-782B-4DC0-B490-E70A403B1C69}" = Readme
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{503AA035-41E2-4858-B31F-1E49AC66C309}" = Norton Security Center
"{54DF7BDA-1058-4D53-B3D4-2344C69B7D0C}" = Ragnarok Online
"{55508A44-8225-47AB-9666-1F57A5B5CE2E}" = CP_PLSBusinessFlyers
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5E8D588F-307C-4250-B622-26969027319A}" = PanoStandAlone
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{644D04A2-C682-4FD5-977D-03B804C4B9C5}" = CreativeProjects
"{646A65DD-23FC-418E-B9F0-E0500FB42CB1}" = PhotoGallery
"{655CB07D-C944-40BE-B93F-55957CAC7625}" = AiO_Scan
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7006ED29-58F2-40C3-AE87-039287AD20B6}" = Zune
"{724517BD-1DE1-4986-BFCA-C1DFD379E3BC}" = cp_dwShrek2Cards1
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}" = HPSystemDiagnostics
"{7F4DA4F8-CA7A-4F6E-B113-D0F2BEC9DB09}" = ArcSoft MediaImpression 2
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84CDF5A8-1D57-4B69-BAB6-1F11D8923375}" = SkinsHP1
"{85CFD253-38AE-4DB1-ACB7-F0F4C791990D}" = AiOSoftware
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BC3B99B-A6BE-4A0B-8535-B1B94BA4B1B1}" = DocProc
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD Player
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9CB2512B-3EC4-43DF-8002-46BDAB5EDD1B}" = QuickProjects
"{9EEBF8D5-8712-4D1D-88F4-4CDC2D270BC3}" = PrintScreen
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A5B9D22C-755A-4AC6-9904-875E80838BB6}" = CP_AtenaShokunin1Config
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support 4.0
"{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}" = Photosmart 320,370,7400,8100,8400 Series
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{ABA2B37F-AB88-486e-870A-52454A23FEE0}" = HP Photosmart Cameras 4.5
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{BE20E2F5-1903-4AAE-B1AF-2046E586C925}" = iTunes
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE0C8CC5-E396-442B-A50E-D1D374A9E820}" = DocumentViewer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0122362-6333-4DE4-93F6-A5A2F3CC101A}" = HP Organize
"{D0DDF9EE-C67F-368B-EB42-ECB44FD7556D}" = Adobe Photoshop.com Inspiration Browser
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DDC5B3E0-C656-4070-9CF0-E592EC60AD42}" = MotoConnect
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EFF913ED-03A6-42D2-A2A7-5966A612EEB9}" = LS_HSI
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FC10C922-52E9-4739-ACD0-EB0FF035EE7E}" = muvee autoProducer 4.0
"{FC22D020-3005-4715-8DF9-F3EDE81DEB3D}" = CreativeProjectsTemplates
"{FE64AE29-0883-4C70-8388-DC026019C900}" = HP Image Zone Express
"14DD9322-0AAE-4DA4-90A9-EB42CF296127" = Shooting Stars Pool from Hewlett-Packard Desktops (remove only)
"3F34F72F-9BB0-4B73-8312-558953ACF56F" = Super Granny from Hewlett-Packard Desktops (remove only)
"743EFCFE43C32543E0804C954858554E49909A4A" = Windows Driver Package - Hewlett-Packard Image (12/14/2009 13.0.0.61)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 2.0" = Adobe Photoshop Elements 2.0
"Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0
"Agere Systems Soft Modem" = Agere Systems PCI Soft Modem
"AIM Search" = AIM Search
"AIM_7" = AIM 7
"AnyToISO_is1" = AnyToISO
"BackWeb-309731 Uninstaller" = Updates from HP
"BitTorrent" = BitTorrent
"Build-A-Lot 2" = Build-A-Lot 2 (remove only)
"Burger Shop" = Burger Shop (remove only)
"C2C3C2DB-7D8A-4E20-B527-E3149FAECC3A" = Slyder from Hewlett-Packard Desktops (remove only)
"C-Media PCI Sound" = C-Media PCI Audio Device
"Delicious: Emily's Holiday Season" = Delicious: Emily's Holiday Season (remove only)
"Delicious: Emily's Tea Garden" = Delicious: Emily's Tea Garden (remove only)
"F5215F01-DFC0-475D-A910-6F1AF94E807E" = Tradewinds from Hewlett-Packard Desktops (remove only)
"GhostMouse 2.0" = GhostMouse 2.0
"Go Go Gourmet: Chef of the Year" = Go Go Gourmet: Chef of the Year (remove only)
"Help and Support Additions" = Help and Support Additions
"Hidden Magic" = Hidden Magic (remove only)
"HP Imaging Device Functions" = HP Imaging Device Functions 5.0
"HP Photo & Imaging" = HP Image Zone 4.8.6
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.0
"ie8" = Windows Internet Explorer 8
"InstallShield_{19C989C4-50AE-43A4-B06E-8C70FFFF852F}" = PC-Doctor for Windows
"InstallShield_{BE20E2F5-1903-4AAE-B1AF-2046E586C925}" = iTunes
"iWinArcade" = iWin Games (remove only)
"KLiteCodecPack_is1" = K-Lite Codec Pack 2.36 Full
"LastFM_is1" = Last.fm 1.5.4.27091
"LiveUpdate" = LiveUpdate 2.5 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Money" = Remove Microsoft Money 2005 installer
"Mozilla Firefox 8.0 (x86 en-US)" = Mozilla Firefox 8.0 (x86 en-US)
"Pen Tablet Driver" = Bamboo
"PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1" = Adobe Photoshop.com Inspiration Browser
"PS2" = PS2
"Purrfect Pet Shop" = Purrfect Pet Shop (remove only)
"Python 2.2.3" = Python 2.2.3
"pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203)
"RealPlayer 6.0" = RealPlayer
"SiS VGA Driver" = SiS VGA Utilities
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SpySubtract" = SpySubtract
"Stand O Food" = Stand O Food (remove only)
"The Rosetta Stone" = The Rosetta Stone
"Wacom Tablet Driver" = Wacom Tablet
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WeatherBug" = Remove WeatherBug installer
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"winusb0100" = Microsoft WinUsb 1.0
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9
"YTdetect" = Yahoo! Detect
"Zune" = Zune

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 12/15/2011 8:39:18 AM | Computer Name = YOUR-F78BF48CE2 | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:

with error: This network connection does not exist.

Error - 12/15/2011 8:39:18 AM | Computer Name = YOUR-F78BF48CE2 | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:

with error: This network connection does not exist.

Error - 12/15/2011 8:48:09 AM | Computer Name = YOUR-F78BF48CE2 | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:

with error: The connection with the server was terminated abnormally

Error - 12/15/2011 8:48:09 AM | Computer Name = YOUR-F78BF48CE2 | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:

with error: This network connection does not exist.

Error - 12/15/2011 8:48:15 AM | Computer Name = YOUR-F78BF48CE2 | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:

with error: This network connection does not exist.

Error - 12/15/2011 8:48:15 AM | Computer Name = YOUR-F78BF48CE2 | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:

with error: This network connection does not exist.

Error - 12/15/2011 9:42:20 PM | Computer Name = YOUR-F78BF48CE2 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: The connection with the server was terminated abnormally

Error - 12/15/2011 9:42:20 PM | Computer Name = YOUR-F78BF48CE2 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This network connection does not exist.

Error - 12/15/2011 9:58:00 PM | Computer Name = YOUR-F78BF48CE2 | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:

with error: The connection with the server was terminated abnormally

Error - 12/15/2011 9:58:00 PM | Computer Name = YOUR-F78BF48CE2 | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:

with error: This network connection does not exist.

[ System Events ]
Error - 12/16/2011 5:11:21 PM | Computer Name = YOUR-F78BF48CE2 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 12/16/2011 5:12:13 PM | Computer Name = YOUR-F78BF48CE2 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AmdK8 Cdrom Fips Imapi redbook

Error - 12/16/2011 5:19:59 PM | Computer Name = YOUR-F78BF48CE2 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 12/16/2011 5:21:21 PM | Computer Name = YOUR-F78BF48CE2 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 12/16/2011 5:22:21 PM | Computer Name = YOUR-F78BF48CE2 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AmdK8 Cdrom Fips Imapi redbook

Error - 12/16/2011 5:25:45 PM | Computer Name = YOUR-F78BF48CE2 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 12/16/2011 8:27:02 PM | Computer Name = YOUR-F78BF48CE2 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 12/16/2011 8:28:26 PM | Computer Name = YOUR-F78BF48CE2 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 12/16/2011 8:29:26 PM | Computer Name = YOUR-F78BF48CE2 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AmdK8 Cdrom fasttx2k Fips Imapi ohci1394 redbook

Error - 12/16/2011 8:30:02 PM | Computer Name = YOUR-F78BF48CE2 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}


LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26
Reviews:
·Comcast

1 recommendation

reply to GreenLeoCat

First:
Please go to »www.virustotal.com/

Press the 'Browse' button to the right of the yellow box.

Navigate to the file(s) listed below, one at a time (if more than one file). Press the 'Open' button in the file dialog box or double click on the file name. The file name and path should appear in the yellow box.


C:\Program Files\iWin Games\iWinGames.exe


Click on the Send File button

Note: If you can't find the file, let me know in your next post.

Once the Scan is completed, a Web page will open with the scan results. Copy and paste the address of that webpage from the address bar of your browser into your next post in this thread. Note that you can also copy and paste the contents of the webpage if you find that easier.

If the file has been previously scanned, the results webpage will show:
"File has already been submitted:"

Press the "View Last Report" button then copy and paste the address of that webpage from the address bar of your browser into your next post in this thread.

If there is more than one file listed for scanning, press the Another File button at the bottom of the page. Repeat this procedure until all files listed have been scanned.

Second:
Download and run Sophos AntiRootkit. Post the log in this thread, even if nothing is found.

You find link(s) and instructions here:
»Security Cleanup FAQ »Rootkit Detection Applications
--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2011
Gladiator Security Forum


GreenLeoCat

join:2008-03-13

1 edit

http://www.virustotal.com/file-scan/reanalysis.html?id=8eebf8baa19b1e8d813586343e81a70da4c8c3d9522e7fe8eb66a96c834c9e1c-1324084949
 
File already submitted: The file sent has already been analysed by VirusTotal in the past. This is same basic info regarding the sample itself and its last analysis:
MD5:17031b9f00375bf94ffc8447fd270750
Date first seen:2011-04-20 19:37:19 (UTC)
Date last seen:2011-08-14 18:30:07 (UTC)
Detection ratio:0/43
_____
 
Last report:
 
http://www.virustotal.com/file-scan/report.html?id=8eebf8baa19b1e8d813586343e81a70da4c8c3d9522e7fe8eb66a96c834c9e1c-1313346607
 
_____
 
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-17 03:33:07
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3160021A rev.8.11
Running: 7b5ept94.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\awgoypod.sys
 
---- System - GMER 1.0.15 ----
 
SSDT      sprw.sys                                                                                                             ZwCreateKey [0xF74D70E0]
SSDT      sprw.sys                                                                                                             ZwEnumerateKey [0xF74F5CA2]
SSDT      sprw.sys                                                                                                             ZwEnumerateValueKey [0xF74F6030]
SSDT      sprw.sys                                                                                                             ZwOpenKey [0xF74D70C0]
SSDT      sprw.sys                                                                                                             ZwQueryKey [0xF74F6108]
SSDT      sprw.sys                                                                                                             ZwQueryValueKey [0xF74F5F88]
SSDT      sprw.sys                                                                                                             ZwSetValueKey [0xF74F619A]
 
INT 0x62  ?                                                                                                                    8A528BF8
INT 0x63  ?                                                                                                                    8A432BF8
INT 0x73  ?                                                                                                                    8A432BF8
INT 0x82  ?                                                                                                                    8A528BF8
INT 0x83  ?                                                                                                                    8A528BF8
INT 0xA4  ?                                                                                                                    8A432BF8
INT 0xB4  ?                                                                                                                    8A432BF8
 
---- Kernel code sections - GMER 1.0.15 ----
 
?         sprw.sys                                                                                                             The system cannot find the file specified. !
.text     USBPORT.SYS!DllUnload                                                                                                BA5B38AC 5 Bytes  JMP 8A4321D8 
.text     agmn934n.SYS                                                                                                         BA565386 35 Bytes  [00, 00, 00, 00, 00, 00, 20, ...]
.text     agmn934n.SYS                                                                                                         BA5653AA 24 Bytes  [00, 00, 00, 00, 00, 00, 00, ...]
.text     agmn934n.SYS                                                                                                         BA5653C4 3 Bytes  [00, 70, 02] {ADD [EAX+0x2], DH}
.text     agmn934n.SYS                                                                                                         BA5653C9 1 Byte  [2E]
.text     agmn934n.SYS                                                                                                         BA5653C9 11 Bytes  [2E, 00, 00, 00, 5C, 02, 00, ...] {ADD CS:[EAX], AL; ADD [EDX+EAX+0x0], BL; ADD [EAX], AL; ADD [EAX], AL}
.text     ...                                                                                                                  
 
---- User code sections - GMER 1.0.15 ----
 
.text     C:\Program Files\Mozilla Firefox\plugin-container.exe[400] USER32.dll!GetWindowInfo                                  7E42C49C 5 Bytes  JMP 1045E363 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text     C:\Program Files\Mozilla Firefox\plugin-container.exe[400] USER32.dll!TrackPopupMenu                                 7E46531E 5 Bytes  JMP 1045E91C C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text     C:\Program Files\Mozilla Firefox\firefox.exe[1920] ntdll.dll!LdrLoadDll                                              7C91632D 5 Bytes  JMP 01222EC0 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
 
---- Kernel IAT/EAT - GMER 1.0.15 ----
 
IAT       \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint]                                                   8A5952D8
IAT       pci.sys[ntoskrnl.exe!IoDetachDevice]                                                                                 [F7508C4C] sprw.sys
IAT       pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack]                                                                    [F7508CA0] sprw.sys
IAT       atapi.sys[HAL.dll!READ_PORT_UCHAR]                                                                                   [F74D8040] sprw.sys
IAT       atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT]                                                                           [F74D813C] sprw.sys
IAT       atapi.sys[HAL.dll!READ_PORT_USHORT]                                                                                  [F74D80BE] sprw.sys
IAT       atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT]                                                                          [F74D87FC] sprw.sys
IAT       atapi.sys[HAL.dll!WRITE_PORT_UCHAR]                                                                                  [F74D86D2] sprw.sys
IAT       \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint]                                                 8A4322D8
IAT       \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!RtlInitUnicodeString]                                         2266E852
IAT       \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!swprintf]                                                     478B0000
IAT       \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!KeSetEvent]                                                   50016A40
IAT       \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!IoCreateSymbolicLink]                                         1CAC8E8D
IAT       \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!IoGetConfigurationInformation]                                E8510000
IAT       \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!IoDeleteSymbolicLink]                                         00002254
IAT       \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!MmFreeMappingAddress]                                         6A18538B
IAT       \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!IoFreeErrorLogEntry]                                          868D5200
IAT       \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!IoDisconnectInterrupt]                                        00001C98
IAT       \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!MmUnmapIoSpace]                                               2242E850
IAT       \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!ObReferenceObjectByPointer]                                   4B8B0000
IAT       \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!IofCompleteRequest]                                           51016A18
IAT       \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!RtlCompareUnicodeString]                                      1CB4968D
IAT       \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!IofCallDriver]                                                E8520000
IAT       \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!MmAllocateMappingAddress]                                     00002230
IAT       \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!IoAllocateErrorLogEntry]                                      8A05478A
IAT       \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!IoConnectInterrupt]                                           001CBB8E
IAT       \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!IoDetachDevice]                                               30C48300
IAT       \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!KeWaitForSingleObject]                                        1CBD8688
IAT       \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!KeInitializeEvent]                                            80E90000
IAT       \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!KeCancelTimer]                                                C6000000
IAT       \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString]                                 001CBB86
IAT       \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!RtlInitAnsiString]                                            438B0100
IAT       \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!IoBuildDeviceIoControlRequest]                                8E8D5018
IAT       \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!IoQueueWorkItem]                                              00001C90
IAT       \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!MmMapIoSpace]                                                 2202E851
IAT       \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations]                                  538B0000
IAT       \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!IoReportDetectedDevice]                                       52016A18
IAT       \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!IoReportResourceForDetection]                                 1CAC868D
IAT       \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize]                                  E8500000
IAT       \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!NlsMbCodePageTag]                                             000021F0
IAT       \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!PoRequestPowerIrp]                                            8A05478A
IAT       \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!KeInsertByKeyDeviceQueue]                                     001CBB8E
IAT       \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection]                             18C48300
IAT       \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!sprintf]                                                      1CBD8688
IAT       \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache]                                 43EB0000
IAT       \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!ObfDereferenceObject]                                         320C538A
IAT       \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!IoGetAttachedDeviceReference]                                 88F93BC0
IAT       \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!IoInvalidateDeviceState]                                      001CBB96
IAT       \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!ZwClose]                                                      F6317300
IAT       \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!ObReferenceObjectByHandle]                                    74070647
IAT       \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!ZwCreateDirectoryObject]                                      75C0841A
IAT       \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!IoBuildSynchronousFsdRequest]                                 05578A0B
IAT       \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!PoStartNextPowerIrp]                                          968801B0
IAT       \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!IoCreateDevice]                                               00001CBD
IAT       \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!RtlCopyUnicodeString]                                         57B60F66
IAT       \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!IoAllocateDriverObjectExtension]                              533B6604
IAT       \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!RtlQueryRegistryValues]                                       03087408
IAT       \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!ZwOpenKey]                                                    72F93B3F
IAT       \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!RtlFreeUnicodeString]                                         8A09EBDA
IAT       \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!IoStartTimer]                                                 86880547
IAT       \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!KeInitializeTimer]                                            00001CBD
IAT       \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!IoInitializeTimer]                                            88084B8A
IAT       \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!KeInitializeDpc]                                              001CBE8E
IAT       \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!KeInitializeSpinLock]                                         40578B00
IAT       \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!IoInitializeIrp]                                              8D52006A
IAT       \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!ZwCreateKey]                                                  001CC086
IAT       \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!RtlAppendUnicodeStringToString]                               81E85000
IAT       \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!RtlIntegerToUnicodeString]                                    8B000021
IAT       \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!ZwSetValueKey]                                                001CB88E
IAT       \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!KeInsertQueueDpc]                                             BC968B00
IAT       \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!KefAcquireSpinLockAtDpcLevel]                                 8900001C
IAT       \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!IoStartPacket]                                                001CC48E
IAT       \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!KefReleaseSpinLockFromDpcLevel]                               C8968900
IAT       \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!IoBuildAsynchronousFsdRequest]                                8B00001C
IAT       \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!IoFreeMdl]                                                    016A4047
IAT       \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!MmUnlockPages]                                                CCC68150
IAT       \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!IoWriteErrorLogEntry]                                         5600001C
IAT       \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!KeRemoveByKeyDeviceQueue]                                     002157E8
IAT       \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!MmMapLockedPagesWithReservedMapping]                          18C48300
IAT       \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!MmUnmapReservedMapping]                                       5D5B5E5F
IAT       \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!KeSynchronizeExecution]                                       CCCCCCC3
IAT       \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!IoStartNextPacket]                                            CCCCCCCC
IAT       \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!KeBugCheckEx]                                                 CCCCCCCC
IAT       \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!KeRemoveDeviceQueue]                                          CCCCCCCC
IAT       \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!KeSetTimer]                                                   8BEC8B55
IAT       \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!_allmul]                                                      00C73445
IAT       \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!MmProbeAndLockPages]                                          00000000
IAT       \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!_except_handler3]                                             830C458B
IAT       \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!PoSetPowerState]                                              C0840CEC
IAT       \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey]                                      053C0D74
IAT       \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!RtlWriteRegistryValue]                                        57B80974
IAT       \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!RtlDeleteRegistryValue]                                       8B000000
IAT       \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!_aulldiv]                                                     56C35DE5
IAT       \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!strstr]                                                       8D08758B
IAT       \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!_strupr]                                                      8D51FC4D
IAT       \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!KeQuerySystemTime]                                            8D52FD55
IAT       \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!IoWMIRegistrationControl]                                     8D51FE4D
IAT       \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!KeTickCount]                                                  8D52FF55
IAT       \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack]                                  8D51F84D
IAT       \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!IoDeleteDevice]                                               5052F455
IAT       \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!ExAllocatePoolWithTag]                                        EACAE856
IAT       \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!IoAllocateWorkItem]                                           C483FFFF
IAT       \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!IoAllocateIrp]                                                0FC08520
IAT       \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!IoAllocateMdl]                                                0001AD85
IAT       \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool]                                    46B70F00
IAT       \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!MmLockPagableDataSection]                                     F44D8B48
IAT       \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!IoGetDriverObjectExtension]                                   C1815753
IAT       \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!MmUnlockPagableImageSection]                                  00002590
IAT       \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!ExFreePoolWithTag]                                            467C8D51
IAT       \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!IoFreeIrp]                                                    7622E84A
IAT       \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!IoFreeWorkItem]                                               D88BFFFF
IAT       \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!InitSafeBootMode]                                             8504C483
IAT       \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!RtlCompareMemory]                                             5F0A75DB
IAT       \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!PoCallDriver]                                                 5B08438D
IAT       \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!memmove]                                                      5DE58B5E
IAT       \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!MmHighestUserAddress]                                         259068C3
IAT       \SystemRoot\System32\Drivers\agmn934n.SYS[HAL.dll!KfAcquireSpinLock]                                                 4B8BDF8B
IAT       \SystemRoot\System32\Drivers\agmn934n.SYS[HAL.dll!READ_PORT_UCHAR]                                                   8D3F0304
IAT       \SystemRoot\System32\Drivers\agmn934n.SYS[HAL.dll!KeGetCurrentIrql]                                                  CB033043
IAT       \SystemRoot\System32\Drivers\agmn934n.SYS[HAL.dll!KfRaiseIrql]                                                       0673C13B
IAT       \SystemRoot\System32\Drivers\agmn934n.SYS[HAL.dll!KfLowerIrql]                                                       C13B0003
IAT       \SystemRoot\System32\Drivers\agmn934n.SYS[HAL.dll!HalGetInterruptVector]                                             8366FA72
IAT       \SystemRoot\System32\Drivers\agmn934n.SYS[HAL.dll!HalTranslateBusAddress]                                            75000E7B
IAT       \SystemRoot\System32\Drivers\agmn934n.SYS[HAL.dll!KeStallExecutionProcessor]                                         0B7D80E3
IAT       \SystemRoot\System32\Drivers\agmn934n.SYS[HAL.dll!KfReleaseSpinLock]                                                 307B8D00
IAT       \SystemRoot\System32\Drivers\agmn934n.SYS[HAL.dll!READ_PORT_BUFFER_USHORT]                                           00AA840F
IAT       \SystemRoot\System32\Drivers\agmn934n.SYS[HAL.dll!READ_PORT_USHORT]                                                  83660000
IAT       \SystemRoot\System32\Drivers\agmn934n.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT]                                          6A000E7A
IAT       \SystemRoot\System32\Drivers\agmn934n.SYS[HAL.dll!WRITE_PORT_UCHAR]                                                  C6647400
IAT       \SystemRoot\System32\Drivers\agmn934n.SYS[WMILIB.SYS!WmiSystemControl]                                               4F8B0200
IAT       \SystemRoot\System32\Drivers\agmn934n.SYS[WMILIB.SYS!WmiCompleteRequest]                                             968D5140
IAT       \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR]                                                   [F74E8048] sprw.sys
 
---- Devices - GMER 1.0.15 ----
 
Device    \FileSystem\Ntfs \Ntfs                                                                                               8A5911F8
Device    \FileSystem\Fastfat \FatCdrom                                                                                        8A3221F8
Device    \Driver\usbohci \Device\USBPDO-0                                                                                     8A4AE500
Device    \Driver\usbohci \Device\USBPDO-1                                                                                     8A4AE500
Device    \Driver\PCI_PNP2212 \Device\00000045                                                                                 sprw.sys
Device    \Driver\PCI_PNP2212 \Device\00000045                                                                                 sprw.sys
Device    \Driver\usbohci \Device\USBPDO-2                                                                                     8A4AE500
Device    \Driver\usbehci \Device\USBPDO-3                                                                                     8A4101F8
Device    \Driver\USBSTOR \Device\00000070                                                                                     8A31C1F8
Device    \Driver\Ftdisk \Device\HarddiskVolume1                                                                               8A5931F8
Device    \Driver\USBSTOR \Device\00000071                                                                                     8A31C1F8
Device    \Driver\Ftdisk \Device\HarddiskVolume2                                                                               8A5931F8
Device    \Driver\USBSTOR \Device\00000072                                                                                     8A31C1F8
Device    \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3                                                                          [F7849B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device    \Driver\atapi \Device\Ide\IdePort0                                                                                   [F7849B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device    \Driver\atapi \Device\Ide\IdePort1                                                                                   [F7849B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device    \Driver\atapi \Device\Ide\IdePort2                                                                                   [F7849B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device    \Driver\atapi \Device\Ide\IdePort3                                                                                   [F7849B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device    \Driver\USBSTOR \Device\00000074                                                                                     8A31C1F8
Device    \Driver\NetBT \Device\NetBt_Wins_Export                                                                              8A3E91F8
Device    \Driver\NetBT \Device\NetBT_Tcpip_{B9F78B8B-E324-441F-8912-CC9381B73000}                                             8A3E91F8
Device    \Driver\NetBT \Device\NetbiosSmb                                                                                     8A3E91F8
Device    \Driver\sptd \Device\4284550962                                                                                      sprw.sys
Device    \Driver\usbohci \Device\USBFDO-0                                                                                     8A4AE500
Device    \Driver\USBSTOR \Device\0000006d                                                                                     8A31C1F8
Device    \Driver\usbohci \Device\USBFDO-1                                                                                     8A4AE500
Device    \FileSystem\MRxSmb \Device\LanmanDatagramReceiver                                                                    8A31D1F8
Device    \Driver\USBSTOR \Device\0000006e                                                                                     8A31C1F8
Device    \Driver\usbohci \Device\USBFDO-2                                                                                     8A4AE500
Device    \Driver\USBSTOR \Device\0000006f                                                                                     8A31C1F8
Device    \FileSystem\MRxSmb \Device\LanmanRedirector                                                                          8A31D1F8
Device    \Driver\usbehci \Device\USBFDO-3                                                                                     8A4101F8
Device    \Driver\Ftdisk \Device\FtControl                                                                                     8A5931F8
Device    \Driver\agmn934n \Device\Scsi\agmn934n1                                                                              8A4041F8
Device    \FileSystem\Fastfat \Fat                                                                                             8A3221F8
 
---- Registry - GMER 1.0.15 ----
 
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1                                                                   771343423
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2                                                                   285507792
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0                                                                   1
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4                                     
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                  C:\Program Files\DAEMON Tools Lite\
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                  0
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                               0x94 0xAB 0x17 0x44 ...
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001                            
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                         0x20 0x01 0x00 0x00 ...
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                      0x91 0x81 0x29 0x96 ...
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40                      
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                0x9F 0xAE 0x76 0xAC ...
Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                 
Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                      C:\Program Files\DAEMON Tools Lite\
Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                      0
Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                   0x94 0xAB 0x17 0x44 ...
Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)        
Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                             0x20 0x01 0x00 0x00 ...
Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                          0x91 0x81 0x29 0x96 ...
Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)  
Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                    0x9F 0xAE 0x76 0xAC ...
Reg       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                 
Reg       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                      C:\Program Files\DAEMON Tools Lite\
Reg       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                      0
Reg       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                   0x94 0xAB 0x17 0x44 ...
Reg       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)        
Reg       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                             0x20 0x01 0x00 0x00 ...
Reg       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                          0x91 0x81 0x29 0x96 ...
Reg       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)  
Reg       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                    0x9F 0xAE 0x76 0xAC ...
 
---- Disk sectors - GMER 1.0.15 ----
 
Disk      \Device\Harddisk0\DR0                                                                                                malicious Win32:MBRoot code @ sector 312560643
Disk      \Device\Harddisk0\DR0                                                                                                PE file @ sector 312560665
 
---- Files - GMER 1.0.15 ----
 
File      C:\WINDOWS\$NtUninstallKB42535$\3512213300                                                                           0 bytes
File      C:\WINDOWS\$NtUninstallKB42535$\92840879                                                                             0 bytes
File      C:\WINDOWS\$NtUninstallKB42535$\92840879\@                                                                           2048 bytes
File      C:\WINDOWS\$NtUninstallKB42535$\92840879\bckfg.tmp                                                                   852 bytes
File      C:\WINDOWS\$NtUninstallKB42535$\92840879\cfg.ini                                                                     199 bytes
File      C:\WINDOWS\$NtUninstallKB42535$\92840879\Desktop.ini                                                                 4608 bytes
File      C:\WINDOWS\$NtUninstallKB42535$\92840879\keywords                                                                    51 bytes
File      C:\WINDOWS\$NtUninstallKB42535$\92840879\kwrd.dll                                                                    223744 bytes
File      C:\WINDOWS\$NtUninstallKB42535$\92840879\L                                                                           0 bytes
File      C:\WINDOWS\$NtUninstallKB42535$\92840879\L\swmcxyxb                                                                  57600 bytes
File      C:\WINDOWS\$NtUninstallKB42535$\92840879\lsflt7.ver                                                                  5176 bytes
File      C:\WINDOWS\$NtUninstallKB42535$\92840879\U                                                                           0 bytes
File      C:\WINDOWS\$NtUninstallKB42535$\92840879\U\00000001.@                                                                2048 bytes
File      C:\WINDOWS\$NtUninstallKB42535$\92840879\U\00000002.@                                                                224768 bytes
File      C:\WINDOWS\$NtUninstallKB42535$\92840879\U\00000004.@                                                                1024 bytes
File      C:\WINDOWS\$NtUninstallKB42535$\92840879\U\80000000.@                                                                1024 bytes
File      C:\WINDOWS\$NtUninstallKB42535$\92840879\U\80000004.@                                                                12800 bytes
File      C:\WINDOWS\$NtUninstallKB42535$\92840879\U\80000032.@                                                                98304 bytes
 
---- EOF - GMER 1.0.15 ----
 
_____
 
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time:2011/12/17 03:34
Program Version:Version 1.3.5.0
Windows Version:Windows XP SP3
==================================================
 
Drivers
-------------------
Name: awgoypod.sys
Image Path: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\awgoypod.sys
Address: 0xB99A5000Size: 100864File Visible: NoSigned: -
Status: -
 
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xBA140000Size: 98304File Visible: NoSigned: -
Status: -
 
Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF79B1000Size: 8192File Visible: NoSigned: -
Status: -
 
Name: PCI_PNP2212
Image Path: \Driver\PCI_PNP2212
Address: 0x00000000Size: 0File Visible: NoSigned: -
Status: -
 
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xF76B7000Size: 49152File Visible: NoSigned: -
Status: -
 
Name: sprw.sys
Image Path: sprw.sys
Address: 0xF74D6000Size: 1048576File Visible: NoSigned: -
Status: -
 
Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000Size: 0File Visible: NoSigned: -
Status: -
 
Hidden/Locked Files
-------------------
Path: C:\WINDOWS\$NtUninstallKB42535$
Status: Locked to the Windows API!
 
Path: C:\WINDOWS\$NtUninstallKB867282$:SummaryInformation
Status: Invisible to the Windows API!
 
SSDT
-------------------
#: 041Function Name: NtCreateKey
Status: Hooked by "sprw.sys" at address 0xf74d70e0
 
#: 071Function Name: NtEnumerateKey
Status: Hooked by "sprw.sys" at address 0xf74f5ca2
 
#: 073Function Name: NtEnumerateValueKey
Status: Hooked by "sprw.sys" at address 0xf74f6030
 
#: 119Function Name: NtOpenKey
Status: Hooked by "sprw.sys" at address 0xf74d70c0
 
#: 160Function Name: NtQueryKey
Status: Hooked by "sprw.sys" at address 0xf74f6108
 
#: 177Function Name: NtQueryValueKey
Status: Hooked by "sprw.sys" at address 0xf74f5f88
 
#: 247Function Name: NtSetValueKey
Status: Hooked by "sprw.sys" at address 0xf74f619a
 
Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: SystemAddress: 0x8a5911f8Size: 121
 
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: SystemAddress: 0x8a5911f8Size: 121
 
Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: SystemAddress: 0x8a5911f8Size: 121
 
Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: SystemAddress: 0x8a5911f8Size: 121
 
Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: SystemAddress: 0x8a5911f8Size: 121
 
Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: SystemAddress: 0x8a5911f8Size: 121
 
Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: SystemAddress: 0x8a5911f8Size: 121
 
Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: SystemAddress: 0x8a5911f8Size: 121
 
Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: SystemAddress: 0x8a5911f8Size: 121
 
Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: SystemAddress: 0x8a5911f8Size: 121
 
Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: SystemAddress: 0x8a5911f8Size: 121
 
Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: SystemAddress: 0x8a5911f8Size: 121
 
Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: SystemAddress: 0x8a5911f8Size: 121
 
Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: SystemAddress: 0x8a5911f8Size: 121
 
Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: SystemAddress: 0x8a5911f8Size: 121
 
Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: SystemAddress: 0x8a5911f8Size: 121
 
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: SystemAddress: 0x8a5911f8Size: 121
 
Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: SystemAddress: 0x8a5911f8Size: 121
 
Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: SystemAddress: 0x8a5911f8Size: 121
 
Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: SystemAddress: 0x8a5911f8Size: 121
 
Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: SystemAddress: 0x8a5911f8Size: 121
 
Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: SystemAddress: 0x8a5911f8Size: 121
 
Object: Hidden Code [Driver: Fastfat, IRP_MJ_CREATE]
Process: SystemAddress: 0x8a3221f8Size: 121
 
Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLOSE]
Process: SystemAddress: 0x8a3221f8Size: 121
 
Object: Hidden Code [Driver: Fastfat, IRP_MJ_READ]
Process: SystemAddress: 0x8a3221f8Size: 121
 
Object: Hidden Code [Driver: Fastfat, IRP_MJ_WRITE]
Process: SystemAddress: 0x8a3221f8Size: 121
 
Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_INFORMATION]
Process: SystemAddress: 0x8a3221f8Size: 121
 
Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_INFORMATION]
Process: SystemAddress: 0x8a3221f8Size: 121
 
Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_EA]
Process: SystemAddress: 0x8a3221f8Size: 121
 
Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_EA]
Process: SystemAddress: 0x8a3221f8Size: 121
 
Object: Hidden Code [Driver: Fastfat, IRP_MJ_FLUSH_BUFFERS]
Process: SystemAddress: 0x8a3221f8Size: 121
 
Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: SystemAddress: 0x8a3221f8Size: 121
 
Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_VOLUME_INFORMATION]
Process: SystemAddress: 0x8a3221f8Size: 121
 
Object: Hidden Code [Driver: Fastfat, IRP_MJ_DIRECTORY_CONTROL]
Process: SystemAddress: 0x8a3221f8Size: 121
 
Object: Hidden Code [Driver: Fastfat, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: SystemAddress: 0x8a3221f8Size: 121
 
Object: Hidden Code [Driver: Fastfat, IRP_MJ_DEVICE_CONTROL]
Process: SystemAddress: 0x8a3221f8Size: 121
 
Object: Hidden Code [Driver: Fastfat, IRP_MJ_SHUTDOWN]
Process: SystemAddress: 0x8a3221f8Size: 121
 
Object: Hidden Code [Driver: Fastfat, IRP_MJ_LOCK_CONTROL]
Process: SystemAddress: 0x8a3221f8Size: 121
 
Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLEANUP]
Process: SystemAddress: 0x8a3221f8Size: 121
 
Object: Hidden Code [Driver: Fastfat, IRP_MJ_PNP]
Process: SystemAddress: 0x8a3221f8Size: 121
 
Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
Process: SystemAddress: 0x8a4101f8Size: 121
 
Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
Process: SystemAddress: 0x8a4101f8Size: 121
 
Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
Process: SystemAddress: 0x8a4101f8Size: 121
 
Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: SystemAddress: 0x8a4101f8Size: 121
 
Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
Process: SystemAddress: 0x8a4101f8Size: 121
 
Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
Process: SystemAddress: 0x8a4101f8Size: 121
 
Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
Process: SystemAddress: 0x8a4101f8Size: 121
 
Object: Hidden Code [Driver: usbohci, IRP_MJ_CREATE]
Process: SystemAddress: 0x8a4ae500Size: 121
 
Object: Hidden Code [Driver: usbohci, IRP_MJ_CLOSE]
Process: SystemAddress: 0x8a4ae500Size: 121
 
Object: Hidden Code [Driver: usbohci, IRP_MJ_DEVICE_CONTROL]
Process: SystemAddress: 0x8a4ae500Size: 121
 
Object: Hidden Code [Driver: usbohci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: SystemAddress: 0x8a4ae500Size: 121
 
Object: Hidden Code [Driver: usbohci, IRP_MJ_POWER]
Process: SystemAddress: 0x8a4ae500Size: 121
 
Object: Hidden Code [Driver: usbohci, IRP_MJ_SYSTEM_CONTROL]
Process: SystemAddress: 0x8a4ae500Size: 121
 
Object: Hidden Code [Driver: usbohci, IRP_MJ_PNP]
Process: SystemAddress: 0x8a4ae500Size: 121
 
Object: Hidden Code [Driver: agmn934nȅ扏煓ᖨ狀Ȃఆ剒敬韠, IRP_MJ_CREATE]
Process: SystemAddress: 0x8a4041f8Size: 121
 
Object: Hidden Code [Driver: agmn934nȅ扏煓ᖨ狀Ȃఆ剒敬韠, IRP_MJ_CLOSE]
Process: SystemAddress: 0x8a4041f8Size: 121
 
Object: Hidden Code [Driver: agmn934nȅ扏煓ᖨ狀Ȃఆ剒敬韠, IRP_MJ_DEVICE_CONTROL]
Process: SystemAddress: 0x8a4041f8Size: 121
 
Object: Hidden Code [Driver: agmn934nȅ扏煓ᖨ狀Ȃఆ剒敬韠, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: SystemAddress: 0x8a4041f8Size: 121
 
Object: Hidden Code [Driver: agmn934nȅ扏煓ᖨ狀Ȃఆ剒敬韠, IRP_MJ_POWER]
Process: SystemAddress: 0x8a4041f8Size: 121
 
Object: Hidden Code [Driver: agmn934nȅ扏煓ᖨ狀Ȃఆ剒敬韠, IRP_MJ_SYSTEM_CONTROL]
Process: SystemAddress: 0x8a4041f8Size: 121
 
Object: Hidden Code [Driver: agmn934nȅ扏煓ᖨ狀Ȃఆ剒敬韠, IRP_MJ_PNP]
Process: SystemAddress: 0x8a4041f8Size: 121
 
Object: Hidden Code [Driver: USBSTOR, IRP_MJ_CREATE]
Process: SystemAddress: 0x8a31c1f8Size: 121
 
Object: Hidden Code [Driver: USBSTOR, IRP_MJ_CLOSE]
Process: SystemAddress: 0x8a31c1f8Size: 121
 
Object: Hidden Code [Driver: USBSTOR, IRP_MJ_READ]
Process: SystemAddress: 0x8a31c1f8Size: 121
 
Object: Hidden Code [Driver: USBSTOR, IRP_MJ_WRITE]
Process: SystemAddress: 0x8a31c1f8Size: 121
 
Object: Hidden Code [Driver: USBSTOR, IRP_MJ_DEVICE_CONTROL]
Process: SystemAddress: 0x8a31c1f8Size: 121
 
Object: Hidden Code [Driver: USBSTOR, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: SystemAddress: 0x8a31c1f8Size: 121
 
Object: Hidden Code [Driver: USBSTOR, IRP_MJ_POWER]
Process: SystemAddress: 0x8a31c1f8Size: 121
 
Object: Hidden Code [Driver: USBSTOR, IRP_MJ_SYSTEM_CONTROL]
Process: SystemAddress: 0x8a31c1f8Size: 121
 
Object: Hidden Code [Driver: USBSTOR, IRP_MJ_PNP]
Process: SystemAddress: 0x8a31c1f8Size: 121
 
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]
Process: SystemAddress: 0x8a5931f8Size: 121
 
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]
Process: SystemAddress: 0x8a5931f8Size: 121
 
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]
Process: SystemAddress: 0x8a5931f8Size: 121
 
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]
Process: SystemAddress: 0x8a5931f8Size: 121
 
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]
Process: SystemAddress: 0x8a5931f8Size: 121
 
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: SystemAddress: 0x8a5931f8Size: 121
 
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]
Process: SystemAddress: 0x8a5931f8Size: 121
 
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]
Process: SystemAddress: 0x8a5931f8Size: 121
 
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]
Process: SystemAddress: 0x8a5931f8Size: 121
 
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]
Process: SystemAddress: 0x8a5931f8Size: 121
 
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]
Process: SystemAddress: 0x8a5931f8Size: 121
 
Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]
Process: SystemAddress: 0x8a3e91f8Size: 121
 
Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]
Process: SystemAddress: 0x8a3e91f8Size: 121
 
Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]
Process: SystemAddress: 0x8a3e91f8Size: 121
 
Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: SystemAddress: 0x8a3e91f8Size: 121
 
Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]
Process: SystemAddress: 0x8a3e91f8Size: 121
 
Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]
Process: SystemAddress: 0x8a3e91f8Size: 121
 
Object: Hidden Code [Driver: fasttx2k, IRP_MJ_CREATE]
Process: SystemAddress: 0x8a5921f8Size: 121
 
Object: Hidden Code [Driver: fasttx2k, IRP_MJ_CLOSE]
Process: SystemAddress: 0x8a5921f8Size: 121
 
Object: Hidden Code [Driver: fasttx2k, IRP_MJ_DEVICE_CONTROL]
Process: SystemAddress: 0x8a5921f8Size: 121
 
Object: Hidden Code [Driver: fasttx2k, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: SystemAddress: 0x8a5921f8Size: 121
 
Object: Hidden Code [Driver: fasttx2k, IRP_MJ_POWER]
Process: SystemAddress: 0x8a5921f8Size: 121
 
Object: Hidden Code [Driver: fasttx2k, IRP_MJ_SYSTEM_CONTROL]
Process: SystemAddress: 0x8a5921f8Size: 121
 
Object: Hidden Code [Driver: fasttx2k, IRP_MJ_PNP]
Process: SystemAddress: 0x8a5921f8Size: 121
 
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE]
Process: SystemAddress: 0x8a31d1f8Size: 121
 
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE]
Process: SystemAddress: 0x8a31d1f8Size: 121
 
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE]
Process: SystemAddress: 0x8a31d1f8Size: 121
 
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]
Process: SystemAddress: 0x8a31d1f8Size: 121
 
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE]
Process: SystemAddress: 0x8a31d1f8Size: 121
 
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION]
Process: SystemAddress: 0x8a31d1f8Size: 121
 
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION]
Process: SystemAddress: 0x8a31d1f8Size: 121
 
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA]
Process: SystemAddress: 0x8a31d1f8Size: 121
 
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA]
Process: SystemAddress: 0x8a31d1f8Size: 121
 
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS]
Process: SystemAddress: 0x8a31d1f8Size: 121
 
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: SystemAddress: 0x8a31d1f8Size: 121
 
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION]
Process: SystemAddress: 0x8a31d1f8Size: 121
 
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL]
Process: SystemAddress: 0x8a31d1f8Size: 121
 
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: SystemAddress: 0x8a31d1f8Size: 121
 
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL]
Process: SystemAddress: 0x8a31d1f8Size: 121
 
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: SystemAddress: 0x8a31d1f8Size: 121
 
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN]
Process: SystemAddress: 0x8a31d1f8Size: 121
 
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL]
Process: SystemAddress: 0x8a31d1f8Size: 121
 
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP]
Process: SystemAddress: 0x8a31d1f8Size: 121
 
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT]
Process: SystemAddress: 0x8a31d1f8Size: 121
 
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY]
Process: SystemAddress: 0x8a31d1f8Size: 121
 
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY]
Process: SystemAddress: 0x8a31d1f8Size: 121
 
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER]
Process: SystemAddress: 0x8a31d1f8Size: 121
 
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL]
Process: SystemAddress: 0x8a31d1f8Size: 121
 
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE]
Process: SystemAddress: 0x8a31d1f8Size: 121
 
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA]
Process: SystemAddress: 0x8a31d1f8Size: 121
 
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA]
Process: SystemAddress: 0x8a31d1f8Size: 121
 
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP]
Process: SystemAddress: 0x8a31d1f8Size: 121
 
==EOF==
 
_____
 
Sophos Anti-Rootkit Version 1.5.20  (c) 2009 Sophos Plc
Started logging on 12/17/2011 at 3:54:00 AM
User "Administrator" on computer "YOUR-F78BF48CE2"
Windows version 5.1 SP 3.0 Service Pack 3 build 2600 SM=0x300 PT=0x1 Win32
Info:Starting process scan.
Error:Could not initialize kernel driver memsweep.sys. Please restart and try again.
This service cannot be started in Safe Mode
Info:Starting registry scan.
Info:Starting disk scan of C: (NTFS).
Hidden:file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\T5V6KY3X\20205366212_1324000535,124657d67a03ee0,health,;;tile=1;dcopt=;dcopt=ist;!c=f;sz=728x90;net=vrm;ord1=823775;cmw=nowl;contx=health;dc=d;btg=;ord=1149985672[1]
Hidden:file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\1VHDKSHH\lt.2b-lt.43-lt.84;;sz=728x90;app=citi_creditcard;net=cm;env=ifr;ord1=377489;dcopt=ist;cmw=owl;contx=noc;dc=d;btg=lt.2b;btg=lt.43;btg=lt[1].84;ord=1324000556
Hidden:file C:\WINDOWS\system32\drivers\sptd.sys
Hidden:file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\T5V6KY3X\.g;btg=vt.aj;btg=vt.am;btg=vt.eh;btg=vt.bd;btg=vt.di;btg=vt.cq;btg=vt.cr;btg=vt.ai;btg=vt.bs;btg=vt.gs;btg=vt.kn;btg=vt.u;btg=vt.v;btg=vt[1].w;ord=465232127
Hidden:file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\1VHDKSHH\g;btg=vt.aj;btg=vt.am;btg=vt.eh;btg=vt.bd;btg=vt.di;btg=vt.cq;btg=vt.cr;btg=vt.ai;btg=vt.bs;btg=vt.gs;btg=vt.kn;btg=vt.u;btg=vt.v;btg=vt[1].w;ord=6842018614
Hidden:file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\1VHDKSHH\.g;btg=vt.aj;btg=vt.am;btg=vt.eh;btg=vt.bd;btg=vt.di;btg=vt.cq;btg=vt.cr;btg=vt.ai;btg=vt.bs;btg=vt.gs;btg=vt.kn;btg=vt.u;btg=vt.v;btg=vt[1].w;ord=465232127
Hidden:file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ZFNJX6JZ\=vt.bs;btg=vt.gs;btg=vt.kn;btg=vt.u;btg=vt.v;btg=vt.w;btg=vt.e;btg=vt.x;btg=vt.fk;btg=dx.10;btg=dx.11;btg=dx.26;btg=dx.42;btg=dx.43;ord=379465674400243[1].4
Hidden:file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\T5V6KY3X\.eh;btg=vt.bd;btg=vt.di;btg=vt.cq;btg=vt.cr;btg=vt.ai;btg=vt.bs;btg=vt.gs;btg=vt.kn;btg=vt.u;btg=vt.v;btg=vt.w;btg=vt.e;btg=vt.x;btg=vt[1].fk;ord=7867880288
Hidden:file C:\WINDOWS\$NtUninstallKB42535$\92840879\lsflt7.ver
Hidden:file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\T5V6KY3X\aj;btg=vt.am;btg=vt.eh;btg=vt.bd;btg=vt.di;btg=vt.cq;btg=vt.cr;btg=vt.ai;btg=vt.bs;btg=vt.gs;btg=vt.kn;btg=vt.u;btg=vt.v;btg=vt.w;btg=vt[1].e;ord=5918225103
Hidden:file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ZFNJX6JZ\12;dcopt=ist;cmw=owl;contx=health;an=60;bu=100;br=44;dc=w;btg=lt.61;btg=lt.59;btg=lt.4;btg=lt.41;btg=lt.1f;btg=lt.96;btg=iblocal.b8lm;ord=1324001654[1].5276
Hidden:file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\127XUZXA\education;adlocation=site_below_player;dcopt=ist;campaign=;page=category;kw=blinkx;pid=16;sz=468x62,300x251;;source=site;t=;tile=2;ord=4971851357131137[1]
Hidden:file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VR5U9EZ5\ontx=none;an=20;bu=100;br=44;dc=w;btg=cm.health_l;btg=cm.soccer_l;btg=lt.61;btg=lt.59;btg=lt.4;btg=lt.41;btg=lt.1f;btg=lt.96;btg=iblocal[1].b8lm;ord=4322746
Hidden:file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OLB08RUG\b36a7b;grp=175539252;misc=1814570395;rdclick=http%3A%2F%2Fads.lucidmedia[1].com%2Fclick%3Ft%3D3766323676103850706%26l%3D924042%26ad%3D239424%26s%3D19%26c%3D
Hidden:file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VR5U9EZ5\nk%7C82%7C3548062%7C0%7C170%7CAdId%3D7126095%3BBnId%3D1%3Bitime%3D2020804%3Bku%3D3782062%3Bkwlp3%3Dlucid_general%3Blink%3Dhttp%3A%2F%2Fads.lucidmedia[1].htm
Hidden:file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OLB08RUG\l;sub1=%26server%3Dlifescript.us.intellitxt[1].com%26ipid%3D35223%26scid%3D0%26md5%3Dfd220d8516202f9cc811477a1c6a8394;grp=297805551;misc=-368373916;rdclick=
Hidden:file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\B8RWLDU3\=specificmedia;camp=specificmedia;tax=premium_quiz;tax=quizzes;tax=personality;pos=pushdown;tile=15;sz=970x66,1x1;frId=ad_15_pushdown;ord=116260143911034[1]
Hidden:file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\B8RWLDU3\entid=7e1b45a7;abr=!webtvs;camp=specificmedia;camp=specificmedia;tax=premium_quiz;tax=quizzes;tax=personality;pos=1;tile=2;sz=160x600;ord=116260143911034[1]
Hidden:file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\B8RWLDU3\tx=health;an=40;bu=100;br=44;dc=w;btg=cm.health_l;btg=cm.soccer_l;btg=lt.61;btg=lt.59;btg=lt.4;btg=lt.41;btg=lt.1f;btg=lt.96;btg=iblocal[1].b8lm;ord=4406199
Hidden:file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\E20K825H\tx=health;an=80;bu=100;br=44;dc=w;btg=cm.health_l;btg=cm.soccer_l;btg=lt.61;btg=lt.59;btg=lt.4;btg=lt.41;btg=lt.1f;btg=lt.96;btg=iblocal[1].b8lm;ord=4403762
Hidden:file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VR5U9EZ5\tentid=7e1b45a7;abr=!webtvs;camp=specificmedia;camp=specificmedia;tax=premium_quiz;tax=quizzes;tax=personality;pos=1;tile=1;sz=728x90;ord=116260143911034[1]
Hidden:file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\B8RWLDU3\=7e1b45a7;abr=!webtvs;camp=specificmedia;camp=specificmedia;tax=premium_quiz;tax=quizzes;tax=personality;pos=pencil;tile=20;sz=470x60;ord=116260143911034[1]
Hidden:file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VR5U9EZ5\=!webtvs;camp=specificmedia;camp=specificmedia;tax=premium_quiz;tax=quizzes;tax=personality;pos=1;dcopt=ist;tile=3;sz=300x250,300x600;ord=116260143911034[1]
Hidden:file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\B8RWLDU3\ntid=7e1b45a7;abr=!webtvs;camp=specificmedia;camp=specificmedia;tax=premium_quiz;tax=quizzes;tax=personality;pos=1;tile=16;sz=470x250;ord=116260143911034[1]
Hidden:file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\E20K825H\entid=7e1b45a7;abr=!webtvs;camp=specificmedia;camp=specificmedia;tax=premium_quiz;tax=quizzes;tax=personality;pos=1;tile=5;sz=300x100;ord=116260143911034[1]
Hidden:file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OLB08RUG\1b45a7;abr=!webtvs;camp=specificmedia;camp=specificmedia;tax=premium_quiz;tax=quizzes;tax=personality;pos=2;tile=4;sz=300x250,300x600;ord=116260143911034[1]
Hidden:file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OLB08RUG\ntid=7e1b45a7;abr=!webtvs;camp=specificmedia;camp=specificmedia;tax=premium_quiz;tax=quizzes;tax=personality;pos=3;tile=21;sz=300x600;ord=116260143911034[1]
Hidden:file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VR5U9EZ5\tentid=7e1b45a7;abr=!webtvs;camp=specificmedia;camp=specificmedia;tax=premium_quiz;tax=quizzes;tax=personality;pos=2;tile=6;sz=728x90;ord=116260143911034[1]
Hidden:file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\E20K825H\le

GreenLeoCat

join:2008-03-13

05:00:38.0031 1248 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
05:00:38.0312 1248 ============================================================
05:00:38.0312 1248 Current date / time: 2011/12/17 05:00:38.0312
05:00:38.0312 1248 SystemInfo:
05:00:38.0312 1248
05:00:38.0312 1248 OS Version: 5.1.2600 ServicePack: 3.0
05:00:38.0312 1248 Product type: Workstation
05:00:38.0312 1248 ComputerName: YOUR-F78BF48CE2
05:00:38.0312 1248 UserName: Administrator
05:00:38.0312 1248 Windows directory: C:\WINDOWS
05:00:38.0312 1248 System windows directory: C:\WINDOWS
05:00:38.0312 1248 Processor architecture: Intel x86
05:00:38.0312 1248 Number of processors: 1
05:00:38.0312 1248 Page size: 0x1000
05:00:38.0312 1248 Boot type: Safe boot with network
05:00:38.0312 1248 ============================================================
05:00:39.0859 1248 Initialize success
05:01:30.0390 1220 ============================================================
05:01:30.0390 1220 Scan started
05:01:30.0390 1220 Mode: Manual;
05:01:30.0390 1220 ============================================================
05:01:31.0859 1220 Abiosdsk - ok
05:01:32.0265 1220 abp480n5 - ok
05:01:32.0765 1220 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
05:01:32.0765 1220 ACPI - ok
05:01:33.0203 1220 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
05:01:33.0203 1220 ACPIEC - ok
05:01:33.0593 1220 adpu160m - ok
05:01:34.0078 1220 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
05:01:34.0109 1220 aec - ok
05:01:34.0562 1220 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\WINDOWS\system32\drivers\Afc.sys
05:01:34.0562 1220 Afc - ok
05:01:35.0046 1220 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
05:01:35.0046 1220 AFD - ok
05:01:35.0968 1220 AgereSoftModem (593aefc67283d409f34cc1245d00a509) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
05:01:36.0437 1220 AgereSoftModem - ok
05:01:36.0843 1220 Aha154x - ok
05:01:37.0234 1220 aic78u2 - ok
05:01:37.0671 1220 aic78xx - ok
05:01:38.0937 1220 ALCXWDM (8d6c30e515717248e0e52b85fd7ac466) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
05:01:39.0734 1220 ALCXWDM - ok
05:01:40.0187 1220 AliIde - ok
05:01:40.0656 1220 AmdK8 (59301936898ae62245a6f09c0aba9475) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
05:01:40.0656 1220 AmdK8 - ok
05:01:41.0062 1220 amsint - ok
05:01:41.0515 1220 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
05:01:41.0515 1220 Arp1394 - ok
05:01:41.0921 1220 asc - ok
05:01:42.0328 1220 asc3350p - ok
05:01:42.0718 1220 asc3550 - ok
05:01:43.0203 1220 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
05:01:43.0203 1220 AsyncMac - ok
05:01:43.0656 1220 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
05:01:43.0671 1220 atapi - ok
05:01:44.0078 1220 Atdisk - ok
05:01:44.0531 1220 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
05:01:44.0531 1220 Atmarpc - ok
05:01:44.0953 1220 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
05:01:44.0953 1220 audstub - ok
05:01:45.0406 1220 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
05:01:45.0406 1220 Beep - ok
05:01:45.0859 1220 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
05:01:45.0859 1220 cbidf2k - ok
05:01:46.0265 1220 cd20xrnt - ok
05:01:46.0703 1220 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
05:01:46.0703 1220 Cdaudio - ok
05:01:47.0171 1220 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
05:01:47.0171 1220 Cdfs - ok
05:01:47.0625 1220 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
05:01:47.0640 1220 Cdrom - ok
05:01:48.0031 1220 Changer - ok
05:01:48.0453 1220 CmdIde - ok
05:01:49.0453 1220 cmuda3 (809980f0bfcec2d3ddb3dbe8a2bd323b) C:\WINDOWS\system32\drivers\cmudax3.sys
05:01:49.0984 1220 cmuda3 - ok
05:01:50.0406 1220 Cpqarray - ok
05:01:50.0828 1220 dac2w2k - ok
05:01:51.0234 1220 dac960nt - ok
05:01:51.0703 1220 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
05:01:51.0703 1220 Disk - ok
05:01:52.0421 1220 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
05:01:52.0687 1220 dmboot - ok
05:01:53.0187 1220 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
05:01:53.0218 1220 dmio - ok
05:01:53.0671 1220 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
05:01:53.0671 1220 dmload - ok
05:01:54.0140 1220 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
05:01:54.0140 1220 DMusic - ok
05:01:54.0593 1220 dpti2o - ok
05:01:55.0046 1220 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
05:01:55.0046 1220 drmkaud - ok
05:01:55.0562 1220 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
05:01:55.0562 1220 Fastfat - ok
05:01:56.0062 1220 fasttx2k (1e580770bdece924494b368ac980749e) C:\WINDOWS\system32\DRIVERS\fasttx2k.sys
05:01:56.0062 1220 fasttx2k - ok
05:01:56.0531 1220 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
05:01:56.0531 1220 Fdc - ok
05:01:56.0984 1220 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
05:01:56.0984 1220 Fips - ok
05:01:57.0453 1220 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
05:01:57.0453 1220 Flpydisk - ok
05:01:57.0921 1220 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
05:01:57.0921 1220 FltMgr - ok
05:01:58.0375 1220 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
05:01:58.0375 1220 Fs_Rec - ok
05:01:58.0859 1220 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
05:01:58.0859 1220 Ftdisk - ok
05:01:59.0312 1220 gagp30kx (3a74c423cf6bcca6982715878f450a3b) C:\WINDOWS\system32\DRIVERS\gagp30kx.sys
05:01:59.0312 1220 gagp30kx - ok
05:01:59.0734 1220 GEARAspiWDM (2fb04db459c71f416ee8b05448ca4ac3) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
05:01:59.0734 1220 GEARAspiWDM - ok
05:02:00.0187 1220 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
05:02:00.0187 1220 Gpc - ok
05:02:00.0656 1220 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
05:02:00.0656 1220 HidUsb - ok
05:02:01.0062 1220 hpn - ok
05:02:01.0609 1220 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
05:02:01.0687 1220 HTTP - ok
05:02:02.0093 1220 i2omgmt - ok
05:02:02.0484 1220 i2omp - ok
05:02:02.0953 1220 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
05:02:02.0953 1220 i8042prt - ok
05:02:03.0437 1220 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
05:02:03.0437 1220 Imapi - ok
05:02:03.0843 1220 ini910u - ok
05:02:04.0296 1220 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
05:02:04.0296 1220 IntelIde - ok
05:02:04.0750 1220 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
05:02:04.0750 1220 intelppm - ok
05:02:05.0203 1220 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
05:02:05.0203 1220 Ip6Fw - ok
05:02:05.0656 1220 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
05:02:05.0656 1220 IpFilterDriver - ok
05:02:06.0109 1220 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
05:02:06.0109 1220 IpInIp - ok
05:02:06.0625 1220 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
05:02:06.0656 1220 IpNat - ok
05:02:07.0125 1220 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
05:02:07.0125 1220 IPSec - ok
05:02:07.0593 1220 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
05:02:07.0593 1220 IRENUM - ok
05:02:08.0046 1220 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
05:02:08.0046 1220 isapnp - ok
05:02:08.0531 1220 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
05:02:08.0531 1220 Kbdclass - ok
05:02:08.0984 1220 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
05:02:08.0984 1220 kbdhid - ok
05:02:09.0500 1220 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
05:02:09.0531 1220 kmixer - ok
05:02:09.0984 1220 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
05:02:10.0000 1220 KSecDD - ok
05:02:10.0406 1220 lbrtfdc - ok
05:02:10.0828 1220 MBAMSwissArmy - ok
05:02:11.0203 1220 MEMSWEEP2 (f9ce67e9e0226079b59107b649851f96) C:\WINDOWS\system32\D.tmp
05:02:11.0203 1220 MEMSWEEP2 - ok
05:02:11.0640 1220 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
05:02:11.0640 1220 mnmdd - ok
05:02:12.0109 1220 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
05:02:12.0109 1220 Modem - ok
05:02:12.0562 1220 motusbdevice (2136cca3d1bf7c0248e5366b1a6c24e3) C:\WINDOWS\system32\DRIVERS\motusbdevice.sys
05:02:12.0562 1220 motusbdevice - ok
05:02:13.0015 1220 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
05:02:13.0015 1220 Mouclass - ok
05:02:13.0484 1220 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
05:02:13.0484 1220 mouhid - ok
05:02:13.0937 1220 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
05:02:13.0937 1220 MountMgr - ok
05:02:14.0343 1220 mraid35x - ok
05:02:14.0859 1220 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
05:02:14.0890 1220 MRxDAV - ok
05:02:15.0484 1220 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
05:02:15.0500 1220 MRxSmb - ok
05:02:15.0937 1220 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
05:02:15.0937 1220 Msfs - ok
05:02:16.0375 1220 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
05:02:16.0375 1220 MSKSSRV - ok
05:02:16.0796 1220 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
05:02:16.0796 1220 MSPCLOCK - ok
05:02:17.0265 1220 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
05:02:17.0265 1220 MSPQM - ok
05:02:17.0687 1220 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
05:02:17.0687 1220 mssmbios - ok
05:02:18.0156 1220 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
05:02:18.0156 1220 Mup - ok
05:02:18.0656 1220 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
05:02:18.0656 1220 NDIS - ok
05:02:19.0093 1220 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
05:02:19.0093 1220 NdisTapi - ok
05:02:19.0546 1220 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
05:02:19.0546 1220 Ndisuio - ok
05:02:20.0015 1220 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
05:02:20.0015 1220 NdisWan - ok
05:02:20.0484 1220 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
05:02:20.0484 1220 NDProxy - ok
05:02:20.0953 1220 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
05:02:20.0953 1220 NetBIOS - ok
05:02:21.0484 1220 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
05:02:21.0484 1220 NetBT - ok
05:02:21.0953 1220 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
05:02:21.0953 1220 NIC1394 - ok
05:02:22.0406 1220 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
05:02:22.0406 1220 Npfs - ok
05:02:23.0078 1220 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
05:02:23.0078 1220 Ntfs - ok
05:02:23.0531 1220 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
05:02:23.0531 1220 Null - ok
05:02:23.0968 1220 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
05:02:23.0968 1220 NwlnkFlt - ok
05:02:24.0406 1220 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
05:02:24.0406 1220 NwlnkFwd - ok
05:02:24.0875 1220 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
05:02:24.0875 1220 ohci1394 - ok
05:02:25.0343 1220 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
05:02:25.0343 1220 Parport - ok
05:02:25.0828 1220 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
05:02:25.0828 1220 PartMgr - ok
05:02:26.0265 1220 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
05:02:26.0265 1220 ParVdm - ok
05:02:26.0687 1220 PcdrNdisuio (505cba425df3bb230f244e1c23221058) C:\WINDOWS\system32\DRIVERS\pcdrndisuio.sys
05:02:26.0687 1220 PcdrNdisuio - ok
05:02:27.0156 1220 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
05:02:27.0156 1220 PCI - ok
05:02:27.0562 1220 PCIDump - ok
05:02:28.0015 1220 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
05:02:28.0015 1220 PCIIde - ok
05:02:28.0484 1220 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
05:02:28.0500 1220 Pcmcia - ok
05:02:28.0937 1220 PDCOMP - ok
05:02:29.0343 1220 PDFRAME - ok
05:02:29.0765 1220 PDRELI - ok
05:02:30.0171 1220 PDRFRAME - ok
05:02:30.0625 1220 PenClass (4a108cc9cc0e0605e68cce7021479879) C:\WINDOWS\system32\drivers\PenClass.sys
05:02:30.0625 1220 PenClass - ok
05:02:31.0046 1220 perc2 - ok
05:02:31.0437 1220 perc2hib - ok
05:02:31.0937 1220 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
05:02:31.0937 1220 PptpMiniport - ok
05:02:32.0390 1220 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
05:02:32.0390 1220 Processor - ok
05:02:32.0843 1220 Ps2 (bffdb363485501a38f0bca83aec810db) C:\WINDOWS\system32\DRIVERS\PS2.sys
05:02:32.0843 1220 Ps2 - ok
05:02:33.0296 1220 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
05:02:33.0312 1220 PSched - ok
05:02:33.0750 1220 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
05:02:33.0750 1220 Ptilink - ok
05:02:34.0203 1220 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
05:02:34.0203 1220 PxHelp20 - ok
05:02:34.0609 1220 ql1080 - ok
05:02:35.0031 1220 Ql10wnt - ok
05:02:35.0421 1220 ql12160 - ok
05:02:35.0859 1220 ql1240 - ok
05:02:36.0265 1220 ql1280 - ok
05:02:36.0687 1220 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
05:02:36.0687 1220 RasAcd - ok
05:02:37.0140 1220 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
05:02:37.0156 1220 Rasl2tp - ok
05:02:37.0625 1220 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
05:02:37.0625 1220 RasPppoe - ok
05:02:38.0093 1220 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
05:02:38.0093 1220 Raspti - ok
05:02:38.0593 1220 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
05:02:38.0593 1220 Rdbss - ok
05:02:39.0046 1220 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
05:02:39.0046 1220 RDPCDD - ok
05:02:39.0546 1220 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
05:02:39.0546 1220 RDPWD - ok
05:02:39.0953 1220 redbook - ok
05:02:40.0359 1220 rootrepeal - ok
05:02:40.0812 1220 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
05:02:40.0812 1220 rtl8139 - ok
05:02:41.0265 1220 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
05:02:41.0265 1220 Secdrv - ok
05:02:41.0718 1220 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
05:02:41.0718 1220 Serenum - ok
05:02:42.0187 1220 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
05:02:42.0187 1220 Serial - ok
05:02:42.0640 1220 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
05:02:42.0640 1220 Sfloppy - ok
05:02:43.0046 1220 Simbad - ok
05:02:43.0578 1220 SiS315 (509d96916c7d9218e4083940b8711b9b) C:\WINDOWS\system32\DRIVERS\sisgrp.sys
05:02:43.0656 1220 SiS315 - ok
05:02:44.0109 1220 SiSkp (2c921a4cce0b3eb372ebf448939fa3bf) C:\WINDOWS\system32\DRIVERS\srvkp.sys
05:02:44.0109 1220 SiSkp - ok
05:02:44.0531 1220 SISNIC (5529b51aacff16fbdde4b34ff0af2b76) C:\WINDOWS\system32\DRIVERS\sisnic.sys
05:02:44.0531 1220 SISNIC - ok
05:02:44.0937 1220 Sparrow - ok
05:02:45.0375 1220 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
05:02:45.0375 1220 splitter - ok
05:02:46.0062 1220 sptd (71e276f6d189413266ea22171806597b) C:\WINDOWS\system32\Drivers\sptd.sys
05:02:46.0062 1220 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b
05:02:46.0078 1220 sptd ( LockedFile.Multi.Generic ) - warning
05:02:46.0078 1220 sptd - detected LockedFile.Multi.Generic (1)
05:02:46.0546 1220 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
05:02:46.0546 1220 sr - ok
05:02:47.0093 1220 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
05:02:47.0109 1220 Srv - ok
05:02:47.0546 1220 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
05:02:47.0546 1220 swenum - ok
05:02:48.0000 1220 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
05:02:48.0000 1220 swmidi - ok
05:02:48.0421 1220 symc810 - ok
05:02:48.0812 1220 symc8xx - ok
05:02:49.0218 1220 sym_hi - ok
05:02:49.0640 1220 sym_u3 - ok
05:02:50.0093 1220 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
05:02:50.0093 1220 sysaudio - ok
05:02:50.0656 1220 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
05:02:50.0656 1220 Tcpip - ok
05:02:51.0109 1220 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
05:02:51.0109 1220 TDPIPE - ok
05:02:51.0593 1220 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
05:02:51.0593 1220 TDTCP - ok
05:02:52.0062 1220 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
05:02:52.0062 1220 TermDD - ok
05:02:52.0468 1220 TosIde - ok
05:02:52.0921 1220 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
05:02:52.0921 1220 Udfs - ok
05:02:53.0343 1220 ultra - ok
05:02:53.0937 1220 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
05:02:53.0937 1220 Update - ok
05:02:54.0406 1220 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
05:02:54.0406 1220 usbaudio - ok
05:02:54.0859 1220 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
05:02:54.0859 1220 usbccgp - ok
05:02:55.0312 1220 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
05:02:55.0312 1220 usbehci - ok
05:02:55.0781 1220 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
05:02:55.0781 1220 usbhub - ok
05:02:56.0218 1220 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
05:02:56.0218 1220 usbohci - ok
05:02:56.0671 1220 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
05:02:56.0671 1220 usbprint - ok
05:02:57.0109 1220 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
05:02:57.0109 1220 usbscan - ok
05:02:57.0562 1220 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
05:02:57.0562 1220 USBSTOR - ok
05:02:58.0015 1220 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
05:02:58.0015 1220 usbuhci - ok
05:02:58.0484 1220 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
05:02:58.0484 1220 VgaSave - ok
05:02:58.0921 1220 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
05:02:58.0921 1220 ViaIde - ok
05:02:59.0375 1220 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
05:02:59.0375 1220 VolSnap - ok
05:02:59.0843 1220 wacmoumonitor (826a053968d0faf39afd8aecff580cb6) C:\WINDOWS\system32\DRIVERS\wacmoumonitor.sys
05:02:59.0843 1220 wacmoumonitor - ok
05:03:00.0296 1220 wacommousefilter (427a8bc96f16c40df81c2d2f4edd32dd) C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys
05:03:00.0296 1220 wacommousefilter - ok
05:03:00.0734 1220 wacomvhid (51d580f30d1a1f2ea4965af6abc2bcb2) C:\WINDOWS\system32\DRIVERS\wacomvhid.sys
05:03:00.0734 1220 wacomvhid - ok
05:03:01.0187 1220 WacomVKHid (889459833432b161cb99cfdf84a1a9bb) C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys
05:03:01.0187 1220 WacomVKHid - ok
05:03:01.0640 1220 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
05:03:01.0640 1220 Wanarp - ok
05:03:02.0250 1220 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
05:03:02.0265 1220 Wdf01000 - ok
05:03:02.0656 1220 WDICA - ok
05:03:03.0156 1220 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
05:03:03.0156 1220 wdmaud - ok
05:03:03.0640 1220 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
05:03:03.0640 1220 WinUSB - ok
05:03:04.0140 1220 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
05:03:04.0140 1220 WudfPf - ok
05:03:04.0625 1220 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
05:03:04.0656 1220 WudfRd - ok
05:03:05.0062 1220 yomn - ok
05:03:05.0515 1220 zumbus (337b9607f041b77824411750069aff2d) C:\WINDOWS\system32\DRIVERS\zumbus.sys
05:03:05.0515 1220 zumbus - ok
05:03:05.0578 1220 MBR (0x1B8) (bad0263fbe81b49f5f07b32dc9d198b3) \Device\Harddisk0\DR0
05:03:05.0578 1220 \Device\Harddisk0\DR0 - ok
05:03:05.0593 1220 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk5\DR7
05:03:13.0125 1220 \Device\Harddisk5\DR7 - ok
05:03:13.0140 1220 Boot (0x1200) (b7ab31b312b931cfe8a564c57cc79369) \Device\Harddisk0\DR0\Partition0
05:03:13.0140 1220 \Device\Harddisk0\DR0\Partition0 - ok
05:03:13.0171 1220 Boot (0x1200) (8648bd857740cfe0c8419fbfdfbd2a78) \Device\Harddisk0\DR0\Partition1
05:03:13.0171 1220 \Device\Harddisk0\DR0\Partition1 - ok
05:03:13.0171 1220 Boot (0x1200) (9072417a3484a2ad7986093e836f445a) \Device\Harddisk5\DR7\Partition0
05:03:13.0171 1220 \Device\Harddisk5\DR7\Partition0 - ok
05:03:13.0187 1220 ============================================================
05:03:13.0187 1220 Scan finished
05:03:13.0187 1220 ============================================================
05:03:13.0203 1344 Detected object count: 1
05:03:13.0203 1344 Actual detected object count: 1
05:04:34.0734 1344 sptd ( LockedFile.Multi.Generic ) - skipped by user
05:04:34.0734 1344 sptd ( LockedFile.Multi.Generic ) - User select action: Skip



LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26
Reviews:
·Comcast

1 recommendation

reply to GreenLeoCat

Thanks for the logs. Nothing adverse showing.

First:
Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, copy and paste the contents of the following box:


:OTL
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.

:Services

:Reg

:Files
C:\Documents and Settings\All Users\Application Data\071633p1j612x862q517x5krx0j0

:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[Reboot]


[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Once you see a message box "Fix complete! Click OK to open the fix log."
[*]Click the OK button
[*]The log will open in Notepad (your default text editor).
{*]Save the log. Post a copy of that log in your next reply.


Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.

If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start-All Programs-Accessories-Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


Second:

Do a full system scan with you AntiVirus and post back with the results.

GreenLeoCat

join:2008-03-13

I've ran the OTL fix, but when it rebooted, I started getting a dialog box "choose the program you want to open this file" for every .exe extension... including firefox. But I opened the firefox.exe with firefox and it worked. When I do that with otl.exe it downloads through firefox and then once I open my downloads folder and click OTL it does the same thing again.

What's the best free AntiVirus program? I previously used spybot search and destroy.


GreenLeoCat

join:2008-03-13

It appears to let me run OTL in safe mode, so I'm doing that now.


GreenLeoCat

join:2008-03-13

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\ deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Documents and Settings\All Users\Application Data\071633p1j612x862q517x5krx0j0 moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 40518668 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 45885207 bytes
->Flash cache emptied: 842 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: HelpAssistant
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: HP_Owner
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 87473 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 126693469 bytes
->Java cache emptied: 25 bytes
->Flash cache emptied: 12298 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 18432 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 17621381 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 220.00 mb

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: HelpAssistant
->Flash cache emptied: 0 bytes

User: HP_Owner
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.31.0 log created on 12172011_160806

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

______

Will post Spybot S&D results once the scan completes. Let me know if I need to use a different antiviurs software.



LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26
Reviews:
·Comcast
reply to GreenLeoCat

In no particular order, free AV programs: Microsoft Security Essentials, AVG free, Avast Free, AntiVir free.

Pick one and try it. Do a full scan with it and post back. If you are still having trouble with exe files executing, let me know when you post back.


GreenLeoCat

join:2008-03-13

Avast would not run and gave me an error that suggested I uninstall and try again. I did this and received the same error. I uninstalled it.

AVG would only run "command line scanner" in safe mode, but when clicking scan the DOS window only lasts a few seconds before disappearing and I get the option to "start scan" again. I uninstalled this one as well.

Microsoft Security Essentials would not download in safe mode.

AntiVir gave me an error when I tried to update it. Here's the results of the scan from this program:

Avira AntiVir Personal
Report file date: Saturday, December 17, 2011 22:09

Scanning for 2364983 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are no longer available since s.

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Safe mode with network
Username : Administrator
Computer name : YOUR-F78BF48CE2

Version information:
BUILD.DAT : 10.0.0.611 31824 Bytes 1/14/2011 13:42:00
AVSCAN.EXE : 10.0.3.5 435368 Bytes 1/10/2011 19:23:31
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 17:57:04
LUKE.DLL : 10.0.3.2 104296 Bytes 1/10/2011 19:23:40
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 04:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 14:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 19:23:50
VBASE002.VDF : 7.11.0.1 2048 Bytes 12/14/2010 19:23:50
VBASE003.VDF : 7.11.0.2 2048 Bytes 12/14/2010 19:23:50
VBASE004.VDF : 7.11.0.3 2048 Bytes 12/14/2010 19:23:50
VBASE005.VDF : 7.11.0.4 2048 Bytes 12/14/2010 19:23:50
VBASE006.VDF : 7.11.0.5 2048 Bytes 12/14/2010 19:23:50
VBASE007.VDF : 7.11.0.6 2048 Bytes 12/14/2010 19:23:50
VBASE008.VDF : 7.11.0.7 2048 Bytes 12/14/2010 19:23:50
VBASE009.VDF : 7.11.0.8 2048 Bytes 12/14/2010 19:23:50
VBASE010.VDF : 7.11.0.9 2048 Bytes 12/14/2010 19:23:50
VBASE011.VDF : 7.11.0.10 2048 Bytes 12/14/2010 19:23:50
VBASE012.VDF : 7.11.0.11 2048 Bytes 12/14/2010 19:23:50
VBASE013.VDF : 7.11.0.52 128000 Bytes 12/16/2010 20:54:35
VBASE014.VDF : 7.11.0.91 226816 Bytes 12/20/2010 22:12:47
VBASE015.VDF : 7.11.0.122 136192 Bytes 12/21/2010 00:09:26
VBASE016.VDF : 7.11.0.156 122880 Bytes 12/24/2010 14:41:13
VBASE017.VDF : 7.11.0.185 146944 Bytes 12/27/2010 19:39:57
VBASE018.VDF : 7.11.0.228 132608 Bytes 12/30/2010 21:23:58
VBASE019.VDF : 7.11.1.5 148480 Bytes 1/3/2011 22:45:39
VBASE020.VDF : 7.11.1.37 156672 Bytes 1/7/2011 14:30:06
VBASE021.VDF : 7.11.1.65 140800 Bytes 1/10/2011 18:12:43
VBASE022.VDF : 7.11.1.87 225280 Bytes 1/11/2011 19:47:36
VBASE023.VDF : 7.11.1.88 2048 Bytes 1/11/2011 19:47:36
VBASE024.VDF : 7.11.1.89 2048 Bytes 1/11/2011 19:47:36
VBASE025.VDF : 7.11.1.90 2048 Bytes 1/11/2011 19:47:36
VBASE026.VDF : 7.11.1.91 2048 Bytes 1/11/2011 19:47:37
VBASE027.VDF : 7.11.1.92 2048 Bytes 1/11/2011 19:47:37
VBASE028.VDF : 7.11.1.93 2048 Bytes 1/11/2011 19:47:37
VBASE029.VDF : 7.11.1.94 2048 Bytes 1/11/2011 19:47:37
VBASE030.VDF : 7.11.1.95 2048 Bytes 1/11/2011 19:47:37
VBASE031.VDF : 7.11.1.117 94208 Bytes 1/13/2011 18:34:25
Engineversion : 8.2.4.140
AEVDF.DLL : 8.1.2.1 106868 Bytes 1/10/2011 19:23:26
AESCRIPT.DLL : 8.1.3.52 1282426 Bytes 1/6/2011 22:51:44
AESCN.DLL : 8.1.7.2 127349 Bytes 1/10/2011 19:23:26
AESBX.DLL : 8.1.3.2 254324 Bytes 1/10/2011 19:23:26
AERDL.DLL : 8.1.9.2 635252 Bytes 1/10/2011 19:23:25
AEPACK.DLL : 8.2.4.7 512375 Bytes 1/6/2011 22:51:44
AEOFFICE.DLL : 8.1.1.10 201084 Bytes 1/10/2011 19:23:25
AEHEUR.DLL : 8.1.2.64 3154294 Bytes 1/6/2011 22:51:44
AEHELP.DLL : 8.1.16.0 246136 Bytes 1/10/2011 19:23:19
AEGEN.DLL : 8.1.5.1 397683 Bytes 1/6/2011 22:51:43
AEEMU.DLL : 8.1.3.0 393589 Bytes 1/10/2011 19:23:18
AECORE.DLL : 8.1.19.0 196984 Bytes 1/10/2011 19:23:18
AEBB.DLL : 8.1.1.0 53618 Bytes 1/10/2011 19:23:18
AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/10/2011 19:23:32
AVPREF.DLL : 10.0.0.0 44904 Bytes 1/10/2011 19:23:30
AVREP.DLL : 10.0.0.8 62209 Bytes 6/17/2010 19:27:13
AVREG.DLL : 10.0.3.2 53096 Bytes 1/10/2011 19:23:31
AVSCPLR.DLL : 10.0.3.2 84328 Bytes 1/10/2011 19:23:31
AVARKT.DLL : 10.0.22.6 231784 Bytes 1/10/2011 19:23:27
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 1/10/2011 19:23:28
SQLITE3.DLL : 3.6.19.0 355688 Bytes 6/17/2010 19:27:22
AVSMTP.DLL : 10.0.0.17 63848 Bytes 1/10/2011 19:23:31
NETNT.DLL : 10.0.0.0 11624 Bytes 6/17/2010 19:27:21
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 18:10:20
RCTEXT.DLL : 10.0.58.0 97128 Bytes 1/10/2011 19:23:52

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: Saturday, December 17, 2011 22:09

Starting search for hidden objects.
The driver could not be initialized.

The scan of running processes will be started
Scan process 'avscan.exe' - '59' Module(s) have been scanned
Scan process 'NOTEPAD.EXE' - '25' Module(s) have been scanned
Scan process 'avcenter.exe' - '62' Module(s) have been scanned
Scan process 'Explorer.EXE' - '82' Module(s) have been scanned
Scan process 'svchost.exe' - '31' Module(s) have been scanned
Scan process 'svchost.exe' - '28' Module(s) have been scanned
Scan process 'svchost.exe' - '106' Module(s) have been scanned
Scan process 'svchost.exe' - '31' Module(s) have been scanned
Scan process 'svchost.exe' - '38' Module(s) have been scanned
Scan process 'svchost.exe' - '49' Module(s) have been scanned
Scan process 'lsass.exe' - '48' Module(s) have been scanned
Scan process 'services.exe' - '27' Module(s) have been scanned
Scan process 'winlogon.exe' - '61' Module(s) have been scanned
Scan process 'csrss.exe' - '12' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!
Master boot sector HD3
[INFO] No virus was found!
Master boot sector HD4
[INFO] No virus was found!
Master boot sector HD5
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
The registry was scanned ( '1748' files ).

Starting the file scan:

Begin scan in 'C:\'
C:\9d2c1e2116bff12c25e58b254b87\ZuneSetup.exe
[WARNING] The file could not be opened!
C:\Documents and Settings\HP_Owner\My Documents\Downloads\burger-shop-setup.exe
[DETECTION] Contains virus patterns of Adware ADWARE/Adware.Gen
--> ProgramFilesDir/Uninstall.exe
[DETECTION] Contains virus patterns of Adware ADWARE/Adware.Gen
C:\Program Files\InterMute\SpySubtract\ssengine.dll
[DETECTION] Is the TR/Orsam.A.2505 Trojan
C:\Program Files\iWin Games\Uninstall.exe
[DETECTION] Contains virus patterns of Adware ADWARE/Adware.Gen
C:\Program Files\Online Services\PeoplePC\Utilities\AtlBrowser.exe
[DETECTION] Contains recognition pattern of the DIAL/90112 dialer
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\'
D:\I386\Apps\APP31451\src\SpyInstall_HPPre.exe
[0] Archive type: RSRC
[DETECTION] Is the TR/Orsam.A.2505 Trojan
--> Object
[1] Archive type: CAB (Microsoft)
--> ssengine.dll
[DETECTION] Is the TR/Orsam.A.2505 Trojan

--> Object
[1] Archive type: RSRC
--> Object
[2] Archive type: CAB (Microsoft)
--> ssengine.dll
[DETECTION] Is the TR/Orsam.A.2505 Trojan

Beginning disinfection:
D:\I386\Apps\APP31451\src\SpyInstall_HPPre.exe
[DETECTION] Is the TR/Orsam.A.2505 Trojan
[NOTE] The file was moved to the quarantine directory under the name '4de106ca.qua'.
C:\Program Files\Online Services\PeoplePC\Utilities\AtlBrowser.exe
[DETECTION] Contains recognition pattern of the DIAL/90112 dialer
[NOTE] The file was moved to the quarantine directory under the name '55492951.qua'.
C:\Program Files\iWin Games\Uninstall.exe
[DETECTION] Contains virus patterns of Adware ADWARE/Adware.Gen
[NOTE] The file was moved to the quarantine directory under the name '07197383.qua'.
C:\Program Files\InterMute\SpySubtract\ssengine.dll
[DETECTION] Is the TR/Orsam.A.2505 Trojan
[NOTE] The file was moved to the quarantine directory under the name '612a3c7b.qua'.
C:\Documents and Settings\HP_Owner\My Documents\Downloads\burger-shop-setup.exe
[DETECTION] Contains virus patterns of Adware ADWARE/Adware.Gen
[NOTE] The file was moved to the quarantine directory under the name '24a31147.qua'.

End of the scan: Sunday, December 18, 2011 03:18
Used time: 3:57:35 Hour(s)

The scan has been done completely.

15347 Scanned directories
702204 Files were scanned
7 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
5 Files were moved to quarantine
0 Files were renamed
3 Files cannot be scanned
702194 Files not concerned
15855 Archives were scanned
3 Warnings
5 Notes

_____

After this the .exe error is still occuring. Upon booting in normal mode I did get the option to update AntiVir, so once I post this I'll update that and run another scan. If all works out with it and you want this information, I'll try to post it tomorrow before I go to work.


GreenLeoCat

join:2008-03-13

My computer completely crashed during the update so I went back in normal mode to try to start the update again and this time the program didn't auto start so I can't open it due to the .exe error. Tried once more in safe mode, but again got an error.



LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26
Reviews:
·Comcast

1 recommendation

reply to GreenLeoCat

There are a couple of fixes for the exe issue but I believe your problem goes deeper than that. The best course of action is to reformat and re-install.

However, if you want to pursue the exe fix, I am willing to try it. Note that the end result may still be to reformat.

Post back and let me know what you want to do.
--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2011
Gladiator Security Forum


GreenLeoCat

join:2008-03-13

I think I will just reformat... once I back up some pictures.

I do have reformat disks burnt for this computer, so we're good there!


GreenLeoCat

join:2008-03-13

The reformat went fine with zero problems! The first thing I did once it was up and running again was install Avast and set it so it's constantly running and updating.

I do have one more question for you... can you point me to some free antivirus software for a mac? I was looking at Avast for mac... but it's listed as a beta program and I'm a bit wary of using it.

As always I really do appreciate all your help!!! Text on a screen just can't seem to convey my thanks properly.



LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26
Reviews:
·Comcast

1 recommendation

reply to GreenLeoCat

I'm not that familiar with Mac software but Sophos has a free AV for Macs and the most recent Mac OS.

check here: »www.sophos.com/en-us/products/fr···ion.aspx

Good luck...
--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2011
Gladiator Security Forum


GreenLeoCat

join:2008-03-13

A thousand thank yous!

All three of the computers in our household are protected by some form of virus software... so hopefully you wont see me back here in the security clean up forum!



LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26

1 recommendation

reply to GreenLeoCat

Dont hesitate to post if you have questions.

Expand your moderator at work