Jump to content


 

Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

A malware that disabled all my anti-virus plus URL redirect and slowed down computer

Started by Fredburst , Nov 13 2011 10:44 PM

  • This topic is locked This topic is locked
4 replies to this topic

#1 Fredburst

Fredburst

    New Member

  • Members
  • Pip
  • 3 posts

Posted 13 November 2011 - 10:44 PM

Hi, I am having trouble with my computer after I downloaded several video converters from CNET.com (xilisoft, ojosoft, videoconverter2000, winxfree flv converter, mpeg3000codec, flv 2011 converter and many several converters.)
My system is windows xp

Intel Dual Core 2
Genuine Intel [R] CPU
T2130 @ 1.86 GHz
1.49 GB of RAM


My system massively slowed down after I uninstalled several the flv converters. Then several weird unknown exe processes started running which I have never encountered before
HPQWMIEX.EXE
PDVDServ.exe
hkcmd.exe
QlbCtrl.exe
MSCORSVW.EXE
JQS.EXE
pctsGui.exe
wmiprvse.exe
vsnpstd3.exe
alg.exe
cmuupdater.exe
CTFMON.exe
igfxpers.exe

The exe processes stated above have never run on my computer and they were never on the processes but now they seem to have appeared.
I can not use google anymore because my google gets redirected.

I even got block by google because my computer is sending anonymous automated request via my computer. Weird isn't it?
I can not alt + tab because applications suddenly close down and crash.
ALL MY ANTI - VIRUS ARE UPDATED.

The malware also blocks any attempts of searching for anti - virus software and also halts spyware scans. I had to click on end process so that I can make my antivirus run but still it gives clean result.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:27:01 AM, on 11/14/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\PC Tools Security\pctsAuxs.exe
C:\Program Files\PC Tools Security\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Smart Bro\AssistantServices.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\PC Tools Security\pctsGui.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\SMART BRO\UIExec.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\SMART BRO\UIMain.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\Montenegro\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\WinZip\WZQKPICK32.EXE
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Program Files\SMART BRO\CMUpdater.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Documents and Settings\Montenegro\My Documents\tools\bitcometbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [4shared Update] "C:\Program Files\4shared Desktop\checkUpdate.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\PC Tools Security\pctsGui.exe" /hideGUI
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [UIExec] "C:\Program Files\SMART BRO\UIExec.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Montenegro\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Montenegro\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK32.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Documents and Settings\Montenegro\My Documents\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Documents and Settings\Montenegro\My Documents\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Download All using 4shared Desktop - C:\Program Files\4shared Desktop\down_all.htm
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Download using 4shared Desktop - C:\Program Files\4shared Desktop\down_link.htm
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Documents and Settings\Montenegro\My Documents\tools\bitcometbho.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} (Java Plug-in 1.6.0_23) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{10912E7D-81A4-4A2C-9C75-A40476AD270E}: NameServer = 121.1.3.168 121.1.3.250
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\PC Tools Security\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\PC Tools Security\pctsSvc.exe
O23 - Service: UI Assistant Service - Unknown owner - C:\Program Files\Smart Bro\AssistantServices.exe

--
End of file - 9016 bytes


This is my TDSS log file.

22:04:22.0171 3216 TDSS rootkit removing tool 2.6.18.0 Nov 11 2011 15:47:15
22:04:24.0171 3216 ============================================================
22:04:24.0171 3216 Current date / time: 2011/11/13 22:04:24.0171
22:04:24.0171 3216 SystemInfo:
22:04:24.0171 3216
22:04:24.0171 3216 OS Version: 5.1.2600 ServicePack: 3.0
22:04:24.0171 3216 Product type: Workstation
22:04:24.0171 3216 ComputerName: MAL
22:04:24.0171 3216 UserName: Montenegro
22:04:24.0171 3216 Windows directory: C:\WINDOWS
22:04:24.0171 3216 System windows directory: C:\WINDOWS
22:04:24.0171 3216 Processor architecture: Intel x86
22:04:24.0171 3216 Number of processors: 2
22:04:24.0171 3216 Page size: 0x1000
22:04:24.0171 3216 Boot type: Normal boot
22:04:24.0171 3216 ============================================================
22:04:26.0671 3216 Initialize success
22:04:39.0625 2008 ============================================================
22:04:39.0640 2008 Scan started
22:04:39.0640 2008 Mode: Manual; SigCheck; TDLFS;
22:04:39.0640 2008 ============================================================
22:04:40.0171 2008 Aavmker4 (95d1de2a6613494e853a9738d5d9acd4) C:\WINDOWS\system32\drivers\Aavmker4.sys
22:04:45.0562 2008 Aavmker4 - ok
22:04:45.0828 2008 Abiosdsk - ok
22:04:46.0015 2008 abp480n5 - ok
22:04:46.0156 2008 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:04:48.0390 2008 ACPI - ok
22:04:48.0656 2008 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
22:04:49.0000 2008 ACPIEC - ok
22:04:49.0218 2008 adpu160m - ok
22:04:49.0296 2008 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
22:04:49.0562 2008 aec - ok
22:04:49.0734 2008 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
22:04:49.0781 2008 AFD - ok
22:04:50.0000 2008 Aha154x - ok
22:04:50.0171 2008 aic78u2 - ok
22:04:50.0359 2008 aic78xx - ok
22:04:50.0546 2008 AliIde - ok
22:04:50.0718 2008 amsint - ok
22:04:50.0906 2008 asc - ok
22:04:51.0078 2008 asc3350p - ok
22:04:51.0250 2008 asc3550 - ok
22:04:51.0421 2008 aswFsBlk (c47623ffd181a1e7d63574dde2a0a711) C:\WINDOWS\system32\drivers\aswFsBlk.sys
22:04:51.0437 2008 aswFsBlk - ok
22:04:51.0500 2008 aswMon2 (fff2dbb17a3c89f87f78d5fa72ca47fd) C:\WINDOWS\system32\drivers\aswMon2.sys
22:04:51.0515 2008 aswMon2 - ok
22:04:51.0656 2008 aswRdr (36239e24470a3dd81fae37510953cc6c) C:\WINDOWS\system32\drivers\aswRdr.sys
22:04:51.0687 2008 aswRdr - ok
22:04:51.0843 2008 aswSnx (caa846e9c83836bdc3d2d700c678db65) C:\WINDOWS\system32\drivers\aswSnx.sys
22:04:51.0875 2008 aswSnx - ok
22:04:52.0109 2008 aswSP (748ae7f2d7da33adb063fe05704a9969) C:\WINDOWS\system32\drivers\aswSP.sys
22:04:52.0125 2008 aswSP - ok
22:04:52.0312 2008 aswTdi (ca9925ce1dbd07ffe1eb357752cf5577) C:\WINDOWS\system32\drivers\aswTdi.sys
22:04:52.0328 2008 aswTdi - ok
22:04:52.0406 2008 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:04:52.0656 2008 AsyncMac - ok
22:04:52.0765 2008 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
22:04:53.0046 2008 atapi - ok
22:04:53.0218 2008 Atdisk - ok
22:04:53.0328 2008 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:04:53.0593 2008 Atmarpc - ok
22:04:53.0765 2008 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
22:04:54.0031 2008 audstub - ok
22:04:54.0171 2008 BCM43XX (b89bcf0a25aeb3b47030ac83287f894a) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
22:04:54.0265 2008 BCM43XX - ok
22:04:54.0437 2008 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
22:04:54.0687 2008 Beep - ok
22:04:54.0906 2008 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
22:04:55.0203 2008 cbidf2k - ok
22:04:55.0375 2008 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
22:04:55.0640 2008 CCDECODE - ok
22:04:55.0859 2008 cd20xrnt - ok
22:04:56.0046 2008 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
22:04:56.0312 2008 Cdaudio - ok
22:04:56.0453 2008 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
22:04:56.0703 2008 Cdfs - ok
22:04:56.0796 2008 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:04:57.0062 2008 Cdrom - ok
22:04:57.0234 2008 Changer - ok
22:04:57.0281 2008 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
22:04:57.0546 2008 CmBatt - ok
22:04:57.0734 2008 CmdIde - ok
22:04:57.0828 2008 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
22:04:58.0109 2008 Compbatt - ok
22:04:58.0296 2008 Cpqarray - ok
22:04:58.0484 2008 dac2w2k - ok
22:04:58.0671 2008 dac960nt - ok
22:04:58.0765 2008 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
22:04:59.0031 2008 Disk - ok
22:04:59.0187 2008 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
22:04:59.0468 2008 dmboot - ok
22:04:59.0578 2008 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\DRIVERS\dmio.sys
22:04:59.0843 2008 dmio - ok
22:05:00.0000 2008 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
22:05:00.0265 2008 dmload - ok
22:05:00.0375 2008 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
22:05:00.0640 2008 DMusic - ok
22:05:00.0734 2008 dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
22:05:01.0015 2008 dot4 - ok
22:05:01.0093 2008 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
22:05:01.0343 2008 Dot4Print - ok
22:05:01.0406 2008 dot4usb (6ec3af6bb5b30e488a0c559921f012e1) C:\WINDOWS\system32\DRIVERS\dot4usb.sys
22:05:01.0671 2008 dot4usb - ok
22:05:01.0843 2008 dpti2o - ok
22:05:01.0953 2008 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
22:05:02.0218 2008 drmkaud - ok
22:05:02.0234 2008 DUMMYDISK - ok
22:05:02.0312 2008 E100B (6ca101f9aa3d845ba31f6e13c01301a8) C:\WINDOWS\system32\DRIVERS\e100b325.sys
22:05:02.0375 2008 E100B - ok
22:05:02.0531 2008 eabfiltr (a6476585b4fefee46a9f42e4d2bfdfa4) C:\WINDOWS\system32\DRIVERS\eabfiltr.sys
22:05:02.0593 2008 eabfiltr - ok
22:05:02.0734 2008 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
22:05:03.0000 2008 Fastfat - ok
22:05:03.0109 2008 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
22:05:03.0375 2008 Fdc - ok
22:05:03.0468 2008 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
22:05:03.0718 2008 Fips - ok
22:05:03.0796 2008 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
22:05:04.0046 2008 Flpydisk - ok
22:05:04.0171 2008 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
22:05:04.0437 2008 FltMgr - ok
22:05:05.0796 2008 FsUsbExDisk - ok
22:05:06.0015 2008 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:05:06.0265 2008 Fs_Rec - ok
22:05:06.0484 2008 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:05:06.0734 2008 Ftdisk - ok
22:05:06.0875 2008 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:05:07.0140 2008 Gpc - ok
22:05:07.0312 2008 HBtnKey (de15777902a5d9121857d155873a1d1b) C:\WINDOWS\system32\DRIVERS\cpqbttn.sys
22:05:07.0343 2008 HBtnKey - ok
22:05:07.0578 2008 HdAudAddService (08f0f83fdb49cdbcacf546971a660524) C:\WINDOWS\system32\drivers\CHDAud.sys
22:05:07.0656 2008 HdAudAddService - ok
22:05:07.0750 2008 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
22:05:07.0828 2008 HDAudBus - ok
22:05:07.0921 2008 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:05:08.0203 2008 HidUsb - ok
22:05:08.0375 2008 hpn - ok
22:05:08.0578 2008 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
22:05:08.0625 2008 HTTP - ok
22:05:08.0859 2008 hwdatacard - ok
22:05:09.0046 2008 i2omgmt - ok
22:05:09.0234 2008 i2omp - ok
22:05:09.0343 2008 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:05:09.0609 2008 i8042prt - ok
22:05:09.0718 2008 ialm (85d42b7f0dd406adf5e3ec7659a279ec) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
22:05:09.0828 2008 ialm - ok
22:05:09.0875 2008 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
22:05:10.0156 2008 Imapi - ok
22:05:10.0343 2008 ImmunetProtectDriver - ok
22:05:10.0531 2008 ImmunetSelfProtectDriver - ok
22:05:10.0703 2008 ini910u - ok
22:05:10.0796 2008 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
22:05:11.0078 2008 IntelIde - ok
22:05:11.0203 2008 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:05:11.0453 2008 intelppm - ok
22:05:11.0593 2008 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
22:05:11.0843 2008 Ip6Fw - ok
22:05:12.0046 2008 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:05:12.0312 2008 IpFilterDriver - ok
22:05:12.0453 2008 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:05:12.0703 2008 IpInIp - ok
22:05:12.0812 2008 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:05:13.0093 2008 IpNat - ok
22:05:13.0171 2008 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:05:13.0421 2008 IPSec - ok
22:05:13.0500 2008 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
22:05:13.0765 2008 IRENUM - ok
22:05:13.0859 2008 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:05:14.0125 2008 isapnp - ok
22:05:14.0203 2008 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:05:14.0468 2008 Kbdclass - ok
22:05:14.0546 2008 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
22:05:14.0796 2008 kbdhid - ok
22:05:14.0906 2008 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
22:05:15.0171 2008 kmixer - ok
22:05:15.0218 2008 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
22:05:15.0281 2008 KSecDD - ok
22:05:15.0468 2008 lbrtfdc - ok
22:05:15.0671 2008 massfilter (b4b8b993a83084ce25dc776965903ce7) C:\WINDOWS\system32\drivers\massfilter.sys
22:05:15.0703 2008 massfilter - ok
22:05:15.0921 2008 MBAMSwissArmy - ok
22:05:16.0109 2008 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
22:05:16.0375 2008 mnmdd - ok
22:05:16.0515 2008 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
22:05:16.0750 2008 Modem - ok
22:05:16.0828 2008 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:05:17.0093 2008 Mouclass - ok
22:05:17.0265 2008 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:05:17.0515 2008 mouhid - ok
22:05:17.0625 2008 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
22:05:17.0875 2008 MountMgr - ok
22:05:18.0062 2008 mraid35x - ok
22:05:18.0140 2008 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:05:18.0406 2008 MRxDAV - ok
22:05:18.0468 2008 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:05:18.0546 2008 MRxSmb - ok
22:05:18.0640 2008 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
22:05:18.0906 2008 Msfs - ok
22:05:18.0984 2008 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:05:19.0265 2008 MSKSSRV - ok
22:05:19.0359 2008 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:05:19.0609 2008 MSPCLOCK - ok
22:05:19.0687 2008 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
22:05:19.0937 2008 MSPQM - ok
22:05:20.0062 2008 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:05:20.0312 2008 mssmbios - ok
22:05:20.0468 2008 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
22:05:20.0734 2008 MSTEE - ok
22:05:20.0812 2008 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
22:05:20.0859 2008 Mup - ok
22:05:21.0015 2008 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
22:05:21.0281 2008 NABTSFEC - ok
22:05:21.0421 2008 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
22:05:21.0687 2008 NDIS - ok
22:05:21.0859 2008 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
22:05:22.0125 2008 NdisIP - ok
22:05:22.0296 2008 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:05:22.0328 2008 NdisTapi - ok
22:05:22.0390 2008 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:05:22.0640 2008 Ndisuio - ok
22:05:22.0750 2008 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:05:23.0000 2008 NdisWan - ok
22:05:23.0187 2008 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
22:05:23.0218 2008 NDProxy - ok
22:05:23.0281 2008 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
22:05:23.0531 2008 NetBIOS - ok
22:05:23.0562 2008 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
22:05:23.0843 2008 NetBT - ok
22:05:23.0921 2008 NetHook_ControlCenter - ok
22:05:23.0984 2008 NetHook_Interceptor - ok
22:05:24.0078 2008 NPF (b9730495e0cf674680121e34bd95a73b) C:\WINDOWS\system32\drivers\npf.sys
22:05:24.0093 2008 NPF - ok
22:05:24.0125 2008 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
22:05:24.0375 2008 Npfs - ok
22:05:24.0421 2008 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
22:05:24.0703 2008 Ntfs - ok
22:05:24.0906 2008 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
22:05:25.0187 2008 Null - ok
22:05:25.0375 2008 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:05:25.0625 2008 NwlnkFlt - ok
22:05:25.0843 2008 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:05:26.0093 2008 NwlnkFwd - ok
22:05:26.0187 2008 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
22:05:26.0453 2008 Parport - ok
22:05:26.0515 2008 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
22:05:26.0765 2008 PartMgr - ok
22:05:26.0937 2008 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
22:05:27.0203 2008 ParVdm - ok
22:05:27.0250 2008 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
22:05:27.0515 2008 PCI - ok
22:05:27.0687 2008 PCIDump - ok
22:05:27.0859 2008 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
22:05:28.0125 2008 PCIIde - ok
22:05:28.0218 2008 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
22:05:28.0500 2008 Pcmcia - ok
22:05:28.0687 2008 PCTCore (6ef125721a9f1f7dbf3229786f7decd0) C:\WINDOWS\system32\drivers\PCTCore.sys
22:05:28.0718 2008 PCTCore - ok
22:05:28.0937 2008 pctDS (f820b4c61d1e591325b679d479d4eea4) C:\WINDOWS\system32\drivers\pctDS.sys
22:05:28.0968 2008 pctDS - ok
22:05:29.0203 2008 pctEFA (acc8c15f3d59f17c5d903ff1de3b43d3) C:\WINDOWS\system32\drivers\pctEFA.sys
22:05:29.0250 2008 pctEFA - ok
22:05:29.0453 2008 PDCOMP - ok
22:05:29.0640 2008 PDFRAME - ok
22:05:29.0812 2008 PDRELI - ok
22:05:30.0000 2008 PDRFRAME - ok
22:05:30.0171 2008 perc2 - ok
22:05:30.0343 2008 perc2hib - ok
22:05:30.0406 2008 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:05:30.0671 2008 PptpMiniport - ok
22:05:30.0703 2008 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
22:05:30.0953 2008 PSched - ok
22:05:31.0125 2008 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:05:31.0390 2008 Ptilink - ok
22:05:31.0453 2008 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
22:05:31.0468 2008 PxHelp20 - ok
22:05:31.0640 2008 ql1080 - ok
22:05:31.0812 2008 Ql10wnt - ok
22:05:32.0000 2008 ql12160 - ok
22:05:32.0171 2008 ql1240 - ok
22:05:32.0359 2008 ql1280 - ok
22:05:32.0531 2008 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:05:32.0781 2008 RasAcd - ok
22:05:32.0875 2008 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:05:33.0140 2008 Rasl2tp - ok
22:05:33.0171 2008 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:05:33.0421 2008 RasPppoe - ok
22:05:33.0593 2008 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
22:05:33.0843 2008 Raspti - ok
22:05:33.0984 2008 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:05:34.0250 2008 Rdbss - ok
22:05:34.0421 2008 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:05:34.0671 2008 RDPCDD - ok
22:05:34.0828 2008 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:05:35.0093 2008 rdpdr - ok
22:05:35.0140 2008 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
22:05:35.0203 2008 RDPWD - ok
22:05:35.0250 2008 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
22:05:35.0500 2008 redbook - ok
22:05:35.0593 2008 rspndr (0e11b35e972796042044bc27ce13b065) C:\WINDOWS\system32\DRIVERS\rspndr.sys
22:05:35.0640 2008 rspndr - ok
22:05:35.0750 2008 SASDIFSV (4bfbb868c869a4f8486d4c36849d59cf) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
22:05:35.0765 2008 SASDIFSV - ok
22:05:35.0828 2008 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
22:05:35.0843 2008 SASKUTIL - ok
22:05:35.0953 2008 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:05:36.0218 2008 Secdrv - ok
22:05:36.0390 2008 Sentinel (cd8f847a75a974d7aa723a23dfb7d004) C:\WINDOWS\System32\Drivers\SENTINEL.SYS
22:05:36.0421 2008 Sentinel ( UnsignedFile.Multi.Generic ) - warning
22:05:36.0421 2008 Sentinel - detected UnsignedFile.Multi.Generic (1)
22:05:36.0484 2008 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
22:05:36.0750 2008 Serial - ok
22:05:36.0796 2008 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
22:05:37.0046 2008 Sfloppy - ok
22:05:37.0234 2008 Simbad - ok
22:05:37.0406 2008 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
22:05:37.0671 2008 SLIP - ok
22:05:38.0203 2008 SNPSTD3 (26fca4e65072df1f7d451249cea67455) C:\WINDOWS\system32\DRIVERS\snpstd3.sys
22:05:38.0781 2008 SNPSTD3 ( UnsignedFile.Multi.Generic ) - warning
22:05:38.0781 2008 SNPSTD3 - detected UnsignedFile.Multi.Generic (1)
22:05:39.0093 2008 Sparrow - ok
22:05:39.0171 2008 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
22:05:39.0437 2008 splitter - ok
22:05:39.0500 2008 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
22:05:39.0765 2008 sr - ok
22:05:39.0843 2008 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
22:05:39.0921 2008 Srv - ok
22:05:40.0046 2008 ss_bbus (eaa66218cd39f5bb1b4853a78c67c787) C:\WINDOWS\system32\DRIVERS\ss_bbus.sys
22:05:40.0062 2008 ss_bbus - ok
22:05:40.0203 2008 ss_bmdfl (91765f99914ed8693d8bc76524f21581) C:\WINDOWS\system32\DRIVERS\ss_bmdfl.sys
22:05:40.0218 2008 ss_bmdfl - ok
22:05:40.0406 2008 ss_bmdm (840e7b738b03c10ee91d9b7d3d6eff15) C:\WINDOWS\system32\DRIVERS\ss_bmdm.sys
22:05:40.0421 2008 ss_bmdm - ok
22:05:40.0656 2008 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
22:05:40.0921 2008 streamip - ok
22:05:41.0046 2008 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
22:05:41.0312 2008 swenum - ok
22:05:41.0375 2008 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
22:05:41.0640 2008 swmidi - ok
22:05:41.0812 2008 symc810 - ok
22:05:42.0000 2008 symc8xx - ok
22:05:42.0171 2008 sym_hi - ok
22:05:42.0359 2008 sym_u3 - ok
22:05:42.0421 2008 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
22:05:42.0687 2008 sysaudio - ok
22:05:42.0765 2008 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:05:42.0968 2008 Tcpip - ok
22:05:43.0046 2008 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
22:05:43.0312 2008 TDPIPE - ok
22:05:43.0375 2008 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
22:05:43.0640 2008 TDTCP - ok
22:05:43.0687 2008 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
22:05:43.0937 2008 TermDD - ok
22:05:44.0125 2008 TosIde - ok
22:05:44.0187 2008 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
22:05:44.0453 2008 Udfs - ok
22:05:44.0531 2008 UIUSys (0f90d3118d081a5c7780b2879e87a604) C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS
22:05:44.0546 2008 UIUSys ( UnsignedFile.Multi.Generic ) - warning
22:05:44.0546 2008 UIUSys - detected UnsignedFile.Multi.Generic (1)
22:05:44.0718 2008 ultra - ok
22:05:44.0890 2008 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
22:05:45.0171 2008 Update - ok
22:05:45.0203 2008 USBasFixed - ok
22:05:45.0375 2008 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
22:05:45.0640 2008 usbaudio - ok
22:05:45.0765 2008 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:05:46.0031 2008 usbccgp - ok
22:05:46.0109 2008 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:05:46.0375 2008 usbehci - ok
22:05:46.0468 2008 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:05:46.0703 2008 usbhub - ok
22:05:46.0750 2008 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:05:47.0000 2008 usbscan - ok
22:05:47.0046 2008 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:05:47.0312 2008 USBSTOR - ok
22:05:47.0375 2008 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:05:47.0640 2008 usbuhci - ok
22:05:47.0703 2008 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
22:05:47.0968 2008 VgaSave - ok
22:05:48.0140 2008 ViaIde - ok
22:05:48.0187 2008 VirtualFD - ok
22:05:48.0234 2008 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
22:05:48.0500 2008 VolSnap - ok
22:05:48.0546 2008 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:05:48.0796 2008 Wanarp - ok
22:05:48.0968 2008 WDICA - ok
22:05:49.0046 2008 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
22:05:49.0312 2008 wdmaud - ok
22:05:49.0453 2008 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
22:05:49.0703 2008 WmiAcpi - ok
22:05:49.0765 2008 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
22:05:49.0828 2008 WpdUsb - ok
22:05:50.0000 2008 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
22:05:50.0250 2008 WSTCODEC - ok
22:05:50.0359 2008 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
22:05:50.0406 2008 WudfPf - ok
22:05:50.0500 2008 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
22:05:50.0531 2008 WudfRd - ok
22:05:50.0703 2008 ZTEusbmdm6k (9bdd8c51c56be88b081e885085bd7286) C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys
22:05:50.0796 2008 ZTEusbmdm6k - ok
22:05:51.0015 2008 ZTEusbnmea (9bdd8c51c56be88b081e885085bd7286) C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys
22:05:51.0046 2008 ZTEusbnmea - ok
22:05:51.0218 2008 ZTEusbser6k (9bdd8c51c56be88b081e885085bd7286) C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys
22:05:51.0234 2008 ZTEusbser6k - ok
22:05:51.0468 2008 ZTEusbvoice (9bdd8c51c56be88b081e885085bd7286) C:\WINDOWS\system32\DRIVERS\ZTEusbvoice.sys
22:05:51.0500 2008 ZTEusbvoice - ok
22:05:51.0531 2008 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
22:05:51.0812 2008 \Device\Harddisk0\DR0 - ok
22:05:51.0812 2008 Boot (0x1200) (9f1c781bd110578ef65a3d8b7a7c39cd) \Device\Harddisk0\DR0\Partition0
22:05:51.0812 2008 \Device\Harddisk0\DR0\Partition0 - ok
22:05:51.0828 2008 Boot (0x1200) (e4620ea6870a4cb1cd6899f0d942b0d6) \Device\Harddisk0\DR0\Partition1
22:05:51.0828 2008 \Device\Harddisk0\DR0\Partition1 - ok
22:05:51.0828 2008 ============================================================
22:05:51.0828 2008 Scan finished
22:05:51.0828 2008 ============================================================
22:05:51.0937 1788 Detected object count: 3
22:05:51.0937 1788 Actual detected object count: 3
22:06:07.0734 1788 HKLM\SYSTEM\ControlSet003\services\Sentinel - will be deleted on reboot
22:06:07.0734 1788 HKLM\SYSTEM\ControlSet004\services\Sentinel - will be deleted on reboot
22:06:07.0734 1788 C:\WINDOWS\System32\Drivers\SENTINEL.SYS - will be deleted on reboot
22:06:07.0734 1788 Sentinel ( UnsignedFile.Multi.Generic ) - User select action: Delete
22:06:07.0734 1788 HKLM\SYSTEM\ControlSet003\services\SNPSTD3 - will be deleted on reboot
22:06:07.0734 1788 HKLM\SYSTEM\ControlSet004\services\SNPSTD3 - will be deleted on reboot
22:06:07.0750 1788 C:\WINDOWS\system32\DRIVERS\snpstd3.sys - will be deleted on reboot
22:06:07.0750 1788 SNPSTD3 ( UnsignedFile.Multi.Generic ) - User select action: Delete
22:06:07.0750 1788 HKLM\SYSTEM\ControlSet003\services\UIUSys - will be deleted on reboot
22:06:07.0750 1788 HKLM\SYSTEM\ControlSet004\services\UIUSys - will be deleted on reboot
22:06:07.0750 1788 C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS - will be deleted on reboot
22:06:07.0750 1788 UIUSys ( UnsignedFile.Multi.Generic ) - User select action: Delete
22:06:13.0031 2424 Deinitialize success


This is the complete list of the running processes in my computer.

Attached Files


Edited by Fredburst, 13 November 2011 - 10:49 PM.

 

  • BC Ads
  • BleepingComputer.com

#2 Fredburst

Fredburst

    New Member

  • Members
  • Pip
  • 3 posts

Posted 13 November 2011 - 11:12 PM

This is the log file created by an AVP anti virus.


?xml version="1.0" encoding="windows-1251" ?>
- <!-- AVZ XML Report
-->
- <AVZ Version="4.35" LogDate="13.11.2011 22:38:12" WinDir="C:\WINDOWS\" OS_MjVer="5" OS_MiVer="1" OS_Build="2600" BootMode="0" OS_CSDV="Service Pack 3" ProfileDir="C:\Documents and Settings\Montenegro" Session="Console" IsWow64="False" IsAdmin="True" IsSRDisabled="True" MainDBDate="12/30/1899" CompHash="0B1894F862D677E2EB10E90B7E721B53">
- <PROCESS>
<ITEM PID="1912" File="c:\program files\alwil software\avast5\avastsvc.exe" CheckResult="0" Descr="avast! Service" LegalCopyright="Copyright © 2011 AVAST Software" Hidden="0" CmdLine=""C:\Program Files\Alwil Software\Avast5\AvastSvc.exe"" Size="44768" Attr="rsAh" CreateDate="03.04.2010 20:33:03" ChageDate="07.09.2011 04:45:28" MD5="C76769F246250EDAD34A5581419E9D60" />
<ITEM PID="2984" File="c:\program files\superantispyware\superantispyware.exe" CheckResult="0" Descr="SUPERAntiSpyware Application" LegalCopyright="Copyright © 2005-2011 by SUPERAntiSpyware.com and SUPERAdBlocker.com" Hidden="0" CmdLine=""C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"" Size="2424192" Attr="rsAh" CreateDate="30.06.2011 21:50:31" ChageDate="30.06.2011 21:50:32" MD5="760C4453663248C596E80DF34FB8CC85" />
</PROCESS>
- <DLL>
<ITEM File="C:\Program Files\Alwil Software\Avast5\defs\11111300\algo.dll" CheckResult="-1" Descr="" LegalCopyright="" UsedBy="1912" Hidden="0" Size="1614336" Attr="rsAh" CreateDate="13.11.2011 21:29:07" ChageDate="13.11.2011 17:11:42" MD5="4E4716BAA7FA5F3306FDE854BC4E96A9" />
<ITEM File="C:\Documents and Settings\Montenegro\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll" CheckResult="-1" Descr="" LegalCopyright="" UsedBy="2984" Hidden="0" Size="52736" Attr="rsAh" CreateDate="23.08.2011 01:16:23" ChageDate="13.11.2011 22:11:04" MD5="DB4B28B8F25B3A2548B947A42B2DF3B3" />
</DLL>
- <KERNELOBJ>
<ITEM File="17569513.sys" CheckResult="-1" Base="B9F91000" MemSize="016000" Descr="" LegalCopyright="" />
<ITEM File="C:\WINDOWS\System32\Drivers\dump_atapi.sys" CheckResult="-1" Base="A9357000" MemSize="018000" Descr="" LegalCopyright="" />
<ITEM File="C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS" CheckResult="-1" Base="BA5C4000" MemSize="002000" Descr="" LegalCopyright="" />
</KERNELOBJ>
- <Service>
<ITEM File="NAIMServInst.sys" Name="NAIMServInst" CheckResult="-1" Type="272" State="1" />
</Service>
- <Drivers>
<ITEM File="Abiosdsk.sys" Name="Abiosdsk" CheckResult="-1" Type="1" State="1" />
<ITEM File="abp480n5.sys" Name="abp480n5" CheckResult="-1" Type="1" State="1" />
<ITEM File="adpu160m.sys" Name="adpu160m" CheckResult="-1" Type="1" State="1" />
<ITEM File="Aha154x.sys" Name="Aha154x" CheckResult="-1" Type="1" State="1" />
<ITEM File="aic78u2.sys" Name="aic78u2" CheckResult="-1" Type="1" State="1" />
<ITEM File="aic78xx.sys" Name="aic78xx" CheckResult="-1" Type="1" State="1" />
<ITEM File="AliIde.sys" Name="AliIde" CheckResult="-1" Type="1" State="1" />
<ITEM File="amsint.sys" Name="amsint" CheckResult="-1" Type="1" State="1" />
<ITEM File="asc.sys" Name="asc" CheckResult="-1" Type="1" State="1" />
<ITEM File="asc3350p.sys" Name="asc3350p" CheckResult="-1" Type="1" State="1" />
<ITEM File="asc3550.sys" Name="asc3550" CheckResult="-1" Type="1" State="1" />
<ITEM File="Atdisk.sys" Name="Atdisk" CheckResult="-1" Type="1" State="1" />
<ITEM File="cd20xrnt.sys" Name="cd20xrnt" CheckResult="-1" Type="1" State="1" />
<ITEM File="Changer.sys" Name="Changer" CheckResult="-1" Type="1" State="1" />
<ITEM File="CmdIde.sys" Name="CmdIde" CheckResult="-1" Type="1" State="1" />
<ITEM File="Cpqarray.sys" Name="Cpqarray" CheckResult="-1" Type="1" State="1" />
<ITEM File="dac960nt.sys" Name="dac960nt" CheckResult="-1" Type="1" State="1" />
<ITEM File="dpti2o.sys" Name="dpti2o" CheckResult="-1" Type="1" State="1" />
<ITEM File="C:\WinSetupFromUSB\files\MULTIpartitionUSBstick\dummydisk.sys" Name="DUMMYDISK" CheckResult="-1" Type="1" State="1" />
<ITEM File="C:\WINDOWS\system32\FsUsbExDisk.SYS" Name="FsUsbExDisk" CheckResult="-1" Type="1" State="1" />
<ITEM File="hpn.sys" Name="hpn" CheckResult="-1" Type="1" State="1" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys" Name="hwdatacard" CheckResult="-1" Type="1" State="1" />
<ITEM File="i2omgmt.sys" Name="i2omgmt" CheckResult="-1" Type="1" State="1" />
<ITEM File="i2omp.sys" Name="i2omp" CheckResult="-1" Type="1" State="1" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\ImmunetProtect.sys" Name="ImmunetProtectDriver" CheckResult="-1" Type="2" State="1" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\ImmunetSelfProtect.sys" Name="ImmunetSelfProtectDriver" CheckResult="-1" Type="2" State="1" />
<ITEM File="ini910u.sys" Name="ini910u" CheckResult="-1" Type="1" State="1" />
<ITEM File="lbrtfdc.sys" Name="lbrtfdc" CheckResult="-1" Type="1" State="1" />
<ITEM File="C:\WINDOWS\system32\drivers\mbamswissarmy.sys" Name="MBAMSwissArmy" CheckResult="-1" Type="1" State="1" />
<ITEM File="mraid35x.sys" Name="mraid35x" CheckResult="-1" Type="1" State="1" />
<ITEM File="C:\Program Files\PingFu Iris\ControlCenter.sys" Name="NetHook_ControlCenter" CheckResult="-1" Type="1" State="1" />
<ITEM File="C:\Program Files\PingFu Iris\Interceptor.sys" Name="NetHook_Interceptor" CheckResult="-1" Type="1" State="1" />
<ITEM File="PCIDump.sys" Name="PCIDump" CheckResult="-1" Type="1" State="1" />
<ITEM File="PDCOMP.sys" Name="PDCOMP" CheckResult="-1" Type="1" State="1" />
<ITEM File="PDFRAME.sys" Name="PDFRAME" CheckResult="-1" Type="1" State="1" />
<ITEM File="PDRELI.sys" Name="PDRELI" CheckResult="-1" Type="1" State="1" />
<ITEM File="PDRFRAME.sys" Name="PDRFRAME" CheckResult="-1" Type="1" State="1" />
<ITEM File="perc2.sys" Name="perc2" CheckResult="-1" Type="1" State="1" />
<ITEM File="perc2hib.sys" Name="perc2hib" CheckResult="-1" Type="1" State="1" />
<ITEM File="ql1080.sys" Name="ql1080" CheckResult="-1" Type="1" State="1" />
<ITEM File="Ql10wnt.sys" Name="Ql10wnt" CheckResult="-1" Type="1" State="1" />
<ITEM File="ql12160.sys" Name="ql12160" CheckResult="-1" Type="1" State="1" />
<ITEM File="ql1240.sys" Name="ql1240" CheckResult="-1" Type="1" State="1" />
<ITEM File="ql1280.sys" Name="ql1280" CheckResult="-1" Type="1" State="1" />
<ITEM File="Simbad.sys" Name="Simbad" CheckResult="-1" Type="1" State="1" />
<ITEM File="Sparrow.sys" Name="Sparrow" CheckResult="-1" Type="1" State="1" />
<ITEM File="sym_hi.sys" Name="sym_hi" CheckResult="-1" Type="1" State="1" />
<ITEM File="sym_u3.sys" Name="sym_u3" CheckResult="-1" Type="1" State="1" />
<ITEM File="symc810.sys" Name="symc810" CheckResult="-1" Type="1" State="1" />
<ITEM File="symc8xx.sys" Name="symc8xx" CheckResult="-1" Type="1" State="1" />
<ITEM File="TosIde.sys" Name="TosIde" CheckResult="-1" Type="1" State="1" />
<ITEM File="ultra.sys" Name="ultra" CheckResult="-1" Type="1" State="1" />
<ITEM File="C:\WinSetupFromUSB\files\MULTIpartitionUSBstick\dummydisk.sys" Name="USBasFixed" CheckResult="-1" Type="1" State="1" />
<ITEM File="ViaIde.sys" Name="ViaIde" CheckResult="-1" Type="1" State="1" />
<ITEM File="C:\downloads\vfd21-080206\vfd.sys" Name="VirtualFD" CheckResult="-1" Type="1" State="1" />
<ITEM File="WDICA.sys" Name="WDICA" CheckResult="-1" Type="1" State="1" />
</Drivers>
- <AUTORUN>
<ITEM File="C:\Documents and Settings\Montenegro\Local Settings\Temp\_uninst_52959817.bat" CheckResult="-1" Enabled="1" Type="LNK" Size="355" Attr="rsAh" CreateDate="13.11.2011 22:30:00" ChageDate="13.11.2011 22:30:04" MD5="4A8B5ACCC6251763713D11B9362C3CCA" X1="C:\Documents and Settings\Montenegro\Start Menu\Programs\Startup\" X2="C:\Documents and Settings\Montenegro\Start Menu\Programs\Startup\_uninst_52959817.lnk" X3="" />
<ITEM File="C:\Documents and Settings\Montenegro\Local Settings\Temp\{CD3EA7D4-88B9-4455-B219-2D237CBACBD3}\fsgk.sys" CheckResult="-1" Enabled="-1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\F-Secure Gatekeeper" X3="EventMessageFile" />
<ITEM File="C:\Program Files\Bonjour\mDNSResponder.exe" CheckResult="-1" Enabled="-1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\Application\Bonjour Service" X3="EventMessageFile" />
<ITEM File="C:\Program Files\WinRAR\rarext.dll" CheckResult="-1" Enabled="1" Type="REG" Size="128512" Attr="rsAh" CreateDate="01.09.2007 11:09:33" ChageDate="09.02.2007 17:35:06" MD5="BE35744D79EC3606F0A927FADCEE9E55" X1="HKEY_LOCAL_MACHINE" X2="Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" X3="{B41DB860-8EE4-11D2-9906-E49FADC173CA}" />
<ITEM File="C:\Program Files\Windows Media Player\WMPNetwk.exe" CheckResult="-1" Enabled="-1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\WMPNetworkSvc" X3="EventMessageFile" />
<ITEM File="C:\WINDOWS\System32\Drivers\AliIde.sys" CheckResult="-1" Enabled="-1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\aliide" X3="EventMessageFile" />
<ITEM File="C:\WINDOWS\System32\Drivers\CmdIde.sys" CheckResult="-1" Enabled="-1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\cmdide" X3="EventMessageFile" />
<ITEM File="C:\WINDOWS\System32\Drivers\TosIde.sys" CheckResult="-1" Enabled="-1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\toside" X3="EventMessageFile" />
<ITEM File="C:\WINDOWS\System32\Drivers\ViaIde.sys" CheckResult="-1" Enabled="-1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\viaide" X3="EventMessageFile" />
<ITEM File="C:\WINDOWS\System32\Drivers\lbrtfdc.sys" CheckResult="-1" Enabled="-1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\lbrtfdc" X3="EventMessageFile" />
<ITEM File="C:\WINDOWS\System32\drivers\SynTP.sys" CheckResult="-1" Enabled="-1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\SynTP" X3="EventMessageFile" />
<ITEM File="C:\WINDOWS\System32\igmpv2.dll" CheckResult="-1" Enabled="-1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\IGMPv2" X3="EventMessageFile" />
<ITEM File="C:\WINDOWS\System32\ipbootp.dll" CheckResult="-1" Enabled="-1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\IPBOOTP" X3="EventMessageFile" />
<ITEM File="C:\WINDOWS\System32\iprip2.dll" CheckResult="-1" Enabled="-1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\IPRIP2" X3="EventMessageFile" />
<ITEM File="C:\WINDOWS\System32\ospf.dll" CheckResult="-1" Enabled="-1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\OSPF" X3="EventMessageFile" />
<ITEM File="C:\WINDOWS\System32\ospfmib.dll" CheckResult="-1" Enabled="-1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\OSPFMib" X3="EventMessageFile" />
<ITEM File="C:\WINDOWS\System32\polagent.dll" CheckResult="-1" Enabled="-1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\PolicyAgent" X3="EventMessageFile" />
<ITEM File="C:\WINDOWS\System32\tssdis.exe" CheckResult="-1" Enabled="-1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\TermServSessDir" X3="EventMessageFile" />
<ITEM File="C:\WINDOWS\system32\KB905474\wgasetup.exe" CheckResult="-1" Enabled="-1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\Application\WgaSetup" X3="EventMessageFile" />
<ITEM File="C:\WINDOWS\system32\MsSip1.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\WinTrust\SubjectPackages\MS Subjects 1" X3="$DLL" />
<ITEM File="C:\WINDOWS\system32\MsSip2.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\WinTrust\SubjectPackages\MS Subjects 2" X3="$DLL" />
<ITEM File="C:\WINDOWS\system32\MsSip3.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\WinTrust\SubjectPackages\MS Subjects 3" X3="$DLL" />
<ITEM File="C:\WINDOWS\system32\psxss.exe" CheckResult="-1" Enabled="-1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="System\CurrentControlSet\Control\Session Manager\SubSystems" X3="Posix" />
<ITEM File="C:\WINDOWS\system32\stisvc.exe" CheckResult="-1" Enabled="-1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System" X3="EventMessageFile" />
<ITEM File="SDEvents.dll" CheckResult="-1" Enabled="-1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\Application\Spybot - Search & Destroy 2" X3="EventMessageFile" />
<ITEM File="icardres.dll.mui" CheckResult="-1" Enabled="-1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\Application\CardSpace 4.0.0.0" X3="EventMessageFile" />
<ITEM File="kbd101a.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\i8042prt\Parameters" X3="LayerDriver KOR" />
<ITEM File="mvfs32.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_USERS" X2=".DEFAULT\Control Panel\IOProcs" X3="MVB" />
<ITEM File="mvfs32.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_USERS" X2="S-1-5-19\Control Panel\IOProcs" X3="MVB" />
<ITEM File="mvfs32.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_USERS" X2="S-1-5-20\Control Panel\IOProcs" X3="MVB" />
<ITEM File="mvfs32.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_USERS" X2="S-1-5-18\Control Panel\IOProcs" X3="MVB" />
<ITEM File="mvfs32.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_USERS" X2="S-1-5-21-1085031214-1614895754-1801674531-1003\Control Panel\IOProcs" X3="MVB" />
<ITEM File="vgafix.fon" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="Software\Microsoft\Windows NT\CurrentVersion\WOW\boot" X3="fixedfon.fon" />
<ITEM File="vgaoem.fon" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="Software\Microsoft\Windows NT\CurrentVersion\WOW\boot" X3="oemfonts.fon" />
<ITEM File="vgasys.fon" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="Software\Microsoft\Windows NT\CurrentVersion\WOW\boot" X3="fonts.fon" />
</AUTORUN>
- <BHO>
<ITEM File="res:\C:\Documents and Settings\Montenegro\My Documents\tools\bitcometbho.dll/206" CheckResult="-1" Enabled="1" BHOType="3" RegKey="HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions" CLSID="{D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" BHOType="3" RegKey="HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions" CLSID="{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}" Descr="" LegalCopyright="" />
</BHO>
- <ExplorerExt>
<ITEM File="" CheckResult="-1" Enabled="1" ExtType="1" ExtName="Display Panning CPL Extension" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{42071714-76d4-11d1-8b24-00a0c9068ff3}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtType="1" ExtName="Shell extensions for file compression" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{764BF0E1-F219-11ce-972D-00AA00A14F56}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtType="1" ExtName="Encryption Context Menu" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtType="1" ExtName="Taskbar and Start Menu" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{0DF44EAA-FF21-4412-828E-260A8728E7F1}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtType="1" ExtName="User Accounts" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{7A9D77BD-5403-11d2-8785-2E0420524153}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtType="1" ExtName="Synaptics Control Panel" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{2F603045-309F-11CF-9774-0020AFD0CFF6}" Descr="" LegalCopyright="" />
<ITEM File="C:\Program Files\WinRAR\rarext.dll" CheckResult="-1" Enabled="1" ExtType="1" ExtName="WinRAR shell extension" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{B41DB860-8EE4-11D2-9906-E49FADC173CA}" Descr="" LegalCopyright="" Size="128512" Attr="rsAh" CreateDate="01.09.2007 11:09:33" ChageDate="09.02.2007 17:35:06" MD5="BE35744D79EC3606F0A927FADCEE9E55" />
</ExplorerExt>
<PrintEXT />
- <TaskScheduler>
<ITEM File="C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe" CheckResult="-1" Enabled="47339104" Descr="" LegalCopyright="" />
<ITEM File="C:\Program Files\Real\RealUpgrade\realupgrade.exe" CheckResult="-1" Enabled="47339104" Descr="" LegalCopyright="" />
<ITEM File="C:\Program Files\Real\RealUpgrade\realupgrade.exe" CheckResult="-1" Enabled="47339104" Descr="" LegalCopyright="" />
<ITEM File="C:\Program Files\IObit\Advanced SystemCare 4\PMonitor.exe" CheckResult="-1" Enabled="47339104" Descr="" LegalCopyright="" />
</TaskScheduler>
- <SPI>
<ITEM File="C:\WINDOWS\System32\mswsock.dll" CheckResult="-1" SPIType="1" SPINaim="Tcpip" Descr="Microsoft Windows Sockets 2.0 Service Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="245248" Attr="rsAh" CreateDate="03.08.2004 16:56:46" ChageDate="21.06.2008 00:02:48" MD5="943337D786A56729263071623BBB9DE5" />
<ITEM File="C:\WINDOWS\System32\winrnr.dll" CheckResult="-1" SPIType="1" SPINaim="NTDS" Descr="LDAP RnR Provider DLL" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="16896" Attr="rsAh" CreateDate="03.08.2004 16:56:48" ChageDate="14.04.2008 05:42:10" MD5="D72B9EC3337B247A666F098F3D6B43DE" />
<ITEM File="C:\WINDOWS\System32\mswsock.dll" CheckResult="-1" SPIType="1" SPINaim="Network Location Awareness (NLA) Namespace" Descr="Microsoft Windows Sockets 2.0 Service Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="245248" Attr="rsAh" CreateDate="03.08.2004 16:56:46" ChageDate="21.06.2008 00:02:48" MD5="943337D786A56729263071623BBB9DE5" />
<ITEM File="C:\WINDOWS\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="MSAFD Tcpip [TCP/IP]" Descr="Microsoft Windows Sockets 2.0 Service Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="245248" Attr="rsAh" CreateDate="03.08.2004 16:56:46" ChageDate="21.06.2008 00:02:48" MD5="943337D786A56729263071623BBB9DE5" />
<ITEM File="C:\WINDOWS\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="MSAFD Tcpip [UDP/IP]" Descr="Microsoft Windows Sockets 2.0 Service Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="245248" Attr="rsAh" CreateDate="03.08.2004 16:56:46" ChageDate="21.06.2008 00:02:48" MD5="943337D786A56729263071623BBB9DE5" />
<ITEM File="C:\WINDOWS\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="MSAFD Tcpip [RAW/IP]" Descr="Microsoft Windows Sockets 2.0 Service Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="245248" Attr="rsAh" CreateDate="03.08.2004 16:56:46" ChageDate="21.06.2008 00:02:48" MD5="943337D786A56729263071623BBB9DE5" />
<ITEM File="C:\WINDOWS\system32\rsvpsp.dll" CheckResult="-1" SPIType="3" SPINaim="RSVP UDP Service Provider" Descr="Microsoft Windows Rsvp 1.0 Service Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="92672" Attr="rsAh" CreateDate="23.08.2001 15:00:00" ChageDate="14.04.2008 05:42:06" MD5="72451FD61DDBB0A1FB071B7C3CDE5594" />
<ITEM File="C:\WINDOWS\system32\rsvpsp.dll" CheckResult="-1" SPIType="3" SPINaim="RSVP TCP Service Provider" Descr="Microsoft Windows Rsvp 1.0 Service Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="92672" Attr="rsAh" CreateDate="23.08.2001 15:00:00" ChageDate="14.04.2008 05:42:06" MD5="72451FD61DDBB0A1FB071B7C3CDE5594" />
<ITEM File="C:\WINDOWS\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="MSAFD NetBIOS [\Device\NetBT_Tcpip_{1900B22F-7FD4-4F7E-AF30-777303566F1D}] SEQPACKET 6" Descr="Microsoft Windows Sockets 2.0 Service Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="245248" Attr="rsAh" CreateDate="03.08.2004 16:56:46" ChageDate="21.06.2008 00:02:48" MD5="943337D786A56729263071623BBB9DE5" />
<ITEM File="C:\WINDOWS\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="MSAFD NetBIOS [\Device\NetBT_Tcpip_{1900B22F-7FD4-4F7E-AF30-777303566F1D}] DATAGRAM 6" Descr="Microsoft Windows Sockets 2.0 Service Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="245248" Attr="rsAh" CreateDate="03.08.2004 16:56:46" ChageDate="21.06.2008 00:02:48" MD5="943337D786A56729263071623BBB9DE5" />
<ITEM File="C:\WINDOWS\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="MSAFD NetBIOS [\Device\NetBT_Tcpip_{FDBE509E-15C1-42E6-8AEB-B0C3F6D3DC71}] SEQPACKET 0" Descr="Microsoft Windows Sockets 2.0 Service Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="245248" Attr="rsAh" CreateDate="03.08.2004 16:56:46" ChageDate="21.06.2008 00:02:48" MD5="943337D786A56729263071623BBB9DE5" />
<ITEM File="C:\WINDOWS\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="MSAFD NetBIOS [\Device\NetBT_Tcpip_{FDBE509E-15C1-42E6-8AEB-B0C3F6D3DC71}] DATAGRAM 0" Descr="Microsoft Windows Sockets 2.0 Service Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="245248" Attr="rsAh" CreateDate="03.08.2004 16:56:46" ChageDate="21.06.2008 00:02:48" MD5="943337D786A56729263071623BBB9DE5" />
<ITEM File="C:\WINDOWS\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="MSAFD NetBIOS [\Device\NetBT_Tcpip_{C9577CB9-C9C3-4A7B-BAB8-0D2921440F6F}] SEQPACKET 1" Descr="Microsoft Windows Sockets 2.0 Service Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="245248" Attr="rsAh" CreateDate="03.08.2004 16:56:46" ChageDate="21.06.2008 00:02:48" MD5="943337D786A56729263071623BBB9DE5" />
<ITEM File="C:\WINDOWS\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="MSAFD NetBIOS [\Device\NetBT_Tcpip_{C9577CB9-C9C3-4A7B-BAB8-0D2921440F6F}] DATAGRAM 1" Descr="Microsoft Windows Sockets 2.0 Service Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="245248" Attr="rsAh" CreateDate="03.08.2004 16:56:46" ChageDate="21.06.2008 00:02:48" MD5="943337D786A56729263071623BBB9DE5" />
<ITEM File="C:\WINDOWS\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="MSAFD NetBIOS [\Device\NetBT_Tcpip_{FFEDBB7E-EB19-4ED5-B123-733866FF0079}] SEQPACKET 2" Descr="Microsoft Windows Sockets 2.0 Service Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="245248" Attr="rsAh" CreateDate="03.08.2004 16:56:46" ChageDate="21.06.2008 00:02:48" MD5="943337D786A56729263071623BBB9DE5" />
<ITEM File="C:\WINDOWS\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="MSAFD NetBIOS [\Device\NetBT_Tcpip_{FFEDBB7E-EB19-4ED5-B123-733866FF0079}] DATAGRAM 2" Descr="Microsoft Windows Sockets 2.0 Service Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="245248" Attr="rsAh" CreateDate="03.08.2004 16:56:46" ChageDate="21.06.2008 00:02:48" MD5="943337D786A56729263071623BBB9DE5" />
<ITEM File="C:\WINDOWS\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="MSAFD NetBIOS [\Device\NetBT_Tcpip_{5568B0C4-11E0-4AE3-A973-636941006397}] SEQPACKET 3" Descr="Microsoft Windows Sockets 2.0 Service Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="245248" Attr="rsAh" CreateDate="03.08.2004 16:56:46" ChageDate="21.06.2008 00:02:48" MD5="943337D786A56729263071623BBB9DE5" />
<ITEM File="C:\WINDOWS\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="MSAFD NetBIOS [\Device\NetBT_Tcpip_{5568B0C4-11E0-4AE3-A973-636941006397}] DATAGRAM 3" Descr="Microsoft Windows Sockets 2.0 Service Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="245248" Attr="rsAh" CreateDate="03.08.2004 16:56:46" ChageDate="21.06.2008 00:02:48" MD5="943337D786A56729263071623BBB9DE5" />
<ITEM File="C:\WINDOWS\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="MSAFD NetBIOS [\Device\NetBT_Tcpip_{0F00CA5A-907E-4723-9744-C9F83268B56A}] SEQPACKET 4" Descr="Microsoft Windows Sockets 2.0 Service Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="245248" Attr="rsAh" CreateDate="03.08.2004 16:56:46" ChageDate="21.06.2008 00:02:48" MD5="943337D786A56729263071623BBB9DE5" />
<ITEM File="C:\WINDOWS\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="MSAFD NetBIOS [\Device\NetBT_Tcpip_{0F00CA5A-907E-4723-9744-C9F83268B56A}] DATAGRAM 4" Descr="Microsoft Windows Sockets 2.0 Service Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="245248" Attr="rsAh" CreateDate="03.08.2004 16:56:46" ChageDate="21.06.2008 00:02:48" MD5="943337D786A56729263071623BBB9DE5" />
<ITEM File="C:\WINDOWS\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="MSAFD NetBIOS [\Device\NetBT_Tcpip_{10912E7D-81A4-4A2C-9C75-A40476AD270E}] SEQPACKET 5" Descr="Microsoft Windows Sockets 2.0 Service Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="245248" Attr="rsAh" CreateDate="03.08.2004 16:56:46" ChageDate="21.06.2008 00:02:48" MD5="943337D786A56729263071623BBB9DE5" />
<ITEM File="C:\WINDOWS\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="MSAFD NetBIOS [\Device\NetBT_Tcpip_{10912E7D-81A4-4A2C-9C75-A40476AD270E}] DATAGRAM 5" Descr="Microsoft Windows Sockets 2.0 Service Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="245248" Attr="rsAh" CreateDate="03.08.2004 16:56:46" ChageDate="21.06.2008 00:02:48" MD5="943337D786A56729263071623BBB9DE5" />
</SPI>
- <DPF>
<ITEM File="" CheckResult="-1" Enabled="1" RegKey="SOFTWARE\Microsoft\Code Store Database\Distribution Units" CLSID="{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" CodeBase="http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab" Descr="" LegalCopyright="" />
</DPF>
<CPL />
<ActiveSetup />
- <HOSTS>
<ITEM Line="127.0.0.1 localhost" />
</HOSTS>
- <ProtocolExt>
<ITEM File="mscoree.dll" CheckResult="-1" Enabled="1" RegKey="SOFTWARE\Classes\PROTOCOLS\Filter\application/octet-stream" CLSID="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}" Descr="Microsoft .NET Runtime Execution Engine" LegalCopyright="© Microsoft Corporation. All rights reserved." />
<ITEM File="mscoree.dll" CheckResult="-1" Enabled="1" RegKey="SOFTWARE\Classes\PROTOCOLS\Filter\application/x-complus" CLSID="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}" Descr="Microsoft .NET Runtime Execution Engine" LegalCopyright="© Microsoft Corporation. All rights reserved." />
<ITEM File="mscoree.dll" CheckResult="-1" Enabled="1" RegKey="SOFTWARE\Classes\PROTOCOLS\Filter\application/x-msdownload" CLSID="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}" Descr="Microsoft .NET Runtime Execution Engine" LegalCopyright="© Microsoft Corporation. All rights reserved." />
</ProtocolExt>
- <SuspFiles>
<ITEM File="C:\WINDOWS\System32\Drivers\aswSnx.SYS" VirType="4" Descr="Kernel-mode hook" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\7817888drv.sys" VirType="4" Descr="Kernel-mode hook" />
<ITEM File="C:\WINDOWS\System32\Drivers\aswSP.SYS" VirType="4" Descr="Kernel-mode hook" />
<ITEM File="C:\WINDOWS\system32\Drivers\PCTCore.sys" VirType="4" Descr="Kernel-mode hook" />
<ITEM File="\SystemRoot\system32\DRIVERS\7817888drv.sys" VirType="4" Descr="Kernel-mode hook" />
<ITEM File="\SystemRoot\System32\Drivers\aswSP.SYS" VirType="4" Descr="Kernel-mode hook" />
</SuspFiles>
- <RK_UM>
<ITEM DLL="ntdll.dll" FNaim="NtClose" FIndx="103" HookPtr="7C90CFEE" HookType="2" />
<ITEM DLL="ntdll.dll" FNaim="NtCreateFile" FIndx="115" HookPtr="7C90D0AE" HookType="2" />
<ITEM DLL="ntdll.dll" FNaim="NtCreateKey" FIndx="119" HookPtr="7C90D0EE" HookType="2" />
<ITEM DLL="ntdll.dll" FNaim="NtCreateSection" FIndx="129" HookPtr="7C90D17E" HookType="2" />
<ITEM DLL="ntdll.dll" FNaim="NtDeleteKey" FIndx="143" HookPtr="7C90D24E" HookType="2" />
<ITEM DLL="ntdll.dll" FNaim="NtDeleteValueKey" FIndx="145" HookPtr="7C90D26E" HookType="2" />
<ITEM DLL="ntdll.dll" FNaim="NtRenameKey" FIndx="275" HookPtr="7C90DA5E" HookType="2" />
<ITEM DLL="ntdll.dll" FNaim="NtSetInformationFile" FIndx="307" HookPtr="7C90DC5E" HookType="2" />
<ITEM DLL="ntdll.dll" FNaim="NtSetValueKey" FIndx="330" HookPtr="7C90DDCE" HookType="2" />
<ITEM DLL="ntdll.dll" FNaim="NtTerminateProcess" FIndx="340" HookPtr="7C90DE6E" HookType="2" />
<ITEM DLL="ntdll.dll" FNaim="NtWriteFile" FIndx="358" HookPtr="7C90DF7E" HookType="2" />
<ITEM DLL="ntdll.dll" FNaim="NtWriteFileGather" FIndx="359" HookPtr="7C90DF8E" HookType="2" />
<ITEM DLL="ntdll.dll" FNaim="NtWriteVirtualMemory" FIndx="361" HookPtr="7C90DFAE" HookType="2" />
<ITEM DLL="ntdll.dll" FNaim="ZwClose" FIndx="921" HookPtr="7C90CFEE" HookType="2" />
<ITEM DLL="ntdll.dll" FNaim="ZwCreateFile" FIndx="933" HookPtr="7C90D0AE" HookType="2" />
<ITEM DLL="ntdll.dll" FNaim="ZwCreateKey" FIndx="937" HookPtr="7C90D0EE" HookType="2" />
<ITEM DLL="ntdll.dll" FNaim="ZwCreateSection" FIndx="947" HookPtr="7C90D17E" HookType="2" />
<ITEM DLL="ntdll.dll" FNaim="ZwDeleteKey" FIndx="960" HookPtr="7C90D24E" HookType="2" />
<ITEM DLL="ntdll.dll" FNaim="ZwDeleteValueKey" FIndx="962" HookPtr="7C90D26E" HookType="2" />
<ITEM DLL="ntdll.dll" FNaim="ZwRenameKey" FIndx="1092" HookPtr="7C90DA5E" HookType="2" />
<ITEM DLL="ntdll.dll" FNaim="ZwSetInformationFile" FIndx="1124" HookPtr="7C90DC5E" HookType="2" />
<ITEM DLL="ntdll.dll" FNaim="ZwSetValueKey" FIndx="1147" HookPtr="7C90DDCE" HookType="2" />
<ITEM DLL="ntdll.dll" FNaim="ZwTerminateProcess" FIndx="1157" HookPtr="7C90DE6E" HookType="2" />
<ITEM DLL="ntdll.dll" FNaim="ZwWriteFile" FIndx="1175" HookPtr="7C90DF7E" HookType="2" />
<ITEM DLL="ntdll.dll" FNaim="ZwWriteFileGather" FIndx="1176" HookPtr="7C90DF8E" HookType="2" />
<ITEM DLL="ntdll.dll" FNaim="ZwWriteVirtualMemory" FIndx="1178" HookPtr="7C90DFAE" HookType="2" />
</RK_UM>
- <RK_KM>
<ITEM File="C:\WINDOWS\System32\Drivers\aswSnx.SYS" FNaim="NtAddBootEntry" FIndx="9" HookPtr="A9466374" HookType="1" CheckResult="0" Size="442200" Attr="rsAh" CreateDate="19.04.2011 14:16:41" ChageDate="07.09.2011 04:38:06" MD5="CAA846E9C83836BDC3D2D700C678DB65" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\7817888drv.sys" FNaim="NtAdjustPrivilegesToken" FIndx="11" HookPtr="A615B690" HookType="1" />
<ITEM File="C:\WINDOWS\System32\Drivers\aswSP.SYS" FNaim="NtAllocateVirtualMemory" FIndx="17" HookPtr="A94CD2B8" HookType="1" CheckResult="0" Size="320856" Attr="rsAh" CreateDate="03.04.2010 20:33:17" ChageDate="07.09.2011 04:37:54" MD5="748AE7F2D7DA33ADB063FE05704A9969" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\7817888drv.sys" FNaim="NtClose" FIndx="25" HookPtr="A615BF94" HookType="1" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\7817888drv.sys" FNaim="NtConnectPort" FIndx="31" HookPtr="A615CDC8" HookType="1" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\7817888drv.sys" FNaim="NtCreateEvent" FIndx="35" HookPtr="A615D312" HookType="1" />
<ITEM File="C:\WINDOWS\System32\Drivers\aswSnx.SYS" FNaim="NtCreateEventPair" FIndx="36" HookPtr="A94689EE" HookType="1" CheckResult="0" Size="442200" Attr="rsAh" CreateDate="19.04.2011 14:16:41" ChageDate="07.09.2011 04:38:06" MD5="CAA846E9C83836BDC3D2D700C678DB65" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\7817888drv.sys" FNaim="NtCreateFile" FIndx="37" HookPtr="A615C270" HookType="1" />
<ITEM File="C:\WINDOWS\System32\Drivers\aswSnx.SYS" FNaim="NtCreateIoCompletion" FIndx="38" HookPtr="A9468B04" HookType="1" CheckResult="0" Size="442200" Attr="rsAh" CreateDate="19.04.2011 14:16:41" ChageDate="07.09.2011 04:38:06" MD5="CAA846E9C83836BDC3D2D700C678DB65" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\7817888drv.sys" FNaim="NtCreateKey" FIndx="41" HookPtr="A615A500" HookType="1" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\7817888drv.sys" FNaim="NtCreateMutant" FIndx="43" HookPtr="A615D1F8" HookType="1" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\7817888drv.sys" FNaim="NtCreateNamedPipeFile" FIndx="44" HookPtr="A615B27E" HookType="1" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\7817888drv.sys" FNaim="NtCreatePort" FIndx="46" HookPtr="A615D0CC" HookType="1" />
<ITEM File="C:\WINDOWS\system32\Drivers\PCTCore.sys" FNaim="NtCreateProcess" FIndx="47" HookPtr="B9EA5F68" HookType="1" CheckResult="0" Size="239168" Attr="rsAh" CreateDate="24.07.2011 13:16:50" ChageDate="25.11.2010 10:43:00" MD5="6EF125721A9F1F7DBF3229786F7DECD0" />
<ITEM File="C:\WINDOWS\system32\Drivers\PCTCore.sys" FNaim="NtCreateProcessEx" FIndx="48" HookPtr="B9EA6230" HookType="1" CheckResult="0" Size="239168" Attr="rsAh" CreateDate="24.07.2011 13:16:50" ChageDate="25.11.2010 10:43:00" MD5="6EF125721A9F1F7DBF3229786F7DECD0" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\7817888drv.sys" FNaim="NtCreateSection" FIndx="50" HookPtr="A615B426" HookType="1" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\7817888drv.sys" FNaim="NtCreateSemaphore" FIndx="51" HookPtr="A615D432" HookType="1" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\7817888drv.sys" FNaim="NtCreateThread" FIndx="53" HookPtr="A615BC1C" HookType="1" />
<ITEM File="C:\WINDOWS\System32\Drivers\aswSnx.SYS" FNaim="NtCreateTimer" FIndx="54" HookPtr="A9468AB2" HookType="1" CheckResult="0" Size="442200" Attr="rsAh" CreateDate="19.04.2011 14:16:41" ChageDate="07.09.2011 04:38:06" MD5="CAA846E9C83836BDC3D2D700C678DB65" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\7817888drv.sys" FNaim="NtCreateWaitablePort" FIndx="56" HookPtr="A615D162" HookType="1" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\7817888drv.sys" FNaim="NtDebugActiveProcess" FIndx="57" HookPtr="A615EB1A" HookType="1" />
<ITEM File="C:\WINDOWS\System32\Drivers\aswSnx.SYS" FNaim="NtDeleteBootEntry" FIndx="61" HookPtr="A9466398" HookType="1" CheckResult="0" Size="442200" Attr="rsAh" CreateDate="19.04.2011 14:16:41" ChageDate="07.09.2011 04:38:06" MD5="CAA846E9C83836BDC3D2D700C678DB65" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\7817888drv.sys" FNaim="NtDeleteKey" FIndx="63" HookPtr="A615AB0A" HookType="1" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\7817888drv.sys" FNaim="NtDeleteValueKey" FIndx="65" HookPtr="A615AEBE" HookType="1" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\7817888drv.sys" FNaim="NtDeviceIoControlFile" FIndx="66" HookPtr="A615C6F2" HookType="1" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\7817888drv.sys" FNaim="NtDuplicateObject" FIndx="68" HookPtr="A615FD26" HookType="1" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\7817888drv.sys" FNaim="NtEnumerateKey" FIndx="71" HookPtr="A615B00A" HookType="1" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\7817888drv.sys" FNaim="NtEnumerateValueKey" FIndx="73" HookPtr="A615B0A2" HookType="1" />
<ITEM File="C:\WINDOWS\System32\Drivers\aswSP.SYS" FNaim="NtFreeVirtualMemory" FIndx="83" HookPtr="A94CD368" HookType="1" CheckResult="0" Size="320856" Attr="rsAh" CreateDate="03.04.2010 20:33:17" ChageDate="07.09.2011 04:37:54" MD5="748AE7F2D7DA33ADB063FE05704A9969" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\7817888drv.sys" FNaim="NtFsControlFile" FIndx="84" HookPtr="A615C500" HookType="1" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\7817888drv.sys" FNaim="NtLoadDriver" FIndx="97" HookPtr="A615EC0C" HookType="1" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\7817888drv.sys" FNaim="NtLoadKey" FIndx="98" HookPtr="A615A4DC" HookType="1" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\7817888drv.sys" FNaim="NtLoadKey2" FIndx="99" HookPtr="A615A4EE" HookType="1" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\7817888drv.sys" FNaim="NtMapViewOfSection" FIndx="108" HookPtr="A615F374" HookType="1" />
<ITEM File="C:\WINDOWS\System32\Drivers\aswSnx.SYS" FNaim="NtModifyBootEntry" FIndx="109" HookPtr="A94663BC" HookType="1" CheckResult="0" Size="442200" Attr="rsAh" CreateDate="19.04.2011 14:16:41" ChageDate="07.09.2011 04:38:06" MD5="CAA846E9C83836BDC3D2D700C678DB65" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\7817888drv.sys" FNaim="NtNotifyChangeKey" FIndx="111" HookPtr="A615B1CE" HookType="1" />
<ITEM File="C:\WINDOWS\System32\Drivers\aswSnx.SYS" FNaim="NtNotifyChangeMultipleKeys" FIndx="112" HookPtr="A9466E54" HookType="1" CheckResult="0" Size="442200" Attr="rsAh" CreateDate="19.04.2011 14:16:41" ChageDate="07.09.2011 04:38:06" MD5="CAA846E9C83836BDC3D2D700C678DB65" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\7817888drv.sys" FNaim="NtOpenEvent" FIndx="114" HookPtr="A615D3A8" HookType="1" />
<ITEM File="C:\WINDOWS\System32\Drivers\aswSnx.SYS" FNaim="NtOpenEventPair" FIndx="115" HookPtr="A9468A16" HookType="1" CheckResult="0" Size="442200" Attr="rsAh" CreateDate="19.04.2011 14:16:41" ChageDate="07.09.2011 04:38:06" MD5="CAA846E9C83836BDC3D2D700C678DB65" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\7817888drv.sys" FNaim="NtOpenFile" FIndx="116" HookPtr="A615C016" HookType="1" />
<ITEM File="C:\WINDOWS\System32\Drivers\aswSnx.SYS" FNaim="NtOpenIoCompletion" FIndx="117" HookPtr="A9468B2E" HookType="1" CheckResult="0" Size="442200" Attr="rsAh" CreateDate="19.04.2011 14:16:41" ChageDate="07.09.2011 04:38:06" MD5="CAA846E9C83836BDC3D2D700C678DB65" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\7817888drv.sys" FNaim="NtOpenKey" FIndx="119" HookPtr="A615A6C0" HookType="1" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\7817888drv.sys" FNaim="NtOpenMutant" FIndx="120" HookPtr="A615D288" HookType="1" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\7817888drv.sys" FNaim="NtOpenProcess" FIndx="122" HookPtr="A615B8CC" HookType="1" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\7817888drv.sys" FNaim="NtOpenSection" FIndx="125" HookPtr="A615F10E" HookType="1" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\7817888drv.sys" FNaim="NtOpenSemaphore" FIndx="126" HookPtr="A615D4C8" HookType="1" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\7817888drv.sys" FNaim="NtOpenThread" FIndx="128" HookPtr="A615B7BE" HookType="1" />
<ITEM File="C:\WINDOWS\System32\Drivers\aswSnx.SYS" FNaim="NtOpenTimer" FIndx="131" HookPtr="A9468ADC" HookType="1" CheckResult="0" Size="442200" Attr="rsAh" CreateDate="19.04.2011 14:16:41" ChageDate="07.09.2011 04:38:06" MD5="CAA846E9C83836BDC3D2D700C678DB65" />
<ITEM File="C:\WINDOWS\System32\Drivers\aswSP.SYS" FNaim="NtProtectVirtualMemory" FIndx="137" HookPtr="A94CD400" HookType="1" CheckResult="0" Size="320856" Attr="rsAh" CreateDate="03.04.2010 20:33:17" ChageDate="07.09.2011 04:37:54" MD5="748AE7F2D7DA33ADB063FE05704A9969" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\7817888drv.sys" FNaim="NtQueryKey" FIndx="160" HookPtr="A615B13A" HookType="1" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\7817888drv.sys" FNaim="NtQueryMultipleValueKey" FIndx="161" HookPtr="A615AD72" HookType="1" />
<ITEM File="C:\WINDOWS\System32\Drivers\aswSnx.SYS" FNaim="NtQueryObject" FIndx="163" HookPtr="A9466D1A" HookType="1" CheckResult="0" Size="442200" Attr="rsAh" CreateDate="19.04.2011 14:16:41" ChageDate="07.09.2011 04:38:06" MD5="CAA846E9C83836BDC3D2D700C678DB65" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\7817888drv.sys" FNaim="NtQuerySection" FIndx="167" HookPtr="A615F6AE" HookType="1" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\7817888drv.sys" FNaim="NtQueryValueKey" FIndx="177" HookPtr="A615A99C" HookType="1" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\7817888drv.sys" FNaim="NtQueueApcThread" FIndx="180" HookPtr="A615EFA0" HookType="1" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\7817888drv.sys" FNaim="NtRenameKey" FIndx="192" HookPtr="A615AC2C" HookType="1" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\7817888drv.sys" FNaim="NtReplaceKey" FIndx="193" HookPtr="A6159F16" HookType="1" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\7817888drv.sys" FNaim="NtReplyPort" FIndx="194" HookPtr="A615D82C" HookType="1" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\7817888drv.sys" FNaim="NtReplyWaitReceivePort" FIndx="195" HookPtr="A615D6F2" HookType="1" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\7817888drv.sys" FNaim="NtRequestWaitReplyPort" FIndx="200" HookPtr="A615E8B4" HookType="1" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\7817888drv.sys" FNaim="NtRestoreKey" FIndx="204" HookPtr="A615A28E" HookType="1" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\7817888drv.sys" FNaim="NtResumeThread" FIndx="206" HookPtr="A615FBC8" HookType="1" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\7817888drv.sys" FNaim="NtSaveKey" FIndx="207" HookPtr="A6159EAE" HookType="1" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\7817888drv.sys" FNaim="NtSecureConnectPort" FIndx="210" HookPtr="A615CB0E" HookType="1" />
<ITEM File="C:\WINDOWS\System32\Drivers\aswSnx.SYS" FNaim="NtSetBootEntryOrder" FIndx="211" HookPtr="A94663E0" HookType="1" CheckResult="0" Size="442200" Attr="rsAh" CreateDate="19.04.2011 14:16:41" ChageDate="07.09.2011 04:38:06

Attached Files


#3 Fredburst

Fredburst

    New Member

  • Members
  • Pip
  • 3 posts

Posted 13 November 2011 - 11:32 PM

This is the Gamer log file.

GMER 1.0.15.15641 - http://www.gmer.net
Autostart scan 2011-11-14 12:30:52
Windows 5.1.2600 Service Pack 3


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@BootExecute = autocheck autochk /r \??\F: autocheck autochk * /*file not found*/

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon >>>
@UserinitC:\WINDOWS\SYSTEM32\Userinit.exe, = C:\WINDOWS\SYSTEM32\Userinit.exe,
@Taskman /*file not found*/ = /*file not found*/

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>>
!SASWinLogon@DLLName = C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
dimsntfy@DLLName = %SystemRoot%\System32\dimsntfy.dll
igfxcui@DLLName = igfxdev.dll
WgaLogon@DLLName = WgaLogon.dll

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
AddFiltr@ = "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe"
avast! Antivirus@ = "C:\Program Files\Alwil Software\Avast5\AvastSvc.exe"
clr_optimization_v4.0.30319_32@ = C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
gupdate@ = C:\Program Files\Google\Update\GoogleUpdate.exe /svc /*file not found*/
hpqwmiex@ = C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
JavaQuickStarterService@ = "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
McAfeeFramework@ = "C:\Program Files\Network Associates\Common Framework\FrameworkService.exe" /ServiceStart
ScsiPort@ = %SystemRoot%\system32\drivers\scsiport.sys
sdAuxService@ = C:\Program Files\PC Tools Security\pctsAuxs.exe
sdCoreService@ = C:\Program Files\PC Tools Security\pctsSvc.exe
UI Assistant Service@ = C:\Program Files\Smart Bro\AssistantServices.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@QlbCtrl%ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start /*file not found*/ = %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start /*file not found*/
@IgfxTrayC:\WINDOWS\system32\igfxtray.exe = C:\WINDOWS\system32\igfxtray.exe
@HotKeysCmdsC:\WINDOWS\system32\hkcmd.exe = C:\WINDOWS\system32\hkcmd.exe
@RemoteControl"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" = "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
@QuickTime Task"C:\Program Files\QuickTime\QTTask.exe" -atboottime = "C:\Program Files\QuickTime\QTTask.exe" -atboottime
@snpstd3C:\WINDOWS\vsnpstd3.exe = C:\WINDOWS\vsnpstd3.exe
@4shared Update"C:\Program Files\4shared Desktop\checkUpdate.exe" = "C:\Program Files\4shared Desktop\checkUpdate.exe"
@avast"C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui = "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
@ISTray"C:\Program Files\PC Tools Security\pctsGui.exe" /hideGUI = "C:\Program Files\PC Tools Security\pctsGui.exe" /hideGUI
@PersistenceC:\WINDOWS\system32\igfxpers.exe = C:\WINDOWS\system32\igfxpers.exe
@UIExec"C:\Program Files\SMART BRO\UIExec.exe" = "C:\Program Files\SMART BRO\UIExec.exe"
@SunJavaUpdateSched"C:\Program Files\Common Files\Java\Java Update\jusched.exe" = "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@ctfmon.exeC:\WINDOWS\system32\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
@SpybotSD TeaTimerC:\Program Files\Spybot - Search & Destroy\TeaTimer.exe = C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
@cdloader"C:\Documents and Settings\Montenegro\Application Data\mjusbsp\cdloader2.exe" MAGICJACK = "C:\Documents and Settings\Montenegro\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
@Google Update"C:\Documents and Settings\Montenegro\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c = "C:\Documents and Settings\Montenegro\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
@Skype"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized = "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
@SUPERAntiSpywareC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe = C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
@uTorrent"C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED = "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad@WPDShServiceObj = C:\WINDOWS\system32\WPDShServiceObj.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks@{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} =

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Display Panning CPL Extension*/(null) =
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/C:\WINDOWS\system32\twext.dll = C:\WINDOWS\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/C:\WINDOWS\system32\twext.dll = C:\WINDOWS\system32\twext.dll
@{30D02401-6A81-11d0-8274-00C04FD5AE38} /*IE Search Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3028902F-6374-48b2-8DC6-9725E775B926} /*IE AutoComplete*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} /*Shell DocObject Viewer*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FBF23B40-E3F0-101B-8488-00AA003E56F8} /*InternetShortcut*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3C374A40-BAE4-11CF-BF7D-00AA006946EE} /*Microsoft Url History Service*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FF393560-C2A7-11CF-BFF4-444553540000} /*History*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7BD29E00-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7BD29E01-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{CFBFAE00-17A6-11D0-99CB-00C04FD64497} /*Microsoft Url Search Hook*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} /*The Internet*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{871C5380-42A0-1069-A2EA-08002B30309D} /*Internet Name Space*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:\WINDOWS\system32\extmgr.dll = C:\WINDOWS\system32\extmgr.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Web Folders*/C:\Program Files\Common Files\Microsoft Shared\Web Folders\MSONSEXT.DLL = C:\Program Files\Common Files\Microsoft Shared\Web Folders\MSONSEXT.DLL
@{2F603045-309F-11CF-9774-0020AFD0CFF6} /*Synaptics Control Panel*/(null) =
@{07C45BB1-4A8C-4642-A1F5-237E7215FF66} /*IE Microsoft BrowserBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{1C1EDB47-CE22-4bbb-B608-77B48F83C823} /*IE Fade Task*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{205D7A97-F16D-4691-86EF-F3075DCCA57D} /*IE Menu Desk Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{43886CD5-6529-41c4-A707-7B3C92C05E68} /*IE Navigation Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{44C76ECD-F7FA-411c-9929-1B77BA77F524} /*IE Menu Site*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{4B78D326-D922-44f9-AF2A-07805C2A3560} /*IE Menu Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6038EF75-ABFC-4e59-AB6F-12D397F6568D} /*IE Microsoft History AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE} /*IE Tracking Shell Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6CF48EF8-44CD-45d2-8832-A16EA016311B} /*IE IShellFolderBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{73CFD649-CD48-4fd8-A272-2070EA56526B} /*IE BandProxy*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8} /*IE MRU AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E} /*IE RSS Feeder Folder*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9D958C62-3954-4b44-8FAB-C4670C1DB4C2} /*IE Microsoft Shell Folder AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{B31C5FAE-961F-415b-BAF0-E697A5178B94} /*IE Microsoft Multiple AutoComplete List Container*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{BC476F4C-D9D7-4100-8D4E-E043F6DEC409} /*Microsoft Browser Architecture*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A} /*IE Shell Rebar BandSite*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{E6EE9AAC-F76B-4947-8260-A9F136138E11} /*IE Shell Band Site Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{F2CF5485-4E02-4f68-819C-B92DE9277049} /*&Links*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E} /*IE Registry Tree Options Utility*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} /*IE User Assist*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FDE7673D-2E19-4145-8376-BBD58C4BC7BA} /*IE Custom MRU AutoCompleted List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} /*Adobe.Acrobat.ContextMenu*/C:\Program Files\Adobe\Acrobat 6.0\Acrobat Elements\ContextMenu.dll = C:\Program Files\Adobe\Acrobat 6.0\Acrobat Elements\ContextMenu.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Program Files\WinRAR\rarext.dll = C:\Program Files\WinRAR\rarext.dll
@{35786D3C-B075-49b9-88DD-029876E11C01} /*Portable Devices*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} /*Portable Devices Menu*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} /*Microsoft Office Metadata Handler*/C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
@{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} /*Microsoft Office Thumbnail Handler*/C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
@{7CDDBD23-1B50-47b2-B28D-1B84D9A40ED1} /*Sony Digital Voice File Shell Extention Module*/IcdShlex.dll = IcdShlex.dll
@{11016101-E366-4D22-BC06-4ADA335C892B} /*IE History and Feeds Shell Data Source for Windows Search*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{8856f961-340a-11d0-a96b-00c04fd705a2} /*Microsoft Web Browser*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{472083B0-C522-11CF-8763-00608CC02F24} /*avast*/C:\Program Files\Alwil Software\Avast5\ashShell.dll = C:\Program Files\Alwil Software\Avast5\ashShell.dll
@{EBDF1F20-C829-11D1-8233-0020AF3E97A9} /*4shared_Desktop*/C:\PROGRA~1\4SHARE~1\CMenu.dll = C:\PROGRA~1\4SHARE~1\CMenu.dll
@{1B96FAD8-1C10-416E-8027-6EFF94045F6F} /*Foxit PDF Preview Provider (XP)*/(null) =
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Program Files\Microsoft Office\Office12\msohevi.dll = C:\Program Files\Microsoft Office\Office12\msohevi.dll
@{E0D79305-84BE-11CE-9641-444553540000} /*WinZip*/C:\Program Files\WinZip\wzshlstb.dll = C:\Program Files\WinZip\wzshlstb.dll
@{E0D79306-84BE-11CE-9641-444553540000} /*WinZip*/C:\Program Files\WinZip\wzshlstb.dll = C:\Program Files\WinZip\wzshlstb.dll
@{E0D79304-84BE-11CE-9641-444553540000} /*WinZip*/C:\Program Files\WinZip\wzshlstb.dll = C:\Program Files\WinZip\wzshlstb.dll
@{E0D79307-84BE-11CE-9641-444553540000} /*WinZip*/C:\Program Files\WinZip\wzshlstb.dll = C:\Program Files\WinZip\wzshlstb.dll
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Outlook Custom Icon Handler*/C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL = C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL
@{e82a2d71-5b2f-43a0-97b8-81be15854de8} /*ShellLink for Application References*/C:\WINDOWS\system32\dfshim.dll = C:\WINDOWS\system32\dfshim.dll
@{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} /*Shell Icon Handler for Application References*/C:\WINDOWS\system32\dfshim.dll = C:\WINDOWS\system32\dfshim.dll

HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved@{BDEADF00-C265-11d0-BCED-00A0C90AB50F} /*Web Folders*/ = C:\Program Files\Common Files\Microsoft Shared\Web Folders\MSONSEXT.DLL

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
4shared_Desktop@{EBDF1F20-C829-11D1-8233-0020AF3E97A9} = C:\PROGRA~1\4SHARE~1\CMenu.dll
Adobe.Acrobat.ContextMenu@{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} = C:\Program Files\Adobe\Acrobat 6.0\Acrobat Elements\ContextMenu.dll
Advanced SystemCare@{7C8D3E6A-13A6-4D8F-BF77-D267D0F9AC21} =
avast@{472083B0-C522-11CF-8763-00608CC02F24} = C:\Program Files\Alwil Software\Avast5\ashShell.dll
LavasoftShellExt@{DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} = C:\Program Files\Lavasoft\Ad-Aware\ShellExt.dll /*file not found*/
MagicISO@{DB85C504-C730-49DD-BEC1-7B39C6103B7A} = C:\Program Files\MagicISO\misosh.dll
SDContextExt@{70F8E90E-353A-47AB-B297-C576345EE693} = C:\Program Files\PC Tools Security\SDContextExt32.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\Program Files\WinZip\wzshlstb.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers@{CA8ACAFA-5FBB-467B-B348-90DD488DE003} = C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
4shared_Desktop@{EBDF1F20-C829-11D1-8233-0020AF3E97A9} = C:\PROGRA~1\4SHARE~1\CMenu.dll
Advanced SystemCare@{7C8D3E6A-13A6-4D8F-BF77-D267D0F9AC21} =
MagicISO@{DB85C504-C730-49DD-BEC1-7B39C6103B7A} = C:\Program Files\MagicISO\misosh.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\Program Files\WinZip\wzshlstb.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers@{CA8ACAFA-5FBB-467B-B348-90DD488DE003} = C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
avast@{472083B0-C522-11CF-8763-00608CC02F24} = C:\Program Files\Alwil Software\Avast5\ashShell.dll
LavasoftShellExt@{DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} = C:\Program Files\Lavasoft\Ad-Aware\ShellExt.dll /*file not found*/
MagicISO@{DB85C504-C730-49DD-BEC1-7B39C6103B7A} = C:\Program Files\MagicISO\misosh.dll
SDContextExt@{70F8E90E-353A-47AB-B297-C576345EE693} = C:\Program Files\PC Tools Security\SDContextExt32.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\Program Files\WinZip\wzshlstb.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{000123B4-9B42-4900-B3F7-F4B073EFC214}C:\Program Files\Orbitdownloader\orbitcth.dll = C:\Program Files\Orbitdownloader\orbitcth.dll
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll = C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
@{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}C:\Documents and Settings\Montenegro\My Documents\tools\bitcometbho.dll = C:\Documents and Settings\Montenegro\My Documents\tools\bitcometbho.dll
@{53707962-6F74-2D53-2644-206D7942484F}C:\PROGRA~1\SPYBOT~1\SDHelper.dll = C:\PROGRA~1\SPYBOT~1\SDHelper.dll
@{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll = C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
@{AE7CD045-E861-484f-8273-0445EE161910}C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll = C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
@{DBC80044-A445-435b-BC74-9C25C1C588A9}C:\Program Files\Java\jre6\bin\jp2ssv.dll = C:\Program Files\Java\jre6\bin\jp2ssv.dll
@{E7E6F031-17CE-4C07-BC86-EABFE594F69C}C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll = C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

HKLM\Software\Microsoft\Internet Explorer\Main@Start Page = http://www.msn.com/

HKCU\Software\Microsoft\Internet Explorer\Main@Start Page = http://www.google.com/

HKLM\Software\Classes\PROTOCOLS\Filter\text/xml@CLSID = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\system32\itss.dll
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-help@CLSID = C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
ms-its@CLSID = C:\WINDOWS\system32\itss.dll
mso-offdap@CLSID = C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll

HKLM\Software\Classes\PROTOCOLS\Handler\wia@CLSID = C:\WINDOWS\system32\wiascr.dll

C:\Documents and Settings\All Users\Start Menu\Programs\Startup >>>
Orbit.lnk = Orbit.lnk
WinZip Quick Pick.lnk = WinZip Quick Pick.lnk
Microsoft Office.lnk = Microsoft Office.lnk

---- EOF - GMER 1.0.15 ----

#4 HelpBot

HelpBot

    Bleepin' Binary Bot

  • Bots
  • PipPipPipPipPipPip
  • 7,073 posts
  • Gender:Male

Posted 18 November 2011 - 10:45 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/427788 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#5 HelpBot

HelpBot

    Bleepin' Binary Bot

  • Bots
  • PipPipPipPipPipPip
  • 7,073 posts
  • Gender:Male

Posted 23 November 2011 - 10:50 PM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!
Back to Virus, Trojan, Spyware, and Malware Removal Logs


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Virus, Trojan, Spyware, and Malware Removal Logs
  4. Privacy Policy
  5. Rules ·