[Trojan] Possible Trojan/bot?

Author	All Replies
GreenLeoCat join:2008-03-13	[Trojan] Possible Trojan/bot? I'm not really sure exactly what happened since I was not using this computer when the issues arose. I do understand that a false "virus scanner" started running. I also received an email from my internet provider stating that my computer had a bot. I had to run the Malwarebytes twice because it crashed the first time while trying to remove the 9 found items. ESET would complete the scan but then restart at the end, so I switched to bitDefender.. Below is the info requested... some of the steps were performed out of order because when I ESET made my computer reboot I lost the logs. OTL did not produce a second document titled "extras.txt". As always thank you guys so much for helping with this. Let me know if you need any additional information! _____ Malwarebytes' Anti-Malware 1.43 Database version: 3458 Windows 5.1.2600 Service Pack 3 (Safe Mode) Internet Explorer 8.0.6001.18702 2/10/2010 8:52:10 PM mbam-log-2010-02-10 (20-52-10).txt Scan type: Quick Scan Objects scanned: 128212 Time elapsed: 4 minute(s), 4 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) _____ OTL logfile created on: 12/15/2011 9:55:37 PM - Run 3 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Administrator\My Documents\Downloads Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 \| Country: United States \| Language: ENU \| Date Format: M/d/yyyy 1.87 Gb Total Physical Memory \| 1.39 Gb Available Physical Memory \| 73.98% Memory free 3.04 Gb Paging File \| 2.74 Gb Available in Paging File \| 89.94% Paging File free Paging file location(s): C:\pagefile.sys 1344 2688 [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\WINDOWS \| %ProgramFiles% = C:\Program Files Drive C: \| 141.97 Gb Total Space \| 2.97 Gb Free Space \| 2.09% Space Free \| Partition Type: NTFS Drive D: \| 7.05 Gb Total Space \| 1.63 Gb Free Space \| 23.11% Space Free \| Partition Type: FAT32 Drive L: \| 488.84 Mb Total Space \| 74.67 Mb Free Space \| 15.28% Space Free \| Partition Type: FAT Computer Name: YOUR-F78BF48CE2 \| User Name: Administrator \| Logged in as Administrator. Boot Mode: SafeMode with Networking \| Scan Mode: Current user Company Name Whitelist: Off \| Skip Microsoft Files: Off \| No Company Name Whitelist: On \| File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2011/12/15 21:55:27 \| 000,584,192 \| ---- \| M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\Downloads\OTL(1).exe PRC - [2011/11/11 20:48:29 \| 000,924,632 \| ---- \| M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2011/08/31 17:00:48 \| 001,047,208 \| ---- \| M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe PRC - [2008/04/13 19:12:19 \| 001,033,728 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2011/11/23 02:08:06 \| 008,527,008 \| ---- \| M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll MOD - [2011/11/11 20:48:27 \| 001,989,592 \| ---- \| M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [On_Demand \| Stopped] -- -- (AppMgmt) SRV - [2011/04/08 10:17:40 \| 000,176,848 \| ---- \| M] (iWin Inc.) [Auto \| Stopped] -- C:\Program Files\iWin Games\iWinTrusted.exe -- (iWinTrusted) SRV - [2010/11/11 13:57:04 \| 000,268,528 \| ---- \| M] (Microsoft Corporation) [On_Demand \| Stopped] -- c:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm) SRV - [2010/11/11 13:57:02 \| 000,444,656 \| ---- \| M] (Microsoft Corporation) [On_Demand \| Stopped] -- c:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc) SRV - [2010/11/11 13:55:56 \| 006,351,600 \| ---- \| M] (Microsoft Corporation) [On_Demand \| Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc) SRV - [2010/11/11 13:55:56 \| 000,057,072 \| ---- \| M] (Microsoft Corporation) [Auto \| Stopped] -- c:\Program Files\Zune\ZuneBusEnum.exe -- (ZuneBusEnum) SRV - [2010/04/29 11:30:44 \| 000,091,456 \| ---- \| M] () [Auto \| Stopped] -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe -- (MotoConnect Service) SRV - [2010/03/27 20:53:44 \| 000,867,080 \| ---- \| M] (Acresso Software Inc.) [On_Demand \| Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010/03/18 11:19:26 \| 000,113,152 \| ---- \| M] (ArcSoft Inc.) [Auto \| Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2010/01/15 07:49:20 \| 000,227,232 \| ---- \| M] (McAfee, Inc.) [On_Demand \| Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2009/10/09 04:45:56 \| 000,169,312 \| ---- \| M] (Adobe Systems Incorporated) [Auto \| Stopped] -- C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0) SRV - [2009/07/15 11:13:04 \| 000,112,936 \| ---- \| M] (Wacom Technology, Corp.) [Auto \| Stopped] -- C:\Program Files\WTouch\WTouchService.exe -- (WTouchService) SRV - [2009/07/15 11:13:02 \| 004,408,616 \| ---- \| M] (Wacom Technology, Corp.) [Auto \| Stopped] -- C:\WINDOWS\system32\Pen_Tablet.exe -- (TabletServicePen) SRV - [2004/11/03 01:59:50 \| 000,316,544 \| ---- \| M] (Symantec Corporation) [Auto \| Stopped] -- c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe -- (SymWSC) SRV - [2004/09/29 21:14:36 \| 000,069,632 \| ---- \| M] (HP) [Auto \| Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2011/12/15 21:52:10 \| 000,041,272 \| ---- \| M] (Malwarebytes Corporation) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2010/01/25 19:56:44 \| 000,009,472 \| ---- \| M] (Motorola Inc) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\motusbdevice.sys -- (motusbdevice) DRV - [2009/11/06 16:11:02 \| 000,717,296 \| ---- \| M] () [Kernel \| Boot \| Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2009/05/20 14:54:06 \| 000,013,736 \| ---- \| M] (Wacom Technology) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\wacomvhid.sys -- (wacomvhid) DRV - [2009/01/30 16:29:50 \| 000,015,656 \| ---- \| M] (Wacom Technology) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\wacmoumonitor.sys -- (wacmoumonitor) DRV - [2008/02/19 22:35:00 \| 001,516,672 \| R--- \| M] (C-Media Inc) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\cmudax3.sys -- (cmuda3) DRV - [2007/02/16 14:12:36 \| 000,011,312 \| ---- \| M] (Wacom Technology) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\wacommousefilter.sys -- (wacommousefilter) DRV - [2007/02/15 19:11:28 \| 000,011,440 \| ---- \| M] (Wacom Technology) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\WacomVKHid.sys -- (WacomVKHid) DRV - [2006/11/10 15:05:00 \| 000,018,688 \| ---- \| M] (Arcsoft, Inc.) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc) DRV - [2006/11/02 07:00:08 \| 000,039,368 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB) DRV - [2005/04/12 11:42:16 \| 000,011,904 \| ---- \| M] (Silicon Integrated Systems Corporation) [Kernel \| System \| Stopped] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp) DRV - [2005/04/12 11:08:44 \| 000,247,296 \| ---- \| M] (Silicon Integrated Systems Corporation) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315) DRV - [2005/03/09 16:53:00 \| 000,036,352 \| ---- \| M] (Advanced Micro Devices) [Kernel \| System \| Stopped] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8) DRV - [2005/01/19 19:21:56 \| 000,012,416 \| ---- \| M] (Windows (R) 2000 DDK provider) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\PcdrNdisuio.sys -- (PcdrNdisuio) DRV - [2004/10/01 12:24:02 \| 002,279,424 \| ---- \| M] (Realtek Semiconductor Corp.) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM) DRV - [2004/08/03 23:31:34 \| 000,020,992 \| ---- \| M] (Realtek Semiconductor Corporation) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C) DRV - [2004/06/29 12:07:18 \| 001,268,204 \| ---- \| M] (Agere Systems) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2003/12/02 20:23:20 \| 000,142,336 \| ---- \| M] (Promise Technology, Inc.) [Kernel \| Boot \| Running] -- C:\WINDOWS\system32\DRIVERS\fasttx2k.sys -- (fasttx2k) DRV - [2003/07/11 17:28:56 \| 000,032,768 \| ---- \| M] (SiS Corporation) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC) DRV - [2001/06/04 08:00:00 \| 000,014,112 \| ---- \| M] (Hewlett-Packard Company) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2) DRV - [2001/04/09 08:45:00 \| 000,008,138 \| ---- \| M] (Wacom Technology Corporation) [Kernel \| Boot \| Running] -- C:\WINDOWS\system32\drivers\PenClass.sys -- (PenClass) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = »ie.redirect.hp.com/svs/rdr?TYPE=···=desktop IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = »ie.redirect.hp.com/svs/rdr?TYPE=···=desktop IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = »ie.redirect.hp.com/svs/rdr?TYPE=···conduser IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = »ie.redirect.hp.com/svs/rdr?TYPE=···conduser IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = »ie.redirect.hp.com/svs/rdr?TYPE=···conduser IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = »ie.redirect.hp.com/svs/rdr?TYPE=···conduser IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = »ie.redirect.hp.com/svs/rdr?TYPE=···conduser IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2027: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2088: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1040: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{98e34367-8df7-42b4-837b-20b892ff0849}: C:\Program Files\iWin Games\firefox\ [2011/06/24 00:14:05 \| 000,000,000 \| ---D \| M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/11 20:48:29 \| 000,000,000 \| ---D \| M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/11 02:15:07 \| 000,000,000 \| ---D \| M] [2010/01/03 03:51:50 \| 000,000,000 \| ---D \| M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions [2011/12/15 21:49:09 \| 000,000,000 \| ---D \| M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lu7lu8v4.default\extensions [2010/02/10 20:46:29 \| 000,000,000 \| ---D \| M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lu7lu8v4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011/12/15 21:49:09 \| 000,000,000 \| ---D \| M] (BitDefender QuickScan) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lu7lu8v4.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2011/11/11 20:48:35 \| 000,000,000 \| ---D \| M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2009/10/30 01:27:49 \| 000,000,000 \| ---D \| M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2011/11/11 20:48:29 \| 000,134,104 \| ---- \| M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011/02/02 20:40:24 \| 000,472,808 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011/05/11 12:01:43 \| 000,002,252 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011/11/11 20:48:29 \| 000,002,040 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml Hosts file not found O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (AOLSearchHook Class) - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll (America Online, Inc.) O2 - BHO: (IEHlprObj Class) - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\Program Files\iWin Games\iWinGamesHookIE.dll (iWin Inc.) O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found. O3 - HKLM\..\Toolbar: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company) O3 - HKCU\..\Toolbar\ShellBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company) O3 - HKCU\..\Toolbar\WebBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company) O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [CmPCIaudio] RunDll32 CMICNFG3.cpl,CMICtrlWnd File not found O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [SiSPower] C:\WINDOWS\System32\SiSPower.dll (Silicon Integrated Systems Corporation) O4 - HKLM..\Run: [SSC_UserPrompt] c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe (Symantec Corporation) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [Zune Launcher] c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe (Wacom Technology, Corp.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe (Hewlett-Packard) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: &Google Search - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.) O8 - Extra context menu item: Backward Links - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.) O8 - Extra context menu item: Cached Snapshot of Page - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.) O8 - Extra context menu item: Similar Pages - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.) O8 - Extra context menu item: Translate into English - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.) O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm () O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm () O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - mswsock.dll File not found O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} »update.microsoft.com/windowsupda···06654546 (WUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} »java.sun.com/update/1.5.0/jinsta···i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_24) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.68.166 68.87.74.166 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B9F78B8B-E324-441F-8912-CC9381B73000}: DhcpNameServer = 68.87.68.166 68.87.74.166 O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\welcome.htm O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\welcome.htm O28 - HKLM ShellExecuteHooks: {FA010552-4A27-4cb1-A1BB-3E2D697F1639} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005/07/13 12:00:32 \| 000,000,050 \| ---- \| M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2001/07/27 20:07:38 \| 000,000,000 \| -HS- \| M] () - D:\AUTOEXEC.BAT -- [ FAT32 ] O32 - AutoRun File - [2004/04/30 12:01:14 \| 000,000,053 \| -HS- \| M] () - D:\Autorun.inf -- [ FAT32 ] O32 - AutoRun File - [2004/04/30 20:01:14 \| 000,000,053 \| -HS- \| M] () - D:\AUTORUN.FCB -- [ FAT32 ] O32 - AutoRun File - [2007/06/07 00:24:40 \| 000,000,090 \| ---- \| M] () - L:\AUTORUN.INF -- [ FAT ] O34 - HKLM BootExecute: (autocheck autochk ) O35 - HKLM\..comfile [open] -- "%1" % O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2011/12/15 21:52:10 \| 000,041,272 \| ---- \| C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2011/12/15 21:49:13 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Administrator\Application Data\QuickScan [2011/12/15 07:43:53 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\NetworkService\Application Data\Sun [2011/12/15 04:58:10 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia [2011/12/15 04:58:05 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe [2011/11/23 02:08:07 \| 000,414,368 \| ---- \| C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2011/12/15 21:52:10 \| 000,041,272 \| ---- \| M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2011/12/15 21:46:42 \| 000,002,048 \| --S- \| M] () -- C:\WINDOWS\bootstat.dat [2011/12/15 21:37:42 \| 000,000,664 \| ---- \| M] () -- C:\WINDOWS\System32\d3d9caps.dat [2011/12/15 05:06:36 \| 000,000,795 \| ---- \| M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2011/12/15 04:39:25 \| 000,000,185 \| ---- \| M] () -- C:\WINDOWS\System\hpsysdrv.DAT [2011/12/15 04:37:50 \| 000,016,374 \| -HS- \| M] () -- C:\Documents and Settings\All Users\Application Data\071633p1j612x862q517x5krx0j0 [2011/12/11 03:18:00 \| 000,000,348 \| ---- \| M] () -- C:\WINDOWS\tasks\File Helper.job [2011/11/23 02:08:07 \| 000,414,368 \| ---- \| M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011/12/15 04:29:45 \| 000,016,374 \| -HS- \| C] () -- C:\Documents and Settings\All Users\Application Data\071633p1j612x862q517x5krx0j0 [2010/03/27 02:17:46 \| 000,526,848 \| ---- \| C] () -- C:\WINDOWS\System32\hpgtg400.dll [2010/02/11 07:21:43 \| 000,000,664 \| ---- \| C] () -- C:\WINDOWS\System32\d3d9caps.dat [2009/12/19 21:04:12 \| 000,018,587 \| ---- \| C] () -- C:\WINDOWS\cdplayer.ini [2009/11/05 23:44:16 \| 000,000,066 \| ---- \| C] () -- C:\WINDOWS\Cmicnfg3.ini.cfl [2009/11/05 23:43:56 \| 000,001,480 \| R--- \| C] () -- C:\WINDOWS\Cmicnfg3.ini.cfg [2009/11/05 23:43:46 \| 000,002,267 \| R--- \| C] () -- C:\WINDOWS\cmudax3.ini [2009/11/05 04:12:01 \| 000,679,936 \| ---- \| C] () -- C:\WINDOWS\System32\xvidcore.dll [2009/11/05 04:12:01 \| 000,421,888 \| ---- \| C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll [2009/11/05 04:12:01 \| 000,155,648 \| ---- \| C] () -- C:\WINDOWS\System32\xvidvfw.dll [2009/11/05 04:12:01 \| 000,061,440 \| ---- \| C] () -- C:\WINDOWS\System32\libfaac.dll [2009/11/05 04:12:00 \| 000,019,968 \| ---- \| C] () -- C:\WINDOWS\System32\cpuinf32.dll [2009/11/05 02:56:29 \| 000,000,337 \| ---- \| C] () -- C:\WINDOWS\System32\tablet.dat [2009/11/05 02:42:37 \| 000,079,020 \| ---- \| C] () -- C:\WINDOWS\hpfins05.dat [2009/11/05 02:42:37 \| 000,001,395 \| ---- \| C] () -- C:\WINDOWS\hpfmdl05.dat [2009/11/01 07:38:40 \| 000,000,110 \| ---- \| C] () -- C:\WINDOWS\GMouse.ini [2009/10/30 02:45:09 \| 000,272,128 \| ---- \| C] () -- C:\WINDOWS\System32\perfi009.dat [2009/10/30 02:45:09 \| 000,028,626 \| ---- \| C] () -- C:\WINDOWS\System32\perfd009.dat [2009/10/30 02:45:05 \| 000,004,490 \| ---- \| C] () -- C:\WINDOWS\System32\oembios.dat [2009/10/30 02:45:00 \| 013,107,200 \| ---- \| C] () -- C:\WINDOWS\System32\oembios.bin [2009/10/30 02:44:54 \| 000,000,741 \| ---- \| C] () -- C:\WINDOWS\System32\noise.dat [2009/10/30 02:44:24 \| 000,673,088 \| ---- \| C] () -- C:\WINDOWS\System32\mlang.dat [2009/10/30 02:44:23 \| 000,046,258 \| ---- \| C] () -- C:\WINDOWS\System32\mib.bin [2009/10/30 02:41:59 \| 000,218,003 \| ---- \| C] () -- C:\WINDOWS\System32\dssec.dat [2009/10/30 02:41:30 \| 000,001,804 \| ---- \| C] () -- C:\WINDOWS\System32\dcache.bin [2009/10/30 01:52:24 \| 000,000,000 \| ---- \| C] () -- C:\WINDOWS\nsreg.dat [2005/07/13 12:02:30 \| 000,000,061 \| ---- \| C] () -- C:\WINDOWS\smscfg.ini [2005/07/13 11:59:46 \| 000,204,800 \| ---- \| C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2005/07/13 11:59:46 \| 000,192,512 \| ---- \| C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2005/07/13 11:59:46 \| 000,188,416 \| ---- \| C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2005/07/13 11:59:45 \| 000,200,704 \| ---- \| C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2005/07/13 11:59:45 \| 000,192,512 \| ---- \| C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2005/07/13 11:59:45 \| 000,020,480 \| ---- \| C] () -- C:\WINDOWS\System32\IVIresize.dll [2005/07/13 11:32:42 \| 000,118,784 \| R--- \| C] () -- C:\WINDOWS\bwUnin-6.3.2.62.exe [2005/07/13 11:31:32 \| 000,014,554 \| ---- \| C] () -- C:\WINDOWS\System32\CHODDI.SYS [2005/07/13 11:31:26 \| 000,045,056 \| ---- \| C] () -- C:\WINDOWS\System32\hpreg.dll [2005/07/13 11:31:05 \| 000,002,154 \| ---- \| C] () -- C:\WINDOWS\System32\ssmute.ini [2005/07/13 11:28:13 \| 000,000,376 \| ---- \| C] () -- C:\WINDOWS\ODBC.INI [2005/07/13 11:15:18 \| 000,047,832 \| ---- \| C] () -- C:\WINDOWS\hpiins01.dat [2005/07/13 11:15:18 \| 000,000,000 \| ---- \| C] () -- C:\WINDOWS\hpimdl01.dat [2005/07/13 11:13:55 \| 000,094,364 \| ---- \| C] () -- C:\WINDOWS\HPHins03.dat [2005/07/13 11:13:55 \| 000,002,655 \| ---- \| C] () -- C:\WINDOWS\hphmdl03.dat [2005/07/13 11:11:56 \| 000,069,000 \| ---- \| C] () -- C:\WINDOWS\hpoins05.dat [2005/07/13 11:11:56 \| 000,019,696 \| ---- \| C] () -- C:\WINDOWS\hpomdl05.dat [2005/07/13 11:08:20 \| 000,050,500 \| ---- \| C] () -- C:\WINDOWS\hpdins05.dat [2005/07/13 11:08:20 \| 000,000,000 \| ---- \| C] () -- C:\WINDOWS\hpdmdl01.dat [2005/07/13 11:06:58 \| 000,001,793 \| ---- \| C] () -- C:\WINDOWS\System32\fxsperf.ini [2005/07/13 11:04:14 \| 000,001,040 \| ---- \| C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat [2005/07/13 11:00:41 \| 000,094,143 \| ---- \| C] () -- C:\WINDOWS\System32\VGAunistlog.ini [2005/07/13 11:00:41 \| 000,083,779 \| ---- \| C] () -- C:\WINDOWS\VGAsetup.ini [2005/07/13 11:00:39 \| 000,032,768 \| ---- \| C] () -- C:\WINDOWS\InstFunc.exe [2005/07/13 11:00:33 \| 000,065,536 \| ---- \| C] () -- C:\WINDOWS\System32\sis760.bin [2005/07/13 11:00:33 \| 000,065,536 \| ---- \| C] () -- C:\WINDOWS\System32\sis741.bin [2005/07/13 11:00:33 \| 000,049,152 \| ---- \| C] () -- C:\WINDOWS\System32\sis660.bin [2005/07/13 10:51:03 \| 000,000,780 \| ---- \| C] () -- C:\WINDOWS\orun32.ini [2005/07/13 10:49:12 \| 000,323,584 \| ---- \| C] () -- C:\WINDOWS\System32\pythoncom22.dll [2005/07/13 10:49:12 \| 000,094,208 \| ---- \| C] () -- C:\WINDOWS\System32\pywintypes22.dll [2005/07/13 10:48:53 \| 000,016,896 \| ---- \| C] () -- C:\WINDOWS\System32\bcbmm.dll [2005/04/27 13:38:00 \| 000,372,736 \| ---- \| C] () -- C:\WINDOWS\System32\hpzidi01.dll [2005/04/27 13:37:49 \| 000,077,824 \| ---- \| C] () -- C:\WINDOWS\System32\hpzids01.dll [2005/02/18 12:56:18 \| 000,000,000 \| ---- \| C] () -- C:\WINDOWS\System32\px.ini [2005/01/28 04:12:02 \| 000,002,048 \| --S- \| C] () -- C:\WINDOWS\bootstat.dat [2005/01/26 23:58:08 \| 000,443,232 \| ---- \| C] () -- C:\WINDOWS\System32\perfh009.dat [2005/01/26 23:58:08 \| 000,072,372 \| ---- \| C] () -- C:\WINDOWS\System32\perfc009.dat [2005/01/26 23:56:22 \| 000,212,880 \| ---- \| C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2005/01/26 23:53:16 \| 000,004,161 \| ---- \| C] () -- C:\WINDOWS\ODBCINST.INI [2005/01/26 23:51:30 \| 000,021,640 \| ---- \| C] () -- C:\WINDOWS\System32\emptyregdb.dat [2005/01/20 00:45:40 \| 000,090,112 \| ---- \| C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll [2005/01/20 00:45:40 \| 000,065,536 \| ---- \| C] () -- C:\WINDOWS\System32\ProgressTrace.dll [2004/08/04 13:00:00 \| 000,004,569 \| ---- \| C] () -- C:\WINDOWS\System32\secupd.dat [2004/06/15 23:38:00 \| 000,000,560 \| ---- \| C] () -- C:\WINDOWS\System32\oeminfo.ini [2004/06/07 13:32:52 \| 000,009,505 \| ---- \| C] () -- C:\WINDOWS\System32\hphmon06.dat [2003/04/11 00:04:00 \| 000,028,672 \| ---- \| C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll [2003/01/08 00:05:08 \| 000,002,695 \| ---- \| C] () -- C:\WINDOWS\System32\OUTLPERF.INI [color=#E56717]========== LOP Check ==========[/color] [2005/07/13 11:48:03 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Administrator\Application Data\InterMute [2011/12/15 21:49:18 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Administrator\Application Data\QuickScan [2005/07/13 11:43:20 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Administrator\Application Data\SampleView [2009/12/13 02:53:47 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\AIM [2009/11/06 16:12:43 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite [2010/03/27 21:10:59 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\espionServerData [2010/04/17 00:04:03 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\GameHouse [2010/11/26 02:34:51 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\HipSoft [2010/04/05 02:01:27 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Iwin [2010/04/03 21:30:50 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\iWin Games [2009/11/06 00:42:15 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Last.fm [2011/07/28 03:39:02 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2011/12/11 03:18:00 \| 000,000,348 \| ---- \| M] () -- C:\WINDOWS\Tasks\File Helper.job [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 170 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:97C84299 @Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:803A486C @Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3D0C4F47 @Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:38337420 @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EF258AD5 @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E6A94ABF @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:969736FD @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E7B2BEDB _____ Results of screen317's Security Check version 0.99.28 Windows XP Service Pack 3 x86 Internet Explorer 8 `````````````````````````````` [u]Antivirus/Firewall Check:[/u] [color=red]Windows Security Center service is not running! This report may not be accurate![/color] McAfee Security Scan Plus ``````````````````````````````` [u]Anti-malware/Other Utilities Check:[/u] Malwarebytes' Anti-Malware Java(TM) 6 Update 24 [color=red]Java version out of date![/color] Adobe Flash Player 11.1.102.55 Mozilla Firefox (8.0.) ```````````````````````````````` Process Check: [u]objlist.exe by Laurent[/u] Malwarebytes' Anti-Malware mbam.exe ``````````End of Log```````````` _____ QuickScan Beta 32-bit v0.9.9.99 ------------------------------- Scan date: Thu Dec 15 21:49:18 2011 Machine ID: 987D8176 No infection found. ------------------- Processes --------- Firefox 1272 C:\Program Files\Mozilla Firefox\firefox.exe Firefox 1480 C:\Program Files\Mozilla Firefox\plugin-container.exe (verified) Microsoft® Windows® Operating System 1184 C:\WINDOWS\explorer.exe (verified) Microsoft® Windows® Operating System 416 C:\WINDOWS\system32\csrss.exe (verified) Microsoft® Windows® Operating System 500 C:\WINDOWS\system32\lsass.exe (verified) Microsoft® Windows® Operating System 488 C:\WINDOWS\system32\services.exe (verified) Microsoft® Windows® Operating System 364 C:\WINDOWS\system32\smss.exe (verified) Microsoft® Windows® Operating System 652 C:\WINDOWS\system32\svchost.exe (verified) Microsoft® Windows® Operating System 700 C:\WINDOWS\system32\svchost.exe (verified) Microsoft® Windows® Operating System 800 C:\WINDOWS\system32\svchost.exe (verified) Microsoft® Windows® Operating System 868 C:\WINDOWS\system32\svchost.exe (verified) Microsoft® Windows® Operating System 916 C:\WINDOWS\system32\svchost.exe (verified) Microsoft® Windows® Operating System 988 C:\WINDOWS\system32\svchost.exe (verified) Microsoft® Windows® Operating System 444 C:\WINDOWS\system32\winlogon.exe Network activity ---------------- Process firefox.exe (1272) connected on port 80 (HTTP) --> 66.235.142.2 Process firefox.exe (1272) connected on port 80 (HTTP) --> 69.171.242.54 Process firefox.exe (1272) connected on port 80 (HTTP) --> 74.125.159.113 Process svchost.exe (652) listens on ports: 3389 (Terminal Server) Process svchost.exe (700) listens on ports: 135 (RPC) Autoruns and critical files --------------------------- Adobe Acrobat C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe ArcSoft Connect C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe hp digital imaging - hp all-in-one seri C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe HPBootOp C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe Java(TM) Platform SE Auto Updater 2 0 C:\Program Files\Common Files\Java\Java Update\jusched.exe LightScribe c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe LiveUpdate C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE Malwarebytes' Anti-Malware C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe Microsoft® Windows® Operating System C:\WINDOWS\system32\CRYPT32.dll Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll Microsoft® Windows® Operating System C:\WINDOWS\system32\cscdll.dll Microsoft® Windows® Operating System C:\WINDOWS\System32\dimsntfy.dll Microsoft® Windows® Operating System C:\WINDOWS\System32\logon.scr Microsoft® Windows® Operating System C:\WINDOWS\system32\SHELL32.dll Microsoft® Windows® Operating System c:\windows\system32\userinit.exe Microsoft® Windows® Operating System C:\WINDOWS\system32\WlNotify.dll Norton Security Center c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe QuickTime C:\Program Files\QuickTime\QTTask.exe RealPlayer (32-bit) C:\Program Files\Common Files\Real\Update_OB\realsched.exe Realtek Audio - Event Monitor C:\WINDOWS\ALCXMNTR.EXE SiS Power Scheme Library C:\WINDOWS\system32\SiSPower.dll Updates from HP.exe C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe Wacom Technology, Corp. TABUSERW C:\WINDOWS\system32\WTablet\TabUserW.exe XSS ShellvRTF D:\info.exe Zune® c:\Program Files\Zune\ZuneLauncher.exe (verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\BROWSEUI.dll (verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\ctfmon.exe (verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\logonui.exe (verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\sclgntfy.dll (verified) Microsoft® Windows® Operating System c:\windows\system32\stobject.dll (verified) Microsoft® Windows® Operating System c:\windows\system32\wpdshserviceobj.dll (verified) Windows® Internet Explorer c:\windows\system32\webcheck.dll Browser plugins --------------- AcroIEHelper Library c:\program files\adobe\acrobat 7.0\activex\acroiehelper.dll Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll Adobe Acrobat C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll AOL Search c:\program files\aim search\aolsearch.dll BitDefender QuickScan C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lu7lu8v4.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll downloadUpdater C:\Program Files\Mozilla Firefox\plugins\npdnu.dll downloadUpdater2 C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll Flash® Player Installer/Uninstaller C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe hp view c:\program files\hp\digital imaging\bin\hpdtlk02.dll InstallShield Update Service C:\WINDOWS\Downloaded Program Files\isusweb.dll iWinGamesManager Application c:\program files\iwin games\iwingameshookie.dll Java Deployment Toolkit 6.0.240.7 C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll Java(TM) Platform SE 6 U24 c:\program files\java\jre6\bin\jp2ssv.dll Java(TM) Platform SE 6 U24 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll Java(TM) Platform SE 6 U24 c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll Messenger C:\Program Files\Messenger\msmsgs.exe Microsoft® Windows® Operating System C:\WINDOWS\system32\mswsock.dll Microsoft® Windows® Operating System C:\WINDOWS\System32\winrnr.dll NPSWF32.dll C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll RealJukebox NS Plugin C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll RealPlayer Version Plugin C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll RealPlayer(tm) G2 LiveConnect-Enabled P C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll Silverlight Plug-In C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll Windows Presentation Foundation c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll Windows® Internet Explorer C:\WINDOWS\system32\ieframe.dll (verified) InstallShield Update Service C:\WINDOWS\Downloaded Program Files\dwusplay.dll (verified) InstallShield Update Service C:\WINDOWS\Downloaded Program Files\dwusplay.exe (verified) Microsoft® Windows Live Login Helper c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll (verified) Microsoft® Windows® Operating System C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (verified) QuickTime Plug-in 7.6.4 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll (verified) QuickTime Plug-in 7.6.4 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll (verified) QuickTime Plug-in 7.6.4 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll (verified) QuickTime Plug-in 7.6.4 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll (verified) QuickTime Plug-in 7.6.4 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll (verified) QuickTime Plug-in 7.6.4 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll (verified) QuickTime Plug-in 7.6.4 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll (verified) QuickTime Plug-in 7.6.4 C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (verified) QuickTime Plug-in 7.6.4 C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (verified) QuickTime Plug-in 7.6.4 C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (verified) QuickTime Plug-in 7.6.4 C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (verified) QuickTime Plug-in 7.6.4 C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (verified) QuickTime Plug-in 7.6.4 C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (verified) QuickTime Plug-in 7.6.4 C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll Missing files ------------- File not found: CMICNFG3.cpl --> HKLM\Software\Microsoft\Windows\CurrentVersion\Run\"CmPCIaudio" Scan ---- MD5: f4a569f89a90205a095965ae628625e1 C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lu7lu8v4.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll MD5: 9819c4f68686e9fe1d62dd0d4767ddd5 c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe MD5: 42729c3de75a7a51fc6f9ef6546c9199 c:\program files\adobe\acrobat 7.0\activex\acroiehelper.dll MD5: deb88aef013dd1eefb462d7cad642166 C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe MD5: 34400005de52842c4d6d4ee978b4d7ce C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe MD5: f00c1002b8c7528c91c6a26723d18265 c:\program files\aim search\aolsearch.dll MD5: a7810b302294793de88542aae177d1b1 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe MD5: 2e5212a0bfb98fe0167c92c76c87afe3 C:\Program Files\Common Files\Java\Java Update\jusched.exe MD5: 9bd7add61b031307dd075e5e6a917c4d c:\Program Files\Common Files\LightScribe\LSSrvc.exe MD5: abedfd48ac042c6aaad32452e77217a1 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe MD5: b8e684df9a97497edd2f87444a6307fb C:\Program Files\Common Files\Real\Update_OB\realsched.exe MD5: 67c5af84809468061121fbcbecb19285 c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe MD5: b96c81be7b8d11710496787e5859d768 c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe MD5: 30a086ba3520555b718e77763b1c52c0 C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe MD5: 3117f57bfd69c3637340c47d9fee2e7c c:\program files\hp\digital imaging\bin\hpdtlk02.dll MD5: 5597d0075861cb0a6e6087752d205c0d C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe MD5: 865250e2742e49c02b0c4307ab042478 C:\Program Files\Internet Explorer\plugins\nppdf32.dll MD5: 6d1dd86ea58ad1b2f57301042d819436 C:\Program Files\iPod\bin\iPodService.exe MD5: f841c2d5f930cf4ae834b67a9eba5809 c:\program files\iwin games\iwingameshookie.dll MD5: fe1a970e7ce330bb844e333c374c6599 C:\Program Files\iWin Games\iWinTrusted.exe MD5: 88e49c2b7e75b1d9695d6a063f28a8bb c:\program files\java\jre6\bin\jp2ssv.dll MD5: 5e06a9d23727daf96faa796f1135fdcd C:\Program Files\Java\jre6\bin\jqs.exe MD5: 4ebb5b4dcabec18b29d01f9f607b0114 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll MD5: a36f13f0a039de74e07d7b2fbcaf8bb7 c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll MD5: 4cbe2bd48a10404a7cb9fa9d45fd77a3 C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe MD5: 3e930c641079443d4de036167a69caa2 C:\Program Files\Messenger\msmsgs.exe MD5: c3e42cbf8215171a524d123a54ae3233 C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll MD5: be72f68c3e898c6c7dd61afdf28769dd C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe MD5: a7057e1fb47203ff55bced30572f2664 C:\Program Files\Mozilla Firefox\components\browsercomps.dll MD5: 4cb4054659abeeef925b153e2290e634 C:\Program Files\Mozilla Firefox\firefox.exe MD5: d08d8b6306638a0ea7d95666165bb7fe C:\Program Files\Mozilla Firefox\freebl3.dll MD5: 69793b6f19bdc9c5ae671e89adcfa226 C:\Program Files\Mozilla Firefox\mozalloc.dll MD5: 674ad9717fe2026f484bf232fc47e28f C:\Program Files\Mozilla Firefox\MOZCPP19.dll MD5: 89d0ef2f8282b36bea6ce3482e8c577f C:\Program Files\Mozilla Firefox\MOZCRT19.dll MD5: 47a91e11a42f115d094dee60ec144ad7 C:\Program Files\Mozilla Firefox\mozjs.dll MD5: f56c38796e2d3a82517bd9c55a6107a7 C:\Program Files\Mozilla Firefox\mozsqlite3.dll MD5: 2016d8e53579693fbcf59718dde836b4 C:\Program Files\Mozilla Firefox\nspr4.dll MD5: 70307aaa18fcc82c1b73f82107da9d76 C:\Program Files\Mozilla Firefox\nss3.dll MD5: 1985fe5d5022dec52e030e01e129ffec C:\Program Files\Mozilla Firefox\nssckbi.dll MD5: 1b732fb5914612e596f0d57ff9c0f5bd C:\Program Files\Mozilla Firefox\nssdbm3.dll MD5: ffad522e94add9fd60d5fa6d41d237ea C:\Program Files\Mozilla Firefox\nssutil3.dll MD5: 770f78dbd5c76dcea4968c936e836ad4 C:\Program Files\Mozilla Firefox\plc4.dll MD5: a374095556e72de21174173e6800b7fc C:\Program Files\Mozilla Firefox\plds4.dll MD5: fd67e2c52f62995c3cf1d6d720eeb66f C:\Program Files\Mozilla Firefox\plugin-container.exe MD5: 9d35e12b661581b83dd74eb910ea9e6d C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll MD5: 323fe218dac089eed70ca55e6c1c2f1d C:\Program Files\Mozilla Firefox\plugins\npdnu.dll MD5: dbe8c34758da614f35ae7011284406bb C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll MD5: 865250e2742e49c02b0c4307ab042478 C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll MD5: 35a2c59e2f1963a9afcac9a959f076a6 C:\Program Files\Mozilla Firefox\smime3.dll MD5: c35b493f498764e43b35b313b51f5f08 C:\Program Files\Mozilla Firefox\softokn3.dll MD5: d4b4f877ee533e8b766c67ff54e73d5d C:\Program Files\Mozilla Firefox\ssl3.dll MD5: 79b19878f2240152c0e5ea8202e12003 C:\Program Files\Mozilla Firefox\xpcom.dll MD5: 848d0c1ac744b36501eede14d0bb72d8 C:\Program Files\Mozilla Firefox\xul.dll MD5: 8cbd57d84729debee1e83cb5fa3e3d7a C:\Program Files\QuickTime\QTTask.exe MD5: 7a51119945be40aeac5b512f6bc7195c C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll MD5: 135b08eca081bd44c707af6c1235c36e C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll MD5: 6a39886b9fd9bba97241049693dfb432 C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll MD5: 77a09a4a5b4db9736962a854eacb8c06 C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE MD5: 061380aff32ec10474b2b355499b6e35 C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe MD5: f37569c373a4475007835ed77593475c C:\Program Files\WTouch\WTouchService.exe MD5: a3ba4712ebf768edfbccec09fa120b6f c:\Program Files\Zune\WMZuneComm.exe MD5: dee869820c3483ec7b92a9fd9ba332a7 c:\Program Files\Zune\ZuneBusEnum.exe MD5: 4048f9da4ba3036a994185ce6a2b6c55 c:\Program Files\Zune\ZuneLauncher.exe MD5: 5bdcacd5b2b0fb972bc570e70f616acf c:\Program Files\Zune\ZuneNss.exe MD5: e22e48654a66aa3e24f4646c6bc1756c c:\Program Files\Zune\ZuneWlanCfgSvc.exe MD5: 7b8875a5b04932ac73afd8079864db68 C:\WINDOWS\ALCXMNTR.EXE MD5: 310c15fd8358b2c4cd7a5b98a112883f C:\WINDOWS\AppPatch\AcGenral.DLL MD5: 632e0ce38fbcadeaae28077f4c9c45d5 C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe MD5: 6f88f1de97b7ba6e2be4dc29aeeacf0d C:\WINDOWS\Downloaded Program Files\isusweb.dll MD5: ab87eeffd18f2baafc274e7075ea6c67 c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll MD5: 93afb83fbc1f9443cac722fca63d73bf C:\WINDOWS\system32\COMCTL32.dll MD5: a90e118f12d355f9946dfb30a8f94609 C:\WINDOWS\system32\CRYPT32.dll MD5: c14350fc0d47d806699c4f907fc6785b C:\WINDOWS\system32\cryptnet.dll MD5: 515a7fae2070c2b0242b2353443e2f11 C:\WINDOWS\system32\cscdll.dll MD5: 2a9e427681169f02274ad8c17d52fa2d C:\WINDOWS\system32\CSRSRV.dll MD5: e2092f0a1d7abc243f9c2362483d150d C:\WINDOWS\System32\dimsntfy.dll MD5: 389496118b3b03c2328024af320132ac C:\WINDOWS\system32\DNSAPI.dll MD5: 5f7e24fa9eab896051ffb87f840730d2 c:\windows\system32\dnsrslvr.dll MD5: fe3ea6e9afc1a78e6edca121e006afb7 C:\WINDOWS\system32\drivers\Afc.sys MD5: 1e44bc1e83d8fd2305f8d452db109cf9 C:\WINDOWS\System32\drivers\afd.sys MD5: 593aefc67283d409f34cc1245d00a509 C:\WINDOWS\system32\DRIVERS\AGRSM.sys MD5: 8d6c30e515717248e0e52b85fd7ac466 C:\WINDOWS\system32\drivers\ALCXWDM.SYS MD5: 59301936898ae62245a6f09c0aba9475 C:\WINDOWS\system32\DRIVERS\AmdK8.sys MD5: 4b0a100eaf5c49ef3cca8c641431eacc C:\WINDOWS\system32\DRIVERS\cdrom.sys MD5: 809980f0bfcec2d3ddb3dbe8a2bd323b C:\WINDOWS\system32\drivers\cmudax3.sys MD5: 1e580770bdece924494b368ac980749e C:\WINDOWS\system32\DRIVERS\fasttx2k.sys MD5: 3a74c423cf6bcca6982715878f450a3b C:\WINDOWS\system32\DRIVERS\gagp30kx.sys MD5: 2fb04db459c71f416ee8b05448ca4ac3 C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys MD5: 2136cca3d1bf7c0248e5366b1a6c24e3 C:\WINDOWS\system32\DRIVERS\motusbdevice.sys MD5: 7d304a5eb4344ebeeab53a2fe3ffb9f0 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys MD5: 0109c4f3850dfbab279542515386ae22 C:\WINDOWS\system32\DRIVERS\ndistapi.sys MD5: 505cba425df3bb230f244e1c23221058 C:\WINDOWS\system32\DRIVERS\pcdrndisuio.sys MD5: 4a108cc9cc0e0605e68cce7021479879 C:\WINDOWS\system32\drivers\PenClass.sys MD5: bffdb363485501a38f0bca83aec810db C:\WINDOWS\system32\DRIVERS\PS2.sys MD5: 509d96916c7d9218e4083940b8711b9b C:\WINDOWS\system32\DRIVERS\sisgrp.sys MD5: 5529b51aacff16fbdde4b34ff0af2b76 C:\WINDOWS\system32\DRIVERS\sisnic.sys MD5: 71e276f6d189413266ea22171806597b C:\WINDOWS\System32\Drivers\sptd.sys MD5: 47ddfc2f003f7f9f0592c6874962a2e7 C:\WINDOWS\system32\DRIVERS\srv.sys MD5: 2c921a4cce0b3eb372ebf448939fa3bf C:\WINDOWS\system32\DRIVERS\srvkp.sys MD5: 826a053968d0faf39afd8aecff580cb6 C:\WINDOWS\system32\DRIVERS\wacmoumonitor.sys MD5: 427a8bc96f16c40df81c2d2f4edd32dd C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys MD5: 51d580f30d1a1f2ea4965af6abc2bcb2 C:\WINDOWS\system32\DRIVERS\wacomvhid.sys MD5: 889459833432b161cb99cfdf84a1a9bb C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys MD5: fd600b032e741eb6aab509fc630f7c42 C:\WINDOWS\system32\DRIVERS\WinUSB.sys MD5: 337b9607f041b77824411750069aff2d C:\WINDOWS\system32\DRIVERS\zumbus.sys MD5: f5b754cdea20bbb3a31e16a776ede6d6 c:\windows\system32\ESENT.dll MD5: 303a63f4b913aa5d8998161cb77a8ce7 C:\WINDOWS\system32\feclient.dll MD5: 9d84376931440f3679beef2a414fa493 C:\WINDOWS\system32\HPZipm12.exe MD5: 0217cd51d55ca3e693a682664d3de2bf C:\WINDOWS\system32\ieframe.dll MD5: 7cfdeb1560eacad6006d653ec55d12d0 C:\WINDOWS\system32\iertutil.dll MD5: a525c96c51d55111fdf3bea9ffffc7ae C:\WINDOWS\system32\kerberos.dll MD5: 9fad7dff67555ff1e06bc4a3893024a7 C:\WINDOWS\System32\logon.scr MD5: bd31dc6dbe9333c4fbd4bdf0899f2160 C:\WINDOWS\system32\LSASRV.dll MD5: de3745a51b7ac7fedc356a83f76c8023 C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll MD5: 3f790874a85819e94574f3e7af9c5806 C:\WINDOWS\system32\msctfime.ime MD5: d3f72d50de53f9f1f55240115af4d42e C:\WINDOWS\system32\msi.dll MD5: 943337d786a56729263071623bbb9de5 C:\WINDOWS\system32\mswsock.dll MD5: 062f837c1fbdb6a0a75f82efc2ee8e74 c:\windows\system32\netshell.dll MD5: f8f0d25ca553e39dde485d8fc7fcce89 C:\WINDOWS\system32\ntdll.dll MD5: 40b0f98bad16ad5def894e88c3ef8014 C:\WINDOWS\system32\ODBC32.dll MD5: 7a6a7900b5e322763430ba6fd9a31224 C:\WINDOWS\system32\ole32.dll MD5: 1b2be5777f69a71778f52ffee1c798d6 C:\WINDOWS\system32\OLEAUT32.dll MD5: 629021756c8fc4c579849a823c471cb3 C:\WINDOWS\system32\Pen_Tablet.exe MD5: c7c84df7233f4834cd190f3dccaf50ca C:\WINDOWS\system32\rdpwsx.dll MD5: d4502f124289a31976130cccb014c9aa C:\WINDOWS\system32\RPCRT4.dll MD5: abeedd547e939ad827b2e29dec754206 C:\WINDOWS\system32\schannel.dll MD5: 26cb10fa893f940ab09713ff46dcdade C:\WINDOWS\system32\SHDOCVW.dll MD5: e86423aa9aa8c382af02b94a058dc2aa C:\WINDOWS\system32\SHELL32.dll MD5: 0e3605a5e7c23f1139c5c448e1eaf494 C:\WINDOWS\system32\shimgvw.dll MD5: 99bc0b50f511924348be19c7c7313bbf C:\WINDOWS\system32\SHSVCS.dll MD5: ad00fc15ddaa7ad50cf3b1ca3153dbc7 C:\WINDOWS\system32\SiSPower.dll MD5: 60784f891563fb1b767f70117fc2428f C:\WINDOWS\system32\spoolsv.exe MD5: 3a7c3cbe5d96b8ae96ce81f0b22fb527 c:\windows\system32\srvsvc.dll MD5: d0049860b63dd87a73a5d165c829c65f C:\WINDOWS\system32\t2embed.dll MD5: 31b6e9e116a3d6f8eb13202c9b5db403 C:\WINDOWS\system32\urlmon.dll MD5: a93aee1928a9d7ce3e16d24ec7380f89 c:\windows\system32\userinit.exe MD5: 9e03dc5ab51cfd0190541ce2038d819d C:\WINDOWS\system32\USP10.dll MD5: 6404807abc7af52fa3792697ae638b50 C:\WINDOWS\system32\wbem\wbemcons.dll MD5: 1a377838b4b468e37c3eeb5baa24f925 C:\WINDOWS\system32\WININET.dll MD5: d72b9ec3337b247a666f098f3d6b43de C:\WINDOWS\System32\winrnr.dll MD5: 95cf3446911a6e25ee4086df8a45b2aa C:\WINDOWS\system32\winsrv.dll MD5: 2cc34e8bb667eef78899546e12649196 C:\WINDOWS\system32\WlNotify.dll MD5: f58793db078a90280b35b2f9489b2ade C:\WINDOWS\system32\WTablet\TabUserW.exe MD5: 16403217ab6fc5c30c14c6b12098ad4b C:\WINDOWS\system32\xpsp2res.dll MD5: 736b12b725aeb2b07f0241a9f680cb10 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll MD5: 33d9b7bb7ba323bafe489df033dac824 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22509_x-ww_c7dad023\gdiplus.dll MD5: 6c487182578d1253831725a7cdc606c3 D:\info.exe No file uploaded. Scan finished - communication took 2 sec Total traffic - 0.01 MB sent, 0.64 KB recvd Scanned 480 files and modules - 36 seconds ==============================================================================
	to forum · permalink · 2011-12-15 22:05:01 ·

LoPhatPhuud Premium,VIP,MVM join:2002-01-06 Albuquerque, NM kudos:23 Reviews: ·Comcast	First: You are using an outdated version of MalwareBytes. Please uninstall, download the most recent version, re-install, update, then run and post the new log in this thread. Second: Please post the Extras log from OTL. It's only produced on the first run of OTL (default). Checfk the C:\_OTL folder for it. If not there, then run OTL again, this time select 'Use Whitelist' in the 'Extra Registry' section of the selectable options. Post the Extras log in this thread. -- When angry count four; when very angry, swear. Microsoft MVP/Consumer Security 2005-2011 Gladiator Security Forum
	to forum · permalink · 2011-12-16 11:32:23 ·
GreenLeoCat join:2008-03-13	There was no "whitelist" option, but there was a "safelist" option, so I tried that. Here's thin info you requested: Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Database version: 8382 Windows 5.1.2600 Service Pack 3 (Safe Mode) Internet Explorer 8.0.6001.18702 12/16/2011 7:26:48 PM mbam-log-2011-12-16 (19-26-48).txt Scan type: Full scan (C:\\|D:\\|) Objects scanned: 347530 Time elapsed: 36 minute(s), 43 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 2 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\system volume information\_restore{2466a83d-1b81-456e-9766-38c2b7e48210}\RP758\A0051247.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\system volume information\_restore{2466a83d-1b81-456e-9766-38c2b7e48210}\RP758\A0051248.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. _____ OTL Extras logfile created on: 12/16/2011 7:31:35 PM - Run 4 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Administrator\My Documents\Downloads Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 \| Country: United States \| Language: ENU \| Date Format: M/d/yyyy 1.87 Gb Total Physical Memory \| 1.43 Gb Available Physical Memory \| 76.41% Memory free 3.04 Gb Paging File \| 2.78 Gb Available in Paging File \| 91.62% Paging File free Paging file location(s): C:\pagefile.sys 1344 2688 [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\WINDOWS \| %ProgramFiles% = C:\Program Files Drive C: \| 141.97 Gb Total Space \| 2.95 Gb Free Space \| 2.08% Space Free \| Partition Type: NTFS Drive D: \| 7.05 Gb Total Space \| 1.63 Gb Free Space \| 23.11% Space Free \| Partition Type: FAT32 Drive L: \| 488.84 Mb Total Space \| 74.67 Mb Free Space \| 15.28% Space Free \| Partition Type: FAT Computer Name: YOUR-F78BF48CE2 \| User Name: Administrator \| Logged in as Administrator. Boot Mode: SafeMode with Networking \| Scan Mode: Current user Company Name Whitelist: Off \| Skip Microsoft Files: Off \| No Company Name Whitelist: On \| File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* [HKEY_CURRENT_USER\SOFTWARE\Classes\] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Scan with SpySubtract...] -- "C:\Program Files\InterMute\SpySubtract\SpySub.exe" "-sc" "%1" (InterMute, Inc.) Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft) Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft) Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 1 "FirewallOverride" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [color=#E56717]========== System Restore Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "65533:TCP" = 65533:TCP::Enabled:Services "52344:TCP" = 52344:TCP::Enabled:Services "2479:TCP" = 2479:TCP::Enabled:Services "2435:TCP" = 2435:TCP::Enabled:Services "3389:TCP" = 3389:TCP::Enabled:Remote Desktop [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 "65533:TCP" = 65533:TCP::Enabled:Services "52344:TCP" = 52344:TCP::Enabled:Services "2479:TCP" = 2479:TCP::Enabled:Services "2435:TCP" = 2435:TCP::Enabled:Services "3389:TCP" = 3389:TCP::Enabled:Remote Desktop [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe" = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe::Enabled:BackWeb for Pavilion -- (Hewlett-Packard) "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe::Enabled:Earthlink "C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe::Enabled:AIM -- (AOL Inc.) "C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe::Enabled:BitTorrent -- (BitTorrent, Inc.) "C:\Program Files\iWin Games\iWinGames.exe" = C:\Program Files\iWin Games\iWinGames.exe::Enabled:iWin Games application. -- (iWin Inc.) "C:\Program Files\iWin Games\WebUpdater.exe" = C:\Program Files\iWin Games\WebUpdater.exe::Enabled:iWin Games updater. -- () [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data "{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB) "{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations "{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support "{0DC86BEC-5CE3-413A-BB61-C40A3D186B24}" = Scan "{0E484A60-A429-49A8-982C-D6475F1E80A9}" = HPIZplus450 "{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE "{14589F05-C658-4594-9429-D437BA688686}" = IntelliMover Data Transfer Demo "{14BEB6DF-A499-4A38-8E06-E173BCD5C087}" = ScannerCopy "{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update "{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0 "{181821B7-82AA-44DA-9DAF-EF254CCB670A}" = Fax "{19C989C4-50AE-43A4-B06E-8C70FFFF852F}" = PC-Doctor for Windows "{1A103D70-5C9B-4E1A-B306-5106C68F9914}" = Microsoft Plus! Dancer LE "{1AD5F465-8282-4DAD-B957-E09C0B783D18}" = InstantShare "{1B680FBA-E317-4E93-AF43-3B59798A4BE0}" = Copy "{1EBEC42C-5E3F-4077-933B-411E33A0C3A4}" = Motorola Driver Installation 4.6.0 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{24FBE9FC-6C0E-4221-AE41-55A40BEFE93F}" = CameraDrivers "{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 24 "{272EC8BA-5A08-4ea1-A189-684466A06B02}" = cp_dwShrek2Albums1 "{28CFF19D-B92C-4109-A427-F75505E81688}" = cp_dwSharkTaleAlbums1 "{2C4E2E4E-A7C9-4CCB-BF03-FE6EBD5D4AB7}" = Windows Mobile Device Updater Component "{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}" = HP Deskjet Printer Preload "{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}" = Unload "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager "{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp "{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0 "{32498B7B-E1F3-4ad5-A23B-F26414E94BE0}" = HP Image Zone Plus 4.8.6 "{342C7C88-D335-4bc2-8CF1-281857629CE2}" = HP PSC & OfficeJet 4.7 "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{36FCD82D-1CED-436d-B33C-874EEC666D68}" = cp_dwSharkTaleCards1 "{3762DB2D-71BD-421F-9E55-C74DA7DF4D07}" = CueTour "{3819891A-030B-4a4e-98ED-B28A649E48AB}" = HP Deskjet 3900 series "{3912A629-0020-0005-3757-2FBA74D4DF0A}" = InterVideo WinDVD Player "{3AEF2F6C-F1D3-47CD-BF3B-A327F1FABE58}" = PSPrinters06 "{3BA95526-6AE0-4B87-A62D-17187EF565FC}" = HP Boot Optimizer "{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works "{42F6BED9-41DD-40F1-85A8-8E0350493626}" = HPDeskjet3900Series "{442BE28B-782B-4DC0-B490-E70A403B1C69}" = Readme "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{503AA035-41E2-4858-B31F-1E49AC66C309}" = Norton Security Center "{54DF7BDA-1058-4D53-B3D4-2344C69B7D0C}" = Ragnarok Online "{55508A44-8225-47AB-9666-1F57A5B5CE2E}" = CP_PLSBusinessFlyers "{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg "{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG) "{5E8D588F-307C-4250-B622-26969027319A}" = PanoStandAlone "{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder "{644D04A2-C682-4FD5-977D-03B804C4B9C5}" = CreativeProjects "{646A65DD-23FC-418E-B9F0-E0500FB42CB1}" = PhotoGallery "{655CB07D-C944-40BE-B93F-55957CAC7625}" = AiO_Scan "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder "{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD) "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP) "{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer "{7006ED29-58F2-40C3-AE87-039287AD20B6}" = Zune "{724517BD-1DE1-4986-BFCA-C1DFD379E3BC}" = cp_dwShrek2Cards1 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}" = HPSystemDiagnostics "{7F4DA4F8-CA7A-4F6E-B113-D0F2BEC9DB09}" = ArcSoft MediaImpression 2 "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials "{84CDF5A8-1D57-4B69-BAB6-1F11D8923375}" = SkinsHP1 "{85CFD253-38AE-4DB1-ACB7-F0F4C791990D}" = AiOSoftware "{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8BC3B99B-A6BE-4A0B-8535-B1B94BA4B1B1}" = DocProc "{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003 "{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD Player "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9CB2512B-3EC4-43DF-8002-46BDAB5EDD1B}" = QuickProjects "{9EEBF8D5-8712-4D1D-88F4-4CDC2D270BC3}" = PrintScreen "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime "{A5B9D22C-755A-4AC6-9904-875E80838BB6}" = CP_AtenaShokunin1Config "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger "{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support 4.0 "{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}" = Photosmart 320,370,7400,8100,8400 Series "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio "{ABA2B37F-AB88-486e-870A-52454A23FEE0}" = HP Photosmart Cameras 4.5 "{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0 "{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy "{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm "{BE20E2F5-1903-4AAE-B1AF-2046E586C925}" = iTunes "{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU) "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA) "{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA) "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE0C8CC5-E396-442B-A50E-D1D374A9E820}" = DocumentViewer "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D0122362-6333-4DE4-93F6-A5A2F3CC101A}" = HP Organize "{D0DDF9EE-C67F-368B-EB42-ECB44FD7556D}" = Adobe Photoshop.com Inspiration Browser "{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp "{DDC5B3E0-C656-4070-9CF0-E592EC60AD42}" = MotoConnect "{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant "{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter "{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform "{EFF913ED-03A6-42D2-A2A7-5966A612EEB9}" = LS_HSI "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call "{FC10C922-52E9-4739-ACD0-EB0FF035EE7E}" = muvee autoProducer 4.0 "{FC22D020-3005-4715-8DF9-F3EDE81DEB3D}" = CreativeProjectsTemplates "{FE64AE29-0883-4C70-8388-DC026019C900}" = HP Image Zone Express "14DD9322-0AAE-4DA4-90A9-EB42CF296127" = Shooting Stars Pool from Hewlett-Packard Desktops (remove only) "3F34F72F-9BB0-4B73-8312-558953ACF56F" = Super Granny from Hewlett-Packard Desktops (remove only) "743EFCFE43C32543E0804C954858554E49909A4A" = Windows Driver Package - Hewlett-Packard Image (12/14/2009 13.0.0.61) "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Photoshop Elements 2.0" = Adobe Photoshop Elements 2.0 "Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0 "Agere Systems Soft Modem" = Agere Systems PCI Soft Modem "AIM Search" = AIM Search "AIM_7" = AIM 7 "AnyToISO_is1" = AnyToISO "BackWeb-309731 Uninstaller" = Updates from HP "BitTorrent" = BitTorrent "Build-A-Lot 2" = Build-A-Lot 2 (remove only) "Burger Shop" = Burger Shop (remove only) "C2C3C2DB-7D8A-4E20-B527-E3149FAECC3A" = Slyder from Hewlett-Packard Desktops (remove only) "C-Media PCI Sound" = C-Media PCI Audio Device "Delicious: Emily's Holiday Season" = Delicious: Emily's Holiday Season (remove only) "Delicious: Emily's Tea Garden" = Delicious: Emily's Tea Garden (remove only) "F5215F01-DFC0-475D-A910-6F1AF94E807E" = Tradewinds from Hewlett-Packard Desktops (remove only) "GhostMouse 2.0" = GhostMouse 2.0 "Go Go Gourmet: Chef of the Year" = Go Go Gourmet: Chef of the Year (remove only) "Help and Support Additions" = Help and Support Additions "Hidden Magic" = Hidden Magic (remove only) "HP Imaging Device Functions" = HP Imaging Device Functions 5.0 "HP Photo & Imaging" = HP Image Zone 4.8.6 "HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.0 "ie8" = Windows Internet Explorer 8 "InstallShield_{19C989C4-50AE-43A4-B06E-8C70FFFF852F}" = PC-Doctor for Windows "InstallShield_{BE20E2F5-1903-4AAE-B1AF-2046E586C925}" = iTunes "iWinArcade" = iWin Games (remove only) "KLiteCodecPack_is1" = K-Lite Codec Pack 2.36 Full "LastFM_is1" = Last.fm 1.5.4.27091 "LiveUpdate" = LiveUpdate 2.5 (Symantec Corporation) "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300 "McAfee Security Scan" = McAfee Security Scan Plus "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Money" = Remove Microsoft Money 2005 installer "Mozilla Firefox 8.0 (x86 en-US)" = Mozilla Firefox 8.0 (x86 en-US) "Pen Tablet Driver" = Bamboo "PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1" = Adobe Photoshop.com Inspiration Browser "PS2" = PS2 "Purrfect Pet Shop" = Purrfect Pet Shop (remove only) "Python 2.2.3" = Python 2.2.3 "pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203) "RealPlayer 6.0" = RealPlayer "SiS VGA Driver" = SiS VGA Utilities "SoftwareUpdUtility" = Download Updater (AOL LLC) "SpySubtract" = SpySubtract "Stand O Food" = Stand O Food (remove only) "The Rosetta Stone" = The Rosetta Stone "Wacom Tablet Driver" = Wacom Tablet "Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 "WeatherBug" = Remove WeatherBug installer "Winamp" = Winamp "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 10 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR archiver "winusb0100" = Microsoft WinUsb 1.0 "WMFDist11" = Windows Media Format 11 runtime "Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9 "YTdetect" = Yahoo! Detect "Zune" = Zune [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 12/15/2011 8:39:18 AM \| Computer Name = YOUR-F78BF48CE2 \| Source = crypt32 \| ID = 131077 Description = Failed auto update retrieval of third-party root certificate from: with error: This network connection does not exist. Error - 12/15/2011 8:39:18 AM \| Computer Name = YOUR-F78BF48CE2 \| Source = crypt32 \| ID = 131077 Description = Failed auto update retrieval of third-party root certificate from: with error: This network connection does not exist. Error - 12/15/2011 8:48:09 AM \| Computer Name = YOUR-F78BF48CE2 \| Source = crypt32 \| ID = 131077 Description = Failed auto update retrieval of third-party root certificate from: with error: The connection with the server was terminated abnormally Error - 12/15/2011 8:48:09 AM \| Computer Name = YOUR-F78BF48CE2 \| Source = crypt32 \| ID = 131077 Description = Failed auto update retrieval of third-party root certificate from: with error: This network connection does not exist. Error - 12/15/2011 8:48:15 AM \| Computer Name = YOUR-F78BF48CE2 \| Source = crypt32 \| ID = 131077 Description = Failed auto update retrieval of third-party root certificate from: with error: This network connection does not exist. Error - 12/15/2011 8:48:15 AM \| Computer Name = YOUR-F78BF48CE2 \| Source = crypt32 \| ID = 131077 Description = Failed auto update retrieval of third-party root certificate from: with error: This network connection does not exist. Error - 12/15/2011 9:42:20 PM \| Computer Name = YOUR-F78BF48CE2 \| Source = crypt32 \| ID = 131080 Description = Failed auto update retrieval of third-party root list sequence number from: with error: The connection with the server was terminated abnormally Error - 12/15/2011 9:42:20 PM \| Computer Name = YOUR-F78BF48CE2 \| Source = crypt32 \| ID = 131080 Description = Failed auto update retrieval of third-party root list sequence number from: with error: This network connection does not exist. Error - 12/15/2011 9:58:00 PM \| Computer Name = YOUR-F78BF48CE2 \| Source = crypt32 \| ID = 131077 Description = Failed auto update retrieval of third-party root certificate from: with error: The connection with the server was terminated abnormally Error - 12/15/2011 9:58:00 PM \| Computer Name = YOUR-F78BF48CE2 \| Source = crypt32 \| ID = 131077 Description = Failed auto update retrieval of third-party root certificate from: with error: This network connection does not exist. [ System Events ] Error - 12/16/2011 5:11:21 PM \| Computer Name = YOUR-F78BF48CE2 \| Source = DCOM \| ID = 10005 Description = DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 12/16/2011 5:12:13 PM \| Computer Name = YOUR-F78BF48CE2 \| Source = Service Control Manager \| ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: AmdK8 Cdrom Fips Imapi redbook Error - 12/16/2011 5:19:59 PM \| Computer Name = YOUR-F78BF48CE2 \| Source = DCOM \| ID = 10005 Description = DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 12/16/2011 5:21:21 PM \| Computer Name = YOUR-F78BF48CE2 \| Source = DCOM \| ID = 10005 Description = DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 12/16/2011 5:22:21 PM \| Computer Name = YOUR-F78BF48CE2 \| Source = Service Control Manager \| ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: AmdK8 Cdrom Fips Imapi redbook Error - 12/16/2011 5:25:45 PM \| Computer Name = YOUR-F78BF48CE2 \| Source = DCOM \| ID = 10005 Description = DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811} Error - 12/16/2011 8:27:02 PM \| Computer Name = YOUR-F78BF48CE2 \| Source = DCOM \| ID = 10005 Description = DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 12/16/2011 8:28:26 PM \| Computer Name = YOUR-F78BF48CE2 \| Source = DCOM \| ID = 10005 Description = DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 12/16/2011 8:29:26 PM \| Computer Name = YOUR-F78BF48CE2 \| Source = Service Control Manager \| ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: AmdK8 Cdrom fasttx2k Fips Imapi ohci1394 redbook Error - 12/16/2011 8:30:02 PM \| Computer Name = YOUR-F78BF48CE2 \| Source = DCOM \| ID = 10005 Description = DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
	to forum · permalink · 2011-12-16 19:36:04 ·
LoPhatPhuud Premium,VIP,MVM join:2002-01-06 Albuquerque, NM kudos:23 Reviews: ·Comcast	reply to GreenLeoCat First: Please go to »www.virustotal.com/ Press the 'Browse' button to the right of the yellow box. Navigate to the file(s) listed below, one at a time (if more than one file). Press the 'Open' button in the file dialog box or double click on the file name. The file name and path should appear in the yellow box. C:\Program Files\iWin Games\iWinGames.exe Click on the Send File button Note: If you can't find the file, let me know in your next post. Once the Scan is completed, a Web page will open with the scan results. Copy and paste the address of that webpage from the address bar of your browser into your next post in this thread. Note that you can also copy and paste the contents of the webpage if you find that easier. If the file has been previously scanned, the results webpage will show: "File has already been submitted:" Press the "View Last Report" button then copy and paste the address of that webpage from the address bar of your browser into your next post in this thread. If there is more than one file listed for scanning, press the Another File button at the bottom of the page. Repeat this procedure until all files listed have been scanned. Second: Download and run Sophos AntiRootkit. Post the log in this thread, even if nothing is found. You find link(s) and instructions here: »Security Cleanup FAQ »Rootkit Detection Applications -- When angry count four; when very angry, swear. Microsoft MVP/Consumer Security 2005-2011 Gladiator Security Forum
	to forum · permalink · 2011-12-16 20:14:54 ·
GreenLeoCat join:2008-03-13 1 edit	http://www.virustotal.com/file-scan/reanalysis.html?id=8eebf8baa19b1e8d813586343e81a70da4c8c3d9522e7fe8eb66a96c834c9e1c-1324084949 File already submitted: The file sent has already been analysed by VirusTotal in the past. This is same basic info regarding the sample itself and its last analysis: MD5:17031b9f00375bf94ffc8447fd270750 Date first seen:2011-04-20 19:37:19 (UTC) Date last seen:2011-08-14 18:30:07 (UTC) Detection ratio:0/43 _____ Last report: http://www.virustotal.com/file-scan/report.html?id=8eebf8baa19b1e8d813586343e81a70da4c8c3d9522e7fe8eb66a96c834c9e1c-1313346607 _____ GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2011-12-17 03:33:07 Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3160021A rev.8.11 Running: 7b5ept94.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\awgoypod.sys ---- System - GMER 1.0.15 ---- SSDT sprw.sys ZwCreateKey [0xF74D70E0] SSDT sprw.sys ZwEnumerateKey [0xF74F5CA2] SSDT sprw.sys ZwEnumerateValueKey [0xF74F6030] SSDT sprw.sys ZwOpenKey [0xF74D70C0] SSDT sprw.sys ZwQueryKey [0xF74F6108] SSDT sprw.sys ZwQueryValueKey [0xF74F5F88] SSDT sprw.sys ZwSetValueKey [0xF74F619A] INT 0x62 ? 8A528BF8 INT 0x63 ? 8A432BF8 INT 0x73 ? 8A432BF8 INT 0x82 ? 8A528BF8 INT 0x83 ? 8A528BF8 INT 0xA4 ? 8A432BF8 INT 0xB4 ? 8A432BF8 ---- Kernel code sections - GMER 1.0.15 ---- ? sprw.sys The system cannot find the file specified. ! .text USBPORT.SYS!DllUnload BA5B38AC 5 Bytes JMP 8A4321D8 .text agmn934n.SYS BA565386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...] .text agmn934n.SYS BA5653AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...] .text agmn934n.SYS BA5653C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH} .text agmn934n.SYS BA5653C9 1 Byte [2E] .text agmn934n.SYS BA5653C9 11 Bytes [2E, 00, 00, 00, 5C, 02, 00, ...] {ADD CS:[EAX], AL; ADD [EDX+EAX+0x0], BL; ADD [EAX], AL; ADD [EAX], AL} .text ... ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Mozilla Firefox\plugin-container.exe[400] USER32.dll!GetWindowInfo 7E42C49C 5 Bytes JMP 1045E363 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[400] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 1045E91C C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[1920] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 01222EC0 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 8A5952D8 IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F7508C4C] sprw.sys IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F7508CA0] sprw.sys IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F74D8040] sprw.sys IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F74D813C] sprw.sys IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F74D80BE] sprw.sys IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F74D87FC] sprw.sys IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F74D86D2] sprw.sys IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 8A4322D8 IAT \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!RtlInitUnicodeString] 2266E852 IAT \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!swprintf] 478B0000 IAT \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!KeSetEvent] 50016A40 IAT \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!IoCreateSymbolicLink] 1CAC8E8D IAT \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!IoGetConfigurationInformation] E8510000 IAT \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!IoDeleteSymbolicLink] 00002254 IAT \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!MmFreeMappingAddress] 6A18538B IAT \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!IoFreeErrorLogEntry] 868D5200 IAT \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!IoDisconnectInterrupt] 00001C98 IAT \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!MmUnmapIoSpace] 2242E850 IAT \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!ObReferenceObjectByPointer] 4B8B0000 IAT \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!IofCompleteRequest] 51016A18 IAT \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!RtlCompareUnicodeString] 1CB4968D IAT \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!IofCallDriver] E8520000 IAT \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!MmAllocateMappingAddress] 00002230 IAT \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!IoAllocateErrorLogEntry] 8A05478A IAT \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!IoConnectInterrupt] 001CBB8E IAT \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!IoDetachDevice] 30C48300 IAT \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!KeWaitForSingleObject] 1CBD8688 IAT \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!KeInitializeEvent] 80E90000 IAT \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!KeCancelTimer] C6000000 IAT \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString] 001CBB86 IAT \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!RtlInitAnsiString] 438B0100 IAT \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!IoBuildDeviceIoControlRequest] 8E8D5018 IAT \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!IoQueueWorkItem] 00001C90 IAT \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!MmMapIoSpace] 2202E851 IAT \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations] 538B0000 IAT \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!IoReportDetectedDevice] 52016A18 IAT \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!IoReportResourceForDetection] 1CAC868D IAT \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize] E8500000 IAT \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!NlsMbCodePageTag] 000021F0 IAT \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!PoRequestPowerIrp] 8A05478A IAT \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!KeInsertByKeyDeviceQueue] 001CBB8E IAT \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection] 18C48300 IAT \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!sprintf] 1CBD8688 IAT \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] 43EB0000 IAT \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!ObfDereferenceObject] 320C538A IAT \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!IoGetAttachedDeviceReference] 88F93BC0 IAT \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!IoInvalidateDeviceState] 001CBB96 IAT \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!ZwClose] F6317300 IAT \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!ObReferenceObjectByHandle] 74070647 IAT \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!ZwCreateDirectoryObject] 75C0841A IAT \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!IoBuildSynchronousFsdRequest] 05578A0B IAT \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!PoStartNextPowerIrp] 968801B0 IAT \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!IoCreateDevice] 00001CBD IAT \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!RtlCopyUnicodeString] 57B60F66 IAT \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!IoAllocateDriverObjectExtension] 533B6604 IAT \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!RtlQueryRegistryValues] 03087408 IAT \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!ZwOpenKey] 72F93B3F IAT \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!RtlFreeUnicodeString] 8A09EBDA IAT \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!IoStartTimer] 86880547 IAT \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!KeInitializeTimer] 00001CBD IAT \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!IoInitializeTimer] 88084B8A IAT \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!KeInitializeDpc] 001CBE8E IAT \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!KeInitializeSpinLock] 40578B00 IAT \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!IoInitializeIrp] 8D52006A IAT \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!ZwCreateKey] 001CC086 IAT \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!RtlAppendUnicodeStringToString] 81E85000 IAT \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!RtlIntegerToUnicodeString] 8B000021 IAT \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!ZwSetValueKey] 001CB88E IAT \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!KeInsertQueueDpc] BC968B00 IAT \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!KefAcquireSpinLockAtDpcLevel] 8900001C IAT \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!IoStartPacket] 001CC48E IAT \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!KefReleaseSpinLockFromDpcLevel] C8968900 IAT \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!IoBuildAsynchronousFsdRequest] 8B00001C IAT \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!IoFreeMdl] 016A4047 IAT \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!MmUnlockPages] CCC68150 IAT \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!IoWriteErrorLogEntry] 5600001C IAT \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!KeRemoveByKeyDeviceQueue] 002157E8 IAT \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!MmMapLockedPagesWithReservedMapping] 18C48300 IAT \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!MmUnmapReservedMapping] 5D5B5E5F IAT \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!KeSynchronizeExecution] CCCCCCC3 IAT \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!IoStartNextPacket] CCCCCCCC IAT \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!KeBugCheckEx] CCCCCCCC IAT \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!KeRemoveDeviceQueue] CCCCCCCC IAT \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!KeSetTimer] 8BEC8B55 IAT \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!_allmul] 00C73445 IAT \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!MmProbeAndLockPages] 00000000 IAT \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!_except_handler3] 830C458B IAT \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!PoSetPowerState] C0840CEC IAT \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey] 053C0D74 IAT \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!RtlWriteRegistryValue] 57B80974 IAT \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!RtlDeleteRegistryValue] 8B000000 IAT \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!_aulldiv] 56C35DE5 IAT \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!strstr] 8D08758B IAT \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!_strupr] 8D51FC4D IAT \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!KeQuerySystemTime] 8D52FD55 IAT \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!IoWMIRegistrationControl] 8D51FE4D IAT \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!KeTickCount] 8D52FF55 IAT \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack] 8D51F84D IAT \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!IoDeleteDevice] 5052F455 IAT \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!ExAllocatePoolWithTag] EACAE856 IAT \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!IoAllocateWorkItem] C483FFFF IAT \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!IoAllocateIrp] 0FC08520 IAT \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!IoAllocateMdl] 0001AD85 IAT \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool] 46B70F00 IAT \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!MmLockPagableDataSection] F44D8B48 IAT \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!IoGetDriverObjectExtension] C1815753 IAT \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!MmUnlockPagableImageSection] 00002590 IAT \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!ExFreePoolWithTag] 467C8D51 IAT \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!IoFreeIrp] 7622E84A IAT \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!IoFreeWorkItem] D88BFFFF IAT \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!InitSafeBootMode] 8504C483 IAT \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!RtlCompareMemory] 5F0A75DB IAT \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!PoCallDriver] 5B08438D IAT \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!memmove] 5DE58B5E IAT \SystemRoot\System32\Drivers\agmn934n.SYS[ntoskrnl.exe!MmHighestUserAddress] 259068C3 IAT \SystemRoot\System32\Drivers\agmn934n.SYS[HAL.dll!KfAcquireSpinLock] 4B8BDF8B IAT \SystemRoot\System32\Drivers\agmn934n.SYS[HAL.dll!READ_PORT_UCHAR] 8D3F0304 IAT \SystemRoot\System32\Drivers\agmn934n.SYS[HAL.dll!KeGetCurrentIrql] CB033043 IAT \SystemRoot\System32\Drivers\agmn934n.SYS[HAL.dll!KfRaiseIrql] 0673C13B IAT \SystemRoot\System32\Drivers\agmn934n.SYS[HAL.dll!KfLowerIrql] C13B0003 IAT \SystemRoot\System32\Drivers\agmn934n.SYS[HAL.dll!HalGetInterruptVector] 8366FA72 IAT \SystemRoot\System32\Drivers\agmn934n.SYS[HAL.dll!HalTranslateBusAddress] 75000E7B IAT \SystemRoot\System32\Drivers\agmn934n.SYS[HAL.dll!KeStallExecutionProcessor] 0B7D80E3 IAT \SystemRoot\System32\Drivers\agmn934n.SYS[HAL.dll!KfReleaseSpinLock] 307B8D00 IAT \SystemRoot\System32\Drivers\agmn934n.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 00AA840F IAT \SystemRoot\System32\Drivers\agmn934n.SYS[HAL.dll!READ_PORT_USHORT] 83660000 IAT \SystemRoot\System32\Drivers\agmn934n.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 6A000E7A IAT \SystemRoot\System32\Drivers\agmn934n.SYS[HAL.dll!WRITE_PORT_UCHAR] C6647400 IAT \SystemRoot\System32\Drivers\agmn934n.SYS[WMILIB.SYS!WmiSystemControl] 4F8B0200 IAT \SystemRoot\System32\Drivers\agmn934n.SYS[WMILIB.SYS!WmiCompleteRequest] 968D5140 IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F74E8048] sprw.sys ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 8A5911F8 Device \FileSystem\Fastfat \FatCdrom 8A3221F8 Device \Driver\usbohci \Device\USBPDO-0 8A4AE500 Device \Driver\usbohci \Device\USBPDO-1 8A4AE500 Device \Driver\PCI_PNP2212 \Device\00000045 sprw.sys Device \Driver\PCI_PNP2212 \Device\00000045 sprw.sys Device \Driver\usbohci \Device\USBPDO-2 8A4AE500 Device \Driver\usbehci \Device\USBPDO-3 8A4101F8 Device \Driver\USBSTOR \Device\00000070 8A31C1F8 Device \Driver\Ftdisk \Device\HarddiskVolume1 8A5931F8 Device \Driver\USBSTOR \Device\00000071 8A31C1F8 Device \Driver\Ftdisk \Device\HarddiskVolume2 8A5931F8 Device \Driver\USBSTOR \Device\00000072 8A31C1F8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F7849B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort0 [F7849B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort1 [F7849B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort2 [F7849B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort3 [F7849B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\USBSTOR \Device\00000074 8A31C1F8 Device \Driver\NetBT \Device\NetBt_Wins_Export 8A3E91F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{B9F78B8B-E324-441F-8912-CC9381B73000} 8A3E91F8 Device \Driver\NetBT \Device\NetbiosSmb 8A3E91F8 Device \Driver\sptd \Device\4284550962 sprw.sys Device \Driver\usbohci \Device\USBFDO-0 8A4AE500 Device \Driver\USBSTOR \Device\0000006d 8A31C1F8 Device \Driver\usbohci \Device\USBFDO-1 8A4AE500 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A31D1F8 Device \Driver\USBSTOR \Device\0000006e 8A31C1F8 Device \Driver\usbohci \Device\USBFDO-2 8A4AE500 Device \Driver\USBSTOR \Device\0000006f 8A31C1F8 Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A31D1F8 Device \Driver\usbehci \Device\USBFDO-3 8A4101F8 Device \Driver\Ftdisk \Device\FtControl 8A5931F8 Device \Driver\agmn934n \Device\Scsi\agmn934n1 8A4041F8 Device \FileSystem\Fastfat \Fat 8A3221F8 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x94 0xAB 0x17 0x44 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x91 0x81 0x29 0x96 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x9F 0xAE 0x76 0xAC ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x94 0xAB 0x17 0x44 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x91 0x81 0x29 0x96 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x9F 0xAE 0x76 0xAC ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x94 0xAB 0x17 0x44 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x91 0x81 0x29 0x96 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x9F 0xAE 0x76 0xAC ... ---- Disk sectors - GMER 1.0.15 ---- Disk \Device\Harddisk0\DR0 malicious Win32:MBRoot code @ sector 312560643 Disk \Device\Harddisk0\DR0 PE file @ sector 312560665 ---- Files - GMER 1.0.15 ---- File C:\WINDOWS\$NtUninstallKB42535$\3512213300 0 bytes File C:\WINDOWS\$NtUninstallKB42535$\92840879 0 bytes File C:\WINDOWS\$NtUninstallKB42535$\92840879\@ 2048 bytes File C:\WINDOWS\$NtUninstallKB42535$\92840879\bckfg.tmp 852 bytes File C:\WINDOWS\$NtUninstallKB42535$\92840879\cfg.ini 199 bytes File C:\WINDOWS\$NtUninstallKB42535$\92840879\Desktop.ini 4608 bytes File C:\WINDOWS\$NtUninstallKB42535$\92840879\keywords 51 bytes File C:\WINDOWS\$NtUninstallKB42535$\92840879\kwrd.dll 223744 bytes File C:\WINDOWS\$NtUninstallKB42535$\92840879\L 0 bytes File C:\WINDOWS\$NtUninstallKB42535$\92840879\L\swmcxyxb 57600 bytes File C:\WINDOWS\$NtUninstallKB42535$\92840879\lsflt7.ver 5176 bytes File C:\WINDOWS\$NtUninstallKB42535$\92840879\U 0 bytes File C:\WINDOWS\$NtUninstallKB42535$\92840879\U\00000001.@ 2048 bytes File C:\WINDOWS\$NtUninstallKB42535$\92840879\U\00000002.@ 224768 bytes File C:\WINDOWS\$NtUninstallKB42535$\92840879\U\00000004.@ 1024 bytes File C:\WINDOWS\$NtUninstallKB42535$\92840879\U\80000000.@ 1024 bytes File C:\WINDOWS\$NtUninstallKB42535$\92840879\U\80000004.@ 12800 bytes File C:\WINDOWS\$NtUninstallKB42535$\92840879\U\80000032.@ 98304 bytes ---- EOF - GMER 1.0.15 ---- _____ ROOTREPEAL (c) AD, 2007-2009 ================================================== Scan Start Time:2011/12/17 03:34 Program Version:Version 1.3.5.0 Windows Version:Windows XP SP3 ================================================== Drivers ------------------- Name: awgoypod.sys Image Path: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\awgoypod.sys Address: 0xB99A5000Size: 100864File Visible: NoSigned: - Status: - Name: dump_atapi.sys Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys Address: 0xBA140000Size: 98304File Visible: NoSigned: - Status: - Name: dump_WMILIB.SYS Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS Address: 0xF79B1000Size: 8192File Visible: NoSigned: - Status: - Name: PCI_PNP2212 Image Path: \Driver\PCI_PNP2212 Address: 0x00000000Size: 0File Visible: NoSigned: - Status: - Name: rootrepeal.sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys Address: 0xF76B7000Size: 49152File Visible: NoSigned: - Status: - Name: sprw.sys Image Path: sprw.sys Address: 0xF74D6000Size: 1048576File Visible: NoSigned: - Status: - Name: sptd Image Path: \Driver\sptd Address: 0x00000000Size: 0File Visible: NoSigned: - Status: - Hidden/Locked Files ------------------- Path: C:\WINDOWS\$NtUninstallKB42535$ Status: Locked to the Windows API! Path: C:\WINDOWS\$NtUninstallKB867282$:SummaryInformation Status: Invisible to the Windows API! SSDT ------------------- #: 041Function Name: NtCreateKey Status: Hooked by "sprw.sys" at address 0xf74d70e0 #: 071Function Name: NtEnumerateKey Status: Hooked by "sprw.sys" at address 0xf74f5ca2 #: 073Function Name: NtEnumerateValueKey Status: Hooked by "sprw.sys" at address 0xf74f6030 #: 119Function Name: NtOpenKey Status: Hooked by "sprw.sys" at address 0xf74d70c0 #: 160Function Name: NtQueryKey Status: Hooked by "sprw.sys" at address 0xf74f6108 #: 177Function Name: NtQueryValueKey Status: Hooked by "sprw.sys" at address 0xf74f5f88 #: 247Function Name: NtSetValueKey Status: Hooked by "sprw.sys" at address 0xf74f619a Stealth Objects ------------------- Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE] Process: SystemAddress: 0x8a5911f8Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE] Process: SystemAddress: 0x8a5911f8Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ] Process: SystemAddress: 0x8a5911f8Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE] Process: SystemAddress: 0x8a5911f8Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION] Process: SystemAddress: 0x8a5911f8Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION] Process: SystemAddress: 0x8a5911f8Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA] Process: SystemAddress: 0x8a5911f8Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA] Process: SystemAddress: 0x8a5911f8Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS] Process: SystemAddress: 0x8a5911f8Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: SystemAddress: 0x8a5911f8Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION] Process: SystemAddress: 0x8a5911f8Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL] Process: SystemAddress: 0x8a5911f8Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL] Process: SystemAddress: 0x8a5911f8Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL] Process: SystemAddress: 0x8a5911f8Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN] Process: SystemAddress: 0x8a5911f8Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL] Process: SystemAddress: 0x8a5911f8Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP] Process: SystemAddress: 0x8a5911f8Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY] Process: SystemAddress: 0x8a5911f8Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY] Process: SystemAddress: 0x8a5911f8Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA] Process: SystemAddress: 0x8a5911f8Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA] Process: SystemAddress: 0x8a5911f8Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP] Process: SystemAddress: 0x8a5911f8Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_CREATE] Process: SystemAddress: 0x8a3221f8Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLOSE] Process: SystemAddress: 0x8a3221f8Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_READ] Process: SystemAddress: 0x8a3221f8Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_WRITE] Process: SystemAddress: 0x8a3221f8Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_INFORMATION] Process: SystemAddress: 0x8a3221f8Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_INFORMATION] Process: SystemAddress: 0x8a3221f8Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_EA] Process: SystemAddress: 0x8a3221f8Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_EA] Process: SystemAddress: 0x8a3221f8Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_FLUSH_BUFFERS] Process: SystemAddress: 0x8a3221f8Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: SystemAddress: 0x8a3221f8Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_VOLUME_INFORMATION] Process: SystemAddress: 0x8a3221f8Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_DIRECTORY_CONTROL] Process: SystemAddress: 0x8a3221f8Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_FILE_SYSTEM_CONTROL] Process: SystemAddress: 0x8a3221f8Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_DEVICE_CONTROL] Process: SystemAddress: 0x8a3221f8Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_SHUTDOWN] Process: SystemAddress: 0x8a3221f8Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_LOCK_CONTROL] Process: SystemAddress: 0x8a3221f8Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLEANUP] Process: SystemAddress: 0x8a3221f8Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_PNP] Process: SystemAddress: 0x8a3221f8Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE] Process: SystemAddress: 0x8a4101f8Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE] Process: SystemAddress: 0x8a4101f8Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL] Process: SystemAddress: 0x8a4101f8Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: SystemAddress: 0x8a4101f8Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER] Process: SystemAddress: 0x8a4101f8Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL] Process: SystemAddress: 0x8a4101f8Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP] Process: SystemAddress: 0x8a4101f8Size: 121 Object: Hidden Code [Driver: usbohci, IRP_MJ_CREATE] Process: SystemAddress: 0x8a4ae500Size: 121 Object: Hidden Code [Driver: usbohci, IRP_MJ_CLOSE] Process: SystemAddress: 0x8a4ae500Size: 121 Object: Hidden Code [Driver: usbohci, IRP_MJ_DEVICE_CONTROL] Process: SystemAddress: 0x8a4ae500Size: 121 Object: Hidden Code [Driver: usbohci, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: SystemAddress: 0x8a4ae500Size: 121 Object: Hidden Code [Driver: usbohci, IRP_MJ_POWER] Process: SystemAddress: 0x8a4ae500Size: 121 Object: Hidden Code [Driver: usbohci, IRP_MJ_SYSTEM_CONTROL] Process: SystemAddress: 0x8a4ae500Size: 121 Object: Hidden Code [Driver: usbohci, IRP_MJ_PNP] Process: SystemAddress: 0x8a4ae500Size: 121 Object: Hidden Code [Driver: agmn934nȅ扏煓ᖨ狀Ȃఆ剒敬韠, IRP_MJ_CREATE] Process: SystemAddress: 0x8a4041f8Size: 121 Object: Hidden Code [Driver: agmn934nȅ扏煓ᖨ狀Ȃఆ剒敬韠, IRP_MJ_CLOSE] Process: SystemAddress: 0x8a4041f8Size: 121 Object: Hidden Code [Driver: agmn934nȅ扏煓ᖨ狀Ȃఆ剒敬韠, IRP_MJ_DEVICE_CONTROL] Process: SystemAddress: 0x8a4041f8Size: 121 Object: Hidden Code [Driver: agmn934nȅ扏煓ᖨ狀Ȃఆ剒敬韠, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: SystemAddress: 0x8a4041f8Size: 121 Object: Hidden Code [Driver: agmn934nȅ扏煓ᖨ狀Ȃఆ剒敬韠, IRP_MJ_POWER] Process: SystemAddress: 0x8a4041f8Size: 121 Object: Hidden Code [Driver: agmn934nȅ扏煓ᖨ狀Ȃఆ剒敬韠, IRP_MJ_SYSTEM_CONTROL] Process: SystemAddress: 0x8a4041f8Size: 121 Object: Hidden Code [Driver: agmn934nȅ扏煓ᖨ狀Ȃఆ剒敬韠, IRP_MJ_PNP] Process: SystemAddress: 0x8a4041f8Size: 121 Object: Hidden Code [Driver: USBSTOR, IRP_MJ_CREATE] Process: SystemAddress: 0x8a31c1f8Size: 121 Object: Hidden Code [Driver: USBSTOR, IRP_MJ_CLOSE] Process: SystemAddress: 0x8a31c1f8Size: 121 Object: Hidden Code [Driver: USBSTOR, IRP_MJ_READ] Process: SystemAddress: 0x8a31c1f8Size: 121 Object: Hidden Code [Driver: USBSTOR, IRP_MJ_WRITE] Process: SystemAddress: 0x8a31c1f8Size: 121 Object: Hidden Code [Driver: USBSTOR, IRP_MJ_DEVICE_CONTROL] Process: SystemAddress: 0x8a31c1f8Size: 121 Object: Hidden Code [Driver: USBSTOR, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: SystemAddress: 0x8a31c1f8Size: 121 Object: Hidden Code [Driver: USBSTOR, IRP_MJ_POWER] Process: SystemAddress: 0x8a31c1f8Size: 121 Object: Hidden Code [Driver: USBSTOR, IRP_MJ_SYSTEM_CONTROL] Process: SystemAddress: 0x8a31c1f8Size: 121 Object: Hidden Code [Driver: USBSTOR, IRP_MJ_PNP] Process: SystemAddress: 0x8a31c1f8Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE] Process: SystemAddress: 0x8a5931f8Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ] Process: SystemAddress: 0x8a5931f8Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE] Process: SystemAddress: 0x8a5931f8Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS] Process: SystemAddress: 0x8a5931f8Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL] Process: SystemAddress: 0x8a5931f8Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: SystemAddress: 0x8a5931f8Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN] Process: SystemAddress: 0x8a5931f8Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP] Process: SystemAddress: 0x8a5931f8Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER] Process: SystemAddress: 0x8a5931f8Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL] Process: SystemAddress: 0x8a5931f8Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP] Process: SystemAddress: 0x8a5931f8Size: 121 Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE] Process: SystemAddress: 0x8a3e91f8Size: 121 Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE] Process: SystemAddress: 0x8a3e91f8Size: 121 Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL] Process: SystemAddress: 0x8a3e91f8Size: 121 Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: SystemAddress: 0x8a3e91f8Size: 121 Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP] Process: SystemAddress: 0x8a3e91f8Size: 121 Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP] Process: SystemAddress: 0x8a3e91f8Size: 121 Object: Hidden Code [Driver: fasttx2k, IRP_MJ_CREATE] Process: SystemAddress: 0x8a5921f8Size: 121 Object: Hidden Code [Driver: fasttx2k, IRP_MJ_CLOSE] Process: SystemAddress: 0x8a5921f8Size: 121 Object: Hidden Code [Driver: fasttx2k, IRP_MJ_DEVICE_CONTROL] Process: SystemAddress: 0x8a5921f8Size: 121 Object: Hidden Code [Driver: fasttx2k, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: SystemAddress: 0x8a5921f8Size: 121 Object: Hidden Code [Driver: fasttx2k, IRP_MJ_POWER] Process: SystemAddress: 0x8a5921f8Size: 121 Object: Hidden Code [Driver: fasttx2k, IRP_MJ_SYSTEM_CONTROL] Process: SystemAddress: 0x8a5921f8Size: 121 Object: Hidden Code [Driver: fasttx2k, IRP_MJ_PNP] Process: SystemAddress: 0x8a5921f8Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE] Process: SystemAddress: 0x8a31d1f8Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE] Process: SystemAddress: 0x8a31d1f8Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE] Process: SystemAddress: 0x8a31d1f8Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ] Process: SystemAddress: 0x8a31d1f8Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE] Process: SystemAddress: 0x8a31d1f8Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION] Process: SystemAddress: 0x8a31d1f8Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION] Process: SystemAddress: 0x8a31d1f8Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA] Process: SystemAddress: 0x8a31d1f8Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA] Process: SystemAddress: 0x8a31d1f8Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS] Process: SystemAddress: 0x8a31d1f8Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: SystemAddress: 0x8a31d1f8Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION] Process: SystemAddress: 0x8a31d1f8Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL] Process: SystemAddress: 0x8a31d1f8Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL] Process: SystemAddress: 0x8a31d1f8Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL] Process: SystemAddress: 0x8a31d1f8Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: SystemAddress: 0x8a31d1f8Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN] Process: SystemAddress: 0x8a31d1f8Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL] Process: SystemAddress: 0x8a31d1f8Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP] Process: SystemAddress: 0x8a31d1f8Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT] Process: SystemAddress: 0x8a31d1f8Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY] Process: SystemAddress: 0x8a31d1f8Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY] Process: SystemAddress: 0x8a31d1f8Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER] Process: SystemAddress: 0x8a31d1f8Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL] Process: SystemAddress: 0x8a31d1f8Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE] Process: SystemAddress: 0x8a31d1f8Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA] Process: SystemAddress: 0x8a31d1f8Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA] Process: SystemAddress: 0x8a31d1f8Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP] Process: SystemAddress: 0x8a31d1f8Size: 121 ==EOF== _____ Sophos Anti-Rootkit Version 1.5.20 (c) 2009 Sophos Plc Started logging on 12/17/2011 at 3:54:00 AM User "Administrator" on computer "YOUR-F78BF48CE2" Windows version 5.1 SP 3.0 Service Pack 3 build 2600 SM=0x300 PT=0x1 Win32 Info:Starting process scan. Error:Could not initialize kernel driver memsweep.sys. Please restart and try again. This service cannot be started in Safe Mode Info:Starting registry scan. Info:Starting disk scan of C: (NTFS). Hidden:file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\T5V6KY3X\20205366212_1324000535,124657d67a03ee0,health,;;tile=1;dcopt=;dcopt=ist;!c=f;sz=728x90;net=vrm;ord1=823775;cmw=nowl;contx=health;dc=d;btg=;ord=1149985672[1] Hidden:file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\1VHDKSHH\lt.2b-lt.43-lt.84;;sz=728x90;app=citi_creditcard;net=cm;env=ifr;ord1=377489;dcopt=ist;cmw=owl;contx=noc;dc=d;btg=lt.2b;btg=lt.43;btg=lt[1].84;ord=1324000556 Hidden:file C:\WINDOWS\system32\drivers\sptd.sys Hidden:file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\T5V6KY3X\.g;btg=vt.aj;btg=vt.am;btg=vt.eh;btg=vt.bd;btg=vt.di;btg=vt.cq;btg=vt.cr;btg=vt.ai;btg=vt.bs;btg=vt.gs;btg=vt.kn;btg=vt.u;btg=vt.v;btg=vt[1].w;ord=465232127 Hidden:file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\1VHDKSHH\g;btg=vt.aj;btg=vt.am;btg=vt.eh;btg=vt.bd;btg=vt.di;btg=vt.cq;btg=vt.cr;btg=vt.ai;btg=vt.bs;btg=vt.gs;btg=vt.kn;btg=vt.u;btg=vt.v;btg=vt[1].w;ord=6842018614 Hidden:file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\1VHDKSHH\.g;btg=vt.aj;btg=vt.am;btg=vt.eh;btg=vt.bd;btg=vt.di;btg=vt.cq;btg=vt.cr;btg=vt.ai;btg=vt.bs;btg=vt.gs;btg=vt.kn;btg=vt.u;btg=vt.v;btg=vt[1].w;ord=465232127 Hidden:file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ZFNJX6JZ\=vt.bs;btg=vt.gs;btg=vt.kn;btg=vt.u;btg=vt.v;btg=vt.w;btg=vt.e;btg=vt.x;btg=vt.fk;btg=dx.10;btg=dx.11;btg=dx.26;btg=dx.42;btg=dx.43;ord=379465674400243[1].4 Hidden:file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\T5V6KY3X\.eh;btg=vt.bd;btg=vt.di;btg=vt.cq;btg=vt.cr;btg=vt.ai;btg=vt.bs;btg=vt.gs;btg=vt.kn;btg=vt.u;btg=vt.v;btg=vt.w;btg=vt.e;btg=vt.x;btg=vt[1].fk;ord=7867880288 Hidden:file C:\WINDOWS\$NtUninstallKB42535$\92840879\lsflt7.ver Hidden:file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\T5V6KY3X\aj;btg=vt.am;btg=vt.eh;btg=vt.bd;btg=vt.di;btg=vt.cq;btg=vt.cr;btg=vt.ai;btg=vt.bs;btg=vt.gs;btg=vt.kn;btg=vt.u;btg=vt.v;btg=vt.w;btg=vt[1].e;ord=5918225103 Hidden:file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ZFNJX6JZ\12;dcopt=ist;cmw=owl;contx=health;an=60;bu=100;br=44;dc=w;btg=lt.61;btg=lt.59;btg=lt.4;btg=lt.41;btg=lt.1f;btg=lt.96;btg=iblocal.b8lm;ord=1324001654[1].5276 Hidden:file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\127XUZXA\education;adlocation=site_below_player;dcopt=ist;campaign=;page=category;kw=blinkx;pid=16;sz=468x62,300x251;;source=site;t=;tile=2;ord=4971851357131137[1] Hidden:file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VR5U9EZ5\ontx=none;an=20;bu=100;br=44;dc=w;btg=cm.health_l;btg=cm.soccer_l;btg=lt.61;btg=lt.59;btg=lt.4;btg=lt.41;btg=lt.1f;btg=lt.96;btg=iblocal[1].b8lm;ord=4322746 Hidden:file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OLB08RUG\b36a7b;grp=175539252;misc=1814570395;rdclick=http%3A%2F%2Fads.lucidmedia[1].com%2Fclick%3Ft%3D3766323676103850706%26l%3D924042%26ad%3D239424%26s%3D19%26c%3D Hidden:file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VR5U9EZ5\nk%7C82%7C3548062%7C0%7C170%7CAdId%3D7126095%3BBnId%3D1%3Bitime%3D2020804%3Bku%3D3782062%3Bkwlp3%3Dlucid_general%3Blink%3Dhttp%3A%2F%2Fads.lucidmedia[1].htm Hidden:file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OLB08RUG\l;sub1=%26server%3Dlifescript.us.intellitxt[1].com%26ipid%3D35223%26scid%3D0%26md5%3Dfd220d8516202f9cc811477a1c6a8394;grp=297805551;misc=-368373916;rdclick= Hidden:file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\B8RWLDU3\=specificmedia;camp=specificmedia;tax=premium_quiz;tax=quizzes;tax=personality;pos=pushdown;tile=15;sz=970x66,1x1;frId=ad_15_pushdown;ord=116260143911034[1] Hidden:file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\B8RWLDU3\entid=7e1b45a7;abr=!webtvs;camp=specificmedia;camp=specificmedia;tax=premium_quiz;tax=quizzes;tax=personality;pos=1;tile=2;sz=160x600;ord=116260143911034[1] Hidden:file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\B8RWLDU3\tx=health;an=40;bu=100;br=44;dc=w;btg=cm.health_l;btg=cm.soccer_l;btg=lt.61;btg=lt.59;btg=lt.4;btg=lt.41;btg=lt.1f;btg=lt.96;btg=iblocal[1].b8lm;ord=4406199 Hidden:file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\E20K825H\tx=health;an=80;bu=100;br=44;dc=w;btg=cm.health_l;btg=cm.soccer_l;btg=lt.61;btg=lt.59;btg=lt.4;btg=lt.41;btg=lt.1f;btg=lt.96;btg=iblocal[1].b8lm;ord=4403762 Hidden:file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VR5U9EZ5\tentid=7e1b45a7;abr=!webtvs;camp=specificmedia;camp=specificmedia;tax=premium_quiz;tax=quizzes;tax=personality;pos=1;tile=1;sz=728x90;ord=116260143911034[1] Hidden:file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\B8RWLDU3\=7e1b45a7;abr=!webtvs;camp=specificmedia;camp=specificmedia;tax=premium_quiz;tax=quizzes;tax=personality;pos=pencil;tile=20;sz=470x60;ord=116260143911034[1] Hidden:file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VR5U9EZ5\=!webtvs;camp=specificmedia;camp=specificmedia;tax=premium_quiz;tax=quizzes;tax=personality;pos=1;dcopt=ist;tile=3;sz=300x250,300x600;ord=116260143911034[1] Hidden:file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\B8RWLDU3\ntid=7e1b45a7;abr=!webtvs;camp=specificmedia;camp=specificmedia;tax=premium_quiz;tax=quizzes;tax=personality;pos=1;tile=16;sz=470x250;ord=116260143911034[1] Hidden:file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\E20K825H\entid=7e1b45a7;abr=!webtvs;camp=specificmedia;camp=specificmedia;tax=premium_quiz;tax=quizzes;tax=personality;pos=1;tile=5;sz=300x100;ord=116260143911034[1] Hidden:file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OLB08RUG\1b45a7;abr=!webtvs;camp=specificmedia;camp=specificmedia;tax=premium_quiz;tax=quizzes;tax=personality;pos=2;tile=4;sz=300x250,300x600;ord=116260143911034[1] Hidden:file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OLB08RUG\ntid=7e1b45a7;abr=!webtvs;camp=specificmedia;camp=specificmedia;tax=premium_quiz;tax=quizzes;tax=personality;pos=3;tile=21;sz=300x600;ord=116260143911034[1] Hidden:file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VR5U9EZ5\tentid=7e1b45a7;abr=!webtvs;camp=specificmedia;camp=specificmedia;tax=premium_quiz;tax=quizzes;tax=personality;pos=2;tile=6;sz=728x90;ord=116260143911034[1] Hidden:file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\E20K825H\le
	to forum · permalink · 2011-12-17 05:11:55 ·
GreenLeoCat join:2008-03-13	05:00:38.0031 1248 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31 05:00:38.0312 1248 ============================================================ 05:00:38.0312 1248 Current date / time: 2011/12/17 05:00:38.0312 05:00:38.0312 1248 SystemInfo: 05:00:38.0312 1248 05:00:38.0312 1248 OS Version: 5.1.2600 ServicePack: 3.0 05:00:38.0312 1248 Product type: Workstation 05:00:38.0312 1248 ComputerName: YOUR-F78BF48CE2 05:00:38.0312 1248 UserName: Administrator 05:00:38.0312 1248 Windows directory: C:\WINDOWS 05:00:38.0312 1248 System windows directory: C:\WINDOWS 05:00:38.0312 1248 Processor architecture: Intel x86 05:00:38.0312 1248 Number of processors: 1 05:00:38.0312 1248 Page size: 0x1000 05:00:38.0312 1248 Boot type: Safe boot with network 05:00:38.0312 1248 ============================================================ 05:00:39.0859 1248 Initialize success 05:01:30.0390 1220 ============================================================ 05:01:30.0390 1220 Scan started 05:01:30.0390 1220 Mode: Manual; 05:01:30.0390 1220 ============================================================ 05:01:31.0859 1220 Abiosdsk - ok 05:01:32.0265 1220 abp480n5 - ok 05:01:32.0765 1220 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 05:01:32.0765 1220 ACPI - ok 05:01:33.0203 1220 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 05:01:33.0203 1220 ACPIEC - ok 05:01:33.0593 1220 adpu160m - ok 05:01:34.0078 1220 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 05:01:34.0109 1220 aec - ok 05:01:34.0562 1220 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\WINDOWS\system32\drivers\Afc.sys 05:01:34.0562 1220 Afc - ok 05:01:35.0046 1220 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys 05:01:35.0046 1220 AFD - ok 05:01:35.0968 1220 AgereSoftModem (593aefc67283d409f34cc1245d00a509) C:\WINDOWS\system32\DRIVERS\AGRSM.sys 05:01:36.0437 1220 AgereSoftModem - ok 05:01:36.0843 1220 Aha154x - ok 05:01:37.0234 1220 aic78u2 - ok 05:01:37.0671 1220 aic78xx - ok 05:01:38.0937 1220 ALCXWDM (8d6c30e515717248e0e52b85fd7ac466) C:\WINDOWS\system32\drivers\ALCXWDM.SYS 05:01:39.0734 1220 ALCXWDM - ok 05:01:40.0187 1220 AliIde - ok 05:01:40.0656 1220 AmdK8 (59301936898ae62245a6f09c0aba9475) C:\WINDOWS\system32\DRIVERS\AmdK8.sys 05:01:40.0656 1220 AmdK8 - ok 05:01:41.0062 1220 amsint - ok 05:01:41.0515 1220 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 05:01:41.0515 1220 Arp1394 - ok 05:01:41.0921 1220 asc - ok 05:01:42.0328 1220 asc3350p - ok 05:01:42.0718 1220 asc3550 - ok 05:01:43.0203 1220 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 05:01:43.0203 1220 AsyncMac - ok 05:01:43.0656 1220 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 05:01:43.0671 1220 atapi - ok 05:01:44.0078 1220 Atdisk - ok 05:01:44.0531 1220 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 05:01:44.0531 1220 Atmarpc - ok 05:01:44.0953 1220 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 05:01:44.0953 1220 audstub - ok 05:01:45.0406 1220 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 05:01:45.0406 1220 Beep - ok 05:01:45.0859 1220 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 05:01:45.0859 1220 cbidf2k - ok 05:01:46.0265 1220 cd20xrnt - ok 05:01:46.0703 1220 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 05:01:46.0703 1220 Cdaudio - ok 05:01:47.0171 1220 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 05:01:47.0171 1220 Cdfs - ok 05:01:47.0625 1220 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys 05:01:47.0640 1220 Cdrom - ok 05:01:48.0031 1220 Changer - ok 05:01:48.0453 1220 CmdIde - ok 05:01:49.0453 1220 cmuda3 (809980f0bfcec2d3ddb3dbe8a2bd323b) C:\WINDOWS\system32\drivers\cmudax3.sys 05:01:49.0984 1220 cmuda3 - ok 05:01:50.0406 1220 Cpqarray - ok 05:01:50.0828 1220 dac2w2k - ok 05:01:51.0234 1220 dac960nt - ok 05:01:51.0703 1220 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 05:01:51.0703 1220 Disk - ok 05:01:52.0421 1220 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 05:01:52.0687 1220 dmboot - ok 05:01:53.0187 1220 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 05:01:53.0218 1220 dmio - ok 05:01:53.0671 1220 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 05:01:53.0671 1220 dmload - ok 05:01:54.0140 1220 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 05:01:54.0140 1220 DMusic - ok 05:01:54.0593 1220 dpti2o - ok 05:01:55.0046 1220 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 05:01:55.0046 1220 drmkaud - ok 05:01:55.0562 1220 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 05:01:55.0562 1220 Fastfat - ok 05:01:56.0062 1220 fasttx2k (1e580770bdece924494b368ac980749e) C:\WINDOWS\system32\DRIVERS\fasttx2k.sys 05:01:56.0062 1220 fasttx2k - ok 05:01:56.0531 1220 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 05:01:56.0531 1220 Fdc - ok 05:01:56.0984 1220 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 05:01:56.0984 1220 Fips - ok 05:01:57.0453 1220 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 05:01:57.0453 1220 Flpydisk - ok 05:01:57.0921 1220 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 05:01:57.0921 1220 FltMgr - ok 05:01:58.0375 1220 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 05:01:58.0375 1220 Fs_Rec - ok 05:01:58.0859 1220 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 05:01:58.0859 1220 Ftdisk - ok 05:01:59.0312 1220 gagp30kx (3a74c423cf6bcca6982715878f450a3b) C:\WINDOWS\system32\DRIVERS\gagp30kx.sys 05:01:59.0312 1220 gagp30kx - ok 05:01:59.0734 1220 GEARAspiWDM (2fb04db459c71f416ee8b05448ca4ac3) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 05:01:59.0734 1220 GEARAspiWDM - ok 05:02:00.0187 1220 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 05:02:00.0187 1220 Gpc - ok 05:02:00.0656 1220 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 05:02:00.0656 1220 HidUsb - ok 05:02:01.0062 1220 hpn - ok 05:02:01.0609 1220 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 05:02:01.0687 1220 HTTP - ok 05:02:02.0093 1220 i2omgmt - ok 05:02:02.0484 1220 i2omp - ok 05:02:02.0953 1220 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 05:02:02.0953 1220 i8042prt - ok 05:02:03.0437 1220 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 05:02:03.0437 1220 Imapi - ok 05:02:03.0843 1220 ini910u - ok 05:02:04.0296 1220 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys 05:02:04.0296 1220 IntelIde - ok 05:02:04.0750 1220 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 05:02:04.0750 1220 intelppm - ok 05:02:05.0203 1220 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 05:02:05.0203 1220 Ip6Fw - ok 05:02:05.0656 1220 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 05:02:05.0656 1220 IpFilterDriver - ok 05:02:06.0109 1220 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 05:02:06.0109 1220 IpInIp - ok 05:02:06.0625 1220 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 05:02:06.0656 1220 IpNat - ok 05:02:07.0125 1220 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 05:02:07.0125 1220 IPSec - ok 05:02:07.0593 1220 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 05:02:07.0593 1220 IRENUM - ok 05:02:08.0046 1220 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 05:02:08.0046 1220 isapnp - ok 05:02:08.0531 1220 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 05:02:08.0531 1220 Kbdclass - ok 05:02:08.0984 1220 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 05:02:08.0984 1220 kbdhid - ok 05:02:09.0500 1220 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 05:02:09.0531 1220 kmixer - ok 05:02:09.0984 1220 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 05:02:10.0000 1220 KSecDD - ok 05:02:10.0406 1220 lbrtfdc - ok 05:02:10.0828 1220 MBAMSwissArmy - ok 05:02:11.0203 1220 MEMSWEEP2 (f9ce67e9e0226079b59107b649851f96) C:\WINDOWS\system32\D.tmp 05:02:11.0203 1220 MEMSWEEP2 - ok 05:02:11.0640 1220 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 05:02:11.0640 1220 mnmdd - ok 05:02:12.0109 1220 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 05:02:12.0109 1220 Modem - ok 05:02:12.0562 1220 motusbdevice (2136cca3d1bf7c0248e5366b1a6c24e3) C:\WINDOWS\system32\DRIVERS\motusbdevice.sys 05:02:12.0562 1220 motusbdevice - ok 05:02:13.0015 1220 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 05:02:13.0015 1220 Mouclass - ok 05:02:13.0484 1220 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 05:02:13.0484 1220 mouhid - ok 05:02:13.0937 1220 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 05:02:13.0937 1220 MountMgr - ok 05:02:14.0343 1220 mraid35x - ok 05:02:14.0859 1220 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 05:02:14.0890 1220 MRxDAV - ok 05:02:15.0484 1220 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 05:02:15.0500 1220 MRxSmb - ok 05:02:15.0937 1220 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 05:02:15.0937 1220 Msfs - ok 05:02:16.0375 1220 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 05:02:16.0375 1220 MSKSSRV - ok 05:02:16.0796 1220 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 05:02:16.0796 1220 MSPCLOCK - ok 05:02:17.0265 1220 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 05:02:17.0265 1220 MSPQM - ok 05:02:17.0687 1220 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 05:02:17.0687 1220 mssmbios - ok 05:02:18.0156 1220 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 05:02:18.0156 1220 Mup - ok 05:02:18.0656 1220 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 05:02:18.0656 1220 NDIS - ok 05:02:19.0093 1220 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 05:02:19.0093 1220 NdisTapi - ok 05:02:19.0546 1220 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 05:02:19.0546 1220 Ndisuio - ok 05:02:20.0015 1220 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 05:02:20.0015 1220 NdisWan - ok 05:02:20.0484 1220 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 05:02:20.0484 1220 NDProxy - ok 05:02:20.0953 1220 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 05:02:20.0953 1220 NetBIOS - ok 05:02:21.0484 1220 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 05:02:21.0484 1220 NetBT - ok 05:02:21.0953 1220 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 05:02:21.0953 1220 NIC1394 - ok 05:02:22.0406 1220 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 05:02:22.0406 1220 Npfs - ok 05:02:23.0078 1220 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 05:02:23.0078 1220 Ntfs - ok 05:02:23.0531 1220 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 05:02:23.0531 1220 Null - ok 05:02:23.0968 1220 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 05:02:23.0968 1220 NwlnkFlt - ok 05:02:24.0406 1220 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 05:02:24.0406 1220 NwlnkFwd - ok 05:02:24.0875 1220 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 05:02:24.0875 1220 ohci1394 - ok 05:02:25.0343 1220 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 05:02:25.0343 1220 Parport - ok 05:02:25.0828 1220 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 05:02:25.0828 1220 PartMgr - ok 05:02:26.0265 1220 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 05:02:26.0265 1220 ParVdm - ok 05:02:26.0687 1220 PcdrNdisuio (505cba425df3bb230f244e1c23221058) C:\WINDOWS\system32\DRIVERS\pcdrndisuio.sys 05:02:26.0687 1220 PcdrNdisuio - ok 05:02:27.0156 1220 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 05:02:27.0156 1220 PCI - ok 05:02:27.0562 1220 PCIDump - ok 05:02:28.0015 1220 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 05:02:28.0015 1220 PCIIde - ok 05:02:28.0484 1220 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 05:02:28.0500 1220 Pcmcia - ok 05:02:28.0937 1220 PDCOMP - ok 05:02:29.0343 1220 PDFRAME - ok 05:02:29.0765 1220 PDRELI - ok 05:02:30.0171 1220 PDRFRAME - ok 05:02:30.0625 1220 PenClass (4a108cc9cc0e0605e68cce7021479879) C:\WINDOWS\system32\drivers\PenClass.sys 05:02:30.0625 1220 PenClass - ok 05:02:31.0046 1220 perc2 - ok 05:02:31.0437 1220 perc2hib - ok 05:02:31.0937 1220 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 05:02:31.0937 1220 PptpMiniport - ok 05:02:32.0390 1220 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys 05:02:32.0390 1220 Processor - ok 05:02:32.0843 1220 Ps2 (bffdb363485501a38f0bca83aec810db) C:\WINDOWS\system32\DRIVERS\PS2.sys 05:02:32.0843 1220 Ps2 - ok 05:02:33.0296 1220 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 05:02:33.0312 1220 PSched - ok 05:02:33.0750 1220 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 05:02:33.0750 1220 Ptilink - ok 05:02:34.0203 1220 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys 05:02:34.0203 1220 PxHelp20 - ok 05:02:34.0609 1220 ql1080 - ok 05:02:35.0031 1220 Ql10wnt - ok 05:02:35.0421 1220 ql12160 - ok 05:02:35.0859 1220 ql1240 - ok 05:02:36.0265 1220 ql1280 - ok 05:02:36.0687 1220 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 05:02:36.0687 1220 RasAcd - ok 05:02:37.0140 1220 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 05:02:37.0156 1220 Rasl2tp - ok 05:02:37.0625 1220 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 05:02:37.0625 1220 RasPppoe - ok 05:02:38.0093 1220 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 05:02:38.0093 1220 Raspti - ok 05:02:38.0593 1220 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 05:02:38.0593 1220 Rdbss - ok 05:02:39.0046 1220 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 05:02:39.0046 1220 RDPCDD - ok 05:02:39.0546 1220 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys 05:02:39.0546 1220 RDPWD - ok 05:02:39.0953 1220 redbook - ok 05:02:40.0359 1220 rootrepeal - ok 05:02:40.0812 1220 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS 05:02:40.0812 1220 rtl8139 - ok 05:02:41.0265 1220 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 05:02:41.0265 1220 Secdrv - ok 05:02:41.0718 1220 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 05:02:41.0718 1220 Serenum - ok 05:02:42.0187 1220 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 05:02:42.0187 1220 Serial - ok 05:02:42.0640 1220 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 05:02:42.0640 1220 Sfloppy - ok 05:02:43.0046 1220 Simbad - ok 05:02:43.0578 1220 SiS315 (509d96916c7d9218e4083940b8711b9b) C:\WINDOWS\system32\DRIVERS\sisgrp.sys 05:02:43.0656 1220 SiS315 - ok 05:02:44.0109 1220 SiSkp (2c921a4cce0b3eb372ebf448939fa3bf) C:\WINDOWS\system32\DRIVERS\srvkp.sys 05:02:44.0109 1220 SiSkp - ok 05:02:44.0531 1220 SISNIC (5529b51aacff16fbdde4b34ff0af2b76) C:\WINDOWS\system32\DRIVERS\sisnic.sys 05:02:44.0531 1220 SISNIC - ok 05:02:44.0937 1220 Sparrow - ok 05:02:45.0375 1220 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 05:02:45.0375 1220 splitter - ok 05:02:46.0062 1220 sptd (71e276f6d189413266ea22171806597b) C:\WINDOWS\system32\Drivers\sptd.sys 05:02:46.0062 1220 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b 05:02:46.0078 1220 sptd ( LockedFile.Multi.Generic ) - warning 05:02:46.0078 1220 sptd - detected LockedFile.Multi.Generic (1) 05:02:46.0546 1220 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 05:02:46.0546 1220 sr - ok 05:02:47.0093 1220 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 05:02:47.0109 1220 Srv - ok 05:02:47.0546 1220 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 05:02:47.0546 1220 swenum - ok 05:02:48.0000 1220 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 05:02:48.0000 1220 swmidi - ok 05:02:48.0421 1220 symc810 - ok 05:02:48.0812 1220 symc8xx - ok 05:02:49.0218 1220 sym_hi - ok 05:02:49.0640 1220 sym_u3 - ok 05:02:50.0093 1220 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 05:02:50.0093 1220 sysaudio - ok 05:02:50.0656 1220 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 05:02:50.0656 1220 Tcpip - ok 05:02:51.0109 1220 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 05:02:51.0109 1220 TDPIPE - ok 05:02:51.0593 1220 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 05:02:51.0593 1220 TDTCP - ok 05:02:52.0062 1220 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 05:02:52.0062 1220 TermDD - ok 05:02:52.0468 1220 TosIde - ok 05:02:52.0921 1220 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 05:02:52.0921 1220 Udfs - ok 05:02:53.0343 1220 ultra - ok 05:02:53.0937 1220 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 05:02:53.0937 1220 Update - ok 05:02:54.0406 1220 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys 05:02:54.0406 1220 usbaudio - ok 05:02:54.0859 1220 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 05:02:54.0859 1220 usbccgp - ok 05:02:55.0312 1220 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 05:02:55.0312 1220 usbehci - ok 05:02:55.0781 1220 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 05:02:55.0781 1220 usbhub - ok 05:02:56.0218 1220 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys 05:02:56.0218 1220 usbohci - ok 05:02:56.0671 1220 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 05:02:56.0671 1220 usbprint - ok 05:02:57.0109 1220 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 05:02:57.0109 1220 usbscan - ok 05:02:57.0562 1220 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 05:02:57.0562 1220 USBSTOR - ok 05:02:58.0015 1220 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 05:02:58.0015 1220 usbuhci - ok 05:02:58.0484 1220 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 05:02:58.0484 1220 VgaSave - ok 05:02:58.0921 1220 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys 05:02:58.0921 1220 ViaIde - ok 05:02:59.0375 1220 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 05:02:59.0375 1220 VolSnap - ok 05:02:59.0843 1220 wacmoumonitor (826a053968d0faf39afd8aecff580cb6) C:\WINDOWS\system32\DRIVERS\wacmoumonitor.sys 05:02:59.0843 1220 wacmoumonitor - ok 05:03:00.0296 1220 wacommousefilter (427a8bc96f16c40df81c2d2f4edd32dd) C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys 05:03:00.0296 1220 wacommousefilter - ok 05:03:00.0734 1220 wacomvhid (51d580f30d1a1f2ea4965af6abc2bcb2) C:\WINDOWS\system32\DRIVERS\wacomvhid.sys 05:03:00.0734 1220 wacomvhid - ok 05:03:01.0187 1220 WacomVKHid (889459833432b161cb99cfdf84a1a9bb) C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys 05:03:01.0187 1220 WacomVKHid - ok 05:03:01.0640 1220 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 05:03:01.0640 1220 Wanarp - ok 05:03:02.0250 1220 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys 05:03:02.0265 1220 Wdf01000 - ok 05:03:02.0656 1220 WDICA - ok 05:03:03.0156 1220 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 05:03:03.0156 1220 wdmaud - ok 05:03:03.0640 1220 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys 05:03:03.0640 1220 WinUSB - ok 05:03:04.0140 1220 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 05:03:04.0140 1220 WudfPf - ok 05:03:04.0625 1220 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 05:03:04.0656 1220 WudfRd - ok 05:03:05.0062 1220 yomn - ok 05:03:05.0515 1220 zumbus (337b9607f041b77824411750069aff2d) C:\WINDOWS\system32\DRIVERS\zumbus.sys 05:03:05.0515 1220 zumbus - ok 05:03:05.0578 1220 MBR (0x1B8) (bad0263fbe81b49f5f07b32dc9d198b3) \Device\Harddisk0\DR0 05:03:05.0578 1220 \Device\Harddisk0\DR0 - ok 05:03:05.0593 1220 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk5\DR7 05:03:13.0125 1220 \Device\Harddisk5\DR7 - ok 05:03:13.0140 1220 Boot (0x1200) (b7ab31b312b931cfe8a564c57cc79369) \Device\Harddisk0\DR0\Partition0 05:03:13.0140 1220 \Device\Harddisk0\DR0\Partition0 - ok 05:03:13.0171 1220 Boot (0x1200) (8648bd857740cfe0c8419fbfdfbd2a78) \Device\Harddisk0\DR0\Partition1 05:03:13.0171 1220 \Device\Harddisk0\DR0\Partition1 - ok 05:03:13.0171 1220 Boot (0x1200) (9072417a3484a2ad7986093e836f445a) \Device\Harddisk5\DR7\Partition0 05:03:13.0171 1220 \Device\Harddisk5\DR7\Partition0 - ok 05:03:13.0187 1220 ============================================================ 05:03:13.0187 1220 Scan finished 05:03:13.0187 1220 ============================================================ 05:03:13.0203 1344 Detected object count: 1 05:03:13.0203 1344 Actual detected object count: 1 05:04:34.0734 1344 sptd ( LockedFile.Multi.Generic ) - skipped by user 05:04:34.0734 1344 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
	to forum · permalink · 2011-12-17 05:12:35 ·
LoPhatPhuud Premium,VIP,MVM join:2002-01-06 Albuquerque, NM kudos:23 Reviews: ·Comcast	reply to GreenLeoCat Thanks for the logs. Nothing adverse showing. First: Run OTL []Under the Custom Scans/Fixes* box at the bottom, copy and paste the contents of the following box: :OTL O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found. :Services :Reg :Files C:\Documents and Settings\All Users\Application Data\071633p1j612x862q517x5krx0j0 :Commands [purity] [emptytemp] [EMPTYFLASH] [Reboot] []Then click the Run Fix* button at the top []Let the program run unhindered, reboot the PC when it is done []Once you see a message box "Fix complete! Click OK to open the fix log." []Click the OK button []The log will open in Notepad (your default text editor). {]Save the log. Post a copy of that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start-All Programs-Accessories-Notepad), click File->Open, in the File Name box enter .log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post. Second: Do a full system scan with you AntiVirus and post back with the results.
	to forum · permalink · 2011-12-17 11:50:15 ·
GreenLeoCat join:2008-03-13	I've ran the OTL fix, but when it rebooted, I started getting a dialog box "choose the program you want to open this file" for every .exe extension... including firefox. But I opened the firefox.exe with firefox and it worked. When I do that with otl.exe it downloads through firefox and then once I open my downloads folder and click OTL it does the same thing again. What's the best free AntiVirus program? I previously used spybot search and destroy.
	to forum · permalink · 2011-12-17 16:22:32 ·
GreenLeoCat join:2008-03-13	It appears to let me run OTL in safe mode, so I'm doing that now.
	to forum · permalink · 2011-12-17 16:27:32 ·
GreenLeoCat join:2008-03-13	All processes killed ========== OTL ========== Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\ deleted successfully. ========== SERVICES/DRIVERS ========== ========== REGISTRY ========== ========== FILES ========== C:\Documents and Settings\All Users\Application Data\071633p1j612x862q517x5krx0j0 moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 40518668 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->FireFox cache emptied: 45885207 bytes ->Flash cache emptied: 842 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: HelpAssistant ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: HP_Owner ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: LocalService ->Temp folder emptied: 66016 bytes ->Temporary Internet Files folder emptied: 87473 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 126693469 bytes ->Java cache emptied: 25 bytes ->Flash cache emptied: 12298 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 18432 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 17621381 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 220.00 mb [EMPTYFLASH] User: Administrator ->Flash cache emptied: 0 bytes User: All Users User: Default User ->Flash cache emptied: 0 bytes User: HelpAssistant ->Flash cache emptied: 0 bytes User: HP_Owner ->Flash cache emptied: 0 bytes User: LocalService User: NetworkService ->Flash cache emptied: 0 bytes Total Flash Files Cleaned = 0.00 mb OTL by OldTimer - Version 3.2.31.0 log created on 12172011_160806 Files\Folders moved on Reboot... Registry entries deleted on Reboot... ______ Will post Spybot S&D results once the scan completes. Let me know if I need to use a different antiviurs software.
	to forum · permalink · 2011-12-17 16:43:54 ·
LoPhatPhuud Premium,VIP,MVM join:2002-01-06 Albuquerque, NM kudos:23 Reviews: ·Comcast	reply to GreenLeoCat In no particular order, free AV programs: Microsoft Security Essentials, AVG free, Avast Free, AntiVir free. Pick one and try it. Do a full scan with it and post back. If you are still having trouble with exe files executing, let me know when you post back.
	to forum · permalink · 2011-12-17 18:05:57 ·
GreenLeoCat join:2008-03-13	Avast would not run and gave me an error that suggested I uninstall and try again. I did this and received the same error. I uninstalled it. AVG would only run "command line scanner" in safe mode, but when clicking scan the DOS window only lasts a few seconds before disappearing and I get the option to "start scan" again. I uninstalled this one as well. Microsoft Security Essentials would not download in safe mode. AntiVir gave me an error when I tried to update it. Here's the results of the scan from this program: Avira AntiVir Personal Report file date: Saturday, December 17, 2011 22:09 Scanning for 2364983 virus strains and unwanted programs. The program is running as an unrestricted full version. Online services are no longer available since s. Licensee : Avira AntiVir Personal - FREE Antivirus Serial number : 0000149996-ADJIE-0000001 Platform : Windows XP Windows version : (Service Pack 3) [5.1.2600] Boot mode : Safe mode with network Username : Administrator Computer name : YOUR-F78BF48CE2 Version information: BUILD.DAT : 10.0.0.611 31824 Bytes 1/14/2011 13:42:00 AVSCAN.EXE : 10.0.3.5 435368 Bytes 1/10/2011 19:23:31 AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 17:57:04 LUKE.DLL : 10.0.3.2 104296 Bytes 1/10/2011 19:23:40 LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 04:40:49 VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 14:05:36 VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 19:23:50 VBASE002.VDF : 7.11.0.1 2048 Bytes 12/14/2010 19:23:50 VBASE003.VDF : 7.11.0.2 2048 Bytes 12/14/2010 19:23:50 VBASE004.VDF : 7.11.0.3 2048 Bytes 12/14/2010 19:23:50 VBASE005.VDF : 7.11.0.4 2048 Bytes 12/14/2010 19:23:50 VBASE006.VDF : 7.11.0.5 2048 Bytes 12/14/2010 19:23:50 VBASE007.VDF : 7.11.0.6 2048 Bytes 12/14/2010 19:23:50 VBASE008.VDF : 7.11.0.7 2048 Bytes 12/14/2010 19:23:50 VBASE009.VDF : 7.11.0.8 2048 Bytes 12/14/2010 19:23:50 VBASE010.VDF : 7.11.0.9 2048 Bytes 12/14/2010 19:23:50 VBASE011.VDF : 7.11.0.10 2048 Bytes 12/14/2010 19:23:50 VBASE012.VDF : 7.11.0.11 2048 Bytes 12/14/2010 19:23:50 VBASE013.VDF : 7.11.0.52 128000 Bytes 12/16/2010 20:54:35 VBASE014.VDF : 7.11.0.91 226816 Bytes 12/20/2010 22:12:47 VBASE015.VDF : 7.11.0.122 136192 Bytes 12/21/2010 00:09:26 VBASE016.VDF : 7.11.0.156 122880 Bytes 12/24/2010 14:41:13 VBASE017.VDF : 7.11.0.185 146944 Bytes 12/27/2010 19:39:57 VBASE018.VDF : 7.11.0.228 132608 Bytes 12/30/2010 21:23:58 VBASE019.VDF : 7.11.1.5 148480 Bytes 1/3/2011 22:45:39 VBASE020.VDF : 7.11.1.37 156672 Bytes 1/7/2011 14:30:06 VBASE021.VDF : 7.11.1.65 140800 Bytes 1/10/2011 18:12:43 VBASE022.VDF : 7.11.1.87 225280 Bytes 1/11/2011 19:47:36 VBASE023.VDF : 7.11.1.88 2048 Bytes 1/11/2011 19:47:36 VBASE024.VDF : 7.11.1.89 2048 Bytes 1/11/2011 19:47:36 VBASE025.VDF : 7.11.1.90 2048 Bytes 1/11/2011 19:47:36 VBASE026.VDF : 7.11.1.91 2048 Bytes 1/11/2011 19:47:37 VBASE027.VDF : 7.11.1.92 2048 Bytes 1/11/2011 19:47:37 VBASE028.VDF : 7.11.1.93 2048 Bytes 1/11/2011 19:47:37 VBASE029.VDF : 7.11.1.94 2048 Bytes 1/11/2011 19:47:37 VBASE030.VDF : 7.11.1.95 2048 Bytes 1/11/2011 19:47:37 VBASE031.VDF : 7.11.1.117 94208 Bytes 1/13/2011 18:34:25 Engineversion : 8.2.4.140 AEVDF.DLL : 8.1.2.1 106868 Bytes 1/10/2011 19:23:26 AESCRIPT.DLL : 8.1.3.52 1282426 Bytes 1/6/2011 22:51:44 AESCN.DLL : 8.1.7.2 127349 Bytes 1/10/2011 19:23:26 AESBX.DLL : 8.1.3.2 254324 Bytes 1/10/2011 19:23:26 AERDL.DLL : 8.1.9.2 635252 Bytes 1/10/2011 19:23:25 AEPACK.DLL : 8.2.4.7 512375 Bytes 1/6/2011 22:51:44 AEOFFICE.DLL : 8.1.1.10 201084 Bytes 1/10/2011 19:23:25 AEHEUR.DLL : 8.1.2.64 3154294 Bytes 1/6/2011 22:51:44 AEHELP.DLL : 8.1.16.0 246136 Bytes 1/10/2011 19:23:19 AEGEN.DLL : 8.1.5.1 397683 Bytes 1/6/2011 22:51:43 AEEMU.DLL : 8.1.3.0 393589 Bytes 1/10/2011 19:23:18 AECORE.DLL : 8.1.19.0 196984 Bytes 1/10/2011 19:23:18 AEBB.DLL : 8.1.1.0 53618 Bytes 1/10/2011 19:23:18 AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/10/2011 19:23:32 AVPREF.DLL : 10.0.0.0 44904 Bytes 1/10/2011 19:23:30 AVREP.DLL : 10.0.0.8 62209 Bytes 6/17/2010 19:27:13 AVREG.DLL : 10.0.3.2 53096 Bytes 1/10/2011 19:23:31 AVSCPLR.DLL : 10.0.3.2 84328 Bytes 1/10/2011 19:23:31 AVARKT.DLL : 10.0.22.6 231784 Bytes 1/10/2011 19:23:27 AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 1/10/2011 19:23:28 SQLITE3.DLL : 3.6.19.0 355688 Bytes 6/17/2010 19:27:22 AVSMTP.DLL : 10.0.0.17 63848 Bytes 1/10/2011 19:23:31 NETNT.DLL : 10.0.0.0 11624 Bytes 6/17/2010 19:27:21 RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 18:10:20 RCTEXT.DLL : 10.0.58.0 97128 Bytes 1/10/2011 19:23:52 Configuration settings for the scan: Jobname.............................: Complete system scan Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp Logging.............................: low Primary action......................: interactive Secondary action....................: ignore Scan master boot sector.............: on Scan boot sector....................: on Boot sectors........................: C:, D:, Process scan........................: on Extended process scan...............: on Scan registry.......................: on Search for rootkits.................: on Integrity checking of system files..: off Scan all files......................: All files Scan archives.......................: on Recursion depth.....................: 20 Smart extensions....................: on Macro heuristic.....................: on File heuristic......................: medium Start of the scan: Saturday, December 17, 2011 22:09 Starting search for hidden objects. The driver could not be initialized. The scan of running processes will be started Scan process 'avscan.exe' - '59' Module(s) have been scanned Scan process 'NOTEPAD.EXE' - '25' Module(s) have been scanned Scan process 'avcenter.exe' - '62' Module(s) have been scanned Scan process 'Explorer.EXE' - '82' Module(s) have been scanned Scan process 'svchost.exe' - '31' Module(s) have been scanned Scan process 'svchost.exe' - '28' Module(s) have been scanned Scan process 'svchost.exe' - '106' Module(s) have been scanned Scan process 'svchost.exe' - '31' Module(s) have been scanned Scan process 'svchost.exe' - '38' Module(s) have been scanned Scan process 'svchost.exe' - '49' Module(s) have been scanned Scan process 'lsass.exe' - '48' Module(s) have been scanned Scan process 'services.exe' - '27' Module(s) have been scanned Scan process 'winlogon.exe' - '61' Module(s) have been scanned Scan process 'csrss.exe' - '12' Module(s) have been scanned Scan process 'smss.exe' - '2' Module(s) have been scanned Starting master boot sector scan: Master boot sector HD0 [INFO] No virus was found! Master boot sector HD1 [INFO] No virus was found! Master boot sector HD2 [INFO] No virus was found! Master boot sector HD3 [INFO] No virus was found! Master boot sector HD4 [INFO] No virus was found! Master boot sector HD5 [INFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [INFO] No virus was found! Boot sector 'D:\' [INFO] No virus was found! Starting to scan executable files (registry). C:\WINDOWS\system32\drivers\sptd.sys [WARNING] The file could not be opened! The registry was scanned ( '1748' files ). Starting the file scan: Begin scan in 'C:\' C:\9d2c1e2116bff12c25e58b254b87\ZuneSetup.exe [WARNING] The file could not be opened! C:\Documents and Settings\HP_Owner\My Documents\Downloads\burger-shop-setup.exe [DETECTION] Contains virus patterns of Adware ADWARE/Adware.Gen --> ProgramFilesDir/Uninstall.exe [DETECTION] Contains virus patterns of Adware ADWARE/Adware.Gen C:\Program Files\InterMute\SpySubtract\ssengine.dll [DETECTION] Is the TR/Orsam.A.2505 Trojan C:\Program Files\iWin Games\Uninstall.exe [DETECTION] Contains virus patterns of Adware ADWARE/Adware.Gen C:\Program Files\Online Services\PeoplePC\Utilities\AtlBrowser.exe [DETECTION] Contains recognition pattern of the DIAL/90112 dialer C:\WINDOWS\system32\drivers\sptd.sys [WARNING] The file could not be opened! Begin scan in 'D:\' D:\I386\Apps\APP31451\src\SpyInstall_HPPre.exe [0] Archive type: RSRC [DETECTION] Is the TR/Orsam.A.2505 Trojan --> Object [1] Archive type: CAB (Microsoft) --> ssengine.dll [DETECTION] Is the TR/Orsam.A.2505 Trojan --> Object [1] Archive type: RSRC --> Object [2] Archive type: CAB (Microsoft) --> ssengine.dll [DETECTION] Is the TR/Orsam.A.2505 Trojan Beginning disinfection: D:\I386\Apps\APP31451\src\SpyInstall_HPPre.exe [DETECTION] Is the TR/Orsam.A.2505 Trojan [NOTE] The file was moved to the quarantine directory under the name '4de106ca.qua'. C:\Program Files\Online Services\PeoplePC\Utilities\AtlBrowser.exe [DETECTION] Contains recognition pattern of the DIAL/90112 dialer [NOTE] The file was moved to the quarantine directory under the name '55492951.qua'. C:\Program Files\iWin Games\Uninstall.exe [DETECTION] Contains virus patterns of Adware ADWARE/Adware.Gen [NOTE] The file was moved to the quarantine directory under the name '07197383.qua'. C:\Program Files\InterMute\SpySubtract\ssengine.dll [DETECTION] Is the TR/Orsam.A.2505 Trojan [NOTE] The file was moved to the quarantine directory under the name '612a3c7b.qua'. C:\Documents and Settings\HP_Owner\My Documents\Downloads\burger-shop-setup.exe [DETECTION] Contains virus patterns of Adware ADWARE/Adware.Gen [NOTE] The file was moved to the quarantine directory under the name '24a31147.qua'. End of the scan: Sunday, December 18, 2011 03:18 Used time: 3:57:35 Hour(s) The scan has been done completely. 15347 Scanned directories 702204 Files were scanned 7 Viruses and/or unwanted programs were found 0 Files were classified as suspicious 0 files were deleted 0 Viruses and unwanted programs were repaired 5 Files were moved to quarantine 0 Files were renamed 3 Files cannot be scanned 702194 Files not concerned 15855 Archives were scanned 3 Warnings 5 Notes _____ After this the .exe error is still occuring. Upon booting in normal mode I did get the option to update AntiVir, so once I post this I'll update that and run another scan. If all works out with it and you want this information, I'll try to post it tomorrow before I go to work.
	to forum · permalink · 2011-12-18 03:34:13 ·
GreenLeoCat join:2008-03-13	My computer completely crashed during the update so I went back in normal mode to try to start the update again and this time the program didn't auto start so I can't open it due to the .exe error. Tried once more in safe mode, but again got an error.
	to forum · permalink · 2011-12-18 03:50:15 ·
LoPhatPhuud Premium,VIP,MVM join:2002-01-06 Albuquerque, NM kudos:23 Reviews: ·Comcast	reply to GreenLeoCat There are a couple of fixes for the exe issue but I believe your problem goes deeper than that. The best course of action is to reformat and re-install. However, if you want to pursue the exe fix, I am willing to try it. Note that the end result may still be to reformat. Post back and let me know what you want to do. -- When angry count four; when very angry, swear. Microsoft MVP/Consumer Security 2005-2011 Gladiator Security Forum
	to forum · permalink · 2011-12-18 11:30:18 ·
GreenLeoCat join:2008-03-13	I think I will just reformat... once I back up some pictures. I do have reformat disks burnt for this computer, so we're good there!
	to forum · permalink · 2011-12-18 23:13:19 ·
GreenLeoCat join:2008-03-13	The reformat went fine with zero problems! The first thing I did once it was up and running again was install Avast and set it so it's constantly running and updating. I do have one more question for you... can you point me to some free antivirus software for a mac? I was looking at Avast for mac... but it's listed as a beta program and I'm a bit wary of using it. As always I really do appreciate all your help!!! Text on a screen just can't seem to convey my thanks properly.
	to forum · permalink · 2011-12-19 17:03:08 ·
LoPhatPhuud Premium,VIP,MVM join:2002-01-06 Albuquerque, NM kudos:23 Reviews: ·Comcast	reply to GreenLeoCat I'm not that familiar with Mac software but Sophos has a free AV for Macs and the most recent Mac OS. check here: »www.sophos.com/en-us/products/fr···ion.aspx Good luck... -- When angry count four; when very angry, swear. Microsoft MVP/Consumer Security 2005-2011 Gladiator Security Forum
	to forum · permalink · 2011-12-19 19:11:25 ·
GreenLeoCat join:2008-03-13	A thousand thank yous! All three of the computers in our household are protected by some form of virus software... so hopefully you wont see me back here in the security clean up forum!
	to forum · permalink · 2011-12-19 20:19:55 ·
LoPhatPhuud Premium,VIP,MVM join:2002-01-06 Albuquerque, NM kudos:23	reply to GreenLeoCat Dont hesitate to post if you have questions.
	to forum · permalink · 2011-12-19 20:21:58 ·

Broadband Tech > Security > Security Cleanup > [Trojan] Possible Trojan/bot?